50 lines
1.1 KiB
Markdown
50 lines
1.1 KiB
Markdown
# Ansible
|
|
|
|
Catalogue of Ansible playbooks and helper scripts for server management
|
|
|
|
## Node configuration process
|
|
### Setup user configuration
|
|
- Create provisioning user without password and sudo
|
|
- Create tanguy user with password
|
|
- Disable root login (passwd --lock root)
|
|
|
|
### SSH Setup
|
|
- Install fail2ban
|
|
- Disable SSH password login
|
|
- Change SSH port
|
|
|
|
### Miscellaneous
|
|
- Test if unattended-upgrade is installed
|
|
- Disable if true
|
|
- Disable IPv6
|
|
- Setup hostname
|
|
|
|
### Softwares
|
|
- Install k3s with token
|
|
- Install OMV for NAS node*(s)
|
|
|
|
## Update system
|
|
- General package manager update
|
|
|
|
# Additional configuration
|
|
- Add label to output node on k3s to enable load balancer
|
|
|
|
# Notes
|
|
Running the configuration for a node without inventory
|
|
```
|
|
ansible-playbook init.yml -i <ips-separated-by-commas> -u creator --private-key <path-to-ssh-key> --ask-become --extra-vars '{"hostname": "foo"}'
|
|
```
|
|
|
|
Running the configuration for a node with inventory
|
|
- Add node to inventory
|
|
- Add node to `virgin` group
|
|
- Run following command
|
|
```
|
|
ansible-playbook init.yml -i inventory --limit virgin
|
|
```
|
|
|
|
Initiate the cluster from scratch
|
|
```
|
|
make all
|
|
```
|