LecygneNoir
/
ansible-configz
mirror of https://github.com/theonlydoo/configz
1
0
Fork 0
Code Issues 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
157 Commits
1 Branch
1.8 MiB
Tree: bbfc0da8cd
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'bbfc0da8cd'
${ noResults }
ansible-configz/README.md

206 lines
7.9 KiB
Raw Normal View History

add new playbook postint-full to deploy common, xymon-client and rudder-node roles to have fully compliant node
7 years ago
Initial commit
10 years ago
readme modified
10 years ago
LecygneNoir: let's do it
10 years ago
add new playbook postint-full to deploy common, xymon-client and rudder-node roles to have fully compliant node
7 years ago
some documentation
9 years ago
ownCloud + NGINX + DOC
9 years ago
moar doc
9 years ago
sortie du deploiement de clef ssh du role common vers un role dedie, avec utilisation de dictionnaires au lieu de liste pour utiliser la possibilite d'ansible de merger des dictionnaire. WARN : transformez votre variable admin_ssh_keys en dictionnaire ! (cd README)
6 years ago
add update playbook to allow updating host through ansible
9 years ago
doc README.md
9 years ago
ownCloud + NGINX + DOC
9 years ago
moar doc
9 years ago
add information about rudder-node role
7 years ago
ownCloud + NGINX + DOC
9 years ago
dispatch xymon role into two role client and server to made deployment easier
7 years ago
Lecygnenoir: add README documentation for xymon role
8 years ago
add doc for using xymon_disabled_sondes
6 years ago
dispatch xymon role into two role client and server to made deployment easier
7 years ago
Lecygnenoir: add README documentation for xymon role
8 years ago
ovzdb: create playbook to configure openvz-diff-backup, update README and host_vars example accordingly
8 years ago
Add possibility to use beta version for openvzdiff-backup - see README
8 years ago
add information about rudder-node role
7 years ago
ajout d'un role permettant de deployer unbound comme resolver local, avec forward zone vers une zone locales (.home, .lan, etc)
6 years ago
ssh-curve ajout du role ssh-curve + doc
6 years ago
ajout d'un role pour configurer des nodes prometheus (config node exporter basique)
6 years ago
some documentation
9 years ago
add new playbook postint-full to deploy common, xymon-client and rudder-node roles to have fully compliant node
7 years ago
add information about rudder-node role
7 years ago
some documentation
9 years ago
sortie du deploiement de clef ssh du role common vers un role dedie, avec utilisation de dictionnaires au lieu de liste pour utiliser la possibilite d'ansible de merger des dictionnaire. WARN : transformez votre variable admin_ssh_keys en dictionnaire ! (cd README)
6 years ago
redocumentation
9 years ago
some documentation
9 years ago
redocumentation
9 years ago
some documentation
9 years ago
redocumentation
9 years ago
some documentation
9 years ago
redocumentation
9 years ago
edit README to add update vars example
9 years ago
add information about rudder-node role
7 years ago
edit README to add update vars example
9 years ago
redocumentation
9 years ago
some documentation
9 years ago
redocumentation
9 years ago
some documentation
9 years ago
redocumentation
9 years ago
IRC bouncer corrected
9 years ago
Tweak on BNC config
9 years ago
redocumentation
9 years ago
completion with wallabag vars and xmpp role from https://github.com/al3x/sovereign
9 years ago
Update README.md
9 years ago
completion with wallabag vars and xmpp role from https://github.com/al3x/sovereign
9 years ago
Update README.md
9 years ago
completion with wallabag vars and xmpp role from https://github.com/al3x/sovereign
9 years ago
Update README.md
9 years ago
completion with wallabag vars and xmpp role from https://github.com/al3x/sovereign
9 years ago
Lecygnenoir: add README documentation for xymon role
8 years ago
xymon-client: disabling checks works only on deb >=8
6 years ago
add doc for using xymon_disabled_sondes
6 years ago
Lecygnenoir: add README documentation for xymon role
8 years ago
ovzdb: create playbook to configure openvz-diff-backup, update README and host_vars example accordingly
8 years ago
add information about rudder-node role
7 years ago
ovzdb: create playbook to configure openvz-diff-backup, update README and host_vars example accordingly
8 years ago
Lecygnenoir: add README documentation for xymon role
8 years ago
add information about rudder-node role
7 years ago
some documentation
9 years ago
ajout d'un role permettant de deployer unbound comme resolver local, avec forward zone vers une zone locales (.home, .lan, etc)
6 years ago
ssh-curve ajout du role ssh-curve + doc
6 years ago
some documentation
9 years ago
 
  1. ## configz

  2. =======
  3. 

  4. Yet another ansible's playbook repository
  5. 

  6. ## playbooks

  7. ======
  8. * postint.yml
  9.  * run common role to install you packages, deploy ssh, keys, ...
  10. * posting-full.yml
  11.  * use roles common, xymon-client and rudder-node to have a fully compliant server 
  12. 

  13. ## roles

  14. ======
  15. 

  16. * Common
  17.  * provides **common** configuration
  18.  * https://github.com/nojhan/liquidprompt <3
  19. * SSH keys
  20.  * provides ssh keys deployement and blacklist
  21.  * possibility to use dictionnaries to list keys
  22.  * possibility to deploy different pools of keys on different servers with ansible hash_behaviour = merge
  23. * Update
  24.  * allow install all update on  hosts (tag normal)
  25.  * allow update specific packages from list (tags packages)
  26.    * use host_vars, group_vars or default vars to update packages list
  27. * Wallabag
  28.  * provides **Wallabag** configuration
  29.  * Imported with <3 from https://github.com/al3x/sovereign/
  30.  * **Not yet READY**
  31. * Prosody
  32.  * Provides XMPP (Jabber) server
  33.  * Imported with <3 from https://github.com/al3x/sovereign/
  34.  * **Not yet READY**
  35. * IRCBouncer
  36.  * Provides a ZNC Config
  37.  * Imported with <3 from https://github.com/al3x/sovereign/
  38. * Mail
  39.  * provides a complete **mail** server for a given domain name and the vdomain capability for other domains.
  40.  * **Note** : This role starts in order : common, mariadb, and mail. If you don't want one of them, please comment out.
  41.  * **Note2** : If you already have a SQL server, **it wont erase the original config**, but it needs a ``~/.my.cnf``.
  42.  * **TODO** :
  43.      * Razor/Pyzor
  44.      * Roundcube
  45.      * Simplify template copy
  46.      * Postgrey
  47. * MariaDB
  48.  * provides a lambda **MariaDB** server peered on ``127.0.0.1:3306`` with ``root`` MySQL password on ``~/.my.cnf``
  49. * ownCloud
  50.  * provides a simple instance of **ownCloud**, with ``NGINX, PHP5-FPM, and MariaDB``
  51. * xymon-client and xymon-server
  52.  * https://www.xymon.com/
  53.  * Provide installation of xymon server and xymon client monitoring system
  54.  * Available for Debian (6 to 8) and Centos (6 to 7). **WARN** : xymon-server only for Debian (Centos dependencies are really hard to automate)
  55.  * Configure apache for xymon-server
  56.  * Configure xymon client and add the client in xymon server configuration to allow fetch data
  57.  * Allow to disable and drop sonde from client
  58.  * **Note** : Using xymon-client tag/role needs a working xymon-server (whenever the server was installed with the playbook or not)
  59.  * Cloud be (theoretically, to be tested) used to update xymon server binaries to last stable release
  60. * ovzdb
  61.  * http://projets.developpeur-neurasthenique.fr/projects/openvz-diff-backups
  62.  * Install openvz-diff-backup to an openvz host to backup container
  63.  * enable update of openvz-diff-backup thanks to 0.9.4 version
  64.  * enable backup AND upload feature via cron
  65.  * enable purge feature via cron
  66.  * enable customization of configuration file
  67.  * use standard installation method (conf in /etc, link binary to /usr/local/bin)
  68.  * provide bonus hook to create files when problems occurs (additionnally to send emails), allowing monitoring with standard tool (ie xymon and else)
  69.  * Possibility to use beta version in file directory: hard coded for the moment, name the file openvz-diff-backups_v0.9.8-beta.tar.gz and use -e beta=true on command line
  70. * rudder-node
  71.  * https://www.rudder-project.org
  72.  * allow to configure a debian/ubuntu rudder node to report to a rudder server
  73.  * you need a working rudder-server (https://www.rudder-project.org/doc-4.1/_install_rudder_server.html)
  74.  * use rudder_server variable to configure your rudderserver IP (rudder advice to use IP addresses instead of DNS)
  75. * unbound
  76.  * Possibility to deploy unbound as a local resolver, with forwading zone to your local DNS server (ie .lan, .home, ...)
  77.  * You need to add unbound variables (see below)
  78. * ssh-curve : based from https://blog.arnaudminable.net/secure-shell-mon-amour-dechu/
  79.  * DISCLAIMER : using this role WILL trigger "breaking attempt messages" with SSH as server keys are changed, do not forget to clean your know_hosts file(s)
  80.  * needs debian jessie or later, centos 7 or later
  81.  * configure ssh to use exclusively actual most secure cipher and algorithms
  82.  * allow ssh port, listen address, password authent customization
  83.  * generate ed25519 keys for server instead of RSA
  84.  * configure ssh client to use strong algorithms
  85.  * will create compatibility problem with old ssh versions (openwrt, old putty, debian wheezy)
  86. * prometheus_nodexporter : allow configuration for node with prometheus node-exporter
  87.  * debian 9 and centos 7 compatible
  88.  * You can configure prometheus_exporter_listen_address (default 0.0.0.0) and prometheus_exporter_listen_port (default 9100)
  89.  * use file_sd_configs on prometheus server with prometheus_sd_directory (default to /etc/prometheus/nodes/) :
  90. ```
  91.    - job_name: 'node'
  92.     file_sd_configs:
  93.       - files:
  94.         - '{{ prometheus_sd_directory }}/*.json'
  95.         - '{{ prometheus_sd_directory }}/*.yml'
  96.         - '{{ prometheus_sd_directory }}/*.yaml'
  97. ```
  98. 

  99. ## example host file

  100. =====
  101. 

  102. ```yaml
  103. 

  104. ---
  105. admin_ssh_keys: 
  106.  0: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZXK3ufonx+zNQ1x6cSWuUWckB/xf9sKZ+mRgY5SPXzqrxSkqNSmr9JQ6xzvhxKEVcFWsi50op1WWtRo3HG3p3+EHKXeCyzt5QnczDlVOoQbB8kgI0byKcvXux1inL4/Q4DbVLUbDFnynD/C5aAyYMYePahMxR+AQr60DD+7Ty6pcEVih1wwHIlxWziY1EF6sEzQwz/PiTxWIZkKHl/WPGagS9Pp/5nQfdZy0AS/JqbzNyMEg51+XedADuqseV4GXDzrzDYLJXJFv1PFVJxRWLrjChKrUMqyszUySkZMr5YSPXlsV0bi+0xivYEsXvIkLORV96JTZosYbV+0aFKDPv root@debian
  107. 

  108. default_packages_debian: htop
  109. 

  110. description: machine test
  111. 

  112. # NTP

  113. ntp_servers:
  114.   - 0.pool.ntp.org
  115.   - 1.pool.ntp.org
  116.   - 2.pool.ntp.org
  117. disable_ipv6: true
  118. 

  119. # Update

  120. deb_packages_to_update:
  121.   - apache2
  122. 

  123. centos_packages_to_update:
  124.   - httpd
  125. 

  126. # Mail

  127. domain: test.net
  128. 

  129. # MariaDB

  130. mariadb_version: 10.0
  131. mysql_root_password: changeme
  132. mysql_host: localhost
  133. 

  134. # ircbouncer

  135. znc_version: 1.4
  136. irc_nick: (required)
  137. irc_ident: (required)
  138. irc_realname: (required)
  139. irc_quitmsg: (required)
  140. irc_password_hash: (required) # http://wiki.znc.in/Configuration#Pass
  141. irc_password_salt: (required) # http://wiki.znc.in/Configuration#Pass
  142. irc_timezone: "Europe/Paris" #Example: "Europe/Paris"
  143. network_address: irc.my.network.net
  144. network_port: 6697
  145. network_channel: 1337Chan
  146. 

  147. # xmpp

  148. prosody_admin: "admin@test.net"
  149. prosody_virtual_domain: "test.net"
  150. prosody_accounts: admin@test.net
  151. 

  152. #Wallabag

  153. wallabag_version: 1.8.1
  154. wallabag_domain: "read.{{ domain }}"
  155. wallabag_salt: (required)
  156. wallabag_db_username: wallabag
  157. wallabag_db_password: (required)
  158. wallabag_db_database: wallabag
  159. 

  160. 

  161. #xymon

  162. xymon_server: yyy.yyy.yyy.yyy # server IP address (mandatory)
  163. xymon_htname: admin # server user for webinterface use
  164. xymon_htpasswd: mysecurepasswd # server password for webinterface use
  165. ## xymon per client configuration (ie usually done in host_var)##

  166. monitoring_file: dns ## Where to store the host in hosts.d xymon server directory (optionnal)
  167. monitoring_section: dns ## Name of the page to use in xymon server webpage tree view (optionnal)
  168. monitoring_ip: xxx.xxx.xxx.xxx ## IP address of the client to add in server (mandatory)
  169. xymon_checks: "#" ## Checks to use for this client. Default '#' do a simple ping check
  170. xymon_disabled_sondes: ## Allow to disable checks on clients (DEBIAN >= 8 only)
  171.   - ntpq
  172.   - libs
  173. 

  174. #ovzdb

  175. ## You can duplicate backup locally and remotely

  176. ## by using openvz host as backup_server and

  177. ## remote server as upload_server

  178. ## I advice to customize cron hour to have

  179. ## backup, then purge, then upload

  180. backup_server: xxx.xxx.xxx.xxx
  181. backup_dir: "/var/lib/vz/backups/OpenVZ/"
  182. backup_minute: 10
  183. backup_hour: 02
  184. purge_minute: 10
  185. purge_hour: 03
  186. upload_server: yyy.yyy.yyy.yyy
  187. upload_dir: "/var/lib/vz/backups/OpenVZ/"
  188. upload_minute: 10
  189. upload_hour: 05
  190. admin_email: "your_email@example.com"
  191. 

  192. # rudder-node

  193. rudder_server: 192.168.0.100
  194. # vim: set textwidth=0 ft=yaml:

  195. 

  196. unbound_local_zone: "lan"
  197. unbound_forward_dns: XXX.XXX.XXX.XXX
  198. 

  199. # ssh-curve

  200. # ssh_port: (default 22)

  201. # ssh_ipv4_listen: (default "0.0.0.0")

  202. # ssh_ipv6_listen: (default "::")

  203. # ssh_authorizedkeysfile: (default ".ssh/authorized_keys")

  204. # ssh_pwd_authent: (default "no")

  205. 

  206. ```