LILiK
/
lilik_playbook
5
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Playbooks to a new Lilik
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
457 Commits
12 Branches
967 KiB
Tree: e6e5388b22
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e6e5388b22'
${ noResults }
lilik_playbook/host_projects.yaml

23 lines
475 B
Raw Normal View History

add gitlab roles
8 years ago
lxc guest playbooks - common task files commont task to create lxc vm in separete file `prepare_lxc_host`, avoid redundancy of statements in each vm-specific playbook file. Playbooks updated to import `prepare_lxc_host`: - ldap - matrix - nextcloud - projects - status
5 years ago
bulk playbooks renaming
5 years ago
connection/ssh_lxc: new style for containers Now which *host* is hosting a specific container is not defined in the playbook yaml file but centrally in the invetory under the `ansible_lxc_host` variable. The `lxc_guest` role is runned directly against the guest, even if it doesn't exist yet, and lxc tasks are delegated to the lxc-running physical host. In this way it should be easier to scale-up and configure multiple istance of a service on different containers without changing the playbook. Look at `/ldap.yaml` for a commented example.
5 years ago
style and variables refactoring - Coherent quotation style Single quotes for text variable (even if implicit), no quotes for variable and conditional statements, if not required. - Some useful tags added: * ssh_certs renewal of server SSH certificates and configuration of authorized CA. * tls_pub renewal of public TLS certificates (let's encrypt) and certbot configuration. * tls_int renewal of internal TLS certificates (service authorizations) and configuration of authorized internal CA. *(ToDo: deployment of Certificate Revokation Lists)* * lxc deployment of new containers (deployment of configuration file excluded, for instance change in ip address are always applied and trigger a container restart even if you skip this tag. * packages installation and upgrade of software packages (apt, opkg or tarballs) * service_password create new random password for services-only password, for routine rotation. Not meant to be skipped (some roles need to know the service password, so they do a rotation). - prepare_host - ssh_server - lxc_guest - ldap - gitlab - x509_subject_prefix - x509_ldap_suffix *Replaces:* x509_suffix in ldap.yaml - letsencrypt_email Used in roles/certbot and roles/gitlab - root_ca_cert *Replaces:* ssl_ca_cert and files/lilik_x1.crt New defaults: - ldap_domain | default: `${domain}` - server_fqdn | default: `${hostname}.dmz.${domain}` *Replaces:* fqdn_domain Removed: - fqdn_dmain - x509_suffix *Replaced by:* x509_ldap_suffix in common New defaults: - server_fqdn | default: `${hostname}.${domain}` *Replaces*: fqdn - ldap_domain | default: `${domain}` - ldap_server | default: `ldap1.dmz.${domain}` - ldap_basedn | default: `dn(${ldap_domain})` - enable_https | default: `true` New defaults: - server_fqdn | default: `${hostname}.${domain}`
5 years ago
bulk playbooks renaming
5 years ago
add gitlab roles
8 years ago
style and variables refactoring - Coherent quotation style Single quotes for text variable (even if implicit), no quotes for variable and conditional statements, if not required. - Some useful tags added: * ssh_certs renewal of server SSH certificates and configuration of authorized CA. * tls_pub renewal of public TLS certificates (let's encrypt) and certbot configuration. * tls_int renewal of internal TLS certificates (service authorizations) and configuration of authorized internal CA. *(ToDo: deployment of Certificate Revokation Lists)* * lxc deployment of new containers (deployment of configuration file excluded, for instance change in ip address are always applied and trigger a container restart even if you skip this tag. * packages installation and upgrade of software packages (apt, opkg or tarballs) * service_password create new random password for services-only password, for routine rotation. Not meant to be skipped (some roles need to know the service password, so they do a rotation). - prepare_host - ssh_server - lxc_guest - ldap - gitlab - x509_subject_prefix - x509_ldap_suffix *Replaces:* x509_suffix in ldap.yaml - letsencrypt_email Used in roles/certbot and roles/gitlab - root_ca_cert *Replaces:* ssl_ca_cert and files/lilik_x1.crt New defaults: - ldap_domain | default: `${domain}` - server_fqdn | default: `${hostname}.dmz.${domain}` *Replaces:* fqdn_domain Removed: - fqdn_dmain - x509_suffix *Replaced by:* x509_ldap_suffix in common New defaults: - server_fqdn | default: `${hostname}.${domain}` *Replaces*: fqdn - ldap_domain | default: `${domain}` - ldap_server | default: `ldap1.dmz.${domain}` - ldap_basedn | default: `dn(${ldap_domain})` - enable_https | default: `true` New defaults: - server_fqdn | default: `${hostname}.${domain}`
5 years ago
roles/reverse_proxy: better handling of multi names
5 years ago
updated playbooks
5 years ago
bulk playbooks renaming
5 years ago
lxc guest playbooks - common task files commont task to create lxc vm in separete file `prepare_lxc_host`, avoid redundancy of statements in each vm-specific playbook file. Playbooks updated to import `prepare_lxc_host`: - ldap - matrix - nextcloud - projects - status
5 years ago
connection/ssh_lxc: new style for containers Now which *host* is hosting a specific container is not defined in the playbook yaml file but centrally in the invetory under the `ansible_lxc_host` variable. The `lxc_guest` role is runned directly against the guest, even if it doesn't exist yet, and lxc tasks are delegated to the lxc-running physical host. In this way it should be easier to scale-up and configure multiple istance of a service on different containers without changing the playbook. Look at `/ldap.yaml` for a commented example.
5 years ago
lxc guest playbooks - common task files commont task to create lxc vm in separete file `prepare_lxc_host`, avoid redundancy of statements in each vm-specific playbook file. Playbooks updated to import `prepare_lxc_host`: - ldap - matrix - nextcloud - projects - status
5 years ago
add monitoring role to playbooks
7 years ago
style and variables refactoring - Coherent quotation style Single quotes for text variable (even if implicit), no quotes for variable and conditional statements, if not required. - Some useful tags added: * ssh_certs renewal of server SSH certificates and configuration of authorized CA. * tls_pub renewal of public TLS certificates (let's encrypt) and certbot configuration. * tls_int renewal of internal TLS certificates (service authorizations) and configuration of authorized internal CA. *(ToDo: deployment of Certificate Revokation Lists)* * lxc deployment of new containers (deployment of configuration file excluded, for instance change in ip address are always applied and trigger a container restart even if you skip this tag. * packages installation and upgrade of software packages (apt, opkg or tarballs) * service_password create new random password for services-only password, for routine rotation. Not meant to be skipped (some roles need to know the service password, so they do a rotation). - prepare_host - ssh_server - lxc_guest - ldap - gitlab - x509_subject_prefix - x509_ldap_suffix *Replaces:* x509_suffix in ldap.yaml - letsencrypt_email Used in roles/certbot and roles/gitlab - root_ca_cert *Replaces:* ssl_ca_cert and files/lilik_x1.crt New defaults: - ldap_domain | default: `${domain}` - server_fqdn | default: `${hostname}.dmz.${domain}` *Replaces:* fqdn_domain Removed: - fqdn_dmain - x509_suffix *Replaced by:* x509_ldap_suffix in common New defaults: - server_fqdn | default: `${hostname}.${domain}` *Replaces*: fqdn - ldap_domain | default: `${domain}` - ldap_server | default: `ldap1.dmz.${domain}` - ldap_basedn | default: `dn(${ldap_domain})` - enable_https | default: `true` New defaults: - server_fqdn | default: `${hostname}.${domain}`
5 years ago
lxc guest playbooks - common task files commont task to create lxc vm in separete file `prepare_lxc_host`, avoid redundancy of statements in each vm-specific playbook file. Playbooks updated to import `prepare_lxc_host`: - ldap - matrix - nextcloud - projects - status
5 years ago
 
  1. ---

  2. - import_playbook: 'prepare_lxc_guest.yaml'

  3.   vars:

  4.     host: 'projects'

  5.     vm_size: '20G'

  6.     unprivileged: true

  7. 

  8. - hosts: 'projects'

  9.   vars:

  10.      reverse_proxy_proxy_protocol: false

  11.      nginx_proxy_protocol: false

  12.   roles:

  13.     - role: 'dns_record'

  14.     - role: 'reverse_proxy'

  15.       reverse_proxy_site_fqdn:

  16.         - 'projects.{{ domain }}'

  17.     - role: 'gitea'

  18.     - role: 'monitoring-agent'

  19. 

  20. - hosts: 'monitoring_hosts'

  21.   roles:

  22.     - role: 'icinga2-monitoring'

  23. ...