Huge update (backup, swarm , vault ....)
This commit is contained in:
4
.gitignore
vendored
4
.gitignore
vendored
@@ -1,2 +1,4 @@
|
||||
backup/
|
||||
scaleway/
|
||||
scaleway/
|
||||
.vagrant/
|
||||
ressources
|
||||
12
backup.yml
12
backup.yml
@@ -49,13 +49,23 @@
|
||||
- /opt/dockerapps/appdata/gitea/gitea/gitea/conf/app.ini
|
||||
- /opt/dockerapps/appdata/gitea/runner/config.yaml
|
||||
#! Notification
|
||||
- /opt/dockerapps/appdata/alertmanager/config/alertmanager.yml
|
||||
- /opt/dockerapps/appdata/alert/config/alertmanager.yml
|
||||
#! Homepage
|
||||
- /opt/dockerapps/appdata/homepage/homepage/bookmarks.yaml
|
||||
- /opt/dockerapps/appdata/homepage/homepage/services.yaml
|
||||
- /opt/dockerapps/appdata/homepage/homepage/settings.yaml
|
||||
#! Semaphore
|
||||
- /opt/dockerapps/appdata/semaphore/config/config.json
|
||||
#! Alertmanager
|
||||
- /opt/dockerapps/appdata/alertmanager/config/alertmanager.yml
|
||||
#! ALertmanager 2 ntfy
|
||||
- /opt/dockerapps/appdata/ntfy_alertmanager/etc/config
|
||||
#! prometheus
|
||||
- /opt/dockerapps/appdata/prometheus/prometheus/prometheus.yml
|
||||
- /opt/dockerapps/appdata/prometheus/prometheus/alerts_iowait.yml
|
||||
- /opt/dockerapps/appdata/prometheus/prometheus/alerts_memory.yml
|
||||
- /opt/dockerapps/appdata/prometheus/prometheus/alerts_space.yml
|
||||
- /opt/dockerapps/appdata/prometheus/prometheus/alerts_load.yml
|
||||
|
||||
- name: Push backup to git
|
||||
ansible.builtin.shell: |
|
||||
|
||||
@@ -8,4 +8,7 @@ collections:
|
||||
# - name: geerlingguy.redis
|
||||
- name: git+https://github.com/netways/ansible-collection-elasticstack.git
|
||||
# - name: elastic.elasticsearch
|
||||
# - name: geerlingguy.kibana
|
||||
# - name: geerlingguy.kibana
|
||||
- name: softing.swarm
|
||||
- name: community.crypto
|
||||
- name: community.hashi_vault
|
||||
0
group_vars/testswarm.yml
Normal file
0
group_vars/testswarm.yml
Normal file
17
hosts
17
hosts
@@ -35,4 +35,19 @@ ubuntu ansible_host=192.168.0.26 ansible_user=vagrant ansible_password=vagrant
|
||||
; ubuntu-worker ansible_host=192.168.33.11 ansible_user=vagrant ansible_password=vagrant
|
||||
|
||||
|
||||
#kubectl label node ubuntu-worker node-role.kubernetes.io/worker ubuntu-worker
|
||||
#kubectl label node ubuntu-worker node-role.kubernetes.io/worker ubuntu-worker
|
||||
|
||||
|
||||
|
||||
[testswarm]
|
||||
manager ansible_host=192.168.50.4 ansible_user=vagrant ansible_password=vagrant ansible_become_password=vagrant
|
||||
worker1 ansible_host=192.168.50.40 ansible_user=vagrant ansible_password=vagrant ansible_become_password=vagrant
|
||||
worker2 ansible_host=192.168.50.44 ansible_user=vagrant ansible_password=vagrant ansible_become_password=vagrant
|
||||
|
||||
|
||||
[docker_swarm_manager]
|
||||
manager ansible_host=192.168.50.4 ansible_user=vagrant ansible_password=vagrant ansible_become_password=vagrant
|
||||
|
||||
[docker_swarm_worker]
|
||||
worker1 ansible_host=192.168.50.40 ansible_user=vagrant ansible_password=vagrant ansible_become_password=vagrant
|
||||
worker2 ansible_host=192.168.50.44 ansible_user=vagrant ansible_password=vagrant ansible_become_password=vagrant
|
||||
1
roles/.gitignore
vendored
1
roles/.gitignore
vendored
@@ -45,3 +45,4 @@ robertdebock.update
|
||||
ansible-role-labocbz-install-grafana
|
||||
cloudalchemy.grafana
|
||||
CTL-Fed-Security.ansible-grafana
|
||||
thomasjpfan.docker-swarm
|
||||
@@ -47,3 +47,4 @@
|
||||
src: git+https://gitlab.epfl.ch/ansible-sti-roles/ansible-unattended-upgrades.git
|
||||
- name: ansible-role-labocbz-install-grafana
|
||||
src: git+https://gitlab.com/cbz-d-velop/public-ansible/ansible-role-labocbz-install-grafana.git
|
||||
- src: thomasjpfan.docker-swarm
|
||||
93
swarm.yml
Normal file
93
swarm.yml
Normal file
@@ -0,0 +1,93 @@
|
||||
---
|
||||
- name: Swarm
|
||||
hosts: testswarm
|
||||
become: true
|
||||
|
||||
|
||||
# apt-get install sshpass
|
||||
|
||||
# #
|
||||
# # @author Stéphane Gratias (2021).
|
||||
#
|
||||
|
||||
pre_tasks:
|
||||
# - name: Create node_exporter cert dir
|
||||
# file:
|
||||
# path: "{{ item }}"
|
||||
# state: directory
|
||||
# owner: root
|
||||
# group: root
|
||||
# loop:
|
||||
# - /etc/node_exporter
|
||||
|
||||
####lala
|
||||
### lala
|
||||
|
||||
# - name: Generate an OpenSSL private key with the default values (4096 bits, RSA)
|
||||
# community.crypto.openssl_privatekey:
|
||||
# path: /etc/node_exporter/tls.key
|
||||
# mode: 0644
|
||||
|
||||
# # /etc/node_exporter# chmod 644 tls.key
|
||||
|
||||
# - name: Generate an OpenSSL Certificate Signing Request
|
||||
# community.crypto.openssl_csr:
|
||||
# path: /etc/node_exporter/tls.csr
|
||||
# privatekey_path: /etc/node_exporter/tls.key
|
||||
# common_name: "{{ inventory_hostname }}.netbird.cloud"
|
||||
|
||||
# - name: Generate a Self Signed OpenSSL certificate
|
||||
# community.crypto.x509_certificate:
|
||||
# path: /etc/node_exporter/tls.cert
|
||||
# privatekey_path: /etc/node_exporter/tls.key
|
||||
# csr_path: /etc/node_exporter/tls.csr
|
||||
# provider: selfsigned
|
||||
|
||||
# roles:
|
||||
# # - { role: geerlingguy.docker, tags: docker }
|
||||
# - { role: thomasjpfan.docker-swarm, tags: pip }
|
||||
|
||||
|
||||
tasks:
|
||||
|
||||
# # touch /etc/docker/daemon.json
|
||||
# - ansible.builtin.include_role:
|
||||
# name: softing.swarm.softing_swarm_server
|
||||
# vars:
|
||||
# swarm_server_node_ip: "0.0.0.0"
|
||||
# swarm_server_hostname: "{{ hostname }}"
|
||||
# swarm_server_ca_domain: "{{ domain }}"
|
||||
# swarm_server_ca_folder: "/resources/swarm"
|
||||
|
||||
- ansible.builtin.include_role:
|
||||
name: softing.swarm.softing_swarm_certs
|
||||
apply:
|
||||
become: false
|
||||
delegate_to: "localhost"
|
||||
run_once: true
|
||||
vars:
|
||||
swarm_certs_domain: "swarm.domain.com"
|
||||
swarm_certs_folder: "{{ playbook_dir }}/resources/swarm"
|
||||
swarm_certs_nodes:
|
||||
- ip: 192.168.50.4
|
||||
hostname: manager
|
||||
domain: domain.com
|
||||
- ip: 192.168.50.40
|
||||
hostname: worker1
|
||||
domain: domain.com
|
||||
- ip: 192.168.50.44
|
||||
hostname: worker2
|
||||
domain: domain.com
|
||||
|
||||
- ansible.builtin.include_role:
|
||||
name: softing.swarm.softing_swarm_initialize
|
||||
public: yes
|
||||
vars:
|
||||
swarm_master_ip: 192.168.50.4
|
||||
|
||||
# - ansible.builtin.include_role:
|
||||
# name: "softing_swarm_worker"
|
||||
# vars:
|
||||
# swarm_worker_token: "{{ worker_token }}"
|
||||
# swarm_master_host: "192.168.121.47"
|
||||
# when: inventory_hostname in group['testworker']
|
||||
36
test-vault.yml
Normal file
36
test-vault.yml
Normal file
@@ -0,0 +1,36 @@
|
||||
|
||||
---
|
||||
- name: Swarm
|
||||
hosts: testswarm
|
||||
become: true
|
||||
gather_facts: false
|
||||
|
||||
|
||||
# apt-get install sshpass
|
||||
|
||||
# #
|
||||
# # @author Stéphane Gratias (2021).
|
||||
#
|
||||
|
||||
pre_tasks:
|
||||
|
||||
|
||||
# "{{ lookup('hashi_vault', 'secret=apps/data/my-app token=s.7z1Vxxx url=https://vault.kar.int')['data']['username'] }}"
|
||||
|
||||
# pip install hvac
|
||||
|
||||
# https://open-amt-cloud-toolkit.github.io/docs/2.0/Docker/dockerLocal_prodVault/
|
||||
|
||||
# https://elatov.github.io/2022/01/using-hashicorp-vault-with-ansible/
|
||||
|
||||
# vault secrets enable -path=apps kv-v2
|
||||
# vault kv get apps/my-app
|
||||
# vault token create -explicit-max-ttl=8760h -policy=test -ttl=720h -renewable=true -display-name=test
|
||||
|
||||
# - ansible.builtin.debug:
|
||||
# msg: "{{ lookup('community.hashi_vault.hashi_vault', 'secret=/apps/my-app:test token=hvs.CAESIB4eVBWqRNDgcGXJpmvBe9nCpvCJ9-kM-OXq2p1WGlfBGh4KHGh2cy4xdFBYNnNMUEROOVlxOWFad3hERHI5Ulc url=http://myvault:8200') }}"
|
||||
|
||||
- name: Return all secrets from a path
|
||||
delegate_to: localhost
|
||||
ansible.builtin.debug:
|
||||
msg: "{{ lookup('community.hashi_vault.hashi_vault', 'secret=apps/data/postgres token=prout url=https://hash.jingoh.fr') }}"
|
||||
Reference in New Issue
Block a user