An Ansible repository for the configuration of systems and resources managed by n3tuk.
| Playbook | task Command |
Description |
|---|---|---|
n/a |
ping |
A task-specific command which will attempt to ping all hosts configured in the inventory using the standard become process. |
bootstrap.yaml |
bootstrap |
A play which will bootstrap any host listed under the bootstrap group, and is normally used for both physical nodes as well as virtual machines. |
baseline.yaml |
baseline |
A play which will configure physical and virtual machines to baselined settings. |
upgrade.yaml |
upgrade |
A play which will run an update and upgrade of all Arch Linux packages of using pacman. |
users.yaml |
users |
A play which will run an create or update of all the users and groups on a system. |
libvirtd.yaml |
libvirtd |
A play which will update the configuration of libvirtd on a system and prepare the Storage Pools. |
cache.yaml |
cache |
A play which will update the configuration of caching proxies. |
netdata.yaml |
netdata |
A play which will update the configuration of Netdata on both parent and child nodes. |
vault.yaml |
vault |
A play which will update the configuration of Hashicorp Vault in each of the environments of the Lab. |
testing.yaml |
testing |
A play which will update the configuration of test Kubernetes clusters using k3s. |
All Ansible plays run via task can be configured with limit overrides using
limit= appended after the task:
$ task bootstrap limit=node-01.s.cym-south-1.kub3.uk
task: [bootstrap] ansible-playbook \
--syntax-check plays/bootstrap.yaml
...| Role | Description |
|---|---|
filesystems |
A role to configure physical partitions and filesystems, as well as physical volumes, volume groups, and logical volumes under LVM too, with support for encrypted physical filesystems with cryptsetup. |
bootstrap |
A role to bootstrap an Arch Linux installation under a configured mount point, usually set up with filesystems above. |
issue |
A role to configure /etc/issue on the system to describe the host and display an access warning message. |
ca |
A role to install the n3t.uk Root Certificate Authoritiy certificate into the the trusted store on each system, allowing tools and utilities to trust certificates issued under it. |
secure_boot |
A role to set up the keys and UEFI firmware to support Secure Boot on physical hosts, allowing locally-built kernels to be signed for booting. |
kernels |
A role to install selected Linux kernels and configure them for booting on this system. |
systemd |
A role to update the local configuration for systemd on this system, including systemd itself, systemd-oomd, and systemd-timesyncd for NTP support. |
systemd_networkd |
A role to enable systemd-networkd and install the required configuration for the local ethernet port, as well as any VLANs and Bridges required for virtual machine access to the network. |
systemd_resolved |
A role to enable systemd-resolved for local DNS resolution, including setting up the stub resolver, and configuring the DNS settings for this system. |
starship |
A role to install and configure starship as a command-line prompt management utility, and allow it to clearly define the use and purpose of the system in both file and bash. |
fish |
A role to install and configure fish with some basic settings and to run starship for users. |
bash |
A role to install and configure bash with some basic settings and to run starship for users. |
sudo |
A role to install and configure sudo on this system with standadised defaults and limited access based on groups. |
ssh |
A role to install and configure the ssh service on this system to enable secure defaults and remote access for configured and supported users. |
pacman |
A role to install and configure the pacman utility on this system to additional Arch Linux repositories and custom settings. |
users |
A role to install and configure the users and groups on the system, including the root user. |
libvirtd |
A role to install and configure libvirtd for the system and prepare the Storage Pools for Virtual Machines. |
machines |
A role to configure all the virtual machines to run on a node, alongside the storage and any other devices required by that machine. |
nginx |
A role to configure nginx on a system with standard settings, but not to configure any virtual hosts which it may serve. |
cache |
A role to configure a caching proxy virtual host in nginx which will proxy and cache Arch Linux repositories and packages. |
logrotate |
A role to configure logrotate with sensible defaults to support the rotation and compression of historical log files. |
netdata |
A role to configure netdata either as a parent node for centralised storage and processing, or a child to collect data and stream it to a parent node. |
vault |
A role to install and configure Hashicorp Vault along with associated proxies, certificates, and firewall rules. |
k3s |
A role to install and configure k3s nodes to build and run Kubernetes clusters in different setups, including single-node as well as server/agent setups. |