netz39-infra-ansible/README.md

# Ansible configuration for the Netz39 infrastructure

This call lists all hosts defined in the inventory:

```bash
ansible all --list-hosts
```

## Setup

```bash
ansible-galaxy install -r requirements.yml
```

## Setup SSH Access to hosts

```bash
LOGUSER=<loguser>
SSH_KEY=<absolute/path/to/ssh/private/key>
ansible-playbook setup-ssh.yml --ask-vault-pass -e "setup_ssh_logname=$LOGUSER" -e "setup_ssh_key=$SSH_KEY"
```

## Edit vault encrypted vars files

```bash
ansible-vault edit group_vars/all/vault
```

## Call with

```bash
ansible-playbook --ask-vault-pass main.yml
```

You need to provide a user with sudo rights and the vault password.

## Verify Changes

```bash
ansible-lint main.yml
ansible-playbook --ask-vault-pass main.yml --check --diff
```

## HTTPS ingress configuration

HTTPS ingress is controlled by the server [holmium](https://wiki.netz39.de/admin:servers:holmium) and forwarded to the configured servers.

To set up a new HTTPS vhost, the following steps need to be taken:

1. Select a domain (for internal services we use sub-domains of `.n39.eu`).
2. Create an external CNAME from this domain to `dyndns.n39.eu`.
3. Create an internal DNS entry in the [Descartes DNS config](https://git.n39.eu/Netz39_Admin/config.descartes/src/branch/prepare/dns_dhcp.txt). This is usually an alias on an existing server.
4. Add the entry to the [holmium playbook](holmium.yml).
5. Set up Dehydrated and vhost on the target host, e.g. using `setup_http_site_proxy`.

Do not forget to execute all playbooks with relevant changes.
Update the readme file 2020-12-09 19:41:44 +01:00			`# Ansible configuration for the Netz39 infrastructure`
Initial commit 2020-11-23 16:25:02 +01:00
readme: Remove host list This list has proven to be hard to maintain (not because it is especially difficult, but people simply tend to forget it). So we give some hints instead now and avoid duplicate information. Suggested-by: Stefan Haun <tux@netz39.de> References: !55 2022-07-23 22:03:41 +02:00			`This call lists all hosts defined in the inventory:`
readme: Add missing hosts Found with this command: ansible -i inventory.yml all --list-hosts Fixes: 6028ad4e6c6c ("Merge pull request 'Add VM krypton' (!42) from krypton into master") Fixes: 893d56c56a75 ("Merge pull request 'add host oganesson' (!52) from oganesson into master") 2022-07-23 10:57:02 +02:00
readme: Remove host list This list has proven to be hard to maintain (not because it is especially difficult, but people simply tend to forget it). So we give some hints instead now and avoid duplicate information. Suggested-by: Stefan Haun <tux@netz39.de> References: !55 2022-07-23 22:03:41 +02:00			```bash
docs: add command to verify changes 2022-11-11 20:28:59 +01:00			`ansible all --list-hosts`
readme: Remove host list This list has proven to be hard to maintain (not because it is especially difficult, but people simply tend to forget it). So we give some hints instead now and avoid duplicate information. Suggested-by: Stefan Haun <tux@netz39.de> References: !55 2022-07-23 22:03:41 +02:00			```
Update the readme file 2020-12-09 19:41:44 +01:00
			`## Setup`
add a playbook to configure ssh to use the ssh gateway for the internal systems 2022-11-04 22:53:56 +01:00
Readme: how to install dependencies 2020-11-24 19:39:46 +01:00			```bash
			`ansible-galaxy install -r requirements.yml`
			```

add a playbook to configure ssh to use the ssh gateway for the internal systems 2022-11-04 22:53:56 +01:00			`## Setup SSH Access to hosts`

			```bash
			`LOGUSER=<loguser>`
			`SSH_KEY=<absolute/path/to/ssh/private/key>`
			`ansible-playbook setup-ssh.yml --ask-vault-pass -e "setup_ssh_logname=$LOGUSER" -e "setup_ssh_key=$SSH_KEY"`
			```

doc: add vault editing to README.md 2022-11-01 18:31:10 +01:00			`## Edit vault encrypted vars files`
add a playbook to configure ssh to use the ssh gateway for the internal systems 2022-11-04 22:53:56 +01:00
doc: add vault editing to README.md 2022-11-01 18:31:10 +01:00			```bash
			`ansible-vault edit group_vars/all/vault`
			```

Update the readme file 2020-12-09 19:41:44 +01:00			`## Call with`
add a playbook to configure ssh to use the ssh gateway for the internal systems 2022-11-04 22:53:56 +01:00
Initial commit 2020-11-23 16:25:02 +01:00			```bash
docs: add command to verify changes 2022-11-11 20:28:59 +01:00			`ansible-playbook --ask-vault-pass main.yml`
Initial commit 2020-11-23 16:25:02 +01:00			```

Cleanup README 2020-11-25 17:02:34 +01:00			`You need to provide a user with sudo rights and the vault password.`
Add section in README to explain HTTPS ingress setup 2022-08-27 16:12:21 +02:00
docs: add command to verify changes 2022-11-11 20:28:59 +01:00			`## Verify Changes`

			```bash
			`ansible-lint main.yml`
			`ansible-playbook --ask-vault-pass main.yml --check --diff`
			```

Add section in README to explain HTTPS ingress setup 2022-08-27 16:12:21 +02:00			`## HTTPS ingress configuration`

			`HTTPS ingress is controlled by the server [holmium](https://wiki.netz39.de/admin:servers:holmium) and forwarded to the configured servers.`

			`To set up a new HTTPS vhost, the following steps need to be taken:`

			1. Select a domain (for internal services we use sub-domains of `.n39.eu`).
			2. Create an external CNAME from this domain to `dyndns.n39.eu`.
🧱: change git url to git.n39.eu 2023-08-23 07:57:41 +02:00			`3. Create an internal DNS entry in the [Descartes DNS config](https://git.n39.eu/Netz39_Admin/config.descartes/src/branch/prepare/dns_dhcp.txt). This is usually an alias on an existing server.`
Add section in README to explain HTTPS ingress setup 2022-08-27 16:12:21 +02:00			`4. Add the entry to the [holmium playbook](holmium.yml).`
fix: rename role setup-http-site-proxy to resolve ansible lint warning 106 2022-10-23 22:55:09 +02:00			5. Set up Dehydrated and vhost on the target host, e.g. using `setup_http_site_proxy`.
Add section in README to explain HTTPS ingress setup 2022-08-27 16:12:21 +02:00
			`Do not forget to execute all playbooks with relevant changes.`