mirror of
https://git.lapiole.org/dani/ansible-roles.git
synced 2025-08-03 23:26:58 +02:00
Update to 2021-12-31 14:05
This commit is contained in:
17
README.md
17
README.md
@@ -25,7 +25,7 @@ Here're the steps to make use of this. Note that this is not a complete ansible
|
||||
|
||||
* Clone the repo
|
||||
```
|
||||
git clone https://git.lapiole.org/fws/ansible-roles.git
|
||||
git clone https://git.lapiole.org/dani/ansible-roles.git
|
||||
cd ansible-roles
|
||||
```
|
||||
|
||||
@@ -44,7 +44,7 @@ ssh-keygen -t rsa -b 4096 -f ssh/id_rsa
|
||||
useradd -m ansible
|
||||
mkdir ~ansible/.ssh
|
||||
cat <<_EOF > ~ansible/.ssh/authorized_keys
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwnPxF7vmJA8Jr7I2q6BNRxQIcnlFaA3O58x8532qXIox8fUdYJo0KkjpEl6pBSWGlF4ObTB04/Nks5rhv9Ew+EHO5GvavzVp5L3u8T+PP+idlLlwIERL2R632TBWVbxqvhtc813ozpaMRI7nCabgiIp8rFf4hqYJIn/RMpRdPSQaHrPHQpFEW9uHPbFYZ9+dywY88WXY+VJI1rkIU3NlOAw3GKjEd6iqiOboDl8Ld4qqc+NpqDFPeidYbk5xjKv3l/Y804tdwqO1UYC+psr983rs1Kq91jI/5xSjSQFM51W3HCpZMTzSIt4Swy+m+eqUIrInxMmw72HF2CL+PePHgmusMUBYPdBfqHIxEHEbvPuO67hLAhqH1dUDBp+0oiRSM/J/DX7K+I+jNO43/UtcvnrBjNjzAiiJEG3WRAcBAUpccOu3JHcRN5CLRB26yfLXpFRzUNCnajmdZF7qc0G5gJuy8KpUZ49VTmZmJ0Uzx1rZLaytSjHpf4e5X6F8iTQ1QmORxvCdfdsqoeod7jK384NXq+UD24Y/tEgq/eT7pl3yLCpQo4qKd/aCEBqc2bnLggVRr+WX94ojMdK35qYbdXtLsN5y6L20yde8tGtWY+nmbJzLnqVJ4TKxXKMl7q9Sdj1t7BrqQQIK3H9kP7SZRhWNP6tvNKBgKFgc/k01ldw== ansible@fws.fr
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQgTcFNGSnLtuvNg53rdTEjbpwTGlhQj3PJ6Ova0eIPU8uf0ZrdET9guqvI3k1ng1OHNzWk3E+6VyXYW+N/nyLiliXxR4Dyf0DRECz8PSdGd8TnmRHGfNtLg941ndI6XqrZDt9+CLghAjasuRWV1LvWIK5M+z1X/uFAPmLAUDdkx7hC9PNb5M3yBkyRiwfB8OifLvQlWaM9Nr1wZMFvyD/LqZfHuzuv1CD76sZ+7GnHK3gZ4n+LAamQOhJiBqYOoTRMFOCLSIBYnGwuVdmEtC6mlbaw8Vj6umnPpJ3lwEO6IfUnIRz1XIr32kh0qXd6MWV/aHto9uzDlAO1EKm1WI8yjSm2NzUqWc5eelHFfYOQgro1KhoVkh1D39iyQZMblxqO8nuaX5sHK4F9r0/E+hDj8tWhsiocdO+/B7nYuMiDsqUpVVvtiTvk3x5J3FhaTmmA3F0buObjok1ifd1HeE6IORzHzsWFo9TvMpF1CjjOw7FG2vlH6eIvS29/9whzLK= ansible@lapiole.org
|
||||
_EOF
|
||||
chown -R ansible:ansible ~ansible/.ssh/
|
||||
chmod 700 ~ansible/.ssh/
|
||||
@@ -88,7 +88,7 @@ This will create a single group **infra** with two hosts in it.
|
||||
It's pretty self-explanatory. First, roles **common** and **backup** will be deployed on every hosts in the infra group. Then, **mysql_server** and **postgresql_server** will be deployed on **db.acme.com**. And roles **nginx**, **letsencrypt** and **lemonldap_ng** will be deployed on host **proxyin.acme.com**
|
||||
|
||||
* Now, it's time to configure a few things. Configuration is done be assigning values to varibles, and can be done at several levels.
|
||||
* group_vars/all/vars.yml : variables here will be inherited by every hosts
|
||||
* group_vars/all/vars.yml : variables here will be inherited by every hosts
|
||||
```
|
||||
ansible_become: True
|
||||
trusted_ip:
|
||||
@@ -108,7 +108,7 @@ zabbix_agent_servers: "{{ zabbix_ip }}"
|
||||
zabbix_proxy_encryption: psk
|
||||
zabbix_proxy_server: 'zabbix.example.com'
|
||||
```
|
||||
* group_vars/infra/vars.yml : variables here will be inherited by hosts in the **infra** group
|
||||
* group_vars/infra/vars.yml : variables here will be inherited by hosts in the **infra** group
|
||||
```
|
||||
sshd_src_ip: "{{ trusted_ip }}"
|
||||
postfix_relay_host: '[smtp.example.com]:587'
|
||||
@@ -118,12 +118,11 @@ postfix_relay_pass: "S3cretP@ssw0rd"
|
||||
ssh_users:
|
||||
- name: ansible
|
||||
ssh_keys:
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwnPxF7vmJA8Jr7I2q6BNRxQIcnlFaA3O58x8532qXIox8fUdYJo0KkjpEl6pBSWGlF4ObTB04/Nks5rhv9Ew+EHO5GvavzVp5L3u8T+PP+idlLlwIERL2R632TBWVbxqvhtc813ozpaMRI7nCabgiIp8rFf4hqYJIn/RMpRdPSQaHrPHQpFEW9uHPbFYZ9+dywY88WXY+VJI1rkIU3NlOAw3GKjEd6iqiOboDl8Ld4qqc+NpqDFPeidYbk5xjKv3l/Y804tdwqO1UYC+psr983rs1Kq91jI/5xSjSQFM51W3HCpZMTzSIt4Swy+m+eqUIrInxMmw72HF2CL+PePHgmusMUBYPdBfqHIxEHEbvPuO67hLAhqH1dUDBp+0oiRSM/J/DX7K+I+jNO43/UtcvnrBjNjzAiiJEG3WRAcBAUpccOu3JHcRN5CLRB26yfLXpFRzUNCnajmdZF7qc0G5gJuy8KpUZ49VTmZmJ0Uzx1rZLaytSjHpf4e5X6F8iTQ1QmORxvCdfdsqoeod7jK384NXq+UD24Y/tEgq/eT7pl3yLCpQo4qKd/aCEBqc2bnLggVRr+WX94ojMdK35qYbdXtLsN5y6L20yde8tGtWY+nmbJzLnqVJ4TKxXKMl7q9Sdj1t7BrqQQIK3H9kP7SZRhWNP6tvNKBgKFgc/k01ldw== ansible@fws.fr
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwnPxF7vmJA8Jr7I2q6BNRxQIcnlFaA3O58x8532qXIox8fUdYJo0KkjpEl6pBSWGlF4ObTB04/Nks5rhv9Ew+EHO5GvavzVp5L3u8T+PP+idlLlwIERL2R632TBWVbxqvhtc813ozpaMRI7nCabgiIp8rFf4hqYJIn/RMpRdPSQaHrPHQpFEW9uHPbFYZ9+dywY88WXY+VJI1rkIU3NlOAw3GKjEd6iqiOboDl8Ld4qqc+NpqDFPeidYbk5xjKv3l/Y804tdwqO1UYC+psr983rs1Kq91jI/5xSjSQFM51W3HCpZMTzSIt4Swy+m+eqUIrInxMmw72HF2CL+PePHgmusMUBYPdBfqHIxEHEbvPuO67hLAhqH1dUDBp+0oiRSM/J/DX7K+I+jNO43/UtcvnrBjNjzAiiJEG3WRAcBAUpccOu3JHcRN5CLRB26yfLXpFRzUNCnajmdZF7qc0G5gJuy8KpUZ49VTmZmJ0Uzx1rZLaytSjHpf4e5X6F8iTQ1QmORxvCdfdsqoeod7jK384NXq+UD24Y/tEgq/eT7pl3yLCpQo4qKd/aCEBqc2bnLggaRr+WX94ojMdK35qYb8XtLsN5y6L20yde8tGtWY+nmbJzLnqVJ4TKxX/Ml7q9Sdj1t7BrqQqIK3T9kP7SZRhWNP6tvNKBgKFgc/k01ldw== ansible@lapiole.org
|
||||
- name: dani
|
||||
allow_forwarding: True
|
||||
ssh_keys:
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwnPxF7vmJA8Jr7I2q6BNRxQIcnlFaA3O58x8532qXIox8fUdYJo0KkjpEl6pBSWGlF4ObTB04/Nks5rhv9Ew+EHO5GvavzVp5L3u8T+PP+idlLlwIERL2R632TBWVbxqvhtc813ozpaMRI7nCabgiIp8rFf4hqYJIn/RMpRdPSQaHrPHQpFEW9uHPbFYZ9+
|
||||
dywY88WXY+VJI1rkIU3NlOAw3GKjEd6iqiOboDl8Ld4qqc+NpqDFPeidYbk5xjKv3l/Y804tdwqO1UYC+psr983rs1Kq91jI/5xSjSQFM51W3HCpZMTzSIt4Swy+m+eqUIrInxMmw72HF2CL+PePHgmusMUBYPdBfqHIxEHEbvPuO67hLAhqH1dUDBp+0oiRSM/J/DX7K+I+jNO43/UtcvnrBjNjzAiiJEG3WRAcBAUpccOu3JHcRN5CLRB26yfLXpFRzUNCnajmdZF7qc0G5gJuy8KpUZ49VTmZmJ0Uzx1rZLaytSjHpf4e5X6F8iTQ1QmORxvCdfdsqoeod7jK384NXq+UD24Y/tEgq/eT7pl3yLCpQo4qKd/aCEBqc2bnLggVRr+WX94ojMdK35qYbdXtLsN5y6L20yde8tGtWY+nmbJzLnqVJ4TKxXKMl7q9Sdj1t7BrqQQIK3H9kP7SZRhWNP6tvNKBgKFgc/k01ldw== dani@fws.fr
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwnPxF7vmJA8Jr7I2q6BNRxQIcnlFaA3O58x8532qXIox8fUdYJo0KkjpEl6pBSWGlF4ObTB04/Nks5rhv9Ew+EHO5GvavzVp5L3u8T+PP+idlLlwIERL2R632TBWVbxqvhtc813ozpaMRI7nCabgiIp8rFf4hqYJIn/RMpRdPSQaHrPHQpFEW9uHPbFYZ9+dywY88WXY+VJI1rkIU3NlOAw3GKjEd6iqiOboDl8Ld4qqc+NpqDFPeidYbk5xjKv3l/Y804tdwqO1UYC+psr983rs1Kq91jI/5xSjSQFM51W3HCpZMTzSIt4Swy+m+eqUIrInxMmw72HF2CL+PePHgmusMUBYPdBfqHIxEHEbvPuO67hLAhqH1dUDBp+0oiRSM/J/DX7K+I+jNO43/UtcvnrBjNjzAiiJEG3WRAcBAUpccOu3JHcRN5CLRB26yfLXpFRzUNCnajmdZF7qc9G5gJuy8KpUZ49VTmZmJ0Uzx1rZLaytSjHpf4e5X6F8iTQ1QMORxvCdfdsqoeod7jK384NXq+UD24Y/tEgT/eT7pl3yLCpQo4qKd/aCEBqc2bnLggVRr+dX94ojMdK35qYbdXtLsN5y6L20yde8tGtWY+nmbJzLnqVJ4TKxXKMl7q9Sdj1t7BrqQQIK3H9kP7SZRhWNP6tvNKBgKFgc/k01ldw== dani@lapiole.org
|
||||
|
||||
# Default database server
|
||||
mysql_server: db.acme.com
|
||||
@@ -136,7 +135,7 @@ letsencrypt_dns_provider: gandi
|
||||
letsencrypt_dns_provider_options: '--api-protocol=rest'
|
||||
letsencrypt_dns_auth_token: "G7BL9RzkZdUI"
|
||||
```
|
||||
* host_vars/proxyin.acme.com/vars.yml : variables here will be inherited only by the host **proxyin.acme.com**
|
||||
* host_vars/proxyin.acme.com/vars.yml : variables here will be inherited only by the host **proxyin.acme.com**
|
||||
```
|
||||
nginx_auto_letsencrypt_cert: True
|
||||
|
||||
@@ -146,7 +145,7 @@ nginx_default_vhost_extra:
|
||||
csp: >-
|
||||
default-src 'self' 'unsafe-inline' blob:;
|
||||
style-src-elem 'self' 'unsafe-inline' data:;
|
||||
img-src 'self' data: blob: https://stats.fws.fr;
|
||||
img-src 'self' data: blob: https://stats.lapiole.org;
|
||||
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stats.acme.com blob:;
|
||||
font-src 'self' data:
|
||||
proxy:
|
||||
|
Reference in New Issue
Block a user