Ansible configuration for the Netz39 infrastructure
Find a file
Alexander Dahl 366ef720af ⬆️ Bump role version to v0.2.1
Execution of the playbook failed like this before:

    TASK [lespocky.telegraf_docker_in_docker : Copy telegraf docker_input_agent conf] ************************************************************************************************
    fatal: [unicorn.n39.eu]: FAILED! => changed=false
      checksum: 3230d394872351730e265778639936912c9f1030
      msg: Destination directory /etc/telegraf does not exist
    fatal: [krypton.n39.eu]: FAILED! => changed=false
      checksum: 3230d394872351730e265778639936912c9f1030
      msg: Destination directory /etc/telegraf does not exist
    fatal: [radon.n39.eu]: FAILED! => changed=false
      checksum: 3230d394872351730e265778639936912c9f1030
      msg: Destination directory /etc/telegraf does not exist
    fatal: [pottwal.n39.eu]: FAILED! => changed=false
      checksum: 3230d394872351730e265778639936912c9f1030
      msg: Destination directory /etc/telegraf does not exist

That was a bug in the role, which was fixed with release v0.2.1.

Link: https://github.com/LeSpocky/ansible-role-telegraf-docker-in-docker/issues/15
2023-01-11 18:26:33 +01:00
files 🔧 prosody: Remove legacy TLS options 2022-12-22 11:19:33 +01:00
group_vars 🐳 Add telegraf container for Docker metrics in influxdb 2023-01-10 06:26:14 +01:00
host_vars 👌 pottwal: Move prosody config to /etc 2022-12-22 11:19:33 +01:00
roles 🐢 Show some appreciation 2022-11-22 18:49:39 +01:00
templates 🔧 Clarify naming of ssh jump host groups 2023-01-10 06:15:52 +01:00
.editorconfig Add EditorConfig configuration file 2022-01-08 13:25:36 +01:00
.mailmap 📝 mailmap: Expand alias to real name 2022-12-31 10:43:16 +01:00
.yamllint 🚨 yamllint: Ignore line-length warnings 2022-11-18 08:58:19 +01:00
ansible.cfg feat: add nicer rendering to ansible config 2022-10-24 16:33:16 +00:00
configure-grafana.yml update requirements.yml to correctly install collection 2022-11-12 15:31:51 +01:00
group-all.yml 🐛 Fix origin for unattended-upgrades 2022-11-24 16:03:02 +01:00
group-docker_host.yml 🐳 Add telegraf container for Docker metrics in influxdb 2023-01-10 06:26:14 +01:00
group-proxmox.yml 🚚 Rename group playbooks to group-* 2022-11-04 22:35:41 +01:00
host-beaker.yml feat: add admins to proxmox user permissions file 2022-11-11 14:56:02 +01:00
host-hobbes.yml Setup grafana kiosk on hobbes.n39.eu 2022-11-13 17:13:34 +01:00
host-holmium.yml add https ingress for grafana 2022-11-11 14:52:37 +01:00
host-krypton.yml 🔧 Move docker_setup role application to group playbook 2022-12-21 19:00:22 +01:00
host-oganesson.yml 🚚 Rename host playbooks to host-* 2022-11-04 22:34:37 +01:00
host-platon.yml Install jq on platon 2023-01-09 15:49:17 +01:00
host-pottwal.yml 🔨 Move influxdb org to variable 2023-01-10 06:19:52 +01:00
host-radon.yml 🔧 Move docker_setup role application to group playbook 2022-12-21 19:00:22 +01:00
host-tau.yml 🔧 Move docker_setup role application to group playbook 2022-12-21 19:00:22 +01:00
host-unicorn.yml 🔧 Move docker_setup role application to group playbook 2022-12-21 19:00:22 +01:00
inventory.yml 🔧 Clarify naming of ssh jump host groups 2023-01-10 06:15:52 +01:00
main.yml 🔧 Move docker_setup role application to group playbook 2022-12-21 19:00:22 +01:00
README.md Merge pull request 'docs: add command to verify changes' (!112) from add-verification-docs into master 2022-11-12 15:43:51 +01:00
requirements.yml ⬆️ Bump role version to v0.2.1 2023-01-11 18:26:33 +01:00
setup-ssh.yml 🚨 Fix new-line-at-end-of-file warnings 2022-11-18 08:50:33 +01:00

Ansible configuration for the Netz39 infrastructure

This call lists all hosts defined in the inventory:

ansible all --list-hosts

Setup

ansible-galaxy install -r requirements.yml

Setup SSH Access to hosts

LOGUSER=<loguser>
SSH_KEY=<absolute/path/to/ssh/private/key>
ansible-playbook setup-ssh.yml --ask-vault-pass -e "setup_ssh_logname=$LOGUSER" -e "setup_ssh_key=$SSH_KEY"

Edit vault encrypted vars files

ansible-vault edit group_vars/all/vault

Call with

ansible-playbook --ask-vault-pass main.yml

You need to provide a user with sudo rights and the vault password.

Verify Changes

ansible-lint main.yml
ansible-playbook --ask-vault-pass main.yml --check --diff

HTTPS ingress configuration

HTTPS ingress is controlled by the server holmium and forwarded to the configured servers.

To set up a new HTTPS vhost, the following steps need to be taken:

  1. Select a domain (for internal services we use sub-domains of .n39.eu).
  2. Create an external CNAME from this domain to dyndns.n39.eu.
  3. Create an internal DNS entry in the Descartes DNS config. This is usually an alias on an existing server.
  4. Add the entry to the holmium playbook.
  5. Set up Dehydrated and vhost on the target host, e.g. using setup_http_site_proxy.

Do not forget to execute all playbooks with relevant changes.