forked from Netz39_Admin/netz39-infra-ansible
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
2 days ago | |
---|---|---|
files | 3 months ago | |
group_vars | 2 months ago | |
host_vars | 4 days ago | |
roles | 4 weeks ago | |
templates | 2 months ago | |
.editorconfig | 1 year ago | |
.mailmap | 3 months ago | |
.yamllint | 4 months ago | |
README.md | 4 months ago | |
ansible.cfg | 5 months ago | |
configure-grafana.yml | 4 months ago | |
group-all.yml | 4 months ago | |
group-docker_host.yml | 2 months ago | |
group-proxmox.yml | 5 months ago | |
host-beaker.yml | 4 months ago | |
host-hobbes.yml | 4 months ago | |
host-holmium.yml | 4 days ago | |
host-krypton.yml | 3 months ago | |
host-oganesson.yml | 5 months ago | |
host-platon.yml | 2 months ago | |
host-pottwal.yml | 4 days ago | |
host-radon.yml | 3 months ago | |
host-tau.yml | 3 months ago | |
host-unicorn.yml | 3 months ago | |
inventory.yml | 2 months ago | |
main.yml | 3 months ago | |
requirements.yml | 2 months ago | |
setup-ssh.yml | 4 months ago |
README.md
Ansible configuration for the Netz39 infrastructure
This call lists all hosts defined in the inventory:
ansible all --list-hosts
Setup
ansible-galaxy install -r requirements.yml
Setup SSH Access to hosts
LOGUSER=<loguser>
SSH_KEY=<absolute/path/to/ssh/private/key>
ansible-playbook setup-ssh.yml --ask-vault-pass -e "setup_ssh_logname=$LOGUSER" -e "setup_ssh_key=$SSH_KEY"
Edit vault encrypted vars files
ansible-vault edit group_vars/all/vault
Call with
ansible-playbook --ask-vault-pass main.yml
You need to provide a user with sudo rights and the vault password.
Verify Changes
ansible-lint main.yml
ansible-playbook --ask-vault-pass main.yml --check --diff
HTTPS ingress configuration
HTTPS ingress is controlled by the server holmium and forwarded to the configured servers.
To set up a new HTTPS vhost, the following steps need to be taken:
- Select a domain (for internal services we use sub-domains of
.n39.eu
). - Create an external CNAME from this domain to
dyndns.n39.eu
. - Create an internal DNS entry in the Descartes DNS config. This is usually an alias on an existing server.
- Add the entry to the holmium playbook.
- Set up Dehydrated and vhost on the target host, e.g. using
setup_http_site_proxy
.
Do not forget to execute all playbooks with relevant changes.