Différences
Ci-dessous, les différences entre deux révisions de la page.
Prochaine révision | Révision précédente | ||
ansible:start [14/04/2020 17:35] dani créée |
ansible:start [12/02/2021 17:23] (Version actuelle) dani |
||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
====== Ansible Roles ====== | ====== Ansible Roles ====== | ||
- | At Firewall Services, we use [[https://www.ansible.com/|Ansible]] a lot. And so we've written | + | Have a look at our [[https://git.fws.fr/fws/ |
- | * Basic system configuration | + | ===== First steps ===== |
- | * Authentication (eg, configure LDAP auth, or join an AD domain automatically) | + | |
- | * Plumber layers (like deploy a MySQL server, a PHP stack etc.) | + | |
- | * Authentication services (Samba4 in AD DC mode, Lemonldap:: | + | |
- | * Collaborative apps (like Zimbra, Matrix, Etherpad, Seafile, OnlyOffice, Jitsi etc.) | + | |
- | * Monitoring tools (deploy Zabbix agent, proxy and server, Fusion Inventory agent, Graylog server) | + | |
- | * Web applications (GLPI, Ampache, Kanboard, Wordpress, Dolibarr, Matomo, Framadate, Dokuwiki etc.) | + | |
- | * Dev tools (Deploy a Gitea server) | + | |
- | * Security tools (OpenXPKI, Bitwareden_RS, | + | |
- | * A lot more :-) | + | |
- | Most of our roles and CentOS centric, and are made to be deployed on CentOS 7 servers. Basic roles (like basic system configuration, | + | Before you can use our ansible |
- | Our roles are often dependent on other roles. For example, if you deploy glpi, it'll first pull all the required web and PHP stack. | + | ===== How roles are configured ===== |
- | All this is available on our GIT repo : https:// | + | This [[.basic: |
+ | ===== Create a playbook ===== | ||
+ | Ansible will read what is called a playbook to know what it has to do, on which hosts, on which order. See [[.basic: | ||
+ | |||
+ | ===== Common role ===== | ||
+ | |||
+ | A lot of roles are dependant on other ones, and most expect the common role to be deployed. The common role will configure lots of things on the system, like | ||
+ | |||
+ | * Configure LDAP or AD authentication (if needed) | ||
+ | * Setup sudo rules for administrator groups | ||
+ | * Deploy ssh keys of your admins | ||
+ | * System tuning (swapiness, specific sysctl etc.) | ||
+ | |||
+ | Here's [[.basic: | ||
+ | |||
+ | ===== Other roles ===== | ||
+ | |||
+ | |||
+ | ==== OpenXPKI ==== | ||
+ | |||
+ | * [[.: | ||
+ | |||
+ | ==== Graylog ==== | ||
+ | |||
+ | * [[.: | ||
+ | |||
+ | ==== Appsmith ==== | ||
+ | |||
+ | * [[.: |