Skip to content
/ admin-tools Public

Ansible playbooks and other admin tools used to administrate #! servers

License

MIT license
17 stars 10 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hashbang/admin-tools

BranchesTags

Repository files navigation

#! Admin Tools

Ansible playbooks and other admin tools/docs for maintaining the #! network.

Requirements

  • Recent version of Ansible
  • Local #! pass database
  • User with sudo access on all servers

Git configuration

You might also want to use the following snippet in ~/.gitconfig:

[diff "gpg"]
	textconv = gpg --no-tty --decrypt
	cachetextconv = false
[diff "ansible-vault"]
	textconv = ansible-vault view
	cachetextconv = false

SSH configuration

All the “service servers” (as opposed to shell servers) listen for SSH on port 8993 (ASCII-encoding of #!), and the user is core, with the following exceptions:

  • lon1.irc.hashbang.sh and sfo1.irc.hashbang.sh do not yet follow that convention;
  • git-infra.hashbang.sh is a service hosted on nyc3.apps.hashbang.sh which uses port 22.

This is expressed in the following .ssh/config snippet:

Host da1.hashbang.sh ny1.hashbang.sh sf1.hashbang.sh to1.hashbang.sh
     User your_nick

Host git-infra.hashbang.sh
     User git

Host sfo1.irc.hashbang.sh ldap.hashbang.sh
     User core

Host *.hashbang.sh hashbang.sh
     User core
     Port 8993

Playbooks

There are several playbooks present here:

  • shell.yml is used to synchronise the configuration (incl. installed packages) across the shell servers.

  • credentials.yml is used to deploy the admin's SSH keys across all servers:

    • admins can login as root on the shell servers;
    • they can login as core on the CoreOS servers.

  • coreos.yml performs CoreOS-specific tasks. Currently, it only bootstraps the Ansible agent's dependencies.

  • mail.yml deploy the mail aliases and Postfix configuration.

  • irc.yml deploys static and templated configuration to the IRC servers, including oper blocks for users defined in group_vars/all/users.yml.

  • ldap_ban.yml disables user accounts in LDAP and terminates their sessions on the shell servers; it requires python-ldap installed. Invoke as follows:

      ansible-playbook ldap_ban.yml

    For scripting purposes, the script accepts a comma-separated list of users, (users), and a Boolean determining if the homedirs should be deleted (delete).

Usage

Install a package

See doc/Installing_packages.md.

Making a configuration change

  1. Prepare your change for shell-etc, test it locally.
  2. Create a pull-request for it on Github, wait for a review.
  3. Perform a signed merge into master: git merge -S --no-ff branch
    Only merge into master things that you will deploy immediately. Do not merge if you aren't in a position to follow-up with a deploy.
  4. Run the shell.yml playbook, see below.

Sync packages & configuration across all shell servers

Simply run the appropriate Ansible playbook:

ansible-playbook shell.yml

About

Ansible playbooks and other admin tools used to administrate #! servers

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

17 stars

Watchers

21 watching

Forks

10 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 14

Languages