Show pagesourceOld revisionsBacklinksODT exportBack to top Recent ChangesSend via e-MailPrintPermalink × Table of Contents README.md Installation Usage Keepass Password Host notes router.lan.c3voc.de monitoring.lan.c3voc.de TODO Docs Tags Overview Useful combinations Variables in roles Global usage Ansible c3voc - configuration management git clone git@git.c3voc.de:cm cd ansible vim README.md Public version of this repository: https://github.com/voc/cm/ansible/ Outdated This page is outdated. As of 2022-08-01, c3voc uses bundlewrap to deploy the room setups. Please follow the README inside the git repo to get started, or ask in #voc-lounge on hackint for support. The documentation below is only needed if you need to deploy one of the servers in a colo. README.md Installation To manage hosts with ansible you need to install ansible > 2.3 on your machine. See https://docs.ansible.com/ansible/intro_installation.html for instructions Usage Syntax validation. ansible-playbook -i inventory/event -l mixers site.yml --syntax-check Basic ansible call to deploy new config to a specific host. ./ansible-playbook-keepass -u root -i inventory/event -l 192.168.122.1 site.yml Basic ansible call to deploy new config to a set of hosts on an event. ./ansible-playbook-keepass -u voc --become --become-method=sudo -i inventory/event -l saal1 site.yml Also have a look at the 'Usefull combinations' section of this page. Keepass Password In case you need to do a lot of playbook runs you can also set the password using the following although it is not recommended. export KEEPASS_PW='…' ./ansible-playbook-keepass … site.yml Host notes router.lan.c3voc.de What you need: install plain debian setting hostname to router.lan.c3voc.de make sure you have two network interfaces configured with names pbl (public) and int (internal) run ansible to deploy config monitoring.lan.c3voc.de You have to name the monitoring host monitoring.lan.c3voc.de. After deployment, you have to run checkmk -I && checkmk -O inventory each host. TODO Have a look into TODO file. Docs ansible-doc -l lists all available modules ansible-doc $module opens a very helpful knowledge page for a given module Documentation Page Tags Overview Tag Result config Only run configuration tasks like changing config files and reload daemon. install Run all needed tasks which needs to be run on a new and fresh installation. deploy_website Deploy (git pull) streaming website and flush fcgi cache. nginx Run all nginx tasks. icecast Run all icecast tasks. haproxy Run all haproxy tasks. ssh(d) Run all sshd tasks. user Manage user. encodermode Deploys event related config. Also can be used to change from sd-dvswitch to hd-direct or to hd-voctomix voctomix Updates/regenerates all voctomix related files on the cube artwork Deploy artwork (background, pause loop) checkout or pull Get update subversion or git repository versions. gpg Update apt gpg key Useful combinations Change nginx config on all relays: --tags nginx,config Deploy only streaming website: --tags deploy_website e.g. ./ansible-playbook-keepass --tags deploy_website -i event loadbalancers.yml Deploy encoder setting for a conference edit groupvars/all and groupvars/saal* `./ansible-playbook-keepass -i inventory/event --limit encoder1.lan.c3voc.de --tags encodermode site.yml` * or `./ansible-playbook-keepass -i inventory/event --limit encoder1.lan.c3voc.de --tags voctomix site.yml` * or `./ansible-playbook-keepass -i inventory/event -l saal5 --tags voctomix site.yml` * Debug without rerunning working tasks KEEPASS="${KEEPASS}" KEEPASS_PW="${KEEPASS_PW}" python3 `which ansible-playbook` -i inventory/event -l saal5 --tags voctomix --start-at-task="encoder : create recording script" encoder.yml Variables in roles Global usage Variable Options Usage Event event.acronym String event.name String event.slogen String event.formats.hd yes or no event.formats.sd yes or no users Array<Hash> Group of users described as Array with hashes. Each user hash has to be defined with name and state keys. state could be present or absent. Default definition is in groupvars/all. | ^ Access ^^^ | trustedipv4ips | Hash | Define trusted IPv4 addresses for usage in iptables rules. Example: { “comment”: '0.0.0.0/0', … } | | trustedipv6ips | Hash | Define trusted IPv6 addresses for usage in iptables rules. Example: { “comment”: '::/0', … } | === Relay ^ Variable ^ Options ^ Usage ^ | rtmp | yes or no | Configure nginx with rtmp support. | | hidden | yes or no | Configure iptables to allow only access for IPs defined in trustedipv6ips and trustedipv4ips to the system. Default is no. | ^ nginx ^^^ | nginxworkerprocesses | Fixnum | Equivalent to nginx workerprocesses option to define number of nginx worker. Default: 2 nginxworkerconnections Fixnum ansible.txt Last modified: 2022/12/27 20:34by kunsi