Merge pull request #14 from n3tuk/update-journald-logging

Fix handling of root user `authorized_key` file
n3tuk · Mar 16, 2024 · 82e73b7 · 82e73b7
2 parents 06b24dd + 7a0add7
commit 82e73b7
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 98 deletions.
diff --git a/inventory.yaml b/inventory.yaml
@@ -4,123 +4,34 @@ all:
     services:
       hosts:
         node-01.s.cym-south-1.kub3.uk:
-        vault-01.p.cym-south-1.kub3.uk:
         netdata-01.s.cym-south-1.kub3.uk:
         cache-01.s.cym-south-1.kub3.uk:
+        vault-01.p.cym-south-1.kub3.uk:
 
     production:
       hosts:
         node-[01:06].p.cym-south-1.kub3.uk:
-        boundary-[01:03].p.cym-south-1.kub3.uk:
-        vault-[01:03].p.cym-south-1.kub3.uk:
-        consul-[01:03].p.cym-south-1.kub3.uk:
-        etcd-[01:03].p.cym-south-1.kub3.uk:
-        controller-[01:03].p.cym-south-1.kub3.uk:
-        worker-[01:12].p.cym-south-1.kub3.uk:
-        storage-[01:06].p.cym-south-1.kub3.uk:
         netdata-01.p.cym-south-1.kub3.uk:
+        vault-[01:03].p.cym-south-1.kub3.uk:
 
     development:
       hosts:
         node-01.d.cym-south-1.kub3.uk:
-        boundary-[01:03].d.cym-south-1.kub3.uk:
-        vault-[01:03].d.cym-south-1.kub3.uk:
-        consul-[01:03].d.cym-south-1.kub3.uk:
-        etcd-[01:03].d.cym-south-1.kub3.uk:
-        controller-[01:03].d.cym-south-1.kub3.uk:
-        worker-[01:03].d.cym-south-1.kub3.uk:
-        storage-[01:03].d.cym-south-1.kub3.uk:
         netdata-01.d.cym-south-1.kub3.uk:
+        vault-[01:03].d.cym-south-1.kub3.uk:
 
     virtual:
       children:
-        remote:
         cache:
         netdata:
-        boundary:
         vault:
-        consul:
-        etcd:
-        kubernetes:
 
     physical:
       children:
         nodes:
 
-    kubernetes:
-      children:
-        controllers:
-        agents:
-
-    agents:
-      children:
-        workers:
-        storages:
-
-    bootstrap:
-      children:
-        services:
-        netdata:
-        nodes:
-        boundary:
-        vault:
-        consul:
-        etcd:
-        kubernetes:
-
-    remote:
-      hosts:
-        culhwch.london.n3t.uk:
-        olwen.london.n3t.uk:
-
-    cache:
-      hosts:
-        cache-01.s.cym-south-1.kub3.uk:
-
-    netdata:
-      hosts:
-        netdata-01.p.cym-south-1.kub3.uk:
-        netdata-01.d.cym-south-1.kub3.uk:
-        netdata-01.s.cym-south-1.kub3.uk:
-
-    nodes:
-      hosts:
-        node-[01:06].p.cym-south-1.kub3.uk:
-        node-01.d.cym-south-1.kub3.uk:
-        node-01.s.cym-south-1.kub3.uk:
-
-    boundary:
-      hosts:
-        boundary-[01:03].p.cym-south-1.kub3.uk:
-        boundary-[01:03].d.cym-south-1.kub3.uk:
-
     vault:
       hosts:
         vault-[01:03].p.cym-south-1.kub3.uk:
         vault-[01:03].d.cym-south-1.kub3.uk:
         vault-01.s.cym-south-1.kub3.uk:
-
-    consul:
-      hosts:
-        consul-[01:03].p.cym-south-1.kub3.uk:
-        consul-[01:03].d.cym-south-1.kub3.uk:
-
-    etcd:
-      hosts:
-        etcd-[01:03].p.cym-south-1.kub3.uk:
-        etcd-[01:03].d.cym-south-1.kub3.uk:
-
-    controllers:
-      hosts:
-        controller-[01:03].p.cym-south-1.kub3.uk:
-        controller-[01:03].d.cym-south-1.kub3.uk:
-
-    workers:
-      hosts:
-        worker-[01:18].p.cym-south-1.kub3.uk:
-        worker-[01:03].d.cym-south-1.kub3.uk:
-
-    storages:
-      hosts:
-        storage-[01:06].p.cym-south-1.kub3.uk:
-        storage-[01:03].d.cym-south-1.kub3.uk:
diff --git a/plays/group_vars/physical.yaml b/plays/group_vars/physical.yaml
@@ -124,7 +124,7 @@ systemd_networkd_ethernet_name: enp86s0
 systemd_networkd_access_vlan: 32
 
 systemd_system_watchdog_enabled: true
-systemd_journald_max_size: 200M
+systemd_journald_max_size: 165M
 systemd_timesyncd_fallback_ntp:
   - ntp0.zen.co.uk
   - ntp1.zen.co.uk

diff --git a/plays/group_vars/virtual.yaml b/plays/group_vars/virtual.yaml
@@ -89,4 +89,4 @@ kernels_mkinitcpio_modules:
 systemd_networkd_ethernet_name: enp3s0
 
 systemd_system_watchdog_enabled: true
-systemd_journald_max_size: 200M
+systemd_journald_max_size: 165M
diff --git a/roles/systemd/templates/journald.conf.jinja b/roles/systemd/templates/journald.conf.jinja
@@ -13,13 +13,13 @@ SplitMode=none
 
 # Define the space usage for journald
 SystemMaxUse={{ systemd_journald_max_use }}
-SystemKeepFree=10%
+SystemKeepFree=20%
 
 RuntimeMaxUse=16M
 RuntimeKeepFree=75%
 
 MaxRetentionSec=30day
-MaxFileSec=1day
+MaxFileSec=1hour
 
 ForwardToSyslog=no
 ForwardToKMsg=no

diff --git a/roles/users/tasks/user.yaml b/roles/users/tasks/user.yaml
@@ -34,8 +34,8 @@
 - name: Clear the root user authorized_keys
   # The root user is disabled in SSH, so it cannot be accessed remotely and as
   # such all SSH keys should be deleted to act as a further backup
-  ansible.posix.authorized_key:
-    dest: /root/.ssh/authorized_keys
+  ansible.posix.file:
+    path: /root/.ssh/authorized_keys
     state: absent
   tags:
     - users