kiara
c971e1c1ff
Co-authored-by: Arjan Adriaanse <arjan@adriaan.se> Co-authored-by: Kiara Grouwstra <kiara@bij1.org> Reviewed-on: #17 |
||
|---|---|---|
| .git-crypt | ||
| ansible | ||
| .debops.cfg | ||
| .gitattributes | ||
| .gitignore | ||
| Pipfile | ||
| Pipfile.lock | ||
| README.md | ||
| manifest.scm | ||
| requirements.txt | ||
| tabe-key.asc | ||
README.md
BIJ1 ansible infrastructure
usage
Prerequisites
Install packages
pip3 install -r requirements.txt
DebOps 3.0.3 monkeypatch
https://github.com/debops/debops/issues/2197
Guix
All dependencies are also defined in a Guix manifest, which can alternatively be used to create an environment containing those:
guix shell
Secrets
To unlock secrets when you want to use this repo:
git crypt unlock
To lock them again after you finish:
git crypt lock
Bootstapping servers
Add any hosts to bootstap to the ansible/inventory/hosts file.
Then, to bootstrap the server $HOST_NAME run:
debops run bootstrap -l $HOST_NAME -e 'ansible_user=root netbase__hostname_config_enabled=false'
debops run common -l $HOST_NAME -e 'netbase__hostname_config_enabled=false'
After bootstrapping, you can run:
debops run common -l $HOST_NAME
debops run net -l $HOST_NAME
debops run site -l $HOST_NAME
If you'd like to rerun a single service,
e.g. python for a log mention of debops.debops.python,
run:
debops run service/$SERVICE -l $HOST_NAME
To get the node on the internal network, on the node in question run:
sudo rm -rf /etc/network/interfaces.d/old-interfaces
sudo cp /etc/network/interfaces.config.d/* /etc/network/interfaces.d/
sudo reboot
scope
Ansible wordt nu gebruikt voor het regelen van o.a.:
- message of the day (
motd) die je in de terminal ziet bij het inloggen - server root wachtwoorden
- firewall gaten
- package updates
nog niet de gehele setups zijn reproducible. wat ook nog handmatig kan:
- packages installeren
- user accounts
- sudo rechten
- ssh keys