Tanguy Herbron
f983f9f2ed
This contains a lot of changes, including better system configuration for some issues discovered during testing, and minor tweaking for better user experience when doing maintenance
43 lines
1.2 KiB
Markdown
43 lines
1.2 KiB
Markdown
# Ansible
|
|
|
|
Catalogue of Ansible playbooks and helper scripts for server management
|
|
atmen: slave, servant
|
|
|
|
## Configuration options
|
|
### SSH Ports
|
|
The ssh port can be configured in 2 steps:
|
|
1. Change the `ansible_ssh_port` variable in `inventory/group_vars/all.yml`
|
|
2. Change the `sshd_port` variable in `inventory/vars/unprovisioned.yaml`
|
|
|
|
## Node configuration process
|
|
### Provisioning
|
|
- Add atmen user for provisioning
|
|
- Configure SSH key for atmen user
|
|
- Add maintainer user
|
|
- Configure SSH key for maintainer user
|
|
- Disable root login (passwd --lock root)
|
|
- Disable SSH login for creator user
|
|
- Disable SSH password login
|
|
- Change SSH port
|
|
|
|
### SSH Setup
|
|
- Install fail2ban
|
|
|
|
### Miscellaneous
|
|
- Disable unattended-upgrade is installed
|
|
- Disable IPv6
|
|
- Setup hostname
|
|
- Install open-iscsi, nfs-common, nfs-utils
|
|
|
|
### OMV configuration
|
|
- Install OMV through OMV-extras
|
|
- (lab) Add Vagrant user to SSH group
|
|
- Add atmen user to sudoers
|
|
- Install openmediavault-zfs, openmediavault-s3, openmediavault-filebrowser
|
|
|
|
# OMV manual configuration
|
|
## NFS configuration
|
|
- Create FS
|
|
- Enable NFS
|
|
- `subtree_check,insecure,no_root_squash,anonuid=1000,anongid=100` in NFS share extra options
|