SSE-Lab/ansible

Ansible Playbooks

Usage

The inventory defines labs, nodes and their group based on function.

Playbooks run Roles against node groups.

Roles define set of Tasks.

Install both roles and collections

ansible-galaxy install -r requirements.yml

Playbooks

Launch playbooks from present folder in order to use default config file.

Site playbook launches them all. Bootstrap is to be run first on new installations. NameServer configures a BIND DNS OPNSense configure a OPNSense edge node

Site

This playbook recalls all the following playbooks in the stated order.

Nodes

Basic checks connectivity for all

Swarms

NextCloud

Installs Nextcloud AIO using SSE Lab / dockerized / nextcloud-aio Calls role nextcloud_aio, dependent on docker role. - Downloads SSE-Lab Repo - Runs compose up (using ansible plugins)

E.g. ansible-playbook -i inventories/ -l nextrup_copy_test playbooks/nextcloud.yaml

Bootstrap

Creates sudoer user ansible, necessitates of sudoer user. Use ansible-playbook -i inventories playbooks/bootstrap.yml -l [TARGET_HOST] -e 'ansible_user=[REMOTE_USER]' -K

NameServer

Configures a BIND DNS. Uses collection bodsch.dns. NB DNS configuration comes from variable file.

OPNSense

Configures a OPNSense edge node features :

• BIND DNS
• FIREWALL
• Wireguard VPN

NB runs locally so python intepreter needs to be specified E.g. ansible-playbook -i inventories/sifi.yaml playbooks/opnsense.yaml --extra-vars="ansible_python_interpreter=$(which python)"

Inventories

Main Lab

Main lab used for experimenting and development check

Externals

Management of extra infra nodes check

Production

Management of production services, beware!

Hosts are commented by default

Sifi

Macchine per il gruppo di lavoro Sistemi Fiscali

Prox1_lab

Prox mox laboratory

TODO

• K8s cluster
• Ensure micro on operating nodes
• Swarm clusters
  • Enabling
    • Bind
    • CEPH storage
  • Monitoring
    • Nagios
  • Swarm 1
• GOD
  • terraform
  • ansible
  • puppetmaster
  • …