/ansible

Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy and maintain. Automate everything from code deployment to network configuration to cloud management, in a language that approaches plain English, using SSH, with no agents to install on remote systems. https://docs.ansible.com.

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

Ansible Collection - kencx.ansible

This collection contains roles and playbooks for bootstrapping my homelab and workstation.

Roles

Refer to docs/roles.md for documentation.

  • security provides basic hardening such as configuring sudo, SSH hardening, installing ufw and fail2ban
  • terraform installs Terraform CLI
  • python3 installs and updates Python3 and pip3
  • dotfiles installs custom dotfiles for remote machines
  • goss installs and runs Goss server validation
  • ssl generates TLS certificates from root and intermediate CAs

Playbooks

Bootstraps a brand new development workstation. Tested on Ubuntu 21.04.

Refer to playbooks for more details.

Development

Prerequisites

  • ansible[lint]
  • molecule[docker,vagrant]
  • Docker
  • Vagrant
  • make

When testing locally, the collection can be quickly installed to the local collections path with

$ make galaxy-install

Molecule

To debug and test roles, run:

$ make converge scen=security
$ make verify scen=security

Issues

When running roles with service, systemd is required. However, there are issues with running systemd in Docker containers. As such, these roles require Vagrant and molecule-vagrant. Affected roles:

  • security

Additionally, apt update is not working well in Debian 10 container due to "oldstable".

TODO

  • group_vars
  • versioning
  • molecule scenario for binaries