Kiara Grouwstra
47b55889b7
|
||
|---|---|---|
| .git-crypt | ||
| ansible | ||
| .debops.cfg | ||
| .gitattributes | ||
| .gitignore | ||
| README.md | ||
| manifest.scm | ||
| poetry.lock | ||
| pyproject.toml | ||
README.md
BIJ1 ansible infrastructure
usage
Prerequisites
Install packages
poetry install
ansible-galaxy install -p ansible/playbooks/roles -r ansible/collections/requirements.yml
Guix
All dependencies are also defined in a Guix manifest, which can alternatively be used to create an environment containing those:
guix shell
Secrets
To unlock secrets when you want to use this repo:
git crypt unlock
To lock them again after you finish:
git crypt lock
Bootstapping servers
Add any hosts to bootstap to the ansible/inventory/hosts file.
Then, to bootstrap the server $HOST_NAME run:
poetry run debops run bootstrap -l $HOST_NAME -e 'ansible_user=root netbase__hostname_config_enabled=false'
poetry run debops run common -l $HOST_NAME -e 'netbase__hostname_config_enabled=false'
After bootstrapping, you can run:
poetry run debops run common -l $HOST_NAME
poetry run debops run net -l $HOST_NAME
poetry run debops run site -l $HOST_NAME
If you'd like to rerun a single service,
e.g. python for a log mention of debops.debops.python,
run:
poetry run debops run service/$SERVICE -l $HOST_NAME
To get the node on the internal network, on the node in question run:
sudo rm -rf /etc/network/interfaces.d/old-interfaces
sudo cp /etc/network/interfaces.config.d/* /etc/network/interfaces.d/
sudo reboot
run backups
# poetry run debops run borgbackup -l static # are you root?
# poetry run debops run borgbackup -l static -e 'ansible_user=root' # host unreachable
scope
Ansible - debops wordt nu gebruikt voor het regelen van o.a.:
- message of the day (
motd) die je in de terminal ziet bij het inloggen - server root wachtwoorden
- firewall gaten
- package updates
nog niet de gehele setups zijn reproducible. wat ook nog handmatig kan:
- packages installeren
- user accounts
- sudo rechten
- ssh keys