xai-corp.net/provisioning
1
0
Fork 0
Code Issues 9 Releases Activity

update ns.xai-corp.net and managed_setup

Browse Source
This commit is contained in:
richard
2017-05-22 23:37:43 -04:00
parent b0c52090a8
commit 3866d4c17b
8 changed files with 100 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
dkhost.xai-corp.net.yml
View File

@@ -2,7 +2,7 @@
# playbook for home02 # playbook for home02
- hosts: dkhost02 - hosts: dkhost01
remote_user: ansible remote_user: ansible
gather_facts: yes gather_facts: yes
become: true become: true
@@ -48,7 +48,7 @@
roles: roles:
# - _install_updates # - _install_updates
- Datadog.datadog # - Datadog.datadog
- dockerhost - dockerhost
- geerlingguy.nginx - geerlingguy.nginx
- certbot - certbot

16
dockerfiles/sslproxy/host.conf
View File

@@ -30,6 +30,22 @@ server {
} }
# tripbuilder.xai-corp.net
server {
listen 443 ssl;
server_name tripbuilder.xai-corp.net docker.dev;
ssl_certificate /etc/letsencrypt/live/tripbuilder.xai-corp.net/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/tripbuilder.xai-corp.net/privkey.pem;
#Strict-Transport-Security: max-age=15768000
add_header Strict-Transport-Security "max-age=600; includeSubDomains" always;
location / {
proxy_pass http://192.168.2.43:8080;
}
}
# jenkins.xai-corp.net # jenkins.xai-corp.net
server { server {
listen 443 ssl; listen 443 ssl;

28
manged_updates.yml → managed_setup.yml
View File

@@ -1,9 +1,11 @@
# playbook for all managed hosts # playbook for all managed hosts
# ansible-playbook managed_setup.yml -v --ask-become -u richard --ask-pass
- hosts: managed - hosts: managed
# remote_user: ansible # remote_user: ansible
gather_facts: no gather_facts: yes
become: true become: true
vars: vars:
@@ -12,23 +14,41 @@
state: present state: present
shell: /bin/bash shell: /bin/bash
createhome: yes createhome: yes
generate_ssh_key: yes
password: "$6$7z7PfYwduXom0o73$DEiy3K15URNNjmKkOQIwx8/mFKArUNYkFn8D/4q6t/eP9hf1X9jnG4YuSjI7q1Dnp1HwukZUxZY7cF2JK5DO/." password: "$6$7z7PfYwduXom0o73$DEiy3K15URNNjmKkOQIwx8/mFKArUNYkFn8D/4q6t/eP9hf1X9jnG4YuSjI7q1Dnp1HwukZUxZY7cF2JK5DO/."
ssh_keys: ssh_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAmJSdmj03d4fnZUuRByevPDNiReEk1fRL+7F9WPCo5zn+r5Oj84HXxd4P03DNXeGSBYmUAnsTqYEGdkjkpSrKfMm9bv8amL7hUC+Mzb+wOmXmyX1cw/SearYCBQRCz1s5p7I9+PO7XWaC0VJ99LUm1Bp4JM149U5X0Y3M2j2XV+0= RSA-1024 - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAmJSdmj03d4fnZUuRByevPDNiReEk1fRL+7F9WPCo5zn+r5Oj84HXxd4P03DNXeGSBYmUAnsTqYEGdkjkpSrKfMm9bv8amL7hUC+Mzb+wOmXmyX1cw/SearYCBQRCz1s5p7I9+PO7XWaC0VJ99LUm1Bp4JM149U5X0Y3M2j2XV+0= RSA-1024"
uid: "1001" uid: "1001"
groups: groups:
- sudo - sudo
- name: "richard"
state: present
shell: /bin/bash
createhome: yes
generate_ssh_key: yes
password: "$6$yNKLUxX0$lxy/jaJI7cKCq5j.KondUalu9r96gUeRR//5qciZ/RX9z9PGSpbU9j7OsxaOzqV5uLeQ9ouIe8quo/2YqKE46/"
ssh_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAmJSdmj03d4fnZUuRByevPDNiReEk1fRL+7F9WPCo5zn+r5Oj84HXxd4P03DNXeGSBYmUAnsTqYEGdkjkpSrKfMm9bv8amL7hUC+Mzb+wOmXmyX1cw/SearYCBQRCz1s5p7I9+PO7XWaC0VJ99LUm1Bp4JM149U5X0Y3M2j2XV+0= RSA-1024
uid: "1000"
groups:
- sudo
- users_groups: - users_groups:
- datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb
# prepare python for ansible # prepare python for ansible
pre_tasks: pre_tasks:
- raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal) - raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
- setup: # aka gather_facts - setup: # aka gather_facts
- name: Creates .ssh directory
file: path=~/.ssh state=directory mode=600
- debug: var=ansible_os_family
roles: roles:
- _install_updates
- novuso.users - novuso.users
- Datadog.datadog - user-richard
# - Datadog.datadog #does not support armhf architecture. should switch to fluentd or logstash
tasks: tasks:
- name: add ansible to sudoers - name: add ansible to sudoers

17
managed_updates.yml Normal file
View File

@@ -0,0 +1,17 @@
# playbook for all managed hosts
# ansible-playbook managed_updates.yml -v --ask-become -u richard --ask-pass
- hosts: managed
remote_user: ansible
gather_facts: yes
become: True
vars:
roles:
- _install_updates
- user-richard
tasks:

43
ns.xai-corp.net.yml
View File

@@ -8,31 +8,32 @@
become: true become: true
vars: vars:
datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb # datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb
datadog_checks: # datadog_checks:
system: # system:
init_config: [] # init_config: []
instances: [] # instances: []
disk: # disk:
init_config: # init_config:
instances: # instances:
- use_mount: yes # - use_mount: yes
excluded_filesystems: # excluded_filesystems:
- sysfs # - sysfs
- cgroup # - cgroup
- tracefs # - tracefs
- debugfs # - debugfs
- proc # - proc
- securityfs # - securityfs
excluded_mountpoint_re: /[media/richard|run/user].* # excluded_mountpoint_re: /[media/richard|run/user].*
roles: roles:
- _install_updates # - _install_updates
- Datadog.datadog # - Datadog.datadog
- ns.xai-corp.net - ns.xai-corp.net
- dynamic-ip
# - td-agent-bit # - td-agent-bit
post_tasks: post_tasks:
# - name: check service is up - name: check service is up
# service: name={{ bind.service }} state=started service: name={{ bind.service }} state=started

1
roles/certbot/tasks/main.yml
View File

@@ -28,6 +28,7 @@
- dkui.xai-corp.net - dkui.xai-corp.net
- jenkins.xai-corp.net - jenkins.xai-corp.net
- logs.xai-corp.net - logs.xai-corp.net
- tripbuilder.xai-corp.net
- name: cron job for renewing certs - name: cron job for renewing certs
cron: cron:

10
roles/ns.xai-corp.net/tasks/main.yml
View File

@@ -21,11 +21,19 @@
- restart bind - restart bind
- name: copy zone files to /etc/bind/ - name: copy zone files to /etc/bind/
template: src={{ item }}.j2 dest=/etc/bind/db.{{ item }} owner={{ bind.user }} group={{ bind.group }} mode=0644 template:
src: "{{ item }}.j2"
dest: /etc/bind/db.{{ item }}
owner: "{{ bind.user }}"
group: "{{ bind.group }}"
mode: 0644
with_items: "{{ bind.zonefiles }}" with_items: "{{ bind.zonefiles }}"
notify: notify:
- restart bind - restart bind
- name: test zone files
command: named-checkzone xai-corp.net /etc/bind/db.xai-corp.net.internal
- name: copy named.confs to /etc/bind/ - name: copy named.confs to /etc/bind/
template: src={{ item }}.j2 dest=/etc/bind/{{ item }} owner={{ bind.user }} group={{ bind.group }} mode=0640 template: src={{ item }}.j2 dest=/etc/bind/{{ item }} owner={{ bind.user }} group={{ bind.group }} mode=0640
with_items: with_items:

13
roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2
View File

@@ -10,7 +10,7 @@ xai-corp.net. IN NS ns.xai-corp.net.
xai-corp.net. IN MX 0 mail.xai-corp.net. xai-corp.net. IN MX 0 mail.xai-corp.net.
xai-corp.net. IN TXT "v=spf1 ip4:192.168.2.11/32 mx ptr mx:mail.xai-corp.net ~all" xai-corp.net. IN TXT "v=spf1 ip4:192.168.2.11/32 mx ptr mx:mail.xai-corp.net ~all"
ns IN A 192.168.2.22 ns IN A 192.168.2.22
mail IN A 192.168.2.11 mail IN A 192.168.2.12
gateway IN A 192.168.2.1 gateway IN A 192.168.2.1
wireless IN A 192.168.2.3 wireless IN A 192.168.2.3
@@ -21,15 +21,20 @@ tv IN A 192.168.2.16
xaicorp1 IN A 192.168.2.103 xaicorp1 IN A 192.168.2.103
garden IN A 192.168.2.20 garden IN A 192.168.2.20
home IN A 192.168.2.11
cubox-i IN A 192.168.2.12
home02 IN A 192.168.2.22
dkhost01 IN A 192.168.2.41
fs IN A 192.168.2.41 fs IN A 192.168.2.41
git IN A 192.168.2.41 git IN A 192.168.2.41
jenkins IN A 192.168.2.41 jenkins IN A 192.168.2.41
home IN A 192.168.2.11
home02 IN A 192.168.2.22
dkhost01 IN A 192.168.2.41
dkregistry IN A 192.168.2.41 dkregistry IN A 192.168.2.41
dkui IN A 192.168.2.41 dkui IN A 192.168.2.41
sql IN A 192.168.2.41 sql IN A 192.168.2.41
tripbuilder IN A 192.168.2.41
logs IN A 192.168.2.42 logs IN A 192.168.2.42