From 0261160bd4a1a8aa97f9177a0f2f149106416be0 Mon Sep 17 00:00:00 2001 From: Rafael Laszlo <rlacko99@gmail.com> Date: Tue, 9 Nov 2021 15:56:46 +0100 Subject: [PATCH] Update playbook to use kszk base role --- README.md | 2 +- ansible/main/base.yaml | 2 +- .../main/templates/etc/iptables/rules.v4.j2 | 2 +- .../main/templates/etc/iptables/rules.v6.j2 | 2 +- ansible/main/vars/harbor.yaml | 19 +++++++++---------- ansible/requirements.galaxy.yaml | 4 ++-- 6 files changed, 15 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 5304386..cce459a 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ with `ansible-playbook harbor/base.yaml`. The playbook handles everything and auto start harbor. If you want to change the configuration -refer to the `ansible/harbor/templates/home/user/harbor/harbor.yml` file +refer to the `ansible/main/templates/home/user/harbor/harbor.yml` file ## LDAP diff --git a/ansible/main/base.yaml b/ansible/main/base.yaml index 770a55d..3c7203d 100644 --- a/ansible/main/base.yaml +++ b/ansible/main/base.yaml @@ -2,7 +2,7 @@ - hosts: harbor become: true roles: - - role: kszk-k8s.base + - role: kszk.base tags: ["base"] - role: kszk.iptables tags: ["iptables"] diff --git a/ansible/main/templates/etc/iptables/rules.v4.j2 b/ansible/main/templates/etc/iptables/rules.v4.j2 index 0567efa..afa1ba1 100644 --- a/ansible/main/templates/etc/iptables/rules.v4.j2 +++ b/ansible/main/templates/etc/iptables/rules.v4.j2 @@ -14,7 +14,7 @@ -A INPUT -i lo -j ACCEPT -A INPUT -p icmp -j ACCEPT --A INPUT -p tcp -m tcp --dport {{ ssh.port }} --src 152.66.0.0/8,192.168.0.0/16,10.0.0.0/8 -j ACCEPT +-A INPUT -p tcp -m tcp --dport {{ base_ssh.port }} --src 152.66.0.0/8,192.168.0.0/16,10.0.0.0/8 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT # Accept from the Kubernetes cluster diff --git a/ansible/main/templates/etc/iptables/rules.v6.j2 b/ansible/main/templates/etc/iptables/rules.v6.j2 index a9c2f3f..2b938ff 100644 --- a/ansible/main/templates/etc/iptables/rules.v6.j2 +++ b/ansible/main/templates/etc/iptables/rules.v6.j2 @@ -14,7 +14,7 @@ -A INPUT -i lo -j ACCEPT -A INPUT -p ipv6-icmp -j ACCEPT --A INPUT -p tcp -m tcp --dport {{ ssh.port }} --src 2001:738:2001::/48 -j ACCEPT +-A INPUT -p tcp -m tcp --dport {{ base_ssh.port }} --src 2001:738:2001::/48 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT # TODO node exporter from Kubernetes ipv6 diff --git a/ansible/main/vars/harbor.yaml b/ansible/main/vars/harbor.yaml index d38d45c..cd1b891 100644 --- a/ansible/main/vars/harbor.yaml +++ b/ansible/main/vars/harbor.yaml @@ -1,20 +1,18 @@ # KSZK Base role -motd_playbook_url: https://git.sch.bme.hu/kszk/sysadmin/kubernetes/harbor +base_motd_playbook_url: https://git.sch.bme.hu/kszk/sysadmin/kubernetes/harbor +base_hostname: harbor +base_motd_text: "Harbor" -hostname: harbor -motd_text: "Harbor" - -user: harbor -users: +base_users: - name: rlacko sudo: yes passwordless_sudo: yes ssh_key: https://git.sch.bme.hu/rlacko.keys - name: harbor - sudo: yes - passwordless_sudo: yes + sudo: no + passwordless_sudo: no -ssh: +base_ssh: port: 10022 permitRootLogin: "no" pubkeyAuthentication: "yes" @@ -22,7 +20,7 @@ ssh: allow: users: "rlacko" -netplan: +base_netplan: network: version: 2 renderer: networkd @@ -42,6 +40,7 @@ iptables_rules_v6_file: etc/iptables/rules.v6.j2 # Playbook vars +user: harbor harbor_hostname: harbor.sch.bme.hu acme_email: laszlo.rafael@kszk.bme.hu sites: diff --git a/ansible/requirements.galaxy.yaml b/ansible/requirements.galaxy.yaml index c4dda09..f65c412 100644 --- a/ansible/requirements.galaxy.yaml +++ b/ansible/requirements.galaxy.yaml @@ -5,10 +5,10 @@ collections: - ansible.posix roles: - - src: git@git.sch.bme.hu:kszk/sysadmin/kubernetes/base-ansible-role.git + - src: git@git.sch.bme.hu:kszk/ansible/roles/base.git scm: git version: master - name: kszk-k8s.base + name: kszk.base - src: git@git.sch.bme.hu:kszk/ansible/roles/iptables.git scm: git version: master -- GitLab