updated bastion role
Updated gitmodules
Updated all roles
This project configures my instances in the ovh-cloud thanks to these ansible playbooks.
The inventory is generated dynamically thanks to a python script (see my terraform project).
All the best practices that I've tried to apply for ansible, anti pattern to avoid, other tips and such are documented in the notes.org file.
ansible-galaxy install -r requirements.yml
Look into each role in the repository to know which variables to set.
You can pass variables through the playbook or in the command-line or a var file (create one in the /vars/main.yml and encrypt it with ansible-vault if it contains secret) or an encrypted file in the roles//vars, the choice is yours.
Some variables(not exhaustive) that needs to be passed/set:
gitea_admin_password
gitea_admin_username
sshd_port
If you want to use this project with the terraform one that I've done.
Run:
python3 create_ansible_inventory.py
This is going to create a file named inventory in the current dir and from there you can copy it to the ansible directory.
Get an inventory and put it in the inventory directory.
The hosts groups expected are:
- bastion
- git
- filegator
- blog
- drone
ansible-playbook -i inventory/inventory site.yml
See https://gist.github.com/cbrunnkvist/2a6090b35a9de7e8bac7c2f49ddb7409
ansible-playbook -i inventory/inventory site.yml --ask-vault-password --ssh-extra-args="-o UpdateHostKeys=yes -o StrictHostKeyChecking=accept-new"
Once this is done, prefer the use of the command below for future runs
ansible-playbook -i inventory/inventory site.yml --ask-vault-password
To apply only the configuration to a bastion host or a group of hosts do:
ansible-playbook -i inventory/inventory site.yml --limit bastion
ansible-playbook -i inventory/inventory site.yml --limit bastion,blog
The bastion role needs to be run before any other role, because at the moment the iptables rules to setup the nat are done at the ansible level not the terraform one.
In the groups vars you can set these, adjust to your config:
ansible_connection: ssh
ansible_ssh_user: debian
ansible_ssh_private_key_file: <path to key file>
To test a role go into their directories and do:
molecule test