101 lines
2.1 KiB
Markdown
101 lines
2.1 KiB
Markdown
# Ansible Playbooks
|
|
|
|
## Usage
|
|
|
|
The inventory defines labs, nodes and their group based on function.
|
|
|
|
Playbooks run Roles against node groups.
|
|
|
|
Roles define set of Tasks.
|
|
|
|
### Install both roles and collections
|
|
`ansible-galaxy install -r requirements.yml`
|
|
|
|
|
|
|
|
## Playbooks
|
|
|
|
Launch playbooks from present folder in order to use [default config file](ansible.cfg).
|
|
|
|
**Site** playbook launches them all.
|
|
**Bootstrap** is to be run first on new installations.
|
|
**NameServer** configures a BIND DNS
|
|
**OPNSense** configure a OPNSense edge node
|
|
|
|
### Site
|
|
This playbook recalls all the following playbooks in the stated order.
|
|
|
|
##### Nodes
|
|
Basic checks connectivity for **all**
|
|
|
|
|
|
##### Swarms
|
|
|
|
##### NextCloud
|
|
Installs Nextcloud AIO using SSE Lab / dockerized / nextcloud-aio
|
|
Calls role nextcloud_aio, dependent on docker role.
|
|
- Downloads SSE-Lab Repo
|
|
- Runs compose up (using ansible plugins)
|
|
|
|
E.g. `ansible-playbook -i inventories/ -l nextrup_copy_test playbooks/nextcloud.yaml`
|
|
|
|
### Bootstrap ###
|
|
Creates sudoer user ansible, necessitates of sudoer user.
|
|
Use `ansible-playbook -i inventories playbooks/bootstrap.yml -l [TARGET_HOST] -e 'ansible_user=[REMOTE_USER]' -K`
|
|
|
|
|
|
### NameServer ###
|
|
Configures a BIND DNS. Uses collection bodsch.dns.
|
|
NB DNS configuration comes from variable file.
|
|
|
|
### OPNSense ###
|
|
Configures a OPNSense edge node features :
|
|
|
|
- BIND DNS
|
|
- FIREWALL
|
|
- Wireguard VPN
|
|
|
|
NB runs locally so python intepreter needs to be specified
|
|
E.g. `ansible-playbook -i inventories/sifi.yaml playbooks/opnsense.yaml --extra-vars="ansible_python_interpreter=$(which python)"
|
|
`
|
|
|
|
## Inventories
|
|
|
|
### Main Lab
|
|
Main lab used for experimenting and development [check](main-lab)
|
|
|
|
### Externals
|
|
Management of extra infra nodes [check](non-infra)
|
|
|
|
### Production
|
|
Management of production services, beware!
|
|
|
|
Hosts are commented by default
|
|
|
|
|
|
### Sifi
|
|
Macchine per il gruppo di lavoro Sistemi Fiscali
|
|
|
|
|
|
### Prox1_lab
|
|
Prox mox laboratory
|
|
|
|
|
|
|
|
## TODO
|
|
* K8s cluster
|
|
* Ensure micro on operating nodes
|
|
* Swarm clusters
|
|
* Enabling
|
|
* Bind
|
|
* CEPH storage
|
|
* Monitoring
|
|
* Nagios
|
|
* Swarm 1
|
|
|
|
* GOD
|
|
* terraform
|
|
* ansible
|
|
* puppetmaster
|
|
* ...
|