GithubHelp home page GithubHelp logo

gamil1 / ansible-infrastructure Goto Github PK

View Code? Open in Web Editor NEW

This project forked from alifiroozi80/ansible-infrastructure

0.0 1.0 0.0 16 KB

Deploy a whole infrastructure with Ansible!

License: MIT License

ansible-infrastructure's Introduction

This repository contains a couple of Ansible PlayBooks that deploy and bring on the below resources on Ubuntu and CentOS (Detection is automatic):

  1. Kubernetes Cluster
    • One Master, multiple workers (Test)
    • Multiple Master, Multiple Workers (Production)
  2. A Teleport Instance
  3. A HA-Proxy (Mandatory for Production K8s setup!)
  4. A Mattermost (Deploy/Backup)
  5. A Jenkins Agent
  6. And soon, more resources! (See the below Roadmap)

Run through VPN?

Also, at the beginning of each playbook, it will ask you whether you want to set up a VPN on the target host or not. It's helpful if you want the installation to go through a VPN.

Why?

For various reasons, for instance, you live in sanctions countries like Iran.

If you want the installation to go through the VPN, you must already have an OpenConnect VPN server. (Do you want to deploy an OpenConnect VPN server? See Setup OpenVPN on a server below) Ansible runs the VPN with the openconnect client on the machine. And pass the IP, username, and Password to Ansible whenever it asks you.

Running playbooks

First, Install roles dependcies:

$ ansible-galaxy install -r requirements.yaml

To run a specific play:

$ cd playbooks
$ ansible-playbook -i ../inventory.ini <PLAYBOOK>.yaml
  • NOTE: Everything is already set. You only need to change the IP address and your ssh key in the host_vars or group_vars

At times, certain things are encoded. To execute such playbooks, follow these steps:

  1. Go to the playbooks directory.

  2. Run the command

ansible-playbook --ask-vault-pass -i ../inventory.ini <PLAYBOOK>.yaml

Notes on K8s Playbook

As I mentioned earlier, you have two options for K8s:

  1. Single master node (and multiple worker nodes): This is pretty straightforward. Just put the master IP in the [control-plane] section. And that's it.

  2. Multiple Master nodes (and multiple worker nodes):

    • We are using the Stacked ETCD model
    • As you know, in this model, you must have a load balancer for your API servers (See Here)
    • We are using HAProxy for our HA K8s setup.
    • Notice you can use this HAproxy for communication with your cluster as well, but keep in mind that mainly in a Production environment, you should separate the API Server's load balancers from other load balancers.
    • One last note: just put one of your master IPs in [control-plane] and the rest goes under [masters]

Notes on Teleport Playbook

Remember to change the proxy_service.public_addr and proxy_service.acme.email in the Teleport config file in roles/teleport/files/teleport.yaml

About Inventory

  • There is always exactly ONE IP under ha-proxy and control-plane.
  • If you want to run k8s-single.yaml play, the masters should be exactly ONE IP.
  • If your K8s Cluster is behind a bastion (Jump Host), then be sure to add the below line to the group_vars/GROUP.
ansible_ssh_common_args: '-o ProxyCommand="ssh -i KEY -p 22 -W %h:%p -q USER@BASTION-IP"'

Setup OpenVPN on a server

It's super easy. You need a Server, A Public IP, and Docker.

We use this image.

Run the below command on the server that you want to be your VPN server.

docker run --name ocserv --privileged -p 443:443 -p 443:443/udp -d tommylau/ocserv

Then, create a username and Password for your self (Here is my username, ali, put yours instead of ali)

docker exec -ti ocserv ocpasswd -c /etc/ocserv/ocpasswd -g "Route,All" ali

Roadmap

See the open issues for a complete list of proposed features (and known issues).

Contributing

Any contributions you make are greatly appreciated.

If you have a suggestion to improve this, please fork the repo and create a pull request. You can also open an issue with the tag "enhancement."

  1. Fork the Project
  2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
  3. Commit your changes (git commit -m 'Add some AmazingFeature')
  4. Push to the Branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request

License

The license is under the MIT License. See LICENSE for more information.


❤ Show your support

Give a ⭐️ if this project helped you!

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.