Timotej Lazar
46a9ff6fc0
With a hook to restart RGW services on renewal, if there are any. Live
certificates are linked to the same path under /etc/ceph on each host,
so that the orch service spec is node-independent.
Use with something like this (port 80 must be kept free for standalone
certbot renewal):
service_type: rgw
spec:
rgw_frontend_port: 8080
rgw_frontend_extra_args:
- ssl_port=443
- ssl_private_key=/etc/ceph/privkey.pem
- ssl_certificate=/etc/ceph/fullchain.pem
extra_container_args:
- "--volume"
- "/etc/ceph:/etc/ceph:ro"
- "--volume"
- "/etc/letsencrypt:/etc/letsencrypt:ro"
|
||
|---|---|---|
| files | ||
| filter_plugins | ||
| roles | ||
| templates | ||
| .gitignore | ||
| ansible.cfg | ||
| inventory.yml | ||
| LICENSE | ||
| README.md | ||
| setup.yml | ||
| UNLICENSE | ||
These Ansible roles set up servers running various Linux distributions to participate in BGP routing. Device and IP address data are pulled from NetBox. A separate VRF mgmt is configured for a L2 management interface.
Setup
Each server should have the following information recorded in NetBox:
- network interfaces
mgmt*: used for management (Ansible) access; must define MAC and IP address - network interfaces
lan*: used for BGP routing; must define MAC address - network interface
lo: must define the IP address to announce over BGP, also serves as router ID
MAC addresses are used to rename interfaces in the host OS. Prefix for the management IP address should define the gateway custom field.
Run
Create a read-only token in NetBox. Define required variables:
export NETBOX_API=<url>
export NETBOX_TOKEN=<token>
Run one-off tasks with (add --key-file or other options as necessary):
ansible -m ping 'server-*'
Run a playbook with:
ansible-playbook setup.yml -l 'server-*'