our infrastructure using Ansible
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Go to file
kiara 4b07da1c4f ssh keys: virjanand
Signed-off-by: kiara <kiara@bij1.org>
1 month ago
.git-crypt Add 1 git-crypt collaborator 1 month ago
ansible ssh keys: virjanand 1 month ago
.debops.cfg check-disk-space, closes #16 (#14) 8 months ago
.gitattributes test configuration 1 year ago
.gitignore test configuration 1 year ago
README.md linted readme 2 months ago
manifest.scm update debops guix package 3 months ago
poetry.lock switch pip out to poetry for reproducibility 5 months ago
pyproject.toml switch pip out to poetry for reproducibility 5 months ago

README.md

BIJ1 ansible infrastructure

usage

Prerequisites

Install packages

poetry install

Guix

All dependencies are also defined in a Guix manifest, which can alternatively be used to create an environment containing those:

guix shell

Secrets

To unlock secrets when you want to use this repo:

git crypt unlock

To lock them again after you finish:

git crypt lock

Bootstapping servers

Add any hosts to bootstap to the ansible/inventory/hosts file.

Then, to bootstrap the server $HOST_NAME run:

poetry run debops run bootstrap -l $HOST_NAME -e 'ansible_user=root netbase__hostname_config_enabled=false'
poetry run debops run common -l $HOST_NAME -e 'netbase__hostname_config_enabled=false'

After bootstrapping, you can run:

poetry run debops run common -l $HOST_NAME
poetry run debops run net -l $HOST_NAME
poetry run debops run site -l $HOST_NAME

If you'd like to rerun a single service, e.g. python for a log mention of debops.debops.python, run:

poetry run debops run service/$SERVICE -l $HOST_NAME

To get the node on the internal network, on the node in question run:

sudo rm -rf /etc/network/interfaces.d/old-interfaces
sudo cp /etc/network/interfaces.config.d/* /etc/network/interfaces.d/
sudo reboot

scope

Ansible - debops wordt nu gebruikt voor het regelen van o.a.:

  • message of the day (motd) die je in de terminal ziet bij het inloggen
  • server root wachtwoorden
  • firewall gaten
  • package updates

nog niet de gehele setups zijn reproducible. wat ook nog handmatig kan:

  • packages installeren
  • user accounts
  • sudo rechten
  • ssh keys