# Ansible Playbooks ## Usage The inventory defines labs, nodes and their group based on function. Playbooks run Roles against node groups. Roles define set of Tasks. ### Install both roles and collections `ansible-galaxy install -r requirements.yml` ## Playbooks Launch playbooks from present folder in order to use [default config file](ansible.cfg). **Site** playbook launches them all. **Bootstrap** is to be run first on new installations. **NameServer** configures a BIND DNS **OPNSense** configure a OPNSense edge node ### Site This playbook recalls all the following playbooks in the stated order. ##### Nodes Basic checks connectivity for **all** ##### Swarms ##### NextCloud Installs Nextcloud AIO using SSE Lab / dockerized / nextcloud-aio Calls role nextcloud_aio, dependent on docker role. - Downloads SSE-Lab Repo - Runs compose up (using ansible plugins) E.g. `ansible-playbook -i inventories/ -l nextrup_copy_test playbooks/nextcloud.yaml` ### Bootstrap ### Creates sudoer user ansible, necessitates of sudoer user. Use `ansible-playbook -i inventories playbooks/bootstrap.yml -l [TARGET_HOST] -e 'ansible_user=[REMOTE_USER]' -K` ### NameServer ### Configures a BIND DNS. Uses collection bodsch.dns. NB DNS configuration comes from variable file. ### OPNSense ### Configures a OPNSense edge node features : - BIND DNS - FIREWALL - Wireguard VPN NB runs locally so python intepreter needs to be specified E.g. `ansible-playbook -i inventories/sifi.yaml playbooks/opnsense.yaml --extra-vars="ansible_python_interpreter=$(which python)" ` ## Inventories ### Main Lab Main lab used for experimenting and development [check](main-lab) ### Externals Management of extra infra nodes [check](non-infra) ### Production Management of production services, beware! Hosts are commented by default ### Sifi Macchine per il gruppo di lavoro Sistemi Fiscali ### Prox1_lab Prox mox laboratory ## TODO * K8s cluster * Ensure micro on operating nodes * Swarm clusters * Enabling * Bind * CEPH storage * Monitoring * Nagios * Swarm 1 * GOD * terraform * ansible * puppetmaster * ...