Update README

This commit is contained in:
Nemo 2020-07-20 18:00:13 +02:00
parent 0f383d13ac
commit fd9cdc9680
2 changed files with 28 additions and 51 deletions

View file

@ -4,7 +4,7 @@
This document describes how to use ansible-base to deploy basic infrastructures. This document describes how to use ansible-base to deploy basic infrastructures.
The main parts of this document are : The main parts of this document are:
* Ansible "server" (or local machine) preparation * Ansible "server" (or local machine) preparation
* Nodes preparation * Nodes preparation
@ -14,25 +14,28 @@ The main parts of this document are :
Update and install Ansible and GIT on your system. Update and install Ansible and GIT on your system.
Clone this repo (ssh pubkey needs to be authorized for this repo) and go into the cloned directory : Clone this repo (ssh pubkey needs to be authorized for this repo) and go into the cloned directory:
```bash ```bash
git clone https://git.grifon.fr/nemo/ansible-base.git git clone https://git.grifon.fr/nemo/ansible-base.git
cd ansible-core cd ansible-core
``` ```
Download roles dependecies (currenty not used) : Download roles dependecies (currenty not used):
```ansible-galaxy install -r requirements.yml -p ./roles/``` ```ansible-galaxy install -r requirements.yml -p ./roles/```
Copy the template inventory and edit the new file to add your node(s) in the corresponding `function` section and `os` section : Copy the template inventory folder and edit all subfiles to add your node(s) and other informations:
```bash ```bash
cp inventory_template.yml inventory_yourInventoryName.yml cp -R inventory_template inventory_yourInventoryName
vi inventory_yourInventoryName.yml
``` ```
Example with template values : > Note: you can create a dedicated private GIT repository to manage your inventory.
The main inventory file is: `inventory_yourInventoryName/inventory.yml`
Example with template values:
```bash ```bash
all: all:
@ -68,32 +71,31 @@ all:
... ...
``` ```
> Note : the node's name needs to be reachable, you can use IP address or FQDN (recommended). > Note: the node's name needs to be reachable, you can use IP address or FQDN (recommended).
> WARNING : if you don't want to publish your inventory in the SCM system, add the filename in your .gitignore file (if you're using GIT).
Create a vault file for all nodes using the vault template file and define all values : Create a vault file for all nodes using the vault template file and define all values:
```bash ```bash
cp group_vars/all/vault.yml.template group_vars/all/vault.yml cp inventory_yourInventoryName/group_vars/vault.yml.template inventory_yourInventoryName/group_vars/vault.yml
vim group_vars/all/vault.yml vim inventory_yourInventoryName/group_vars/vault.yml
``` ```
Encrypt the vault file and check if edit function works. A prompt will ask you a password : Encrypt the vault file and check if edit function works. A prompt will ask you a password:
```bash ```bash
ansible-vault encrypt group_vars/all/vault.yml ansible-vault encrypt inventory_yourInventoryName/group_vars/vault.yml
ansible-vault edit group_vars/all/vault.yml ansible-vault edit inventory_yourInventoryName/group_vars/vault.yml
``` ```
> Note : if you version your code, don't forget to exclude this vault file of versionning (with .`gitignore file` if you are using GIT). > Note: if you version your code, don't forget to exclude this vault file of versionning (with .`gitignore file` if you are using GIT).
According to your needs, you can edit all variables in `group_vars` directory and subdirectories. According to your needs, you can edit all variables in `inventory_yourInventoryName/group_vars` directory and subdirectories.
You can also define host-specific variables (reboot/upgrade enable/disabe, cron hours, specific config, ...) in the host_vars directory (host.example.org is a commented example). Don't forget to update .gitignore if you don't want to publish some host vars. You can also define host-specific variables (reboot/upgrade enable/disabe, cron hours, specific config, ...) in the `inventory_yourInventoryName/host_vars` directory (host.example.org is an example). Don't forget to update .gitignore if you don't want to publish some host vars.
## Nodes preparation ## Nodes preparation
On the node, with the root account (or sudo) : On the node, with the root account (or sudo):
* Install SSH, sudo and gentoolkit (if Gentoo) OR python-apt (if Debian) OR python-yum (if CentOS) ... * Install SSH, sudo and gentoolkit (if Gentoo) OR python-apt (if Debian) OR python-yum (if CentOS) ...
* Configure, enable and start SSH service. * Configure, enable and start SSH service.
@ -119,9 +121,9 @@ mkdir -p .ssh
vi .ssh/authorized_keys # Here add pubkey vi .ssh/authorized_keys # Here add pubkey
``` ```
> Note : this procedure can vary slightly if you're not using a Debian or CentOS node. > Note: this procedure can vary slightly if you're not using a Debian or CentOS node.
On the Ansible server (or local machine), check the SSH connection : On the Ansible server (or local machine), check the SSH connection:
```bash ```bash
ssh ansible@<YOUR_MANAGED_NODE> ssh ansible@<YOUR_MANAGED_NODE>
@ -130,25 +132,25 @@ exit
## Deployment ## Deployment
From the Ansible server (or your local machine), you can deploy specific playbooks using the following command : From the Ansible server (or your local machine), you can deploy specific playbooks using the following command:
```bash ```bash
ansible-playbook -i inventory_yourInventoryName.yml <playbook_name> --ask-vault-pass ansible-playbook -i inventory_yourInventoryName/inventory.yml <playbook_name> --ask-vault-pass
``` ```
> Notes : > Notes:
> >
> * `--diff` option can be added to see the difference applied. > * `--diff` option can be added to see the difference applied.
> * `--check` option can be added to test the deployment without really do any action on the remote node (in some cases it fails even if the deployment will go well). > * `--check` option can be added to test the deployment without really do any action on the remote node (in some cases it fails even if the deployment will go well).
> * `--limit` option can be added to select host to configure (ex: `--limit os_gentoo`) > * `--limit` option can be added to select host to configure (ex: `--limit os_gentoo`)
Playbook deployment : Playbook deployment:
* playbook_general_deploy.yml * playbook_general_deploy.yml
### playbook_general_deploy.yml ### playbook_general_deploy.yml
This playbook deploys general configuration : tools (useful packages), auto reboot, auto upgrade, sudo users, NTP client, iptables config and DNS resolvers. This playbook deploys general configuration: tools (useful packages), auto reboot, auto upgrade, sudo users, NTP client, iptables config and DNS resolvers.
### Other playbooks will be written... ### Other playbooks will be written...

View file

@ -1,25 +0,0 @@
all:
vars:
ansible_user: ansible
ansible_become: yes
ansible_python_interpreter: auto_silent
children:
function:
children:
munin_server:
hosts:
myFirstGentooHost.example.org:
os:
children:
os_gentoo:
hosts:
myFirstGentooHost.example.org:
mySecondGentooHost.anotherexample.org:
os_debian:
hosts:
myFirstDebianHost.example.org:
mySecondDebianHost.anotherexample.org:
os_centos:
hosts:
myFirstCentOSHost.example.org:
mySecondCentOSHost.anotherexample.org: