Update playbook to use kszk base role

0261160b · Rafael László · 8a01662f · 0261160b · 0261160b · 0261160b
Verified Commit 0261160b authored 3 years ago by Rafael László
--- a/README.md
+++ b/README.md
@@ -20,7 +20,7 @@ with `ansible-playbook harbor/base.yaml`.
 The playbook handles everything and auto start
 harbor. 
 If you want to change the configuration 
-refer to the `ansible/harbor/templates/home/user/harbor/harbor.yml` file
+refer to the `ansible/main/templates/home/user/harbor/harbor.yml` file

 ## LDAP


--- a/ansible/main/base.yaml
+++ b/ansible/main/base.yaml
@@ -2,7 +2,7 @@
 - hosts: harbor
  become: true
  roles:
-    - role: kszk-k8s.base
+    - role: kszk.base
      tags: ["base"]
    - role: kszk.iptables
      tags: ["iptables"]

--- a/ansible/main/templates/etc/iptables/rules.v4.j2
+++ b/ansible/main/templates/etc/iptables/rules.v4.j2
@@ -14,7 +14,7 @@
 -A INPUT -i lo -j ACCEPT
 -A INPUT -p icmp -j ACCEPT

-A INPUT -p tcp -m tcp --dport {{ ssh.port }} --src 152.66.0.0/8,192.168.0.0/16,10.0.0.0/8 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport {{ base_ssh.port }} --src 152.66.0.0/8,192.168.0.0/16,10.0.0.0/8 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
 # Accept from the Kubernetes cluster

--- a/ansible/main/templates/etc/iptables/rules.v6.j2
+++ b/ansible/main/templates/etc/iptables/rules.v6.j2
@@ -14,7 +14,7 @@
 -A INPUT -i lo -j ACCEPT
 -A INPUT -p ipv6-icmp -j ACCEPT

-A INPUT -p tcp -m tcp --dport {{ ssh.port }} --src 2001:738:2001::/48 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport {{ base_ssh.port }} --src 2001:738:2001::/48 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
 # TODO node exporter from Kubernetes ipv6

--- a/ansible/main/vars/harbor.yaml
+++ b/ansible/main/vars/harbor.yaml
 # KSZK Base role
-motd_playbook_url: https://git.sch.bme.hu/kszk/sysadmin/kubernetes/harbor
+base_motd_playbook_url: https://git.sch.bme.hu/kszk/sysadmin/kubernetes/harbor
+base_hostname: harbor
+base_motd_text: "Harbor"

-hostname: harbor
-motd_text: "Harbor"
-
-user: harbor
-users:
+base_users:
  - name: rlacko
    sudo: yes
    passwordless_sudo: yes
    ssh_key: https://git.sch.bme.hu/rlacko.keys
  - name: harbor
-    sudo: yes
-    passwordless_sudo: yes
+    sudo: no
+    passwordless_sudo: no

-ssh:
+base_ssh:
  port: 10022
  permitRootLogin: "no"
  pubkeyAuthentication: "yes"
@@ -22,7 +20,7 @@ ssh:
  allow:
    users: "rlacko"

-netplan:
+base_netplan:
  network:
    version: 2
    renderer: networkd
@@ -42,6 +40,7 @@ iptables_rules_v6_file: etc/iptables/rules.v6.j2

 # Playbook vars

+user: harbor
 harbor_hostname: harbor.sch.bme.hu
 acme_email: laszlo.rafael@kszk.bme.hu
 sites: 

--- a/ansible/requirements.galaxy.yaml
+++ b/ansible/requirements.galaxy.yaml
@@ -5,10 +5,10 @@ collections:
  - ansible.posix

 roles:
-  - src: git@git.sch.bme.hu:kszk/sysadmin/kubernetes/base-ansible-role.git
+  - src: git@git.sch.bme.hu:kszk/ansible/roles/base.git
    scm: git
    version: master
-    name: kszk-k8s.base
+    name: kszk.base
  - src: git@git.sch.bme.hu:kszk/ansible/roles/iptables.git
    scm: git
    version: master