Add sapt-labc-pub01
This commit is contained in:
parent
67e65e807e
commit
f51540b4a1
13
cloud-init/vps.cfg
Normal file
13
cloud-init/vps.cfg
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
# vim: ft=yaml
|
||||||
|
|
||||||
|
#cloud-config
|
||||||
|
ssh_pwauth: false
|
||||||
|
|
||||||
|
users:
|
||||||
|
- name: ansible
|
||||||
|
gecos: Ansible User
|
||||||
|
sudo: ALL=(ALL) NOPASSWD:ALL
|
||||||
|
shell: /bin/bash
|
||||||
|
lock_passwd: true
|
||||||
|
ssh_authorized_keys:
|
||||||
|
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyAuOqh0vcpLMBa8FFbvrTOgw8N+bcImFzyBspfQDAf ansible"
|
7
host_vars/sapt-labc-pub01.yml
Normal file
7
host_vars/sapt-labc-pub01.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
# code: language=ansible
|
||||||
|
---
|
||||||
|
fqdn: sapt-labc-pub01.cloud.servers.sapti.me
|
||||||
|
ansible_host: 168.119.158.106
|
||||||
|
internal_ipv4: 10.2.3.2
|
||||||
|
instance_type: vps
|
|
@ -4,4 +4,4 @@
|
||||||
fqdn: sapt-labp-app01.prod.servers.sapti.me
|
fqdn: sapt-labp-app01.prod.servers.sapti.me
|
||||||
ansible_host: 192.168.23.30
|
ansible_host: 192.168.23.30
|
||||||
internal_ipv4: 10.2.16.10
|
internal_ipv4: 10.2.16.10
|
||||||
virt_type: qemu
|
instance_type: qemu
|
||||||
|
|
|
@ -4,4 +4,4 @@
|
||||||
fqdn: sapt-labp-db01.prod.servers.sapti.me
|
fqdn: sapt-labp-db01.prod.servers.sapti.me
|
||||||
ansible_host: 192.168.23.40
|
ansible_host: 192.168.23.40
|
||||||
internal_ipv4: 10.2.16.20
|
internal_ipv4: 10.2.16.20
|
||||||
virt_type: qemu
|
instance_type: qemu
|
||||||
|
|
|
@ -4,4 +4,4 @@
|
||||||
fqdn: sapt-labp-mda01.prod.servers.sapti.me
|
fqdn: sapt-labp-mda01.prod.servers.sapti.me
|
||||||
ansible_host: 192.168.23.35
|
ansible_host: 192.168.23.35
|
||||||
internal_ipv4: 10.2.16.15
|
internal_ipv4: 10.2.16.15
|
||||||
virt_type: lxc
|
instance_type: lxc
|
||||||
|
|
|
@ -1,7 +0,0 @@
|
||||||
# vim: ft=yaml.ansible
|
|
||||||
# code: language=ansible
|
|
||||||
---
|
|
||||||
fqdn: sapt-labr-mon01.shrd.servers.sapti.me
|
|
||||||
ansible_host: 192.168.23.20
|
|
||||||
internal_ipv4: 10.2.18.20
|
|
||||||
virt_type: qemu
|
|
|
@ -4,4 +4,4 @@
|
||||||
fqdn: sapt-labr-prx01.shrd.servers.sapti.me
|
fqdn: sapt-labr-prx01.shrd.servers.sapti.me
|
||||||
ansible_host: 192.168.23.10
|
ansible_host: 192.168.23.10
|
||||||
internal_ipv4: 10.2.18.10
|
internal_ipv4: 10.2.18.10
|
||||||
virt_type: qemu
|
instance_type: qemu
|
||||||
|
|
|
@ -4,4 +4,4 @@
|
||||||
fqdn: sapt-labs-app01.stage.servers.sapti.me
|
fqdn: sapt-labs-app01.stage.servers.sapti.me
|
||||||
ansible_host: 192.168.23.50
|
ansible_host: 192.168.23.50
|
||||||
internal_ipv4: 10.2.19.10
|
internal_ipv4: 10.2.19.10
|
||||||
virt_type: qemu
|
instance_type: qemu
|
||||||
|
|
|
@ -4,4 +4,4 @@
|
||||||
fqdn: sapt-labs-db01.stage.servers.sapti.me
|
fqdn: sapt-labs-db01.stage.servers.sapti.me
|
||||||
ansible_host: 192.168.23.60
|
ansible_host: 192.168.23.60
|
||||||
internal_ipv4: 10.2.19.20
|
internal_ipv4: 10.2.19.20
|
||||||
virt_type: qemu
|
instance_type: qemu
|
||||||
|
|
|
@ -4,4 +4,4 @@
|
||||||
fqdn: sapt-labs-mda01.stage.servers.sapti.me
|
fqdn: sapt-labs-mda01.stage.servers.sapti.me
|
||||||
ansible_host: 192.168.23.55
|
ansible_host: 192.168.23.55
|
||||||
internal_ipv4: 10.2.19.15
|
internal_ipv4: 10.2.19.15
|
||||||
virt_type: lxc
|
instance_type: lxc
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
[control_infra]
|
|
||||||
sapt-labx-ctl01
|
|
||||||
|
|
||||||
[controlservers:children]
|
|
||||||
control_infra
|
|
||||||
|
|
||||||
[infrastructure:children]
|
|
||||||
controlservers
|
|
|
@ -2,7 +2,7 @@
|
||||||
# code: language=ansible
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: Run playbook
|
- name: Run playbook
|
||||||
hosts: all
|
hosts: infrastructure
|
||||||
become: true
|
become: true
|
||||||
gather_facts: true
|
gather_facts: true
|
||||||
tasks:
|
tasks:
|
||||||
|
|
|
@ -1,3 +1,32 @@
|
||||||
|
# [control_infra]
|
||||||
|
# sapt-labx-ctl01
|
||||||
|
|
||||||
|
# [controlservers:children]
|
||||||
|
# control_infra
|
||||||
|
|
||||||
|
# [infrastructure:children]
|
||||||
|
# controlservers
|
||||||
|
|
||||||
|
[pub_cloud]
|
||||||
|
sapt-labc-pub01
|
||||||
|
|
||||||
|
# [mon_cloud]
|
||||||
|
# sapt-labc-mon01
|
||||||
|
|
||||||
|
# [sec_cloud]
|
||||||
|
# sapt-labc-sec01
|
||||||
|
|
||||||
|
[cloud:children]
|
||||||
|
pub_cloud
|
||||||
|
# mon_cloud
|
||||||
|
# sec_cloud
|
||||||
|
|
||||||
|
[prx_shrd]
|
||||||
|
sapt-labr-prx01
|
||||||
|
|
||||||
|
[shared:children]
|
||||||
|
prx_shrd
|
||||||
|
|
||||||
[app_prod]
|
[app_prod]
|
||||||
sapt-labp-app01
|
sapt-labp-app01
|
||||||
|
|
||||||
|
@ -7,6 +36,11 @@ sapt-labp-db01
|
||||||
# [mda_prod]
|
# [mda_prod]
|
||||||
# sapt-labp-mda01
|
# sapt-labp-mda01
|
||||||
|
|
||||||
|
[production:children]
|
||||||
|
app_prod
|
||||||
|
db_prod
|
||||||
|
# mda_prod
|
||||||
|
|
||||||
[app_stage]
|
[app_stage]
|
||||||
sapt-labs-app01
|
sapt-labs-app01
|
||||||
|
|
||||||
|
@ -16,25 +50,22 @@ sapt-labs-db01
|
||||||
[mda_stage]
|
[mda_stage]
|
||||||
sapt-labs-mda01
|
sapt-labs-mda01
|
||||||
|
|
||||||
[proxy_shrd]
|
|
||||||
sapt-labr-prx01
|
|
||||||
|
|
||||||
# [monitor_shrd]
|
|
||||||
# sapt-labr-mon01
|
|
||||||
|
|
||||||
[production:children]
|
|
||||||
app_prod
|
|
||||||
db_prod
|
|
||||||
# mda_prod
|
|
||||||
|
|
||||||
[staging:children]
|
[staging:children]
|
||||||
app_stage
|
app_stage
|
||||||
db_stage
|
db_stage
|
||||||
mda_stage
|
mda_stage
|
||||||
|
|
||||||
[shared:children]
|
[publicservers:children]
|
||||||
proxy_shrd
|
pub_cloud
|
||||||
# monitor_shrd
|
|
||||||
|
# [monitorservers:children]
|
||||||
|
# mon_cloud
|
||||||
|
|
||||||
|
# [securityservers:children]
|
||||||
|
# sec_cloud
|
||||||
|
|
||||||
|
[proxyservers:children]
|
||||||
|
prx_shrd
|
||||||
|
|
||||||
[appservers:children]
|
[appservers:children]
|
||||||
app_prod
|
app_prod
|
||||||
|
@ -48,13 +79,11 @@ mda_stage
|
||||||
db_prod
|
db_prod
|
||||||
db_stage
|
db_stage
|
||||||
|
|
||||||
[proxyservers:children]
|
[home:children]
|
||||||
proxy_shrd
|
shared
|
||||||
|
|
||||||
# [monitorservers:children]
|
|
||||||
# monitor_shrd
|
|
||||||
|
|
||||||
[virtualservers:children]
|
|
||||||
production
|
production
|
||||||
staging
|
staging
|
||||||
shared
|
|
||||||
|
[virtualservers:children]
|
||||||
|
cloud
|
||||||
|
home
|
||||||
|
|
|
@ -10,6 +10,18 @@
|
||||||
source: 192.168.0.0/16
|
source: 192.168.0.0/16
|
||||||
permanent: true
|
permanent: true
|
||||||
state: enabled
|
state: enabled
|
||||||
|
when: instance_type != 'vps'
|
||||||
|
|
||||||
|
- name: Move home IP addresses to zone 'dmz'
|
||||||
|
ansible.posix.firewalld:
|
||||||
|
zone: dmz
|
||||||
|
source: "{{ item }}"
|
||||||
|
permanent: true
|
||||||
|
state: enabled
|
||||||
|
loop:
|
||||||
|
- '46.32.144.131'
|
||||||
|
- '2a06:4001:f02a::/48'
|
||||||
|
when: instance_type == 'vps'
|
||||||
|
|
||||||
- name: Move internal network to zone 'internal'
|
- name: Move internal network to zone 'internal'
|
||||||
ansible.posix.firewalld:
|
ansible.posix.firewalld:
|
||||||
|
@ -43,8 +55,9 @@
|
||||||
permanent: true
|
permanent: true
|
||||||
state: enabled
|
state: enabled
|
||||||
|
|
||||||
- name: Firewall rules for proxy servers
|
- name: Firewall rules for proxy & public servers
|
||||||
when: hostname in groups['proxyservers']
|
when: hostname in groups['proxyservers'] or
|
||||||
|
hostname in groups['publicservers']
|
||||||
notify: Reload firewalld
|
notify: Reload firewalld
|
||||||
block:
|
block:
|
||||||
- name: Allow incoming connections to HTTP port in zones 'public' and 'dmz'
|
- name: Allow incoming connections to HTTP port in zones 'public' and 'dmz'
|
||||||
|
|
|
@ -87,7 +87,7 @@
|
||||||
- rsyslog
|
- rsyslog
|
||||||
|
|
||||||
- name: Packages for QEMU instances
|
- name: Packages for QEMU instances
|
||||||
when: virt_type == 'qemu'
|
when: instance_type == 'qemu'
|
||||||
block:
|
block:
|
||||||
- name: Install haveged
|
- name: Install haveged
|
||||||
ansible.builtin.dnf:
|
ansible.builtin.dnf:
|
||||||
|
@ -100,5 +100,18 @@
|
||||||
enabled: true
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
|
|
||||||
|
- name: Create directory '{{ data_fs }}'
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ data_fs }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=rwx,g=rx,o=rx
|
||||||
|
seuser: system_u
|
||||||
|
serole: object_r
|
||||||
|
setype: unlabeled_t
|
||||||
|
selevel: s0
|
||||||
|
state: directory
|
||||||
|
when: instance_type == 'vps'
|
||||||
|
|
||||||
- name: Configure firewall
|
- name: Configure firewall
|
||||||
ansible.builtin.import_tasks: firewall.yml
|
ansible.builtin.import_tasks: firewall.yml
|
||||||
|
|
|
@ -12,7 +12,13 @@ ff02::1 ip6-allnodes
|
||||||
ff02::2 ip6-allrouters
|
ff02::2 ip6-allrouters
|
||||||
ff02::3 ip6-allhosts
|
ff02::3 ip6-allhosts
|
||||||
|
|
||||||
# Static hostnames for VMs
|
# Static hostnames for servers
|
||||||
{% for host in groups['virtualservers']|sort %}
|
{% if instance_type == 'vps' %}
|
||||||
|
{% for host in groups['cloud']|sort %}
|
||||||
{{ hostvars[host].internal_ipv4 }} {{ hostvars[host].fqdn }}
|
{{ hostvars[host].internal_ipv4 }} {{ hostvars[host].fqdn }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% else %}
|
||||||
|
{% for host in groups['home']|sort %}
|
||||||
|
{{ hostvars[host].internal_ipv4 }} {{ hostvars[host].fqdn }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
|
|
@ -3,8 +3,8 @@
|
||||||
Welcome to {{ hostname }}
|
Welcome to {{ hostname }}
|
||||||
==============================================================
|
==============================================================
|
||||||
- FQDN.............: {{ fqdn }}
|
- FQDN.............: {{ fqdn }}
|
||||||
- LAN IPv4.........: {{ ansible_host }}
|
- Public IPv4......: {{ ansible_host }}
|
||||||
- Internal IPv4....: {{ internal_ipv4 }}
|
- Internal IPv4....: {{ internal_ipv4 }}
|
||||||
- Virtualization...: {{ virt_type | upper }}
|
- Instance type....: {{ instance_type | upper }}
|
||||||
==============================================================
|
==============================================================
|
||||||
|
|
||||||
|
|
5
site.yml
5
site.yml
|
@ -2,7 +2,7 @@
|
||||||
# code: language=ansible
|
# code: language=ansible
|
||||||
---
|
---
|
||||||
- name: Run playbook
|
- name: Run playbook
|
||||||
hosts: all
|
hosts: virtualservers
|
||||||
become: true
|
become: true
|
||||||
gather_facts: true
|
gather_facts: true
|
||||||
tasks:
|
tasks:
|
||||||
|
@ -15,7 +15,8 @@
|
||||||
ansible.builtin.include_role:
|
ansible.builtin.include_role:
|
||||||
name: docker
|
name: docker
|
||||||
when: hostname in groups['appservers'] or
|
when: hostname in groups['appservers'] or
|
||||||
hostname in groups['proxyservers']
|
hostname in groups['proxyservers'] or
|
||||||
|
hostname in groups['publicservers']
|
||||||
|
|
||||||
- name: Include role 'apps'
|
- name: Include role 'apps'
|
||||||
ansible.builtin.include_role:
|
ansible.builtin.include_role:
|
||||||
|
|
Loading…
Reference in a new issue