├── .gitignore
├── LICENSE
├── README.md
├── debops-bootstrap
    ├── README.rst
    ├── Vagrantfile
    └── bootstrap-debops.yml
├── devlab
    ├── .debops.cfg
    ├── README.rst
    └── ansible
    │   └── inventory
    │       ├── group_vars
    │           ├── all
    │           │   ├── ansible.yml
    │           │   ├── inventory.yml
    │           │   ├── sshd.yml
    │           │   └── users.yml
    │           └── devlab
    │           │   └── apt.yml
    │       ├── host_vars
    │           ├── helios
    │           │   ├── apt.yml
    │           │   ├── dnsmasq.yml
    │           │   ├── kvm.yml
    │           │   ├── postfix.yml
    │           │   └── subnetwork.yml
    │           ├── jupiter
    │           │   └── lxc.yml
    │           └── saturn
    │           │   └── lxc.yml
    │       └── hosts
├── lib
    └── vagrant
    │   └── src
    │       ├── .gitignore
    │       └── public
    │           └── .gitignore
├── scripts
    ├── gpg_add_key_to_keyring.sh
    ├── gpg_generate_key.sh
    ├── install_ansible_debops_controller.sh
    ├── provisioning.sh
    └── provisioning_ldap.sh
├── testing-roles-rolespec-vagrant
    ├── .rolespec.cfg
    ├── README.rst
    ├── Vagrantfile
    ├── debops-support.sh
    └── vagrant-support.sh
├── vagrant-ansible-single-machine
    ├── .debops.cfg
    ├── .gitignore
    ├── README.rst
    ├── Vagrantfile
    ├── ansible
    │   └── inventory
    │   │   ├── group_vars
    │   │       ├── all.yml
    │   │       ├── firstGroup.yml
    │   │       └── secondGroup.yml
    │   │   └── host_vars
    │   │       └── web.yml
    └── site.yml
├── vagrant-docker
    ├── .debops.cfg
    ├── .gitignore
    ├── Dockerfile
    ├── README.rst
    ├── Vagrantfile
    ├── ansible
    │   └── inventory
    │   │   ├── group_vars
    │   │       ├── all.yml
    │   │       ├── firstGroup.yml
    │   │       └── secondGroup.yml
    │   │   ├── groups
    │   │   └── host_vars
    │   │       └── web.yml
    └── simpletest.yml
├── vagrant-multi-machine
    ├── .debops.cfg
    ├── .gitignore
    ├── README.rst
    ├── Vagrantfile
    ├── ansible
    │   └── inventory
    │   │   ├── group_vars
    │   │       ├── all.yml
    │   │       ├── firstGroup.yml
    │   │       └── secondGroup.yml
    │   │   ├── groups
    │   │   └── host_vars
    │   │       └── web.yml
    └── simpletest.yml
└── webhost-gitusers-dokuwiki
    ├── .debops.cfg
    ├── .gitignore
    ├── README.rst
    ├── Vagrantfile
    ├── ansible
        └── inventory
        │   ├── groups
        │   └── host_vars
        │       └── web.yml
    ├── setup-dokuwiki-on-gituser
    └── test.yml


/.gitignore:
--------------------------------------------------------------------------------
 1 | ansible/secret
 2 | secret
 3 | ansible.cfg
 4 | .vagrant
 5 | roles
 6 | 
 7 | *.py[co]
 8 | 
 9 | ### vim ###
10 | [._]*.s[a-w][a-z]
11 | [._]s[a-w][a-z]
12 | *.un~
13 | Session.vim
14 | .netrwhist
15 | *~
16 | 
17 | 
18 | ### Emacs ###
19 | # -*- mode: gitignore; -*-
20 | \#*\#
21 | /.emacs.desktop
22 | /.emacs.desktop.lock
23 | *.elc
24 | auto-save-list
25 | tramp
26 | .\#*
27 | 
28 | 
29 | ### SublimeText ###
30 | # workspace files are user-specific
31 | *.sublime-workspace
32 | 
33 | # project files should be checked into the repository, unless a significant
34 | # proportion of contributors will probably not be using SublimeText
35 | # *.sublime-project
36 | 
37 | #sftp configuration file
38 | sftp-config.json
39 | 
40 | ### JetBrains IDE ###
41 | .idea
42 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2014 DebOps
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | ## DebOps Examples
 2 | 
 3 | This is a repository of example [DebOps](http://debops.org/) projects - mostly
 4 | Ansible inventories and some additional Bash scripts, when user needs to
 5 | perform actions outside Ansible.
 6 | 
 7 | Further documentation will be added at a later time.
 8 | 
 9 | ### Basic examples
10 | 
11 | * `vagrant-multi-machine`: Using Debops with a multi-machine
12 |   Vagrantfile
13 | * `webhost-gitusers-dokuwiki`: Setting up a Webserver with nginx,
14 |   docuwiki and gituser.
15 | * `testing-roles-rolespec-vagrant`: Setting up a virtual machine
16 |   (using Vagrant) for testing roles using
17 |   [rolespec](https://github.com/nickjj/rolespec)
18 | 
19 | 
20 | ### Advanced examples
21 | 
22 | * `debops-bootstrap`: Bootstrap a DebOps virtual machine with Vagrant
23 |    and run `debops` against it.
24 | * `devlab`: manage a "development lab" on an Ubuntu/Xubuntu host with
25 |    KVM virtual machines guests, which also are LXC hosts for
26 |    containers.
27 | 
28 | ### Other examples
29 | 
30 | * `vagrant-ansible-single-machine`: Using Ansible (but not debops)
31 |   with a single Vagrant box.
32 | 
33 | 


--------------------------------------------------------------------------------
/debops-bootstrap/README.rst:
--------------------------------------------------------------------------------
 1 | 
 2 | ================================================
 3 | Bootstrap and run DebOps on a single Vagrant box
 4 | ================================================
 5 | 
 6 | This project is an example for using the Vagrant Ansible provisioner
 7 | bootstraping a DebOps master server and then running ``debops`` on
 8 | itself.
 9 | 
10 | 
11 | Requirements
12 | ============
13 | 
14 | * Ansible
15 | * Vagrant 1.8 or newer
16 | 
17 | 
18 | Quick Start
19 | ===========
20 | 
21 | * Fire up Vagrant: ``vagrant up``
22 | 
23 |   This will create a virtual machine ``master`` and run a playbook
24 |   which will build and install Ansible, install DebOps, upload
25 |   the inventory generated from the ``Vagrantfile`` and eventually
26 |   run ``debops``.
27 | 
28 | 
29 | How it works
30 | ============
31 | 
32 | Vagrant will first download the ansible-debops_ role which is later
33 | used to install DebOps in the virtual machine. Then it will spin up
34 | a Debian box and runs the Ansible provisioner with the provided
35 | bootstrap-debops.yml_ playbook. The Ansible inventory and variable
36 | definitions are set in the ``Vagrantfile`` and forwarded to the
37 | provisioner. After DebOps is installed the generated inventory file
38 | is uploaded to the virtual machine and used as input to ``debops`` itself.
39 | 
40 | .. _ansible-debops: https://github.com/debops/ansible-debops
41 | .. _bootstrap-debops.yml: https://github.com/debops/examples/blob/master/bootstrap-debops/bootstrap-debops.yml
42 | 
43 | 
44 | Adopting to your needs
45 | ======================
46 | 
47 | In short:
48 | 
49 | - Add the host to any DebOps hostgroup you like to run additional
50 |   roles
51 | - Set any role variable in the ``Vagrantfile`` to adjust the DebOps
52 |   configuration (follow the ``dhparam_bits`` example)
53 | - If you want to configure and run ``debops`` interactively set
54 |   ``vagrant_upload_inventory`` and ``vagrant_run_debops`` in the
55 |   ``Vagrantfile`` to ``False``.
56 | 
57 | 
58 | ..
59 |  Local Variables:
60 |  mode: rst
61 |  ispell-local-dictionary: "american"
62 |  End:
63 | 


--------------------------------------------------------------------------------
/debops-bootstrap/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vim: ft=ruby
 3 | 
 4 | 
 5 | # ---- Configuration variables ----
 6 | 
 7 | GUI               = false # Enable/Disable GUI
 8 | RAM               = 128   # Default memory size in MB
 9 | 
10 | # Network configuration
11 | DOMAIN            = ".nat.example.com"
12 | NETWORK           = "192.168.50."
13 | NETMASK           = "255.255.255.0"
14 | 
15 | # Default Virtualbox .box
16 | # See: https://wiki.debian.org/Teams/Cloud/VagrantBaseBoxes
17 | BOX               = 'debian/jessie64'
18 | 
19 | # Ansible configuration
20 | ANSIBLE_PLAYBOOK  = "bootstrap-debops.yml"
21 | 
22 | 
23 | # ---- Custom commands run on the main host ----
24 | 
25 | # Clone ansible-bootstrap repository
26 | system("
27 |   if [ #{ARGV[0]} = 'up' ]; then
28 |     test -d roles || mkdir -p roles
29 |     if [ ! -d roles/ansible-debops ]; then
30 |       echo 'Cloning ansible-debops role'
31 |       git clone https://github.com/debops/ansible-debops roles/ansible-debops
32 |     else
33 |       echo 'Updating ansible-debops role'
34 |       cd roles/ansible-debops && git pull ; cd - >/dev/null
35 |     fi
36 |   fi
37 | ")
38 | 
39 | 
40 | # ---- Vagrant configuration ----
41 | 
42 | Vagrant.configure(2) do |config|
43 | 
44 |   config.vm.box   = BOX
45 |   config.vm.guest = :debian
46 | 
47 |   config.vm.provider "virtualbox" do |vbox|
48 |     vbox.gui    = GUI
49 |     vbox.memory = RAM
50 |   end
51 | 
52 |   config.vm.define :master do |master|
53 |     master.vm.hostname = 'master' + DOMAIN
54 |     master.vm.network :private_network, ip: NETWORK + "10", netmask: NETMASK
55 | 
56 |     config.vm.provision "ansible" do |ansible|
57 |       ansible.host_key_checking	= "false"
58 |       ansible.playbook          = ANSIBLE_PLAYBOOK
59 |       ansible.groups            = {
60 |         "debops_master"           => ["master"],
61 |         "debops_master:vars"      => {
62 |           "vagrant_upload_inventory"  => "True",
63 |           "vagrant_run_debops"        => "True",
64 |           "debops_ansible_packages"   => "[]",
65 |           "debops_install_systemwide" => "False",
66 |           "debops_update_method"      => "sync",
67 |           "debops_project_name"       => "debops-project"
68 |         },
69 |         "debops_all_hosts"        => ["master"],
70 |         "debops_all_hosts:vars"   => {
71 |           "dhparam_bits"              => "[ '1024' ]",
72 |         },
73 |       }
74 |     end
75 |   end
76 | end
77 | 


--------------------------------------------------------------------------------
/debops-bootstrap/bootstrap-debops.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - hosts: debops_master
 4 |   become: True
 5 |   become_user: root
 6 | 
 7 |   pre_tasks:
 8 | 
 9 |     - name: Download bootstrap-ansible.sh script
10 |       get_url:
11 |         url: 'https://raw.githubusercontent.com/debops/debops/master/misc/scripts/bootstrap-ansible.sh'
12 |         dest: '/usr/local/sbin'
13 |         mode: '0755'
14 | 
15 |     - name: Build Ansible Debian package
16 |       command: '/usr/local/sbin/bootstrap-ansible.sh'
17 |       args:
18 |         creates: /usr/bin/ansible
19 | 
20 |   roles:
21 | 
22 |     - role: ansible-debops
23 | 
24 |   tasks:
25 | 
26 |     - name: Upload SSH private key
27 |       copy:
28 |         src: '{{ ansible_ssh_private_key_file }}'
29 |         dest: '/home/vagrant/.ssh/id_rsa'
30 |         owner: 'vagrant'
31 |         group: 'vagrant'
32 |         mode: '0600'
33 | 
34 |     - name: Disable strict SSH host key check
35 |       ini_file:
36 |         dest: '{{ debops_project_name }}/.debops.cfg'
37 |         section: 'ansible defaults'
38 |         option: 'host_key_checking'
39 |         value: 'False'
40 | 
41 |     - name: Upload Ansible inventory
42 |       copy:
43 |         src: '.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory'
44 |         dest: '{{ debops_project_name }}/ansible/inventory/hosts'
45 |         owner: 'vagrant'
46 |         group: 'vagrant'
47 |       when: vagrant_upload_inventory|d()
48 | 
49 |     - name: Cleanup inventory definitions
50 |       lineinfile:
51 |         dest: '{{ debops_project_name }}/ansible/inventory/hosts'
52 |         regexp: '.*ansible_ssh_private_key_file.*'
53 |         state: absent
54 |       when: vagrant_upload_inventory|d()
55 | 
56 |     - name: Run DebOps
57 |       become: False
58 |       command: debops
59 |       args:
60 |         chdir: '{{ debops_project_name }}'
61 |       when: vagrant_run_debops|d()
62 | 


--------------------------------------------------------------------------------
/devlab/.debops.cfg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/debops/examples/132fcd70aa03c2638f96c0c16e3dc8beed79f00d/devlab/.debops.cfg


--------------------------------------------------------------------------------
/devlab/README.rst:
--------------------------------------------------------------------------------
 1 | DebOps Devlab
 2 | =============
 3 | 
 4 | This is an example inventory to manage a "development lab" on an Ubuntu/Xubuntu
 5 | host with KVM virtual machines as guests, which also are LXC hosts for
 6 | containers. This setup is used by `drybjed`_ for development and work.
 7 | 
 8 | .. _drybjed: https://github.com/drybjed/
 9 | 
10 | 


--------------------------------------------------------------------------------
/devlab/ansible/inventory/group_vars/all/ansible.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 
3 | # Use stable Ansible version everywhere
4 | role_ansible_version: 'v1.7.2'
5 | 
6 | 


--------------------------------------------------------------------------------
/devlab/ansible/inventory/group_vars/all/inventory.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | # Internal networks, IP addresses point to router on helios
 4 | inventory_net:
 5 | 
 6 |   # IPv4 network behind NAT
 7 |   ipv4: '192.168.144.1/24'
 8 | 
 9 |   # IPv6 network
10 |   ipv6:
11 |   	  
12 |     # Your own prefix
13 |     - '2001:db8:1234:5678::1/64'
14 | 
15 |     # ULA prefix (get one on http://unique-local-ipv6.com/)
16 |     #- '{{ "2001:db8:12:34::/48" | ipsubnet(64, 57008) | ipaddr("1") }}'
17 | 
18 |     # Automatically created 6to4 prefix on host with public IPv4 address
19 |     #- '{{ ansible_default_ipv4.address | ipaddr("6to4") | ipsubnet(64, 57008) | ipaddr("1") }}'
20 | 
21 | 


--------------------------------------------------------------------------------
/devlab/ansible/inventory/group_vars/all/sshd.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 
3 | # Allow access from internal networks on all hosts, this is needed if you use
4 | # dual-stack IPv4/IPv6 network in which case ssh connections might jump from
5 | # one IP address space to another
6 | sshd_allow: '{{ ([ inventory_net.ipv4 ] | ipaddr("subnet")) + (inventory_net.ipv6 | ipaddr("subnet")) }}'
7 | 


--------------------------------------------------------------------------------
/devlab/ansible/inventory/group_vars/all/users.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 
3 | # Set default shell to /bin/zsh
4 | users_default_shell: '/bin/zsh'
5 | 
6 | # Install dotfiles everywhere
7 | users_default_dotfiles: True
8 | 
9 | 


--------------------------------------------------------------------------------
/devlab/ansible/inventory/group_vars/devlab/apt.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 
3 | # Specify host with APT local repository and APT cache
4 | apt: 'selena.{{ ansible_domain }}'
5 | 
6 | # Add custom APT mirrors to have more reliable APT sources
7 | apt_mirrors: [ 'http://ftp.us.debian.org/debian' ]
8 | 
9 | 


--------------------------------------------------------------------------------
/devlab/ansible/inventory/host_vars/helios/apt.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | # Install additional packages on workstation
 4 | apt_host_packages:
 5 | 
 6 |   - isync
 7 |   - mutt
 8 |   - mutt-patched
 9 |   - msmtp
10 |   - urlscan
11 |   - feh
12 |   - pass
13 | 
14 |   - uptimed
15 |   - gnome-terminal
16 |   - newsbeuter
17 |   - fonts-inconsolata
18 | 
19 |   - smtube
20 |   - vlc
21 | 
22 |   - weechat-curses
23 |   - elinks
24 |   - virt-manager
25 | 
26 |   - nmap
27 |   - bind9-host
28 |   - mtr-tiny
29 |   - whois
30 |   - telnet
31 | 
32 | 


--------------------------------------------------------------------------------
/devlab/ansible/inventory/host_vars/helios/dnsmasq.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | # Enable public DNS to have internal domain resolvable from outside
 4 | dnsmasq_public_dns: True
 5 | 
 6 | # Create some CNAMEs in DNS
 7 | dnsmasq_cname:
 8 | 
 9 |   'selena': [ 'destroy.selena', 'apt' ]
10 | 
11 |   'cassini': [ 'code', 'mysql', 'ipam', 'owncloud' ]
12 | 
13 | 


--------------------------------------------------------------------------------
/devlab/ansible/inventory/host_vars/helios/kvm.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 
3 | # On Ubuntu/Xubuntu, KVM group is named differently
4 | kvm_group: 'libvirtd'
5 | 
6 | 


--------------------------------------------------------------------------------
/devlab/ansible/inventory/host_vars/helios/postfix.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | # Enable local mail on workstation and accept incoming mail from internal network
 4 | 
 5 | postfix: [ 'local', 'network', 'mx' ]
 6 | 
 7 | postfix_mynetworks: '{{ ([ inventory_net.ipv4 ] | ipaddr("subnet")) + (inventory_net.ipv6 | ipaddr("subnet")) }}'
 8 | 
 9 | postfix_allow_smtp: '{{ ([ inventory_net.ipv4 ] | ipaddr("subnet")) + (inventory_net.ipv6 | ipaddr("subnet")) }}'
10 | 
11 | 


--------------------------------------------------------------------------------
/devlab/ansible/inventory/host_vars/helios/subnetwork.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 
3 | # Configure internal network for KVM guests and LXC containers
4 | subnetwork_ipv4: '{{ inventory_net.ipv4 }}'
5 | 
6 | subnetwork_ipv6: '{{ inventory_net.ipv6 }}'
7 | 
8 | 


--------------------------------------------------------------------------------
/devlab/ansible/inventory/host_vars/jupiter/lxc.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 
3 | # Create LXC containers
4 | lxc_containers:
5 | 
6 |   - name: 'galileo'
7 |     state: 'started'
8 | 
9 | 


--------------------------------------------------------------------------------
/devlab/ansible/inventory/host_vars/saturn/lxc.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 
3 | # Create LXC containers
4 | lxc_containers:
5 | 
6 |   - name: 'cassini'
7 |     state: 'started'
8 | 
9 | 


--------------------------------------------------------------------------------
/devlab/ansible/inventory/hosts:
--------------------------------------------------------------------------------
 1 | # Example inventory for DebOps development lab
 2 | 
 3 | # ---- Ansible Controllers ----
 4 | [workstation]
 5 | 
 6 | # Primary KVM host
 7 | helios ansible_connection=local
 8 | 
 9 | 
10 | # ---- DebOps Development Lab ----
11 | [devlab]
12 | 
13 | # Local APT repository, APT cache and preseeding server
14 | selena
15 | 
16 | # LXC hosts
17 | jupiter
18 | saturn
19 | 
20 | # LXC containers
21 | galileo
22 | cassini
23 | 
24 | 
25 | # ---- IPv6 networking ----
26 | 
27 | # Enable access to IPv6 network using 6to4 tunnel
28 | [debops_6to4]
29 | helios
30 | 
31 | 
32 | # ---- Development Lab infrastructure ----
33 | 
34 | # Configure internal network for KVM guests and LXC containers
35 | [debops_subnetwork]
36 | helios
37 | 
38 | # Configure DNS. DHCP, TFTP for internal network
39 | [debops_dnsmasq]
40 | helios
41 | 
42 | # Configure KVM on main host
43 | [debops_kvm]
44 | helios
45 | 
46 | # Configure LXC containers on KVM guests
47 | [debops_lxc]
48 | jupiter
49 | saturn
50 | 
51 | 


--------------------------------------------------------------------------------
/lib/vagrant/src/.gitignore:
--------------------------------------------------------------------------------
1 | # Ignore everything in this directory
2 | *
3 | # Except this file
4 | !.gitignore
5 | 


--------------------------------------------------------------------------------
/lib/vagrant/src/public/.gitignore:
--------------------------------------------------------------------------------
1 | # Ignore everything in this directory
2 | *
3 | # Except this file
4 | !.gitignore
5 | 


--------------------------------------------------------------------------------
/scripts/gpg_add_key_to_keyring.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | ################################################################################
 4 | ################################################################################
 5 | #
 6 | # Given keyID (e.g 42ABCED23 or alice@example.com) fetch the pubKey,
 7 | # store it in the keyring and mark it as ultimate trust.
 8 | #
 9 | # Use case: add gpg keys from people/systems you trust to encrypt passwords with
10 | # theese keys. So if you have 3 collegues the password store or encfs container
11 | # will be encrypted, however it can be opened by the owners of the given keyIDs.
12 | #
13 | # Usage:
14 | #   ./gpg_add_key_to_keyring.sh 42ABCED23
15 | #   ./gpg_add_key_to_keyring.sh alice@example.com
16 | #   ./gpg_add_key_to_keyring.sh alice@example.com
17 | #
18 | ################################################################################
19 | 
20 | echo "#### Add additional keys to debops-padlock ####"
21 | 
22 | # Add given gpg key to keyring in order to encrypt the password for the encfs container with additional gpg keys.
23 | gpg --keyserver pool.sks-keyservers.net --recv-keys "$1"
24 | 
25 | #Trust the keys noninteractive in batch
26 | echo -e "5\ny\n" |  gpg --command-fd 0 --expert --edit-key "$1" trust
27 | 


--------------------------------------------------------------------------------
/scripts/gpg_generate_key.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | ################################################################################
 4 | ################################################################################
 5 | #
 6 | # If there is no gpg key for the user, create one non-interactively.
 7 | #
 8 | ################################################################################
 9 | 
10 | set -o nounset -o pipefail -o errexit
11 | 
12 | 
13 | GPG_KEY_TYPE="${GPG_KEY_TYPE:-RSA}"
14 | GPG_KEY_LENGTH="${GPG_KEY_LENGTH:-4096}"
15 | GPG_USER_REALNAME="${GPG_USER_REALNAME:-${USER}}"
16 | GPG_USER_EMAIL="${GPG_USER_EMAIL:-${USER}@$(hostname -f)}"
17 | GPG_KEY_EXPIRE_DATE="${GPG_KEY_EXPIRE_DATE:-0}"
18 | 
19 | echo "#### Install encfs and gpgv2 ####"
20 | echo "Install dependencies"
21 | sudo apt-get -q update
22 | DEBIAN_FRONTEND=noninteractive sudo apt-get \
23 |   --no-install-recommends -yq install \
24 |     encfs \
25 |     gpgv2 \
26 |     dirmngr
27 | 
28 | echo "#### Creating ${GPG_KEY_TYPE} GPG Keypair for '${GPG_USER_REALNAME} <${GPG_USER_EMAIL}>'####"
29 | # https://alexcabal.com/creating-the-perfect-gpg-keypair
30 | # https://www.gnupg.org/documentation/manuals/gnupg-devel/Unattended-GPG-key-generation.html
31 | cat >/tmp/.gpg.data <<EOF
32 |      %echo Generating a basic OpenPGP key
33 |      Key-Type: ${GPG_KEY_TYPE}
34 |      Key-Length: ${GPG_KEY_LENGTH}
35 |      Subkey-Type: ${GPG_KEY_TYPE}
36 |      Subkey-Length: ${GPG_KEY_LENGTH}
37 |      Name-Real: ${GPG_USER_REALNAME}
38 |      Name-Email:${GPG_USER_EMAIL}
39 |      Expire-Date: ${GPG_KEY_EXPIRE_DATE}
40 |      # Do a commit here, so that we can later print "done" :-)
41 |      %commit
42 |      %echo done
43 | EOF
44 | gpg --list-secret-keys | grep -q '[ultimate]' || gpg --batch --generate-key /tmp/.gpg.data
45 | 
46 | gpg --list-secret-keys
47 | 


--------------------------------------------------------------------------------
/scripts/install_ansible_debops_controller.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | ################################################################################
 4 | ################################################################################
 5 | #
 6 | # https://docs.debops.org/en/master/user-guide/install.html
 7 | #
 8 | # This scripts installs DebOps and its dependencies on a (fresh) deployed
 9 | # system with only a root account. It creates a dedicated DebOps user
10 | # (e.g. ansible) who should then execute all DebOps-playbooks.
11 | # This script only installs DebOps globally,it does not initiliaze any
12 | # DebOps-project.
13 | #
14 | ################################################################################
15 | 
16 | set -o nounset -o pipefail -o errexit
17 | 
18 | # The username used by debops
19 | DEBOPS_ADMIN_USER="${DEBOPS_ADMIN_USER:-ansible}"
20 | 
21 | echo "Install dependencies"
22 | apt-get -q update
23 | DEBIAN_FRONTEND=noninteractive apt-get \
24 |   --no-install-recommends -yq install \
25 |   iproute2 \
26 |   vim \
27 |   nano \
28 |   openssh-client \
29 |   python3-apt \
30 |   python3-distro \
31 |   python3-dnspython \
32 |   python3-future \
33 |   python3-ldap \
34 |   python3-openssl \
35 |   python3-pip \
36 |   python3-wheel \
37 |   python3-setuptools \
38 |   procps \
39 |   sudo \
40 |   tree \
41 |   git \
42 |   gpgv2 \
43 |   uuid-runtime \
44 |   sshpass \
45 |   encfs \
46 |   dirmngr \
47 |   rsync \
48 |   pass
49 | 
50 | echo "Install ansible and debops"
51 | pip3 install \
52 |  debops[ansible]
53 | 
54 | echo "Cleaning up cache directories..."
55 | apt clean
56 | 
57 | echo "Add '${DEBOPS_ADMIN_USER}' admin user"
58 | groupadd --system admins
59 | echo "%admins ALL = (ALL:ALL) NOPASSWD: SETENV: ALL" > /etc/sudoers.d/admins
60 | chmod 0440 /etc/sudoers.d/admins
61 | useradd --user-group --create-home --shell /bin/bash \
62 |        --home-dir /home/${DEBOPS_ADMIN_USER} --groups admins \
63 |        --comment '${DEBOPS_ADMIN_USER} Admin User' ${DEBOPS_ADMIN_USER}
64 | 


--------------------------------------------------------------------------------
/scripts/provisioning.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | ################################################################################
 4 | ################################################################################
 5 | #
 6 | # This script calls the needed DebOps plays/roles in order to provision a new cloud VM,
 7 | # then prepares the VM to be ansible managed and runs additional Ansible Playbooks in the correct order.
 8 | #
 9 | # Usage:
10 | #     ./provisioning.sh -l <host-or-group-to-provision>
11 | #
12 | #     You can also pass ansible parameter to DebOps
13 | #     ./provisioning.sh -l <host-or-group-to-provision> -t role::pki --skip-tags role::owncloud --user root -vvv
14 | #
15 | ################################################################################
16 | 
17 | set -o nounset -o pipefail -o errexit
18 | 
19 | # Check if we are in the correct root folder of the repo, and change upwards if needed
20 | # otherwise debops won't work
21 | if [[ ! -f .debops.cfg && -f ../.debops.cfg ]]; then
22 |     echo "Running $0 from root of repo."
23 |     pushd .. > /dev/null
24 | fi
25 | 
26 | # Run the bootstrap DebOps playbook to make the VM a DebOps/Ansible managed host.
27 | debops $@ bootstrap || debops --user root $@ bootstrap
28 | 
29 | # Execute all DebOps plays (site.yml) to install everything.
30 | debops $@
31 | 
32 | # Run the debops.pki role a second time to really get the Let's Encrypt TLS certificates.
33 | # The second run is necessary for DebOps to request the Let's Encrypt certificates
34 | # sucessfully,due to a "chicken-egg problem":
35 | #  - the debops.pki role needs the nginx server configured with debops.nginx role
36 | #    to handle the ACME http-01 authentication request
37 | #  - So, on the first run, Let's Encrypt certificates cannot be acquired because
38 | #    nginx server isn't ready to help authenticate the request.
39 | #
40 | # In order to get Let's Encrypt/ACME TLS certificates you need to meet this requirements:
41 | #  - nginx server is configured: add your server to the [debops_service_nginx] group
42 | #  - the host has at least 1 public IP address
43 | #  - add DNS records pointing to the public IP address of the server for ALL domains,
44 | #    for which an LE certificate is being requested, e.g 'cloud.example.net'
45 | #  - a separate PKI realm is configured:
46 | #      pki_host_realms:
47 | #        # Nextcloud
48 | #        - name: 'cloud.example.net'
49 | #          acme: true
50 | #          acme_domains:
51 | #            - 'cloud.example.net'
52 | #
53 | debops service/pki $@
54 | 


--------------------------------------------------------------------------------
/scripts/provisioning_ldap.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | ################################################################################
 4 | ################################################################################
 5 | #
 6 | # This script calls the needed DebOps plays/roles in order to provision a new cloud VM,
 7 | # then prepares the VM to be ansible managed and runs additional Ansible Playbooks in the correct order.
 8 | #
 9 | # Usage:
10 | #     ./provisioning_ldap.sh -l <host-or-group-to-provision>
11 | #
12 | #     You can also pass ansible parameter to DebOps
13 | #     ./provisioning_ldap.sh -l <host-or-group-to-provision> -t role::pki --skip-tags role::owncloud --user root -vvv
14 | #
15 | ################################################################################
16 | 
17 | set -o nounset -o pipefail -o errexit
18 | 
19 | # Check if we are in the correct root folder of the repo, and change upwards if needed
20 | # otherwise debops won't work
21 | if [[ ! -f .debops.cfg && -f ../.debops.cfg ]]; then
22 |     echo "Running $0 from root of repo."
23 |     pushd .. > /dev/null
24 | fi
25 | 
26 | # Run the bootstrap DebOps playbook to make the VM a DebOps/Ansible managed host.
27 | debops $@ bootstrap-ldap || debops --user root $@ bootstrap-ldap
28 | 
29 | # Execute all DebOps plays (site.yml) to install everything.
30 | debops $@
31 | 
32 | # Run the PKI role a second time (the first is executed from the site.yml DebOps playbook)
33 | #   The second run is necessary for DebOps to download/request the Let's Encrypt ACME TLS certificates
34 | #   Somehow during the first run, only the internal CA TLS Certificates are installed, but not the ACME certificates.
35 | #   Running debops.pki helps to get the ACME certs.
36 | debops service/pki $@
37 | 


--------------------------------------------------------------------------------
/testing-roles-rolespec-vagrant/.rolespec.cfg:
--------------------------------------------------------------------------------
 1 | # -*- mode: sh -*
 2 | 
 3 | wd=$(dirname "${BASH_SOURCE[0]}")
 4 | 
 5 | # Custom configuration that should only apply when *not* running in travis
 6 | if [ -z "${ROLESPEC_TRAVIS}" ] ; then
 7 |     ROLESPEC_ROLES=.
 8 |     ROLESPEC_TESTS=.
 9 |     source "$wd"/vagrant-support.sh
10 | fi
11 | 
12 | # add support for debops
13 | source "$wd"/debops-support.sh
14 | 


--------------------------------------------------------------------------------
/testing-roles-rolespec-vagrant/README.rst:
--------------------------------------------------------------------------------
 1 | 
 2 | =====================================================
 3 | Testing roles using rolespec in a virtual machine
 4 | =====================================================
 5 | 
 6 | This project is an example for how to test roles while developing
 7 | them.
 8 | 
 9 | `rolespec`_ is a great tool for developing and testing roles. Please
10 | read the `rolespec` documentation for more insight. One thing the
11 | documentation does not cover is how to set up a development
12 | environment for it. This is where this example comes in.
13 | 
14 | .. Note::
15 | 
16 |   As of 2015-01-07 nickjj's rolespec does not include the required
17 |   support for `.rolespec.cfg`. Meanwhile please use this fork:
18 |   https://github.com/htgoebel/rolespec
19 | 
20 | 
21 | 
22 | Requirements
23 | ==============
24 | 
25 | * Ansible
26 | * `rolespec`_
27 | * Vagrant
28 | 
29 | 
30 | Quick Start
31 | ===========
32 | 
33 | * Adopt the enclosed ``Vagrantfile`` to your needs. Esp. you need to
34 |   adopt the path mapping near the end of the file to match your
35 |   directory layout (see below)
36 | 
37 | * Fire up Vagrant ``vagrant up`` and log into the Vagrant host:
38 |   ``vagrant ssh``.
39 | 
40 | * On the Vagrant host, run your tests, e.g::
41 | 
42 |     cd /vargrant
43 |     rolespec -l openvpn      # lint the openvpn-role
44 |     rolespec -r openvpn      # run the tests for the openvpn-role
45 |     rolespec -r openvpn -p   # run the tests in "playbook mode"
46 | 
47 | 
48 | Directory Layout
49 | ===================
50 | 
51 | `rolespec` normally assumes this directory layout::
52 | 
53 |   /path/to/where/your/projects/are   # <--- working dir
54 |   ├── roles
55 |   │   ├── ansible-role1
56 |   │   └── debops.role42
57 |   └── tests
58 |       ├── ansible-role1
59 |       └── debops.role42
60 | 
61 | 
62 | The files as contained in this directory assumes this directory
63 | layout::
64 | 
65 |   /path/to/where/your/projects/are
66 |   └── roles
67 |       ├── ansible-role1
68 |       ├── debops.role42
69 |       └── test-suite                # <--- working dir
70 |           ├── ansible-role1
71 |           └── debops.role42
72 | 
73 | This is a layout I personally prefer. Your preferences may vary and
74 | adopting the configuration-files to your needs should be easy.
75 | 
76 | 
77 | Using your test-suite with travis
78 | ===================================
79 | 
80 | Using this test-suite with travis should be easy: The
81 | configuration-files test if running under travis and adopt
82 | settings. So you should be able to push your test-suite to github and
83 | have travis running it without changes.
84 | 
85 | 
86 | .. _rolespec: https://github.com/nickjj/rolespec
87 | 
88 | ..
89 |  Local Variables:
90 |  mode: rst
91 |  ispell-local-dictionary: "american"
92 |  End:
93 | 


--------------------------------------------------------------------------------
/testing-roles-rolespec-vagrant/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vim: ft=ruby
 3 | 
 4 | # ---- Configuration variables ----
 5 | 
 6 | GUI      = false # Enable/Disable GUI
 7 | RAM      = 128   # Default memory size in MB
 8 | 
 9 | # Network configuration
10 | DOMAIN   = ".nat.example.com"
11 | NETWORK  = "192.168.50."
12 | NETMASK  = "255.255.255.0"
13 | 
14 | # Default Virtualbox .box
15 | # See: https://wiki.debian.org/Teams/Cloud/VagrantBaseBoxes
16 | BOX               = 'debian/jessie64'
17 | 
18 | HOSTS = {
19 |    "test1" => [NETWORK+"10", RAM, GUI, BOX],
20 | }
21 | 
22 | DEBOPS = "~/.local/share/debops/debops-playbooks"
23 | 
24 | #=== end of configuration part ===
25 | 
26 | $script = <<SCRIPT
27 | apt-get install --no-install-recommends --yes python-pip make git
28 | cd /tmp
29 | #wget https://github.com/nickjj/rolespec/archive/master.zip
30 | wget https://github.com/htgoebel/rolespec/archive/master.zip
31 | unzip master.zip
32 | sudo make -C rolespec-master install
33 | rm -rf master.zip* rolespec-master
34 | cd -
35 | SCRIPT
36 | 
37 | # ---- Vagrant configuration ----
38 | 
39 | Vagrant.configure(2) do |config|
40 |   HOSTS.each do | (name, cfg) |
41 |     ipaddr, ram, gui, box = cfg
42 | 
43 |     config.vm.define name do |machine|
44 |       machine.vm.box   = box
45 |       machine.vm.guest = :debian
46 | 
47 |       machine.vm.provider "virtualbox" do |vbox|
48 |         vbox.gui    = gui
49 |         vbox.memory = ram
50 |       end
51 | 
52 |       machine.vm.hostname = name + DOMAIN
53 |       machine.vm.network 'private_network', ip: ipaddr, netmask: NETMASK
54 |     end
55 | 
56 |     config.vm.provision "shell", inline: $script
57 |     config.vm.synced_folder "..", "/roles/local"
58 |     config.vm.synced_folder DEBOPS, "/debops-playbooks"
59 |     config.vm.synced_folder DEBOPS + "/roles", "/roles/debops-roles"
60 | 
61 |   end # HOSTS-each
62 | 
63 | end
64 | 


--------------------------------------------------------------------------------
/testing-roles-rolespec-vagrant/debops-support.sh:
--------------------------------------------------------------------------------
 1 | ansible_plugins () {
 2 |     # Clone and set up DebOps playbooks repository with Ansible plugins
 3 |     #
 4 |     # If DEBOPS_PLAYBOOKS is set, DebOps playbooks are assumed to be
 5 |     # already downloaded/cloned there.
 6 |     local debops_playbooks
 7 |     if [ -z "${DEBOPS_PLAYBOOKS}" ] ; then
 8 |         debops_playbooks="${HOME}/debops-playbooks"
 9 | 	sudo apt-get -yq install python-netaddr
10 | 	git clone https://github.com/debops/debops-playbooks ${debops_playbooks}
11 |     else
12 | 	debops_playbooks="${DEBOPS_PLAYBOOKS}"
13 |     fi
14 |     cat <<EOF >> $ROLESPEC_ANSIBLE_CONFIG
15 | action_plugins = ${debops_playbooks}/playbooks/action_plugins
16 | callback_plugins = ${debops_playbooks}/playbooks/callback_plugins
17 | connection_plugins = ${debops_playbooks}/playbooks/connection_plugins
18 | lookup_plugins = ${debops_playbooks}/playbooks/lookup_plugins
19 | vars_plugins = ${debops_playbooks}/playbooks/vars_plugins
20 | filter_plugins = ${debops_playbooks}/playbooks/filter_plugins
21 | EOF
22 | }
23 | 


--------------------------------------------------------------------------------
/testing-roles-rolespec-vagrant/vagrant-support.sh:
--------------------------------------------------------------------------------
 1 | # assume we are running in a Vagrant-VM
 2 | 
 3 | if [ -d /vagrant ] ; then
 4 |     # role-paths are expected to be collected into /role/1, /roles/2, ...
 5 |     role_dirs=$(find /roles -mindepth 1 -maxdepth 1 -type d 2>/dev/null)
 6 |     _old_ifs="$IFS" # save original IFS
 7 |     IFS="$(echo -en "\n\b")" # set IFS to linebreak
 8 |     for role in ${role_dirs[@]} ; do
 9 | 	ROLESPEC_ANSIBLE_ROLES="${ROLESPEC_ANSIBLE_ROLES}:${role}"
10 |     done
11 |     IFS="$_old_ifs" # restore old IFS
12 | 
13 |     # If DebOps playbooks are available at /debops-playbooks, tell
14 |     # `ansible_plugins` to use them
15 |     if [ -d /debops-playbooks ] ; then
16 | 	DEBOPS_PLAYBOOKS=/debops-playbooks
17 |     fi
18 | fi
19 | 


--------------------------------------------------------------------------------
/vagrant-ansible-single-machine/.debops.cfg:
--------------------------------------------------------------------------------
1 | [ansible defaults]
2 | private_key_file = ~/.vagrant.d/insecure_private_key
3 | remote_user = vagrant
4 | host_key_checking = False
5 | 
6 | 


--------------------------------------------------------------------------------
/vagrant-ansible-single-machine/.gitignore:
--------------------------------------------------------------------------------
 1 | # -*- mode: gitignore; -*-
 2 | 
 3 | ansible/secret
 4 | secret
 5 | ansible.cfg
 6 | /.vagrant
 7 | 
 8 | ### vim ###
 9 | [._]*.s[a-w][a-z]
10 | [._]s[a-w][a-z]
11 | *.un~
12 | Session.vim
13 | .netrwhist
14 | *~
15 | 
16 | ### Emacs ###
17 | \#*\#
18 | /.emacs.desktop
19 | /.emacs.desktop.lock
20 | *.elc
21 | auto-save-list
22 | tramp
23 | .\#*
24 | 
25 | ### SublimeText ###
26 | # workspace files are user-specific
27 | *.sublime-workspace
28 | 
29 | # project files should be checked into the repository, unless a significant
30 | # proportion of contributors will probably not be using SublimeText
31 | # *.sublime-project
32 | 
33 | #sftp configuration file
34 | sftp-config.json
35 | 


--------------------------------------------------------------------------------
/vagrant-ansible-single-machine/README.rst:
--------------------------------------------------------------------------------
 1 | 
 2 | =====================================================
 3 | Using Ansible with a single Vagrant box
 4 | =====================================================
 5 | 
 6 | This project is an example for using *Ansible* with a *single* Vagrant
 7 | machine. This project is the result of researching how to work with
 8 | Debops and Vagrant and shows that this is not the way to go.
 9 | 
10 | If you want to use Debops and Vagrant, we suggest you have a look at
11 | the other examples.
12 | 
13 | 
14 | Requirements
15 | ==============
16 | 
17 | * Ansible
18 | * Vagrant 1.6 or newer (1.5 may work, too; 1.4 does not)
19 | 
20 | 
21 | Quick Start
22 | ===========
23 | 
24 | * Fire up Vagrant: ``vagrant up``
25 | 
26 |   This will create a virtual machine `web` and run a simple playbook
27 |   testing if some variables have been set up correctly. Since there
28 |   are only one host and one group defined, you should get one
29 |   "skipped" message.
30 | 
31 | 
32 | How it works
33 | ==============
34 | 
35 | `vagrant` will generate an inventory-file somewhere `.vagrant/` (you
36 | do not need to care). This inventory will be set up with the data
37 | specified in the `Vagrantfile`. When running the Ansible provisioner,
38 | this inventory is passed to `ansible-playbook`.
39 | 
40 | In addition, the Vagrantfile will symlink some files or directories
41 | from `ansible/inventory` to the auto-generated inventory.
42 | 
43 | 
44 | Adopting to your needs
45 | =========================
46 | 
47 | In short:
48 | 
49 | - Set up your host and group-vars in `ansible/inventory` as usual.
50 | - The playbook the provisioner runs is set in the Vagrantfile
51 |   (:var:`ANSIBLE_PLAYBOOK`).
52 | - If you need more parts symlink to the auto-generated inventory, add
53 |   them to :var:`INVENTORY_PARTS`.
54 | 
55 | 
56 | Some notes
57 | ================
58 | 
59 | * About the vagrant Ansible provisioner:
60 | 
61 |   - If `ansible.inventory_path` is set, the provisioner will not
62 |     generate an inventory file. You will have to take care of this by
63 |     yourself.
64 |   - The path in `ansible.inventory_path`, if given, must already exist.
65 |   - The executable is hard-coded to `ansible-playbook`.
66 | 
67 | 
68 | Alternative setup
69 | =====================
70 | 
71 | 
72 | Using a hand crafted inventory
73 | -------------------------------
74 | 
75 | If for some reason you prefer to craft the inventory yourself
76 | (instead of letting vagrant generate it) you can pass your inventory
77 | to the Ansible provisioner in the `Vagrantfile`. See the commented out
78 | example in he supplied Vagrantfile. Or course, the argument can be
79 | anything `ansible-playbook` will accept as an inventory: a file, a
80 | directory or some executable.
81 | 
82 | 
83 | ..
84 |  Local Variables:
85 |  mode: rst
86 |  ispell-local-dictionary: "american"
87 |  End:
88 | 


--------------------------------------------------------------------------------
/vagrant-ansible-single-machine/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vim: ft=ruby
 3 | 
 4 | 
 5 | # ---- Configuration variables ----
 6 | 
 7 | GUI               = false # Enable/Disable GUI
 8 | RAM               = 128   # Default memory size in MB
 9 | 
10 | # Network configuration
11 | DOMAIN            = ".nat.example.com"
12 | NETWORK           = "192.168.50."
13 | NETMASK           = "255.255.255.0"
14 | 
15 | # Default Virtualbox .box
16 | # See: https://wiki.debian.org/Teams/Cloud/VagrantBaseBoxes
17 | BOX               = 'debian/jessie64'
18 | 
19 | # Ansible configuration
20 | ANSIBLE_INVENTORY = "my-static-vagrant-inventory"
21 | ANSIBLE_PLAYBOOK  = "site.yml"
22 | 
23 | # Inventory parts to by symlinked into auto-generated inventory
24 | INVENTORY_PARTS = ['host_vars', 'group_vars']
25 | 
26 | 
27 | # ---- Custom commands run on the main host ----
28 | 
29 | # Symlink inventory parts into inventory auto-generated by Vagrant
30 | require 'pathname'
31 | aiv = Pathname.new('ansible/inventory')
32 | viv = Pathname.new('.vagrant/provisioners/ansible/inventory')
33 | viv.mkpath()
34 | for name in INVENTORY_PARTS do
35 |   target = viv+name
36 |   target.make_symlink((aiv+name).relative_path_from(viv)) unless target.exist?
37 | end
38 | 
39 | # ---- Vagrant configuration ----
40 | 
41 | Vagrant.configure(2) do |config|
42 | 
43 |   config.vm.box   = BOX
44 |   config.vm.guest = :debian
45 | 
46 |   config.vm.provider "virtualbox" do |vbox|
47 |     vbox.gui    = GUI
48 |     vbox.memory = RAM
49 |   end
50 | 
51 |   config.vm.define :web do |web|
52 |     web.vm.hostname = 'web' + DOMAIN
53 |     web.vm.network :private_network, ip: NETWORK + "10", netmask: NETMASK
54 | 
55 |     config.vm.provision "ansible" do |ansible|
56 |       ansible.host_key_checking = "false"
57 |       ansible.playbook       = ANSIBLE_PLAYBOOK
58 |       # Use a hand-crafted inventory
59 |       #ansible.inventory_path = ANSIBLE_INVENTORY
60 | 
61 |       ansible.groups = {
62 |         "firstGroup" => ["web"],
63 |       }
64 | 
65 |     end
66 |   end
67 | end
68 | 


--------------------------------------------------------------------------------
/vagrant-ansible-single-machine/ansible/inventory/group_vars/all.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 
3 | allGroupsVar: "This is node is member of all groups."
4 | 


--------------------------------------------------------------------------------
/vagrant-ansible-single-machine/ansible/inventory/group_vars/firstGroup.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 
3 | groupVar: "This is the `firstGroup` group."
4 | 


--------------------------------------------------------------------------------
/vagrant-ansible-single-machine/ansible/inventory/group_vars/secondGroup.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 
3 | groupVar: "This is the `secondGroup` group."
4 | 


--------------------------------------------------------------------------------
/vagrant-ansible-single-machine/ansible/inventory/host_vars/web.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 
3 | hostVar: "This is the test-variable for host `web`"
4 | 


--------------------------------------------------------------------------------
/vagrant-ansible-single-machine/site.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - hosts: all
 4 |   gather_facts: false
 5 | 
 6 |   tasks:
 7 |   - name: Show the groups to see if Vagrant set them up correctly
 8 |     debug: var=groups
 9 | 
10 |   - debug: var=allGroupsVar
11 |   - debug: var=groupVar
12 |   - debug: var=hostVar
13 | 
14 | - name: Run the first group of hosts
15 |   hosts: firstGroup
16 |   gather_facts: false
17 | 
18 |   tasks:
19 |   - name: Check if host is in first group
20 |     debug: msg="Host is in first group"
21 | 
22 | - name: Run the second group of hosts
23 |   hosts: secondGroup
24 |   gather_facts: false
25 | 
26 |   tasks:
27 |   - name: Check if host is in the second group
28 |     debug: msg="Host is in second group"
29 | 


--------------------------------------------------------------------------------
/vagrant-docker/.debops.cfg:
--------------------------------------------------------------------------------
1 | #
2 | 


--------------------------------------------------------------------------------
/vagrant-docker/.gitignore:
--------------------------------------------------------------------------------
 1 | # -*- mode: gitignore; -*-
 2 | 
 3 | ansible/secret
 4 | secret
 5 | ansible.cfg
 6 | /.vagrant
 7 | vagrant_ansible_inventory
 8 | 
 9 | ### vim ###
10 | [._]*.s[a-w][a-z]
11 | [._]s[a-w][a-z]
12 | *.un~
13 | Session.vim
14 | .netrwhist
15 | *~
16 | 
17 | ### Emacs ###
18 | \#*\#
19 | /.emacs.desktop
20 | /.emacs.desktop.lock
21 | *.elc
22 | auto-save-list
23 | tramp
24 | .\#*
25 | 
26 | ### SublimeText ###
27 | # workspace files are user-specific
28 | *.sublime-workspace
29 | 
30 | # project files should be checked into the repository, unless a significant
31 | # proportion of contributors will probably not be using SublimeText
32 | # *.sublime-project
33 | 
34 | #sftp configuration file
35 | sftp-config.json
36 | 


--------------------------------------------------------------------------------
/vagrant-docker/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM debian:stable
 2 | 
 3 | RUN mkdir /var/run/sshd
 4 | RUN apt-get update && apt-get install -y openssh-server sudo
 5 | 
 6 | RUN useradd vagrant --create-home --user-group --groups sudo
 7 | RUN echo 'vagrant:vagrant' | chpasswd
 8 | 
 9 | # Optional: Allow logging in as root to be able to test bootstrap with
10 | # using user root.
11 | RUN echo root:vagrant' | chpasswd
12 | 
13 | EXPOSE 22
14 | CMD ["/usr/sbin/sshd", "-D"]
15 | 


--------------------------------------------------------------------------------
/vagrant-docker/README.rst:
--------------------------------------------------------------------------------
  1 | 
  2 | =====================================================
  3 | Using Debops with Vagrant-managed docker containers
  4 | =====================================================
  5 | 
  6 | This project is an example for using Debops with docker containers,
  7 | manached by a multi-machine Vagrantfile. It uses the Vagrant docker
  8 | provider for setting up the containers and the Vagrant provisioner
  9 | plugin Vai_ to generate the inventory-file. Provision is then actually
 10 | done using `debops` as usual.
 11 | 
 12 | This example also includes a `Dockerfile` which installs and starts
 13 | the ssh server, so you can use ansible on the container.
 14 | 
 15 | The Vagrant Ansible provisioner is not used at all, because Vai does a
 16 | much better job for our needs. If you absolutely want to use the
 17 | Vagrant Ansible provisioner, please have a look at the
 18 | vagrant-multi-machine example.
 19 | 
 20 | 
 21 | Requirements
 22 | ==============
 23 | 
 24 | * Ansible
 25 | * Vagrant 1.6 or newer (1.5 may work, too; 1.4 does not)
 26 | * Vai_, a Vagrant provisioner plugin (see below for installation)
 27 | * `debops` (of course ;-)
 28 | 
 29 | 
 30 | Quick Start
 31 | ===========
 32 | 
 33 | * Install the Vagrant provisioning plugin Vai_::
 34 | 
 35 |     vagrant plugin install vai
 36 | 
 37 | * Fire up Vagrant: ``vagrant up``
 38 | 
 39 |   This will build and start two docker containers `web` and `db` and
 40 |   generate the inventory file in ``ansible/inventory``.
 41 | 
 42 | 
 43 | * Run::
 44 | 
 45 |     export ANSIBLE_SSH_ARGS="-o UserKnownHostsFile=/dev/null"
 46 |     debops bootstrap --sudo -K
 47 |     debops ./simpletest.yml
 48 | 
 49 |   The fist one will bootstrap the virtual machines for Ansible
 50 |   management. This could have been done in the Dockerfile already, but
 51 |   then you would not be able to test bootstrapping. You will need to
 52 |   give the sudo-password of user `vagrant` once (which is `vagrant`).
 53 | 
 54 |   The second command will run a simple playbook testing if files have
 55 |   been found and variables have been set up as correctly as expected.
 56 |   You should get "okay" for all tasks.
 57 | 
 58 |   Please note: Using this ``ANSIBLE_SSH_ARGS=...`` is optional. But it
 59 |   avoids cluttering your known_hosts with keys of your ever-changing
 60 |   vagrant VMs. *Absolutely do not use this for your production servers!*
 61 | 
 62 | Now you can use debops as usual (mind ``ANSIBLE_SSH_ARGS=...`` :-). It
 63 | will automatically include the host definitions auto-generated by
 64 | Vagrant. If for some reason Debops resp. Ansible does not find the
 65 | inventory, you may safely run ``vagrant provision`` to regenerate it.
 66 | 
 67 | 
 68 | How it works
 69 | ==============
 70 | 
 71 | The `docker` provider builds and creates the docker containers. See
 72 | the `documentation <https://docs.vagrantup.com/v2/docker/index.html>`_
 73 | for more information. The `Dockerfile` contained in this example does
 74 | the setup required for using the docker container as Vagrant virtual
 75 | machine. Most notably, it make the container run a ssh server. See the
 76 | comments in the Dockerfile for more information.
 77 | 
 78 | After that the `Vai` provisioner generates a inventory file which is
 79 | setting up host, port, private key file and the remote user as
 80 | required by Vagrant. Ansible resp. debops will read the information an
 81 | know how to connect to the Vagrant virtual machines.
 82 | 
 83 | 
 84 | 
 85 | Adopting to your needs
 86 | =========================
 87 | 
 88 | In short:
 89 |   
 90 | * (Optional) You may want to Adopt the docker container to your needs:
 91 | 
 92 |   - change the Dockerfile and base it on a image you prefer
 93 |   - change the Vagrantfile to use some other pre-existing image
 94 | 
 95 |   Please refer to the `docker provider's documentation
 96 |   <https://docs.vagrantup.com/v2/docker/index.html>`_ for details.
 97 | 
 98 | * Adopt the paths in the Vagrantfile to match your desired directory
 99 |   layout.
100 | 
101 | * Set up your host- and group-vars in ``ansible/inventory`` as usual.
102 | 
103 | * Define your groups in the Vagrantfile and/or in an inventory-file
104 |   (e.g. ``ansible/inventory/groups``, the actual name of the file does
105 |   not matter).
106 | 
107 |   In this example we do both: ``secondGroup`` is defined using the
108 |   `Vagrantfile` and ``firstGroup`` is defined in an inventory-file.
109 | 
110 | * Add more machines to the ``Vagrantfile`` as you need.
111 | 
112 | * When (re-) starting machines the inventory file will be regenerated
113 |   by the Ansible provisioner.
114 | 
115 | 
116 | 
117 | .. _Vai: https://github.com/MatthewMi11er/vai
118 | 
119 | ..
120 |  Local Variables:
121 |  mode: rst
122 |  ispell-local-dictionary: "american"
123 |  End:
124 | 


--------------------------------------------------------------------------------
/vagrant-docker/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vim: ft=ruby
 3 | 
 4 | 
 5 | # ---- Configuration variables ----
 6 | 
 7 | # Network configuration -- this is currently not by the docker provider
 8 | DOMAIN            = ".nat.example.com"
 9 | NETWORK           = "192.168.50."
10 | NETMASK           = "255.255.255.0"
11 | 
12 | # image to use if not building from accompanying Dockerfile
13 | IMAGE = "debian:stable"
14 | 
15 | HOSTS = {
16 |    "web" => [NETWORK+"10", IMAGE],
17 |    "db" => [NETWORK+"11", IMAGE],
18 | }
19 | 
20 | ANSIBLE_INVENTORY_DIR = 'ansible/inventory'
21 | 
22 | # ---- Vagrant configuration ----
23 | 
24 | Vagrant.configure(2) do |config|
25 |   HOSTS.each do | (name, cfg) |
26 |     ipaddr, ram, gui, image = cfg
27 | 
28 |     config.vm.define name do |machine|
29 |       machine.vm.guest = :debian
30 |       machine.vm.provider "docker" do |d|
31 |         d.build_dir = '.' # build from provided Dockerfile
32 |         #d.image = image  # use the predefined image
33 |         d.remains_running = true
34 |         d.cmd = ["/usr/sbin/sshd", "-D"]
35 |         d.has_ssh = true
36 |         machine.ssh.password = "vagrant"
37 |       end
38 | 
39 |       machine.vm.hostname = name + DOMAIN
40 |       machine.vm.network 'private_network', ip: ipaddr, netmask: NETMASK
41 |     end
42 |   end # HOSTS-each
43 | 
44 |   config.vm.provision "vai" do |ansible|
45 |     ansible.inventory_dir=ANSIBLE_INVENTORY_DIR
46 |     # optional: add a group listing all vagrant machines
47 |     ansible.groups = {
48 |       'secondGroup' => [ "db" ],
49 |     #  '_provided_by_vagrant_'=> HOSTS.keys,
50 |     #  '_running_in_docker_'=> HOSTS.keys,
51 |     }
52 |   end
53 | 
54 | end
55 | 
56 | 


--------------------------------------------------------------------------------
/vagrant-docker/ansible/inventory/group_vars/all.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 
3 | allGroupsVar: "This is node is member of all groups."
4 | 


--------------------------------------------------------------------------------
/vagrant-docker/ansible/inventory/group_vars/firstGroup.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 
3 | groupVar: "This is the `firstGroup` group."
4 | 


--------------------------------------------------------------------------------
/vagrant-docker/ansible/inventory/group_vars/secondGroup.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 
3 | groupVar: "This is the `secondGroup` group."
4 | 


--------------------------------------------------------------------------------
/vagrant-docker/ansible/inventory/groups:
--------------------------------------------------------------------------------
1 | [firstGroup]
2 | web
3 | 


--------------------------------------------------------------------------------
/vagrant-docker/ansible/inventory/host_vars/web.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 
3 | hostVar: "This is the test-variable for host `web`"
4 | 


--------------------------------------------------------------------------------
/vagrant-docker/simpletest.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - hosts: all
 4 |   gather_facts: false
 5 | 
 6 |   tasks:
 7 |   - name: Show the groups to see if Vagratn set them up correctly
 8 |     debug: var=groups
 9 | 
10 |   - debug: var=allGroupsVar
11 |   - debug: var=groupVar
12 |   - debug: var=hostVar
13 | 
14 |   # This is already done by the bootstrap play. Be we leave it her as
15 |   # a simple test whether the user gets root permissions as expected.
16 |   - name: Install minimal Python support for Ansible
17 |     raw: apt-get --no-install-recommends -yq install python python-apt
18 |     sudo: true
19 | 
20 |   - name: Ping the hosts
21 |     ping:
22 | 
23 | - name: Run the first group of hosts
24 |   hosts: firstGroup
25 |   gather_facts: false
26 | 
27 |   tasks:
28 |   - name: Check if host is in first group
29 |     debug: msg="Host is in first group"
30 | 
31 | - name: Run the second group of hosts
32 |   hosts: secondGroup
33 |   gather_facts: false
34 | 
35 |   tasks:
36 |   - name: Check if host is in the second group
37 |     debug: msg="Host is in second group"
38 | 


--------------------------------------------------------------------------------
/vagrant-multi-machine/.debops.cfg:
--------------------------------------------------------------------------------
1 | #
2 | 


--------------------------------------------------------------------------------
/vagrant-multi-machine/.gitignore:
--------------------------------------------------------------------------------
 1 | # -*- mode: gitignore; -*-
 2 | 
 3 | ansible/secret
 4 | secret
 5 | ansible.cfg
 6 | /.vagrant
 7 | vagrant_ansible_inventory
 8 | 
 9 | ### vim ###
10 | [._]*.s[a-w][a-z]
11 | [._]s[a-w][a-z]
12 | *.un~
13 | Session.vim
14 | .netrwhist
15 | *~
16 | 
17 | ### Emacs ###
18 | \#*\#
19 | /.emacs.desktop
20 | /.emacs.desktop.lock
21 | *.elc
22 | auto-save-list
23 | tramp
24 | .\#*
25 | 
26 | ### SublimeText ###
27 | # workspace files are user-specific
28 | *.sublime-workspace
29 | 
30 | # project files should be checked into the repository, unless a significant
31 | # proportion of contributors will probably not be using SublimeText
32 | # *.sublime-project
33 | 
34 | #sftp configuration file
35 | sftp-config.json
36 | 


--------------------------------------------------------------------------------
/vagrant-multi-machine/README.rst:
--------------------------------------------------------------------------------
  1 | 
  2 | =====================================================
  3 | Using Debops with a multi-machine Vagrantfile
  4 | =====================================================
  5 | 
  6 | This project is an example for using Debops with a multi-machine
  7 | Vagrantfile. It uses the Vagrant provisioner plugin Vai_ to generate
  8 | the inventory-file. Provision is then actually done using `debops` as
  9 | usual.
 10 | 
 11 | The Vagrant Ansible provisioner is not used at all, because Vai does a
 12 | much better job for our needs. (A former version of this example used
 13 | the Vagrant Ansible provisioner, but have been much more complicated, see
 14 | below.)
 15 | 
 16 | 
 17 | Requirements
 18 | ==============
 19 | 
 20 | * Ansible
 21 | * Vagrant 1.6 or newer (1.5 may work, too; 1.4 does not)
 22 | * Vai_, a Vagrant provisioner plugin (see below for installation)
 23 | * `debops` (of course ;-)
 24 | 
 25 | 
 26 | Quick Start
 27 | ===========
 28 | 
 29 | * Install the Vagrant provisioning plugin Vai_::
 30 | 
 31 |     vagrant plugin install vai
 32 | 
 33 | * Fire up Vagrant: ``vagrant up``
 34 | 
 35 |   This will create two virtual machine `web` and `db` and generate the
 36 |   inventory file in ``ansible/inventory``.
 37 | 
 38 | * Run::
 39 | 
 40 |     ANSIBLE_SSH_ARGS="-o UserKnownHostsFile=/dev/null" debops ./simpletest.yml
 41 | 
 42 |   This will run a simple playbook testing if files have been found and
 43 |   variables have been set up as correctly as expected. You should get
 44 |   "okay" for all tasks.
 45 | 
 46 |   Please note: Using this ``ANSIBLE_SSH_ARGS=...`` is optional. But it
 47 |   avoids cluttering your known_hosts with keys of your ever-changing
 48 |   vagrant VMs. *Absolutely do not use this for your production servers!*
 49 | 
 50 | Now you can use debops as usual (mind ``ANSIBLE_SSH_ARGS=...`` :-). It
 51 | will automatically include the host definitions auto-generated by
 52 | vagrant. If for some reason debops resp. Ansible does not find the
 53 | inventory, you may safely run ``vagrant provision`` to regenerate it.
 54 | 
 55 | 
 56 | How it works
 57 | ==============
 58 | 
 59 | The `Vai` provisioner generates a inventory file which is setting up
 60 | host, port, private key file and the remote user as required by
 61 | Vagrant. Ansible resp. debops will read the information an know how to
 62 | connect to the Vagrant VM.
 63 | 
 64 | 
 65 | 
 66 | Adopting to your needs
 67 | =========================
 68 | 
 69 | In short:
 70 | 
 71 | * Adopt the paths in the Vagrantfile to match your desired directory
 72 |   layout.
 73 | 
 74 | * Set up your host- and group-vars in ``ansible/inventory`` as usual.
 75 | 
 76 | * Define your groups in the Vagrantfile and/or in an inventory-file
 77 |   (e.g. ``ansible/inventory/groups``, the actual name of the file does
 78 |   not matter).
 79 | 
 80 |   In this example we do both: ``secondGroup`` is defined using the
 81 |   `Vagrantfile` and ``firstGroup`` is defined in an inventory-file.
 82 | 
 83 | * Add more machines to the ``Vagrantfile`` as you need.
 84 | 
 85 | * When (re-) starting machines the inventory file will be regenerated
 86 |   by the Ansible provisioner.
 87 | 
 88 | 
 89 | 
 90 | Why using `Vai` instead of the `Ansible` provisioner
 91 | =====================================================
 92 | 
 93 | A former version of this example used the official Vagrant Ansible
 94 | provisioner. But this has be much more complicated, inflexible and
 95 | insecure.
 96 | 
 97 | The Vagrant Ansible provider was only used to generate the
 98 | inventory-file. But this inventory-file did not contain all required
 99 | information, so the remote user and the private key file have had been
100 | defined in :file:`.debops.cfg`.
101 | 
102 | Additionally the Vagrant file was required to contain code for
103 | creating a dummy playbook (which the Ansible provisioner requires) and
104 | sym-linking the inventory-file into the inventory.
105 | 
106 | So as `Vai` came up, we decided to switch to it.
107 | 
108 | 
109 | Reasoning for why we formerly did it that way
110 | ----------------------------------------------
111 | 
112 | We tried a lot off different setups, but the only one working
113 | reasonable is to *not* provision from within the Vagrantfile, but use
114 | the Ansible provisioner solely to generate the inventory file. Here is
115 | why:
116 | 
117 | When setting up the Ansible provisioner as shown in the Vagrant and
118 | Ansible documentation, ``ansible-playbook`` will be run once for each
119 | machine, one machine after each other. Parallel multi-machine
120 | provisioning is not possible this way.
121 | 
122 | When passing ``ansible.limit = 'all'`` to the Ansible provisioner (as
123 | described in the docs, too) Vagrant will run ``ansible-playbook`` for
124 | *all* boxes, but so many times as you have defined boxes.
125 | 
126 | Working around this is hard and the results are not satisfying.
127 | 
128 | If you intimately read the docs, you will find that the Ansible
129 | provider is only attached to the last machine. And indeed: Now when
130 | setting ``ansible.limit ='all'`` `vagrant` will run
131 | ``ansible-playbook`` once and only once on all machines. (Side-note:
132 | If you want to define the machines using a loop, you have to be very
133 | careful doing this right, see
134 | `<https://github.com/mitchellh/vagrant/issues/1784#issuecomment-62460418
135 | this comment>`_)
136 | 
137 | But this again has a downside: Limiting provisioning to a single
138 | machines (``vagrant provision [vm-name]``) does not work for all
139 | machines except the last. This is because the provisioner is only
140 | attached to the last machine.
141 | 
142 | * About the vagrant Ansible provisioner:
143 | 
144 |   - If `ansible.inventory_path` is set, the provider will not
145 |     generate an inventory file. You will have to take care of this by
146 |     yourself.
147 |   - The path in `ansible.inventory_path`, if given, must already exist.
148 |   - The executable is hard-coded to `ansible-playbook`.
149 | 
150 | 
151 | 
152 | Alternative setup
153 | =====================
154 | 
155 | Defining groups in the Vagrantfile
156 | -------------------------------------
157 | 
158 | The Ansible provisioner supports defining groups in the Vagrantfile.
159 | You may do this, if you like, but we do not recommend it, because we
160 | think it make things more complicated.
161 | 
162 | 
163 | Using a hand crafted inventory
164 | -------------------------------
165 | 
166 | If for some reason you prefer to craft the inventory yourself (instead
167 | of letting vagrant generate it) you can completely remove the Ansible
168 | provisioner from the Vagrantfile. It's sole purpose is to generate the
169 | inventory-file.
170 | 
171 | Please note that when using a hand-crafted inventory. you will have to
172 | take care of the actual configuration of the machines changing. E.g.
173 | IP-ports may change if other machines are running, too.
174 | 
175 | 
176 | .. _Vai: https://github.com/MatthewMi11er/vai
177 | 
178 | ..
179 |  Local Variables:
180 |  mode: rst
181 |  ispell-local-dictionary: "american"
182 |  End:
183 | 


--------------------------------------------------------------------------------
/vagrant-multi-machine/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vim: ft=ruby
 3 | 
 4 | 
 5 | # ---- Configuration variables ----
 6 | 
 7 | GUI               = false # Enable/Disable GUI
 8 | RAM               = 128   # Default memory size in MB
 9 | 
10 | # Network configuration
11 | DOMAIN            = ".nat.example.com"
12 | NETWORK           = "192.168.50."
13 | NETMASK           = "255.255.255.0"
14 | 
15 | # Default Virtualbox .box
16 | # See: https://wiki.debian.org/Teams/Cloud/VagrantBaseBoxes
17 | BOX               = 'debian/jessie64'
18 | 
19 | 
20 | HOSTS = {
21 |    "web" => [NETWORK+"10", RAM, GUI, BOX],
22 |    "db" => [NETWORK+"11", RAM, GUI, BOX],
23 | }
24 | 
25 | ANSIBLE_INVENTORY_DIR = 'ansible/inventory'
26 | 
27 | # ---- Vagrant configuration ----
28 | 
29 | Vagrant.configure(2) do |config|
30 |   HOSTS.each do | (name, cfg) |
31 |     ipaddr, ram, gui, box = cfg
32 | 
33 |     config.vm.define name do |machine|
34 |       machine.vm.box   = box
35 |       machine.vm.guest = :debian
36 | 
37 |       machine.vm.provider "virtualbox" do |vbox|
38 |         vbox.gui    = gui
39 |         vbox.memory = ram
40 |         vbox.name = name
41 |       end
42 | 
43 |       machine.vm.hostname = name + DOMAIN
44 |       machine.vm.network 'private_network', ip: ipaddr, netmask: NETMASK
45 |     end
46 |   end # HOSTS-each
47 | 
48 |   config.vm.provision "vai" do |ansible|
49 |     ansible.inventory_dir=ANSIBLE_INVENTORY_DIR
50 |     # optional: add a group listing all vagrant machines
51 |     ansible.groups = {
52 |       'secondGroup' => [ "db" ],
53 |     #  '_provided_by_vagrant_'=> HOSTS.keys,
54 |     }
55 |   end
56 | 
57 | end
58 | 


--------------------------------------------------------------------------------
/vagrant-multi-machine/ansible/inventory/group_vars/all.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 
3 | allGroupsVar: "This is node is member of all groups."
4 | 


--------------------------------------------------------------------------------
/vagrant-multi-machine/ansible/inventory/group_vars/firstGroup.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 
3 | groupVar: "This is the `firstGroup` group."
4 | 


--------------------------------------------------------------------------------
/vagrant-multi-machine/ansible/inventory/group_vars/secondGroup.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 
3 | groupVar: "This is the `secondGroup` group."
4 | 


--------------------------------------------------------------------------------
/vagrant-multi-machine/ansible/inventory/groups:
--------------------------------------------------------------------------------
1 | [firstGroup]
2 | web
3 | 


--------------------------------------------------------------------------------
/vagrant-multi-machine/ansible/inventory/host_vars/web.yml:
--------------------------------------------------------------------------------
1 | ---
2 | 
3 | hostVar: "This is the test-variable for host `web`"
4 | 


--------------------------------------------------------------------------------
/vagrant-multi-machine/simpletest.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - hosts: all
 4 |   gather_facts: false
 5 | 
 6 |   tasks:
 7 |   - name: Show the groups to see if Vagratn set them up correctly
 8 |     debug: var=groups
 9 | 
10 |   - debug: var=allGroupsVar
11 |   - debug: var=groupVar
12 |   - debug: var=hostVar
13 | 
14 | - name: Run the first group of hosts
15 |   hosts: firstGroup
16 |   gather_facts: false
17 | 
18 |   tasks:
19 |   - name: Check if host is in first group
20 |     debug: msg="Host is in first group"
21 | 
22 | - name: Run the second group of hosts
23 |   hosts: secondGroup
24 |   gather_facts: false
25 | 
26 |   tasks:
27 |   - name: Check if host is in the second group
28 |     debug: msg="Host is in second group"
29 | 


--------------------------------------------------------------------------------
/webhost-gitusers-dokuwiki/.debops.cfg:
--------------------------------------------------------------------------------
1 | #
2 | 


--------------------------------------------------------------------------------
/webhost-gitusers-dokuwiki/.gitignore:
--------------------------------------------------------------------------------
 1 | # -*- mode: gitignore; -*-
 2 | 
 3 | ansible/secret
 4 | secret
 5 | ansible.cfg
 6 | /.vagrant
 7 | vagrant_ansible_inventory
 8 | 
 9 | ### vim ###
10 | [._]*.s[a-w][a-z]
11 | [._]s[a-w][a-z]
12 | *.un~
13 | Session.vim
14 | .netrwhist
15 | *~
16 | 
17 | ### Emacs ###
18 | \#*\#
19 | /.emacs.desktop
20 | /.emacs.desktop.lock
21 | *.elc
22 | auto-save-list
23 | tramp
24 | .\#*
25 | 
26 | ### SublimeText ###
27 | # workspace files are user-specific
28 | *.sublime-workspace
29 | 
30 | # project files should be checked into the repository, unless a significant
31 | # proportion of contributors will probably not be using SublimeText
32 | # *.sublime-project
33 | 
34 | #sftp configuration file
35 | sftp-config.json
36 | 


--------------------------------------------------------------------------------
/webhost-gitusers-dokuwiki/README.rst:
--------------------------------------------------------------------------------
 1 | 
 2 | =====================================================
 3 | webhost-gitusers-dokuwiki example
 4 | =====================================================
 5 | 
 6 | This project is an example for using Debops with Vagrant. It
 7 | uses the Vagrant provisioner plugin Vai_ to generate the
 8 | inventory-file. Provision is then actually done using `debops` as
 9 | usual.
10 | 
11 | The Vagrant Ansible provisioner is not used at all, because Vai does a
12 | much better job for our needs. If you absolutely want to use the
13 | Vagrant Ansible provisioner, please have a look at the
14 | vagrant-multi-machine example.
15 | 
16 | 
17 | Requirements
18 | ==============
19 | 
20 | * Ansible
21 | * Vagrant 1.6 or newer (1.5 may work, too; 1.4 does not)
22 | * Vai_, a Vagrant provisioner plugin (see below for installation)
23 | * `debops` (of course ;-)
24 | 
25 | 
26 | Quick Start
27 | ===========
28 | 
29 | **Incomplete**
30 | 
31 | * Install the Vagrant provisioning plugin Vai_::
32 | 
33 |     vagrant plugin install vai
34 | 
35 | * Fire up Vagrant: ``vagrant up``
36 | 
37 |   This will create two virtual machine `web` and `db` and generate the
38 |   inventory file in ``ansible/inventory``.
39 | 
40 | * Run::
41 | 
42 |     ANSIBLE_SSH_ARGS="-o UserKnownHostsFile=/dev/null" debops ./simpletest.yml
43 | 
44 |   This will run a simple playbook testing if files have been found and
45 |   variables have been set up as correctly as expected. You should get
46 |   "okay" for all tasks.
47 | 
48 |   Please note: Using this ``ANSIBLE_SSH_ARGS=...`` is optional. But it
49 |   avoids cluttering your known_hosts with keys of your ever-changing
50 |   vagrant VMs. *Absolutely do not use this for your production servers!*
51 | 
52 | Now you can use debops as usual (mind ``ANSIBLE_SSH_ARGS=...`` :-). It
53 | will automatically include the host definitions auto-generated by
54 | vagrant. If for some reason debops resp. Ansible does not find the
55 | inventory, you may safely run ``vagrant provision`` to regenerate it.
56 | 
57 | 
58 | How it works
59 | ==============
60 | 
61 | Please refer to the vagrant-multi-machine example for more about this.
62 | 
63 | .. _Vai: https://github.com/MatthewMi11er/vai
64 | 
65 | ..
66 |  Local Variables:
67 |  mode: rst
68 |  ispell-local-dictionary: "american"
69 |  End:
70 | 


--------------------------------------------------------------------------------
/webhost-gitusers-dokuwiki/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vim: ft=ruby
 3 | 
 4 | 
 5 | # ---- Configuration variables ----
 6 | 
 7 | GUI               = false # Enable/Disable GUI
 8 | RAM               = 512   # Default memory size in MB
 9 | 
10 | # Network configuration
11 | DOMAIN            = ".nat.example.com"
12 | NETWORK           = "192.168.50."
13 | NETMASK           = "255.255.255.0"
14 | 
15 | # Default Virtualbox .box
16 | # See: https://wiki.debian.org/Teams/Cloud/VagrantBaseBoxes
17 | BOX               = 'debian/jessie64'
18 | 
19 | 
20 | HOSTS = {
21 |    "web" => [NETWORK+"10", RAM, GUI, BOX],
22 | }
23 | 
24 | ANSIBLE_INVENTORY_DIR = 'ansible/inventory'
25 | 
26 | # ---- Vagrant configuration ----
27 | 
28 | Vagrant.configure(2) do |config|
29 |   HOSTS.each do | (name, cfg) |
30 |     ipaddr, ram, gui, box = cfg
31 | 
32 |     config.vm.define name do |machine|
33 |       machine.vm.box     = box
34 |       machine.vm.guest = :debian
35 | 
36 |       machine.vm.provider "virtualbox" do |vbox|
37 |         vbox.gui    = gui
38 |         vbox.memory = ram
39 |       end
40 | 
41 |       machine.vm.hostname = name + DOMAIN
42 |       machine.vm.network 'private_network', ip: ipaddr, netmask: NETMASK
43 |     end
44 |   end # HOSTS-each
45 | 
46 |   config.vm.provision "vai" do |ansible|
47 |     ansible.inventory_dir=ANSIBLE_INVENTORY_DIR
48 |     # optional: add a group listing all vagrant machines
49 |     #ansible.groups = {
50 |     #  '_provided_by_vagrant_'=> HOSTS.keys,
51 |     #}
52 |   end
53 | 
54 | end
55 | 


--------------------------------------------------------------------------------
/webhost-gitusers-dokuwiki/ansible/inventory/groups:
--------------------------------------------------------------------------------
1 | [debops_nginx]
2 | web
3 | 
4 | [debops_php5]
5 | web
6 | 
7 | [debops_gitusers]
8 | web
9 | 


--------------------------------------------------------------------------------
/webhost-gitusers-dokuwiki/ansible/inventory/host_vars/web.yml:
--------------------------------------------------------------------------------
  1 | ---
  2 | 
  3 | # ---- User variables ----
  4 | 
  5 | inventory_dokuwiki:
  6 |   # Name of system user to run the application as
  7 |   user: 'git-wiki'
  8 | 
  9 |   # Name of system group to run the application as
 10 |   group: 'git-wiki'
 11 | 
 12 |   # Default SSH public key to use for this user account
 13 |   # (required for access to git-shell)
 14 |   sshkey: '{{ lookup("file","~/.ssh/id_rsa.pub") }}'
 15 | 
 16 |   # Domain name to use for DokuWiki page
 17 |   domain: 'dokuwiki.{{ ansible_domain }}'
 18 | 
 19 |   # Maximum size of the request, in megabytes
 20 |   max_file_size: '20'
 21 | 
 22 | 
 23 | # ---- APT Package Manager configuration ----
 24 | 
 25 | # This variable is exposed, in case mirror selected by Debian's CDN network has
 26 | # problems - you can then switch for the other one and it should probably work
 27 | apt_debian_http_mirror: 'cdn.debian.net'
 28 | #apt_debian_http_mirror: 'ftp.us.debian.org'
 29 | 
 30 | # Here you can add additional packages to install
 31 | apt_host_packages: [ 'graphviz' ]
 32 | 
 33 | 
 34 | # ---- User account setup ----
 35 | 
 36 | # debops.gitusers is a role which manages user accounts with specific
 37 | # privileges, restricted only to access to git commands.
 38 | gitusers_host_list:
 39 | 
 40 |     # You can access this account as: 'ssh git-wiki@hostname'. Your SSH key
 41 |     # should be set up automatically.
 42 |   - name: '{{ inventory_dokuwiki.user }}'
 43 |     group: '{{ inventory_dokuwiki.group }}'
 44 |     sshkeys: [ '{{ inventory_dokuwiki.sshkey }}' ]
 45 | 
 46 | 
 47 | # ---- Host services ----
 48 | 
 49 | # Enabled nginx server configurations:
 50 | # - nginx_server_default  (defined in the debops.nginx role)
 51 | # - nginx_server_dokuwiki (defined below)
 52 | nginx_servers: [ '{{ nginx_server_default }}', '{{ nginx_server_dokuwki }}' ]
 53 | 
 54 | # Enabled nginx upstream configurations:
 55 | # - nginx_upstream_php5     (defined in the debops.nginx role)
 56 | # - nginx_upstream_dokuwiki (defined below)
 57 | nginx_upstreams: [ '{{ nginx_upstream_php5 }}', '{{ nginx_upstream_dokuwiki }}' ]
 58 | 
 59 | # Enabled PHP5 pools:
 60 | # - php5_pool_default  (defined in the debops.php5 role)
 61 | # - php5_pool_dokuwiki (defined below)
 62 | php5_pools: [ '{{ php5_pool_default }}', '{{ php5_pool_dokuwiki }}' ]
 63 | 
 64 | 
 65 | # ---- Nginx server for DokuWiki instance ----
 66 | 
 67 | # Server configuration converted from http://wiki.nginx.org/Dokuwiki
 68 | # Not everything is currently implemented (for example, map $scheme {} is missing)
 69 | # SSL is enabled by default with self-signed certificate generated by
 70 | # debops.pki role
 71 | # Generated configuration can be found in /etc/nginx/sites-available/
 72 | nginx_server_dokuwki:
 73 | 
 74 |   # This server should be enabled
 75 |   enabled: True
 76 | 
 77 |   # Default domain on which this DokuWiki instance will be accessible
 78 |   name: [ '{{ inventory_dokuwiki.domain }}' ]
 79 | 
 80 |   # List of domains which will redirect HTTP requests to main domain
 81 |   redirect_from: [ 'www.{{ inventory_dokuwiki.domain }}' ]
 82 | 
 83 |   # User and group which manage this DokuWiki instance (compatible with
 84 |   # debops.gitusers role configuration)
 85 |   owner: '{{ inventory_dokuwiki.user }}'
 86 |   group: '{{ inventory_dokuwiki.group }}'
 87 | 
 88 |   # Enable PHP5 support for this nginx server
 89 |   type: 'php5'
 90 | 
 91 |   # Options included in server { } block
 92 |   options: |
 93 |     autoindex off;
 94 |     client_max_body_size {{ inventory_dokuwiki.max_file_size }}M;
 95 |     client_body_buffer_size 128k;
 96 | 
 97 |   # List of index files to look for by default
 98 |   index: 'index.html index.htm index.php doku.php'
 99 | 
100 |   # Definitions of location { } blocks in text block format; there's also
101 |   # 'location_list' with more strict key-value format available)
102 |   location:
103 |     '/': |
104 |       try_files $uri $uri/ @dokuwiki;
105 | 
106 |     '@dokuwiki': |
107 |       rewrite ^/_media/(.*)           /lib/exe/fetch.php?media=$1   last;
108 |       rewrite ^/_detail/(.*)          /lib/exe/detail.php?media=$1  last;
109 |       rewrite ^/_export/([^/]+)/(.*)  /doku.php?do=export_$1&id=$2  last;
110 |       rewrite ^/(.*)                  /doku.php?id=$1               last;
111 | 
112 |     '~ ^/lib.*\.(gif|png|ico|jpg)$': |
113 |       expires 30d;
114 | 
115 |     '~ /(data|conf|bin|inc)/': |
116 |       deny all;
117 | 
118 |   # Name of nginx upstream configuration to use for 'php5-fpm' connection,
119 |   # configured in PHP5 location { } block
120 |   php5: 'php5_dokuwiki'
121 | 
122 |   # Options included in PHP5 location { } block
123 |   php5_options: |
124 |     fastcgi_intercept_errors        on;
125 |     fastcgi_ignore_client_abort     off;
126 |     fastcgi_connect_timeout         60;
127 |     fastcgi_send_timeout            180;
128 |     fastcgi_read_timeout            180;
129 |     fastcgi_buffer_size             128k;
130 |     fastcgi_buffers               4 256k;
131 |     fastcgi_busy_buffers_size       256k;
132 |     fastcgi_temp_file_write_size    256k;
133 | 
134 | 
135 | # ---- nginx upstream configuration for DokuWiki ----
136 | 
137 | # Generated configuration can be found in /etc/nginx/conf.d/
138 | nginx_upstream_dokuwiki:
139 | 
140 |   # This upstream should be enabled
141 |   enabled: True
142 | 
143 |   # Upstream name to use in nginx configuration, "php5" value
144 |   name: 'php5_dokuwiki'
145 | 
146 |   # This upstream serves PHP5 content using 'php5-fpm',
147 |   # configured by debops.php5 role
148 |   type: 'php5'
149 | 
150 |   # Name of 'php5-fpm' pool to use
151 |   php5: 'dokuwiki'
152 | 
153 | 
154 | # ---- PHP5 (php5-fpm) pool for DokuWiki instance ----
155 | 
156 | # Generated configuration can be found in /etc/php5/fpm/pool-available.d/
157 | php5_pool_dokuwiki:
158 | 
159 |   # This php5-fpm pool should be enabled
160 |   enabled: True
161 | 
162 |   # Name of php5-fpm pool, which should be specified in nginx upstream
163 |   # configuration "php5" value
164 |   name: 'dokuwiki'
165 | 
166 |   # System user and group to use for running this php5-fpm pool. This pool
167 |   # processes will have access to all files readable and writable by this user
168 |   # and group
169 |   user: '{{ inventory_dokuwiki.user }}'
170 |   group: '{{ inventory_dokuwiki.group }}'
171 | 
172 |   # PHP5 variable configuration
173 |   php_admin_value:
174 |     post_max_size: '{{ inventory_dokuwiki.max_file_size }}M'
175 |     upload_max_filesize: '{{ inventory_dokuwiki.max_file_size }}M'
176 | 
177 | 


--------------------------------------------------------------------------------
/webhost-gitusers-dokuwiki/setup-dokuwiki-on-gituser:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Setup DokuWiki on a webserver using a gituser account
 4 | 
 5 | # ---- Variables ----
 6 | 
 7 | # Configuration of gituser account
 8 | user="git-wiki"
 9 | host="web"
10 | repository="dokuwiki"
11 | branch="local_changes"
12 | 
13 | # DokuWiki sources
14 | dokuwiki_repo="git://github.com/splitbrain/dokuwiki.git"
15 | dokuwiki_source="src/dokuwiki"
16 | dokuwiki_tag="release_stable_2014-05-05a"
17 | 
18 | 
19 | # ---- Setup gituser account on web server ----
20 | 
21 | ssh ${user}@${host} init ${repository} ${branch}
22 | ssh ${user}@${host} publish ${repository}
23 | 
24 | 
25 | # ---- Clone DokuWiki source ----
26 | 
27 | git clone --branch ${dokuwiki_tag} ${dokuwiki_repo} ${dokuwiki_source}
28 | pushd ${dokuwiki_source}
29 | git checkout -b ${branch}
30 | 
31 | 
32 | # Add web server remote to git repository
33 | git remote add webserver ${user}@${host}:${repository}
34 | 
35 | 
36 | # Push DokuWiki to the web server
37 | git push webserver ${branch}
38 | 
39 | 


--------------------------------------------------------------------------------
/webhost-gitusers-dokuwiki/test.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | 
 3 | - hosts: all
 4 | 
 5 |   tasks:
 6 |   - name: Show the groups to see if Vagrant set them up correctly
 7 |     debug: var=groups
 8 | 
 9 |   - debug: var=ansible_ssh_user
10 | 


--------------------------------------------------------------------------------