Change Details

We configure our servers using Ansible. The fist step is to install Ansible on your personal computer https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html Now you have Ansible installed, we're going to configure a couple of PATHs. Create a directory where you will work from ``` mkdir ~/CommonsCloud/ansible mkdir ~/CommonsCloud/ansible/sensitive ``` Edit ~./ansible.cfg ``` [defaults] inventory = ~/CommonsCloud/ansible/hosts vault_password_file = ~/CommonsCloud/ansible/sensitive/vault_password.txt ``` ##Hosts file This is the file where all the servers are declared and their corresponding parameters Here is an example ``` --- # This is the default ansible 'hosts' file. # # https://github.com/ansible/ansible/blob/devel/examples/hosts.yaml # # - Comments begin with the '#' character # - Blank lines are ignored # - Top level entries are assumed to be groups, start with 'all' to have a full hierarchy # - Hosts must be specified in a group's hosts: # and they must be a key (: terminated) # - groups can have children, hosts and vars keys # - Anything defined under a host is assumed to be a var # - You can enter hostnames or IP addresses # - A hostname/IP can be a member of multiple groups all: vars: ansible_user: <your_ssh_username> ansible_port: <ssh port (22 defaults)> hosts: cc-03.commonscloud.coop: ansilbe_host: <public_ip> children: Commonscloud: vars: ldap_provider: ldaps://<ldap FQDN>:636/ ldap_replicator_dn: cn=replicator,dc=commonscloud,dc=coop hosts: # core cc-00.commonscloud.coop: ansible_host: <public_ip> cc-01.commonscloud.coop: ansible_host: <public_ip> # test cc-10.commonscloud.coop: ansible_host: <public_ip> # production cc-20.commonscloud.coop: ansible_host: <public_ip> cc-21.commonscloud.coop: ansible_host: <public_ip> cc-23.commonscloud.coop: ansible_host: <public_ip> backup_dirs: - /var/www/ - /var/backups/mysql Nextcloud: vars: ldap_basegroups: ou=collectives,o=femprocomuns,dc=commonscloud,dc=coop hosts: # the config of the nextcloud server to be found at FQDN nextcloud1.commonscloud.coop nextcloud1.commonscloud.coop: ansible_host: <public_ip> ldap_service: cn=nextcloud1,ou=serveis,o=femprocomuns,dc=commonscloud,dc=coop nextcloud_theme_name: "CommonsCloud" nextcloud_theme_color: E63900 ``` ##~/CommonsCloud/ansible/sensitive We save sensitive data like passwords, passphrases, ssh (public) keys, usernames, etc, in this directory organized into some subdirectories. ``` mkdir ~/CommonsCloud/ansible/sensitive/borg_passphrase mkdir -p ~/CommonsCloud/ansible/sensitive/keys/servers/ ``` We can encrypt a file that contains service passwords and other data using a password. Make a password and save it. ``` openssl rand -hex 32 > ~/CommonsCloud/ansible/sensitive/vault_password.txt ``` Create an encrypted file with some parameters we'll need later. Change the data to fit. ``` ansible-vault create secret_vars.yml ``` secret_vars.yml content ``` --- postfix_sasl_password: a_secret backup_server: FQDN of your backup server ldap_replicator_password: xxxxxxxxxxx ```

We configure our servers using Ansible. The fist step is to install Ansible on your personal computer https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html Now you have Ansible installed, we're going to configure a couple of PATHs. Create a directory where you will work from ``` mkdir ~/CommonsCloud/ansible mkdir ~/CommonsCloud/ansible/sensitive ``` Edit ~./ansible.cfg ``` [defaults] inventory = ~/CommonsCloud/ansible/hosts vault_password_file = ~/CommonsCloud/ansible/sensitive/vault_password.txt ``` ##Hosts file ~/CommonsCloud/ansible/hosts This is the file where all the servers are declared and their corresponding parameters Here is an example ``` --- # This is the default ansible 'hosts' file. # # https://github.com/ansible/ansible/blob/devel/examples/hosts.yaml # # - Comments begin with the '#' character # - Blank lines are ignored # - Top level entries are assumed to be groups, start with 'all' to have a full hierarchy # - Hosts must be specified in a group's hosts: # and they must be a key (: terminated) # - groups can have children, hosts and vars keys # - Anything defined under a host is assumed to be a var # - You can enter hostnames or IP addresses # - A hostname/IP can be a member of multiple groups all: vars: ansible_user: <your_ssh_username> ansible_port: <ssh port (22 defaults)> hosts: cc-03.commonscloud.coop: ansilbe_host: <public_ip> children: Commonscloud: vars: ldap_provider: ldaps://<ldap FQDN>:636/ ldap_replicator_dn: cn=replicator,dc=commonscloud,dc=coop hosts: # core cc-00.commonscloud.coop: ansible_host: <public_ip> cc-01.commonscloud.coop: ansible_host: <public_ip> # test cc-10.commonscloud.coop: ansible_host: <public_ip> # production cc-20.commonscloud.coop: ansible_host: <public_ip> cc-21.commonscloud.coop: ansible_host: <public_ip> cc-23.commonscloud.coop: ansible_host: <public_ip> backup_dirs: - /var/www/ - /var/backups/mysql Nextcloud: vars: ldap_basegroups: ou=collectives,o=femprocomuns,dc=commonscloud,dc=coop hosts: # the config of the nextcloud server to be found at FQDN nextcloud1.commonscloud.coop nextcloud1.commonscloud.coop: ansible_host: <public_ip> ldap_service: cn=nextcloud1,ou=serveis,o=femprocomuns,dc=commonscloud,dc=coop nextcloud_theme_name: "CommonsCloud" nextcloud_theme_color: E63900 ``` ##~/CommonsCloud/ansible/sensitive We save sensitive data like passwords, passphrases, ssh (public) keys, usernames, etc, in this directory organized into some subdirectories. ``` mkdir ~/CommonsCloud/ansible/sensitive/borg_passphrase mkdir -p ~/CommonsCloud/ansible/sensitive/keys/servers/ ``` We can encrypt a file that contains service passwords and other data using a password. Make a password and save it. ``` openssl rand -hex 32 > ~/CommonsCloud/ansible/sensitive/vault_password.txt ``` Create an encrypted file with some parameters we'll need later. Change the data to fit. ``` ansible-vault create secret_vars.yml ``` secret_vars.yml content ``` --- postfix_sasl_password: a_secret backup_server: FQDN of your backup server ldap_replicator_password: xxxxxxxxxxx ```

We configure our servers using Ansible. The fist step is to install Ansible on your personal computer https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html Now you have Ansible installed, we're going to configure a couple of PATHs. Create a directory where you will work from ``` mkdir ~/CommonsCloud/ansible mkdir ~/CommonsCloud/ansible/sensitive ``` Edit ~./ansible.cfg ``` [defaults] inventory = ~/CommonsCloud/ansible/hosts vault_password_file = ~/CommonsCloud/ansible/sensitive/vault_password.txt ``` ##Hosts file ~/CommonsCloud/ansible/hosts This is the file where all the servers are declared and their corresponding parameters Here is an example ``` --- # This is the default ansible 'hosts' file. # # https://github.com/ansible/ansible/blob/devel/examples/hosts.yaml # # - Comments begin with the '#' character # - Blank lines are ignored # - Top level entries are assumed to be groups, start with 'all' to have a full hierarchy # - Hosts must be specified in a group's hosts: # and they must be a key (: terminated) # - groups can have children, hosts and vars keys # - Anything defined under a host is assumed to be a var # - You can enter hostnames or IP addresses # - A hostname/IP can be a member of multiple groups all: vars: ansible_user: <your_ssh_username> ansible_port: <ssh port (22 defaults)> hosts: cc-03.commonscloud.coop: ansilbe_host: <public_ip> children: Commonscloud: vars: ldap_provider: ldaps://<ldap FQDN>:636/ ldap_replicator_dn: cn=replicator,dc=commonscloud,dc=coop hosts: # core cc-00.commonscloud.coop: ansible_host: <public_ip> cc-01.commonscloud.coop: ansible_host: <public_ip> # test cc-10.commonscloud.coop: ansible_host: <public_ip> # production cc-20.commonscloud.coop: ansible_host: <public_ip> cc-21.commonscloud.coop: ansible_host: <public_ip> cc-23.commonscloud.coop: ansible_host: <public_ip> backup_dirs: - /var/www/ - /var/backups/mysql Nextcloud: vars: ldap_basegroups: ou=collectives,o=femprocomuns,dc=commonscloud,dc=coop hosts: # the config of the nextcloud server to be found at FQDN nextcloud1.commonscloud.coop nextcloud1.commonscloud.coop: ansible_host: <public_ip> ldap_service: cn=nextcloud1,ou=serveis,o=femprocomuns,dc=commonscloud,dc=coop nextcloud_theme_name: "CommonsCloud" nextcloud_theme_color: E63900 ``` ##~/CommonsCloud/ansible/sensitive We save sensitive data like passwords, passphrases, ssh (public) keys, usernames, etc, in this directory organized into some subdirectories. ``` mkdir ~/CommonsCloud/ansible/sensitive/borg_passphrase mkdir -p ~/CommonsCloud/ansible/sensitive/keys/servers/ ``` We can encrypt a file that contains service passwords and other data using a password. Make a password and save it. ``` openssl rand -hex 32 > ~/CommonsCloud/ansible/sensitive/vault_password.txt ``` Create an encrypted file with some parameters we'll need later. Change the data to fit. ``` ansible-vault create secret_vars.yml ``` secret_vars.yml content ``` --- postfix_sasl_password: a_secret backup_server: FQDN of your backup server ldap_replicator_password: xxxxxxxxxxx ```