The Ansibles
Note: This repo is only here for historical/reference purposes. Most roles have been extracted and can be found in the github ANXS organization, as well as on Ansible Galaxy. Many of these will have been updated and are actively maintained.
Mainly a (growing) collection of ansible roles I have been writing. I present them here for reuse and educational purposes, since extensive examples are currently sparse, and I would've benefited from these when I started out. I hope they'll benefit others now. They're targetted and tested for Ubuntu (precise), so might not work on all systems (at least not out of the box).
I have a couple of other ones, and will update the repository when I manage to clean them up. Meanwhile, feel free to send in pull requests with fixes, updates, new roles. I'll happily review and add them.
Some of the roles require some configuration (pre- or post-), so I added some documentation. Do check these out if you don't want to waste time.
Roles included
Ordered alphabetically. Some have instructions (so RTFM).
| Role | Contents |
|---|---|
| apt | updates the aptitude sources list, updates the cache, and upgrades all packages |
| auth | setting up users and groups |
| build | makes sure essential build/make/config/compiler packages (g++, build-essential, automake, ack, ...) are installed |
| cassandra | installs & configures Cassandra |
| clojure | installs the clojure language binaries |
| common | runs over dependency roles (hostname, timezone, directories, apt, vim, build, cron, logwatch, tmpreaper, ssh, powerdns) and installs a set of tools to help you manage a server (curl, debconf, dmidecode, htop, iftop, iotop, nmap, tshark, tmux, mosh, ...) |
| cron | installs cron |
| directories | makes sure 'default' and 'additional' directories, and their auth settings, are present |
| elasticsearch | installs & configures elasticsearch |
| firewall | installs & configures ferm - don't forget to update /etc/ferm/ferm.conf |
| jdk | installs Oracle JDK binaries |
| kafka | installs & configures apache kafka |
| installs & configures a full-featured mailserver with SMTP over SSL via Postfix, IMAP over SSL via Dovecot, Full-text search in your imbox powered by solr, DNSBLs to redirect spam even before it hits your filters, DSPAM and Postgrey for spam-fencing and OpenDKIM mail server verification | |
| maven | installs the Maven build manager for JVM language projects |
| monit | installs & configures monit |
| mysql | installs, configures & hardens MySql |
| netatalk | installs & configures netatalk |
| nginx | installs & configures nginx - You can choose to install it through a package, or build it from source, and fine-tune which modules to ex/include |
| nodejs | installs nodejs - You can choose to install it through a package, or build it from source |
| powerdns | installs & the configures powerdns dns recursor |
| python | installs python & dependencies (python, python-dev, libevent-dev, cython, python3) |
| scala | installs the Scala language binaries |
| security | installs & configures fail2ban, rkhunter and lynis |
| ssh | configures (hardens!) the machines ssh |
| ssl | moves (wildcard) ssl certificates to the host |
| storm | (common, drpc, nimbus, supervisor) installs & configures twitter storm |
| supervisor | installs & configures supervisord |
| timezone | sets the systems timezone |
| tmpreaper | installs and configures [tmpreaper] |
| vim | makes sure the 'right' version of vim is installed and configured |
| vpn | installs & configures OpenVPN |
| zeromq | installs รMQ socket library |
| znc | installs & configures ZNC IRC bouncer |
| zookeeper | installs & configures Zookeeper |
Requirements
- ansible > 1.3, and it's dependencies
Contrib
Cloudbox
Inspired by inspired by Drew Crawford's post, and al3x's sovereign repo, I have created a similarly complete set that gives you a personal (mail/web/...)server.
The set-up of the scripts are different (mainly because I recycled what I had + I have a slightly different approach so I there is a better fallback mechanism for default values), as is the content of what it installs (nginx instead of apache, no owncloud due to some nasty experiences with it in the past, ...)
I took the time to write a complete tutorial, which should get you up and running very quickly (the manual work is really limited to an absolute minimum).
Vagrant
As a second example, everything is configured to work with vagrant (precise64) 'testbox' on 192.168.111.111. There's a Vagrantfile included in contrib/vagrant/ for this configuration.
Try it out:
- edit the
contrib/vagrant/Vagrantfile,contrib/vagrant/auth_vars, andhost_vars/192.168.111.111to your liking vagrant upansible-playbook -i vagrant vagrant.yml --sudo
contrib/deprecated?
Scripts I've written, yet don't consider that useful to myself. Mainly here for reference purposes. Happy if they're useful to others.
Using the-ansibles as a role library
Ansible 1.4 introduced the roles_path environment variable (See Ansible configuration docs on roles_path). This allows for the-ansibles to be used as a library of roles. Clone the repository as normal, then set roles_path in your ansible.cfg to the roles subdirectory of the-ansibles something like this:
roles_path= /path/to/the-ansibles/roles
And use the roles in playbooks as normal. Roles in your playbook directory will override those with the same name in the-ansibles allowing for selective overrides where required.
Thanks
To all contributors:
Feedback, bug-reports, requests, ...
Are welcome! Everyone benefits, really...