46 lines
1.4 KiB
Markdown
46 lines
1.4 KiB
Markdown
# Halis Ansible
|
|
|
|
This repository contains a collection of Ansible playbooks and roles to manage a k3s cluster, and its associated infrastructure.
|
|
You will find a `Makefile` to help you run the playbooks, alongside some inventory templates for each use case.
|
|
|
|
## Requirements
|
|
Before you start, make sure you have the following packages installed:
|
|
- `ansible-core`
|
|
|
|
## Before you start
|
|
### SSH connection
|
|
TODO
|
|
Document the installation of the maintainer user through ssh keys (./inventory/vars/unprovisioned.yml), same for atmen user.
|
|
|
|
### Secrets
|
|
Before you get started, you will need to create one master secret:
|
|
```bash
|
|
tr -dc 'A-Za-z0-9!"#$%&'\''()*+,-./:;<=>?@[\]^_`{|}~' </dev/urandom | head -c 13; echo
|
|
```
|
|
or use any password generator from your favorite password manager.
|
|
|
|
Keep this secret in a safe place, as it will be used to encrypt and decrypt your vault.
|
|
|
|
Two files in `./vault` are used to store sensitive data:
|
|
- `user_provisioning` contains default and maintainer user credentials
|
|
- `secrets` ansible root password and k3s secret token
|
|
|
|
They are formatted as follows:
|
|
```
|
|
# vault/user_provisioning
|
|
vault_atmen_password: <atmen_password>
|
|
vault_maintainer_user: <maintainer_user>
|
|
vault_maintainer_password: <maintainer_password>
|
|
```
|
|
|
|
```
|
|
# vault/secrets
|
|
ansible_become_password: <atmen_password>
|
|
token: <k3s_token>
|
|
```
|
|
|
|
|
|
## More configuration
|
|
Read more in the [configuration](./2-configuration.md) section.
|
|
|