WIP: improving Ansible config while I install my HammerHead

This commit is contained in:
LUXEY Adrien 2021-03-23 16:57:10 +01:00
parent 472384d403
commit 005a027fcb
7 changed files with 60 additions and 26 deletions

View file

@ -12,6 +12,7 @@ cluster_nodes:
dns_1: 212.27.40.240 dns_1: 212.27.40.240
dns_2: 212.27.40.241 dns_2: 212.27.40.241
ansible_python_interpreter: python3 ansible_python_interpreter: python3
ssh_port: 22
digitale: digitale:
ansible_host: atuin.site.deuxfleurs.fr ansible_host: atuin.site.deuxfleurs.fr
@ -25,6 +26,7 @@ cluster_nodes:
dns_1: 212.27.40.240 dns_1: 212.27.40.240
dns_2: 212.27.40.241 dns_2: 212.27.40.241
ansible_python_interpreter: python3 ansible_python_interpreter: python3
ssh_port: 22
drosera: drosera:
ansible_host: atuin.site.deuxfleurs.fr ansible_host: atuin.site.deuxfleurs.fr
@ -38,6 +40,7 @@ cluster_nodes:
dns_1: 212.27.40.240 dns_1: 212.27.40.240
dns_2: 212.27.40.241 dns_2: 212.27.40.241
ansible_python_interpreter: python3 ansible_python_interpreter: python3
ssh_port: 22
io: io:
ansible_host: jupiter.site.deuxfleurs.fr ansible_host: jupiter.site.deuxfleurs.fr
@ -51,3 +54,4 @@ cluster_nodes:
dns_1: 109.0.66.20 dns_1: 109.0.66.20
dns_2: 109.0.66.10 dns_2: 109.0.66.10
ansible_python_interpreter: python3 ansible_python_interpreter: python3
ssh_port: 22

View file

@ -46,11 +46,40 @@
#- libnss-resolve # provides DNS/LLMNR utilities via systemd-resolved #- libnss-resolve # provides DNS/LLMNR utilities via systemd-resolved
state: present state: present
# Install Docker if need be
- name: Check if Docker is installed
command: 'which docker'
args:
warn: no
register: docker_exists
changed_when: docker_exists.rc != 0
ignore_errors: true
- name: "Install Docker"
include_tasks: docker.yml
when: docker_exists.rc != 0
# Install Nomad & Consul if need be
- name: Check if Nomad is installed
command: 'which nomad'
args:
warn: no
register: nomad_exists
changed_when: nomad_exists.rc != 0
ignore_errors: true
- name: "Install Nomad & Consul"
include_tasks: hashicorp.yml
when: nomad_exists.rc != 0
- name: "Passwordless sudo" - name: "Passwordless sudo"
lineinfile: lineinfile:
path: /etc/sudoers path: /etc/sudoers
state: present state: present
regexp: '^%sudo' regexp: '^%sudo'
line: '%sudo ALL=(ALL) NOPASSWD: ALL' line: '%sudo ALL=(ALL) NOPASSWD: ALL'
validate: 'visudo -cf %s' validate: 'visudo -cf %s'

View file

@ -1,14 +1,14 @@
- name: "Set consul version" # - name: "Set consul version"
set_fact: # set_fact:
consul_version: 1.9.1 # consul_version: 1.9.1
- name: "Download and install Consul for x86_64" # - name: "Download and install Consul for x86_64"
unarchive: # unarchive:
src: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_amd64.zip" # src: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_amd64.zip"
dest: /usr/local/bin # dest: /usr/local/bin
remote_src: yes # remote_src: yes
when: # when:
- "ansible_architecture == 'x86_64'" # - "ansible_architecture == 'x86_64'"
- name: "Create consul configuration directory" - name: "Create consul configuration directory"
file: path=/etc/consul/ state=directory file: path=/etc/consul/ state=directory

View file

@ -7,10 +7,10 @@
-A INPUT -p icmp -j ACCEPT -A INPUT -p icmp -j ACCEPT
# Administration # Administration
-A INPUT -p tcp --dport 22 -j ACCEPT -A INPUT -p tcp --dport {{ hostvars[selected_host]['ssh_port'] }} -j ACCEPT
# Diplonat needs everything open to communicate with IGD with the router # Diplonat needs everything open to communicate with IGD with the router
-A INPUT -s 192.168.1.254 -j ACCEPT -A INPUT -s {{ hostvars[selected_host]['gatewayv4'] }} -j ACCEPT
# Cluster # Cluster
{% for selected_host in groups['cluster_nodes'] %} {% for selected_host in groups['cluster_nodes'] %}

View file

@ -13,7 +13,7 @@
-A INPUT -p ipv6-icmp -j ACCEPT -A INPUT -p ipv6-icmp -j ACCEPT
# Administration # Administration
-A INPUT -p tcp --dport 22 -j ACCEPT -A INPUT -p tcp --dport {{ hostvars[selected_host]['ssh_port'] }} -j ACCEPT
# Cluster # Cluster
{% for selected_host in groups['cluster_nodes'] %} {% for selected_host in groups['cluster_nodes'] %}
@ -36,6 +36,8 @@
-A DEUXFLEURS-TRUSTED-NET -s 2a02:8428:81d6:6901::0/64 -j DEUXFLEURS-TRUSTED-PORT -A DEUXFLEURS-TRUSTED-NET -s 2a02:8428:81d6:6901::0/64 -j DEUXFLEURS-TRUSTED-PORT
# ADRN@Gandi # ADRN@Gandi
-A DEUXFLEURS-TRUSTED-NET -s 2001:4b98:dc0:41:216:3eff:fe9b:1afb/128 -j DEUXFLEURS-TRUSTED-PORT -A DEUXFLEURS-TRUSTED-NET -s 2001:4b98:dc0:41:216:3eff:fe9b:1afb/128 -j DEUXFLEURS-TRUSTED-PORT
# ADRN@Kimsufi
-A DEUXFLEURS-TRUSTED-NET -s 2001:41d0:8:ba0b::1/64 -j DEUXFLEURS-TRUSTED-PORT
# Quentin@Rennes # Quentin@Rennes
-A DEUXFLEURS-TRUSTED-NET -s 2a01:e35:2fdc:dbe0::0/64 -j DEUXFLEURS-TRUSTED-PORT -A DEUXFLEURS-TRUSTED-NET -s 2a01:e35:2fdc:dbe0::0/64 -j DEUXFLEURS-TRUSTED-PORT
# Source address is not trusted # Source address is not trusted

View file

@ -1,14 +1,14 @@
- name: "Set nomad version" # - name: "Set nomad version"
set_fact: # set_fact:
nomad_version: 1.0.2 # nomad_version: 1.0.2
- name: "Download and install Nomad for x86_64" # - name: "Download and install Nomad for x86_64"
unarchive: # unarchive:
src: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_amd64.zip" # src: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_amd64.zip"
dest: /usr/local/bin # dest: /usr/local/bin
remote_src: yes # remote_src: yes
when: # when:
- "ansible_architecture == 'x86_64'" # - "ansible_architecture == 'x86_64'"
- name: "Create Nomad configuration directory" - name: "Create Nomad configuration directory"
file: path=/etc/nomad/ state=directory file: path=/etc/nomad/ state=directory

View file

@ -10,7 +10,6 @@ active_users:
is_admin: true is_admin: true
ssh_keys: ssh_keys:
- 'alex-key1.pub' - 'alex-key1.pub'
#- 'alex-key2.pub'
- 'alex-key3.pub' - 'alex-key3.pub'
- username: 'maximilien' - username: 'maximilien'