Add ansible files
This commit is contained in:
parent
ad77d0317a
commit
0994da378e
16 changed files with 147 additions and 38 deletions
|
@ -1,2 +1,7 @@
|
|||
---
|
||||
sshwifty_shared_key: admin
|
||||
|
||||
sshwifty_internal_port: 8080
|
||||
sshwifty_configuration_directory: "/etc/sshwifty"
|
||||
sshwifty_work_directory: "/var/lib/sshwifty"
|
||||
|
||||
#
|
||||
|
|
8
ansible/group_vars/stage_development/vars.yml
Normal file
8
ansible/group_vars/stage_development/vars.yml
Normal file
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
sshwifty_hostname: "0.0.0.0"
|
||||
sshwifty_public_port: "80"
|
||||
sshwifty_shared_key: "demo"
|
||||
|
||||
sshwifty_authentication: "password"
|
||||
sshwifty_ssh_password: "demo"
|
||||
sshwifty_ssh_user: "demo"
|
5
ansible/group_vars/stage_production/vars.yml
Normal file
5
ansible/group_vars/stage_production/vars.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
sshwifty_hostname: "443"
|
||||
sshwifty_public_port: "443"
|
||||
|
||||
sshwifty_authentication: "password"
|
11
ansible/group_vars/stage_production/vault.yml
Normal file
11
ansible/group_vars/stage_production/vault.yml
Normal file
|
@ -0,0 +1,11 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
63313862626430363534363861306666346637323564353264396264326265303938383339313533
|
||||
3437623534323965643935333536366365366530336264310a336133363237326238653834303534
|
||||
65303830666634666130353432623632346532656266333761613566613663643330353835343336
|
||||
3836333166336530350a666634356437666436336437343765643931353164653039633232313637
|
||||
63666338313362323866633765303831613162386662343534643064633731393362396261616130
|
||||
61643364663535613965643364346565643064636134346464353166313030613032346633306364
|
||||
65396637363934303338643233373065383738656531316534363864323435323835336661396137
|
||||
38613637333663333665313437646362383862636536343761666435363663393164663463636463
|
||||
61346461653030356236313764363737653431666463663261636262656562353531333366616564
|
||||
3965313964343535303432663835346364643537316461656133
|
3
ansible/host_vars/prod-gateway0/vars.yml
Normal file
3
ansible/host_vars/prod-gateway0/vars.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
sshwifty_hostname: "gateway0.teaching.glenux.net"
|
||||
mongo_group_id: 0
|
3
ansible/host_vars/prod-gateway1/vars.yml
Normal file
3
ansible/host_vars/prod-gateway1/vars.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
sshwifty_hostname: "gateway1.teaching.glenux.net"
|
||||
mongo_group_id: 1
|
3
ansible/host_vars/prod-gateway2/vars.yml
Normal file
3
ansible/host_vars/prod-gateway2/vars.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
sshwifty_hostname: "gateway2.teaching.glenux.net"
|
||||
mongo_group_id: 2
|
4
ansible/host_vars/prod-gateway3/vars.yml
Normal file
4
ansible/host_vars/prod-gateway3/vars.yml
Normal file
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
sshwifty_hostname: "gateway3.teaching.glenux.net"
|
||||
|
||||
mongo_group_id: 3
|
|
@ -1,5 +1,11 @@
|
|||
---
|
||||
- hosts: app_sshwifty
|
||||
# Collect tasks about role_mongo
|
||||
- hosts: role_mongo
|
||||
become: true
|
||||
tasks: []
|
||||
|
||||
# Then deploy gateways
|
||||
- hosts: role_gateway
|
||||
become: true
|
||||
tasks:
|
||||
- include_tasks: tasks/setup_base.yml
|
||||
|
@ -15,7 +21,8 @@
|
|||
caddy_systemd_capabilities_enabled: true
|
||||
caddy_config: "{{ lookup('template', 'templates/Caddyfile.j2') }}"
|
||||
|
||||
- hosts: app_mongo
|
||||
# And deploy mongos
|
||||
- hosts: role_mongo
|
||||
become: true
|
||||
tasks:
|
||||
- include_tasks: tasks/setup_base.yml
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
---
|
||||
|
||||
- name: Sync time
|
||||
- name: "Sync time - first try (needed by apt)"
|
||||
ansible.builtin.shell:
|
||||
cmd: ntpdate 0.debian.pool.ntp.org
|
||||
ignore_errors: yes
|
||||
cmd: hash ntpdate 2>/dev/null && ntpdate 0.debian.pool.ntp.org
|
||||
ignore_errors: 'yes'
|
||||
no_log: 'yes'
|
||||
|
||||
- name: Install required system packages
|
||||
ansible.builtin.apt:
|
||||
|
@ -13,7 +14,7 @@
|
|||
state: latest
|
||||
update_cache: true
|
||||
|
||||
- name: Sync time
|
||||
- name: "Sync time - for real (needed by sshwifty)"
|
||||
ansible.builtin.command:
|
||||
cmd: ntpdate 0.debian.pool.ntp.org
|
||||
|
||||
|
|
|
@ -56,4 +56,10 @@
|
|||
pip:
|
||||
name: docker
|
||||
|
||||
- name: adding existing user vagrant to group docker
|
||||
user:
|
||||
name: vagrant
|
||||
groups: docker
|
||||
append: 'yes'
|
||||
|
||||
#
|
||||
|
|
|
@ -3,10 +3,36 @@
|
|||
# python3 -c 'import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass("Confirm: ")) else exit())'
|
||||
- name: Add the user 'debian'
|
||||
ansible.builtin.user:
|
||||
name: debian
|
||||
password: '$6$7SKND.wc64QSchcm$eGS36vIXypLHSd.PQM0gIq6ILx9QiRQxWNej3Gb32sKk2MuLrRlceXCJmidYATNZeJTbBXNf3c5qTmm7BB.EA1'
|
||||
name: "{{ sshwifty_ssh_user }}"
|
||||
password: "{{ sshwifty_ssh_password | password_hash('sha512') }}"
|
||||
shell: /bin/bash
|
||||
state: present
|
||||
update_password: always
|
||||
|
||||
- name: Change SSH config to allow connections with password
|
||||
ansible.builtin.copy:
|
||||
dest: /etc/ssh/sshd_config.d/sshwifty_with_password.conf
|
||||
content: |
|
||||
PasswordAuthentication yes
|
||||
register: ssh_service_conf
|
||||
|
||||
- name: Restart SSH service to take in account new changes
|
||||
ansible.builtin.service:
|
||||
name: ssh
|
||||
state: restarted
|
||||
when: ssh_service_conf.changed
|
||||
|
||||
- name: "adding existing user {{ sshwifty_ssh_user }} to group docker"
|
||||
user:
|
||||
name: "{{ sshwifty_ssh_user }}"
|
||||
groups:
|
||||
- docker
|
||||
- sudo
|
||||
append: 'yes'
|
||||
|
||||
- name: Change SUDO config to allow sudo without password to %sudo group
|
||||
ansible.builtin.copy:
|
||||
dest: /etc/sudoers.d/sudo_no_pass
|
||||
content: |
|
||||
%sudo ALL=(ALL) NOPASSWD: ALL
|
||||
#
|
||||
|
|
|
@ -6,24 +6,35 @@
|
|||
state: latest
|
||||
update_cache: true
|
||||
|
||||
- name: Create SSHwifty configuration directory
|
||||
file:
|
||||
path: "{{ sshwifty_configuration_directory }}"
|
||||
state: directory
|
||||
|
||||
- name: Scan SSH keys
|
||||
command: "ssh-keyscan {{item}}"
|
||||
register: "host_keys"
|
||||
changed_when: false
|
||||
with_items: groups["role_mongos"]
|
||||
|
||||
- name: Deploy SSHwifty configuration
|
||||
template:
|
||||
src: templates/sshwifty.conf.j2
|
||||
dest: /etc/sshwifty.conf
|
||||
dest: "{{ sshwifty_configuration_directory }}/sshwifty.conf"
|
||||
|
||||
- name: Create SSHwifty directory
|
||||
file:
|
||||
path: /var/lib/sshwifty
|
||||
path: "{{ sshwifty_work_directory }}"
|
||||
state: directory
|
||||
|
||||
- name: Deploy SSHwifty configuration
|
||||
template:
|
||||
src: templates/docker-compose.yml.j2
|
||||
dest: /var/lib/sshwifty/docker-compose.yml
|
||||
dest: "{{ sshwifty_work_directory }}/docker-compose.yml"
|
||||
|
||||
- name: Run SSHwifty
|
||||
community.docker.docker_compose:
|
||||
project_src: /var/lib/sshwifty
|
||||
project_src: "{{ sshwifty_work_directory }}"
|
||||
recreate: smart
|
||||
state: present
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
http://0.0.0.0:80 {
|
||||
{{ sshwifty_hostname }}:{{ sshwifty_public_port }} {
|
||||
log
|
||||
|
||||
reverse_proxy http://localhost:8080 {
|
||||
reverse_proxy localhost:{{ sshwifty_internal_port }} {
|
||||
header_up Host {http.request.host}
|
||||
header_up X-Real-IP {http.request.remote.host}
|
||||
header_up X-Forwarded-For {http.request.remote.host}
|
||||
|
|
|
@ -7,12 +7,12 @@ services:
|
|||
image: niruix/sshwifty:latest
|
||||
restart: always
|
||||
ports:
|
||||
- 8080:8182
|
||||
- "{{sshwifty_internal_port}}:8182"
|
||||
environment:
|
||||
SSHWIFTY_SHAREDKEY: admin
|
||||
SSHWIFTY_SHAREDKEY: "{{sshwifty_shared_key}}"
|
||||
SSHWIFTY_CONFIG: /etc/sshwifty.conf
|
||||
volumes:
|
||||
- /etc/sshwifty.conf:/etc/sshwifty.conf
|
||||
- "{{sshwifty_configuration_directory}}/sshwifty.conf:/etc/sshwifty.conf"
|
||||
|
||||
volumes: {}
|
||||
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
{# vim: set ts=2 sw=2 et ft=jinja2,json : #}
|
||||
{
|
||||
{# "HostName": "localhost", #}
|
||||
"SharedKey": "{{ sshwifty_shared_key }}",
|
||||
|
@ -17,30 +18,45 @@
|
|||
}
|
||||
],
|
||||
"Presets": [
|
||||
{% for host in groups['role_mongo'] %}
|
||||
{% set server_group_id = loop.index0 // mongo_replicas_count %}
|
||||
{% set server_index = loop.index0 % mongo_replicas_count %}
|
||||
{% set server_ip_addr = hostvars[host]['ansible_facts']['default_ipv4']['address'] %}
|
||||
{% if server_group_id == mongo_group_id %}
|
||||
{
|
||||
"Title": "Group {{ server_group_id }} - Server {{ server_index }} ({{ host }})",
|
||||
"Type": "SSH",
|
||||
"Host": "{{ server_ip_addr }}:22",
|
||||
"Meta": {
|
||||
"User": "{{ sshwifty_ssh_user }}",
|
||||
{% if "password" == sshwifty_authentication | lower %}
|
||||
"Authentication": "Password",
|
||||
"Password": "{{ sshwifty_ssh_password }}",
|
||||
{% else %}
|
||||
"Authentication": "Private Key",
|
||||
"Private Key": "file://{{ sshwifty_ssh_private_key }}",
|
||||
{% endif %}
|
||||
{# "Fingerprint": home"SHA256:bgO...." #}
|
||||
"Encoding": "utf-8"
|
||||
}
|
||||
},
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{
|
||||
"Title": "Gateway",
|
||||
"Title": "Group {{ mongo_group_id }} - Gateway ({{ ansible_facts['hostname'] }})",
|
||||
"Type": "SSH",
|
||||
"Host": "{{ansible_facts.all_ipv4_addresses | ansible.netcommon.ipaddr('192.168.50.0/24') | first }}:22",
|
||||
"Host": "{{ ansible_ssh_host }}:22",
|
||||
"Meta": {
|
||||
"User": "debian",
|
||||
"Encoding": "utf-8",
|
||||
"Password": "debian",
|
||||
"Authentication": "Password" {# , #}
|
||||
{# "Private Key": "file:///home/user/.ssh/private_key", #}
|
||||
{# "Fingerprint": "SHA256:bgO...." #}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Title": "SDF.org Unix Shell",
|
||||
"Type": "SSH",
|
||||
"Host": "sdf.org:22",
|
||||
"Meta": {
|
||||
"User": "debian",
|
||||
"Encoding": "utf-8",
|
||||
"Password": "debian",
|
||||
"Authentication": "Password" {# , #}
|
||||
{# "Private Key": "file:///home/user/.ssh/private_key", #}
|
||||
"User": "{{ sshwifty_ssh_user }}",
|
||||
{% if "password" == sshwifty_authentication | lower %}
|
||||
"Authentication": "Password",
|
||||
"Password": "{{ sshwifty_ssh_password }}",
|
||||
{% else %}
|
||||
"Authentication": "Private Key",
|
||||
"Private Key": "file://{{ sshwifty_ssh_private_key }}",
|
||||
{% endif %}
|
||||
{# "Fingerprint": "SHA256:bgO...." #}
|
||||
"Encoding": "utf-8"
|
||||
}
|
||||
}
|
||||
],
|
||||
|
|
Loading…
Reference in a new issue