Ansible scripts for FRI servers
Go to file
Timotej Lazar 46a9ff6fc0 ceph: add LE certificates
With a hook to restart RGW services on renewal, if there are any. Live
certificates are linked to the same path under /etc/ceph on each host,
so that the orch service spec is node-independent.

Use with something like this (port 80 must be kept free for standalone
certbot renewal):

    service_type: rgw
    spec:
      rgw_frontend_port: 8080
      rgw_frontend_extra_args:
        - ssl_port=443
        - ssl_private_key=/etc/ceph/privkey.pem
        - ssl_certificate=/etc/ceph/fullchain.pem
    extra_container_args:
      - "--volume"
      - "/etc/ceph:/etc/ceph:ro"
      - "--volume"
      - "/etc/letsencrypt:/etc/letsencrypt:ro"
2024-11-08 16:38:15 +01:00
files Add RuntimeDirectory to ssh service 2024-09-10 14:11:35 +02:00
filter_plugins Support custom allowed_ips field for services 2024-08-03 11:44:03 +02:00
roles ceph: add LE certificates 2024-11-08 16:38:15 +01:00
templates Deconsolidate network setup for proxmox and debian roles 2024-08-28 12:43:14 +02:00
.gitignore Add .gitignore 2024-05-19 14:21:25 +02:00
ansible.cfg Set become_flags in ansible.cfg 2024-06-24 21:39:34 +02:00
inventory.yml Add role=IoT to targets 2024-09-30 15:17:41 +02:00
LICENSE Unlicense 2024-05-19 14:31:43 +02:00
README.md Update instructions in README 2024-09-06 10:41:49 +02:00
setup.yml Add proxmox-backup 2024-09-10 15:07:30 +02:00
UNLICENSE Unlicense 2024-05-19 14:31:43 +02:00

These Ansible roles set up servers running various Linux distributions to participate in BGP routing. Device and IP address data are pulled from NetBox. A separate VRF mgmt is configured for a L2 management interface.

Setup

Each server should have the following information recorded in NetBox:

  • network interfaces mgmt*: used for management (Ansible) access; must define MAC and IP address
  • network interfaces lan*: used for BGP routing; must define MAC address
  • network interface lo: must define the IP address to announce over BGP, also serves as router ID

MAC addresses are used to rename interfaces in the host OS. Prefix for the management IP address should define the gateway custom field.

Run

Create a read-only token in NetBox. Define required variables:

export NETBOX_API=<url>
export NETBOX_TOKEN=<token>

Run one-off tasks with (add --key-file or other options as necessary):

ansible -m ping 'server-*'

Run a playbook with:

ansible-playbook setup.yml -l 'server-*'