LILiK
/
lilik_playbook
5
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Playbooks to a new Lilik
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
478 Commits
12 Branches
967 KiB
Tree: 7c8cdbc0e7
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7c8cdbc0e7'
${ noResults }
lilik_playbook/host_ldap.yaml

39 lines
897 B
Raw Normal View History

Some playbooks full of joy.
9 years ago
lxc guest playbooks - common task files commont task to create lxc vm in separete file `prepare_lxc_host`, avoid redundancy of statements in each vm-specific playbook file. Playbooks updated to import `prepare_lxc_host`: - ldap - matrix - nextcloud - projects - status
5 years ago
playbook ldap with replication
4 years ago
connection/ssh_lxc: new style for containers Now which *host* is hosting a specific container is not defined in the playbook yaml file but centrally in the invetory under the `ansible_lxc_host` variable. The `lxc_guest` role is runned directly against the guest, even if it doesn't exist yet, and lxc tasks are delegated to the lxc-running physical host. In this way it should be easier to scale-up and configure multiple istance of a service on different containers without changing the playbook. Look at `/ldap.yaml` for a commented example.
5 years ago
style and variables refactoring - Coherent quotation style Single quotes for text variable (even if implicit), no quotes for variable and conditional statements, if not required. - Some useful tags added: * ssh_certs renewal of server SSH certificates and configuration of authorized CA. * tls_pub renewal of public TLS certificates (let's encrypt) and certbot configuration. * tls_int renewal of internal TLS certificates (service authorizations) and configuration of authorized internal CA. *(ToDo: deployment of Certificate Revokation Lists)* * lxc deployment of new containers (deployment of configuration file excluded, for instance change in ip address are always applied and trigger a container restart even if you skip this tag. * packages installation and upgrade of software packages (apt, opkg or tarballs) * service_password create new random password for services-only password, for routine rotation. Not meant to be skipped (some roles need to know the service password, so they do a rotation). - prepare_host - ssh_server - lxc_guest - ldap - gitlab - x509_subject_prefix - x509_ldap_suffix *Replaces:* x509_suffix in ldap.yaml - letsencrypt_email Used in roles/certbot and roles/gitlab - root_ca_cert *Replaces:* ssl_ca_cert and files/lilik_x1.crt New defaults: - ldap_domain | default: `${domain}` - server_fqdn | default: `${hostname}.dmz.${domain}` *Replaces:* fqdn_domain Removed: - fqdn_dmain - x509_suffix *Replaced by:* x509_ldap_suffix in common New defaults: - server_fqdn | default: `${hostname}.${domain}` *Replaces*: fqdn - ldap_domain | default: `${domain}` - ldap_server | default: `ldap1.dmz.${domain}` - ldap_basedn | default: `dn(${ldap_domain})` - enable_https | default: `true` New defaults: - server_fqdn | default: `${hostname}.${domain}`
5 years ago
playbook ldap with replication
4 years ago
Some playbooks full of joy.
9 years ago
style and variables refactoring - Coherent quotation style Single quotes for text variable (even if implicit), no quotes for variable and conditional statements, if not required. - Some useful tags added: * ssh_certs renewal of server SSH certificates and configuration of authorized CA. * tls_pub renewal of public TLS certificates (let's encrypt) and certbot configuration. * tls_int renewal of internal TLS certificates (service authorizations) and configuration of authorized internal CA. *(ToDo: deployment of Certificate Revokation Lists)* * lxc deployment of new containers (deployment of configuration file excluded, for instance change in ip address are always applied and trigger a container restart even if you skip this tag. * packages installation and upgrade of software packages (apt, opkg or tarballs) * service_password create new random password for services-only password, for routine rotation. Not meant to be skipped (some roles need to know the service password, so they do a rotation). - prepare_host - ssh_server - lxc_guest - ldap - gitlab - x509_subject_prefix - x509_ldap_suffix *Replaces:* x509_suffix in ldap.yaml - letsencrypt_email Used in roles/certbot and roles/gitlab - root_ca_cert *Replaces:* ssl_ca_cert and files/lilik_x1.crt New defaults: - ldap_domain | default: `${domain}` - server_fqdn | default: `${hostname}.dmz.${domain}` *Replaces:* fqdn_domain Removed: - fqdn_dmain - x509_suffix *Replaced by:* x509_ldap_suffix in common New defaults: - server_fqdn | default: `${hostname}.${domain}` *Replaces*: fqdn - ldap_domain | default: `${domain}` - ldap_server | default: `ldap1.dmz.${domain}` - ldap_basedn | default: `dn(${ldap_domain})` - enable_https | default: `true` New defaults: - server_fqdn | default: `${hostname}.${domain}`
5 years ago
connection/ssh_lxc: new style for containers Now which *host* is hosting a specific container is not defined in the playbook yaml file but centrally in the invetory under the `ansible_lxc_host` variable. The `lxc_guest` role is runned directly against the guest, even if it doesn't exist yet, and lxc tasks are delegated to the lxc-running physical host. In this way it should be easier to scale-up and configure multiple istance of a service on different containers without changing the playbook. Look at `/ldap.yaml` for a commented example.
5 years ago
playbook ldap with replication
4 years ago
connection/ssh_lxc: new style for containers Now which *host* is hosting a specific container is not defined in the playbook yaml file but centrally in the invetory under the `ansible_lxc_host` variable. The `lxc_guest` role is runned directly against the guest, even if it doesn't exist yet, and lxc tasks are delegated to the lxc-running physical host. In this way it should be easier to scale-up and configure multiple istance of a service on different containers without changing the playbook. Look at `/ldap.yaml` for a commented example.
5 years ago
Give Variable a Scope Refactoring Add role prefix to role specifig variable to avoid conflicts when using multiples role on the same machine on the same play.
5 years ago
lxc guest playbooks - common task files commont task to create lxc vm in separete file `prepare_lxc_host`, avoid redundancy of statements in each vm-specific playbook file. Playbooks updated to import `prepare_lxc_host`: - ldap - matrix - nextcloud - projects - status
5 years ago
playbook ldap with replication
4 years ago
connection/ssh_lxc: new style for containers Now which *host* is hosting a specific container is not defined in the playbook yaml file but centrally in the invetory under the `ansible_lxc_host` variable. The `lxc_guest` role is runned directly against the guest, even if it doesn't exist yet, and lxc tasks are delegated to the lxc-running physical host. In this way it should be easier to scale-up and configure multiple istance of a service on different containers without changing the playbook. Look at `/ldap.yaml` for a commented example.
5 years ago
lxc guest playbooks - common task files commont task to create lxc vm in separete file `prepare_lxc_host`, avoid redundancy of statements in each vm-specific playbook file. Playbooks updated to import `prepare_lxc_host`: - ldap - matrix - nextcloud - projects - status
5 years ago
add monitoring role to playbooks
7 years ago
style and variables refactoring - Coherent quotation style Single quotes for text variable (even if implicit), no quotes for variable and conditional statements, if not required. - Some useful tags added: * ssh_certs renewal of server SSH certificates and configuration of authorized CA. * tls_pub renewal of public TLS certificates (let's encrypt) and certbot configuration. * tls_int renewal of internal TLS certificates (service authorizations) and configuration of authorized internal CA. *(ToDo: deployment of Certificate Revokation Lists)* * lxc deployment of new containers (deployment of configuration file excluded, for instance change in ip address are always applied and trigger a container restart even if you skip this tag. * packages installation and upgrade of software packages (apt, opkg or tarballs) * service_password create new random password for services-only password, for routine rotation. Not meant to be skipped (some roles need to know the service password, so they do a rotation). - prepare_host - ssh_server - lxc_guest - ldap - gitlab - x509_subject_prefix - x509_ldap_suffix *Replaces:* x509_suffix in ldap.yaml - letsencrypt_email Used in roles/certbot and roles/gitlab - root_ca_cert *Replaces:* ssl_ca_cert and files/lilik_x1.crt New defaults: - ldap_domain | default: `${domain}` - server_fqdn | default: `${hostname}.dmz.${domain}` *Replaces:* fqdn_domain Removed: - fqdn_dmain - x509_suffix *Replaced by:* x509_ldap_suffix in common New defaults: - server_fqdn | default: `${hostname}.${domain}` *Replaces*: fqdn - ldap_domain | default: `${domain}` - ldap_server | default: `ldap1.dmz.${domain}` - ldap_basedn | default: `dn(${ldap_domain})` - enable_https | default: `true` New defaults: - server_fqdn | default: `${hostname}.${domain}`
5 years ago
lxc guest playbooks - common task files commont task to create lxc vm in separete file `prepare_lxc_host`, avoid redundancy of statements in each vm-specific playbook file. Playbooks updated to import `prepare_lxc_host`: - ldap - matrix - nextcloud - projects - status
5 years ago
 
  1. ---

  2. - import_playbook: 'prepare_lxc_guest.yaml'

  3.   vars:

  4.     host: 'ldap'

  5.     vm_size: '1G'

  6.     unprivileged: true

  7. 

  8. - hosts: 'ldap'

  9.   vars:

  10.     ca_cert_tls_key_algorithm: 'rsa'

  11.   roles:

  12.       - role: 'dns_record'

  13.       - role: 'ldap'

  14.         virtual_domains:

  15.           - '{{ domain }}'

  16.         ldap_syncrepl_is_provider: true

  17.         ldap_syncrepl_is_consumer: false

  18.         ldap_syncrepl_server_id: 1

  19.         # Default values:

  20.         #ldap_tls_enabled: true

  21.         #ldap_check_tree: true

  22.       - role: 'monitoring-agent'

  23.       - role: 'borgrepo'

  24.         tags: 'borg'

  25.         borgrepo_repos:

  26.           core:

  27.             folders:

  28.               slapd_log:

  29.                 path: '/var/log/openldap'

  30.             ldap_dbs:

  31.               slapd_conf:

  32.                 dbnum: 0

  33.               slapd_lilik:

  34.                 dbnum: 1

  35. 

  36. - hosts: 'monitoring_hosts'

  37.   roles:

  38.     - role: 'icinga2-monitoring'

  39. ...