Kiara Grouwstra eae071c078 | ||
---|---|---|
.git-crypt | ||
ansible | ||
.debops.cfg | ||
.gitattributes | ||
.gitignore | ||
README.md | ||
poetry.lock | ||
pyproject.toml | ||
shell.nix |
README.md
BIJ1 ansible infrastructure
usage
Prerequisites
Install packages
poetry install
Secrets
To unlock secrets when you want to use this repo:
git crypt unlock
To lock them again after you finish:
git crypt lock
Bootstapping servers
Add any hosts to bootstap to the ansible/inventory/hosts
file.
Then, to bootstrap the server $HOST_NAME
run:
poetry run debops run bootstrap -l $HOST_NAME -e 'ansible_user=root netbase__hostname_config_enabled=false'
poetry run debops run common -l $HOST_NAME -e 'netbase__hostname_config_enabled=false'
After bootstrapping, you can run:
poetry run debops run common -l $HOST_NAME
poetry run debops run net -l $HOST_NAME
poetry run debops run site -l $HOST_NAME
If you'd like to rerun a single service,
e.g. python
for a log mention of debops.debops.python
,
run:
poetry run debops run service/$SERVICE -l $HOST_NAME
To get the node on the internal network, on the node in question run:
sudo rm -rf /etc/network/interfaces.d/old-interfaces
sudo cp /etc/network/interfaces.config.d/* /etc/network/interfaces.d/
sudo reboot
scope
Ansible - debops wordt nu gebruikt voor het regelen van o.a.:
- message of the day (
motd
) die je in de terminal ziet bij het inloggen - server root wachtwoorden
- firewall gaten
- package updates
nog niet de gehele setups zijn reproducible. wat ook nog handmatig kan:
- packages installeren
- user accounts
- sudo rechten
- ssh keys