Page MenuIniciProjectes

Ansible
Actualitzat 1,436 Day(s) AgoPúblic

Version 1 of 10: You are viewing an older version of this document, as it appeared on Oct 22 2018, 22:11.

We configure our servers using Ansible. The fist step is to install Ansible on your personal computer
https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html

Now you have Ansible installed, we're going to configure a couple of PATHs.

Create a directory where you will work from

mkdir ~/CommonsCloud/ansible
mkdir ~/CommonsCloud/ansible/sensitive

Edit ~./ansible.cfg

[defaults]

inventory = ~/CommonsCloud/ansible/hosts
vault_password_file = ~/CommonsCloud/ansible/sensitive/vault_password.txt

Hosts file ~/CommonsCloud/ansible/hosts

This is the file where all the servers are declared and their corresponding parameters

Here is an example

---
# This is the default ansible 'hosts' file.
#
# https://github.com/ansible/ansible/blob/devel/examples/hosts.yaml
#
#   - Comments begin with the '#' character
#   - Blank lines are ignored
#   - Top level entries are assumed to be groups, start with 'all' to have a full hierarchy
#   - Hosts must be specified in a group's hosts:
#     and they must be a key (: terminated)
#   - groups can have children, hosts and vars keys
#   - Anything defined under a host is assumed to be a var
#   - You can enter hostnames or IP addresses
#   - A hostname/IP can be a member of multiple groups

all:
  vars:
    ansible_user: <your_ssh_username>
    ansible_port: <ssh port (22 defaults)>

  hosts:
    cc-03.commonscloud.coop: 
      ansilbe_host: <public_ip>
  
  children:
    Commonscloud:
      vars:
        ldap_provider: ldaps://<ldap FQDN>:636/
        ldap_replicator_dn: cn=replicator,dc=commonscloud,dc=coop

      hosts:
        # core
        cc-00.commonscloud.coop:
          ansible_host: <public_ip>
        cc-01.commonscloud.coop:
          ansible_host: <public_ip>
          
        # test
        cc-10.commonscloud.coop:
          ansible_host: <public_ip>
          
        # production
        cc-20.commonscloud.coop:
          ansible_host: <public_ip>
        cc-21.commonscloud.coop:
          ansible_host: <public_ip>
        cc-23.commonscloud.coop:
          ansible_host: <public_ip>
          backup_dirs:
            - /var/www/
            - /var/backups/mysql
                       
    Nextcloud:
      vars:
        ldap_basegroups: ou=collectives,o=femprocomuns,dc=commonscloud,dc=coop

      hosts:
        # the config of the nextcloud server to be found at FQDN nextcloud1.commonscloud.coop
        nextcloud1.commonscloud.coop:
          ansible_host: <public_ip>
          ldap_service: cn=nextcloud1,ou=serveis,o=femprocomuns,dc=commonscloud,dc=coop
          nextcloud_theme_name: "CommonsCloud"
          nextcloud_theme_color: E63900

~/CommonsCloud/ansible/sensitive

We save sensitive data like passwords, passphrases, ssh (public) keys, usernames, etc, in this directory organized into some subdirectories.

mkdir ~/CommonsCloud/ansible/sensitive/borg_passphrase
mkdir -p ~/CommonsCloud/ansible/sensitive/keys/servers/

We can encrypt a file that contains service passwords and other data using a password.
Make a password and save it.

openssl rand -hex 32 > ~/CommonsCloud/ansible/sensitive/vault_password.txt

Create an encrypted file with some parameters we'll need later. Change the data to fit.

ansible-vault create ~/CommonsCloud/ansible/sensitive/secret_vars.yml

secret_vars.yml content

---
postfix_sasl_password: a_secret
backup_server: FQDN of your backup server
ldap_replicator_password: xxxxxxxxxxx

Clone playbooks

Now we clone the playbooks from our repo.

Últim autor
chris
Last Edited
Oct 22 2018, 22:11

Event Timeline

chris ha canviat el títol de Ansible a Install and configure Ansible.Oct 22 2018, 22:14
chris ha editat el contingut d'aquest document. (Show Details)Oct 22 2018, 22:36
chris ha editat el contingut d'aquest document. (Show Details)Oct 22 2018, 22:52
chris ha editat el contingut d'aquest document. (Show Details)Oct 22 2018, 22:57
chris ha editat el contingut d'aquest document. (Show Details)Oct 22 2018, 23:25
chris ha editat el contingut d'aquest document. (Show Details)Oct 22 2018, 23:43
chris ha editat el contingut d'aquest document. (Show Details)Oct 23 2018, 08:50
chris changed the visibility from "All Users" to "Public (No Login Required)".Dec 5 2018, 11:31
joseplluisat ha canviat el títol de Install and configure Ansible a 1-Install and configure Ansible.Nov 26 2019, 18:02