search

equres / sec

sec.gov CLI
2 stars 0 forks source link

Try out vagrant / Ansible #92

Closed wkoszek closed 3 years ago

wkoszek commented 3 years ago

@Hazeman99 it'd be great if you could try:

vagrant init ubuntu/trusty64
vagrant up
vagrant ssh

and then try to see if you could run Ansible against it. I think you may need to read some Ansible tutorials for this.

wkoszek commented 3 years ago 
---
- hosts: all
  remote_user: root
  vars_files:
    - ../secrets.yml

  tasks:

  - name: Set timezone
    timezone:
      name: America/Los_Angeles

  - name: Update the APT cache
    tags: init
    apt: update_cache=yes

  - name: Apt cleanup
    tags: init
    apt:
      autoremove: yes

  - name: Install required packages
    tags: init
    apt:
      pkg:
        - curl
        - git
        - htop
        - letsencrypt
        - monit
        - ncdu
        - nginx
        - docker.io
        - php7.0
        - php7.0-fpm
        - php7.0-pgsql
        - sqlite
      state: present

  - name: Get Docker Compose
    tags: init
    command: curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
    args:
      warn: false

  - name: Make sure Docker Compose is executable
    tags: init
    file:
      path: /usr/local/bin/docker-compose
      state: file
      owner: root
      mode: 0755

  - name: Copy some random scripts
    tags: init
    copy:
      dest: "/root/{{ item }}"
      src: "./bin/{{ item }}"
      mode: 0700
      owner: root
    with_items:
      - containter_ctl.sh

  - name: Add the user 'certs'
    tags: certs
    user:
      name: certs
      create_home: true
      home: /home/certs
      comment: certificates

  - name: Clone a repo
    tags: certs
    git:
      repo: 'https://github.com/Neilpang/acme.sh.git'
      dest: /home/certs/acme.sh

  - name: Copy the creds.sh
    tags: certs
    copy:
      dest: /home/certs/.creds.sh
      owner: certs
      mode: 0600
      content: "{{ creds_sh }}"

  - name: Copy script to init notifications
    tags: certs
    copy:
      dest: "/home/certs/{{ item }}"
      src: "./bin/{{ item }}"
      mode: 0700
      owner: certs
      group: certs
    with_items:
      - acme_init_notification.sh
      - acme_sh_wrapper.sh

  - name: Run init of notifications from acme.sh
    tags: certs
    command: /home/certs/acme_init_notification.sh
    become: yes
    become_user: certs

  - name: Install cron stuff
    tags: certs
    command: "/home/certs/acme_sh_wrapper.sh --install-cronjob"
    become: yes
    become_user: certs
    register: dbg

  - name: Show debug stuff
    tags: certs
    debug: var=dbg.stdout_lines

  - name: Unarchive a file that needs to be downloaded (added in 2.0)
    tags: monit
    unarchive:
      src: https://mmonit.com/monit/dist/binary/5.25.3/monit-5.25.3-linux-x64.tar.gz
      dest: /home/certs/
      remote_src: yes

  - name: Move monit
    tags: monit
    copy: remote_src=true src=/home/certs/monit-5.25.3/bin/monit dest=/usr/bin/monit

  - name: Synchronizing files which were generated locally
    tags: sync
    synchronize:
      src: files/{{ item }}/
      dest: /{{ item }}/
      owner: no
      group: no
    with_items:
      - etc/nginx
      - etc/monit

  - name: Making sure that directories exist
    tags: sync
    file:
      path: "{{item}}"
      state: directory
    with_items:
      - /etc/nginx
      - /etc/monit

  - name: List all the files
    tags: sync
    find:
      paths: /etc/nginx/sites-available
      patterns: "*"
    register: list

  - name: Make necessary links
    tags: sync
    file:
      src:  "{{ item.path }}"
      dest: "/etc/nginx/sites-enabled/{{ item.path | basename }}"
      state: link
    with_items: "{{ list.files }}"

  - name: Link some more stuff
    tags: sync
    file:
      src:  "/etc/nginx/snippets/{{ item }}"
      dest: "/etc/nginx/sites-enabled/{{ item }}"
      state: link
    with_items:
      - nohttp.conf

  - name: Make dirs
    tags: dirs
    file:
      path: /var/www/{{ item }}
      state: directory
      owner: ubuntu
      group: ubuntu
      mode: 0755
    loop: "{{ domains_clean }}"

  - name: Make some app dirs
    tags: dirs
    file:
      path: /home/ubuntu/apps/{{ item }}
      state: directory
      owner: ubuntu
      group: ubuntu
      mode: 0755
    with_items:
      - learnpolish

  - name: Make some data dirs
    tags: dirs
    file:
      path: /home/ubuntu/data/{{ item }}
      state: directory
      owner: ubuntu
      group: ubuntu
      mode: 0755
    with_items:
      - learnpolish

  - name: Make index.html everywhere
    tags: dirs
    file:
      path=/var/www/{{ item }}/index.html
      state=touch
      owner=ubuntu
      group=ubuntu
      mode=0755
    loop: "{{ domains_clean }}"

  # In case new nginx entries were added, we restart nginx.
  - name: Disable default nginx entry
    tags:
    - dirs
    - sync
    file: path=/etc/nginx/sites-enabled/default state=absent

  - name: restart nginx
    tags:
    - dirs
    - sync
    service: name=nginx state=restarted enabled=yes

  # In case we added new monit files, we restart it.
  - name: stop monit
    tags:
    - monit
    - sync
    service: name=monit state=stopped enabled=yes

  - name: start monit
    tags:
    - monit
    - sync
    service: name=monit state=started enabled=yes
wkoszek commented 3 years ago

@Hazeman99 ^^^ you have an example Ansible playbook for a basic machine setup. We may not need most of this stuff, but you can see the steps and see how it looks like