Skip to content

Latest commit

 

History

History
98 lines (70 loc) · 7.07 KB

README.md

File metadata and controls

98 lines (70 loc) · 7.07 KB

The Ansibles

Mainly a (growing) collection of ansible roles I have been writing. I present them here for reuse and educational purposes, since extensive examples are currently sparse, and I would've benefited from these when I started out. I hope they'll benefit others now. They're targetted and tested for Ubuntu (precise), so might not work on all systems (at least not out of the box).

I have a couple of other ones, and will update the repository when I manage to clean them up. Meanwhile, feel free to send in pull requests with fixes, updates, new roles. I'll happily review and add them.

Some of the roles require some configuration (pre- or post-), so I added some documentation. Do check these out if you don't want to waste time.

Roles included

Ordered alphabetically. Some have instructions (so RTFM).

Role Contents
apt updates the aptitude sources list, updates the cache, and upgrades all packages
auth setting up users and groups
build makes sure essential build/make/config/compiler packages (g++, build-essential, automake, ack, ...) are installed
cassandra installs & configures Cassandra
clojure installs the clojure language binaries
common runs over dependency roles (hostname, timezone, directories, apt, vim, build, cron, logwatch, tmpreaper, ssh, powerdns) and installs a set of tools to help you manage a server (curl, debconf, dmidecode, htop, iftop, iotop, nmap, tshark, tmux, mosh, ...)
cron installs cron
directories makes sure 'default' and 'additional' directories, and their auth settings, are present
elasticsearch installs & configures elasticsearch
firewall installs & configures ferm - don't forget to update /etc/ferm/ferm.conf
jdk installs Oracle JDK binaries
kafka installs & configures apache kafka
mail installs & configures a full-featured mailserver with SMTP over SSL via Postfix, IMAP over SSL via Dovecot, Full-text search in your imbox powered by solr, DNSBLs to redirect spam even before it hits your filters, DSPAM and Postgrey for spam-fencing and OpenDKIM mail server verification
maven installs the Maven build manager for JVM language projects
monit installs & configures monit
mysql installs, configures & hardens MySql
netatalk installs & configures netatalk
nginx installs & configures nginx - You can choose to install it through a package, or build it from source, and fine-tune which modules to ex/include
nodejs installs nodejs - You can choose to install it through a package, or build it from source
powerdns installs & the configures powerdns dns recursor
python installs python & dependencies (python, python-dev, libevent-dev, cython, python3)
scala installs the Scala language binaries
security installs & configures fail2ban, rkhunter and lynis
ssh configures (hardens!) the machines ssh
ssl moves (wildcard) ssl certificates to the host
storm (common, drpc, nimbus, supervisor) installs & configures twitter storm
supervisor installs & configures supervisord
timezone sets the systems timezone
tmpreaper installs and configures [tmpreaper]
vim makes sure the 'right' version of vim is installed and configured
vpn installs & configures OpenVPN
zeromq installs ØMQ socket library
znc installs & configures ZNC IRC bouncer
zookeeper installs & configures Zookeeper

Requirements

  • ansible > 1.3, and it's dependencies

Contrib

Cloudbox

Inspired by inspired by Drew Crawford's post, and al3x's sovereign repo, I have created a similarly complete set that gives you a personal (mail/web/...)server.

The set-up of the scripts are different (mainly because I recycled what I had + I have a slightly different approach so I there is a better fallback mechanism for default values), as is the content of what it installs (nginx instead of apache, no owncloud due to some nasty experiences with it in the past, ...)

I took the time to write a complete tutorial, which should get you up and running very quickly (the manual work is really limited to an absolute minimum).

Vagrant

As a second example, everything is configured to work with vagrant (precise64) 'testbox' on 192.168.111.111. There's a Vagrantfile included in contrib/vagrant/ for this configuration.

Try it out:

  1. edit the contrib/vagrant/Vagrantfile, contrib/vagrant/auth_vars, and host_vars/192.168.111.111 to your liking
  2. vagrant up
  3. ansible-playbook -i vagrant vagrant.yml --sudo

contrib/deprecated?

Scripts I've written, yet don't consider that useful to myself. Mainly here for reference purposes. Happy if they're useful to others.

Using the-ansibles as a role library

Ansible 1.4 introduced the roles_path environment variable (See Ansible configuration docs on roles_path). This allows for the-ansibles to be used as a library of roles. Clone the repository as normal, then set roles_path in your ansible.cfg to the roles subdirectory of the-ansibles something like this:

roles_path= /path/to/the-ansibles/roles

And use the roles in playbooks as normal. Roles in your playbook directory will override those with the same name in the-ansibles allowing for selective overrides where required.

Thanks

To all contributors:

Feedback, bug-reports, requests, ...

Are welcome! Everyone benefits, really...