diff --git a/connection_plugins/ssh_lxc.py b/connection_plugins/ssh_lxc.py index 0839c94..c50d779 100644 --- a/connection_plugins/ssh_lxc.py +++ b/connection_plugins/ssh_lxc.py @@ -46,6 +46,7 @@ DOCUMENTATION = ''' - name: ansible_lxc_name - name: ansible_ssh_lxc_name - name: ansible_docker_extra_args + - name: vm_name type: str host_key_checking: description: Determines if ssh should check host keys diff --git a/hosts.example b/hosts.example index 9d754a7..3c1f5b0 100644 --- a/hosts.example +++ b/hosts.example @@ -9,9 +9,9 @@ authorities_request ansible_host=10.150.40.8 ansible_user=request black ansible_host=10.150.40.42 ansible_user=root vg_name=black-vg ca ansible_host=10.150.40.8 ansible_user=root -# LXC GUEST ------------------------------------------------------------------ ------ -#blogs ansible_host=10.150.42.17 ansible_user=root ansible_lxc_host=black ansible_lxc_name=blogs -ldap ansible_host=10.150.42.10 ansible_user=root ansible_lxc_host=black ansible_lxc_name=ldap +# LXC GUEST ------------------------------------------------------------------ +#blogs ansible_host=10.150.42.17 ansible_user=root ansible_lxc_host=black +ldap ansible_host=10.150.42.10 ansible_user=root ansible_lxc_host=black #lists ansible_host=10.150.42.15 ansible_user=root #login ansible_host=10.150.42.100 ansible_user=root #mail ansible_host=10.150.42.36 ansible_user=root diff --git a/ldap.yaml b/ldap.yaml index c841223..6bbc3b5 100644 --- a/ldap.yaml +++ b/ldap.yaml @@ -1,17 +1,43 @@ --- -- hosts: biff - roles: - - role: lxc_guest - vm_name: ldap - - role: ssh_server - ansible_connection: ssh_lxc - ansible_ssh_lxc_name: ldap +# 1) Deploy the lxc container(s) +- hosts: ldap + # The host may not exist yet: do not gather facts + gather_facts: false + tags: + - lxc + tasks: + # Delegate lxc container deployment to `ansible_lxc_host` + - import_role: name='lxc_guest' + vars: + vm_name: '{{ inventory_hostname }}' + vm_size: '1G' + vg_name: '{{ hostvars[ansible_lxc_host]["vg_name"] }}' + delegate_to: '{{ ansible_lxc_host }}' + # The host may not be directly reachable: use `ssh_lxc` proxy to + # gather facts (setup) and configure SSH. + - set_fact: ansible_connection='ssh_lxc' + - setup: + - include_role: name='ssh_server' + # Now the host should be ssh-reachable + - set_fact: ansible_connection='ssh' + +# 2) Deploy LDAP server(s) - hosts: ldap roles: - role: dns_record - role: ldap ldap_domain: 'lilik.it' ldap_organization: 'LILiK' + fqdn_domain: 'dmz.{{ domain }}' + x509_suffix: 'o=LILiK,l=Firenze,st=IT' + virtual_domains: + - '{{ domain }}' + # Default values: + #ldap_tls_enabled: true + #renew_rootdn_pw: true + #check_tree: true + +# 3) Enable monitoring - hosts: status roles: - role: icinga2-monitoring diff --git a/projects.yaml b/projects.yaml index f17d696..b28391e 100644 --- a/projects.yaml +++ b/projects.yaml @@ -1,17 +1,27 @@ --- -- hosts: emmett - roles: - - role: lxc_guest - vm_name: projects2 - - role: ssh_server - ansible_connection: ssh_lxc - ansible_ssh_lxc_name: projects2 -- hosts: projects2 +- hosts: projects + gather_facts: false + tags: + - lxc + tasks: + - import_role: name='lxc_guest' + vars: + vm_name: '{{ inventory_hostname }}' + vm_size: '4G' + vg_name: '{{ hostvars[ansible_lxc_host]["vg_name"] }}' + delegate_to: '{{ ansible_lxc_host }}' + - set_fact: ansible_connection='ssh_lxc' + - setup: + - include_role: name='ssh_server' + - set_fact: ansible_connection='ssh' + +- hosts: projects roles: - role: dns_record - role: reverse_proxy - hostname: projects2 + hostname: projects - role: gitlab + - hosts: status roles: - role: icinga2-monitoring