Roles in SEAPATH

Owned by Thibault PEYPELUT
Last updated: yesterday at 4:26 am by Mathieu Dupré
2 min read

Warning

This configuration might be deprecated and needs to be reviewed.

Debian role

The scripts and binaries are installed in the /usr/local/bin directory. The override of systemd service are installed in /etc/systemd.

  • Installs python3-setup-ovs (sources here) with its service votp-config_ovs and enables it.

  • Installs vm_manager (sources here).

  • Installs backup-restore (sources here).

  • Installs script to get a console of a virtual machine.

  • Configures vim.

  • Installs a SEAPATH resource agent

  • Configures syslog-ng. If specified, installs certificates, keys and CA.

  • Configures the libvirtd and pacemaker services.

  • Sets the UID and GID to 902 for the SNMP user.

  • Configures SNMP daemon and service. Installs scripts to get back the machine's status.

  • Remove the virtu user if needed.

  • Installs sudo's fragment for the SNMP user.

  • Configures the systemd's journal.

  • Configures an admin user with its group and sudo's fragment.

  • Adds a live-migration user.

  • Adds panicreboot and bridge_nf_call rules to the kernel.

  • Adds br_netfilter and raid6_pq modules to the kernel.

  • Configures AppArmor.

  • Configures the network with systemd.

  • Configures the environment and the hosts.

  • Configures the hddtemp.

  • Configures the package manager.

  • Configures libvirtd.

  • Configures GRUB.

Hypervisor role

  • Enables the docker service.

  • Adds vhost_vsock module to the kernel.

  • Installs the votp-taskset with its service.

  • Adds schedrt rules to the kernel.

  • Adds modules to the kernel specified by sriov_driver.

  • Adds sriov rule to the kernel.

  • Configures GRUB.

  • Configures tuned.

  • Configures systemd.

  • Configures slices of systemd.

  • Configures ovs-vswitchd service.

  • Installs ptp_status with its service.

Debian-hardening role

  • Create ansible and privileged group.

  • Configures parameters of the kernel.

  • Updates the coredump, kexec and binfmt_misc rules to the kernel.

  • Installs sysctl-hardening and network-hardening rules to the kernel.

  • Adds nf_conntrack module to the kernel.

  • Installs random-root-passwd service and enable it.

  • Installs mktmpdir and terminal_idle profile for a shell session.

  • Configures the SSH server.

  • Installs ANSI and ceph-osd-smartctl rules to sudo.

  • Adds users to priviliged groups.

  • Configures sudo to be run only users members of privileged group.

  • Configures login.defs.

  • Configures PAM.

  • Configures securetty.

  • Configures some services specified in hardened_services.

  • Uninstalls useless packages.

  • Disable useless services.

  • Sets a password to GRUB.

  • Installs audit configuration.

Corosync role

  • Regenerates the authentication key.

  • Synchronizes the key between the hosts.

  • Generates the configuration of corosync.