HPC/HPCplaybooks
Archived
7
0
Fork 3
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: HPC:2ec22760af19df52af27dd7027eaf5d365b23f7f
Branches Tags
HPC:master HPC:jpm/addition/ssh_keys HPC:feature/molgenis-ssl
...
compare: HPC:feature/molgenis-ssl
Branches Tags
HPC:master HPC:jpm/addition/ssh_keys HPC:feature/molgenis-ssl

7 Commits
2ec22760af ... feature/mo

Author SHA1 Message Date
Egon Rijpkema
fb80addda6 Playbook for installation of new certificates 2018-12-19 16:14:49 +01:00
Egon Rijpkema
0f81929a02 added wim laptop key 2018-07-10 10:33:38 +02:00
Egon Rijpkema
1ae9fece3b Added Robin 2018-06-27 17:14:01 +02:00
Egon Rijpkema
e07ad091ec Output more readable. 
also changed depricated hostfile option.
 2018-06-01 10:38:22 +02:00
Egon Rijpkema
c95251d7ee added meta to be used in other playbooks 2018-05-11 12:01:34 +02:00
Egon Rijpkema
593082f710 Added role for jwilder nginx proxy. 
This is useful when you want to handle ssl or when you want to proxy
multiple containers on a single host.
 2018-02-13 10:07:24 +01:00
Egon Rijpkema
4b91b61b66 Updated title 2018-02-12 16:44:49 +01:00
10 changed files with 191 additions and 3 deletions
Expand all files Collapse all files

2
README.md
View File

@@ -1,4 +1,4 @@
# ssh keys repository
# HPC playbooks
The `users.yml` playbook contains users and public keys.
The playbook uses `/etc/hosts` as a database for hosts to install the keys on.

3
ansible.cfg
View File

@@ -1,2 +1,3 @@
[defaults]
hostfile = hosts.py
inventory = hosts.py
stdout_callback = debug

1
meta/main.yml Normal file
View File

@@ -0,0 +1 @@
---

81
molgenis Normal file
View File

@@ -0,0 +1,81 @@
molgenis[01:99]
molgenis[100:110]
[molgenis1-70]
molgenis[01:70]
[no-httpd]
molgenis02
molgenis07
molgenis11
molgenis15
molgenis23
molgenis24
molgenis25
molgenis28
molgenis30
molgenis32
molgenis33
molgenis36
molgenis37
molgenis38
molgenis39
molgenis40
molgenis42
molgenis43
molgenis44
molgenis45
molgenis46
molgenis47
molgenis48
molgenis49
molgenis54
molgenis57
molgenis59
molgenis61
molgenis64
molgenis65
molgenis69
molgenis70
[localhost-certfile]
molgenis03
molgenis06
molgenis04
molgenis05
molgenis09
molgenis12
molgenis13
molgenis17
molgenis16
molgenis19
molgenis20
molgenis26
molgenis21
molgenis41
molgenis51
molgenis50
molgenis52
molgenis53
molgenis56
molgenis58
molgenis68
molgenis18
molgenis55
molgenis60
molgenis66
molgenis67
[fqdn-certfile]
molgenis01
molgenis10
molgenis14
molgenis22
molgenis08
molgenis31
molgenis27
molgenis29
molgenis34
molgenis35
molgenis62
molgenis63

23
molgenis_cert.yml Normal file
View File

@@ -0,0 +1,23 @@
---
- hosts: fqdn-certfile
become: false
tasks:
- copy:
src: newcertsmolgenis/{{ ansible_hostname }}_gcc_rug_nl.crt
dest: /etc/pki/tls/certs/{{ ansible_hostname }}_gcc_rug_nl/{{ ansible_hostname }}_gcc_rug_nl.crt
backup: yes
- copy:
src: newcertsmolgenis/rsa.{{ ansible_hostname }}.gcc.rug.nl.key
dest: /etc/pki/tls/private/{{ ansible_hostname }}_gcc_rug_nl/{{ ansible_hostname }}_gcc_rug_nl.key
backup: yes
- hosts: localhost-certfile
become: true
tasks:
- copy:
src: newcertsmolgenis/{{ ansible_hostname }}_gcc_rug_nl.crt
dest: /etc/pki/tls/certs/localhost.crt
backup: yes
- copy:
src: newcertsmolgenis/rsa.{{ ansible_hostname }}.gcc.rug.nl.key
dest: /etc/pki/tls/private/localhost.key
backup: yes

6
nginx_proxy.yml Normal file
View File

@@ -0,0 +1,6 @@
---
- hosts: all
become: True
roles:
- docker
- nginx-proxy

25
roles/docker/main.yml Normal file
View File

@@ -0,0 +1,25 @@
---
# Install Docker. Centos needs te be added.
- apt_key:
id: 58118E89F3A912897C070ADBF76221572C52609D
keyserver: hkp://p80.pool.sks-keyservers.net:80
state: present
when: ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'xenial'
- apt_repository:
repo: deb https://apt.dockerproject.org/repo ubuntu-xenial main
update_cache: yes
when: ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'xenial'
- name: install docker
apt: pkg={{ item }} state=latest
with_items:
- docker-engine
- python-docker
when: ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'xenial'
- name: make sure service is started
systemd:
name: docker.service
state: started

20
roles/nginx-proxy/tasks/main.yml Normal file
View File

@@ -0,0 +1,20 @@
# Install a nginx reverse proxy with a systemd unit file.
# See https://github.com/jwilder/nginx-proxy
---
- name: install service file.
template:
src: templates/nginx-proxy.service
dest: /etc/systemd/system/nginx-proxy.service
mode: 644
owner: root
group: root
- command: systemctl daemon-reload
- name: start service at boot.
command: systemctl reenable nginx-proxy.service
- name: make sure service is started
systemd:
name: nginx-proxy.service
state: restarted

16
roles/nginx-proxy/templates/nginx-proxy.service Normal file
View File

@@ -0,0 +1,16 @@
[Unit]
Description=nginx reverse proxy for docker containers.
After=docker.service
Requires=docker.service
[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker kill %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStart=/usr/bin/docker run --name %n \
--rm -d -p 80:80 -p 443:443 -v /srv/certs:/etc/nginx/certs \
-v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
[Install]
WantedBy=multi-user.target

17
users.yml
View File

@@ -21,8 +21,12 @@
- authorized_key:
user: wim
key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPcJbucOFOFrPZwM1DKOvscYpDGYXKsgeh3/6skmZn/IhLWYHY6oanm4ifmY3kU0oNXpKgHR43x3JdkIRKmrEpYULspwdlj/ZKPYxFWhVaSTjJvmSJEgy7ET1xk+eVoKV1xRWm/BugWpbseFAOcI9ZwfH++S8JhfX6GgCIy06RUpM8EcFAWb/GO699ZnQ67qMxNdSWYHtK1zu+9svWgEzPk4zc2TihJsc7DxcfQCNfQ4vKH1Im3+QfG5bRtdyVl9yjbE+o4EWhPEWsTBgBosJfbqfywsuzibhTgyybR0Zzm4JN6Wh5wVazvNutAB291dIJt22XEx5tCyOAjLPybLy3 wim@wim-HP-Compaq-Elite-8300-MT'
key: '{{ item }}'
state: present
with_items:
- 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAilJDjQ8CIdM+5w0Q9ORXheq+hYgfPbcpJ1BoWvMxZrz2ahbamWEeLanWeGcHeQ6rEqTIXv7B3i7erkPHFo+vWUt4b/e1N1OEpuJMueGAn2cDiWbTI9KU+yNCMO8UF6wK8LWqLkUBLm0lpnylwYJDW0NCoVkANU2NJ0JkdzT/bpuAWJp3rs4H7na/EV5vZT/gllMihtIBwWfJNh1BF048PhUBs+l0MSRG8rYe2YcUF66h8btghzYsSqiETGnroVW0XKOHKjxVWO2z2+OkcHOc19zSK6EQMe0+TZFp8Jg3jPZ+4wWnmBv+Zgxg4eEQ8FvfHS7/5lnGF6YATV2cG6Nh9w== rsa-key-20180502'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPcJbucOFOFrPZwM1DKOvscYpDGYXKsgeh3/6skmZn/IhLWYHY6oanm4ifmY3kU0oNXpKgHR43x3JdkIRKmrEpYULspwdlj/ZKPYxFWhVaSTjJvmSJEgy7ET1xk+eVoKV1xRWm/BugWpbseFAOcI9ZwfH++S8JhfX6GgCIy06RUpM8EcFAWb/GO699ZnQ67qMxNdSWYHtK1zu+9svWgEzPk4zc2TihJsc7DxcfQCNfQ4vKH1Im3+QfG5bRtdyVl9yjbE+o4EWhPEWsTBgBosJfbqfywsuzibhTgyybR0Zzm4JN6Wh5wVazvNutAB291dIJt22XEx5tCyOAjLPybLy3 wim@wim-HP-Compaq-Elite-8300-MT'
- user:
name: egon
@@ -98,3 +102,14 @@
user: ger
key: 'ssh-dss AAAAB3NzaC1kc3MAAACBAMJfiOS0W95C1+r7IBgBR8CqEGpJZ8viv4bpzXWNtDTYLFbfb4rL/PgzlCQqhqJbKCkHluJPHPNAeaW8KalHvqUrtD5xciX8PovcMhkg9Dksp9P5WGKCVfJb5MKwfdtEM9tgq9OjNZFN0nF3R6oW42DvxDKu3mXWiH1PH1I4arQdAAAAFQDxHkrRaQ/t4wH2nO6WN9jWEUNiAwAAAIBR5zi9P3JudJu3dddweDaXlVXY51cGQjXvxFJtFv1d5/jI2gCxcah1dLqkJMwGgFowF4imqUXFit20kNQiG5bUnuGEJWfTg/BkaM7W3ujRxDK6wIQCvAnQ0+zJR/qMqqH7MFlutcEm+uVuACs5abvDOp0scHaOuvGfIyf+qegvLAAAAIB577xm9csmftKclreLmigUksY4zlWoIVYsjgB4ofDVemtHTGYWFBSxQsbhhUrUhB6+AcTRGJnvLyJSaEQdCghVJKEIrGl9YA9lgztd8YAHsG2iVve1mMiFI/8NYJHMWJLuFratq5eC5tpBaW+MTm21NqHKD5Ry88Ul04n+sv5lfw== ger@rc-514'
state: present
- user:
name: robin
comment: "Robin Teeninga"
group: admin
state: present
- authorized_key:
user: robin
key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXeVMbqjC0EKu8cmuxN+88l0TnzJUuRaFLufka2Mx9Adj8PtAZ4l9IP7f+O97ylbNQvci9DcC38NNe62b0ECutin3jUX9trvROYgxVMR/P89y139CSwWqBrHm29WLHdz9A0vO094HNzhp4xFVnblBUAFt3CCDIxvl59coV2bWgTykmVEoni9SSjqKgcC1hT0mIGcaDb428x9DsteJSakSNYwFbnbEbukA7Y5KQnbzaMl/h97C2FOsxiU5JZoiHgKNXCR5jkFsHzc3OEphXW1Ba4EnqsqUecpnfUr6OueFYR6a/q+AtIKVYT10lzCimXui/uf5zkntq1Kga/h3VtgmV root@robin-HP-Compaq-Elite-8300-MT'
state: present