lilik_playbook

Commit Graph

Author	SHA1	Message	Date
Zolfa	9cf3c87b0d	roles/reverse_proxy: better handling of multi names	5 years ago
Zolfa	bc06838c00	lxc guest playbooks - common task files commont task to create lxc vm in separete file `prepare_lxc_host`, avoid redundancy of statements in each vm-specific playbook file. Playbooks updated to import `prepare_lxc_host`: - ldap - matrix - nextcloud - projects - status	5 years ago
Zolfa	a043cf037f	Give Variable a Scope Refactoring Add role prefix to role specifig variable to avoid conflicts when using multiples role on the same machine on the same play.	5 years ago
Zolfa	f5b7d0f14d	updated playbooks	5 years ago
Zolfa	cd5dcf2422	roles/gitlabe: gitlab mattermost added	5 years ago
Zolfa	5631ae6a15	style and variables refactoring - Coherent quotation style Single quotes for text variable (even if implicit), no quotes for variable and conditional statements, if not required. - Some useful tags added: * ssh_certs renewal of server SSH certificates and configuration of authorized CA. * tls_pub renewal of public TLS certificates (let's encrypt) and certbot configuration. * tls_int renewal of internal TLS certificates (service authorizations) and configuration of authorized internal CA. (ToDo: deployment of Certificate Revokation Lists) * lxc deployment of new containers (deployment of configuration file excluded, for instance change in ip address are always applied and trigger a container restart even if you skip this tag. * packages installation and upgrade of software packages (apt, opkg or tarballs) * service_password create new random password for services-only password, for routine rotation. Not meant to be skipped (some roles need to know the service password, so they do a rotation). - prepare_host - ssh_server - lxc_guest - ldap - gitlab - x509_subject_prefix - x509_ldap_suffix Replaces: x509_suffix in ldap.yaml - letsencrypt_email Used in roles/certbot and roles/gitlab - root_ca_cert Replaces: ssl_ca_cert and files/lilik_x1.crt New defaults: - ldap_domain \| default: `${domain}` - server_fqdn \| default: `${hostname}.dmz.${domain}` Replaces: fqdn_domain Removed: - fqdn_dmain - x509_suffix Replaced by: x509_ldap_suffix in common New defaults: - server_fqdn \| default: `${hostname}.${domain}` Replaces: fqdn - ldap_domain \| default: `${domain}` - ldap_server \| default: `ldap1.dmz.${domain}` - ldap_basedn \| default: `dn(${ldap_domain})` - enable_https \| default: `true` New defaults: - server_fqdn \| default: `${hostname}.${domain}`	5 years ago
Zolfa	32e9eeb91f	connection/ssh_lxc: new style for containers Now which host is hosting a specific container is not defined in the playbook yaml file but centrally in the invetory under the `ansible_lxc_host` variable. The `lxc_guest` role is runned directly against the guest, even if it doesn't exist yet, and lxc tasks are delegated to the lxc-running physical host. In this way it should be easier to scale-up and configure multiple istance of a service on different containers without changing the playbook. Look at `/ldap.yaml` for a commented example.	5 years ago
Zolfa	26b09fb09c	migrate playbook: lxc_ssh.py -> ssh_lxc.py `lxc-ssh.py` removed. All Playbbooks now user `ssh_lxc` connection. `ansible_ssh_lxc_name` variable used to specify container name. Tested and worked correctly with `python==3.8.2` and `ansible==2.9.6` on the controller and `python==2.7` on the target.	5 years ago
Andrea Cimbalo	ad6e140f11	add monitoring role to playbooks	7 years ago
Andrea Cimbalo	7fafe2314d	use gitlab from debian repositories, temp vm name: projects2	7 years ago
Andrea Cimbalo	352a22f500	pass connection as vars as requested since ansible 2.2	8 years ago
Andrea Cimbalo	dc93d96f48	add dns_record role	8 years ago
Andrea Cimbalo	1d0e62b2f3	move vm ssh-server to a separate role and use lxc_ssh connection plugin to execute it on the lxc_guest	8 years ago
Andrea Cimbalo	602d541d57	add gitlab roles	8 years ago

14 Commits (cec0b7cf506d6ae3e393b1b9a2c07ed57a2da8e6)