jkirk/ansible-site-template

Ansible site template

This is a template to use Ansible in your environment.

It should hold and describe everything to get you started.

Quick-Start

  % git clone --depth=1 --branch=master https://github.com/jkirk/ansible-site-template myproject-ansible
  % rm -rf ./myproject-ansible/.git
  % cd ./myproject-ansible
  % ansible-galaxy -r requirements.yml install

• Put host in [site] of hosts

• (optional) Set the variable template_dns_server (i.e. via group_vars/all)

• If the given host is a PBS:

  • Put host in [pbs] of hosts
  • Put the following line in group_vars/pbs.yml:

  ---
  hostname_hostname_ip_address: "{{ ansible_default_ipv4.address }}"

  • Remove Proxmox apt sources enterprise.list file

    ❯ ansible -u root --ask-pass -b -m file -a 'state=absent path=/etc/apt/sources.list.d/pbs-enterprise.list' $host

• If the given host is a PVE:

  • Put host in [proxmox] of hosts
  • Put the following line in group_vars/proxmox.yml:

  ---
  hostname_hostname_ip_address: "{{ ansible_default_ipv4.address }}"

  • Remove Proxmox apt sources enterprise.list file

    ❯ ansible -u root --ask-pass -b -m file -a 'state=absent path=/etc/apt/sources.list.d/pve-enterprise.list' $host

• Set administration users in bootstrap.yml

• Set administration users in site-base.yml

• Add public SSH-key in files/ssh/$USERNAME.pub

Overview Ansible roles

• donat-b/ansible-restic-rest
• jkirk/ansible-role-base
• jkirk/ansible-role-grml-config
• jkirk/ansible-role-letsencrypt
• jkirk/ansible-role-proxmox
• jkirk/ansible-role-template
• jkirk/ansible-role-user
• jkirk/ansible-role-website
• Oefenweb/ansible-hostname
• paulfantom/ansible-restic
• robertdebock/ansible-role-bootstrap
• robertdebock/ansible-role-users
• shibumi/ansible-systemd-conf

Overview Ansible collections

• hifis-net/ansible-collection-toolkit

NOTE: hifis.toolkit replaced jnv.unattended-upgrades

bootstrap

• Review DNS server in bootstrap.yml resp. bootstrap-template.yml

  % ansible-playbook -u root --limit myserver01.example.com bootstrap.yml # with public key authentication
  [...]

  % ansible-playbook -u root -ask-pass --limit myserver01.example.com bootstrap.yml # with password authentication
  [...]

Please note, that when running in check-mode the playbook most probably fails because of missing dbus. See: Oefenweb/ansible-hostname#12.

jnv.unattended-upgrades

• Review site-upgrades.yml

  % ansible-playbook -D --limit myserver01.example.com site-upgrades.yml

jkirk.letsencrypt

    - hosts: website
      roles:
        - { role: jkirk.letsencrypt, letsencrypt_domains: [ 'demo.example.com' ] }