dev changes

ansible/ansible.cfg

@@ -3,13 +3,14 @@ python_interpreter=/usr/bin/python3
 interpreter_python = auto_silent
 ansible_ssh_private_key_file=../root.key
 inventory=inventory/
-remote_user=admin_dev
+remote_user=ansible
 #log_path = ./ansible.log
 #verbosity = 0
 display_ok_hosts = true
 stdout_callback = yaml
 bin_ansible_callbacks = true
 deprecation_warnings= false
+host_key_checking = False
 
 [privilege_escalation]
 Become        = true

ansible/base.yaml

@@ -1,10 +1,21 @@
 ### Playbook for adding sysupgrade, add user and ssh hardening
 
 - name: Base setup
-  hosts: dev
+  hosts: all
   vars:
-    ansible_user: root
+    #ansible_user: root
   roles:
-    - roles/sysupgrade
+    - name: Setup host
-    - roles/user_add
+      role: roles/init
-    - roles/ssh_hardening
+      tags: setup_host
+    - name: Sysupgrade role
+      role: roles/sysupgrade
+      tags: sysupgrade
+    - name: User_add role
+      role: roles/user_add
+      tags: user_add
+    - name: Ssh_hardening role
+      role: roles/ssh_hardening
+      tags: ssh_hardening
+  tags:
+  - base

ansible/full-install.yaml

@@ -1,11 +1,11 @@
 ### Playbook for datatroniq-challenge
 
 - name: Full install
-  hosts: dev
+  hosts: all
   become: false
   gather_facts: false
   vars:
-    ansible_user: root
+    ansible_user: ansible
 
 - name: Import base setup
   import_playbook: base.yaml
@@ -21,3 +21,10 @@
   import_playbook: k8s-deployments.yaml
   tags:
     - k8s-deployments
+
+- name: Cleanup
+  hosts: all
+  roles:
+    - role: roles/cleanup
+  tags:
+    - cleanup

ansible/inventory/dev.yaml

@@ -1,3 +1,5 @@
 dev:
   hosts:
-    10.3.0.100:
+    10.3.0.101:
+  vars:
+    confdir: "/root/server-configs"

ansible/k3s.yaml

@@ -1,7 +1,9 @@
 ### Playbook for installing k3s
 
 - name: Install k3s
-  hosts: dev
+  hosts: all
   become: yes
   roles:
-    - roles/k3s
+    - name: K3s role
+      role: roles/k3s
+      tags: k3s

ansible/k8s-deployments.yaml

@@ -1,12 +1,20 @@
 ### Playbook for deploying kubernetes resources
 
 - name: Install k8s apps
-  hosts: dev
+  hosts: all
   become: yes
   roles:
-    - roles/k8s-nginx-ingress
+    - name: Ingress role
-    - roles/k8s-cert-manager
+      role: roles/k8s-nginx-ingress
-    - roles/k8s-kube-prom-stack
+      tags: ingress
-    - roles/k8s-wordpress
+    - name: Cert-manager role
+      role: roles/k8s-cert-manager
+      tags: cert-mangager
+    - name: Kube-prom role
+      role: roles/k8s-kube-prom-stack
+      tags: prom-stack
+    - name: Wordpress role
+      role: roles/k8s-wordpress
+      tags: wordpress
   tags:
     - k8s-deployments

ansible/roles/k3s/tasks/main.yml

@@ -44,7 +44,7 @@
 #- name: Copy k3s.config to server
 #  ansible.builtin.copy:
 #    src: k3s.config
-#    dest: /root/config.yaml
+#    dest: "{{ confdir }}"/config.yaml
 
 - name: Install k3s (disabled traefik in favour of nginx for modSecurity support)
   shell: |

ansible/roles/k8s-cert-manager/tasks/main.yml

@@ -11,17 +11,17 @@
 - name: Copy value files
   ansible.builtin.copy:
     src: files/values.yaml
-    dest: ~/cert-manager-values.yaml
+    dest: "{{ confdir }}"/cert-manager-values.yaml
 
 - name: Copy clusterissuer-staging yaml
   ansible.builtin.copy:
     src: files/clusterissuer-staging.yaml
-    dest: ~/
+    dest: "{{ confdir }}"/
 
 - name: Copy clusterissuer-prod yaml
   ansible.builtin.copy:
     src: files/clusterissuer-prod.yaml
-    dest: ~/
+    dest: "{{ confdir }}"/ 
 
 - name: Install cert-manager
   kubernetes.core.helm:
@@ -36,17 +36,17 @@
     values:
       installCRDs: true
     values_files:
-      /root/cert-manager-values.yaml
+      "{{ confdir }}"/cert-manager-values.yaml
     state: present
 
 - name: Create staging clusterissuer for letsencrypt
   kubernetes.core.k8s:
     kubeconfig: /etc/rancher/k3s/k3s.yaml
     state: present
-    src: /root/clusterissuer-staging.yaml
+    src: "{{ confdir }}"/clusterissuer-staging.yaml
 
 - name: Create prod clusterissuer for letsencrypt
   kubernetes.core.k8s:
     kubeconfig: /etc/rancher/k3s/k3s.yaml
     state: present
-    src: /root/clusterissuer-prod.yaml
+    src: "{{ confdir }}"/clusterissuer-prod.yaml

ansible/roles/k8s-kube-prom-stack/tasks/main.yml

@@ -11,12 +11,12 @@
 - name: Copy value files
   ansible.builtin.copy:
     src: files/values.yaml
-    dest: /root/prom-values.yaml
+    dest: "{{ confdir }}"/prom-values.yaml
 
 - name: Copy wordpress-dashboard
   ansible.builtin.copy:
     src: files/wordpress-dashboard.yaml
-    dest: /root/
+    dest: "{{ confdir }}"/
 
 - name: Install kube-prom-stack
   kubernetes.core.helm:
@@ -29,11 +29,11 @@
     wait: yes
     timeout: 600s
     values_files:
-      /root/prom-values.yaml  # Path to your custom values file, if needed
+      "{{ confdir }}"/prom-values.yaml
     state: present
 
 - name: Add wordpress-dashboard to grafana
   kubernetes.core.k8s:
     kubeconfig: /etc/rancher/k3s/k3s.yaml
     state: present
-    src: /root/wordpress-dashboard.yaml
+    src: "{{ confdir }}"/wordpress-dashboard.yaml

ansible/roles/k8s-nginx-ingress/tasks/main.yml

@@ -11,7 +11,7 @@
 - name: Copy value files
   ansible.builtin.copy:
     src: files/values.yaml
-    dest: /root/ingress-values.yaml
+    dest: "{{ confdir }}"/ingress-values.yaml
 
 - name: Install ingress-nginx
   kubernetes.core.helm:
@@ -24,6 +24,6 @@
     wait: yes
     timeout: 600s
     values_files:
-      /root/ingress-values.yaml
+      "{{ confdir }}"/ingress-values.yaml
     state: present
 

ansible/roles/k8s-wordpress/tasks/main.yml

@@ -11,7 +11,7 @@
 - name: Copy value files
   ansible.builtin.copy:
     src: files/values.yaml
-    dest: ~/wordpress-values.yaml
+    dest: "{{ confdir }}"/wordpress-values.yaml
 
 - name: Install wordpress
   kubernetes.core.helm:
@@ -24,6 +24,6 @@
     wait: yes
     timeout: 600s
     values_files:
-      /root/wordpress-values.yaml
+      "{{ confdir }}"/wordpress-values.yaml
     state: present
 

ansible/roles/ssh_hardening/handlers/main.yml

@@ -4,5 +4,5 @@
 
 - name: restart_sshd
   ansible.builtin.service:
-    name: sshd
+    name: ssh
     state: restarted