Add sapt-labc-pub01
This commit is contained in:
parent
67e65e807e
commit
f51540b4a1
13
cloud-init/vps.cfg
Normal file
13
cloud-init/vps.cfg
Normal file
|
@ -0,0 +1,13 @@
|
|||
# vim: ft=yaml
|
||||
|
||||
#cloud-config
|
||||
ssh_pwauth: false
|
||||
|
||||
users:
|
||||
- name: ansible
|
||||
gecos: Ansible User
|
||||
sudo: ALL=(ALL) NOPASSWD:ALL
|
||||
shell: /bin/bash
|
||||
lock_passwd: true
|
||||
ssh_authorized_keys:
|
||||
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyAuOqh0vcpLMBa8FFbvrTOgw8N+bcImFzyBspfQDAf ansible"
|
7
host_vars/sapt-labc-pub01.yml
Normal file
7
host_vars/sapt-labc-pub01.yml
Normal file
|
@ -0,0 +1,7 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
fqdn: sapt-labc-pub01.cloud.servers.sapti.me
|
||||
ansible_host: 168.119.158.106
|
||||
internal_ipv4: 10.2.3.2
|
||||
instance_type: vps
|
|
@ -4,4 +4,4 @@
|
|||
fqdn: sapt-labp-app01.prod.servers.sapti.me
|
||||
ansible_host: 192.168.23.30
|
||||
internal_ipv4: 10.2.16.10
|
||||
virt_type: qemu
|
||||
instance_type: qemu
|
||||
|
|
|
@ -4,4 +4,4 @@
|
|||
fqdn: sapt-labp-db01.prod.servers.sapti.me
|
||||
ansible_host: 192.168.23.40
|
||||
internal_ipv4: 10.2.16.20
|
||||
virt_type: qemu
|
||||
instance_type: qemu
|
||||
|
|
|
@ -4,4 +4,4 @@
|
|||
fqdn: sapt-labp-mda01.prod.servers.sapti.me
|
||||
ansible_host: 192.168.23.35
|
||||
internal_ipv4: 10.2.16.15
|
||||
virt_type: lxc
|
||||
instance_type: lxc
|
||||
|
|
|
@ -1,7 +0,0 @@
|
|||
# vim: ft=yaml.ansible
|
||||
# code: language=ansible
|
||||
---
|
||||
fqdn: sapt-labr-mon01.shrd.servers.sapti.me
|
||||
ansible_host: 192.168.23.20
|
||||
internal_ipv4: 10.2.18.20
|
||||
virt_type: qemu
|
|
@ -4,4 +4,4 @@
|
|||
fqdn: sapt-labr-prx01.shrd.servers.sapti.me
|
||||
ansible_host: 192.168.23.10
|
||||
internal_ipv4: 10.2.18.10
|
||||
virt_type: qemu
|
||||
instance_type: qemu
|
||||
|
|
|
@ -4,4 +4,4 @@
|
|||
fqdn: sapt-labs-app01.stage.servers.sapti.me
|
||||
ansible_host: 192.168.23.50
|
||||
internal_ipv4: 10.2.19.10
|
||||
virt_type: qemu
|
||||
instance_type: qemu
|
||||
|
|
|
@ -4,4 +4,4 @@
|
|||
fqdn: sapt-labs-db01.stage.servers.sapti.me
|
||||
ansible_host: 192.168.23.60
|
||||
internal_ipv4: 10.2.19.20
|
||||
virt_type: qemu
|
||||
instance_type: qemu
|
||||
|
|
|
@ -4,4 +4,4 @@
|
|||
fqdn: sapt-labs-mda01.stage.servers.sapti.me
|
||||
ansible_host: 192.168.23.55
|
||||
internal_ipv4: 10.2.19.15
|
||||
virt_type: lxc
|
||||
instance_type: lxc
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
[control_infra]
|
||||
sapt-labx-ctl01
|
||||
|
||||
[controlservers:children]
|
||||
control_infra
|
||||
|
||||
[infrastructure:children]
|
||||
controlservers
|
|
@ -2,7 +2,7 @@
|
|||
# code: language=ansible
|
||||
---
|
||||
- name: Run playbook
|
||||
hosts: all
|
||||
hosts: infrastructure
|
||||
become: true
|
||||
gather_facts: true
|
||||
tasks:
|
||||
|
|
|
@ -1,3 +1,32 @@
|
|||
# [control_infra]
|
||||
# sapt-labx-ctl01
|
||||
|
||||
# [controlservers:children]
|
||||
# control_infra
|
||||
|
||||
# [infrastructure:children]
|
||||
# controlservers
|
||||
|
||||
[pub_cloud]
|
||||
sapt-labc-pub01
|
||||
|
||||
# [mon_cloud]
|
||||
# sapt-labc-mon01
|
||||
|
||||
# [sec_cloud]
|
||||
# sapt-labc-sec01
|
||||
|
||||
[cloud:children]
|
||||
pub_cloud
|
||||
# mon_cloud
|
||||
# sec_cloud
|
||||
|
||||
[prx_shrd]
|
||||
sapt-labr-prx01
|
||||
|
||||
[shared:children]
|
||||
prx_shrd
|
||||
|
||||
[app_prod]
|
||||
sapt-labp-app01
|
||||
|
||||
|
@ -7,6 +36,11 @@ sapt-labp-db01
|
|||
# [mda_prod]
|
||||
# sapt-labp-mda01
|
||||
|
||||
[production:children]
|
||||
app_prod
|
||||
db_prod
|
||||
# mda_prod
|
||||
|
||||
[app_stage]
|
||||
sapt-labs-app01
|
||||
|
||||
|
@ -16,25 +50,22 @@ sapt-labs-db01
|
|||
[mda_stage]
|
||||
sapt-labs-mda01
|
||||
|
||||
[proxy_shrd]
|
||||
sapt-labr-prx01
|
||||
|
||||
# [monitor_shrd]
|
||||
# sapt-labr-mon01
|
||||
|
||||
[production:children]
|
||||
app_prod
|
||||
db_prod
|
||||
# mda_prod
|
||||
|
||||
[staging:children]
|
||||
app_stage
|
||||
db_stage
|
||||
mda_stage
|
||||
|
||||
[shared:children]
|
||||
proxy_shrd
|
||||
# monitor_shrd
|
||||
[publicservers:children]
|
||||
pub_cloud
|
||||
|
||||
# [monitorservers:children]
|
||||
# mon_cloud
|
||||
|
||||
# [securityservers:children]
|
||||
# sec_cloud
|
||||
|
||||
[proxyservers:children]
|
||||
prx_shrd
|
||||
|
||||
[appservers:children]
|
||||
app_prod
|
||||
|
@ -48,13 +79,11 @@ mda_stage
|
|||
db_prod
|
||||
db_stage
|
||||
|
||||
[proxyservers:children]
|
||||
proxy_shrd
|
||||
|
||||
# [monitorservers:children]
|
||||
# monitor_shrd
|
||||
|
||||
[virtualservers:children]
|
||||
[home:children]
|
||||
shared
|
||||
production
|
||||
staging
|
||||
shared
|
||||
|
||||
[virtualservers:children]
|
||||
cloud
|
||||
home
|
||||
|
|
|
@ -10,6 +10,18 @@
|
|||
source: 192.168.0.0/16
|
||||
permanent: true
|
||||
state: enabled
|
||||
when: instance_type != 'vps'
|
||||
|
||||
- name: Move home IP addresses to zone 'dmz'
|
||||
ansible.posix.firewalld:
|
||||
zone: dmz
|
||||
source: "{{ item }}"
|
||||
permanent: true
|
||||
state: enabled
|
||||
loop:
|
||||
- '46.32.144.131'
|
||||
- '2a06:4001:f02a::/48'
|
||||
when: instance_type == 'vps'
|
||||
|
||||
- name: Move internal network to zone 'internal'
|
||||
ansible.posix.firewalld:
|
||||
|
@ -43,8 +55,9 @@
|
|||
permanent: true
|
||||
state: enabled
|
||||
|
||||
- name: Firewall rules for proxy servers
|
||||
when: hostname in groups['proxyservers']
|
||||
- name: Firewall rules for proxy & public servers
|
||||
when: hostname in groups['proxyservers'] or
|
||||
hostname in groups['publicservers']
|
||||
notify: Reload firewalld
|
||||
block:
|
||||
- name: Allow incoming connections to HTTP port in zones 'public' and 'dmz'
|
||||
|
|
|
@ -87,7 +87,7 @@
|
|||
- rsyslog
|
||||
|
||||
- name: Packages for QEMU instances
|
||||
when: virt_type == 'qemu'
|
||||
when: instance_type == 'qemu'
|
||||
block:
|
||||
- name: Install haveged
|
||||
ansible.builtin.dnf:
|
||||
|
@ -100,5 +100,18 @@
|
|||
enabled: true
|
||||
state: started
|
||||
|
||||
- name: Create directory '{{ data_fs }}'
|
||||
ansible.builtin.file:
|
||||
path: "{{ data_fs }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rwx,g=rx,o=rx
|
||||
seuser: system_u
|
||||
serole: object_r
|
||||
setype: unlabeled_t
|
||||
selevel: s0
|
||||
state: directory
|
||||
when: instance_type == 'vps'
|
||||
|
||||
- name: Configure firewall
|
||||
ansible.builtin.import_tasks: firewall.yml
|
||||
|
|
|
@ -12,7 +12,13 @@ ff02::1 ip6-allnodes
|
|||
ff02::2 ip6-allrouters
|
||||
ff02::3 ip6-allhosts
|
||||
|
||||
# Static hostnames for VMs
|
||||
{% for host in groups['virtualservers']|sort %}
|
||||
# Static hostnames for servers
|
||||
{% if instance_type == 'vps' %}
|
||||
{% for host in groups['cloud']|sort %}
|
||||
{{ hostvars[host].internal_ipv4 }} {{ hostvars[host].fqdn }}
|
||||
{% endfor %}
|
||||
{% else %}
|
||||
{% for host in groups['home']|sort %}
|
||||
{{ hostvars[host].internal_ipv4 }} {{ hostvars[host].fqdn }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
|
|
@ -3,8 +3,8 @@
|
|||
Welcome to {{ hostname }}
|
||||
==============================================================
|
||||
- FQDN.............: {{ fqdn }}
|
||||
- LAN IPv4.........: {{ ansible_host }}
|
||||
- Public IPv4......: {{ ansible_host }}
|
||||
- Internal IPv4....: {{ internal_ipv4 }}
|
||||
- Virtualization...: {{ virt_type | upper }}
|
||||
- Instance type....: {{ instance_type | upper }}
|
||||
==============================================================
|
||||
|
||||
|
|
5
site.yml
5
site.yml
|
@ -2,7 +2,7 @@
|
|||
# code: language=ansible
|
||||
---
|
||||
- name: Run playbook
|
||||
hosts: all
|
||||
hosts: virtualservers
|
||||
become: true
|
||||
gather_facts: true
|
||||
tasks:
|
||||
|
@ -15,7 +15,8 @@
|
|||
ansible.builtin.include_role:
|
||||
name: docker
|
||||
when: hostname in groups['appservers'] or
|
||||
hostname in groups['proxyservers']
|
||||
hostname in groups['proxyservers'] or
|
||||
hostname in groups['publicservers']
|
||||
|
||||
- name: Include role 'apps'
|
||||
ansible.builtin.include_role:
|
||||
|
|
Loading…
Reference in a new issue