majic-ansible-roles Changeset

Changeset - 24c957d877de

Parent rev.

Child rev.

[Not reviewed]

0 5 2

Branko Majic (branko) - 7 years ago 2017-04-09 17:56:30
branko@majic.rs

MAR-96: Fixed indentation for code listing in testsite documentation for generating the SSH keys. Added an extra "workstation" machine to test site meant to be used for testing Debian 9 Stretch compatibility. Moved testing of "extra_backup_patterns" into the new workstation machine.

7 files changed with 53 insertions and 17 deletions:

docs/testsite.rst

testsite/group_vars/backup.yml

testsite/group_vars/mail.yml

testsite/group_vars/workstation.yml

testsite/hosts

testsite/playbooks/site.yml

testsite/playbooks/ws.yml

0 comments (0 inline, 0 general)

docs/testsite.rst

➞

Show inline comments

   .. code-block:: shell
     mkdir ssh
     ssh-keygen -f ssh/backup_server_dsa_key -N '' -t dsa
     ssh-keygen -f ssh/backup_server_rsa_key -N '' -t rsa
     ssh-keygen -f ssh/backup_server_ed25519_key -N '' -t ed25519
     ssh-keygen -f ssh/backup_server_ecdsa_key -N '' -t ecdsa
     ssh-keygen -f ssh/mail.example.com -N ''
     ssh-keygen -f ssh/ldap.example.com -N ''
     ssh-keygen -f ssh/xmpp.example.com -N ''
     ssh-keygen -f ssh/web.example.com -N ''
     ssh-keygen -f ssh/backup.example.com -N ''
      mkdir ssh
      ssh-keygen -f ssh/backup_server_dsa_key -N '' -t dsa
      ssh-keygen -f ssh/backup_server_rsa_key -N '' -t rsa
      ssh-keygen -f ssh/backup_server_ed25519_key -N '' -t ed25519
      ssh-keygen -f ssh/backup_server_ecdsa_key -N '' -t ecdsa
      ssh-keygen -f ssh/mail.example.com -N ''
      ssh-keygen -f ssh/ldap.example.com -N ''
      ssh-keygen -f ssh/xmpp.example.com -N ''
      ssh-keygen -f ssh/web.example.com -N ''
      ssh-keygen -f ssh/backup.example.com -N ''
      ssh-keygen -f ssh/ws01.example.com -N ''
 . Set-up a local GnuPG keyring that will contain the necessary encryption and
    signing keys for the backup clients::
      Name-Real:backup.example.com
      Expire-Date:0
      %commit
      Key-Type:RSA
      Key-Length:1024
      Name-Real:ws01.example.com
      Expire-Date:0
      %commit
      EOF
 . Generate the preseed files:
      ansible-playbook playbooks/preseed.yml
 . Install all servers using the generated preseed files.
 . Install all servers using the generated preseed files. All servers except
    ``ws01.example.com`` are supposed to be running *Debian 8 Jessie*. The server
    ``ws01.example.com`` is meant to run *Debian 9 Stretch* (althogh, Debian
    Jessie should function as well).
 . Add the SSH host fingerprints to your ``known_hosts`` file (don't forget to
     remove old entries if you are redoing the process). You can easily obtain all
     .. code-block:: shell
       ssh-keyscan -t ed25519 mail.example.com ldap.example.com xmpp.example.com web.example.com backup.example.com $(resolveip -s mail.example.com) $(resolveip -s ldap.example.com) $(resolveip -s xmpp.example.com) $(resolveip -s web.example.com) $(resolveip -s backup.example.com)
+      ssh-keyscan -t ed25519 mail.example.com ldap.example.com xmpp.example.com web.example.com backup.example.com ws01.example.com $(resolveip -s mail.example.com) $(resolveip -s ldap.example.com) $(resolveip -s xmpp.example.com) $(resolveip -s web.example.com) $(resolveip -s backup.example.com) $(resolveip -s ws01.example.com)
 . Invoke the ``bootstrap.yml`` playbook in order to set-up some basic
     environment for Ansible runs on all servers:

testsite/group_vars/backup.yml

➞

Show inline comments

@@ @@ -23,6 +23,9 @@ backup_clients: @@
   - server: backup.{{ testsite_domain }}
     public_key: "{{ lookup('file', inventory_dir + '/ssh/backup.' + testsite_domain + '.pub') }}"
     ip: 127.0.0.1
   - server: ws01.{{ testsite_domain }}
     public_key: "{{ lookup('file', inventory_dir + '/ssh/ws01.' + testsite_domain + '.pub') }}"
     ip: 10.32.64.22
 backup_host_ssh_private_keys:
   dsa: "{{ lookup('file', inventory_dir + '/ssh/backup_server_dsa_key') }}"

testsite/group_vars/mail.yml

➞

Show inline comments

@@ @@ -28,6 +28,7 @@ smtp_allow_relay_from: @@
   - ldap.{{ testsite_domain }}
   - xmpp.{{ testsite_domain }}
   - web.{{ testsite_domain }}
   - ws01.{{ testsite_domain }}
 imap_max_user_connections_per_ip: 50
@@ @@ -36,6 +37,3 @@ mail_server_tls_protocols: @@
   - TLSv1.1
 mail_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA:!aNULL:!MD5:!EXPORT"
 extra_backup_patterns:
   - "/root"
@@ \ No newline at end of file @@

testsite/group_vars/workstation.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 local_mail_aliases:
   root: "root john.doe@{{ testsite_domain }}"
 smtp_relay_host: mail.{{ testsite_domain }}
 smtp_relay_truststore: "{{ lookup('file', inventory_dir + '/tls/ca.pem') }}"
 extra_backup_patterns:
   - "/root"
   - "/home/admin"
@@ \ No newline at end of file @@

testsite/hosts

➞

Show inline comments

@@ @@ -16,9 +16,13 @@ web.example.com @@
 [backup]
 backup.example.com
 [workstation]
 ws01.example.com
 [testsite:children]
 ldap
 xmpp
 mail
 web
 backup
@@ \ No newline at end of file @@
 backup
 workstation
@@ \ No newline at end of file @@

testsite/playbooks/site.yml

➞

Show inline comments

@@ @@ -5,4 +5,5 @@ @@
 - include: xmpp.yml
 - include: mail.yml
 - include: web.yml
 - include: backup.yml
@@ \ No newline at end of file @@
 - include: backup.yml
 - include: ws.yml
@@ \ No newline at end of file @@

testsite/playbooks/ws.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 - hosts: workstation
   remote_user: ansible
   become: yes
   roles:
     - common
     - mail_forwarder

0 comments (0 inline, 0 general)