Update ansible
This commit is contained in:
parent
9c0b211db2
commit
0c99c0b5b2
16 changed files with 112 additions and 41 deletions
|
@ -13,8 +13,8 @@ poll_interval = 15
|
|||
transport = smart
|
||||
remote_port = 22
|
||||
gathering = smart
|
||||
stdout_callback = skippy
|
||||
callback_whitelist = timer
|
||||
stdout_callback = default
|
||||
callbacks_enabled = timer
|
||||
timeout = 10
|
||||
remote_user = cfgmgmt
|
||||
private_key_file = ~/personal/keys/cfgmgmt
|
||||
|
@ -29,3 +29,6 @@ become_user = root
|
|||
|
||||
[diff]
|
||||
always = True
|
||||
|
||||
[hashi_vault_collection]
|
||||
token_validate = True
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
---
|
||||
lego_email_address: amarpreet@minhas.io
|
||||
letsencrypt_account_id: "{{ lookup('hashi_vault', 'secret=kv/data/acme:data ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt')['account_id'] }}"
|
||||
letsencrypt_account_id: "{{ lookup('hashi_vault', 'secret=kv/data/acme:account_id ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt') }}"
|
||||
...
|
||||
|
|
|
@ -1,16 +1,22 @@
|
|||
ansible==2.9.12
|
||||
certifi==2020.6.20
|
||||
cffi==1.14.2
|
||||
chardet==3.0.4
|
||||
cryptography==3.0
|
||||
docker==4.3.1
|
||||
hvac==0.10.5
|
||||
idna==2.10
|
||||
Jinja2==2.11.2
|
||||
MarkupSafe==1.1.1
|
||||
pycparser==2.20
|
||||
PyYAML==5.3.1
|
||||
requests==2.24.0
|
||||
six==1.15.0
|
||||
urllib3==1.25.10
|
||||
websocket-client==0.57.0
|
||||
ansible==6.5.0
|
||||
ansible-core==2.13.5
|
||||
certifi==2022.9.24
|
||||
cffi==1.15.1
|
||||
chardet==5.0.0
|
||||
charset-normalizer==2.1.1
|
||||
cryptography==38.0.3
|
||||
docker==6.0.1
|
||||
hvac==1.0.2
|
||||
idna==3.4
|
||||
Jinja2==3.1.2
|
||||
MarkupSafe==2.1.1
|
||||
packaging==21.3
|
||||
pycparser==2.21
|
||||
pyhcl==0.4.4
|
||||
pyparsing==3.0.9
|
||||
PyYAML==6.0
|
||||
requests==2.28.1
|
||||
resolvelib==0.8.1
|
||||
six==1.16.0
|
||||
urllib3==1.26.12
|
||||
websocket-client==1.4.2
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
---
|
||||
- include: "{{ ansible_os_family }}_pki.yml"
|
||||
- include: "{{ ansible_os_family }}.yml"
|
||||
- include_tasks: "{{ ansible_os_family }}_pki.yml"
|
||||
- include_tasks: "{{ ansible_os_family }}.yml"
|
||||
...
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
---
|
||||
- include: "{{ ansible_os_family }}.yml"
|
||||
- include_tasks: "{{ ansible_os_family }}.yml"
|
||||
...
|
||||
|
|
|
@ -3,7 +3,7 @@ primary_datacenter = "{{ main_dc_name }}"
|
|||
domain = "{{ consul_domain }}"
|
||||
node_name = "{{ inventory_hostname_short }}"
|
||||
|
||||
encrypt = "{{ lookup('hashi_vault', 'secret=kv/data/consul:data ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt')['gossip'] }}"
|
||||
encrypt = "{{ lookup('hashi_vault', 'secret=kv/data/consul:gossip ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt') }}"
|
||||
|
||||
verify_incoming = false
|
||||
verify_outgoing = true
|
||||
|
@ -32,6 +32,6 @@ acl {
|
|||
default_policy = "deny"
|
||||
enable_token_persistence = true
|
||||
tokens {
|
||||
default = "{{ lookup('hashi_vault', 'secret=kv/data/consul:data ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt')['server-acl-token'] }}"
|
||||
default = "{{ lookup('hashi_vault', 'secret=kv/data/consul:server-acl-token ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt') }}"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
---
|
||||
- include: "{{ ansible_os_family }}.yml"
|
||||
- include_tasks: "{{ ansible_os_family }}.yml"
|
||||
...
|
||||
|
|
|
@ -6,7 +6,7 @@ server = true
|
|||
bootstrap_expect = 3
|
||||
ui = true
|
||||
|
||||
encrypt = "{{ lookup('hashi_vault', 'secret=kv/data/consul:data ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt')['gossip'] }}"
|
||||
encrypt = "{{ lookup('hashi_vault', 'secret=kv/data/consul:gossip ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt') }}"
|
||||
|
||||
verify_outgoing = true
|
||||
verify_server_hostname = true
|
||||
|
@ -49,6 +49,6 @@ acl {
|
|||
default_policy = "deny"
|
||||
enable_token_persistence = true
|
||||
tokens {
|
||||
default = "{{ lookup('hashi_vault', 'secret=kv/data/consul:data ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt')['server-acl-token'] }}"
|
||||
default = "{{ lookup('hashi_vault', 'secret=kv/data/consul:server-acl-token ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt') }}"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- include: get_k3s.yml
|
||||
- include: server.yml
|
||||
- include_tasks: get_k3s.yml
|
||||
- include_tasks: server.yml
|
||||
when: k3s_role == "server"
|
||||
- include: clients.yml
|
||||
- include_tasks: clients.yml
|
||||
when: k3s_role == "client"
|
||||
...
|
||||
|
|
|
@ -1 +1 @@
|
|||
{{ lookup('hashi_vault', 'secret=kv/data/acme:data ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt')['private_key'] }}
|
||||
{{ lookup('hashi_vault', 'secret=kv/data/acme:private_key ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt') }}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
export NAMECHEAP_API_USER={{ lookup('hashi_vault', 'secret=kv/data/namecheap:data ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt')['api_user'] }}
|
||||
export NAMECHEAP_API_KEY={{ lookup('hashi_vault', 'secret=kv/data/namecheap:data ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt')['api_key'] }}
|
||||
export AWS_ACCESS_KEY_ID={{ lookup('hashi_vault', 'secret=kv/data/aws:data ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt')['access_key'] }}
|
||||
export AWS_SECRET_ACCESS_KEY={{ lookup('hashi_vault', 'secret=kv/data/aws:data ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt')['secret_key'] }}
|
||||
export AWS_HOSTED_ZONE_ID={{ lookup('hashi_vault', 'secret=kv/data/aws:data ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt')['hosted_zone_id'] }}
|
||||
export NAMECHEAP_API_USER={{ lookup('hashi_vault', 'secret=kv/data/namecheap:api_user ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt') }}
|
||||
export NAMECHEAP_API_KEY={{ lookup('hashi_vault', 'secret=kv/data/namecheap:api_key ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt') }}
|
||||
export AWS_ACCESS_KEY_ID={{ lookup('hashi_vault', 'secret=kv/data/aws:access_key ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt') }}
|
||||
export AWS_SECRET_ACCESS_KEY={{ lookup('hashi_vault', 'secret=kv/data/aws:secret_key ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt') }}
|
||||
export AWS_HOSTED_ZONE_ID={{ lookup('hashi_vault', 'secret=kv/data/aws:hosted_zone_id ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt') }}
|
||||
|
|
|
@ -14,13 +14,13 @@ client {
|
|||
}
|
||||
|
||||
consul {
|
||||
token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:data ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt')['consul-acl-client'] }}"
|
||||
token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:consul-acl-client ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt') }}"
|
||||
}
|
||||
|
||||
vault {
|
||||
enabled = true
|
||||
ca_file = "/etc/pki/certs/{{ vault_ca_cert_name }}"
|
||||
token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:data ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt')['vault-token'] }}"
|
||||
token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:vault-token ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt') }}"
|
||||
address = "https://vault.service.{{ consul_domain }}:8200"
|
||||
create_from_role = "nomad-cluster"
|
||||
unwrap_token = true
|
||||
|
|
|
@ -9,14 +9,14 @@ server {
|
|||
vault {
|
||||
enabled = true
|
||||
ca_file = "/etc/pki/certs/{{ vault_ca_cert_name }}"
|
||||
token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:data ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt')['vault-token'] }}"
|
||||
token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:vault-token ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt') }}"
|
||||
address = "https://vault.service.{{ consul_domain }}:8200"
|
||||
create_from_role = "nomad-cluster"
|
||||
unwrap_token = true
|
||||
}
|
||||
|
||||
consul {
|
||||
token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:data ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt')['consul-acl-server'] }}"
|
||||
token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:consul-acl-server ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt') }}"
|
||||
}
|
||||
|
||||
tls {
|
||||
|
|
|
@ -18,5 +18,5 @@ cluster_addr = "https://{{ ansible_default_ipv4.address }}:8201"
|
|||
storage "consul" {
|
||||
address = "localhost:8500"
|
||||
path = "vault/"
|
||||
token = "{{ lookup('hashi_vault', 'secret=kv/data/vault:data ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt')['consul-acl'] }}"
|
||||
token = "{{ lookup('hashi_vault', 'secret=kv/data/vault:consul-acl ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt') }}"
|
||||
}
|
||||
|
|
19
docker/satdress/Dockerfile
Normal file
19
docker/satdress/Dockerfile
Normal file
|
@ -0,0 +1,19 @@
|
|||
FROM golang:alpine
|
||||
|
||||
RUN apk add --no-cache ca-certificates git && \
|
||||
go install -tags 'postgres' github.com/golang-migrate/migrate/v4/cmd/migrate@latest && \
|
||||
mkdir -p ${GOPATH}/src/git.minhas.io/asara && \
|
||||
cd ${GOPATH}/src/git.minhas.io/asara && \
|
||||
git clone https://git.minhas.io/asara/sudoscientist-go-backend && \
|
||||
cd ${GOPATH}/src/git.minhas.io/asara/sudoscientist-go-backend && \
|
||||
go mod init && go get && go build -o /go/bin/sudoscientist-go-backend main.go && \
|
||||
mv /go/bin/* /usr/local/bin/ && \
|
||||
rm -rf /go/src && \
|
||||
apk del git
|
||||
|
||||
# Copy masked.name root cert
|
||||
COPY files/MaskedName_Root_CA.crt /usr/local/share/ca-certificates/MaskedName_Root_CA.crt
|
||||
|
||||
# update ca certs
|
||||
RUN update-ca-certificates 2>/dev/null
|
||||
CMD ["/usr/local/bin/sudoscientist-go-backend"]
|
43
docker/satdress/files/MaskedName_Root_CA.crt
Executable file
43
docker/satdress/files/MaskedName_Root_CA.crt
Executable file
|
@ -0,0 +1,43 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDNTCCAh2gAwIBAgIUYp8xo5t2lJFP3SiD1fJirgGUQJ0wDQYJKoZIhvcNAQEL
|
||||
BQAwFjEUMBIGA1UEAxMLbWFza2VkLm5hbWUwHhcNMjAwODI5MTkyMzEyWhcNMzAw
|
||||
ODI3MTkyMzQyWjAWMRQwEgYDVQQDEwttYXNrZWQubmFtZTCCASIwDQYJKoZIhvcN
|
||||
AQEBBQADggEPADCCAQoCggEBAMI7oR+KHvvznfnaAXDMO5qpSTCAYCyfjFEohYJf
|
||||
lOcnLONXb3f6sP5d1eltL+UTq0RVU5UP0aNW7hqDTa41MRw0JCDtB68yKdYq2hZf
|
||||
97gA+lj3MEJU6RTAKLrg75GRh/AbNEIgwvPuHKW6hMbtwOyM9DFU//W3xpusalXy
|
||||
RMFzAHfSDj9ci+UygUt9HINWd/SmMGG/8PghaRhfE44wRFMqYezeliIt2JIs43BV
|
||||
7HqG0Oev9WPeXmiaZUYKQetHiQqR14Mxiv1IGzCmwwN+9b4tZtZTa58oM5dPXfbb
|
||||
lrELQE5OsPaNtMtER3MgxovDN3VSCGH/O/GyaEWVanY5UF8CAwEAAaN7MHkwDgYD
|
||||
VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBY8jW3fDVUp
|
||||
URt1prhmDMjkVikgMB8GA1UdIwQYMBaAFBY8jW3fDVUpURt1prhmDMjkVikgMBYG
|
||||
A1UdEQQPMA2CC21hc2tlZC5uYW1lMA0GCSqGSIb3DQEBCwUAA4IBAQAWQz4d3QzE
|
||||
W8NGA16ZPamlVubOLB5DtZz2qrSrn3DeObLIDShInV3qtRlDx9HYJLTCA75Ket0J
|
||||
NTsyMcTy2txd4I8hgdF30XJeEciN9wZ0mKEeP/YKDwe8V2XwWq4XYkDechlWHpZo
|
||||
PfWcoLprKwVUI4HzaqkNmwcmMUI4xAsC+SLe1mrebseKm49oOwdQs/oPVLK+0nEp
|
||||
RvD0aOvohILIa/2ZtKczvhB/L3fo5pg9Ex/0JDBdDHIedMabD3qn8Idse+P5Dfwa
|
||||
Ju2Ctyb+n1TTPxRDMxs2cFbA5irr+2ARJd8jtGS+1fyxogjOWS1RR523F+qIS3su
|
||||
KibGel+gFPpq
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIID0zCCArugAwIBAgIUM52uhXSeTCim1pmzucm/cnIgNp8wDQYJKoZIhvcNAQEL
|
||||
BQAwFjEUMBIGA1UEAxMLbWFza2VkLm5hbWUwHhcNMjAwODI5MTkyNzAwWhcNMjUw
|
||||
ODI4MTkyNzMwWjAtMSswKQYDVQQDEyJtYXNrZWQubmFtZSBJbnRlcm1lZGlhdGUg
|
||||
QXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8LuGo+As
|
||||
ICYWdJjBCY0snF/X+jF1tdcrQzNiRKESEb5dsDiy979bugCblPQDQ+g5WGqXX4pj
|
||||
UyZZE3ZwhOufISlGK0ow1aMjqS+pFlQ85KRD/jUtLPRUJuQF+m2YwId/Mg6/B7Qk
|
||||
d166uJkNxS+MGZCi2OYXeoivnOY7Q0Kj/0vIbc5Vt3kCRVg2ljLSQhoBd+85AHMR
|
||||
jeRjZMeYEYF2HTVwrg4DrC/r00MVtDcNqs6+M7YZ/rzny73GvfJWfWoB1C4piZlg
|
||||
fvUcSDL5HAhjiu5cSeIR7DTuVx7t4PoK6AqUkPygDtq1ZaLybXT7X6d072dR5AXO
|
||||
nWFLPaaGJ979iwIDAQABo4IBADCB/TAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
|
||||
BAUwAwEB/zAdBgNVHQ4EFgQUIkhVYBaK9CcvXG8FM2jKVZ16oZAwHwYDVR0jBBgw
|
||||
FoAUFjyNbd8NVSlRG3WmuGYMyORWKSAwUQYIKwYBBQUHAQEERTBDMEEGCCsGAQUF
|
||||
BzAChjVodHRwOi8vdmF1bHQuY29sdW1iaWEubWFza2VkLm5hbWU6ODIwMC92MS9w
|
||||
a2lfcm9vdC9jYTBHBgNVHR8EQDA+MDygOqA4hjZodHRwOi8vdmF1bHQuY29sdW1i
|
||||
aWEubWFza2VkLm5hbWU6ODIwMC92MS9wa2lfcm9vdC9jcmwwDQYJKoZIhvcNAQEL
|
||||
BQADggEBAK6HMgR+hpwjZCmf5NszDSHr7dYKZXP4LrcHPWs94nLM33UZ572ubGHs
|
||||
dKjRw8YD0cncrsypsYmEgR57U+DHkys394wkb7UOwy1Zvd5IIRXdP0cDylz0QzqM
|
||||
APnQYN+ismkoljhk9ey0Qbo3CmPjM+UQcAxuZQtA4M+riC1+jkude1uYL0szC6Y9
|
||||
4KetfvbNkedSaV5yJaRKCBhRcC4/GjpBG/odQ/5AfBPAFjZqhcIJWBrVYbTQVC79
|
||||
hMA1iwWJPmT9LsjMSUfxFTPzxRnNXQiKFz5kT2OiS1nqh8aOcyU9YC928pkifNJV
|
||||
KokuDezJFM7ie3d+EcBk1V9lHwOWdto=
|
||||
-----END CERTIFICATE-----
|
Loading…
Reference in a new issue