Move all variables from the vault to the inventory

doc/vm_support.md

@@ -14,23 +14,22 @@ VMs based on Qemu/KVM in school network.
   Repository with ansible-playbook for seedbox install: https://codeberg.org/digitalsouveraeneschule/...
 * `seedbox`-hostname must be resolvable via DNS
 
-## Activation / Default
+## Configuration / Variables
-
-### To enable VM support:
-
-```
-vm_support: true
-```
-
-Default: `vm_support: false
-
-### Torrent Server
-```
-vm_torrent_srv: "myseedbox.linuxmuster.net"
-```
-
-Default: `vm_torrent_srv: "seedbox.{{ domain }}"`
 
+  * **vm_support**
+    This flag indicates whether to activate VM support.
+    Type: *Boolean*
+    Values:
+    * `false` <-- (default)
+    * `true`
+  * **vm_torrent_serv**
+    Name of the torrent server.
+    Type: *String*
+    Default: `vm_torrent_serv: "seedbox.{{ domain }}"`
+  * **vm_uploadseed_pwd**
+    Password for upload-seed. Used for image upload to torrent-server.
+    Type: *String*
+    Default: `secret = "token:topsecret"`
 
 ## Example
 
@@ -41,5 +40,5 @@ inventory.yml
 all:
   vars:
     vm_support: true
-    vm_torrent_srv: "myseedbox.linuxmuster.net" # default: seedbox.{{ domain }}
+    vm_torrent_serv: "myseedbox.linuxmuster.net" # default: seedbox.{{ domain }}
 ```

lmn-client.yml

@@ -45,31 +45,6 @@
         value: true
         vtype: boolean
 
-  vars_files: lmn-vault
-  vars:
-    domain: "{{ ansible_domain }}"
-    apt_conf: "{{ vault_apt_conf }}"  ## Acquire::http::Proxy "http://aptcache.example.org:3142/";
-    ntp_serv: "{{ vault_ntp_serv }}"  ## ntp.example.org
-    nfs_server: "{{ vault_nfs_server }}"  ## nfs.example.org
-    proxy: "{{ vault_proxy }}"        ## http://firewall.example.org:3128
-    no_proxy: "{{ vault_no_proxy }}"  ## firewall.example.org,server.example.org,idam.example.org,dw.example.org
-    printservers: "{{ vault_printservers }}" ## ['10.0.0.1', '10.0.0.15']
-
-    ## PAM mount nextcloud, remove or leave empty to skip:
-    web_dav: "{{ vault_web_dav }}"    ## https://nc.example.org/remote.php/dav/files/%(USER)
-
-    ## Local mirror for mscorefonts. Remove or leave empty to use no mirror:
-    mirror_msfonts: "{{ vault_mirror_msfonts }}" ## http://livebox.example.org/mscorefonts/
-
-    ## Local mirror for libdvdcss. Remove or leave empty to use no mirror:
-    mirror_dvdcss: "{{ vault_mirror_dvdcss }}"   ## http://livebox.example.org/libdvdcss/
-
-    uploadseed_pwd: "{{ vault_uploadseed_pwd }}"
-    keys2deploy: "{{ vault_keys2deploy }}" ## ['ssh-ed25519 AAAAC…uYlnS0', 'ssh-ed25519 AAAA…KTM']
-
-    ## Use grub-mkpasswd-pbkdf2 to calculate the password hash:
-    grub_pwd: "{{ vault_grub_pwd }}"
-
   roles:
     - lmn_network
     - role: up2date_debian

roles/lmn_misc/defaults/main.yml

@@ -3,6 +3,6 @@ misc_avoid_suspend: true
 misc_pwroff: true
 misc_pwroff_idle: true
 misc_pxe_first: false
-misc_reporter: false
+misc_reporter_serv: ""
 misc_clonescreen: false
 misc_clonescreen_mode: "1920x1080@60"

roles/lmn_misc/tasks/main.yml

@@ -162,10 +162,11 @@
 # Install reporter
 
 - name: Copy reporter
-  ansible.builtin.copy:
+  ansible.builtin.template:
-    src: reporter
+    src: reporter.j2
     dest: /usr/local/sbin/
     mode: '0755'
+  when: misc_reporter_serv | length > 0
 
 - name: Provide services and timers for reporter
   ansible.builtin.copy:
@@ -175,13 +176,13 @@
   loop:
     - reporter.service
     - reporter.timer
-  when: misc_reporter
+  when: misc_reporter_serv | length > 0
 
 - name: Enable reporter.timer
   ansible.builtin.systemd:
     name: reporter.timer
     enabled: true
-  when: misc_reporter
+  when: misc_reporter_serv | length > 0
 
 # Prepare CloneScreen on Presenter PCs
 

roles/lmn_misc/templates/reporter.j2

@@ -0,0 +1,33 @@
+#!/usr/bin/bash
+#
+# Send stdout of some commands to monitoring server.
+# Collect the reports with 'nc -u -k -l 1234' on 'sendto'.
+# Use /bin/nc.openbsd, /bin/nc.traditional seems not to work.
+#
+set -eu
+
+sendto="{{ misc_reporter_serv }} 1234"
+n=0
+
+cmds=(
+    'uname -a'
+    'tail -1 /var/local/ansible-stamps'
+    'ip route list default'
+    'ip link show | \
+       sed -nE -e "s/^[2-9]: (\S+): .+/\1/p" -e "s/.+ether ([0-9a-f:]+) .+/\1/p" | \
+       paste - -'
+)
+#    'w'
+#    'uptime'
+#    'ls -d --full-time /home/ansible/.ansible/tmp/'
+#    'ip addr show'
+#    'apt list --upgradeable -o Apt::Cmd::Disable-Script-Warning=true'
+
+r="$HOSTNAME ------- $(date --rfc-3339=seconds) -------
+$(for c in "${cmds[@]}" ; do
+      n=$(( n + 1 ))
+      echo -n "$n"
+      eval "$c" | sed 's/^/\t/'
+done | sed "s/^/$HOSTNAME /")
+## -------------------------------------------------"
+echo "$r" | nc -w 1 -u $sendto

roles/lmn_vm/defaults/main.yml

@@ -1,3 +1,4 @@
 ---
 vm_support: false
-vm_torrent_srv: "seedbox.{{ domain }}"
+vm_torrent_serv: "seedbox.{{ domain }}"
+vm_uploadseed_pwd: secret = "token:topsecret"

roles/lmn_vm/tasks/main.yml

@@ -169,7 +169,7 @@
     group: lmnsynci
     mode: '0640'
     content: |
-      {{ uploadseed_pwd }}
+      {{ vm_uploadseed_pwd }}
 
 - name: Prepare directory for aria2 dht.dat
   ansible.builtin.file:

roles/lmn_vm/templates/vm.conf.j2

@@ -1,6 +1,6 @@
 # variables for LMN VM submodule
 
-SEEDBOX_HOST="{{ vm_torrent_srv }}"
+SEEDBOX_HOST="{{ vm_torrent_serv }}"
 SEEDBOX_PORT=6789
 SEEDBOX_RPC_PORT=6800
 SEEDBOX_PWFILE="/etc/lmn/uploadseed.conf"