Giters

ardinor / ansible-playbooks

Various Ansible playbooks

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Ansible Playbooks

Ansible playbooks I've made, work in progress at the moment. Generally aimed at CentOS 7.

Common

The common playbook to bring all (CentOS) machines to a common baseline.

Performs the following:

  • Creates users (as defined in roles/common/vars/main.yml) and adds their SSH keys
  • Creates groups (ssh_users and admins)
  • Copies over SSHD config (authorised keys only, only allow group ssh_users to login, no root login)
  • Installs and starts NTP
  • Installs EPEL
  • Installs fail2ban and copies over the following configs:
    • SSHD jail
    • fail2ban jail which monitors fail2ban's log and bans IPs that have already been banned more than 3 times by other jails

nginx-proxy

Installs and sets up nginx as a proxy using the config files in templates/. Also supports a SSL secured proxy, see the role's README for more information.

Mojibake

Ansible playbook for deploying Mojibake, the Flask application on which my website runs. Uses PostgreSQL as the database backend.

To copy across a database backup and have it automatically restored, pass the path to the database dump as an extra variable:

--extra-vars "db_file=/path/to/db.db"

Sensu-Core

Installs Sensu Core, the core is used by clients as well as servers. But I've split out the client role from core in order to use delegate_to to add clients' checks to the server automatically.

Sensu-Server

Install the Sensu Server along with dependencies (Redis, RabbitMQ and the Sensu-Core role) along with support for shipping metrics to Graphite.

Sensu-Client

Install the Sensu Client along with dependencies (RabbitMQ and the Sensu-Core role) along with several checks. Checks that are installed are installed on the Sensu master server as well.

Graphite

Installs and configures Graphite.

Grafana

Installs and configures Grafana which relies on Graphite for it's backend.

ELK Stack

Installs and configures the ELK stack (Elasticsearch, Logstash & Kibana).

Unbound Local DNS Resolver

Installs Unbound DNS as a local resolver

Docker

Installs, starts and enables Docker, also installs Docker Compose.

Docker-Logging

Ansible playbook for settings up logging on the server. Deploys a Logspout Docker container for collecting Docker container logs and a logstash Docker container for collecting logs (from both Logspout and the host itself) in order to ship them off to a central logging server.

Mojibake-Docker

Ansible playbook for deploying Mojibake using Docker.

Redis

Installs and starts/enables Redis

RabbitMQ

Installs and starts/enables RabbitMQ.

Misc

For initial installs when you can use a password to SSH in and login as root:

ansible-playbook -i production site.yml --ask-pass

Other useful commands:

--limit mojibake-hosts = limit it to the mojibake-hosts group

--skip-tags "fail2ban" = skip all tasks with the tag fail2ban

--ask-su-pass = ask sudo password

Vagrant & libvirt

To use libvirt with Vagrant, vagrant plugin install vagrant-libvirt. For more info see the plugin author's Github.

Another useful plugin is vagrant-hostsupdater, to install it vagrant plugin install vagrant-hostsupdater. This plugin automatically updates your /etc/hosts with the name of the VM.

If you get sick of the password prompts you can use policy kit to give yourself access to libvirt, following the steps here.

To do:

  • create repo
  • Apache config for sensu server reverse proxy
  • ntp - instead look at chrony for RHEL7 family
  • dhcp (not dnsmasq)
  • elk stack
  • routing and hostnames (external network via VPN and internal)

About

Various Ansible playbooks

License:MIT License

Languages

Language:Python 53.1%Language:Vim Script 31.5%Language:Shell 15.5%