ansible-collections-services
- adminer
Ansible role to install and configure Adminer with docker-compose. Adminer is a tool for database management.
Role Variables
-
docker_network_mtu
Default:1500
Set this to the MTU for your outside connection.
-
docker_registry
Default:index.docker.io
Default name of the registry for container images.
-
docker_registry_adminer
Default:docker_registry
Name of the registry for the adminer container image.
-
operator_user
Default:dragon
The user that should own the configuration directory.
-
operator_group
Default:operator_user
The group that should own the configuration directory.
-
adminer_docker_compose_directory
Default:/opt/adminer
The path where the docker-compose-files from Adminer will be stored.
-
adminer_host
Default:127.0.0.1
The host where Adminer will be reachable.
-
adminer_database_host
Default:127.0.0.1
Default database host that adminer should connect to.
-
adminer_port
Default:8111
Port which Adminer will be used for connections from outside.
-
adminer_tag
Default:'4.7'
Tag of the container image that should be used.
-
adminer_image
Default:"{{ docker_registry_adminer }}/library/adminer:{{ adminer_tag }}"
The container image to use.
-
adminer_network
Default:172.31.100.64/28
The network to use for the adminer container.
-
adminer_service_name
Default:docker-compose@adminer
Name of the docker-compose service for adminer.
-
docker_network_mtu
- auditd
Ansible Role for installation and configuration Auditd. Auditd is used for collecting Package security messages and forwarding them to a central server.
Role Variables
-
auditd_backup
Default:false
Sets the backup to false. If true the role will make a backup from the rule files.
-
auditd_syslog
Default:false
This varaible disables write to rsyslog for auditd.
Variable for Configuration
-
auditd_config
- parameter: active value: "{{ 'yes' if auditd_syslog|bool else 'no' }}" config: /etc/audisp/plugins.d/syslog.conf
Configuration for Auditd.
Variables for Rules
-
auditd_rules_path
Default:/etc/audit/rules.d
Path to where the rules from Auditd should be stored.
-
auditd_rules_files_defaults
Default:20-neo23x0.rules
Look at: auditd_rules_files.
-
auditd_rules_files_extra
Look at: auditd_rules_files.
-
auditd_rules_files
Default:auditd_rules_files_defaults + auditd_rules_files_extra
The configuration files for the rules of Auditd composed from the Variables auditd_rules_files_defaults and auditd_rules_files_extra.
Variables for Packages
-
auditd_package_name
Default:auditd
The required package for Auditd.
-
audispd_plugins_package_name
Default:audispd-plugins
Plugins for Auditd.
Variable for Services
-
auditd_service_name
Default:auditd
Service name to deal with the Auditd service.
-
auditd_backup
- bird
Role for setting up Bird. Bird is an dynamical IP routing daemon.
Role Variables
-
bird_package_name
Default:bird
The package which is required for Bird.
-
bird_service_name
Default:bird
Service name for Bird.
-
bird_sysctl
- name: net.ipv4.ip_forward value: 1 - name: net.ipv4.conf.all.send_redirects value: 0 - name: net.ipv4.conf.all.accept_redirects value: 0 - name: net.ipv4.fib_multipath_hash_policy value: 1 - name: net.ipv4.conf.default.ignore_routes_with_linkdown value: 1 - name: net.ipv4.conf.all.rp_filter value: 2
Sysctl parameters for Bird. The required kernel parameters for Bird.
-
bird_cidr
Default:10.12.0.0/16
The network for the Bird.
-
bird_leaf_interfaces
Management interface which communicate with the BFD (Bidirectional Forwarding Detection).
-
bird_neighbor_as
Default:65000
The private number for the Autonom System. This declares the number for the BGP-network.
-
bird_keepalive_time
Default:1
Keepalive time for BGP (Border Gateway Protocol).
-
bird_leaf_bfd
Default:no
Disables the BGP protocol.
-
bird_leaf_hold_time
Default:3
Time which the BGP will wait for to declare the neighborship as down.
-
bird_bfd_idle_tx_interval
Default:200
Optimization for the BFD protocol.
-
bird_bfd_min_rx_interval
Default:20
Optimization for the BFD protocol.
-
bird_bfd_min_tx_interval
Default:20
Optimization for the BFD protocol.
-
bird_bfd_multiplier
Default:3
Sets the amount of not received hello packets by a neighbor. The amount defines the threshhold for an interface to be declared down.
-
bird_package_name
- cephclient
Ansible Role for installation and configuration from the Cephclient. You can choose between container installation and package installation.
Docker Variables
-
docker_network_mtu
Default:1500
Because of Docker don’t check the default MTU from the system it is nessecary to set the MTU for Docker.
-
docker_registry_cephclient
Default:quay.io
Path to the registry that stores the Docker container images for Cephclient.
Operator Variables
-
operator_user
Default:dragon
The user which will own the configuration directory and handles with Docker.
-
operator_group
Default:operator_user
Group from the user which will own the configuration directory and handles with Docker.
Cephclient Variables
-
cephclient_install_type
Default:container
Which type for instalation you prefer to use. The values that can be used are
package
orcontainer
.-
cephclient_version
Default:pacific
Version of the Cephclient which will be used.
-
cephclient_mons
The monitoring systems to which the Cephclient will be connected.
-
cephclient_keyring
Certificate which the Cephclient will need to use for connections.
-
cephclient_keyring_name
Default:client.admin
Name for the certificate to store in a directory.
Container Variables
-
cephclient_configuration_directory
Default:/opt/cephclient/configuration
The directory where the configuration for the Cephclient will be stored.
-
cephclient_data_directory
Default:/opt/cephclient/data
Data from the Cephclient will be stored there.
-
cephclient_docker_compose_directory
Default:/opt/cephclient
Path to where the docker-compose-files from Cephclient will be stored.
-
cephclient_tag
Default:cephclient_version
The version from Cephclient in form of a tag which should be used.
-
cephclient_image
Default:{{ docker_registry_cephclient }}/osism/cephclient:{{ cephclient_tag }}
The container image to use.
-
cephclient_container_name
Default:cephclient
Container name for the Cephclient.
-
cephclient_network
Default:172.31.100.0/28
The subnet for Cephclient in the docker-compose file.
-
cephclient_service_name
Default:docker-compose@cephclient
Name from the Cephclient service to deal with it.
Package Variables
-
cephclient_configure_repository
Default:true
configures if the repository should be added or not.
-
cephclient_debian_repository_arch
Default:amd64
Architecture from the target system.
-
cephclient_debian_repository_key
Default:https://download.ceph.com/keys/release.asc
The url from which you will get the repository-key.
-
cephclient_debian_repository
Default:"deb [ arch={{ cephclient_debian_repository_arch }} ] https://download.ceph.com/debian-{{ cephclient_version }} {{ ansible_distribution_release }} main"
Name of the Cephclient debian repository.
-
cephclient_debian_packages
Default:ceph
Name from the required package for the Cephclient installation.
-
docker_network_mtu
- cgit
This ansible role will install and configure Cgit and Traefik for Cgit.
Docker Variables
-
docker_network_mtu
Default:1500
Because of Docker don’t check the default MTU from the system it is nessecary to set the MTU for Docker.
-
docker_registry_cgit
Default:quay.io
Path to the registry that stores the Docker container images for Cgit.
Operator Variables
-
operator_user
Default:dragon
The user which will own the configuration directory and handles with Docker.
-
operator_group
Default:operator_user
Group from the user which will own the configuration directory and handles with Docker.
Cgit Variables
-
cgit_docker_compose_directory
Default:/opt/cgit
The path where the docker-compose-files for Cgit will be stored.
-
cgit_configuration_directory
Default:/opt/cgit/configuration
Directory in which the configuration files for Cgit will be stored.
-
cgit_host
Default:127.0.0.1
The host where Cgit will be reachable.
-
cgit_port
Default:8210
For connections Cgit will use the configured port.
-
cgit_tag
Default:1.2.3
The version from Cgit in form of a tag which should be used.
-
cgit_image
Default:{{ docker_registry_cgit }}/osism/cgit:{{ cgit_tag }}
Container image which will be used.
-
cgit_network
Default:172.31.101.112/28
The subnet for Cgit in the docker-compose file.
-
cgit_service_name
Default:docker-compose@cgit
Name from the Cgit service to deal with it.
-
cgit_repositories_defaults
configuration: /opt/configuration/.git inventory: /var/lib/docker/volumes/manager_inventory_reconciler/_data/.git netbox: /opt/state/netbox/.git
Have a look at: cgit_repositories.
-
cgit_repositories_extra
Default:{}
Have a look at: cgit_repositories.
-
cgit_repositories
Default:cgit_repositories_defaults|combine(cgit_repositories_extra)
The repositories which are required for the installation of Cgit.
Traefik Variables
-
cgit_traefik
Default:false
Set the configuration from Traefik to false. If true Traefik will be used.
-
traefik_external_network_name
Default:traefik
Name of the Docker network for Traefik.
-
traefik_external_network_cidr
Default:172.31.254.0/24
The Traefik network segment for external traffic.
-
docker_network_mtu
- chrony
This ansible role will installing and configuring Chrony.
Role Variables
-
chrony_package_name
Default:chrony
Package name of the required package for the installation of Chrony.
-
configuration_directory
Default:/opt/configuration
Path to the directory which will contains the configuration files.
-
chrony_local_conf_template
Default:"{{ configuration_directory }}/environments/generic/templates/chrony.conf.j2"
Path to the template-configuration-file.
-
chrony_servers
Default:- 0.de.pool.ntp.org - 1.de.pool.ntp.org - 2.de.pool.ntp.org - 3.de.pool.ntp.org
List with NTP server which should be used.
-
chrony_server_options
Default:iburst
NTP server options.
-
chrony_sync_rtc
Default:false
Configure Chrony to synchronize the hardware clock.
-
chrony_allowed_subnets
Default:- 10/8 - 192.168/16 - 172.16/12
Chrony limits access to clients that are on certain subnets. Adjust the following subnets here to limit client access to chrony servers.
-
chrony_bind_local_interfaces_only
Default:true
If set to true, chronyd will never open the server port and will operate strictly in a client-only mode.
-
chrony_bindaddresses
Default:[]
Bind Chrony to specific addresses NOTE: It is only possible to set at most one IPv4 and one IPv6 address.
-
chrony_package_name
- clamav
Clamav is a free virusscanner for Linux based distributions. This role will install and configure Clamav.
Role Variables
-
clamav_configuration_defaults
- regexp: '^.*Example$' state: absent - regexp: '^.*LocalSocket .*$' line: 'LocalSocket {{ clamav_localsocket }}'
Have a look at clamav_configuration.
-
clamav_configuration_extra
Default:[]
Have a look at clamav_configuration.
-
clamav_configuration
Default:clamav_configuration_defaults + clamav_configuration_extra
Here you can specify which things you want to change in the Clamav configuration.
-
clamav_package_names
Required packages for Clamav.
-
clamav_localsocket
The directory where the socket will be stored in.
-
clamav_configuration_path
Path to the configuration files.
-
clamav_daemon_service_name
Service name for handling the Clamav service.
-
clamav_freshclam_service_name
Freshclam is required for automaticly update the database from Clamav.
-
clamav_configuration_defaults
- dnsdist
Dnsdist is a loadbalancer with goal to route the traffic to the best server. This role install and configure Dnsdist
Role Variables
-
operator_user
Default:dragon
The user which will own the configuration directory and handles with Docker.
-
operator_group
Default:operator_user
Group from the user which will own the configuration directory and handles with Docker.
-
docker_network_mtu
Default:1500
Because of Docker don’t check the default MTU from the system it is nessecary to set the MTU for Docker.
-
docker_registry_dnsdist
Default:quay.io
Path to the registry that stores the Docker container images for Dnsdist.
-
dnsdist_configuration_directory
Default:/opt/dnsdist/configuration
Path to the directory which will contains the configuration files.
-
dnsdist_docker_compose_directory
Default:/opt/dnsdist
Directory which contains the docker-compose-files for Dnsdist.
-
dnsdist_network
Default:172.31.101.80/28
The subnet for Dnsdist in the docker-compose file.
-
dnsdist_service_name
Default:docker-compose@dnsdist
Name from the Dnsdist service to deal with it.
-
dnsdist_container_name
Default:dnsdist
Name from the container in which Dnsdist will run.
-
dnsdist_host
Default:127.0.0.1
The host where Dnsdist will be reachable.
-
dnsdist_hosts
Default:- "{{ dnsdist_host }}"
The hosts where Dnsdist will be reachable.
-
dnsdist_port
Default:1053
Port which Dnsdist will be used for connections from outside.
-
dnsdist_tag
Default:1.6.1
The version from Dnsdist in form of a tag which should be used.
-
dnsdist_image
Default:{{ docker_registry_dnsdist }}/osism/dnsdist:{{ dnsdist_tag }}
The container image to use.
-
dnsdist_servers
Default:- 208.67.222.222 - 208.67.220.220 - 208.67.222.220 - 208.67.220.222
List of DNS servers to loadbalance.
-
operator_user
- docker
Ansible role for installation and configuration of Docker and all required components.
Role Variables
-
apt_cache_valid_time
Default:3600
Update the apt cache if it is older than the cache_valid_time.
-
docker_debug
Default:false
Configure if Docker will start in the debug mode.
-
docker_experimental
Default:false
Disables Docker experimental features.
-
docker_live_restore
Default:true
This enables that containers won’t be shut down if the Daemon is unreachable.
-
docker_user
Default:operator_user | default('dragon')
The user which docker will use for actions and which ownes the configuration directory.
-
docker_group
Default:operator_group | default('dragon')
Group from the user.
-
docker_allow_restart
Default:true
Enables the restart of the Docker daemon after reconfiguration.
-
docker_enforce_restart
Default:false
Disables the enforcing the restart if the
docker_enforce_restart
value isn’t true.-
docker_ignore_restart_groupname
Default:manager
Hosts that are protected from the restart. Can only be overwritten by
docker_enforce_restart
.-
docker_ipv6
Default:false
Disables Dockers ipv6 capabilities.
-
docker_disable_default_network
Default:false
Enables the default network from Docker.
-
docker_log_driver
Default:json-file
Here you can configure the log output destination.
-
docker_log_level
Default:info
Level of detail from the logs which you want to collect.
-
docker_log_opts
Default:max-size: 10m max-file: 3
Options for the logging.
-
docker_hosts_defaults
Default:"unix:///var/run/docker.sock"
Look at docker_hosts.
-
docker_hosts_extra
Default:[]
Look at docker_hosts.
-
docker_hosts
Default:docker_hosts_defaults + docker_hosts_extra
A list of hosts on which the Docker Engine will be run.
-
docker_service_name
Default:docker
Service name for Docker to deal with it.
-
containerd_service_name
Default:containerd
For using Docker you will need the Containerd service too. This declares the services from the Containerd.
-
docker_package_name
Default:docker-ce
Package for the installation of Docker.
-
docker_cli_package_name
Default:{{ docker_package_name }}-cli
Package name of the docker-cli.
-
containerd_package_name
Default:containerd.io
The name of the package for Containerd.
Note
By default this role uses the packages from Docker itself. Therefore the packages of Ubuntu must not be installed. To use the packages of Ubuntu the following parameters have to be adjusted. The repository of Docker should then also not be included docker_package_name: docker.io containerd_package_name: containerd docker_packages_fail: []
-
docker_packages_fail
Default:- containerd - docker.io
Checks if the packages are installed or not. If them are installed, the installation run will fail.
-
docker_python3_package_name
Default:python3-docker
Required package for Python3-docker.
-
docker_python_package_name
Default:python-docker
Package name for python-docker.
-
docker_python_package_names
This is a compose from the two variables before.
-
docker_python_install_from_pip
Default:ansible_distribution_release == 'xenial'
If Xenial is the version of the distribution, Docker will be installed with pip instead of apt.
-
docker_pip_package_name
Default:docker
Package name of Docker for installation with pip.
-
docker_pip_extra_args
Here you can define extra arguments for pip.
-
docker_version
Default:5:20.10.16
This “5:” must be prepended starting with version 18.09. Check available version under Ubuntu with apt-cache madison docker-ce.
-
docker_registry
Default:index.docker.io
Path to the registry that stores the Docker container images.
-
docker_registry_docker_openpolicyagent
Default:docker_registry
The registry where to get the Openpolicyagent.
-
docker_insecure_registries
Default:[]
List of allowed insecure registries.
-
docker_registry_mirrors
Default:[]
The mirrors of registries which can be used.
-
docker_storage_driver
Default:overlay2
Overlay2 is the default choice for Docker CE
-
docker_configure_storage_block_device
Default:false
Disable the configuration of a storage block device with exclusive usage for Docker.
-
docker_storage_block_device
Default:/dev/sdb
On which device Docker will create the storage block device.
-
docker_storage_filesystem
Default:ext4
The filesystem for the storage block device.
-
docker_storage_force
Default:false
Disables the enforcement of configuring a filesystem.
-
docker_configure_proxy
Default:false
Disables the proxy configuration for Docker.
-
docker_proxy_http
Default:http://proxy.tld:8080
Docker proxy address.
-
docker_proxy_https
Default:docker_proxy_http
Look at docker_proxy_http.
-
docker_proxy_no_proxy_default
Default:- localhost - 127.0.0.1
Have a look at docker_proxy_no_proxy.
-
docker_proxy_no_proxy_extra
Default:[]
Have a look at docker_proxy_no_proxy.
-
docker_proxy_no_proxy
Default:docker_proxy_no_proxy_default + docker_proxy_no_proxy_extra
A list of IP addresses which aren’t transfered via the proxy.
-
docker_configure_repository
Default:true
Configure the system for installing Docker. Install dependencies, add the repository key and the repository itselfs.
-
docker_debian_repository_arch
Default:amd64
Architecture from the target system.
-
docker_debian_repository_key
Default:https://download.docker.com/linux/ubuntu/gpg
The url from which you will get the package.
-
docker_debian_repository
Default:"deb [ arch={{ docker_debian_repository_arch }} ] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
Name of the Docker debian repository.
-
docker_default_runtime
Default:runc
Container-execution-runtime which should be used.
-
docker_dragonfly
Default:false
No peer to peer network for container distribution.
-
docker_policies
Default:false
Disables enhanced policy mechanismens for Docker.
-
docker_openpolicyagent_tag
Default:0.8
Version of openpolicyagent.
-
docker_openpolicyagent_image
Default:{{ docker_registry_docker_openpolicyagent }}/openpolicyagent/opa-docker-authz-v2: {{ docker_openpolicyagent_tag }}
Image-url of openpolicyagent.
-
docker_authorization_plugins_defaults
Default:docker_openpolicyagent_image
Look at docker_authorization_plugins.
-
docker_authorization_plugins_extra
Default:[]
Look at docker_authorization_plugins.
-
docker_authorization_plugins
Default:docker_authorization_plugins_defaults + docker_authorization_plugins_extra
Images of the openpolicyagent as well as additional plugins.
-
docker_policy_files_defaults
Default:default.rego
Look at docker_policy_files.
-
docker_policy_files_extra
Default:[]
Look at docker_policy_files.
-
docker_policy_files
Default:docker_policy_files_defaults + docker_policy_files_extra
Configuration files that contain fine grained policies to interact with Docker.
-
docker_policy_allowed_registries_defaults
Default:- index.docker.io - quay.io
Have a look at docker_policy_allowed_registries.
-
docker_policy_allowed_registries_extra
Default:[]
Have a look at docker_policy_allowed_registries.
-
docker_policy_allowed_registries
Default:docker_policy_allowed_registries_defaults + docker_policy_allowed_registries_extra + docker_insecure_registries
Configuration of registries.
-
docker_zun
Default:false
Disables the installation for OpenStack Zun.
-
docker_zun_hosts
Default:tcp://{{ api_interface_address | default('api' | osism.services.kolla_address) | osism.services.put_address_in_context('url') }}:2375
On which hosts Zun should be avaiable.
-
docker_zun_opts
Default:cluster-store: etcd://{% for host in groups.get('etcd', []) %}{{ 'api' | osism.services.kolla_address(host) | osism.services.put_address_in_context('url') }}: {{ hostvars[host]['etcd_client_port'] }}{% if not loop.last %}, {% endif %}{% endfor %}
Options for Zun.
-
docker_zun_cni_version
Default:0.3.1
Container-network-interface version for Zun.
-
docker_cni_config_dir
Default:/etc/cni/net.d
Location of the Container-network-interface configuration file.
-
docker_cni_bin_dir
Default:/opt/cni/bin
Binary location of the CNI.
-
containerd_grpc_gid
Default:42463
The group id for Go-lang RPC(Remote Procedure Call).
-
docker_opts
Default:{}
Extra options for Docker.
-
docker_fact_files
Default:- docker_containers - docker_images
Fact files for Docker images and containers.
-
docker_manage_containerd
Default:true
Manage the containerd service with this role. Alternatively, osism.service.containerd can be used for this.
-
docker_facts
Default:true
Copy docker fact files.
-
apt_cache_valid_time
- fail2ban
Fail2ban is a tool to denylist IP addresses. This role will install Fail2ban
Role Variables
-
fail2ban_service_name
Default:fail2ban
PAckage name for Fail2ban.
-
fail2ban_package_name
Default:fail2ban
Service name of Fail2ban.
-
fail2ban_service_name
- falco
This ansible role installs Falco.
Role Variables
-
falco_configuration_files
Default:netdata.conf
Configuration file for falco.
-
falco_service_name
Default:falco
Service name for Falco.
-
falco_package_name
Default:falco
The name of the package for Falco.
-
falco_configure_repository
Default:false
Configure the system for installing Falco. Install dependencies, add the repository key and the repository itselfs. As default it is disabled.
-
falco_debian_repository_arch
Default:amd64
Architecture of the target system.
-
falco_debian_repository_key
Default:https://falco.org/repo/falcosecurity-3672BA8F.asc
The url from which you will get the repository-key.
-
falco_debian_repository
Default:deb [ arch={{ falco_debian_repository_arch }} ] https://dl.bintray.com/falcosecurity/deb stable main
Name from the required package for the Falco installation.
-
falco_configuration_files
- frr
Ansible role for installation and configuration of FRRouting.
Role Variables
-
frr_package_name
Default:frr
The package name for FRRouting.
-
frr_service_name
Default:frr
Service name for FRRouting.
-
frr_sysctl_defaults
Default:- name: net.ipv4.ip_forward value: 1 - name: net.ipv4.conf.all.send_redirects value: 0 - name: net.ipv4.conf.all.accept_redirects value: 0 - name: net.ipv4.fib_multipath_hash_policy value: 1 - name: net.ipv4.conf.default.ignore_routes_with_linkdown value: 1 - name: net.ipv4.conf.all.rp_filter value: 2
Have a look at frr_sysctl.
-
frr_sysctl_extra
Default:[]
Have a look at frr_sysctl.
-
frr_sysctl
Default:frr_sysctl_defaults + frr_sysctl_extra
A list with kernel parameters for FRRouting.
-
frr_dummy_interface
-
frr_interfaces
-
frr_local_as
-
frr_remote_as
-
frr_package_name
- hddtemp
With this role you can install and configure hddtmp/lm-sensors. This tool checks the temperature of a block device.
Role Variables
-
hddtemp_conf_file
Path to configuration file.
Hddtemp Variables
-
RUN_DAEMON
Default:true
Hddtemp network daemon switch. If set to true, hddtemp will listen for incoming connections.
-
DISKS
Default:/dev/hda
List of devices you want to use with hddtemp. If none specified, hddtemp will probe standard devices.
-
DISKS_NOPROBE
Default:""
List of devices you want to use with hddtemp, but that would not be probed for a working sensor.
-
INTERFACE
Default:127.0.0.1
IP address of the interface on which you want hddtemp to be bound on. If none specified, goes to 127.0.0.1. Use 0.0.0.0 to bind hddtemp on all interfaces.
-
PORT
Default:7634
Port number on which you want hddtemp to listen on. If none specified, the port 7634 is used.
-
DATABASE
Default:/etc/hddtemp.db
Database file to use. If none specified, /etc/hddtemp.db is used.
-
SEPARATOR
Default:|
Separator to use between fields. The default separator is ‘|’.
-
RUN_SYSLOG
Default:0
Logging period (in seconds) for the temperatures. If set to a value different than 0, hddtemp will run as a daemon periodically logging the temperatures through syslog.
-
OPTIONS
Other options to pass to hddtemp.
-
hddtemp_conf_file
- homer
This ansible role install and configure Homer. Homer is a dashboard for that collects various managing tools.
Role Variables
-
operator_user
Default:dragon
The user which will own the configuration directory and handles with Docker.
-
operator_group
Default:operator_user
Group from the user which will own the configuration directory and handles with Docker.
-
docker_network_mtu
Default:1500
Because of Docker don’t check the default MTU from the system it is nessecary to set the MTU for Docker.
-
docker_registry_homer
Default:quay.io
Path to the registry that stores the Docker container images for Homer.
-
homer_configuration_directory
Default:/opt/homer/configuration
In this directory the configuration files will be stored.
-
homer_docker_compose_directory
Default:/opt/homer
Path to the directory where the docker-compose-files from Homer will be stored.
-
homer_host
Default:127.0.0.1
The host where Homer will be reachable.
-
homer_port
Default:8080
Port which Homer will be used for connections from outside.
-
homer_tag
Default:22.02.2
Version from Homer in form of a tag which should be used.
-
homer_image
Default:{{ docker_registry_homer }}/osism/homer:{{ homer_tag }}
The container image to use.
-
homer_container_name
Default:homer
Name of the container in which Homer will run.
-
homer_network
Default:172.31.100.208/28
The subnet for Homer in the docker-compose file.
-
homer_service_name
Default:docker-compose@homer
Name from the Homer service to deal with it.
Urls for the services
The following Variables define the urls to the webservices that OSISM provides:
-
homer_url_ara
Default:http://{{ ara_server_host|default(ansible_default_ipv4.address) }}:{{ ara_server_port|default(8120) }}
-
homer_url_ceph
Default:http://{{ kolla_internal_vip_address }}:8140
-
homer_url_flower
Default:http://{{ flower_host|default(ansible_default_ipv4.address) }}:{{ flower_port|default(5555) }}
-
homer_url_grafana
Default:http://{{ kolla_internal_vip_address }}:3000
-
homer_url_horizon
Default:http://{{ kolla_internal_vip_address }}
-
homer_url_keycloak
Default:http://{{ keycloak_host|default(ansible_default_ipv4.address) }}:{{ keycloak_port|default(8170) }}
-
homer_url_kibana
Default:http://{{ kolla_internal_vip_address }}:5601
-
homer_url_netbox
Default:http://{{ netbox_host|default(ansible_default_ipv4.address) }}:{{ netbox_port|default(8121) }}
-
homer_url_netdata
Default:http://{{ netdata_host|default(ansible_default_ipv4.address) }}:{{ netdata_port|default(19999) }}
-
homer_url_patchman
Default:http://{{ patchman_host|default(ansible_default_ipv4.address) }}:{{ patchman_port|default(8150) }}
-
homer_url_phpmyadmin
Default:http://{{ phpmyadmin_host|default(ansible_default_ipv4.address) }}:{{ phpmyadmin_port|default(8110) }}
-
homer_url_prometheus
Default:http://{{ kolla_internal_vip_address }}:9090
-
homer_url_rabbitmq
Default:http://{{ kolla_internal_vip_address }}:15672
-
homer_url_vault
Default:http://{{ vault_host|default(ansible_default_ipv4.address) }}:{{ vault_port|default(8200) }}
Traefik Variables
-
homer_traefik
Default:false
Set the configuration from Traefik to false. If true Traefik will be used.
-
traefik_external_network_name
Default:traefik
Name of the Docker network for Traefik.
-
traefik_external_network_cidr
Default:172.31.254.0/24
The Traefik network segment for external traffic.
-
operator_user
- jenkins
With this ansible role you can install and configure Jenkins.
Role Variables
-
docker_network_mtu
Default:1500
Because of Docker don’t check the default MTU from the system it is nessecary to set the MTU for Docker.
-
docker_registry_jenkins
Default:quay.io
Path to the registry that stores the Docker container images for Jenkins.
-
operator_user
Default:dragon
The user which will own the configuration directory and handles with Docker.
-
operator_group
Default:operator_user
Group from the user which will own the configuration directory and handles with Docker.
-
jenkins_configuration_directory
Default:/opt/jenkins/configuration
In this directory the configuration files will be stored.
-
jenkins_docker_compose_directory
Default:/opt/jenkins
Path to the directory where the docker-compose-files from Jenkins will be stored.
-
jenkins_tag
Default:2
Version from Jenkins in form of a tag which should be used.
-
jenkins_image
Default:{{ docker_registry_jenkins }}/osism/jenkins:{{ jenkins_tag }}
The container image to use.
-
jenkins_host
Default:127.0.0.1
The host where Jenkins will be reachable.
-
jenkins_port
Default:4441
Port which Jenkins will be used for connections from outside.
-
jenkins_network
Default:172.31.100.224/28
The subnet for Jenkins in the docker-compose file.
-
jenkins_password
Default:password
Default password for the first login.
-
jenkins_username
Default:jenkins
Username for the first login.
-
jenkins_disable_jenkins_initialization
Default:no
The value should be a string. Possible values are
no
oryes
. Disables the default configuration options. For more information have a look here: https://github.com/bitnami/bitnami-docker-jenkins-
jenkins_java_opts
Default:""
Here you can define java options.
-
jenkins_service_name
Default:docker-compose@jenkins
Name from the Jenkins service to deal with it.
-
docker_network_mtu
- journald
This role configures options for journald.
Role Variables
-
journald_SystemMaxUse
Default:2000M
Control how many disk space journald can use.
-
journald_SystemKeepFree
Default:1000M
Configure how many disk space journald have to leave free.
-
journald_SystemMaxFileSize
Default:100M
This defines how large individual journald files may become.
-
journald_RuntimeMaxUse
Default:2000M
Control how many disk space journal can use.
-
journald_RuntimeKeepFree
Default:1000M
Configure how many disk space journald have to leave free.
-
journald_RuntimeMaxFileSize
Default:100M
This defines how large individual journald files may become.
-
journald_service_name
Default:systemd-journald
Name from the journald service to deal with it.
-
journald_SystemMaxUse
- keycloak
Ansible role for installation and configuration keycloak and all its components. Keycloak is an Identity and Access Management (IAM) tool.
Operator Variables
-
operator_user
Default:dragon
The user which will own the configuration directory and handles with Docker.
-
operator_group
Default:operator_user
Group from the user which will own the configuration directory and handles with Docker.
Docker Variables
-
docker_network_mtu
Default:1500
Because of Docker dose not check the default MTU from the system it is nessecary to set the MTU for Docker.
-
docker_registry_keycloak
Default:quay.io
Path to the registry that stores the Docker container images for Keycloak.
-
docker_registry_postgres
Default:index.docker.io
The registry for the Postgres Docker container.
Keycloak Variables
-
keycloak_configuration_directory
Default:/opt/keycloak/configuration
In this directory the configuration files for Keycloak will be stored.
-
keycloak_secrets_directory
Default:/opt/keycloak/secrets
This directory will store the secrets file.
-
keycloak_docker_compose_directory
Default:/opt/keycloak
Path to the directory where the docker-compose-files from Keycloak will be stored.
-
keycloak_network
Default:172.31.100.144/28
The subnet for Keycloak in the docker-compose file.
-
keycloak_container_name
Default:keycloak
Name of the container in which Keycloak will run.
-
keycloak_service_name
Default:docker-compose@keycloak
Name from the Keycloak service to deal with it.
-
keycloak_host
Default:127.0.0.1
The host where Keycloak will be reachable.
-
keycloak_port
Default:8170
Port which Keycloak will use for connections from outside.
-
keycloak_tag
Default:legacy
Version from Keycloak in form of a tag which should be used.
-
keycloak_image
Default:{{ docker_registry_keycloak }}/keycloak/keycloak:{{ keycloak_tag }}
The container image to use.
-
keycloak_username
Default:admin
Default login user name for the first login. You should change it for more security.
-
keycloak_password
Default:password
Password for the first login. For more security you should change it after the first login.
Postgres Variables
-
postgres_tag
Default:14-alpine
Version from Postgres in form of a tag which should be used.
-
postgres_image
Default:{{ docker_registry_postgres }}/library/postgres:{{ postgres_tag }}
The container image to use.
-
keycloak_postgres_password
Default:password
Password for the first login. For more security you should change it after the first login.
-
keycloak_postgres_username
Default:keycloak
Default login user name for the first login. You should change it for more security.
-
keycloak_postgres_databasename
Default:keycloak
The name for the Postgres database from Keycloak.
MariaDB Variables
-
keycloak_galera_backend_enable
Default:false
Disable the Galera database. Galera provides high availability for mariadb or mysql databases.
-
keycloak_use_preconfigured_databases
Default:false
The database provided with Keycloak will be disabled.
Traefik Variables
-
keycloak_traefik
Default:false
Set the configuration from Traefik to false. If true Traefik will be used.
-
traefik_external_network_name
Default:traefik
Name of the Docker network for Traefik.
-
traefik_external_network_cidr
Default:172.31.254.0/24
The Traefik network segment for external traffic.
-
operator_user
- lldpd
Ansible role for the Lldpd insatllation. Lldpd is a daemon able to receive and send LLDP frames.
Role Variables
-
lldpd_package_name
Default:lldpd
The name of the package for Lldpd.
-
lldpd_service_name
Default:lldpd
Name from the Lldpd service to deal with it.
-
lldpd_package_name
- manager
This ansible role install and configure the OSISM Manager Server and all its required comopnents.
Docker Variables
-
docker_registry
Default:index.docker.io
The Docker registry which stores container files which are needed for the manager.
-
docker_registry_ansible
Default:quay.io
Container registry which stores container files which are needed for the manager.
-
docker_registry_service
Default:docker_registry
Look at docker_registry.
The following Variables declares for which service, which registry is to use:
-
docker_registry_ara_server
Default:docker_registry_ansible
-
docker_registry_inventory_reconciler
Default:docker_registry_ansible
-
docker_registry_mariadb
Default:docker_registry_service
-
docker_registry_osism
Default:docker_registry_ansible
-
docker_registry_osism_netbox
Default:docker_registry_ansible
-
docker_registry_receptor
Default:docker_registry_ansible
-
docker_registry_redis
Default:docker_registry_service
-
docker_registry_vault
Default:docker_registry_service
-
docker_network_mtu
Default:1500
Set this to the MTU for your outside connection.
Generic Variables
-
manager_network
Default:172.31.101.0/27
The subnet for the Manager in the docker-compose file.
-
manager_service_name
Default:docker-compose@manager
Name from the Manager service to deal with it.
Directories Variables
-
ansible_directory
Default:/opt/ansible
Directory for the ansible configuration file.
-
archive_directory
Default:/opt/archive
# Fix me
-
cache_directory
Default:/opt/ansible/cache
Path to the cache which ansible should use.
-
configuration_directory
Default:/opt/configuration
Directory where the configuration files for Osism are stored.
-
logs_directory
Default:/opt/ansible/logs
Location of the logfiles from the installation.
-
secrets_directory
Default:/opt/ansible/secrets
Directory which contains the secret files.
-
state_directory
Default:/opt/state
In this directory the state files will be stored.
-
manager_docker_compose_directory
Default:/opt/manager
Path to the directory where the docker-compose-files from the Manager will be stored.
-
manager_configuration_directory
Default:/opt/manager/configuration
This directory will contain the configuration files for the Manager.
Operator user Variables
-
operator_user
Default:dragon
The user which will own the configuration directory and handles with Docker.
-
operator_group
Default:operator_user
Group from the user which will own the configuration directory and handles with Docker.
Private keys
-
deploy_private_key
-----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY-----
-
operator_private_key
-----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY-----
-
private_keys
These are the private keys in for
deploy
andoperator
.Packages
-
required_packages_manager
Default:python3-virtualenv
Required packages for the Manager installation.
Netbox Integration Variables
-
enable_netbox
Default:netbox_enable
Look at netbox_enable.
-
netbox_enable
Default:false
Disables Netbox integration for deployment.
-
netbox_api_url
Default:""
Url to reach the Netbox API.
-
netbox_api_token
Default:""
Access token for Netbox API.
Inventory-reconciler Variables
-
inventory_reconciler_tag
Default:latest
Version from the Inventory-reconciler in form of a tag which should be used.
-
inventory_reconciler_image
Default:{{ docker_registry_inventory_reconciler }} /osism/inventory-reconciler:{{ inventory_reconciler_tag }}
The container image to use.
Ansible services Variables
Note: The osism-ansible service is always enabled and cannot be disabled.
-
ansible_services_defaults
- name: ceph-ansible container_name: "{{ ceph_ansible_container_name }}" tag: "{{ ceph_ansible_tag }}" image: "{{ ceph_ansible_image }}" enable: "{{ enable_ceph_ansible }}" - name: kolla-ansible container_name: "{{ kolla_ansible_container_name }}" tag: "{{ kolla_ansible_tag }}" image: "{{ kolla_ansible_image }}" enable: "{{ enable_kolla_ansible }}"
Required services for Osism.
-
ansible_services_extra
Default:[]
Here you can define extra services besides ceph-ansible and kolla-ansible.
-
ansible_services
Default:ansible_services_defaults + ansible_services_extra
A compose of ansible_services_defaults and ansible_services_extra.
Osism-ansible Variables
-
osism_ansible_container_name
Default:osism-ansible
Name of the container in which Osism-ansible will run.
-
osism_ansible_tag
Default:latest
Version from Osism-ansible in form of a tag which should be used.
-
osism_ansible_image
Default:{{ docker_registry_ansible }}/osism/osism-ansible:{{ osism_ansible_tag }}
The container image to use.
Ceph-ansible Variables
-
enable_ceph_ansible
Default:ceph_ansible_enable
Have a look at ceph_ansible_enable.
-
ceph_ansible_enable
Default:true
Enables Ceph-ansible integration for deployment.
-
ceph_ansible_container_name
Default:ceph-ansible
Name of the container in which Ceph-ansible will run.
-
ceph_ansible_tag
Default:pacific
Version in form of a tag which should be used.
-
ceph_ansible_image
Default:{{ docker_registry_ansible }}/osism/ceph-ansible:{{ ceph_ansible_tag }}
The container image to use.
Kolla-ansible Variables
-
enable_kolla_ansible
Default:kolla_ansible_enable
Look at kolla_ansible_enable.
-
kolla_ansible_enable
Default:true
Enables Kolla-ansible integration for deployment.
-
kolla_ansible_container_name
Default:kolla-ansible
Name of the container in which Kolla-ansible will run.
-
kolla_ansible_tag
Default:xena
Version in form of a tag which should be used.
-
kolla_ansible_image
Default:{{ docker_registry_ansible }}/osism/kolla-ansible:{{ kolla_ansible_tag }}
The container image to use.
Redis Variables
-
manager_redis_tag
Default:7.0.0-alpine
Version in form of a tag which should be used.
-
manager_redis_image
Default:{{ docker_registry_redis }}/library/redis:{{ manager_redis_tag }}
The container image to use.
Ara Variables
-
enable_ara
Default:ara_enable
Look at ara_enable.
-
ara_enable
Default:true
Enables Ara integration for deployment.
-
ara_username
Default:ara
Defines the ara user.
-
ara_password
Default:password
The password for ara.
-
ara_server_traefik
Default:false
Set the configuration from Traefik to false. If true Traefik will be used.
-
ara_server_host
Default:ansible_default_ipv4.address
Hostname for the Ara server.
-
ara_server_port
Default:8120
Port for the Ara server.
-
ara_workers
Default:5
Amount of workers Ara should spawn.
-
ara_worker_class
Default:sync
The Type of worker which Ara spawns.
-
ara_server_tag
Default:1.5.8
Version which should be used.
-
ara_server_image
Default:{{ docker_registry_ara_server }}/osism/ara-server:{{ ara_server_tag }}
The container image to use.
-
ara_server_database_type
Default:mysql
Select the database backend for Ara.
-
ara_server_mariadb_host
Default:ansible_default_ipv4.address
Address of the MariaDB database for Ara.
-
ara_server_mariadb_port
Default:3306
Port from the MariaDB database.
-
ara_server_mariadb_username
Default:ara
Database username for Aras MariaDB.
-
ara_server_mariadb_password
Default:password
Password for the database.
-
ara_server_mariadb_databasename
Default:ara_server_mariadb_username
Name for the database Ara should use.
-
ara_server_mariadb_tag
Default:10.8.3
The Version which should be used.
-
ara_server_mariadb_image
Default:{{ docker_registry_mariadb }}/library/mariadb:{{ ara_server_mariadb_tag }}
The container image to use.
Celery Variables
-
enable_celery
Default:celery_enable
Have a look at celery_enable.
-
celery_enable
Default:true
Disables Celery integration for deployment.
-
osism_tag
Default:latest
The Version which should used.
-
osism_image
Default:{{ docker_registry_osism }}/osism/osism:{{ osism_tag }}
The container image which should used.
-
osism_netbox_tag
Default:latest
Version which should be used.
-
osism_netbox_image
Default:{{ docker_registry_osism_netbox }}/osism/osism-netbox:{{ osism_netbox_tag }}
The container image which should used.
-
flower_host
Default:ansible_default_ipv4.address
Address of the Flower server for Celery queue.
-
flower_port
Default:5555
Port which Flower will use for connections from outside.
-
flower_traefik
Default:false
Set the configuration from Traefik to false. If true Traefik will be used.
-
osism_api_host
Default:ansible_default_ipv4.address
Address of the Osism API.
-
osism_api_port
Default:8000
Port for the Osism API.
Vault Variables
-
vault_container_name
Default:vault
Name of the container in which Vault will run.
-
enable_vault
Default:false
Enables Vault integration for deployment.
-
vault_host
Default:ansible_default_ipv4.address
Address of the HashiCorp Vault server.
-
vault_port
Default:8200
Port which Vault will use for connections from outside.
-
vault_tag
Default:1.10.3
The Version which should used.
-
vault_image
Default:{{ docker_registry_vault }}/hashicorp/vault:{{ vault_tag }}
The container image to use.
Disables the output of the Vault unlock keys.
Disables the writing Vault unlock keys to a file.
Location of the file which contains the Vault unlock keys.
Wrapper Variables
-
manager_wrapper_scripts
Default:- osism - osism-ansible - osism-ceph - osism-custom - osism-generic - osism-infrastructure - osism-kolla - osism-manager - osism-mirror - osism-monitoring - osism-openstack - osism-run - osism-run-without-secrets - osism-state - osism-update-manager - osism-validate
List of template files that generate wrapper scripts. These scripts perform docker-exec commands in the respektive containers.
Enviroment Variables
-
manager_environment_extra
Default:{}
Enviroments variables that will be added at the ansible container start.
Listener Variables
-
enable_listener
Default:true
Enable listener service.
-
manager_listener_broker_uri
Default:amqp://openstack:password@127.0.0.1:5672/
Url to task queue broker.
OpenStack Variables
-
manager_openstack_os_project_domain_name
Default:Default
-
manager_openstack_os_user_domain_name
Default:Default
-
manager_openstack_os_project_name
Default:admin
-
manager_openstack_os_username
Default:admin
-
manager_openstack_os_password
Default:password
-
manager_openstack_os_auth_url
Default:http://localhost:5000/v3
Enviroment variables for the Osism container. These are the credentials to access the OpenStack installation.
Traefik Variables
-
traefik_external_network_name
Default:traefik
Name of the Manager network for Traefik.
-
traefik_external_network_cidr
Default:172.31.254.0/24
The Traefik network segment for external traffic.
Replicas
-
manager_netbox_replicas
Default:1
Define how many replicas from Netbox will be installed.
Service integrations
-
manager_enable_bifrost
Default:false
Enable bifrost integration.
-
manager_enable_ironic
Default:true
Enable ironic integration.
Other services
-
beat_enable
Default:true
Enable beat service.
-
flower_enable
Default:false
Enable flower service.
-
docker_registry
- minikube
This ansible role installs Minikube. Minikube is a tool to let a single node Kubernetes cluster run on your system.
Role Variables
-
minikube_service_user
Default:{{ operator_user | default('dragon') }}
User for the Minicube service.
-
minikube_service_group
Default:{{ operator_group | default('dragon') }}
Group for the user of the Minicube service.
-
minikube_driver
Default:docker
Run driver for Minikube installation.
-
minikube_service_name
Default:minikube
Name from the Minicube service to deal with it.
-
minikube_version
Default:1.18.1
Version from Minicube which should be used.
-
minikube_package_url
Default:https://github.com/kubernetes/minikube/releases/download/ v{{ minikube_version }}/minikube_{{ minikube_version }}-0_amd64.deb
The url from which you will get the package for Minicube.
-
minikube_service_user
- netbox
Ansible role for installation and configuration Netbox and all its components. Netbox is an infrastructure resource modeling (IRM) tool to empower network automation.
Operator Variables
-
operator_user
Default:dragon
The user which will own the configuration directory.
-
operator_group
Default:operator_user
Group from the user which will own the configuration directory.
Docker Variables
-
docker_network_mtu
Default:1500
Set this to the MTU for your outside connection.
-
docker_registry_netbox
Default:quay.io
Name of the registry for the Netbox container image.
-
docker_registry_postgres
Default:index.docker.io
Name of the registry for the Postgres container image.
-
docker_registry_redis
Default:index.docker.io
Name of the registry for the Redis container image.
Variables for Netbox
-
netbox_configuration_directory
Default:/opt/netbox/configuration
The directory where the configuration for the Netbox will be stored.
-
netbox_secrets_directory
Default:/opt/netbox/secrets
Directory which contains the secret files.
-
netbox_docker_compose_directory
Default:/opt/netbox
Path to the directory where the docker-compose-files from Netbox will be stored.
-
netbox_network
Default:172.31.100.176/28
The network to use for the Netbox container.
-
netbox_service_name
Default:docker-compose@netbox
Name of the docker-compose service for Netbox.
-
netbox_host
Default:127.0.0.1
Hostname for the Netbox server.
-
netbox_port
Default:8121
Port for the Netbox server.
-
netbox_osism_api_host
Default:netbox_host
Sets the Osism API host.
-
netbox_osism_api_port
Default:8000
Sets th eOsism API port.
-
netbox_userid
Default:101
Defines the userid for container user inside the netbox container.
-
netbox_tag
Default:v3.2.3-ldap
Version of Netbox which should be used.
-
netbox_image
Default:{{ docker_registry_netbox }}/osism/netbox:{{ netbox_tag }}
The container image to use.
-
netbox_secret_key
Default:00000000-0000-0000-0000-000000000000
The secret key for Netbox.
-
netbox_superuser_name
Default:admin
The name for the superuser.
-
netbox_superuser_email
Default:netbox@osism.local
Email Address for the superuser.
-
netbox_superuser_password
Default:password
Password for the superuser.
-
netbox_superuser_api_token
Default:0000000000000000000000000000000000000000
Api Token for the superuser.
-
netbox_user_name
Default:dragon
User for Netbox.
-
netbox_user_api_token
Default:1111111111111111111111111111111111111111
Api token for the Netbox user.
-
netbox_ldap_enable
Default:false
LDAP should not be used for user authentication against netbox.
-
netbox_ldap_server_uri
Default:ldap://localhost:389
Address of the LDAP server.
-
netbox_ldap_bind_dn
Default:""
Username used for connecting to the LDAP server.
-
netbox_ldap_bind_password
Default:""
Password used for connecting to the LDAP server.
-
netbox_ldap_user_dn_template
If required define the LDAP user template here.
-
netbox_ldap_user_search_attr
Default:sAMAccountName
Defines which attribute of a user DN is the naming attribute.
-
netbox_ldap_user_search_basedn
Default:""
Defines the users base DN string.
-
netbox_ldap_group_search_class
Default:group
Defines the search class for a group (can be user or group)
-
netbox_ldap_group_search_basedn
Default:""
Defines the group base DN string.
-
netbox_ldap_group_type
Default:NestedGroupOfNamesType
Sets the type of the LDAP group.
-
netbox_ldap_require_group_dn
When a group DN string is required, set this
-
netbox_ldap_is_admin_dn
If a DN is required to login as an admin. You need to define the DN here if required.
-
netbox_ldap_is_superuser_dn
If a DN is required to get superuser rights. You need to define the DN here if required.
-
netbox_ldap_start_tls
Default:false
Configures if START TLS should be used.
-
netbox_ldap_ignore_cert_errors
Default:false
Wheater certificate issues should be ignored or not.
-
netbox_ldap_mirror_groups
Default:false
Configures if groups from ldap should be mirrored to netbox.
-
netbox_ldap_find_group_perms
Default:true
If true, configures the rights from LDAP automatically to matching group names in netbox.
-
netbox_ldap_cache_timeout
Default:3600
Cache time span before an information becomes invalid if there is no connection to the server.
-
netbox_metrics
Default:True
Configures, if netbox should offer a metrics endpoint which can be monitored.
-
netbox_initializers
Default:- custom_fields - device_roles - device_types - groups - manufacturers - object_permissions - prefix_vlan_roles - sites - tags - users - webhooks
List of files which contain preconfigured settings for netbox data. (Like device types, custom fields, etc.)
-
netbox_extra
Default:{}
Additional environment variables for the netbox container.
-
netbox_plugins_defaults
Default:- netbox_initializers - netbox_plugin_osism
Plugins for Netbox which should be installed at default.
-
netbox_plugins_extra
Default:[]
Here you can define extra plugins.
-
netbox_plugins
Default:netbox_plugins_defaults + netbox_plugins_extra
Compose of netbox_plugins_defaults + netbox_plugins_extra.
-
netbox_plugins_config_osism
grafana: "http://{{ kolla_internal_vip_address|default('127.0.0.1') }}:3000" netdata: "http://{{ netdata_api_host|default('127.0.0.1') }}:19999"
OSISM specific configuration for plugins of netbox. Contains mostly urls to other connected services.
-
netbox_plugins_config
Default:netbox_plugin_osism: {{ netbox_plugins_config_osism }}
Configuration for all Plugins of netbox.
Postgres Variables
-
postgres_tag
Default:14.3-alpine
Version of Postgres which should be used.
-
postgres_image
Default:{{ docker_registry_postgres }}/library/postgres:{{ postgres_tag }}
The container image to use.
-
netbox_postgres_password
Default:password
Password for the Netbox-Postgres database.
-
netbox_postgres_username
Default:netbox
Username for the Netbox-Postgres database.
-
netbox_postgres_databasename
Default:netbox
Name for the Netbox-Postgres database.
Redis Variables
-
netbox_redis_tag
Default:7.0.0-alpine
Version for Redis which should be used.
-
netbox_redis_image
Default:{{ docker_registry_redis }}/library/redis:{{ netbox_redis_tag }}
The container image to use.
Traefik Variables
-
netbox_traefik
Default:false
Set the configuration from Traefik to false. If true Traefik will be used.
-
traefik_external_network_name
Default:traefik
Name of Netbox network for Traefik.
-
traefik_external_network_cidr
Default:172.31.254.0/24
The Traefik network segment for external traffic.
Initializers Variables
-
netbox_init_object_permissions
read_write_all: enabled: true description: 'Read/Write all objects' object_types: all actions: - add - change - delete - view groups: - netbox-writers read_all: enabled: true description: 'Read all objects' object_types: all actions: - view groups: - netbox-readers
Part of the initial data to configure netbox. contains permission settings for read_write_all and read_write permission.
-
netbox_init_groups
netbox-writers: users: - "{{ netbox_user_name }}" netbox-readers: users: []
Sets permissions trough netbox groups by adding users to the respective groups.
-
netbox_init_users_template
Default:{'{{ netbox_user_name }}': {'api_token': '{{ netbox_user_api_token }}'}}
String in a specific format that adds users to netbox with name and api token.
-
netbox_init_users
Default:netbox_init_users_template
Have a look at netbox_init_users_template.
-
operator_user
- netdata
This ansible role install and configure Netdata. Netdata is a tool for collecting system metrics and transform these in visualize these metrics in real-time.
Role Variables
-
netdata_configuration_files
Default:- netdata.conf - stream.conf
Files for the Netdata configuration.
-
netdata_service_name
Default:netdata
Service name for Netdata to deal with it.
-
netdata_package_name
Default:netdata
Package for the installation of Netdata.
-
netdata_configure_repository
Default:false
Configure the system for installing Netdata.
-
netdata_debian_repository_arch
Default:amd64
Architecture from the target system.
-
netdata_debian_repository_key
Default:https://packagecloud.io/netdata/netdata-edge/gpgkey
-
netdata_debian_repository
Default:deb [ arch={{ netdata_debian_repository_arch }} ] https://packagecloud.io/netdata/netdata-edge/ubuntu/ {{ ansible_distribution_release }} main
The url from which you will get the package.
-
netdata_host_type
Default:client
The type of the host. Possible values: [client, server]
-
netdata_api_host
Default:127.0.0.1
IP address of the Netdata API.
-
netdata_api_port
Default:19999
Port for the Netdata API.
-
netdata_hostname
Default:inventory_hostname_short
The short hostname provided from the ansible inventory.
-
netdata_update_every
Default:5
Interval in seconds how often netdata should update the data
-
netdata_page_cache_size
Default:128
Memory for metrics storage, in MiB
-
netdata_accept_a_streaming_request_every_seconds
Default:1
Limit on how often a parent node will accept streaming requests from its child nodes
-
netdata_default_history
Default:3600
Default history size of past values
-
netdata_enable_cloud
Default:false
Connect netdata daemons to the netdata cloud.
-
netdata_memory_mode
Default:map
Mode in which the metrics are stored. Possible values: dbengine, ram, save, map, none, alloc
-
netdata_sys_vm_max_map_count
Default:262120
NOTE: The more nodes streaming to the server the higher this value must be set.
-
netdata_configuration_files
- nexus
This role is based on the following two roles:
Docker Variables
-
docker_network_mtu
Default:1500
Set this to the MTU for your outside connection.
-
docker_registry
Default:index.docker.io
Look at docker_registry_nexus.
-
docker_registry_nexus
Default:docker_registry
The registry for the Nexus Docker container.
Operator Variables
-
operator_user
Default:dragon
The user which will own the configuration directory.
-
operator_group
Default:operator_user
Group from the user which will own the configuration directory.
Nexus Variables
-
nexus_docker_compose_directory
Default:/opt/nexus
Path to the directory where the docker-compose-files from Nexus will be stored.
-
nexus_configuration_directory
Default:/opt/nexus/configuration
In this directory the configuration files for Nexus will be stored.
-
nexus_host
Default:127.0.0.1
The host where Nexus will be reachable.
-
nexus_port
Default:8190
Port which Nexus will use for connections from outside.
-
nexus_tag
Default:3.39.0
Version from Nexus which should be used.
-
nexus_image
Default:{{ docker_registry_nexus }}/osism/nexus:{{ nexus_tag }}
The container image to use.
-
nexus_network
Default:172.31.101.32/28
The subnet for Nexus in the docker-compose file.
-
nexus_container_name
Default:nexus
Name of the container in which Nexus will run.
-
nexus_service_name
Default:docker-compose@nexus
Name from the Nexus service to deal with it.
-
nexus_provision_scripts
Default:- anonymous.json - cleanup.json - docker-hub.json - docker-quay.json - ubuntu-archive.json - ubuntu-docker.json
# FIX ME
-
nexus_provision_groovy_scripts
Default:- create_repos_from_list - setup_http_proxy - setup_realms - update_admin_password
# FIX ME
-
nexus_admin_username
Default:admin
Username for the Nexus admin.
-
nexus_admin_password
Default:password
Password for the Nexus admin.
-
nexus_with_http_proxy
Default:false
Configure Nexus to use HTTP Proxy or not.
-
nexus_http_proxy_host
Default:proxy.example.com
Proxy HTTP host for Nexus.
-
nexus_http_proxy_port
Default:8080
Port which should be used for the HTTP proxy.
-
nexus_http_proxy_username
Default:""
Username for HTTP proxy.
-
nexus_http_proxy_password
Default:""
Password for HTTP proxy.
-
nexus_with_https_proxy
Default:false
Configure Nexus to use HTTPS Proxy or not.
-
nexus_https_proxy_host
Default:proxy.example.com
Proxy HTTPS host for Nexus.
-
nexus_https_proxy_port
Default:8080
Port which should be used for the HTTPS proxy.
-
nexus_https_proxy_username
Default:""
Username for HTTPS proxy.
-
nexus_https_proxy_password
Default:""
Password for HTTPS proxy.
-
nexus_proxy_exclude_hosts
Default:- "localhost" - "127.*" - "[::1]"
If proxy is enabled these hosts should bypass the proxy.
-
nexus_docker_bearer_token_realm
Default:true
Bearer token for Docker realm.
-
nexus_repos_apt_defaults
blob_store: default strict_content_validation: true layout_policy: strict # strict or permissive write_policy: allow_once # one of "allow", "allow_once" or "deny" maximum_component_age: 1440 # Nexus gui default. For proxies only maximum_metadata_age: 1440 # Nexus gui default. For proxies only negative_cache_enabled: true # Nexus gui default. For proxies only negative_cache_ttl: 1440 # Nexus gui default. For proxies only flat: false # Nexus gui default. For proxies only
Defines how Nexus should deal with apt repositories.
-
nexus_repos_docker_defaults
blob_store: default force_basic_auth: true strict_content_validation: true version_policy: release # release, snapshot or mixed layout_policy: strict # strict or permissive write_policy: allow_once # one of "allow", "allow_once" or "deny" maximum_component_age: 1440 # Nexus gui default. For proxies only maximum_metadata_age: 1440 # Nexus gui default. For proxies only negative_cache_enabled: true # Nexus gui default. For proxies only negative_cache_ttl: 1440 # Nexus gui default. For proxies only # More about Foreign Layers https://help.sonatype.com/repomanager3/formats/docker-registry/foreign-layers cache_foreign_layers: false # Nexus gui default. For proxies only foreign_layer_url_whitelist: [] # Nexus gui default. For proxies only
Defines how Nexus should deal with Docker repositories.
-
nexus_repos_docker_proxy
- name: docker-quay http_port: 8192 v1_enabled: false index_type: "HUB" remote_url: "https://quay.io" use_nexus_certificates_to_access_index: false force_basic_auth: false cache_foreign_layers: true - name: docker-hub http_port: 8191 v1_enabled: false index_type: "HUB" remote_url: "https://registry-1.docker.io" use_nexus_certificates_to_access_index: false force_basic_auth: false cache_foreign_layers: true
Configuration for the used Docker registries.
-
nexus_repos_apt_proxy
- name: ubuntu-docker remote_url: https://download.docker.com/linux/ubuntu/ distribution: focal flat: true - name: ubuntu-archive remote_url: http://archive.ubuntu.com/ubuntu/ distribution: focal flat: true
Apt repositories that should be added to Nexus proxy.
Traefik Variables
-
nexus_traefik
Default:false
Set the configuration from Traefik to false. If true Traefik will be used.
-
traefik_external_network_name
Default:traefik
Name of the Nexus network for Traefik.
-
traefik_external_network_cidr
Default:172.31.254.0/24
The Traefik network segment for external traffic.
-
traefik_host
Default:127.0.0.1
Host Address where the Traefik proxy is located.
-
traefik_port_http
Default:80
Port which traefik will use for HTTP connections.
-
traefik_port_https
Default:443
This Port will used for HTTPS connections.
- openldap
This ansible role install and configure Openldap and its components. Openldap is a tool that allows you to build and manage a LDAP directory.
Operator Variables
-
operator_user
Default:dragon
The user which will own the configuration directory.
-
operator_group
Default:operator_user
Group from the user which will own the configuration directory.
Docker Variables
-
docker_network_mtu
Default:1500
Set this to the MTU for your outside connection.
-
docker_registry_openldap
Default:quay.io
The registry for the Openldap Docker container.
-
docker_registry_umc
Default:quay.io
Registry for the UMC Docker container.
Openldap Variables
-
openldap_configuration_directory
Default:/opt/openldap/configuration
In this directory the configuration files for Openldap will be stored.
-
openldap_secrets_directory
Default:/opt/openldap/secrets
This directory will store the secrets file.
-
openldap_docker_compose_directory
Default:/opt/openldap
Path to the directory where the docker-compose-files from Openldap will be stored.
-
openldap_network
Default:172.31.100.240/28
The network to use for the Openldap container.
-
openldap_container_name
Default:openldap
Name of the container in which Openldap will run.
-
openldap_service_name
Default:docker-compose@openldap
Name from the Openldap service to deal with it.
-
openldap_host
Default:127.0.0.1
The host where Openldap will be reachable.
-
openldap_ldap_port
Default:389
Port which Openldap will use for connections from outside.
-
openldap_ldaps_port
Default:636
Secure port which Openldap will use for connections.
-
openldap_tag
Default:build-25862
Version of Openldap which should be used.
-
openldap_image
Default:{{ docker_registry_openldap }}/univention/upx-ldap-server:{{ openldap_tag }}
The container image to use.
-
openldap_domain_name
Default:osism.local
Configures the Ldap domain.
-
openldap_base_dn
Default:dc=osism,dc=local
Defines the base dn string.
-
openldap_password
Default:password
Password for Openldap.
-
openldap_cacert_pem
# FIX ME
-
openldap_cert_pem
# FIX ME
-
openldap_private_key
# FIX ME
-
openldap_dh_parameters
# FIX ME
UDM Variables
-
udm_rest_host
Default:127.0.0.1
The host where UDM will be reachable.
-
udm_rest_port
Default:9979
Port which UDM will use for connections.
-
udm_rest_container_name
Default:udm-rest
Name of the container in which UDM will run.
-
udm_rest_tag
Default:build-24328
Version from UDM which should used.
-
udm_rest_image
Default:{{ docker_registry_udm_rest }}/univention/upx-udm-rest:{{ udm_rest_tag }}
The container image to use.
UMC Variables
-
umc_web_host
Default:127.0.0.1
# FIX ME
-
umc_web_port
Default:8090
Port which UMC-web will use for connections.
-
umc_web_container_name
Default:umc-web
Name of the container in which UMC-web will run.
-
umc_web_tag
Default:build-24437
Version which should used.
-
umc_web_image
Default:{{ docker_registry_umc }}/univention/upx-umc-web:{{ umc_web_tag }}
The container image to use.
-
umc_gateway_host
Default:127.0.0.1
# FIX ME
-
umc_gateway_http_port
Default:8191
HTTP port for UMC.
-
umc_gateway_https_port
Default:8192
HTTPS port for UMC.
-
umc_gateway_container_name
Default:umc-gateway
Name of the container in which UMC-gateway will run.
-
umc_gateway_tag
Default:build-24437
Version which should used.
-
umc_gateway_image
Default:{{ docker_registry_umc }}/univention/upx-umc-gateway:{{ umc_gateway_tag }}
The container image to use.
-
umc_server_host
Default:127.0.0.1
The host where UMC will be reachable.
-
umc_server_port
Default:6670
Port which UMC will use for connections.
-
umc_server_container_name
Default:umc-server
Name of the container in which UMC will run.
-
umc_server_tag
Default:build-24437
Version of UMC which should used.
-
umc_server_image
Default:{{ docker_registry_umc }}/univention/upx-umc-server:{{ umc_server_tag }}
The container image to use.
-
operator_user
- openstack_health_monitor
This ansible role install and configure the Openstack-health-monitor. Openstack-health-monitor is an external programm that monitors Openstack API endpoints.
Docker Variables
-
docker_network_mtu
Default:1500
Set this to the MTU for your outside connection.
-
docker_registry_openstack_health_monitor
Default:quay.io
The registry for the Openstack-health-monitor Docker container.
Operator Variables
-
operator_user
Default:dragon
The user which will own the configuration directory.
-
operator_group
Default:operator_user
Group from the user which will own the configuration directory.
Common Variables
-
openstack_health_monitor_install_type
Default:container
Which type for instalation you prefer to use. The values that can be used are
package
orcontainer
.-
openstack_health_monitor_clouds_yml_path
Default:/opt/configuration/environments/openstack/clouds.yml
Path to the clouds.yml.
-
openstack_health_monitor_secure_yml_path
Default:/opt/configuration/environments/openstack/secure.yml
Credentials for the clouds.yml configured in the secure.yml.
Configuration Variables
These are variables for the openstack-health-monitor:
-
openstack_health_monitor_ADDJHVOLSIZE
Default:0
-
openstack_health_monitor_ADDVMVOLSIZE
Default:0
-
openstack_health_monitor_AZS
Default:nova
-
openstack_health_monitor_DATADIR
Default:/data
-
openstack_health_monitor_FLAVOR
Default:1C-1GB-5GB
-
openstack_health_monitor_IMG
Default:Ubuntu 20.04
-
openstack_health_monitor_JHFLAVOR
Default:1C-1GB-5GB
-
openstack_health_monitor_JHIMG
Default:Ubuntu 20.04
-
openstack_health_monitor_OS_CLOUD
Default:openstack_health_monitor
-
openstack_health_monitor_arguments
Default:-O -C -D -N 1 -i 1 -n 2
Cronjob Variables
-
openstack_health_monitor_cronjob
Default:false
Enable cronjob for healthcheck.
-
openstack_health_monitor_cronjob_minute
Default:*/10
Interval in minutes for healthcheck in the cronformat.
-
openstack_health_monitor_cronjob_hour
Default:*
Interval in hours for healthcheck in the cronformat.
Container Variables
-
openstack_health_monitor_configuration_directory
Default:/opt/openstack_health_monitor/configuration
In this directory the configuration files for Openstack-health-monitor will be stored.
-
openstack_health_monitor_docker_compose_directory
Default:/opt/openstack_health_monitor
Path to the directory where the docker-compose-files from Openstack-health-monitor will be stored.
-
openstack_health_monitor_tag
Default:v3.0.0
Version from the Openstack-health-monitor which should be installed.
-
openstack_health_monitor_image
Default:{{ docker_registry_openstack_health_monitor }}/sovereigncloudstack /openstack-health-monitor:{{ openstack_health_monitor_tag }}
The container image to use.
-
openstack_health_monitor_container_name
Default:openstack_health_monitor
Name of the container.
-
openstack_health_monitor_service_name
Default:docker-compose@openstack_health_monitor
Name of the service.
-
openstack_health_monitor_network
Default:172.31.100.160/28
The network to use for the Openstack-health-monitor container.
-
docker_network_mtu
- openstackclient
This ansbile role install the OpenStackClient. OpenStackClient is a command-line client for OpenStack that brings the command set for Compute, Identity, Image, Object Storage and Block Storage APIs together in a single shell with a uniform command structure.
Docker Variables
-
docker_network_mtu
Default:1500
Set this to the MTU for your outside connection.
-
docker_registry_openstackclient
Default:quay.io
The registry for the OpenStackClient Docker container.
Operator Variables
-
operator_user
Default:dragon
The user which will own the configuration directory.
-
operator_group
Default:operator_user
Group from the user which will own the configuration directory.
Openstackclient Variables
-
openstackclient_install_type
Default:container
Which type for instalation you prefer to use. The values that can be used are
package
orcontainer
.-
openstackclient_version
Default:xena
The Version from the OpenStackClient which should used.
Container Variables
-
openstackclient_configuration_directory
Default:/opt/openstackclient/configuration
In this directory the configuration files for OpenStackClient will be stored.
-
openstackclient_data_directory
Default:/opt/openstackclient/data
Directory where the data for the OpenStackClient will be stored.
-
openstackclient_docker_compose_directory
Default:/opt/openstackclient
Path to the directory where the docker-compose-files from OpenStackClient will be stored.
-
openstackclient_tag
Default:{{ openstackclient_version }}
Version from the OpenStackClient which should be installed.
-
openstackclient_image
Default:{{ docker_registry_openstackclient }}/osism/openstackclient:{{ openstackclient_tag }}
The container image to use.
-
openstackclient_container_name
Default:openstackclient
Name of the container in which OpenStackClient will run.
-
openstackclient_network
Default:172.31.100.16/28
The network to use for the OpenStackClient container.
-
openstackclient_service_name
Default:docker-compose@openstackclient
The network to use for the OpenStackClient container.
Package Variables
-
openstackclient_configure_repository
Default:true
Configure the system for installing OpenStackClient. Install dependencies, add the repository key and the repository itselfs.
-
openstackclient_debian_repository_arch
Default:amd64
Architecture from the target system.
-
openstackclient_debian_repository_key
Default:391A9AA2147192839E9DB0315EDB1B62EC4926EA
The url from which you will get the package.
-
openstackclient_debian_repository
Default:deb [ arch={{ openstackclient_debian_repository_arch }} ] http://ubuntu-cloud.archive.canonical.com/ubuntu {{ ansible_distribution_release }}-updates/ {{ openstackclient_version }} main
Name of the OpenStackClient debian repository.
-
openstackclient_debian_packages
Default:- python3-openstackclient - python3-heatclient - python3-magnumclient
Required packages for installing OpenStackClient.
-
docker_network_mtu
- patchman
This ansible role install and configure Patchman and required components. Patchman is a maleware and vulnerability tool for websites. It will patch automaticly if it find something.
Operator Variables
-
operator_user
Default:dragon
The user which will own the configuration directory.
-
operator_group
Default:operator_user
Group from the user which will own the configuration directory.
Docker Variables
-
docker_network_mtu
Default:1500
Set this to the MTU for your outside connection.
-
docker_registry_patchman
Default:quay.io
The registry for the Patchman Docker container.
-
docker_registry_postgres
Default:index.docker.io
Registry for the Postgres Docker container files.
-
docker_registry_memcached
Default:index.docker.io
The registry for the Memcached container files.
Patchman Variables
-
patchman_configuration_directory
Default:/opt/patchman/configuration
In this directory the configuration files for Patchman will be stored.
-
patchman_docker_compose_directory
Default:/opt/patchman
Path to the directory where the docker-compose-files from Patchman will be stored.
-
patchman_host
Default:127.0.0.1
The host where Patchman will be reachable.
-
patchman_port
Default:8150
Port which Patchman will use for connections from outside.
-
patchman_server_url
Default:http://{{ patchman_host }}:{{ patchman_port }}
The url under which Patchman is reachable.
-
patchman_tag
Default:2.0.3
Version from the Patchman which should be installed.
-
patchman_image
Default:{{ docker_registry_patchman }}/osism/patchman:{{ patchman_tag }}
The container image to use.
-
patchman_container_name
Default:patchman
Name of the container in which Patchman will run.
-
patchman_network
Default:172.31.100.80/28
The network to use for the Patchman container.
-
patchman_service_name
Default:docker-compose@patchman
Name from the Patchman service to deal with it.
-
patchman_username
Default:patchman
Username for Patchman login.
-
patchman_password
Default:password
Password for Patchman login.
-
patchman_secret_key
Default:aiGe7eedievootee3ook3aeshok2sa4p
The secret key for patchman.
-
patchman_cron_day
Default:*
Day-parameter for the Patchman cronjob.
-
patchman_cron_hour
Default:1
Hour-parameter for the Patchman cronjob.
-
patchman_cron_minute
Default:3
Minute-parameter for the Patchman cronjob.
-
patchman_cron_user
Default:{{ operator_user|default('dragon') }}
User that should hold the cronjobs for Patchman.
-
patchman_debug
Default:False
Disable debugging messages.
-
patchman_update_statfile
Default:/tmp/patchman.stat
File to safe the last execution time of Patchman.
-
patchman_update
Default:true
Enables the update funktion from Patchman.
-
patchman_update_force
Default:false
Forces the update run to be executed.
-
patchman_update_valid_time
Default:86400
Defines the intervall for how long an update is considerd as valid.
Postgres Variables
-
postgres_tag
Default:14.2-alpine
Version of Postgres which should be used.
-
postgres_image
Default:{{ docker_registry_postgres }}/library/postgres:{{ postgres_tag }}
The container image to use.
-
patchman_postgres_username
Default:patchman
Username for the Patchman-Postgres database.
-
patchman_postgres_password
Default:password
Password for the Patchman-Postgres database.
-
patchman_postgres_databasename
Default:patchman_postgres_username
Password for the Patchman-Postgres database.
Memcached Variables
-
patchman_memcached_tag
Default:1.6.14-alpine
Version from Memcached which should used.
-
patchman_memcached_image
Default:{{ docker_registry_memcached }}/library/memcached:{{ patchman_memcached_tag }}
The container image to use.
Traefik Variables
-
patchman_traefik
Default:false
Set the configuration from Traefik to false. If true Traefik will be used.
-
traefik_external_network_name
Default:traefik
Name of Patchman network for Traefik.
-
traefik_external_network_cidr
Default:172.31.254.0/24
The Traefik network segment for external traffic.
-
operator_user
- patchman_client
This ansible role install Patchman-client. The Patchman-client manage the list of packages for the Patchman server. Patchman-client can also be used to inspect the version of a package on a certain host.
Role Variables
-
patchman_client_cron_day
Default:*
Day-parameter for the Patchman-client cronjob.
-
patchman_client_cron_hour
Default:0
Hour-Parameter for the Patchman-client cronjob.
-
patchman_client_cron_minute
Default:3
Minute-parameter for the Patchman-client cronjob.
-
patchman_client_cron_user
Default:{{ operator_user|default('dragon') }}
User that should hold the cronjobs for Patchman-client.
-
patchman_client_curl_options
Default:--insecure --connect-timeout 60 --max-time 300
Settings for curl.
-
patchman_client_report
Default:0
# FIX ME
-
patchman_client_tags
Default:Server
# FIX ME
-
patchman_client_host
Default:localhost
The host where Patchman-client will be reachable.
-
patchman_client_port
Default:8150
Port which Patchman-client will use for connections from outside.
-
patchman_client_server_url
Default:http://{{ patchman_client_host }}:{{ patchman_client_port }}
The url under which Patchman server is reachable.
-
patchman_client_update_statfile
Default:/tmp/patchman-client.stat
File to safe the last execution time of Patchman-client.
-
patchman_client_update
Default:true
Enables the update funktion from Patchman-client.
-
patchman_client_update_force
Default:false
Forces the update run to be executed.
-
patchman_client_update_valid_time
Default:86400
Defines the intervall for how long an update is considerd as valid.
-
patchman_client_cron_day
- phpmyadmin
Ansible role to install and configure Phpmyadmin. Phpmyadmin is a tool to manage MySQL and MariaDB database over the web.
Docker Variables
-
docker_network_mtu
Default:1500
Set this to the MTU for your outside connection.
-
docker_registry
Default:index.docker.io
Have a look at
docker_registry_phpmyadmin
-
docker_registry_phpmyadmin
Default:docker_registry
The registry for the Phpmyadmin Docker container.
Operator Variables
-
operator_user
Default:dragon
The user which will own the configuration directory.
-
operator_group
Default:operator_user
Group from the user which will own the configuration directory.
Phpmyadmin Variables
-
phpmyadmin_docker_compose_directory
Default:/opt/phpmyadmin
Path to the directory where the docker-compose-files from Phpmyadmin will be stored.
-
phpmyadmin_host
Default:127.0.0.1
The host where Phpmyadmin will be reachable.
-
phpmyadmin_database_host
Default:127.0.0.1
Host for the database.
-
phpmyadmin_port
Default:8110
Port which Phpmyadmin will use for connections from outside.
-
phpmyadmin_tag
Default:5.2
Version from the Phpmyadmin which should be installed.
-
phpmyadmin_image
Default:{{ docker_registry_phpmyadmin }} /phpmyadmin/phpmyadmin:{{ phpmyadmin_tag }}
The container image to use.
-
phpmyadmin_network
Default:172.31.100.32/28
The network to use for the Phpmyadmin container.
-
phpmyadmin_service_name
Default:docker-compose@phpmyadmin
Name from the Phpmyadmin service to deal with it.
Traefik Variables
-
phpmyadmin_traefik
Default:false
Set the configuration from Traefik to false. If true Traefik will be used.
-
traefik_external_network_name
Default:traefik
Name of Phpmyadmin network for Traefik.
-
traefik_external_network_cidr
Default:172.31.254.0/24
The Traefik network segment for external traffic.
-
docker_network_mtu
- rng
This ansible role install Haveged. Haveged is a random number generator.
Role Variables
-
rng_service_name
Default:haveged
Service name of haveged.
-
rng_package_name
Default:haveged
Package name for installing haveged.
-
rng_service_name
- rsyslog
This ansible role install and configure rsyslog with fluentd. Rsyslog transfer the log data to fluentd which makes the data more readable.
Role Variables
-
rsyslog_service_name
Default:rsyslog
Name from the Rsyslog service to deal with it.
-
rsyslog_package_name
Default:rsyslog
Package name from Rsyslog.
-
rsyslog_fluentd
Default:true
Enable fluentd export.
-
rsyslog_fluentd_port
Default:5140
Fluentd server port.
-
rsyslog_fluentd_host
Default:127.0.0.1
Fluentd server IP.
-
fluentd_port
Default:rsyslog_fluentd_port
Look at rsyslog_fluentd_port.
-
fluentd_host
Default:rsyslog_fluentd_host
Look at rsyslog_fluentd_host.
-
rsyslog_service_name
- rundeck
Ansible role for installing and configuring Rundeck and its components. Rundeck enables self-service operations. You can give specific users access to your existing tools, services and scripts.
Operator Variables
-
operator_user
Default:dragon
The user which will own the configuration directory.
-
operator_group
Default:operator_user
Group from the user which will own the configuration directory.
Docker Variables
-
docker_network_mtu
Default:1500
Set this to the MTU for your outside connection.
-
docker_registry_rundeck
Default:index.docker.io
The registry for the Rundeck Docker container.
-
docker_registry_postgres
Default:index.docker.io
Registry for the Postgres Docker container.
Rundeck Variables
-
rundeck_configuration_directory
Default:/opt/rundeck/configuration
In this directory the configuration files for Rundeck will be stored.
-
rundeck_secrets_directory
Default:/opt/rundeck/secrets
Directory which contains the secret files.
-
rundeck_docker_compose_directory
Default:/opt/rundeck
Path to the directory where the docker-compose-files from Rundeck will be stored.
-
rundeck_network
Default:172.31.100.192/28
The network to use for the Rundeck container.
-
rundeck_service_name
Default:docker-compose@rundeck
Name from the Rundeck service to deal with it.
-
rundeck_host
Default:127.0.0.1
The host where Rundeck will be reachable.
-
rundeck_port
Default:4440
Port which Rundeck will use for connections from outside.
-
rundeck_tag
Default:3.3.10
Version from the Rundeck which should be installed.
-
rundeck_image
Default:{{ docker_registry_rundeck }}/rundeck/rundeck:{{ rundeck_tag }}
The container image to use.
Postgres Variables
-
rundeck_postgres_tag
Default:13-alpine
Version of Postgres which should be used.
-
rundeck_postgres_image
Default:{{ docker_registry_postgres }}/library/postgres:{{ rundeck_postgres_tag }}
The container image to use.
-
rundeck_postgres_password
Default:password
Password for the Rundeck-Postgres database.
-
rundeck_postgres_username
Default:rundeck
Username for the Rundeck-Postgres database.
-
rundeck_postgres_databasename
Default:rundeck
Name for the Rundeck-Postgres database.
-
operator_user
- smartd
This ansible role installs Smartd. Hard drive monitoring daemon.
Role Variables
-
smartd_package_name
Default:smartmontools
Package name of smartd for installation.
-
smartd_service_name
Default:smartd
Service name of smartd.
-
smartd_package_name
- tang
This ansible role install Tang. Tang server for binding data to network presence.
Role Variables
-
tang_service_name
Default:tangd
The tang service and process name
-
systemd_destination
Default:/lib/systemd/system
The default systemd path
-
tang_port
Default:80
The default port for tang is 80, which is normally reserved for webservices
-
tang_service_name
- traefik
Ansible role for installing ang configuring Traefik. Traefik is a reverse proxy and loadbalancer for managing microservices.
Docker Variables
-
docker_network_mtu
Default:1500
Set this to the MTU for your outside connection.
-
docker_registry
Default:index.docker.io
The registry for the Traefik Docker container.
-
docker_registry_traefik
Default:docker_registry
Look at
docker_registry
.Operator Variables
-
operator_user
Default:dragon
The user which will own the configuration directory.
-
operator_group
Default:operator_user
Group from the user which will own the configuration directory.
Traefik Variables
-
traefik_docker_compose_directory
Default:/opt/traefik
Path to the directory where the docker-compose-files from Traefik will be stored.
-
traefik_certificates_directory
Default:/opt/traefik/certificates
Directory which strores the certificates.
-
traefik_configuration_directory
Default:/opt/traefik/configuration
In this directory the configuration files for Traefik will be stored.
-
traefik_host
Default:127.0.0.1
The host where Traefik will be reachable.
-
traefik_port
Default:8122
This port is for the Traefik dashboard.
-
traefik_port_http
Default:80
Port which Traefik will use for connections from outside.
-
traefik_port_https
Default:443
Port which Traefik will use for connections from outside via https.
-
traefik_certificates
Default:{}
If you want to add self-signed certificates you can do it here.
Example:
traefik_certificates dashboard: cert: "-----BEGIN CERTIFICATE-----..." key: "-----BEGIN PRIVATE KEY-----..."
-
traefik_tag
Default:v2.7.0
Version from the Traefik which should be installed.
-
traefik_image
Default:{{ docker_registry_traefik }}/traefik:{{ traefik_tag }}
The container image to use.
-
traefik_network
Default:172.31.101.48/28
Network which is behind Traefik.
-
traefik_container_name
Default:traefik
Container name for the Traefik service.
-
traefik_service_name
Default:docker-compose@traefik
Name from the Traefik service to deal with it.
-
traefik_external_network_name
Default:traefik
Network name of the external network for Traefik.
-
traefik_external_network_cidr
Default:172.31.254.0/24
The Traefik network segment for external traffic.
-
traefik_pilot_dashboard
Default:false
Disable the Traefik dashboard.
-
traefik_log_level
Default:INFO
Level of detail for the log messages.
-
docker_network_mtu
- virtualbmc
Ansible role for installing Virtualbmc. Virtualbmc is a bare metall controller for virtual machines.
Operator Variables
-
operator_user
Default:dragon
The user which will own the configuration directory.
-
operator_group
Default:operator_user
Group from the user which will own the configuration directory.
Docker Variables
-
docker_network_mtu
Default:1500
Set this to the MTU for your outside connection.
-
docker_registry_virtualbmc
Default:quay.io
The registry for the Virtualbmc Docker container.
Virtualbmc Variables
-
virtualbmc_container_name
Default:virtualbmc
Name of the container in which Virtualbmc will run.
-
virtualbmc_configuration_directory
Default:/opt/virtualbmc/configuration
In this directory the configuration files for Virtualbmc will be stored.
-
virtualbmc_docker_compose_directory
Default:/opt/virtualbmc
Path to the directory where the docker-compose-files from Virtualbmc will be stored.
-
virtualbmc_network
Default:172.31.101.128/28
The network to use for the Virtualbmc container.
-
virtualbmc_service_name
Default:docker-compose@virtualbmc
Name from the Virtualbmc service to deal with it.
-
virtualbmc_host
Default:127.0.0.1
The host where Virtualbmc will be reachable.
-
virtualbmc_port
Default:6230-6239
Port which Virtualbmc will use for connections from outside.
-
virtualbmc_tag
Default:2.2.1
Version from the Virtualbmc which should be installed.
-
virtualbmc_image
Default:{{ docker_registry_virtualbmc }}/osism/virtualbmc:{{ virtualbmc_tag }}
The container image to use.
-
operator_user
- wireguard
An ansible role for installation and configuration of wireguard. Sets up VPN service for a set of local users.
Role Variables
-
wireguard_users
List of users that will be configured for access. Each item is a dict with keys:
- name: Name of the user - key: The public wireguard key of the user - ip: The IP address assigned to the user
-
wireguard_mtu
Default:1360
Maximum Transfer Unit for wireguard. The default should allow connections to work through most consumer and cloud networks.
-
wireguard_server_address
Default:192.168.48.254/24
The VPN server address.
-
wireguard_listen_port
Default:51820
The port on which the wireguard server is listening.
-
wireguard_server_public_address
Default:WIREGUARD_PUBLIC_IP_ADDRESS
The public IP address of the wireguard server that clients can connect to.
-
wireguard_create_client_config
Default:false
Whether to create client config files. Assumes the user names to be local on the server and their home directory to be /home/user.name.
-
wireguard_users