From e189517d27fa7156664f2f88e60b2545978a7ae8 Mon Sep 17 00:00:00 2001 From: Jef Roosens Date: Sat, 11 Dec 2021 16:59:48 +0100 Subject: [PATCH] Added portainer & traefik --- main.yml | 15 +++ .../templates/portainer-stack.yml.j2 | 4 +- roles/set-hostname/tasks/main.yml | 2 +- roles/traefik-deploy/tasks/main.yml | 4 +- sshd_config | 121 ------------------ vagrant.hosts.ini | 10 +- 6 files changed, 27 insertions(+), 129 deletions(-) delete mode 100644 sshd_config diff --git a/main.yml b/main.yml index 051086f..3d04221 100644 --- a/main.yml +++ b/main.yml @@ -6,6 +6,8 @@ - install-base-packages - docker - net-security + - set-hostname + tags: base - name: Initialize Docker swarm. hosts: admin @@ -28,3 +30,16 @@ - docker-swarm-add-worker tags: swarm +- name: Deploy Portainer. + hosts: admin + become: yes + roles: + - portainer-deploy + tags: portainer + +- name: Deploy Traefik. + hosts: admin + become: yes + roles: + - traefik-deploy + tags: traefik diff --git a/roles/portainer-deploy/templates/portainer-stack.yml.j2 b/roles/portainer-deploy/templates/portainer-stack.yml.j2 index 8e0a50e..ce34d4e 100644 --- a/roles/portainer-deploy/templates/portainer-stack.yml.j2 +++ b/roles/portainer-deploy/templates/portainer-stack.yml.j2 @@ -3,7 +3,7 @@ version: '3' services: app: - image: 'portainer/portainer-ce:2.11.0-alpine' + image: 'portainer/portainer-ce:{{ portainer_version }}-alpine' command: '-H tcp://tasks.agent:9001 --tlsskipverify' deploy: @@ -29,7 +29,7 @@ services: - '8000:8000' agent: - image: 'portainer/agent:2.9.3-alpine' + image: 'portainer/agent:{{ portainer_version }}-alpine' deploy: mode: global diff --git a/roles/set-hostname/tasks/main.yml b/roles/set-hostname/tasks/main.yml index a0b0825..a42140d 100644 --- a/roles/set-hostname/tasks/main.yml +++ b/roles/set-hostname/tasks/main.yml @@ -2,4 +2,4 @@ - name: Set hostname hostname: name: "{{ hostname }}" - method: debian + use: debian diff --git a/roles/traefik-deploy/tasks/main.yml b/roles/traefik-deploy/tasks/main.yml index 549ddc3..9e81bf2 100644 --- a/roles/traefik-deploy/tasks/main.yml +++ b/roles/traefik-deploy/tasks/main.yml @@ -2,8 +2,8 @@ - name: Copy over config file. template: src: traefik.yml.j2 - dest: "srv/traefik.yml" - notify: deploy treafik + dest: /srv/traefik.yml + notify: deploy traefik - name: Copy over stack file. template: diff --git a/sshd_config b/sshd_config deleted file mode 100644 index f83a920..0000000 --- a/sshd_config +++ /dev/null @@ -1,121 +0,0 @@ -# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -#Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Ciphers and keying -#RekeyLimit default none - -# Logging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -PermitRootLogin yes -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -PubkeyAuthentication yes - -# Expect .ssh/authorized_keys2 to be disregarded by default in future. -#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no - -# Change to yes to enable challenge-response passwords (beware issues with -# some PAM modules and threads) -ChallengeResponseAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes -#GSSAPIStrictAcceptorCheck yes -#GSSAPIKeyExchange no - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -X11Forwarding yes -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -PrintMotd no -#PrintLastLog yes -#TCPKeepAlive yes -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS no -#PidFile /var/run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - -# Allow client to pass locale environment variables -AcceptEnv LANG LC_* - -# override default of no subsystems -Subsystem sftp /usr/lib/openssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server diff --git a/vagrant.hosts.ini b/vagrant.hosts.ini index d0f6d8b..b8a7fe8 100644 --- a/vagrant.hosts.ini +++ b/vagrant.hosts.ini @@ -2,13 +2,13 @@ # originals.ini. # The admin is the main host that initializes the swarm -admin ansible_host=192.168.56.5 +admin ansible_host=192.168.56.5 hostname=alpha [managers] [workers] -192.168.56.6 -192.168.56.7 +192.168.56.6 hostname=beta +192.168.56.7 hostname=gamma [all:vars] ansible_ssh_user=debian @@ -16,3 +16,7 @@ ansible_ssh_port=2222 ansible_become_pass=pass ; ansible_ssh_private_key_file=~/.vagrant.d/insecure_private_key debian_pass=pass + +portainer_version=2.11.0 +portainer_domain=192.168.56.5 +letsencrypt_email=roosensjef@gmail.com