ansible

Ansible

c3voc - configuration management

git clone git@git.c3voc.de:cm
cd ansible
vim README.md

Public version of this repository: https://github.com/voc/cm/ansible/

Outdated

This page is outdated. As of 2022-08-01, c3voc uses bundlewrap to deploy the room setups. Please follow the README.md in the git repository to get started, or ask in #voc-lounge on hackint for support. This documentation will get adjusted soon.

To manage hosts with ansible you need to install ansible > 2.3 on your machine.

See https://docs.ansible.com/ansible/intro_installation.html for instructions

Syntax validation.

ansible-playbook -i inventory/event -l mixers site.yml --syntax-check

Basic ansible call to deploy new config to a specific host.

./ansible-playbook-keepass -u root -i inventory/event -l 192.168.122.1 site.yml

Basic ansible call to deploy new config to a set of hosts on an event.

./ansible-playbook-keepass -u voc --become --become-method=sudo -i inventory/event -l saal1 site.yml

Also have a look at the 'Usefull combinations' section of this page.

In case you need to do a lot of playbook runs you can also set the password using the following although it is not recommended.

export KEEPASS_PW='…'
./ansible-playbook-keepass … site.yml

router.lan.c3voc.de

What you need:

  • install plain debian
  • setting hostname to router.lan.c3voc.de
  • make sure you have two network interfaces configured with names pbl (public) and int (internal)
  • run ansible to deploy config

monitoring.lan.c3voc.de

You have to name the monitoring host monitoring.lan.c3voc.de. After deployment, you have to run checkmk -I && checkmk -O inventory each host.

Have a look into TODO file.

  • ansible-doc -l lists all available modules
  • ansible-doc $module opens a very helpful knowledge page for a given module
Tag Result
config Only run configuration tasks like changing config files and reload daemon.
install Run all needed tasks which needs to be run on a new and fresh installation.
deploy_website Deploy (git pull) streaming website and flush fcgi cache.
nginx Run all nginx tasks.
icecast Run all icecast tasks.
haproxy Run all haproxy tasks.
ssh(d) Run all sshd tasks.
user Manage user.
encodermode Deploys event related config. Also can be used to change from sd-dvswitch to hd-direct or to hd-voctomix
voctomix Updates/regenerates all voctomix related files on the cube
artwork Deploy artwork (background, pause loop)
checkout or pull Get update subversion or git repository versions.
gpg Update apt gpg key
  • Change nginx config on all relays: --tags nginx,config
  • Deploy only streaming website: --tags deploy_website
    • e.g. ./ansible-playbook-keepass --tags deploy_website -i event loadbalancers.yml
  • Deploy encoder setting for a conference
    • edit groupvars/all and groupvars/saal*
    • ./ansible-playbook-keepass -i inventory/event --limit encoder1.lan.c3voc.de --tags encodermode site.yml
    • or ./ansible-playbook-keepass -i inventory/event --limit encoder1.lan.c3voc.de --tags voctomix site.yml
    • or ./ansible-playbook-keepass -i inventory/event -l saal5 --tags voctomix site.yml
      • Debug without rerunning working tasks
        • KEEPASS="${KEEPASS}" KEEPASS_PW="${KEEPASS_PW}" python3 `which ansible-playbook` -i inventory/event -l saal5 --tags voctomix --start-at-task="encoder : create recording script" encoder.yml
Variable Options Usage
Event
event.acronym String
event.name String
event.slogen String
event.formats.hd yes or no
event.formats.sd yes or no
users Array<Hash> Group of users described as Array with hashes. Each user hash has to be defined with name and state keys. state could be present or absent. Default definition is in groupvars/all. | ^ Access ^^^ | trustedipv4ips | Hash | Define trusted IPv4 addresses for usage in iptables rules.
Example:
{ “comment”: '0.0.0.0/0', … } | | trustedipv6ips | Hash | Define trusted IPv6 addresses for usage in iptables rules.
Example:
{ “comment”: '::/0', … } |

=== Relay ^ Variable ^ Options ^ Usage ^ | rtmp | yes or no | Configure nginx with rtmp support. | | hidden | yes or no | Configure iptables to allow only access for IPs defined in trustedipv6ips and trustedipv4ips to the system. Default is no. | ^ nginx ^^^ | nginxworkerprocesses | Fixnum | Equivalent to nginx workerprocesses option to define number of nginx worker. Default: 2

nginxworkerconnections Fixnum
  • ansible.txt
  • Last modified: 2022/09/04 20:15
  • by kunsi