Debian role

The scripts and binaries are installed in the /usr/local/bin directory. The override of systemd service are installed in /etc/systemd.

  • Installs python3-setup-ovs (sources here) with its service votp-config_ovs and enables it.
  • Installs vm_manager (sources here).
  • Installs backup-restore (sources here).
  • Installs script to get a console of a virtual machine.
  • Configures vim.
  • Installs a SEAPATH resource agent
  • Configures syslog-ng. If specified, installs certificates, keys and CA.
  • Configures the libvirtd and pacemaker services.
  • Sets the UID and GID to 902 for the SNMP user.
  • Configures SNMP daemon and service. Installs scripts to get back the machine's status.
  • Remove the virtu user if needed.
  • Installs sudo's fragment for the SNMP user.
  • Configures the systemd's journal.
  • Configures an admin user with its group and sudo's fragment.
  • Adds a live-migration user.
  • Adds panicreboot and bridge_nf_call rules to the kernel.
  • Adds br_netfilter and raid6_pq modules to the kernel.
  • Configures AppArmor.
  • Configures the network with systemd.
  • Configures the environment and the hosts.
  • Configures the hddtemp.
  • Configures the package manager.
  • Configures libvirtd.
  • Configures GRUB.

Hypervisor role

  • Enables the docker service.
  • Adds vhost_vsock module to the kernel.
  • Installs the votp-taskset with its service.
  • Adds schedrt rules to the kernel.
  • Adds modules to the kernel specified by sriov_driver.
  • Adds sriov rule to the kernel.
  • Configures GRUB.
  • Configures tuned.
  • Configures systemd.
  • Configures slices of systemd.
  • Configures ovs-vswitchd service.
  • Installs ptp_status with its service.

Debian-hardening role

  • Create ansible and privileged group.
  • Configures parameters of the kernel.
  • Updates the coredump, kexec and binfmt_misc rules to the kernel.
  • Installs sysctl-hardening and network-hardening rules to the kernel.
  • Adds nf_conntrack module to the kernel.
  • Installs random-root-passwd service and enable it.
  • Installs mktmpdir and terminal_idle profile for a shell session.
  • Configures the SSH server.
  • Installs ANSI and ceph-osd-smartctl rules to sudo.
  • Adds users to priviliged groups.
  • Configures sudo to be run only users members of privileged group.
  • Configures login.defs.
  • Configures PAM.
  • Configures securetty.
  • Configures some services specified in hardened_services.
  • Uninstalls useless packages.
  • Disable useless services.
  • Sets a password to GRUB.
  • Installs audit configuration.

Corosync role

  • Regenerates the authentication key.
  • Synchronizes the key between the hosts.
  • Generates the configuration of corosync.
  • No labels