Add ansible files
This commit is contained in:
parent
ad77d0317a
commit
0994da378e
16 changed files with 147 additions and 38 deletions
|
@ -1,2 +1,7 @@
|
||||||
---
|
---
|
||||||
sshwifty_shared_key: admin
|
|
||||||
|
sshwifty_internal_port: 8080
|
||||||
|
sshwifty_configuration_directory: "/etc/sshwifty"
|
||||||
|
sshwifty_work_directory: "/var/lib/sshwifty"
|
||||||
|
|
||||||
|
#
|
||||||
|
|
8
ansible/group_vars/stage_development/vars.yml
Normal file
8
ansible/group_vars/stage_development/vars.yml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
sshwifty_hostname: "0.0.0.0"
|
||||||
|
sshwifty_public_port: "80"
|
||||||
|
sshwifty_shared_key: "demo"
|
||||||
|
|
||||||
|
sshwifty_authentication: "password"
|
||||||
|
sshwifty_ssh_password: "demo"
|
||||||
|
sshwifty_ssh_user: "demo"
|
5
ansible/group_vars/stage_production/vars.yml
Normal file
5
ansible/group_vars/stage_production/vars.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
sshwifty_hostname: "443"
|
||||||
|
sshwifty_public_port: "443"
|
||||||
|
|
||||||
|
sshwifty_authentication: "password"
|
11
ansible/group_vars/stage_production/vault.yml
Normal file
11
ansible/group_vars/stage_production/vault.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
63313862626430363534363861306666346637323564353264396264326265303938383339313533
|
||||||
|
3437623534323965643935333536366365366530336264310a336133363237326238653834303534
|
||||||
|
65303830666634666130353432623632346532656266333761613566613663643330353835343336
|
||||||
|
3836333166336530350a666634356437666436336437343765643931353164653039633232313637
|
||||||
|
63666338313362323866633765303831613162386662343534643064633731393362396261616130
|
||||||
|
61643364663535613965643364346565643064636134346464353166313030613032346633306364
|
||||||
|
65396637363934303338643233373065383738656531316534363864323435323835336661396137
|
||||||
|
38613637333663333665313437646362383862636536343761666435363663393164663463636463
|
||||||
|
61346461653030356236313764363737653431666463663261636262656562353531333366616564
|
||||||
|
3965313964343535303432663835346364643537316461656133
|
3
ansible/host_vars/prod-gateway0/vars.yml
Normal file
3
ansible/host_vars/prod-gateway0/vars.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
sshwifty_hostname: "gateway0.teaching.glenux.net"
|
||||||
|
mongo_group_id: 0
|
3
ansible/host_vars/prod-gateway1/vars.yml
Normal file
3
ansible/host_vars/prod-gateway1/vars.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
sshwifty_hostname: "gateway1.teaching.glenux.net"
|
||||||
|
mongo_group_id: 1
|
3
ansible/host_vars/prod-gateway2/vars.yml
Normal file
3
ansible/host_vars/prod-gateway2/vars.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
sshwifty_hostname: "gateway2.teaching.glenux.net"
|
||||||
|
mongo_group_id: 2
|
4
ansible/host_vars/prod-gateway3/vars.yml
Normal file
4
ansible/host_vars/prod-gateway3/vars.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
sshwifty_hostname: "gateway3.teaching.glenux.net"
|
||||||
|
|
||||||
|
mongo_group_id: 3
|
|
@ -1,5 +1,11 @@
|
||||||
---
|
---
|
||||||
- hosts: app_sshwifty
|
# Collect tasks about role_mongo
|
||||||
|
- hosts: role_mongo
|
||||||
|
become: true
|
||||||
|
tasks: []
|
||||||
|
|
||||||
|
# Then deploy gateways
|
||||||
|
- hosts: role_gateway
|
||||||
become: true
|
become: true
|
||||||
tasks:
|
tasks:
|
||||||
- include_tasks: tasks/setup_base.yml
|
- include_tasks: tasks/setup_base.yml
|
||||||
|
@ -15,7 +21,8 @@
|
||||||
caddy_systemd_capabilities_enabled: true
|
caddy_systemd_capabilities_enabled: true
|
||||||
caddy_config: "{{ lookup('template', 'templates/Caddyfile.j2') }}"
|
caddy_config: "{{ lookup('template', 'templates/Caddyfile.j2') }}"
|
||||||
|
|
||||||
- hosts: app_mongo
|
# And deploy mongos
|
||||||
|
- hosts: role_mongo
|
||||||
become: true
|
become: true
|
||||||
tasks:
|
tasks:
|
||||||
- include_tasks: tasks/setup_base.yml
|
- include_tasks: tasks/setup_base.yml
|
||||||
|
|
|
@ -1,9 +1,10 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Sync time
|
- name: "Sync time - first try (needed by apt)"
|
||||||
ansible.builtin.shell:
|
ansible.builtin.shell:
|
||||||
cmd: ntpdate 0.debian.pool.ntp.org
|
cmd: hash ntpdate 2>/dev/null && ntpdate 0.debian.pool.ntp.org
|
||||||
ignore_errors: yes
|
ignore_errors: 'yes'
|
||||||
|
no_log: 'yes'
|
||||||
|
|
||||||
- name: Install required system packages
|
- name: Install required system packages
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
|
@ -13,7 +14,7 @@
|
||||||
state: latest
|
state: latest
|
||||||
update_cache: true
|
update_cache: true
|
||||||
|
|
||||||
- name: Sync time
|
- name: "Sync time - for real (needed by sshwifty)"
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
cmd: ntpdate 0.debian.pool.ntp.org
|
cmd: ntpdate 0.debian.pool.ntp.org
|
||||||
|
|
||||||
|
|
|
@ -56,4 +56,10 @@
|
||||||
pip:
|
pip:
|
||||||
name: docker
|
name: docker
|
||||||
|
|
||||||
|
- name: adding existing user vagrant to group docker
|
||||||
|
user:
|
||||||
|
name: vagrant
|
||||||
|
groups: docker
|
||||||
|
append: 'yes'
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|
|
@ -3,10 +3,36 @@
|
||||||
# python3 -c 'import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass("Confirm: ")) else exit())'
|
# python3 -c 'import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass("Confirm: ")) else exit())'
|
||||||
- name: Add the user 'debian'
|
- name: Add the user 'debian'
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
name: debian
|
name: "{{ sshwifty_ssh_user }}"
|
||||||
password: '$6$7SKND.wc64QSchcm$eGS36vIXypLHSd.PQM0gIq6ILx9QiRQxWNej3Gb32sKk2MuLrRlceXCJmidYATNZeJTbBXNf3c5qTmm7BB.EA1'
|
password: "{{ sshwifty_ssh_password | password_hash('sha512') }}"
|
||||||
shell: /bin/bash
|
shell: /bin/bash
|
||||||
state: present
|
state: present
|
||||||
update_password: always
|
update_password: always
|
||||||
|
|
||||||
|
- name: Change SSH config to allow connections with password
|
||||||
|
ansible.builtin.copy:
|
||||||
|
dest: /etc/ssh/sshd_config.d/sshwifty_with_password.conf
|
||||||
|
content: |
|
||||||
|
PasswordAuthentication yes
|
||||||
|
register: ssh_service_conf
|
||||||
|
|
||||||
|
- name: Restart SSH service to take in account new changes
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: ssh
|
||||||
|
state: restarted
|
||||||
|
when: ssh_service_conf.changed
|
||||||
|
|
||||||
|
- name: "adding existing user {{ sshwifty_ssh_user }} to group docker"
|
||||||
|
user:
|
||||||
|
name: "{{ sshwifty_ssh_user }}"
|
||||||
|
groups:
|
||||||
|
- docker
|
||||||
|
- sudo
|
||||||
|
append: 'yes'
|
||||||
|
|
||||||
|
- name: Change SUDO config to allow sudo without password to %sudo group
|
||||||
|
ansible.builtin.copy:
|
||||||
|
dest: /etc/sudoers.d/sudo_no_pass
|
||||||
|
content: |
|
||||||
|
%sudo ALL=(ALL) NOPASSWD: ALL
|
||||||
#
|
#
|
||||||
|
|
|
@ -6,24 +6,35 @@
|
||||||
state: latest
|
state: latest
|
||||||
update_cache: true
|
update_cache: true
|
||||||
|
|
||||||
|
- name: Create SSHwifty configuration directory
|
||||||
|
file:
|
||||||
|
path: "{{ sshwifty_configuration_directory }}"
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Scan SSH keys
|
||||||
|
command: "ssh-keyscan {{item}}"
|
||||||
|
register: "host_keys"
|
||||||
|
changed_when: false
|
||||||
|
with_items: groups["role_mongos"]
|
||||||
|
|
||||||
- name: Deploy SSHwifty configuration
|
- name: Deploy SSHwifty configuration
|
||||||
template:
|
template:
|
||||||
src: templates/sshwifty.conf.j2
|
src: templates/sshwifty.conf.j2
|
||||||
dest: /etc/sshwifty.conf
|
dest: "{{ sshwifty_configuration_directory }}/sshwifty.conf"
|
||||||
|
|
||||||
- name: Create SSHwifty directory
|
- name: Create SSHwifty directory
|
||||||
file:
|
file:
|
||||||
path: /var/lib/sshwifty
|
path: "{{ sshwifty_work_directory }}"
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
- name: Deploy SSHwifty configuration
|
- name: Deploy SSHwifty configuration
|
||||||
template:
|
template:
|
||||||
src: templates/docker-compose.yml.j2
|
src: templates/docker-compose.yml.j2
|
||||||
dest: /var/lib/sshwifty/docker-compose.yml
|
dest: "{{ sshwifty_work_directory }}/docker-compose.yml"
|
||||||
|
|
||||||
- name: Run SSHwifty
|
- name: Run SSHwifty
|
||||||
community.docker.docker_compose:
|
community.docker.docker_compose:
|
||||||
project_src: /var/lib/sshwifty
|
project_src: "{{ sshwifty_work_directory }}"
|
||||||
recreate: smart
|
recreate: smart
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
http://0.0.0.0:80 {
|
{{ sshwifty_hostname }}:{{ sshwifty_public_port }} {
|
||||||
log
|
log
|
||||||
|
|
||||||
reverse_proxy http://localhost:8080 {
|
reverse_proxy localhost:{{ sshwifty_internal_port }} {
|
||||||
header_up Host {http.request.host}
|
header_up Host {http.request.host}
|
||||||
header_up X-Real-IP {http.request.remote.host}
|
header_up X-Real-IP {http.request.remote.host}
|
||||||
header_up X-Forwarded-For {http.request.remote.host}
|
header_up X-Forwarded-For {http.request.remote.host}
|
||||||
|
|
|
@ -7,12 +7,12 @@ services:
|
||||||
image: niruix/sshwifty:latest
|
image: niruix/sshwifty:latest
|
||||||
restart: always
|
restart: always
|
||||||
ports:
|
ports:
|
||||||
- 8080:8182
|
- "{{sshwifty_internal_port}}:8182"
|
||||||
environment:
|
environment:
|
||||||
SSHWIFTY_SHAREDKEY: admin
|
SSHWIFTY_SHAREDKEY: "{{sshwifty_shared_key}}"
|
||||||
SSHWIFTY_CONFIG: /etc/sshwifty.conf
|
SSHWIFTY_CONFIG: /etc/sshwifty.conf
|
||||||
volumes:
|
volumes:
|
||||||
- /etc/sshwifty.conf:/etc/sshwifty.conf
|
- "{{sshwifty_configuration_directory}}/sshwifty.conf:/etc/sshwifty.conf"
|
||||||
|
|
||||||
volumes: {}
|
volumes: {}
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
{# vim: set ts=2 sw=2 et ft=jinja2,json : #}
|
||||||
{
|
{
|
||||||
{# "HostName": "localhost", #}
|
{# "HostName": "localhost", #}
|
||||||
"SharedKey": "{{ sshwifty_shared_key }}",
|
"SharedKey": "{{ sshwifty_shared_key }}",
|
||||||
|
@ -17,30 +18,45 @@
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"Presets": [
|
"Presets": [
|
||||||
|
{% for host in groups['role_mongo'] %}
|
||||||
|
{% set server_group_id = loop.index0 // mongo_replicas_count %}
|
||||||
|
{% set server_index = loop.index0 % mongo_replicas_count %}
|
||||||
|
{% set server_ip_addr = hostvars[host]['ansible_facts']['default_ipv4']['address'] %}
|
||||||
|
{% if server_group_id == mongo_group_id %}
|
||||||
|
{
|
||||||
|
"Title": "Group {{ server_group_id }} - Server {{ server_index }} ({{ host }})",
|
||||||
|
"Type": "SSH",
|
||||||
|
"Host": "{{ server_ip_addr }}:22",
|
||||||
|
"Meta": {
|
||||||
|
"User": "{{ sshwifty_ssh_user }}",
|
||||||
|
{% if "password" == sshwifty_authentication | lower %}
|
||||||
|
"Authentication": "Password",
|
||||||
|
"Password": "{{ sshwifty_ssh_password }}",
|
||||||
|
{% else %}
|
||||||
|
"Authentication": "Private Key",
|
||||||
|
"Private Key": "file://{{ sshwifty_ssh_private_key }}",
|
||||||
|
{% endif %}
|
||||||
|
{# "Fingerprint": home"SHA256:bgO...." #}
|
||||||
|
"Encoding": "utf-8"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
{
|
{
|
||||||
"Title": "Gateway",
|
"Title": "Group {{ mongo_group_id }} - Gateway ({{ ansible_facts['hostname'] }})",
|
||||||
"Type": "SSH",
|
"Type": "SSH",
|
||||||
"Host": "{{ansible_facts.all_ipv4_addresses | ansible.netcommon.ipaddr('192.168.50.0/24') | first }}:22",
|
"Host": "{{ ansible_ssh_host }}:22",
|
||||||
"Meta": {
|
"Meta": {
|
||||||
"User": "debian",
|
"User": "{{ sshwifty_ssh_user }}",
|
||||||
"Encoding": "utf-8",
|
{% if "password" == sshwifty_authentication | lower %}
|
||||||
"Password": "debian",
|
"Authentication": "Password",
|
||||||
"Authentication": "Password" {# , #}
|
"Password": "{{ sshwifty_ssh_password }}",
|
||||||
{# "Private Key": "file:///home/user/.ssh/private_key", #}
|
{% else %}
|
||||||
{# "Fingerprint": "SHA256:bgO...." #}
|
"Authentication": "Private Key",
|
||||||
}
|
"Private Key": "file://{{ sshwifty_ssh_private_key }}",
|
||||||
},
|
{% endif %}
|
||||||
{
|
|
||||||
"Title": "SDF.org Unix Shell",
|
|
||||||
"Type": "SSH",
|
|
||||||
"Host": "sdf.org:22",
|
|
||||||
"Meta": {
|
|
||||||
"User": "debian",
|
|
||||||
"Encoding": "utf-8",
|
|
||||||
"Password": "debian",
|
|
||||||
"Authentication": "Password" {# , #}
|
|
||||||
{# "Private Key": "file:///home/user/.ssh/private_key", #}
|
|
||||||
{# "Fingerprint": "SHA256:bgO...." #}
|
{# "Fingerprint": "SHA256:bgO...." #}
|
||||||
|
"Encoding": "utf-8"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
|
|
Loading…
Reference in a new issue