Page MenuIniciProjectes

Ansible
Actualitzat 1,437 Day(s) AgoPúblic

Version 1 of 20: You are viewing an older version of this document, as it appeared on Oct 22 2018, 19:04.

We configure our servers using Ansible. The fist step is to install Ansible on your personal computer
https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html

Now you have Ansible installed, we're going to configure a couple of PATHs.

Create a directory where you will work from

mkdir ~/CommonsCloud/ansible
mkdir ~/CommonsCloud/ansible/sensitive

Edit ~./ansible.cfg

[defaults]

inventory = ~/CommonsCloud/ansible/hosts
vault_password_file = ~/CommonsCloud/ansible/sensitive/vault_password.txt

Hosts file

This is the file where all the servers are declared and their corresponding parameters

Here is an example

---
# This is the default ansible 'hosts' file.
#
# https://github.com/ansible/ansible/blob/devel/examples/hosts.yaml
#
#   - Comments begin with the '#' character
#   - Blank lines are ignored
#   - Top level entries are assumed to be groups, start with 'all' to have a full hierarchy
#   - Hosts must be specified in a group's hosts:
#     and they must be a key (: terminated)
#   - groups can have children, hosts and vars keys
#   - Anything defined under a host is assumed to be a var
#   - You can enter hostnames or IP addresses
#   - A hostname/IP can be a member of multiple groups

all:
  vars:
    ansible_user: <your_ssh_username>
    ansible_port: <ssh port (22 defaults)>

  hosts:
    cc-03.commonscloud.coop: 
      ansilbe_host: <public_ip>
  
  children:
    Commonscloud:
      vars:
        ldap_provider: ldaps://<ldap FQDN>:636/
        ldap_replicator_dn: cn=replicator,dc=commonscloud,dc=coop

      hosts:
        # core
        cc-00.commonscloud.coop:
          ansible_host: <public_ip>
        cc-01.commonscloud.coop:
          ansible_host: <public_ip>
          
        # test
        cc-10.commonscloud.coop:
          ansible_host: <public_ip>
          
        # production
        cc-20.commonscloud.coop:
          ansible_host: <public_ip>
        cc-21.commonscloud.coop:
          ansible_host: <public_ip>
        cc-23.commonscloud.coop:
          ansible_host: <public_ip>
          backup_dirs:
            - /var/www/
            - /var/backups/mysql
                       
    Nextcloud:
      vars:
        ldap_basegroups: ou=collectives,o=femprocomuns,dc=commonscloud,dc=coop

      hosts:
        # the config of the nextcloud server to be found at FQDN nextcloud1.commonscloud.coop
        nextcloud1.commonscloud.coop:
          ansible_host: <public_ip>
          ldap_service: cn=nextcloud1,ou=serveis,o=femprocomuns,dc=commonscloud,dc=coop
          nextcloud_theme_name: "CommonsCloud"
          nextcloud_theme_color: E63900

~/CommonsCloud/ansible/sensitive

We save sensitive data like passwords, passphrases, ssh (public) keys, usernames, etc, in this directory organized into some subdirectories.

mkdir ~/CommonsCloud/ansible/sensitive/borg_passphrase
mkdir -p ~/CommonsCloud/ansible/sensitive/keys/servers/

We can encrypt a file that contains service passwords and other data using a password.
Make a password and save it.

openssl rand -hex 32 > ~/CommonsCloud/ansible/sensitive/vault_password.txt

Create an encrypted file with some parameters we'll need later. Change the data to fit.

ansible-vault create secret_vars.yml

secret_vars.yml content

---
postfix_sasl_password: a_secret
backup_server: FQDN of your backup server
ldap_replicator_password: xxxxxxxxxxx
Últim autor
chris
Last Edited
Oct 22 2018, 19:04

Jerarquia del document

Event Timeline

chris ha editat el contingut d'aquest document. (Show Details)
chris ha editat el contingut d'aquest document. (Show Details)
chris ha editat el contingut d'aquest document. (Show Details)Oct 22 2018, 19:08
chris ha editat el contingut d'aquest document. (Show Details)Oct 22 2018, 19:10
chris ha editat el contingut d'aquest document. (Show Details)
chris ha editat el contingut d'aquest document. (Show Details)Oct 22 2018, 22:28
chris ha editat el contingut d'aquest document. (Show Details)Oct 22 2018, 22:51
chris ha editat el contingut d'aquest document. (Show Details)Oct 22 2018, 23:07
chris ha editat el contingut d'aquest document. (Show Details)Oct 22 2018, 23:11
chris ha editat el contingut d'aquest document. (Show Details)Oct 22 2018, 23:19
chris ha editat el contingut d'aquest document. (Show Details)Oct 22 2018, 23:39
chris ha editat el contingut d'aquest document. (Show Details)Oct 22 2018, 23:41
chris ha canviat el títol de Ansible a Deploy with Ansible.Oct 23 2018, 00:10
chris ha canviat el títol de Deploy with Ansible a Deploy servers with Ansible.
chris ha editat el contingut d'aquest document. (Show Details)
chris ha editat el contingut d'aquest document. (Show Details)Oct 23 2018, 00:32
chris changed the visibility from "All Users" to "Public (No Login Required)".Dec 5 2018, 11:30
chris ha editat el contingut d'aquest document. (Show Details)Dec 5 2018, 12:40
joseplluisat ha canviat el títol de Deploy servers with Ansible a 1 - Deploy new servers with Ansible.Nov 26 2019, 18:01
joseplluisat ha editat el contingut d'aquest document. (Show Details)