mirror of
https://github.com/cwchristerw/tjas-infra
synced 2025-09-05 21:23:20 +00:00
Compare commits
8 Commits
2224e2c596
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
|
cf65e1ac85 | ||
|
|
177bafaa93 | ||
|
|
89c5cc2437 | ||
|
|
586ea6bd0e | ||
|
|
13d07913ef | ||
|
|
718874a63d | ||
|
|
859b96eb88 | ||
|
|
e149ba3db0 |
@@ -2,6 +2,27 @@
|
||||
## PVJJK 1.VOS Niinisalo
|
||||
### Ylläpitäjän ohjeet
|
||||
|
||||
**Työaseman asennus**
|
||||
1. Asenna Windows Subsystem for Linux vaihtoehtoisista järjestelmäominaisuuksista.
|
||||
2. Käynnistä työasema uudelleen
|
||||
3. Asenna Debian käyttöjärjestelmä
|
||||
1. Avaa Powershell järjestelmänvalvojana
|
||||
2. Suorita asennuskomento – `wsl --install -d Debian`
|
||||
3. Aseta käyttäjätunnukseksi `asentaja` ja salasanaksi sama kuin työaseman Windows käyttäjän salasana.
|
||||
4. Vaihda isännän nimi
|
||||
1. Lisää Network kohtaan tai luo Network kohta – `echo "[network]" > /etc/wsl.conf`
|
||||
2. Lisää isännän nimi – `echo "hostname = argo.aito.tjas" > /etc/wsl.conf`
|
||||
3. Lisää Hosts tiedoston generointi – `echo "generateHosts = true" > /etc/wsl.conf`
|
||||
5. Sulje ikkuna
|
||||
4. Aseta Debian oletusarvoiseksi käyttöjärjestelmäksi ja käynnistä se uudelleen
|
||||
1. Avaa Powershell järjestelmänvalvojana
|
||||
2. Vaihda oletusarvoinen käyttöjärjestelmä – `wsl --set-default Debian`
|
||||
3. Käynnistä uudelleen käyttöjärjestelmä – `wsl -t Debian`
|
||||
4. Sulje ikkuna
|
||||
6. Avaa Debian käynnistävalikosta tai suorita Powershellissä komento järjestelmänvalvojana `wsl -d Debian`
|
||||
7. Asenna curl-paketti käyttämällä APT-paketinhallintaa – `sudo apt update && sudo apt install curl`
|
||||
8. Lataa ja suorita Init.sh skripti – `bash <(curl https://raw.githubusercontent.com/cwchristerw/tjas-infra/refs/heads/master/init.sh)`
|
||||
|
||||
**Palvelimen asennus**
|
||||
1. Asenna Debian-käyttöjärjestelmä
|
||||
2. Asenna curl-paketti käyttämällä APT-paketinhallintaa – `apt update && apt install curl`
|
||||
|
||||
61
init.sh
61
init.sh
@@ -4,63 +4,74 @@ if [ ! "$BASH_VERSION" ] ; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
underline=`tput smul`
|
||||
nounderline=`tput rmul`
|
||||
bold=$(tput bold)
|
||||
normal=$(tput sgr0)
|
||||
|
||||
ti-header(){
|
||||
echo $(tput bold)$1$(tput sgr0)
|
||||
echo ${bold}$1${normal}
|
||||
}
|
||||
|
||||
echo "${bold}"
|
||||
echo "
|
||||
==============================
|
||||
|
||||
PVJJK 1.VOS TJAS - Infra
|
||||
Init Script
|
||||
|
||||
------------------------------
|
||||
.-') _ ('-. .-')
|
||||
( OO) ) ( OO ).-. ( OO ).
|
||||
/ '._ ,--. / . --. /(_)---\_)
|
||||
|'--...__) .-')| ,| | \-. \ / _ |
|
||||
'--. .--'( OO |(_|.-'-' | |\ :\` \`.
|
||||
| | | \`-'| | \| |_.' | '..\`''.)
|
||||
| | ,--. | | | .-. |.-._) \\
|
||||
| | | '-' / | | | |\ /
|
||||
\`--' \`-----' \`--' \`--' \`-----'
|
||||
"
|
||||
echo "
|
||||
PVJJK 1.VOS NIINISALO
|
||||
TIETOJÄRJESTELMÄASENTAJIEN INTRA
|
||||
INIT SCRIPT
|
||||
"
|
||||
echo -n "${normal}"
|
||||
|
||||
stop () {
|
||||
|
||||
echo "
|
||||
==============================
|
||||
"
|
||||
|
||||
exit 1
|
||||
|
||||
}
|
||||
|
||||
ti-header "Haetaan pakettien tiedot..."
|
||||
apt update
|
||||
sudo apt update
|
||||
echo -e "\n\n"
|
||||
|
||||
ti-header "Asennetaan PVJJK 1.VOS TJAS Infran riippuvuudet APT-paketinhallinnalla..."
|
||||
apt-get install -y python3-pip python3-venv jq git curl lsb-release
|
||||
sudo apt-get install -y python3-pip python3-venv jq git curl lsb-release
|
||||
echo -e "\n\n"
|
||||
|
||||
mkdir -p /root/.ssh/keys/pvjjk-1vos-niinisalo &> /dev/null
|
||||
if [[ ! -f /root/.ssh/keys/pvjjk-1vos-niinisalo/infra ]]
|
||||
mkdir -p $HOME/.ssh/keys/pvjjk-1vos-niinisalo &> /dev/null
|
||||
if [[ ! -f $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra ]]
|
||||
then
|
||||
ti-header "Generoidaan SSH-avain Infra-repon käyttöön..."
|
||||
ssh-keygen -f /root/.ssh/keys/pvjjk-1vos-niinisalo/infra -t ed25519 -N '' -C $(hostname --fqdn)
|
||||
ssh-keygen -f $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra -t ed25519 -N '' -C $(hostname --fqdn)
|
||||
echo -e "\n\n"
|
||||
fi
|
||||
|
||||
ti-header "Luodaan Ansiblelle virtuaalinen ympäristö..."
|
||||
python3 -m venv /root/.venv/ansible
|
||||
python3 -m venv $HOME/.venv/ansible
|
||||
echo -e "\n\n"
|
||||
|
||||
ti-header "Asennetaan Ansiblen riippuvuudet..."
|
||||
/root/.venv/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect
|
||||
$HOME/.venv/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect
|
||||
echo -e "\n\n"
|
||||
|
||||
ti-header "Asennetaan Ansible..."
|
||||
/root/.venv/ansible/bin/pip3 install ansible
|
||||
$HOME/.venv/ansible/bin/pip3 install ansible
|
||||
echo -e "\n\n"
|
||||
|
||||
ti-header "Asennetaan Ansible kokoelmat..."
|
||||
/root/.venv/ansible/bin/ansible-galaxy collection install ansible.posix containers.podman --upgrade
|
||||
$HOME/.venv/ansible/bin/ansible-galaxy collection install ansible.posix containers.podman --upgrade
|
||||
echo -e "\n\n"
|
||||
|
||||
ti-header "Lisää SSH-avain Infra-repon käyttöön..."
|
||||
cat /root/.ssh/keys/pvjjk-1vos-niinisalo/infra.pub
|
||||
cat $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra.pub
|
||||
|
||||
echo -n "Onko avain lisätty Github-repoon? [K/E]"
|
||||
while [[ -z $SSHKEY_QUESTION || ! -z $SSHKEY_QUESTION && $SSHKEY_QUESTION != "K" ]]
|
||||
@@ -69,8 +80,8 @@ do
|
||||
done
|
||||
echo -e "\n\n"
|
||||
|
||||
mkdir -p /root/.ansible/vault &> /dev/null
|
||||
if [[ ! -f /root/.ansible/vault/pvjjk-1vos-niinisalo ]]
|
||||
mkdir -p $HOME/.ansible/vault &> /dev/null
|
||||
if [[ ! -f $HOME/.ansible/vault/pvjjk-1vos-niinisalo ]]
|
||||
then
|
||||
ti-header "Syötä Ansible Vaultin salasana..."
|
||||
echo -n "Salasana: "
|
||||
@@ -80,14 +91,14 @@ then
|
||||
|
||||
if [[ ! -z $VAULT_PASSWORD ]]
|
||||
then
|
||||
echo "$VAULT_PASSWORD" > /root/.ansible/vault/pvjjk-1vos-niinisalo
|
||||
echo "$VAULT_PASSWORD" > $HOME/.ansible/vault/pvjjk-1vos-niinisalo
|
||||
fi
|
||||
done
|
||||
echo -e "\n\n"
|
||||
fi
|
||||
|
||||
ti-header "Suoritetaan Infran asennus..."
|
||||
/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t installer
|
||||
$HOME/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d $HOME/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file $HOME/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t installer
|
||||
echo -e "\n\n"
|
||||
|
||||
echo "
|
||||
|
||||
@@ -0,0 +1,6 @@
|
||||
$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
|
||||
37353031396164353032396635313539613734613432323435383137303835383439663439363337
|
||||
6230323066313361383061633932616230363465326239640a333739323064653263336337633639
|
||||
64343833623362323734363239653866383037313331613738653133636364623237326637313232
|
||||
3462636261386230380a313634313965343733616137663532623965393835306562633635633831
|
||||
3166
|
||||
@@ -1,6 +1,7 @@
|
||||
---
|
||||
pvjjk_1vos_niinisalo:
|
||||
hosts:
|
||||
argo.aito.tjas:
|
||||
olympus.juva.tjas:
|
||||
vars:
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
|
||||
35
protect.sh
35
protect.sh
@@ -5,21 +5,35 @@ nounderline=`tput rmul`
|
||||
bold=$(tput bold)
|
||||
normal=$(tput sgr0)
|
||||
|
||||
echo "${bold}PVJJK 1.VOS Niinisalo / TJAS Infra / Protect${normal}"
|
||||
echo "${bold}"
|
||||
echo "
|
||||
.-') _ ('-. .-')
|
||||
( OO) ) ( OO ).-. ( OO ).
|
||||
/ '._ ,--. / . --. /(_)---\_)
|
||||
|'--...__) .-')| ,| | \-. \ / _ |
|
||||
'--. .--'( OO |(_|.-'-' | |\ :\` \`.
|
||||
| | | \`-'| | \| |_.' | '..\`''.)
|
||||
| | ,--. | | | .-. |.-._) \\
|
||||
| | | '-' / | | | |\ /
|
||||
\`--' \`-----' \`--' \`--' \`-----'
|
||||
"
|
||||
echo "
|
||||
PVJJK 1.VOS NIINISALO
|
||||
TIETOJÄRJESTELMÄASENTAJIEN INTRA
|
||||
PROTECT SCRIPT
|
||||
"
|
||||
echo -n "${normal}"
|
||||
action=$1
|
||||
|
||||
encrypt() {
|
||||
echo "${underline}Encrypting...${nounderline}"
|
||||
execute "ansible-vault encrypt --vault-id $1@vault/$1" $1
|
||||
}
|
||||
|
||||
decrypt() {
|
||||
echo "${underline}Decrypting...${nounderline}"
|
||||
execute "ansible-vault decrypt --vault-id $1@vault/$1" $1
|
||||
}
|
||||
|
||||
list() {
|
||||
echo "${underline}Listing...${nounderline}"
|
||||
i=0
|
||||
for file in inventories/$1/group_vars/* inventories/$1/host_vars/*;
|
||||
do
|
||||
@@ -41,18 +55,23 @@ for file in inventories/$2/group_vars/* inventories/$2/host_vars/*;
|
||||
|
||||
case $action in
|
||||
encrypt)
|
||||
echo "${underline}Encrypting...${nounderline}"
|
||||
encrypt pvjjk-1vos-niinisalo
|
||||
;;
|
||||
decrypt)
|
||||
echo "${underline}Decrypting...${nounderline}"
|
||||
decrypt pvjjk-1vos-niinisalo
|
||||
;;
|
||||
list)
|
||||
echo "${underline}Listing...${nounderline}"
|
||||
list pvjjk-1vos-niinisalo
|
||||
;;
|
||||
help)
|
||||
echo "encrypt, decrypt, list"
|
||||
;;
|
||||
*)
|
||||
echo "..."
|
||||
echo "${underline}HELP${nounderline}"
|
||||
echo "encrypt - Encrypt Files"
|
||||
echo "decrypt - Decrypt Files"
|
||||
echo "list - List Files"
|
||||
;;
|
||||
esac
|
||||
|
||||
echo -e "\n\n\n"
|
||||
|
||||
@@ -10,6 +10,8 @@
|
||||
import_tasks: tasks/installer.yml
|
||||
vars:
|
||||
ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
|
||||
when:
|
||||
- inventory_hostname == "olympus.juva.tjas"
|
||||
tags:
|
||||
- installer
|
||||
- never
|
||||
@@ -18,6 +20,8 @@
|
||||
import_tasks: tasks/maintenance.yml
|
||||
vars:
|
||||
ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
|
||||
when:
|
||||
- inventory_hostname == "olympus.juva.tjas"
|
||||
tags:
|
||||
- maintenance
|
||||
- never
|
||||
@@ -26,6 +30,8 @@
|
||||
import_tasks: tasks/deployer.yml
|
||||
vars:
|
||||
ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
|
||||
when:
|
||||
- inventory_hostname == "olympus.juva.tjas"
|
||||
tags:
|
||||
- deployer
|
||||
- never
|
||||
|
||||
Reference in New Issue
Block a user