From eca534e1baef7411eb78d3c502f56523472a1f66 Mon Sep 17 00:00:00 2001 From: Riouallon Vincent Date: Fri, 17 Apr 2020 20:00:00 +0100 Subject: [PATCH 01/94] chore: add ansible host file --- ansible/hosts | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 ansible/hosts diff --git a/ansible/hosts b/ansible/hosts new file mode 100644 index 0000000..e69de29 From 2106a4bc50e786c9e46e1743e8368204f1514025 Mon Sep 17 00:00:00 2001 From: Riouallon Vincent Date: Sat, 18 Apr 2020 20:00:00 +0100 Subject: [PATCH 02/94] chore: arch --- ansible/hosts | 0 ansible/inventories/hosts | 1 + 2 files changed, 1 insertion(+) delete mode 100644 ansible/hosts create mode 100644 ansible/inventories/hosts diff --git a/ansible/hosts b/ansible/hosts deleted file mode 100644 index e69de29..0000000 diff --git a/ansible/inventories/hosts b/ansible/inventories/hosts new file mode 100644 index 0000000..5948e87 --- /dev/null +++ b/ansible/inventories/hosts @@ -0,0 +1 @@ +91.121.85.107 \ No newline at end of file From 23ae35631b5816d221299fce3579153b6362d9ed Mon Sep 17 00:00:00 2001 From: Riouallon Vincent Date: Sun, 19 Apr 2020 20:00:00 +0100 Subject: [PATCH 03/94] chore: add production folder --- ansible/inventories/{ => production}/hosts | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename ansible/inventories/{ => production}/hosts (100%) diff --git a/ansible/inventories/hosts b/ansible/inventories/production/hosts similarity index 100% rename from ansible/inventories/hosts rename to ansible/inventories/production/hosts From 39cbde3f3c805c657ab71f05701afef6dfa8629d Mon Sep 17 00:00:00 2001 From: Riouallon Vincent Date: Mon, 20 Apr 2020 20:00:00 +0100 Subject: [PATCH 04/94] chore: add comment host production file --- ansible/inventories/production/hosts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ansible/inventories/production/hosts b/ansible/inventories/production/hosts index 5948e87..1a16ab7 100644 --- a/ansible/inventories/production/hosts +++ b/ansible/inventories/production/hosts @@ -1 +1,3 @@ +# file: production + 91.121.85.107 \ No newline at end of file From 7f5bff72d00424aba19393661d7457f71514bf01 Mon Sep 17 00:00:00 2001 From: Riouallon Vincent Date: Wed, 22 Apr 2020 20:00:00 +0100 Subject: [PATCH 05/94] chore: add seedbox comm --- ansible/{inventories/production/hosts => production} | 1 + 1 file changed, 1 insertion(+) rename ansible/{inventories/production/hosts => production} (76%) diff --git a/ansible/inventories/production/hosts b/ansible/production similarity index 76% rename from ansible/inventories/production/hosts rename to ansible/production index 1a16ab7..e402734 100644 --- a/ansible/inventories/production/hosts +++ b/ansible/production @@ -1,3 +1,4 @@ # file: production +[seedbox] 91.121.85.107 \ No newline at end of file From 664e348167fea9e74c957c55c4a8d03f031b9bf3 Mon Sep 17 00:00:00 2001 From: vriouallon Date: Fri, 24 Apr 2020 20:00:00 +0100 Subject: [PATCH 06/94] add some conf for user --- ansible/user_commands.yml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 ansible/user_commands.yml diff --git a/ansible/user_commands.yml b/ansible/user_commands.yml new file mode 100644 index 0000000..c6951af --- /dev/null +++ b/ansible/user_commands.yml @@ -0,0 +1,6 @@ +- hosts: all + remote_user: root + vars: + # created with: + # python -c 'import crypt; print crypt.crypt("This is my Password", "$1$SomeSalt$")' + password: $1$SomeSalt$UqddPX3r4kH3UL5jq5/ZI. \ No newline at end of file From 13d20881d8a8f477123023392beb51586283c6c6 Mon Sep 17 00:00:00 2001 From: vriouallon Date: Sat, 25 Apr 2020 20:00:00 +0100 Subject: [PATCH 07/94] change target of task --- ansible/user_commands.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/user_commands.yml b/ansible/user_commands.yml index c6951af..521230d 100644 --- a/ansible/user_commands.yml +++ b/ansible/user_commands.yml @@ -1,4 +1,4 @@ -- hosts: all +- hosts: seedbox remote_user: root vars: # created with: From 885a05715f92e74fe58f195e65d212202aaf7a92 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Tue, 28 Apr 2020 20:00:00 +0100 Subject: [PATCH 08/94] add creation user task --- ansible/user_commands.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ansible/user_commands.yml b/ansible/user_commands.yml index 521230d..3616c76 100644 --- a/ansible/user_commands.yml +++ b/ansible/user_commands.yml @@ -3,4 +3,9 @@ vars: # created with: # python -c 'import crypt; print crypt.crypt("This is my Password", "$1$SomeSalt$")' - password: $1$SomeSalt$UqddPX3r4kH3UL5jq5/ZI. \ No newline at end of file + password: $1$SomeSalt$UqddPX3r4kH3UL5jq5/ZI. + + tasks: + + # Walk through account creation, modification, and deletion + - user: name=tset password={{password}} \ No newline at end of file From 69c632a767c5f59426a690e06852aae2104cab9f Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Wed, 29 Apr 2020 20:00:00 +0100 Subject: [PATCH 09/94] add example found online --- ansible/playbook.yml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ansible/playbook.yml diff --git a/ansible/playbook.yml b/ansible/playbook.yml new file mode 100644 index 0000000..1ec7258 --- /dev/null +++ b/ansible/playbook.yml @@ -0,0 +1,5 @@ +- name: Installation du serveur + hosts: web + remote_user: root + tasks: + - name: Installation de git \ No newline at end of file From 8c721d48232b56a5b1c0d655c1c7ba6a84a7e79c Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Sat, 2 May 2020 20:00:00 +0100 Subject: [PATCH 10/94] complete example --- ansible/playbook.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 1ec7258..4a8cf97 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -2,4 +2,7 @@ hosts: web remote_user: root tasks: - - name: Installation de git \ No newline at end of file + - name: Installation de git + apt: name=git update_cache=yes + - name: installation de Vim + apt: name=vim \ No newline at end of file From e69d42069769d71d5a95b4d30e90f8bf11a67a53 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Sat, 2 May 2020 20:00:00 +0100 Subject: [PATCH 11/94] rm unecessary option --- ansible/playbook.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 4a8cf97..1f11099 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -3,6 +3,6 @@ remote_user: root tasks: - name: Installation de git - apt: name=git update_cache=yes + apt: name=git - name: installation de Vim apt: name=vim \ No newline at end of file From d0e3e3f4995d2f9ef4234910ca2e2f5d0d63d85c Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Sat, 2 May 2020 20:00:00 +0100 Subject: [PATCH 12/94] change target --- ansible/playbook.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 1f11099..c2e3a7f 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -1,5 +1,5 @@ - name: Installation du serveur - hosts: web + hosts: seedbox remote_user: root tasks: - name: Installation de git From a10eca0f4bc542ea293759ba3e53ac9dfd7d57f4 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Sat, 2 May 2020 20:00:00 +0100 Subject: [PATCH 13/94] put it in english --- ansible/playbook.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/playbook.yml b/ansible/playbook.yml index c2e3a7f..0b99727 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -1,8 +1,8 @@ -- name: Installation du serveur +- name: Server installation hosts: seedbox remote_user: root tasks: - - name: Installation de git + - name: Git installation apt: name=git - - name: installation de Vim + - name: Vim installation apt: name=vim \ No newline at end of file From 817fa66b116738898eb75fa49523bf21b19a1999 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Sun, 3 May 2020 20:00:00 +0100 Subject: [PATCH 14/94] add a loop --- ansible/playbook.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 0b99727..4f11fbb 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -1,8 +1,10 @@ - name: Server installation hosts: seedbox remote_user: root + tasks: - - name: Git installation - apt: name=git - - name: Vim installation - apt: name=vim \ No newline at end of file + - name: Dependencies installation + apt: name={{ item }} + with_items: + - git + - vim \ No newline at end of file From 71f9543931bb8ef39673418f47eed4279c2b42af Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Tue, 5 May 2020 20:00:00 +0100 Subject: [PATCH 15/94] take latest version --- ansible/playbook.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 4f11fbb..0e0df02 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -4,7 +4,7 @@ tasks: - name: Dependencies installation - apt: name={{ item }} + apt: name={{ item }} state=latest with_items: - git - vim \ No newline at end of file From 21b4463c707573d319caf5a95d4c257684498d6c Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Tue, 5 May 2020 20:00:00 +0100 Subject: [PATCH 16/94] update cache --- ansible/playbook.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 0e0df02..2a8428a 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -4,7 +4,7 @@ tasks: - name: Dependencies installation - apt: name={{ item }} state=latest + apt: name={{ item }} update_cache=yes state=latest with_items: - git - vim \ No newline at end of file From 3d2645a5fd07bf828ffb8ee2aee212242a3c2ed9 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Tue, 5 May 2020 20:00:00 +0100 Subject: [PATCH 17/94] add htop --- ansible/playbook.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 2a8428a..7819908 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -7,4 +7,5 @@ apt: name={{ item }} update_cache=yes state=latest with_items: - git - - vim \ No newline at end of file + - vim + - htop \ No newline at end of file From 137c5e33a320baecfb68f3ded7d4e4cc86cd547a Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Tue, 5 May 2020 21:00:00 +0200 Subject: [PATCH 18/94] add zsh --- ansible/playbook.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 7819908..5f099e3 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -8,4 +8,5 @@ with_items: - git - vim - - htop \ No newline at end of file + - htop + - zsh \ No newline at end of file From 1cf126b9a76a935172f0ddd9c8fee8db93188458 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Fri, 8 May 2020 21:00:00 +0200 Subject: [PATCH 19/94] change for pacman --- ansible/playbook.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 5f099e3..1857e25 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -4,9 +4,9 @@ tasks: - name: Dependencies installation - apt: name={{ item }} update_cache=yes state=latest - with_items: - - git - - vim - - htop - - zsh \ No newline at end of file + pacman: + name: + - git + - vim + - htop + - zsh From b8601e826acafd1d3f0673e6ef6eb168eb4b40e2 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Sat, 9 May 2020 21:00:00 +0200 Subject: [PATCH 20/94] update cache --- ansible/playbook.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 1857e25..8bc249a 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -10,3 +10,4 @@ - vim - htop - zsh + update_cache: yes From b82701d31862d05b14417364e666a58b8830a75c Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Mon, 11 May 2020 21:00:00 +0200 Subject: [PATCH 21/94] upgrade pkg --- ansible/playbook.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 8bc249a..7e62972 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -11,3 +11,4 @@ - htop - zsh update_cache: yes + upgrade: yes From 432d92fe3ea003fcb2c64d9dafd79fcad47ad67a Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Tue, 12 May 2020 21:00:00 +0200 Subject: [PATCH 22/94] chore: rename file --- ansible/{production => hosts} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename ansible/{production => hosts} (100%) diff --git a/ansible/production b/ansible/hosts similarity index 100% rename from ansible/production rename to ansible/hosts From e08d0e60b0c1b6d99c0b41206fe6be2595cb7ba7 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Mon, 11 May 2020 21:00:00 +0200 Subject: [PATCH 23/94] chore: add group vars --- ansible/group_vars/seedbox.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 ansible/group_vars/seedbox.yml diff --git a/ansible/group_vars/seedbox.yml b/ansible/group_vars/seedbox.yml new file mode 100644 index 0000000..e69de29 From 2f5c9bea0e55522180bc819702c1959b5815decf Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Thu, 14 May 2020 21:00:00 +0200 Subject: [PATCH 24/94] chore: add host vars --- ansible/host_vars/91.121.85.107.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 ansible/host_vars/91.121.85.107.yml diff --git a/ansible/host_vars/91.121.85.107.yml b/ansible/host_vars/91.121.85.107.yml new file mode 100644 index 0000000..e69de29 From 947660dd88ea58bb8b747410bc111786f381bb1f Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Fri, 15 May 2020 21:00:00 +0200 Subject: [PATCH 25/94] chore: change seedbox to web --- ansible/group_vars/{seedbox.yml => web.yml} | 0 ansible/hosts | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename ansible/group_vars/{seedbox.yml => web.yml} (100%) diff --git a/ansible/group_vars/seedbox.yml b/ansible/group_vars/web.yml similarity index 100% rename from ansible/group_vars/seedbox.yml rename to ansible/group_vars/web.yml diff --git a/ansible/hosts b/ansible/hosts index e402734..26ba0d9 100644 --- a/ansible/hosts +++ b/ansible/hosts @@ -1,4 +1,4 @@ # file: production -[seedbox] +[web] 91.121.85.107 \ No newline at end of file From bf93616ded10142026f6b11a4ec879b57883c4cd Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Sat, 16 May 2020 21:00:00 +0200 Subject: [PATCH 26/94] chore: put all in production folder --- ansible/{ => production}/group_vars/web.yml | 0 ansible/{ => production}/host_vars/91.121.85.107.yml | 0 ansible/{ => production}/hosts | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename ansible/{ => production}/group_vars/web.yml (100%) rename ansible/{ => production}/host_vars/91.121.85.107.yml (100%) rename ansible/{ => production}/hosts (100%) diff --git a/ansible/group_vars/web.yml b/ansible/production/group_vars/web.yml similarity index 100% rename from ansible/group_vars/web.yml rename to ansible/production/group_vars/web.yml diff --git a/ansible/host_vars/91.121.85.107.yml b/ansible/production/host_vars/91.121.85.107.yml similarity index 100% rename from ansible/host_vars/91.121.85.107.yml rename to ansible/production/host_vars/91.121.85.107.yml diff --git a/ansible/hosts b/ansible/production/hosts similarity index 100% rename from ansible/hosts rename to ansible/production/hosts From d0241ce486a24715c68b32b6dff9f7100698f29c Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Sun, 17 May 2020 21:00:00 +0200 Subject: [PATCH 27/94] chore: rename server --- ansible/{ => inventory}/production/hosts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename ansible/{ => inventory}/production/hosts (66%) diff --git a/ansible/production/hosts b/ansible/inventory/production/hosts similarity index 66% rename from ansible/production/hosts rename to ansible/inventory/production/hosts index 26ba0d9..ddb368c 100644 --- a/ansible/production/hosts +++ b/ansible/inventory/production/hosts @@ -1,4 +1,4 @@ # file: production [web] -91.121.85.107 \ No newline at end of file +mainServer \ No newline at end of file From 5da838304d85809f264e3d1095cb61f79b42d293 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Mon, 18 May 2020 21:00:00 +0200 Subject: [PATCH 28/94] chore: add information on server --- ansible/inventory/production/host_vars/mainServer.yml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 ansible/inventory/production/host_vars/mainServer.yml diff --git a/ansible/inventory/production/host_vars/mainServer.yml b/ansible/inventory/production/host_vars/mainServer.yml new file mode 100644 index 0000000..50c08c3 --- /dev/null +++ b/ansible/inventory/production/host_vars/mainServer.yml @@ -0,0 +1,7 @@ +--- +ansible_host: 91.121.85.107 +data_center: RBX1 +rack: 07A01 +id: 172791 +reverse: ns352698.ip-91-121-85.eu +... \ No newline at end of file From 00f601e849c5028a47050a64cdef1010c20c7e3f Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Mon, 18 May 2020 21:00:00 +0200 Subject: [PATCH 29/94] chore: add vars --- ansible/{ => inventory}/production/group_vars/web.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename ansible/{ => inventory}/production/group_vars/web.yml (100%) diff --git a/ansible/production/group_vars/web.yml b/ansible/inventory/production/group_vars/web.yml similarity index 100% rename from ansible/production/group_vars/web.yml rename to ansible/inventory/production/group_vars/web.yml From fddd68bf7ed1dbeb80673f9e6db73921657a1ffe Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Mon, 18 May 2020 21:00:00 +0200 Subject: [PATCH 30/94] chore: add defaults pkg --- .../91.121.85.107.yml => roles/packages/defaults/main.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename ansible/{production/host_vars/91.121.85.107.yml => roles/packages/defaults/main.yml} (100%) diff --git a/ansible/production/host_vars/91.121.85.107.yml b/ansible/roles/packages/defaults/main.yml similarity index 100% rename from ansible/production/host_vars/91.121.85.107.yml rename to ansible/roles/packages/defaults/main.yml From 5c4064ab299ef47a2a9a7e3e8a757ab01a176ec1 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Mon, 18 May 2020 21:00:00 +0200 Subject: [PATCH 31/94] chore: change host name --- ansible/user_commands.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/user_commands.yml b/ansible/user_commands.yml index 3616c76..9ab4a92 100644 --- a/ansible/user_commands.yml +++ b/ansible/user_commands.yml @@ -1,4 +1,4 @@ -- hosts: seedbox +- hosts: web remote_user: root vars: # created with: From e17ac2177eee93c085e629fbf7f37384194f95c9 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Mon, 18 May 2020 21:00:00 +0200 Subject: [PATCH 32/94] chore: put values on 2 lines --- ansible/user_commands.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ansible/user_commands.yml b/ansible/user_commands.yml index 9ab4a92..ed727c7 100644 --- a/ansible/user_commands.yml +++ b/ansible/user_commands.yml @@ -8,4 +8,6 @@ tasks: # Walk through account creation, modification, and deletion - - user: name=tset password={{password}} \ No newline at end of file + - user: + name: tset + password: "{{password}}" \ No newline at end of file From 4b5614055e2d54d052f1625195715739cf03c9fa Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Wed, 20 May 2020 21:00:00 +0200 Subject: [PATCH 33/94] chore: add user tasks --- ansible/roles/users/tasks/main.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 ansible/roles/users/tasks/main.yml diff --git a/ansible/roles/users/tasks/main.yml b/ansible/roles/users/tasks/main.yml new file mode 100644 index 0000000..6f37d2b --- /dev/null +++ b/ansible/roles/users/tasks/main.yml @@ -0,0 +1,11 @@ +--- +- name: "Create user: {{item.username}}" + user: + name: "{{item.username}}" + password: "{{item.password}}" + with_items: + - username: 'artentica' + password: 'toto' + - username: 'doctor' + password: 'titi' +... \ No newline at end of file From e2af4b091251a4fab72c3eeb962a9fbac8c719d1 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Mon, 25 May 2020 21:00:00 +0200 Subject: [PATCH 34/94] chore: pkg --- ansible/playbook.yml | 14 -------------- ansible/roles/packages/tasks/main.yml | 15 +++++++++++++++ 2 files changed, 15 insertions(+), 14 deletions(-) delete mode 100644 ansible/playbook.yml create mode 100644 ansible/roles/packages/tasks/main.yml diff --git a/ansible/playbook.yml b/ansible/playbook.yml deleted file mode 100644 index 7e62972..0000000 --- a/ansible/playbook.yml +++ /dev/null @@ -1,14 +0,0 @@ -- name: Server installation - hosts: seedbox - remote_user: root - - tasks: - - name: Dependencies installation - pacman: - name: - - git - - vim - - htop - - zsh - update_cache: yes - upgrade: yes diff --git a/ansible/roles/packages/tasks/main.yml b/ansible/roles/packages/tasks/main.yml new file mode 100644 index 0000000..b7b35e8 --- /dev/null +++ b/ansible/roles/packages/tasks/main.yml @@ -0,0 +1,15 @@ +--- +- debug: + msg: "{{ hostvars[inventory_hostname] }}" + +- name: Dependencies installation + pacman: + name: + - git + - vim + - htop + - zsh + update_cache: yes + # upgrade: yes + state: latest +... \ No newline at end of file From 81adf3c814280b414d250218c7d685e1ea5f9a3e Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Wed, 27 May 2020 21:00:00 +0200 Subject: [PATCH 35/94] chore: playbook --- ansible/site.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 ansible/site.yml diff --git a/ansible/site.yml b/ansible/site.yml new file mode 100644 index 0000000..9165bb7 --- /dev/null +++ b/ansible/site.yml @@ -0,0 +1,17 @@ +--- +- name: Server installation + hosts: web + remote_user: root + roles: + - role: packages + tags: + - packages + +- name: User configuration + hosts: web + remote_user: root + roles: + - role: users + tags: + - users +... \ No newline at end of file From 0b453f269a09a188eb6f39fcd196b5ec95f17ab8 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Sat, 30 May 2020 21:00:00 +0200 Subject: [PATCH 36/94] chore: rmv debug pkg --- ansible/roles/packages/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/roles/packages/tasks/main.yml b/ansible/roles/packages/tasks/main.yml index b7b35e8..5ce91c5 100644 --- a/ansible/roles/packages/tasks/main.yml +++ b/ansible/roles/packages/tasks/main.yml @@ -1,7 +1,7 @@ --- -- debug: - msg: "{{ hostvars[inventory_hostname] }}" - +# - debug: +# msg: "{{ hostvars[inventory_hostname] }}" + - name: Dependencies installation pacman: name: From 765c98c14681c3620f955682d6b328ca518a13ea Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Wed, 3 Jun 2020 21:00:00 +0200 Subject: [PATCH 37/94] chore: add disallow password login --- ansible/roles/ssh/tasks/main.yml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 ansible/roles/ssh/tasks/main.yml diff --git a/ansible/roles/ssh/tasks/main.yml b/ansible/roles/ssh/tasks/main.yml new file mode 100644 index 0000000..323afc7 --- /dev/null +++ b/ansible/roles/ssh/tasks/main.yml @@ -0,0 +1,8 @@ +- name: Security | Disallow password authentication + lineinfile: + dest: /etc/ssh/sshd_config + regexp: "^[#]*PasswordAuthentication" + line: "PasswordAuthentication no" + state: present + notify: restart ssh + tags: ["ssh"] \ No newline at end of file From 85db52216a6ba07cfa174aa091fade09a08cdeab Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Thu, 4 Jun 2020 21:00:00 +0200 Subject: [PATCH 38/94] chore: yml formatting --- ansible/roles/ssh/tasks/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ansible/roles/ssh/tasks/main.yml b/ansible/roles/ssh/tasks/main.yml index 323afc7..2f0b7b4 100644 --- a/ansible/roles/ssh/tasks/main.yml +++ b/ansible/roles/ssh/tasks/main.yml @@ -1,3 +1,4 @@ +--- - name: Security | Disallow password authentication lineinfile: dest: /etc/ssh/sshd_config @@ -5,4 +6,5 @@ line: "PasswordAuthentication no" state: present notify: restart ssh - tags: ["ssh"] \ No newline at end of file + tags: ["ssh"] +... \ No newline at end of file From 54adf72e7d731b845fb52cd53daee27c8759e6a5 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Fri, 5 Jun 2020 21:00:00 +0200 Subject: [PATCH 39/94] chore: add post install script --- postInstall | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 postInstall diff --git a/postInstall b/postInstall new file mode 100644 index 0000000..4cbe381 --- /dev/null +++ b/postInstall @@ -0,0 +1,5 @@ +#!/bin/bash + +wget https://pkgbuild.com/~eschwartz/repo/x86_64-extracted/pacman-static 48 +chmod +x pacman-static +./pacman-static -Syyu \ No newline at end of file From fae45b91f99eb603c4dbd2f79c02c126ebfb8a21 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Mon, 10 Aug 2020 11:44:20 +0200 Subject: [PATCH 40/94] chore: add python and reboot --- postInstall | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/postInstall b/postInstall index 4cbe381..7dac210 100644 --- a/postInstall +++ b/postInstall @@ -2,4 +2,6 @@ wget https://pkgbuild.com/~eschwartz/repo/x86_64-extracted/pacman-static 48 chmod +x pacman-static -./pacman-static -Syyu \ No newline at end of file +./pacman-static -Syyu +pacman -S python +reboot \ No newline at end of file From 635cae77aa4f249a5ab4956632bf8e897d6e7ed0 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Sat, 6 Jun 2020 21:00:00 +0200 Subject: [PATCH 41/94] rename --- postInstall => postInstall.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename postInstall => postInstall.sh (100%) diff --git a/postInstall b/postInstall.sh similarity index 100% rename from postInstall rename to postInstall.sh From b7376f7f0b46de5d2d681a1a85c02bbeb6e86644 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Sun, 7 Jun 2020 21:00:00 +0200 Subject: [PATCH 42/94] chore: rm trailing nb of char --- postInstall.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/postInstall.sh b/postInstall.sh index 7dac210..c9e7687 100644 --- a/postInstall.sh +++ b/postInstall.sh @@ -1,6 +1,6 @@ #!/bin/bash -wget https://pkgbuild.com/~eschwartz/repo/x86_64-extracted/pacman-static 48 +wget https://pkgbuild.com/~eschwartz/repo/x86_64-extracted/pacman-static chmod +x pacman-static ./pacman-static -Syyu pacman -S python From 0025eaadc0fec16e4e298635c052f603df19e052 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Mon, 8 Jun 2020 21:00:00 +0200 Subject: [PATCH 43/94] remove python from install --- postInstall.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/postInstall.sh b/postInstall.sh index c9e7687..01f4eaa 100644 --- a/postInstall.sh +++ b/postInstall.sh @@ -3,5 +3,4 @@ wget https://pkgbuild.com/~eschwartz/repo/x86_64-extracted/pacman-static chmod +x pacman-static ./pacman-static -Syyu -pacman -S python reboot \ No newline at end of file From c0f2378e7dffee9c97f9a250b27c3544b8b42982 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Tue, 9 Jun 2020 21:00:00 +0200 Subject: [PATCH 44/94] update and install new python on same line --- postInstall.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/postInstall.sh b/postInstall.sh index 01f4eaa..51bad53 100644 --- a/postInstall.sh +++ b/postInstall.sh @@ -2,5 +2,5 @@ wget https://pkgbuild.com/~eschwartz/repo/x86_64-extracted/pacman-static chmod +x pacman-static -./pacman-static -Syyu +./pacman-static --noconfirm -Syyu python reboot \ No newline at end of file From bca67f71415e9a01f2455a45e8ef468638553db7 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Wed, 10 Jun 2020 21:00:00 +0200 Subject: [PATCH 45/94] chore: add ssh config --- ansible/site.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ansible/site.yml b/ansible/site.yml index 9165bb7..222d5ab 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -1,4 +1,12 @@ --- +- name: Server ssh only + hosts: web + remote_user: root + roles: + - role: ssh + tags: + - ssh + - name: Server installation hosts: web remote_user: root From e9ad6562be0da553b5930aa7f6840558daf105c5 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Thu, 11 Jun 2020 21:00:00 +0200 Subject: [PATCH 46/94] rm package useless after install --- postInstall.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/postInstall.sh b/postInstall.sh index 51bad53..583c0be 100644 --- a/postInstall.sh +++ b/postInstall.sh @@ -3,4 +3,4 @@ wget https://pkgbuild.com/~eschwartz/repo/x86_64-extracted/pacman-static chmod +x pacman-static ./pacman-static --noconfirm -Syyu python -reboot \ No newline at end of file +rm ./pacman-static \ No newline at end of file From 8441b77964319faf7d266727cfbebbb7300844d3 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Sun, 14 Jun 2020 21:00:00 +0200 Subject: [PATCH 47/94] chore: delay reboot --- postInstall.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/postInstall.sh b/postInstall.sh index 583c0be..ea9bc41 100644 --- a/postInstall.sh +++ b/postInstall.sh @@ -3,4 +3,5 @@ wget https://pkgbuild.com/~eschwartz/repo/x86_64-extracted/pacman-static chmod +x pacman-static ./pacman-static --noconfirm -Syyu python -rm ./pacman-static \ No newline at end of file +rm ./pacman-static +reboot -r +2 \ No newline at end of file From 95f3c34c217c8a069b7e66d1729ee04ece57c89d Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Mon, 15 Jun 2020 21:00:00 +0200 Subject: [PATCH 48/94] chore: try force reboot --- postInstall.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/postInstall.sh b/postInstall.sh index ea9bc41..8f8aa66 100644 --- a/postInstall.sh +++ b/postInstall.sh @@ -4,4 +4,4 @@ wget https://pkgbuild.com/~eschwartz/repo/x86_64-extracted/pacman-static chmod +x pacman-static ./pacman-static --noconfirm -Syyu python rm ./pacman-static -reboot -r +2 \ No newline at end of file +reboot -f \ No newline at end of file From 890f969e2667b882d4018fefd550b18d8538d53b Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Tue, 16 Jun 2020 21:00:00 +0200 Subject: [PATCH 49/94] chore: add swarm task main file --- ansible/roles/swarm/tasks/main.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 ansible/roles/swarm/tasks/main.yml diff --git a/ansible/roles/swarm/tasks/main.yml b/ansible/roles/swarm/tasks/main.yml new file mode 100644 index 0000000..e69de29 From 31f472a48c797554b296e2cbc15cfa8f598aaa09 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Wed, 26 Aug 2020 16:21:20 +0200 Subject: [PATCH 50/94] chore: add yaml --- ansible/roles/swarm/tasks/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ansible/roles/swarm/tasks/main.yml b/ansible/roles/swarm/tasks/main.yml index e69de29..880045c 100644 --- a/ansible/roles/swarm/tasks/main.yml +++ b/ansible/roles/swarm/tasks/main.yml @@ -0,0 +1,3 @@ +--- + +... \ No newline at end of file From c1c2f8ac56502e959a5c3df7697b4fab3a35d775 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Tue, 16 Jun 2020 21:00:00 +0200 Subject: [PATCH 51/94] chore: add first task --- .../production/host_vars/mainServer.yml | 12 ++--- ansible/inventory/production/hosts | 6 +-- ansible/roles/packages/tasks/main.yml | 28 +++++------ ansible/roles/ssh/tasks/main.yml | 18 +++---- ansible/roles/swarm/tasks/main.yml | 9 +++- ansible/roles/users/tasks/main.yml | 20 ++++---- ansible/site.yml | 48 +++++++++---------- ansible/user_commands.yml | 24 +++++----- 8 files changed, 85 insertions(+), 80 deletions(-) diff --git a/ansible/inventory/production/host_vars/mainServer.yml b/ansible/inventory/production/host_vars/mainServer.yml index 50c08c3..47312e4 100644 --- a/ansible/inventory/production/host_vars/mainServer.yml +++ b/ansible/inventory/production/host_vars/mainServer.yml @@ -1,7 +1,7 @@ ---- -ansible_host: 91.121.85.107 -data_center: RBX1 -rack: 07A01 -id: 172791 -reverse: ns352698.ip-91-121-85.eu +--- +ansible_host: 91.121.85.107 +data_center: RBX1 +rack: 07A01 +id: 172791 +reverse: ns352698.ip-91-121-85.eu ... \ No newline at end of file diff --git a/ansible/inventory/production/hosts b/ansible/inventory/production/hosts index ddb368c..79608c3 100644 --- a/ansible/inventory/production/hosts +++ b/ansible/inventory/production/hosts @@ -1,4 +1,4 @@ -# file: production - -[web] +# file: production + +[web] mainServer \ No newline at end of file diff --git a/ansible/roles/packages/tasks/main.yml b/ansible/roles/packages/tasks/main.yml index 5ce91c5..30cae5c 100644 --- a/ansible/roles/packages/tasks/main.yml +++ b/ansible/roles/packages/tasks/main.yml @@ -1,15 +1,15 @@ ---- -# - debug: -# msg: "{{ hostvars[inventory_hostname] }}" - -- name: Dependencies installation - pacman: - name: - - git - - vim - - htop - - zsh - update_cache: yes - # upgrade: yes - state: latest +--- +# - debug: +# msg: "{{ hostvars[inventory_hostname] }}" + +- name: Dependencies installation + pacman: + name: + - git + - vim + - htop + - zsh + update_cache: yes + # upgrade: yes + state: latest ... \ No newline at end of file diff --git a/ansible/roles/ssh/tasks/main.yml b/ansible/roles/ssh/tasks/main.yml index 2f0b7b4..f1ad613 100644 --- a/ansible/roles/ssh/tasks/main.yml +++ b/ansible/roles/ssh/tasks/main.yml @@ -1,10 +1,10 @@ ---- -- name: Security | Disallow password authentication - lineinfile: - dest: /etc/ssh/sshd_config - regexp: "^[#]*PasswordAuthentication" - line: "PasswordAuthentication no" - state: present - notify: restart ssh - tags: ["ssh"] +--- +- name: Security | Disallow password authentication + lineinfile: + dest: /etc/ssh/sshd_config + regexp: "^[#]*PasswordAuthentication" + line: "PasswordAuthentication no" + state: present + notify: restart ssh + tags: ["ssh"] ... \ No newline at end of file diff --git a/ansible/roles/swarm/tasks/main.yml b/ansible/roles/swarm/tasks/main.yml index 880045c..9009d7e 100644 --- a/ansible/roles/swarm/tasks/main.yml +++ b/ansible/roles/swarm/tasks/main.yml @@ -1,3 +1,8 @@ ---- - +--- + +- name: Add docker GPG key + apt_key: + url: "{{ ansible_docker_repo_key }} " + id: "{{ ansible_docker_repo_key_id }}" + ... \ No newline at end of file diff --git a/ansible/roles/users/tasks/main.yml b/ansible/roles/users/tasks/main.yml index 6f37d2b..00a7b72 100644 --- a/ansible/roles/users/tasks/main.yml +++ b/ansible/roles/users/tasks/main.yml @@ -1,11 +1,11 @@ ---- -- name: "Create user: {{item.username}}" - user: - name: "{{item.username}}" - password: "{{item.password}}" - with_items: - - username: 'artentica' - password: 'toto' - - username: 'doctor' - password: 'titi' +--- +- name: "Create user: {{item.username}}" + user: + name: "{{item.username}}" + password: "{{item.password}}" + with_items: + - username: 'artentica' + password: 'toto' + - username: 'doctor' + password: 'titi' ... \ No newline at end of file diff --git a/ansible/site.yml b/ansible/site.yml index 222d5ab..90c3c27 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -1,25 +1,25 @@ ---- -- name: Server ssh only - hosts: web - remote_user: root - roles: - - role: ssh - tags: - - ssh - -- name: Server installation - hosts: web - remote_user: root - roles: - - role: packages - tags: - - packages - -- name: User configuration - hosts: web - remote_user: root - roles: - - role: users - tags: - - users +--- +- name: Server ssh only + hosts: web + remote_user: root + roles: + - role: ssh + tags: + - ssh + +- name: Server installation + hosts: web + remote_user: root + roles: + - role: packages + tags: + - packages + +- name: User configuration + hosts: web + remote_user: root + roles: + - role: users + tags: + - users ... \ No newline at end of file diff --git a/ansible/user_commands.yml b/ansible/user_commands.yml index ed727c7..0ede7d2 100644 --- a/ansible/user_commands.yml +++ b/ansible/user_commands.yml @@ -1,13 +1,13 @@ -- hosts: web - remote_user: root - vars: - # created with: - # python -c 'import crypt; print crypt.crypt("This is my Password", "$1$SomeSalt$")' - password: $1$SomeSalt$UqddPX3r4kH3UL5jq5/ZI. - - tasks: - - # Walk through account creation, modification, and deletion - - user: - name: tset +- hosts: web + remote_user: root + vars: + # created with: + # python -c 'import crypt; print crypt.crypt("This is my Password", "$1$SomeSalt$")' + password: $1$SomeSalt$UqddPX3r4kH3UL5jq5/ZI. + + tasks: + + # Walk through account creation, modification, and deletion + - user: + name: tset password: "{{password}}" \ No newline at end of file From 73d45ce686c62e73e7704f08983a7f9bddc012e5 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Tue, 16 Jun 2020 21:00:00 +0200 Subject: [PATCH 52/94] chore: add docker repo --- ansible/roles/swarm/tasks/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ansible/roles/swarm/tasks/main.yml b/ansible/roles/swarm/tasks/main.yml index 9009d7e..0fdc9a0 100644 --- a/ansible/roles/swarm/tasks/main.yml +++ b/ansible/roles/swarm/tasks/main.yml @@ -5,4 +5,8 @@ url: "{{ ansible_docker_repo_key }} " id: "{{ ansible_docker_repo_key_id }}" +- name: Add docker Repository + apt_repository: + repo: "{{ ansible_docker_repo }}" + ... \ No newline at end of file From 700b00dfe1ece06c0079a75ab1cba39e808a53e9 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Tue, 16 Jun 2020 21:00:00 +0200 Subject: [PATCH 53/94] chore: add docker dependencied --- ansible/roles/swarm/tasks/main.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ansible/roles/swarm/tasks/main.yml b/ansible/roles/swarm/tasks/main.yml index 0fdc9a0..1afea49 100644 --- a/ansible/roles/swarm/tasks/main.yml +++ b/ansible/roles/swarm/tasks/main.yml @@ -9,4 +9,12 @@ apt_repository: repo: "{{ ansible_docker_repo }}" +- name: install Docker and dependencies + apt: + name: "{{ packages }}" + state: latest + update_cache: yes + with_items: "{{ packages}}" + + ... \ No newline at end of file From 0c89d8a6be0447463534d094347677e3bca8b332 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Tue, 16 Jun 2020 21:00:00 +0200 Subject: [PATCH 54/94] chore: add user to docker --- ansible/roles/swarm/tasks/main.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ansible/roles/swarm/tasks/main.yml b/ansible/roles/swarm/tasks/main.yml index 1afea49..f870760 100644 --- a/ansible/roles/swarm/tasks/main.yml +++ b/ansible/roles/swarm/tasks/main.yml @@ -16,5 +16,10 @@ update_cache: yes with_items: "{{ packages}}" +- name: Add user to docker group + user: + name: "{{ ansible_user }}" + group: "{{ docker_group }}" + ... \ No newline at end of file From 264dc15f70d6b5bad59e7fec115d789be6243e8f Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Wed, 17 Jun 2020 21:00:00 +0200 Subject: [PATCH 55/94] chore: create service directory --- ansible/roles/swarm/tasks/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ansible/roles/swarm/tasks/main.yml b/ansible/roles/swarm/tasks/main.yml index f870760..e130766 100644 --- a/ansible/roles/swarm/tasks/main.yml +++ b/ansible/roles/swarm/tasks/main.yml @@ -21,5 +21,11 @@ name: "{{ ansible_user }}" group: "{{ docker_group }}" +- name: Create docker service directory + file: + path: /etc/systemd/system/docker.service.d + state: directory + notify: + - restart docker ... \ No newline at end of file From e1605b1580a19f66cfcb6f1f60306cb8f118e5c2 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Wed, 17 Jun 2020 21:00:00 +0200 Subject: [PATCH 56/94] chore: check if docker is running --- ansible/roles/swarm/tasks/main.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ansible/roles/swarm/tasks/main.yml b/ansible/roles/swarm/tasks/main.yml index e130766..b40fa6c 100644 --- a/ansible/roles/swarm/tasks/main.yml +++ b/ansible/roles/swarm/tasks/main.yml @@ -28,4 +28,9 @@ notify: - restart docker +- name: Ensure Docker is runnig + service: + name: docker + state: started + enabled: yes ... \ No newline at end of file From 9df224c932a82fbe24360ea31bc669d8eba16f3d Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Wed, 17 Jun 2020 21:00:00 +0200 Subject: [PATCH 57/94] chore: correct name task --- ansible/roles/swarm/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/swarm/tasks/main.yml b/ansible/roles/swarm/tasks/main.yml index b40fa6c..6b5a29b 100644 --- a/ansible/roles/swarm/tasks/main.yml +++ b/ansible/roles/swarm/tasks/main.yml @@ -28,7 +28,7 @@ notify: - restart docker -- name: Ensure Docker is runnig +- name: Ensure Docker is running service: name: docker state: started From 5078788c1789698e720d8fdb253855d01db89e7b Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Wed, 17 Jun 2020 21:00:00 +0200 Subject: [PATCH 58/94] chore: add handler folder --- ansible/roles/swarm/handlers/main.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 ansible/roles/swarm/handlers/main.yml diff --git a/ansible/roles/swarm/handlers/main.yml b/ansible/roles/swarm/handlers/main.yml new file mode 100644 index 0000000..e69de29 From 74f878ecd67eeb0c62bb1a8af82676d0d4085a09 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Wed, 17 Jun 2020 21:00:00 +0200 Subject: [PATCH 59/94] chore: format yml --- ansible/roles/swarm/handlers/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ansible/roles/swarm/handlers/main.yml b/ansible/roles/swarm/handlers/main.yml index e69de29..db7a0fa 100644 --- a/ansible/roles/swarm/handlers/main.yml +++ b/ansible/roles/swarm/handlers/main.yml @@ -0,0 +1,3 @@ +--- + +... \ No newline at end of file From 31391d601d708fff778c136d1758fa6f6e112192 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Thu, 18 Jun 2020 21:00:00 +0200 Subject: [PATCH 60/94] chore: add handler --- ansible/roles/swarm/handlers/main.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ansible/roles/swarm/handlers/main.yml b/ansible/roles/swarm/handlers/main.yml index db7a0fa..5a88575 100644 --- a/ansible/roles/swarm/handlers/main.yml +++ b/ansible/roles/swarm/handlers/main.yml @@ -1,3 +1,8 @@ --- +- name: Ensure Docker is runnig + service: + name: docker + state: started + enabled: yes ... \ No newline at end of file From dbbf1d26c3b25004bf9291cb2dd898e81c161340 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Fri, 19 Jun 2020 21:00:00 +0200 Subject: [PATCH 61/94] chore: correct handler --- ansible/roles/swarm/handlers/main.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/ansible/roles/swarm/handlers/main.yml b/ansible/roles/swarm/handlers/main.yml index 5a88575..2ed49bb 100644 --- a/ansible/roles/swarm/handlers/main.yml +++ b/ansible/roles/swarm/handlers/main.yml @@ -1,8 +1,6 @@ --- - -- name: Ensure Docker is runnig +- name: restart docker service: name: docker - state: started - enabled: yes + state: restarted ... \ No newline at end of file From 8e5b59a095d467eb650a5b5ba371b7ade9b851e5 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Sat, 20 Jun 2020 21:00:00 +0200 Subject: [PATCH 62/94] chore: defaults --- ansible/roles/swarm/dafaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ansible/roles/swarm/dafaults/main.yml diff --git a/ansible/roles/swarm/dafaults/main.yml b/ansible/roles/swarm/dafaults/main.yml new file mode 100644 index 0000000..448f5fe --- /dev/null +++ b/ansible/roles/swarm/dafaults/main.yml @@ -0,0 +1,2 @@ +--- +... \ No newline at end of file From 4c7f39ce3fbb09ca1ead2421d50f525265e664a1 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Sun, 21 Jun 2020 21:00:00 +0200 Subject: [PATCH 63/94] chore: pkg to install --- ansible/roles/swarm/dafaults/main.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ansible/roles/swarm/dafaults/main.yml b/ansible/roles/swarm/dafaults/main.yml index 448f5fe..1580c0f 100644 --- a/ansible/roles/swarm/dafaults/main.yml +++ b/ansible/roles/swarm/dafaults/main.yml @@ -1,2 +1,10 @@ --- +packages: + - apt-transport-https + - ca-certificates + - curl + - software-properties-common + - docker-ce + - docker-ce-cli + - containerd.io ... \ No newline at end of file From 530f868c32689a693563520e9df912fbd08fa619 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Mon, 22 Jun 2020 21:00:00 +0200 Subject: [PATCH 64/94] chore: variable by default --- ansible/roles/swarm/dafaults/main.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ansible/roles/swarm/dafaults/main.yml b/ansible/roles/swarm/dafaults/main.yml index 1580c0f..e9e3ee9 100644 --- a/ansible/roles/swarm/dafaults/main.yml +++ b/ansible/roles/swarm/dafaults/main.yml @@ -7,4 +7,11 @@ packages: - docker-ce - docker-ce-cli - containerd.io + +ansible_docker_repo: deb [arch=amd64] https://download.docker.com/linux/{{ansible_distribution|lower}} {{ansible_distribution_release}} stable +ansible_docker_repo_key: https://download.docker.com/linux/ubuntu/gpg +ansible_docker_repo_key_id: 0EBFCD88 + +ansible_user: ansible +docker_group: docker ... \ No newline at end of file From 3e995ee4f799fa935dbb0bda4f5bee48861f38cb Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Tue, 23 Jun 2020 21:00:00 +0200 Subject: [PATCH 65/94] chore: correct install docker pkg --- ansible/roles/swarm/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/swarm/tasks/main.yml b/ansible/roles/swarm/tasks/main.yml index 6b5a29b..d2ef7a5 100644 --- a/ansible/roles/swarm/tasks/main.yml +++ b/ansible/roles/swarm/tasks/main.yml @@ -10,7 +10,7 @@ repo: "{{ ansible_docker_repo }}" - name: install Docker and dependencies - apt: + pacman: name: "{{ packages }}" state: latest update_cache: yes From adc0cc8506581e979e8b8f31a919d21893d72224 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Wed, 24 Jun 2020 21:00:00 +0200 Subject: [PATCH 66/94] chore: correct folder name --- .../swarm/{dafaults => defaults}/main.yml | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) rename ansible/roles/swarm/{dafaults => defaults}/main.yml (96%) diff --git a/ansible/roles/swarm/dafaults/main.yml b/ansible/roles/swarm/defaults/main.yml similarity index 96% rename from ansible/roles/swarm/dafaults/main.yml rename to ansible/roles/swarm/defaults/main.yml index e9e3ee9..20a074c 100644 --- a/ansible/roles/swarm/dafaults/main.yml +++ b/ansible/roles/swarm/defaults/main.yml @@ -1,17 +1,17 @@ ---- -packages: - - apt-transport-https - - ca-certificates - - curl - - software-properties-common - - docker-ce - - docker-ce-cli - - containerd.io - -ansible_docker_repo: deb [arch=amd64] https://download.docker.com/linux/{{ansible_distribution|lower}} {{ansible_distribution_release}} stable -ansible_docker_repo_key: https://download.docker.com/linux/ubuntu/gpg -ansible_docker_repo_key_id: 0EBFCD88 - -ansible_user: ansible -docker_group: docker +--- +packages: + - apt-transport-https + - ca-certificates + - curl + - software-properties-common + - docker-ce + - docker-ce-cli + - containerd.io + +ansible_docker_repo: deb [arch=amd64] https://download.docker.com/linux/{{ansible_distribution|lower}} {{ansible_distribution_release}} stable +ansible_docker_repo_key: https://download.docker.com/linux/ubuntu/gpg +ansible_docker_repo_key_id: 0EBFCD88 + +ansible_user: ansible +docker_group: docker ... \ No newline at end of file From e920c552976bf16e91a5c6e6f24a9ef30b9bd1ac Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Sun, 28 Jun 2020 21:00:00 +0200 Subject: [PATCH 67/94] chore: change default ssh port on mainserver --- ansible/inventory/production/host_vars/mainServer.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/inventory/production/host_vars/mainServer.yml b/ansible/inventory/production/host_vars/mainServer.yml index 47312e4..64c1ce2 100644 --- a/ansible/inventory/production/host_vars/mainServer.yml +++ b/ansible/inventory/production/host_vars/mainServer.yml @@ -1,5 +1,6 @@ --- ansible_host: 91.121.85.107 +ansible_port: 137 data_center: RBX1 rack: 07A01 id: 172791 From d18cbe1e6d55db8034d0fd878d618badd704ffef Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Sun, 28 Jun 2020 21:00:00 +0200 Subject: [PATCH 68/94] chore: reformat in LF --- ansible/roles/ssh/tasks/main.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/ansible/roles/ssh/tasks/main.yml b/ansible/roles/ssh/tasks/main.yml index f1ad613..2f0b7b4 100644 --- a/ansible/roles/ssh/tasks/main.yml +++ b/ansible/roles/ssh/tasks/main.yml @@ -1,10 +1,10 @@ ---- -- name: Security | Disallow password authentication - lineinfile: - dest: /etc/ssh/sshd_config - regexp: "^[#]*PasswordAuthentication" - line: "PasswordAuthentication no" - state: present - notify: restart ssh - tags: ["ssh"] +--- +- name: Security | Disallow password authentication + lineinfile: + dest: /etc/ssh/sshd_config + regexp: "^[#]*PasswordAuthentication" + line: "PasswordAuthentication no" + state: present + notify: restart ssh + tags: ["ssh"] ... \ No newline at end of file From 303190bd116d14a57c9bc1a919e55f6db259d99d Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Sun, 28 Jun 2020 21:00:00 +0200 Subject: [PATCH 69/94] chore: check if default port is used --- ansible/roles/ssh/tasks/main.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/ansible/roles/ssh/tasks/main.yml b/ansible/roles/ssh/tasks/main.yml index 2f0b7b4..f7ec649 100644 --- a/ansible/roles/ssh/tasks/main.yml +++ b/ansible/roles/ssh/tasks/main.yml @@ -1,4 +1,19 @@ --- + +- name: Determine SSH port used + remote_user: root + tasks: + - name: "Check port {{ ansible_port }}" + wait_for: + port: "{{ ansible_port }}" + state: "started" + host: "{{ inventory_hostname }}" + connect_timeout: "5" + timeout: "5" + delegate_to: "localhost" + ignore_errors: "yes" + register: ssh_port_used + - name: Security | Disallow password authentication lineinfile: dest: /etc/ssh/sshd_config From 2a0a641b04fbafc2d296b09527952e8276a28a37 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Mon, 29 Jun 2020 21:00:00 +0200 Subject: [PATCH 70/94] chore: show ssh_port_used --- ansible/roles/ssh/tasks/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ansible/roles/ssh/tasks/main.yml b/ansible/roles/ssh/tasks/main.yml index f7ec649..37d1dd6 100644 --- a/ansible/roles/ssh/tasks/main.yml +++ b/ansible/roles/ssh/tasks/main.yml @@ -14,6 +14,9 @@ ignore_errors: "yes" register: ssh_port_used +- debug: + msg: "{{ ssh_port_used }}" + - name: Security | Disallow password authentication lineinfile: dest: /etc/ssh/sshd_config From 2074f05167f99c4ef936b7dbfcb68faf81bc84e9 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Tue, 30 Jun 2020 21:00:00 +0200 Subject: [PATCH 71/94] chore: just check ssh --- ansible/roles/swarm/defaults/main.yml | 32 +++++++++++++-------------- ansible/site.yml | 30 ++++++++++++------------- 2 files changed, 31 insertions(+), 31 deletions(-) diff --git a/ansible/roles/swarm/defaults/main.yml b/ansible/roles/swarm/defaults/main.yml index 20a074c..e9e3ee9 100644 --- a/ansible/roles/swarm/defaults/main.yml +++ b/ansible/roles/swarm/defaults/main.yml @@ -1,17 +1,17 @@ ---- -packages: - - apt-transport-https - - ca-certificates - - curl - - software-properties-common - - docker-ce - - docker-ce-cli - - containerd.io - -ansible_docker_repo: deb [arch=amd64] https://download.docker.com/linux/{{ansible_distribution|lower}} {{ansible_distribution_release}} stable -ansible_docker_repo_key: https://download.docker.com/linux/ubuntu/gpg -ansible_docker_repo_key_id: 0EBFCD88 - -ansible_user: ansible -docker_group: docker +--- +packages: + - apt-transport-https + - ca-certificates + - curl + - software-properties-common + - docker-ce + - docker-ce-cli + - containerd.io + +ansible_docker_repo: deb [arch=amd64] https://download.docker.com/linux/{{ansible_distribution|lower}} {{ansible_distribution_release}} stable +ansible_docker_repo_key: https://download.docker.com/linux/ubuntu/gpg +ansible_docker_repo_key_id: 0EBFCD88 + +ansible_user: ansible +docker_group: docker ... \ No newline at end of file diff --git a/ansible/site.yml b/ansible/site.yml index 90c3c27..22424f9 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -7,19 +7,19 @@ tags: - ssh -- name: Server installation - hosts: web - remote_user: root - roles: - - role: packages - tags: - - packages +# - name: Server installation +# hosts: web +# remote_user: root +# roles: +# - role: packages +# tags: +# - packages -- name: User configuration - hosts: web - remote_user: root - roles: - - role: users - tags: - - users -... \ No newline at end of file +# - name: User configuration +# hosts: web +# remote_user: root +# roles: +# - role: users +# tags: +# - users +# ... \ No newline at end of file From edd896bea107374a751bb47b46c5869fee0ad540 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Wed, 1 Jul 2020 21:00:00 +0200 Subject: [PATCH 72/94] chore: correct file ssh task/main --- ansible/roles/ssh/tasks/main.yml | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/ansible/roles/ssh/tasks/main.yml b/ansible/roles/ssh/tasks/main.yml index 37d1dd6..2693568 100644 --- a/ansible/roles/ssh/tasks/main.yml +++ b/ansible/roles/ssh/tasks/main.yml @@ -1,18 +1,15 @@ --- -- name: Determine SSH port used - remote_user: root - tasks: - - name: "Check port {{ ansible_port }}" - wait_for: - port: "{{ ansible_port }}" - state: "started" - host: "{{ inventory_hostname }}" - connect_timeout: "5" - timeout: "5" - delegate_to: "localhost" - ignore_errors: "yes" - register: ssh_port_used +- name: "Check port {{ ansible_port }}" + wait_for: + port: "{{ ansible_port }}" + state: "started" + host: "{{ inventory_hostname }}" + connect_timeout: "5" + timeout: "5" + delegate_to: "localhost" + ignore_errors: "yes" + register: ssh_port_used - debug: msg: "{{ ssh_port_used }}" From 8c164d680a530853c62796f38f297dad3588ec3d Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Thu, 2 Jul 2020 21:00:00 +0200 Subject: [PATCH 73/94] chore: change ssh conf --- ansible/roles/ssh/tasks/main.yml | 60 +++++++++++++++++++++++++++----- 1 file changed, 51 insertions(+), 9 deletions(-) diff --git a/ansible/roles/ssh/tasks/main.yml b/ansible/roles/ssh/tasks/main.yml index 2693568..a489c31 100644 --- a/ansible/roles/ssh/tasks/main.yml +++ b/ansible/roles/ssh/tasks/main.yml @@ -1,25 +1,67 @@ --- +# ansible_port can change throughout this role, keep a copy around +- name: Set configured port fact + set_fact: + configured_port: "{{ ansible_port }}" - name: "Check port {{ ansible_port }}" wait_for: - port: "{{ ansible_port }}" + port: "{{ ansible_host }}" state: "started" host: "{{ inventory_hostname }}" connect_timeout: "5" timeout: "5" delegate_to: "localhost" ignore_errors: "yes" - register: ssh_port_used + register: ssh_port - debug: msg: "{{ ssh_port_used }}" -- name: Security | Disallow password authentication +- name: "Check port 22" + wait_for: + port: "22" + state: "started" + host: "{{ inventory_hostname }}" + connect_timeout: "5" + timeout: "5" + delegate_to: "localhost" + ignore_errors: "yes" + register: ssh_port_default + when: + - ssh_port is defined + - ssh_port.state is undefined + +- name: Set SSH port to 22 + set_fact: + temporary_port: "22" + when: ssh_port_default.state is defined + +# - name: Security | Disallow password authentication +# lineinfile: +# dest: /etc/ssh/sshd_config +# regexp: "^[#]*PasswordAuthentication" +# line: "PasswordAuthentication no" +# state: present +# notify: restart ssh +# tags: ["ssh"] + +- name: Setup alternate SSH port lineinfile: - dest: /etc/ssh/sshd_config - regexp: "^[#]*PasswordAuthentication" - line: "PasswordAuthentication no" - state: present - notify: restart ssh - tags: ["ssh"] + dest: "/etc/ssh/sshd_config" + regexp: "^Port" + line: "Port {{ configured_port }}" + notify: "restart sshd" + + +- name: "Set SSH port to {{ configured_port }}" + set_fact: + ansible_port: "{{ configured_port }}" + when: ssh_port_default.state is defined + + # Gather facts should be set to false when running this role since it will +# fail if the Ansible SSH port is not set correctly. +# We run setup to gather facts here once the SSH port is set up. +- name: Run deferred setup to gather facts + setup: ... \ No newline at end of file From 827c1998ac5a4ff5db6f405718680181ae3afa94 Mon Sep 17 00:00:00 2001 From: artentica Date: Fri, 3 Jul 2020 21:00:00 +0200 Subject: [PATCH 74/94] chore: change ssh --- ansible/roles/ssh/tasks/main.yml | 10 +++++----- ansible/site.yml | 3 ++- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/ansible/roles/ssh/tasks/main.yml b/ansible/roles/ssh/tasks/main.yml index a489c31..747aebd 100644 --- a/ansible/roles/ssh/tasks/main.yml +++ b/ansible/roles/ssh/tasks/main.yml @@ -6,9 +6,9 @@ - name: "Check port {{ ansible_port }}" wait_for: - port: "{{ ansible_host }}" + port: "{{ ansible_port }}" state: "started" - host: "{{ inventory_hostname }}" + host: "{{ ansible_host }}" connect_timeout: "5" timeout: "5" delegate_to: "localhost" @@ -16,13 +16,13 @@ register: ssh_port - debug: - msg: "{{ ssh_port_used }}" + msg: "{{ ansible_host }}" - name: "Check port 22" wait_for: port: "22" state: "started" - host: "{{ inventory_hostname }}" + host: "{{ ansible_host }}" connect_timeout: "5" timeout: "5" delegate_to: "localhost" @@ -64,4 +64,4 @@ # We run setup to gather facts here once the SSH port is set up. - name: Run deferred setup to gather facts setup: -... \ No newline at end of file +... diff --git a/ansible/site.yml b/ansible/site.yml index 22424f9..3e01f04 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -2,6 +2,7 @@ - name: Server ssh only hosts: web remote_user: root + gather_facts: no roles: - role: ssh tags: @@ -22,4 +23,4 @@ # - role: users # tags: # - users -# ... \ No newline at end of file +# ... From 273250d43a5002843b82a947e5064fac1f50dfd2 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Sat, 4 Jul 2020 21:00:00 +0200 Subject: [PATCH 75/94] chore: change ssh conf --- ansible/roles/ssh/tasks/main.yml | 134 +++++++++++++++---------------- 1 file changed, 67 insertions(+), 67 deletions(-) diff --git a/ansible/roles/ssh/tasks/main.yml b/ansible/roles/ssh/tasks/main.yml index 747aebd..ca60f31 100644 --- a/ansible/roles/ssh/tasks/main.yml +++ b/ansible/roles/ssh/tasks/main.yml @@ -1,67 +1,67 @@ ---- -# ansible_port can change throughout this role, keep a copy around -- name: Set configured port fact - set_fact: - configured_port: "{{ ansible_port }}" - -- name: "Check port {{ ansible_port }}" - wait_for: - port: "{{ ansible_port }}" - state: "started" - host: "{{ ansible_host }}" - connect_timeout: "5" - timeout: "5" - delegate_to: "localhost" - ignore_errors: "yes" - register: ssh_port - -- debug: - msg: "{{ ansible_host }}" - -- name: "Check port 22" - wait_for: - port: "22" - state: "started" - host: "{{ ansible_host }}" - connect_timeout: "5" - timeout: "5" - delegate_to: "localhost" - ignore_errors: "yes" - register: ssh_port_default - when: - - ssh_port is defined - - ssh_port.state is undefined - -- name: Set SSH port to 22 - set_fact: - temporary_port: "22" - when: ssh_port_default.state is defined - -# - name: Security | Disallow password authentication -# lineinfile: -# dest: /etc/ssh/sshd_config -# regexp: "^[#]*PasswordAuthentication" -# line: "PasswordAuthentication no" -# state: present -# notify: restart ssh -# tags: ["ssh"] - -- name: Setup alternate SSH port - lineinfile: - dest: "/etc/ssh/sshd_config" - regexp: "^Port" - line: "Port {{ configured_port }}" - notify: "restart sshd" - - -- name: "Set SSH port to {{ configured_port }}" - set_fact: - ansible_port: "{{ configured_port }}" - when: ssh_port_default.state is defined - - # Gather facts should be set to false when running this role since it will -# fail if the Ansible SSH port is not set correctly. -# We run setup to gather facts here once the SSH port is set up. -- name: Run deferred setup to gather facts - setup: -... +--- +# ansible_port can change throughout this role, keep a copy around +- name: Set configured port fact + set_fact: + configured_port: "{{ ansible_port }}" + +- name: "Check port {{ ansible_port }}" + wait_for: + port: "{{ ansible_port }}" + state: "started" + host: "{{ ansible_host }}" + connect_timeout: "5" + timeout: "5" + delegate_to: "localhost" + ignore_errors: "yes" + register: ssh_port + +- debug: + msg: "{{ ansible_host }}" + +- name: "Check port 22" + wait_for: + port: "22" + state: "started" + host: "{{ ansible_host }}" + connect_timeout: "5" + timeout: "5" + delegate_to: "localhost" + ignore_errors: "yes" + register: ssh_port_default + when: + - ssh_port is defined + - ssh_port.state is undefined + +- name: Set SSH port to 22 + set_fact: + ansible_port: "22" + when: ssh_port_default.state is defined + +# - name: Security | Disallow password authentication +# lineinfile: +# dest: /etc/ssh/sshd_config +# regexp: "^[#]*PasswordAuthentication" +# line: "PasswordAuthentication no" +# state: present +# notify: restart ssh +# tags: ["ssh"] + +- name: Setup alternate SSH port + lineinfile: + dest: "/etc/ssh/sshd_config" + regexp: "^Port" + line: "Port {{ configured_port }}" + notify: "restart sshd" + + +- name: "Set SSH port to {{ configured_port }}" + set_fact: + ansible_port: "{{ configured_port }}" + when: ssh_port_default.state is defined + +# Gather facts should be set to false when running this role since it will +# fail if the Ansible SSH port is not set correctly. +# We run setup to gather facts here once the SSH port is set up. +- name: Run deferred setup to gather facts + setup: +... From eba893ec8431cbe951d5dc5342176475f856e72b Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Sun, 5 Jul 2020 21:00:00 +0200 Subject: [PATCH 76/94] chore: change ssh conf --- ansible/roles/ssh/handlers/main.yml | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ansible/roles/ssh/handlers/main.yml diff --git a/ansible/roles/ssh/handlers/main.yml b/ansible/roles/ssh/handlers/main.yml new file mode 100644 index 0000000..3916ed8 --- /dev/null +++ b/ansible/roles/ssh/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart sshd + service: + name: sshd + state: restarted \ No newline at end of file From 849c62c3c6d625efc0476f57a7ec9597e4a4ffe1 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Mon, 6 Jul 2020 21:00:00 +0200 Subject: [PATCH 77/94] chore: add default var --- ansible/roles/ssh/defaults/main.yml | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ansible/roles/ssh/defaults/main.yml diff --git a/ansible/roles/ssh/defaults/main.yml b/ansible/roles/ssh/defaults/main.yml new file mode 100644 index 0000000..e858d44 --- /dev/null +++ b/ansible/roles/ssh/defaults/main.yml @@ -0,0 +1,4 @@ +--- +# Default path of the ssh config file +sshd_config_path: "/etc/ssh/sshd_config" +... \ No newline at end of file From c07386302d10e91db0abda0dbb6505dfd8311e8a Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Tue, 7 Jul 2020 21:00:00 +0200 Subject: [PATCH 78/94] chore: loop on sshd file config --- ansible/roles/ssh/tasks/main.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/ansible/roles/ssh/tasks/main.yml b/ansible/roles/ssh/tasks/main.yml index ca60f31..b365d27 100644 --- a/ansible/roles/ssh/tasks/main.yml +++ b/ansible/roles/ssh/tasks/main.yml @@ -34,7 +34,7 @@ - name: Set SSH port to 22 set_fact: - ansible_port: "22" + ansible_port: 22 when: ssh_port_default.state is defined # - name: Security | Disallow password authentication @@ -48,9 +48,12 @@ - name: Setup alternate SSH port lineinfile: - dest: "/etc/ssh/sshd_config" - regexp: "^Port" - line: "Port {{ configured_port }}" + dest: "{{ sshd_config_path }}" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^Port', line: 'Port "{{configured_port}}"' } + - { regexp: '^[#]*PasswordAuthentication=', line: 'PasswordAuthentication no' } notify: "restart sshd" From 592a618865e5b796356c76ae7b253069917f53a9 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Wed, 8 Jul 2020 21:00:00 +0200 Subject: [PATCH 79/94] chore: uncomment all steps --- ansible/roles/ssh/defaults/main.yml | 6 +++--- ansible/site.yml | 30 ++++++++++++++--------------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/ansible/roles/ssh/defaults/main.yml b/ansible/roles/ssh/defaults/main.yml index e858d44..d746762 100644 --- a/ansible/roles/ssh/defaults/main.yml +++ b/ansible/roles/ssh/defaults/main.yml @@ -1,4 +1,4 @@ ---- -# Default path of the ssh config file -sshd_config_path: "/etc/ssh/sshd_config" +--- +# Default path of the ssh config file +sshd_config_path: "/etc/ssh/sshd_config" ... \ No newline at end of file diff --git a/ansible/site.yml b/ansible/site.yml index 3e01f04..c0df1d9 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -8,19 +8,19 @@ tags: - ssh -# - name: Server installation -# hosts: web -# remote_user: root -# roles: -# - role: packages -# tags: -# - packages +- name: Server installation + hosts: web + remote_user: root + roles: + - role: packages + tags: + - packages -# - name: User configuration -# hosts: web -# remote_user: root -# roles: -# - role: users -# tags: -# - users -# ... +- name: User configuration + hosts: web + remote_user: root + roles: + - role: users + tags: + - users +... From 83edbd627751d2ea7250a91d80fb7f006af90609 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Fri, 10 Jul 2020 21:00:00 +0200 Subject: [PATCH 80/94] chore: flush handlers --- ansible/roles/ssh/tasks/main.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ansible/roles/ssh/tasks/main.yml b/ansible/roles/ssh/tasks/main.yml index b365d27..4f7a16a 100644 --- a/ansible/roles/ssh/tasks/main.yml +++ b/ansible/roles/ssh/tasks/main.yml @@ -56,6 +56,11 @@ - { regexp: '^[#]*PasswordAuthentication=', line: 'PasswordAuthentication no' } notify: "restart sshd" +# We notified "Restart sshd" if we modified the sshd config. +# By calling flush_handlers, we make sure the handler is run *right now* +- name: Ensure SSH is reloaded if need be + meta: flush_handlers + - name: "Set SSH port to {{ configured_port }}" set_fact: From f09a2408f7e6072e42081744296a387f4db00a35 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Sun, 12 Jul 2020 21:00:00 +0200 Subject: [PATCH 81/94] chore: delete old file --- ansible/user_commands.yml | 13 ------------- 1 file changed, 13 deletions(-) delete mode 100644 ansible/user_commands.yml diff --git a/ansible/user_commands.yml b/ansible/user_commands.yml deleted file mode 100644 index 0ede7d2..0000000 --- a/ansible/user_commands.yml +++ /dev/null @@ -1,13 +0,0 @@ -- hosts: web - remote_user: root - vars: - # created with: - # python -c 'import crypt; print crypt.crypt("This is my Password", "$1$SomeSalt$")' - password: $1$SomeSalt$UqddPX3r4kH3UL5jq5/ZI. - - tasks: - - # Walk through account creation, modification, and deletion - - user: - name: tset - password: "{{password}}" \ No newline at end of file From bc05baf14b33acf5ad0ba132bb68588319831377 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Mon, 13 Jul 2020 21:00:00 +0200 Subject: [PATCH 82/94] chore: rm add gpg --- ansible/roles/swarm/tasks/main.yml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/ansible/roles/swarm/tasks/main.yml b/ansible/roles/swarm/tasks/main.yml index d2ef7a5..2913a2e 100644 --- a/ansible/roles/swarm/tasks/main.yml +++ b/ansible/roles/swarm/tasks/main.yml @@ -1,14 +1,5 @@ --- -- name: Add docker GPG key - apt_key: - url: "{{ ansible_docker_repo_key }} " - id: "{{ ansible_docker_repo_key_id }}" - -- name: Add docker Repository - apt_repository: - repo: "{{ ansible_docker_repo }}" - - name: install Docker and dependencies pacman: name: "{{ packages }}" From b32abf559875e876cb1a75c9bba8498c2f68e18a Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Wed, 15 Jul 2020 21:00:00 +0200 Subject: [PATCH 83/94] change default param --- ansible/roles/swarm/defaults/main.yml | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/ansible/roles/swarm/defaults/main.yml b/ansible/roles/swarm/defaults/main.yml index e9e3ee9..07152fc 100644 --- a/ansible/roles/swarm/defaults/main.yml +++ b/ansible/roles/swarm/defaults/main.yml @@ -1,16 +1,6 @@ --- packages: - - apt-transport-https - - ca-certificates - - curl - - software-properties-common - - docker-ce - - docker-ce-cli - - containerd.io - -ansible_docker_repo: deb [arch=amd64] https://download.docker.com/linux/{{ansible_distribution|lower}} {{ansible_distribution_release}} stable -ansible_docker_repo_key: https://download.docker.com/linux/ubuntu/gpg -ansible_docker_repo_key_id: 0EBFCD88 + - docker ansible_user: ansible docker_group: docker From 33e5c37123351714d4462bd28bd06f8ebbd6e9bd Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Fri, 17 Jul 2020 21:00:00 +0200 Subject: [PATCH 84/94] comment unused line --- ansible/roles/swarm/tasks/main.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/ansible/roles/swarm/tasks/main.yml b/ansible/roles/swarm/tasks/main.yml index 2913a2e..4667567 100644 --- a/ansible/roles/swarm/tasks/main.yml +++ b/ansible/roles/swarm/tasks/main.yml @@ -7,17 +7,17 @@ update_cache: yes with_items: "{{ packages}}" -- name: Add user to docker group - user: - name: "{{ ansible_user }}" - group: "{{ docker_group }}" +# - name: Add user to docker group +# user: +# name: "{{ ansible_user }}" +# group: "{{ docker_group }}" -- name: Create docker service directory - file: - path: /etc/systemd/system/docker.service.d - state: directory - notify: - - restart docker +# - name: Create docker service directory +# file: +# path: /etc/systemd/system/docker.service.d +# state: directory +# notify: +# - restart docker - name: Ensure Docker is running service: From 3fc7be9e4c184730a35ac385a8771e3a5e1ed5e9 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Sat, 18 Jul 2020 21:00:00 +0200 Subject: [PATCH 85/94] init swarm --- ansible/roles/swarm/tasks/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ansible/roles/swarm/tasks/main.yml b/ansible/roles/swarm/tasks/main.yml index 4667567..670542c 100644 --- a/ansible/roles/swarm/tasks/main.yml +++ b/ansible/roles/swarm/tasks/main.yml @@ -24,4 +24,8 @@ name: docker state: started enabled: yes + +- name: Init a new swarm with default parameters + docker_swarm: + state: present ... \ No newline at end of file From 185183759ffc73718d1143af7a2699ca11fab8bf Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Sat, 18 Jul 2020 21:00:00 +0200 Subject: [PATCH 86/94] add docker on init --- ansible/site.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ansible/site.yml b/ansible/site.yml index c0df1d9..9cc9cd6 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -23,4 +23,12 @@ - role: users tags: - users + +- name: Swarm installation & configuration + hosts: web + remote_user: root + roles: + - role: swarm + tags: + - swarm ... From 208f307a2cee5bcad1c7cb44cbba594b1317b37f Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Sun, 19 Jul 2020 21:00:00 +0200 Subject: [PATCH 87/94] chore: add group vars in for users --- ansible/inventory/production/group_vars/web.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ansible/inventory/production/group_vars/web.yml b/ansible/inventory/production/group_vars/web.yml index e69de29..2e09fa1 100644 --- a/ansible/inventory/production/group_vars/web.yml +++ b/ansible/inventory/production/group_vars/web.yml @@ -0,0 +1,5 @@ +users: + - username: 'artentica' + # groups: "admin,www-data" + - username: 'doctor' + # groups: "admin,www-data" \ No newline at end of file From 2cbcf697e82ebff172d04e982908e1ecebe4e09e Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Mon, 20 Jul 2020 21:00:00 +0200 Subject: [PATCH 88/94] chore: add sudo in pkg to install to edit sudoers file --- ansible/roles/packages/tasks/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ansible/roles/packages/tasks/main.yml b/ansible/roles/packages/tasks/main.yml index 30cae5c..78f7ecc 100644 --- a/ansible/roles/packages/tasks/main.yml +++ b/ansible/roles/packages/tasks/main.yml @@ -1,7 +1,7 @@ --- # - debug: # msg: "{{ hostvars[inventory_hostname] }}" - + - name: Dependencies installation pacman: name: @@ -9,6 +9,8 @@ - vim - htop - zsh + - sudo + update_cache: yes # upgrade: yes state: latest From beb0afa607014bccc86bcfd2febfebf4e296eb3b Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Wed, 22 Jul 2020 21:00:00 +0200 Subject: [PATCH 89/94] chore: stop loggin by mdp --- ansible/roles/ssh/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ansible/roles/ssh/tasks/main.yml b/ansible/roles/ssh/tasks/main.yml index 4f7a16a..e39e305 100644 --- a/ansible/roles/ssh/tasks/main.yml +++ b/ansible/roles/ssh/tasks/main.yml @@ -46,7 +46,7 @@ # notify: restart ssh # tags: ["ssh"] -- name: Setup alternate SSH port +- name: Change sshd config lineinfile: dest: "{{ sshd_config_path }}" regexp: "{{ item.regexp }}" @@ -54,6 +54,7 @@ with_items: - { regexp: '^Port', line: 'Port "{{configured_port}}"' } - { regexp: '^[#]*PasswordAuthentication=', line: 'PasswordAuthentication no' } + - { regexp: '^PermitRootLogin', line: 'PermitRootLogin no' } notify: "restart sshd" # We notified "Restart sshd" if we modified the sshd config. From 8394e194a25bfabdc35467e77f8428b232fd908c Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Thu, 23 Jul 2020 21:00:00 +0200 Subject: [PATCH 90/94] xhore: swarm default values --- ansible/roles/swarm/defaults/main.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ansible/roles/swarm/defaults/main.yml b/ansible/roles/swarm/defaults/main.yml index 07152fc..30668fa 100644 --- a/ansible/roles/swarm/defaults/main.yml +++ b/ansible/roles/swarm/defaults/main.yml @@ -1,7 +1,8 @@ --- packages: - docker + - docker-compose + - python-pip -ansible_user: ansible docker_group: docker -... \ No newline at end of file +... From 7aefcc7a9606dbb5d4a95f574ca4b9da732ee7d5 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Fri, 24 Jul 2020 21:00:00 +0200 Subject: [PATCH 91/94] chore: swarm tasks --- ansible/roles/swarm/tasks/main.yml | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/ansible/roles/swarm/tasks/main.yml b/ansible/roles/swarm/tasks/main.yml index 670542c..ceb78c2 100644 --- a/ansible/roles/swarm/tasks/main.yml +++ b/ansible/roles/swarm/tasks/main.yml @@ -5,19 +5,17 @@ name: "{{ packages }}" state: latest update_cache: yes - with_items: "{{ packages}}" + with_items: "{{ packages }}" -# - name: Add user to docker group -# user: -# name: "{{ ansible_user }}" -# group: "{{ docker_group }}" +- name: "Ensure group {{ docker_group }} exists" + group: + name: "{{ docker_group }}" -# - name: Create docker service directory -# file: -# path: /etc/systemd/system/docker.service.d -# state: directory -# notify: -# - restart docker +- name: Add user to docker group + user: + name: "{{ item.username }}" + group: "{{ docker_group }}" + with_items: "{{ users }}" - name: Ensure Docker is running service: From 960d74be2a63a9136768e983359a28ad5dd6522c Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Sat, 25 Jul 2020 21:00:00 +0200 Subject: [PATCH 92/94] chore: add public key files --- ansible/roles/users/files/artentica.key.pub | 1 + ansible/roles/users/files/doctor.key.pub | 1 + 2 files changed, 2 insertions(+) create mode 100644 ansible/roles/users/files/artentica.key.pub create mode 100644 ansible/roles/users/files/doctor.key.pub diff --git a/ansible/roles/users/files/artentica.key.pub b/ansible/roles/users/files/artentica.key.pub new file mode 100644 index 0000000..ba8f1c5 --- /dev/null +++ b/ansible/roles/users/files/artentica.key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKSuo82KyqCWnmAPNTWbZq+vFaIH2YFJkLNvkANV65mc \ No newline at end of file diff --git a/ansible/roles/users/files/doctor.key.pub b/ansible/roles/users/files/doctor.key.pub new file mode 100644 index 0000000..ba8f1c5 --- /dev/null +++ b/ansible/roles/users/files/doctor.key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKSuo82KyqCWnmAPNTWbZq+vFaIH2YFJkLNvkANV65mc \ No newline at end of file From acf44993aa845c0e3e3d1b9a6d4980edaacee351 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Sat, 25 Jul 2020 21:00:00 +0200 Subject: [PATCH 93/94] chore: add public key in conf sys --- ansible/roles/users/tasks/main.yml | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/ansible/roles/users/tasks/main.yml b/ansible/roles/users/tasks/main.yml index 00a7b72..a3ece52 100644 --- a/ansible/roles/users/tasks/main.yml +++ b/ansible/roles/users/tasks/main.yml @@ -1,11 +1,20 @@ --- - name: "Create user: {{item.username}}" - user: - name: "{{item.username}}" - password: "{{item.password}}" - with_items: - - username: 'artentica' - password: 'toto' - - username: 'doctor' - password: 'titi' + user: + name: "{{ item.username }}" + groups: "admin" + with_items: "{{ users }}" + +- name: "Add authorized keys" + authorized_key: + user: "{{ item.username }}" + key: "{{ lookup('file', 'files/'+ item.username + '.key.pub') }}" + with_items: "{{ users }}" + +- name: "Allow admin users to sudo without a password" + lineinfile: + dest: "/etc/sudoers" # path: in version 2.3 + state: "present" + regexp: "^%admin" + line: "%admin ALL=(ALL) NOPASSWD: ALL" ... \ No newline at end of file From 8f9bccec40491d8e66fd0755d497a20f58c659b0 Mon Sep 17 00:00:00 2001 From: Vincent Riouallon Date: Sat, 25 Jul 2020 21:00:00 +0200 Subject: [PATCH 94/94] example conf with traefik in swarm --- swarm/example.yml | 75 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 swarm/example.yml diff --git a/swarm/example.yml b/swarm/example.yml new file mode 100644 index 0000000..0689188 --- /dev/null +++ b/swarm/example.yml @@ -0,0 +1,75 @@ +version: "3.8" + + +networks: + traefik: + name: "dmz" + driver: overlay + attachable: true + +services: + + traefik: + image: "traefik:v2.2" + command: + - "--global.sendanonymoususage=false" # désactivation de l'envoi de donnée + - "--global.checknewversion=false" # puisque dockerisé, on désactive le check de mise à jour + - "--accesslog=true" # Pour avoir les logs d'accès + - "--api=true" # Pour activer l'api + # Swarm + #traefik.http.services.myservice.loadbalancer.server.port=8080 + - "--providers.docker.swarmMode=true" + - "--providers.docker.watch=true" + - "--providers.docker.endpoint=unix:///var/run/docker.sock" + - "--api.insecure=true" # Activer pour exposer l'api sur 8080 + - "--api.dashboard=true" # Pour activer le dashboard + - "--log.level=DEBUG" + #- "--providers.file.directory=/etc/traefik/conf.d/" # Permets de charger les configurations dans le répertoire (tout les yaml et toml) + #- "--providers.file.watch=true" # Permets de surveiller le répertoire précédent pour charger dynamiquement les configurations + - "--entrypoints.http.address=:80" # Création de l'entrypoint nommé web sur le port 80 + - "--entrypoints.https.address=:443" # Création de l'entrypoint nommé websecure sur le port 443 + #- "--entrypoints.web.http.redirections.entrypoint.scheme=https" # Pour créer une redirection vers https + #- "--entrypoints.web.http.redirections.entrypoint.to=websecure" # Pour rediriger vers l'entrypoint websecure (port 443) + - "--certificatesresolvers.letsencrypt-rsa2048.acme.email=server@vincentriouallon.ovh" + - "--certificatesresolvers.letsencrypt-rsa2048.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" + - "--certificatesresolvers.letsencrypt-rsa2048.acme.storage=/acme.json" + - "--certificatesresolvers.letsencrypt-rsa2048.acme.keytype=RSA2048" + - "--certificatesresolvers.letsencrypt-rsa2048.acme.httpchallenge.entrypoint=web" + - "--certificatesresolvers.letsencrypt-rsa2048.acme.tlschallenge=true" + networks: + - traefik + ports: + - "8080:8080" + - "443:443" + - "80:80" + deploy: + labels: + - "traefik.http.services.traefik.loadbalancer.server.port=8080" + - "traefik.docker.lbswarm=true" + - "traefik.enable=true" + - "traefik.docker.network=dmz" + - "traefik.http.routers.traefik.entrypoints=https" + - "traefik.http.middlewares.http-redirect.redirectscheme.scheme=https" + volumes: + - "/var/run/docker.sock:/var/run/docker.sock:ro" + + whoami: + image: "containous/whoami" + networks: + - traefik + deploy: + labels: + - "traefik.enable=true" + - "traefik.docker.network=dmz" + - "traefik.docker.lbswarm=true" + - "traefik.http.routers.reverse_proxy_plex_insecure.rule=Host(`whoami.vincentriouallon.ovh`)" + - "traefik.http.routers.reverse_proxy_plex_insecure.middlewares=http-redirect@docker" + - "traefik.http.routers.reverse_proxy_plex.entrypoints=https" + - "traefik.http.routers.reverse_proxy_plex.tls=true" + - "traefik.http.routers.reverse_proxy_plex.tls.certresolver=letsencrypt-rsa2048" + - "traefik.http.routers.reverse_proxy_plex.rule=Host(`whoami.vincentriouallon.ovh`)" + - "traefik.http.services.reverse_proxy_plex.loadbalancer.passhostheader=true" + - "traefik.http.services.reverse_proxy_plex.loadbalancer.server.port=80" + - "traefik.http.services.reverse_proxy_plex.loadbalancer.server.scheme=http" + +