xai-corp.net/provisioning
1
0
Fork 0
Code Issues 9 Releases Activity

update ns.xai-corp.net and managed_setup

Browse Source
This commit is contained in:
richard
2017-05-22 23:37:43 -04:00
parent b0c52090a8
commit 3866d4c17b
8 changed files with 100 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
dkhost.xai-corp.net.yml
View File

@@ -2,7 +2,7 @@
# playbook for home02
- hosts: dkhost02
- hosts: dkhost01
remote_user: ansible
gather_facts: yes
become: true
@@ -48,7 +48,7 @@
roles:
# - _install_updates
- Datadog.datadog
# - Datadog.datadog
- dockerhost
- geerlingguy.nginx
- certbot

16
dockerfiles/sslproxy/host.conf
View File

@@ -30,6 +30,22 @@ server {
}
# tripbuilder.xai-corp.net
server {
listen 443 ssl;
server_name tripbuilder.xai-corp.net docker.dev;
ssl_certificate /etc/letsencrypt/live/tripbuilder.xai-corp.net/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/tripbuilder.xai-corp.net/privkey.pem;
#Strict-Transport-Security: max-age=15768000
add_header Strict-Transport-Security "max-age=600; includeSubDomains" always;
location / {
proxy_pass http://192.168.2.43:8080;
}
}
# jenkins.xai-corp.net
server {
listen 443 ssl;

28
manged_updates.yml → managed_setup.yml
View File

@@ -1,9 +1,11 @@
# playbook for all managed hosts
# ansible-playbook managed_setup.yml -v --ask-become -u richard --ask-pass
- hosts: managed
# remote_user: ansible
gather_facts: no
gather_facts: yes
become: true
vars:
@@ -12,23 +14,41 @@
state: present
shell: /bin/bash
createhome: yes
generate_ssh_key: yes
password: "$6$7z7PfYwduXom0o73$DEiy3K15URNNjmKkOQIwx8/mFKArUNYkFn8D/4q6t/eP9hf1X9jnG4YuSjI7q1Dnp1HwukZUxZY7cF2JK5DO/."
ssh_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAmJSdmj03d4fnZUuRByevPDNiReEk1fRL+7F9WPCo5zn+r5Oj84HXxd4P03DNXeGSBYmUAnsTqYEGdkjkpSrKfMm9bv8amL7hUC+Mzb+wOmXmyX1cw/SearYCBQRCz1s5p7I9+PO7XWaC0VJ99LUm1Bp4JM149U5X0Y3M2j2XV+0= RSA-1024
- "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAmJSdmj03d4fnZUuRByevPDNiReEk1fRL+7F9WPCo5zn+r5Oj84HXxd4P03DNXeGSBYmUAnsTqYEGdkjkpSrKfMm9bv8amL7hUC+Mzb+wOmXmyX1cw/SearYCBQRCz1s5p7I9+PO7XWaC0VJ99LUm1Bp4JM149U5X0Y3M2j2XV+0= RSA-1024"
uid: "1001"
groups:
- sudo
- name: "richard"
state: present
shell: /bin/bash
createhome: yes
generate_ssh_key: yes
password: "$6$yNKLUxX0$lxy/jaJI7cKCq5j.KondUalu9r96gUeRR//5qciZ/RX9z9PGSpbU9j7OsxaOzqV5uLeQ9ouIe8quo/2YqKE46/"
ssh_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAmJSdmj03d4fnZUuRByevPDNiReEk1fRL+7F9WPCo5zn+r5Oj84HXxd4P03DNXeGSBYmUAnsTqYEGdkjkpSrKfMm9bv8amL7hUC+Mzb+wOmXmyX1cw/SearYCBQRCz1s5p7I9+PO7XWaC0VJ99LUm1Bp4JM149U5X0Y3M2j2XV+0= RSA-1024
uid: "1000"
groups:
- sudo
- users_groups:
- datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb
# prepare python for ansible
pre_tasks:
- raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
- setup: # aka gather_facts
- name: Creates .ssh directory
file: path=~/.ssh state=directory mode=600
- debug: var=ansible_os_family
roles:
- _install_updates
- novuso.users
- Datadog.datadog
- user-richard
# - Datadog.datadog #does not support armhf architecture. should switch to fluentd or logstash
tasks:
- name: add ansible to sudoers

17
managed_updates.yml Normal file
View File

@@ -0,0 +1,17 @@
# playbook for all managed hosts
# ansible-playbook managed_updates.yml -v --ask-become -u richard --ask-pass
- hosts: managed
remote_user: ansible
gather_facts: yes
become: True
vars:
roles:
- _install_updates
- user-richard
tasks:

43
ns.xai-corp.net.yml
View File

@@ -8,31 +8,32 @@
become: true
vars:
datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb
datadog_checks:
system:
init_config: []
instances: []
disk:
init_config:
instances:
- use_mount: yes
excluded_filesystems:
- sysfs
- cgroup
- tracefs
- debugfs
- proc
- securityfs
excluded_mountpoint_re: /[media/richard|run/user].*
# datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb
# datadog_checks:
# system:
# init_config: []
# instances: []
# disk:
# init_config:
# instances:
# - use_mount: yes
# excluded_filesystems:
# - sysfs
# - cgroup
# - tracefs
# - debugfs
# - proc
# - securityfs
# excluded_mountpoint_re: /[media/richard|run/user].*
roles:
- _install_updates
- Datadog.datadog
# - _install_updates
# - Datadog.datadog
- ns.xai-corp.net
- dynamic-ip
# - td-agent-bit
post_tasks:
# - name: check service is up
# service: name={{ bind.service }} state=started
- name: check service is up
service: name={{ bind.service }} state=started

1
roles/certbot/tasks/main.yml
View File

@@ -28,6 +28,7 @@
- dkui.xai-corp.net
- jenkins.xai-corp.net
- logs.xai-corp.net
- tripbuilder.xai-corp.net
- name: cron job for renewing certs
cron:

10
roles/ns.xai-corp.net/tasks/main.yml
View File

@@ -21,11 +21,19 @@
- restart bind
- name: copy zone files to /etc/bind/
template: src={{ item }}.j2 dest=/etc/bind/db.{{ item }} owner={{ bind.user }} group={{ bind.group }} mode=0644
template:
src: "{{ item }}.j2"
dest: /etc/bind/db.{{ item }}
owner: "{{ bind.user }}"
group: "{{ bind.group }}"
mode: 0644
with_items: "{{ bind.zonefiles }}"
notify:
- restart bind
- name: test zone files
command: named-checkzone xai-corp.net /etc/bind/db.xai-corp.net.internal
- name: copy named.confs to /etc/bind/
template: src={{ item }}.j2 dest=/etc/bind/{{ item }} owner={{ bind.user }} group={{ bind.group }} mode=0640
with_items:

13
roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2
View File

@@ -10,7 +10,7 @@ xai-corp.net. IN NS ns.xai-corp.net.
xai-corp.net. IN MX 0 mail.xai-corp.net.
xai-corp.net. IN TXT "v=spf1 ip4:192.168.2.11/32 mx ptr mx:mail.xai-corp.net ~all"
ns IN A 192.168.2.22
mail IN A 192.168.2.11
mail IN A 192.168.2.12
gateway IN A 192.168.2.1
wireless IN A 192.168.2.3
@@ -21,15 +21,20 @@ tv IN A 192.168.2.16
xaicorp1 IN A 192.168.2.103
garden IN A 192.168.2.20
home IN A 192.168.2.11
cubox-i IN A 192.168.2.12
home02 IN A 192.168.2.22
dkhost01 IN A 192.168.2.41
fs IN A 192.168.2.41
git IN A 192.168.2.41
jenkins IN A 192.168.2.41
home IN A 192.168.2.11
home02 IN A 192.168.2.22
dkhost01 IN A 192.168.2.41
dkregistry IN A 192.168.2.41
dkui IN A 192.168.2.41
sql IN A 192.168.2.41
tripbuilder IN A 192.168.2.41
logs IN A 192.168.2.42