netz39-infra-ansible/README.md

# Ansible configuration for the Netz39 infrastructure

This call lists all hosts defined in the inventory:

```bash
ansible -i inventory.yml all --list-hosts
```

## Setup
```bash
ansible-galaxy install -r requirements.yml
```

## Call with
```bash
ansible-playbook -i inventory.yml --ask-vault-pass main.yml
```

You need to provide a user with sudo rights and the vault password.

## HTTPS ingress configuration

HTTPS ingress is controlled by the server [holmium](https://wiki.netz39.de/admin:servers:holmium) and forwarded to the configured servers.

To set up a new HTTPS vhost, the following steps need to be taken:

1. Select a domain (for internal services we use sub-domains of `.n39.eu`).
2. Create an external CNAME from this domain to `dyndns.n39.eu`.
3. Create an internal DNS entry in the [Descartes DNS config](https://gitea.n39.eu/Netz39_Admin/config.descartes/src/branch/prepare/dns_dhcp.txt). This is usually an alias on an existing server.
4. Add the entry to the [holmium playbook](holmium.yml).
5. Set up Dehydrated and vhost on the target host, e.g. using `setup-http-site-proxy`.

Do not forget to execute all playbooks with relevant changes.
Update the readme file 2020-12-09 19:41:44 +01:00			`# Ansible configuration for the Netz39 infrastructure`
Initial commit 2020-11-23 16:25:02 +01:00
readme: Remove host list This list has proven to be hard to maintain (not because it is especially difficult, but people simply tend to forget it). So we give some hints instead now and avoid duplicate information. Suggested-by: Stefan Haun <tux@netz39.de> References: !55 2022-07-23 22:03:41 +02:00			`This call lists all hosts defined in the inventory:`
readme: Add missing hosts Found with this command: ansible -i inventory.yml all --list-hosts Fixes: 6028ad4e6c6c ("Merge pull request 'Add VM krypton' (!42) from krypton into master") Fixes: 893d56c56a75 ("Merge pull request 'add host oganesson' (!52) from oganesson into master") 2022-07-23 10:57:02 +02:00
readme: Remove host list This list has proven to be hard to maintain (not because it is especially difficult, but people simply tend to forget it). So we give some hints instead now and avoid duplicate information. Suggested-by: Stefan Haun <tux@netz39.de> References: !55 2022-07-23 22:03:41 +02:00			```bash
			`ansible -i inventory.yml all --list-hosts`
			```
Update the readme file 2020-12-09 19:41:44 +01:00
			`## Setup`
Readme: how to install dependencies 2020-11-24 19:39:46 +01:00			```bash
			`ansible-galaxy install -r requirements.yml`
			```

Update the readme file 2020-12-09 19:41:44 +01:00			`## Call with`
Initial commit 2020-11-23 16:25:02 +01:00			```bash
inventory: Rename file to add file extension This is a YAML file, make ansible-lint (and me) happy and add a proper file extension. Also helps editors to pick correct syntax highlighting. 2022-07-22 06:52:02 +02:00			`ansible-playbook -i inventory.yml --ask-vault-pass main.yml`
Initial commit 2020-11-23 16:25:02 +01:00			```

Cleanup README 2020-11-25 17:02:34 +01:00			`You need to provide a user with sudo rights and the vault password.`
Add section in README to explain HTTPS ingress setup 2022-08-27 16:12:21 +02:00
			`## HTTPS ingress configuration`

			`HTTPS ingress is controlled by the server [holmium](https://wiki.netz39.de/admin:servers:holmium) and forwarded to the configured servers.`

			`To set up a new HTTPS vhost, the following steps need to be taken:`

			1. Select a domain (for internal services we use sub-domains of `.n39.eu`).
			2. Create an external CNAME from this domain to `dyndns.n39.eu`.
			`3. Create an internal DNS entry in the [Descartes DNS config](https://gitea.n39.eu/Netz39_Admin/config.descartes/src/branch/prepare/dns_dhcp.txt). This is usually an alias on an existing server.`
			`4. Add the entry to the [holmium playbook](holmium.yml).`
			5. Set up Dehydrated and vhost on the target host, e.g. using `setup-http-site-proxy`.

			`Do not forget to execute all playbooks with relevant changes.`