83 lines
1.7 KiB
Markdown
83 lines
1.7 KiB
Markdown
# BIJ1 ansible infrastructure
|
|
|
|
## usage
|
|
|
|
### Prerequisites
|
|
|
|
- [git-crypt](https://www.agwa.name/projects/git-crypt/)
|
|
- [Python](https://python.org/) 3
|
|
- [Poetry](https://python-poetry.org/)
|
|
- target servers: best tested with Debian GNU/Linux 11 (bullseye)
|
|
|
|
### Install packages
|
|
|
|
```bash
|
|
poetry install
|
|
```
|
|
|
|
### Secrets
|
|
|
|
To unlock secrets when you want to use this repo:
|
|
|
|
```bash
|
|
git crypt unlock
|
|
```
|
|
|
|
To lock them again after you finish:
|
|
|
|
```bash
|
|
git crypt lock
|
|
```
|
|
|
|
### Bootstapping servers
|
|
|
|
Add any hosts to bootstap to the `ansible/inventory/hosts` file.
|
|
|
|
Then, to bootstrap the server `$HOST_NAME` run:
|
|
|
|
```bash
|
|
poetry run debops run bootstrap -l $HOST_NAME -e 'ansible_user=root netbase__hostname_config_enabled=false'
|
|
poetry run debops run common -l $HOST_NAME -e 'netbase__hostname_config_enabled=false'
|
|
```
|
|
|
|
After bootstrapping, you can run:
|
|
|
|
```bash
|
|
poetry run debops run common -l $HOST_NAME
|
|
poetry run debops run net -l $HOST_NAME
|
|
poetry run debops run site -l $HOST_NAME
|
|
```
|
|
|
|
If you'd like to rerun a single service,
|
|
e.g. `python` for a log mention of `debops.debops.python`,
|
|
run:
|
|
|
|
```bash
|
|
poetry run debops run service/$SERVICE -l $HOST_NAME
|
|
```
|
|
|
|
To get the node on the internal network, on the node in question run:
|
|
|
|
```bash
|
|
sudo rm -rf /etc/network/interfaces.d/old-interfaces
|
|
sudo cp /etc/network/interfaces.config.d/* /etc/network/interfaces.d/
|
|
sudo reboot
|
|
```
|
|
|
|
## scope
|
|
|
|
Ansible - debops wordt nu gebruikt voor het regelen van o.a.:
|
|
|
|
- message of the day (`motd`) die je in de terminal ziet bij het inloggen
|
|
- server root wachtwoorden
|
|
- firewall gaten
|
|
- package updates
|
|
|
|
nog niet de gehele setups zijn reproducible.
|
|
wat ook nog handmatig kan:
|
|
|
|
- packages installeren
|
|
- user accounts
|
|
- sudo rechten
|
|
- ssh keys
|