ansible-collections-services

adminer

Ansible role to install and configure Adminer with docker-compose. Adminer is a tool for database management.

Role Variables

docker_network_mtu Default: 1500

Set this to the MTU for your outside connection.

docker_registry Default: index.docker.io

Default name of the registry for container images.

docker_registry_adminer Default: docker_registry

Name of the registry for the adminer container image.

operator_user Default: dragon

The user that should own the configuration directory.

operator_group Default: operator_user

The group that should own the configuration directory.

adminer_docker_compose_directory Default: /opt/adminer

The path where the docker-compose-files from Adminer will be stored.

adminer_host Default: 127.0.0.1

The host where Adminer will be reachable.

adminer_database_host Default: 127.0.0.1

Default database host that adminer should connect to.

adminer_port Default: 8111

Port which Adminer will be used for connections from outside.

adminer_tag Default: '4.7'

Tag of the container image that should be used.

adminer_image Default: "{{ docker_registry_adminer }}/library/adminer:{{ adminer_tag }}"

The container image to use.

adminer_network Default: 172.31.100.64/28

The network to use for the adminer container.

adminer_service_name Default: docker-compose@adminer

Name of the docker-compose service for adminer.

auditd

Ansible Role for installation and configuration Auditd. Auditd is used for collecting Package security messages and forwarding them to a central server.

Role Variables

auditd_backup Default: false

Sets the backup to false. If true the role will make a backup from the rule files.

auditd_syslog Default: false

This varaible disables write to rsyslog for auditd.

Variable for Configuration

auditd_config

- parameter: active
  value: "{{ 'yes' if auditd_syslog|bool else 'no' }}"
  config: /etc/audisp/plugins.d/syslog.conf

Configuration for Auditd.

Variables for Rules

auditd_rules_path Default: /etc/audit/rules.d

Path to where the rules from Auditd should be stored.

auditd_rules_files_defaults Default: 20-neo23x0.rules

Look at: auditd_rules_files.

auditd_rules_files_extra

Look at: auditd_rules_files.

auditd_rules_files Default: auditd_rules_files_defaults + auditd_rules_files_extra

The configuration files for the rules of Auditd composed from the Variables auditd_rules_files_defaults and auditd_rules_files_extra.

Variables for Packages

auditd_package_name Default: auditd

The required package for Auditd.

audispd_plugins_package_name Default: audispd-plugins

Plugins for Auditd.

Variable for Services

auditd_service_name Default: auditd

Service name to deal with the Auditd service.

bird

Role for setting up Bird. Bird is an dynamical IP routing daemon.

Role Variables

bird_package_name Default: bird

The package which is required for Bird.

bird_service_name Default: bird

Service name for Bird.

bird_sysctl

- name: net.ipv4.ip_forward
  value: 1
- name: net.ipv4.conf.all.send_redirects
  value: 0
- name: net.ipv4.conf.all.accept_redirects
  value: 0
- name: net.ipv4.fib_multipath_hash_policy
  value: 1
- name: net.ipv4.conf.default.ignore_routes_with_linkdown
  value: 1
- name: net.ipv4.conf.all.rp_filter
  value: 2

Sysctl parameters for Bird. The required kernel parameters for Bird.

bird_cidr Default: 10.12.0.0/16

The network for the Bird.

bird_leaf_interfaces

Management interface which communicate with the BFD (Bidirectional Forwarding Detection).

bird_neighbor_as Default: 65000

The private number for the Autonom System. This declares the number for the BGP-network.

bird_keepalive_time Default: 1

Keepalive time for BGP (Border Gateway Protocol).

bird_leaf_bfd Default: no

Disables the BGP protocol.

bird_leaf_hold_time Default: 3

Time which the BGP will wait for to declare the neighborship as down.

bird_bfd_idle_tx_interval Default: 200

Optimization for the BFD protocol.

bird_bfd_min_rx_interval Default: 20

Optimization for the BFD protocol.

bird_bfd_min_tx_interval Default: 20

Optimization for the BFD protocol.

bird_bfd_multiplier Default: 3

Sets the amount of not received hello packets by a neighbor. The amount defines the threshhold for an interface to be declared down.

cephclient

Ansible Role for installation and configuration from the Cephclient. You can choose between container installation and package installation.

Docker Variables

docker_network_mtu Default: 1500

Because of Docker don’t check the default MTU from the system it is nessecary to set the MTU for Docker.

docker_registry_cephclient Default: quay.io

Path to the registry that stores the Docker container images for Cephclient.

Operator Variables

operator_user Default: dragon

The user which will own the configuration directory and handles with Docker.

operator_group Default: operator_user

Group from the user which will own the configuration directory and handles with Docker.

Cephclient Variables

cephclient_install_type Default: container

Which type for instalation you prefer to use. The values that can be used are package or container.

cephclient_version Default: pacific

Version of the Cephclient which will be used.

cephclient_mons

The monitoring systems to which the Cephclient will be connected.

cephclient_keyring

Certificate which the Cephclient will need to use for connections.

cephclient_keyring_name Default: client.admin

Name for the certificate to store in a directory.

Container Variables

cephclient_configuration_directory Default: /opt/cephclient/configuration

The directory where the configuration for the Cephclient will be stored.

cephclient_data_directory Default: /opt/cephclient/data

Data from the Cephclient will be stored there.

cephclient_docker_compose_directory Default: /opt/cephclient

Path to where the docker-compose-files from Cephclient will be stored.

cephclient_tag Default: cephclient_version

The version from Cephclient in form of a tag which should be used.

cephclient_image Default: {{ docker_registry_cephclient }}/osism/cephclient:{{ cephclient_tag }}

The container image to use.

cephclient_container_name Default: cephclient

Container name for the Cephclient.

cephclient_network Default: 172.31.100.0/28

The subnet for Cephclient in the docker-compose file.

cephclient_service_name Default: docker-compose@cephclient

Name from the Cephclient service to deal with it.

Package Variables

cephclient_configure_repository Default: true

configures if the repository should be added or not.

cephclient_debian_repository_arch Default: amd64

Architecture from the target system.

cephclient_debian_repository_key Default: https://download.ceph.com/keys/release.asc

The url from which you will get the repository-key.

cephclient_debian_repository Default: "deb [ arch={{ cephclient_debian_repository_arch }} ] https://download.ceph.com/debian-{{ cephclient_version }} {{ ansible_distribution_release }} main"

Name of the Cephclient debian repository.

cephclient_debian_packages Default: ceph

Name from the required package for the Cephclient installation.

cgit

This ansible role will install and configure Cgit and Traefik for Cgit.

Docker Variables

docker_network_mtu Default: 1500

Because of Docker don’t check the default MTU from the system it is nessecary to set the MTU for Docker.

docker_registry_cgit Default: quay.io

Path to the registry that stores the Docker container images for Cgit.

Operator Variables

operator_user Default: dragon

The user which will own the configuration directory and handles with Docker.

operator_group Default: operator_user

Group from the user which will own the configuration directory and handles with Docker.

Cgit Variables

cgit_docker_compose_directory Default: /opt/cgit

The path where the docker-compose-files for Cgit will be stored.

cgit_configuration_directory Default: /opt/cgit/configuration

Directory in which the configuration files for Cgit will be stored.

cgit_host Default: 127.0.0.1

The host where Cgit will be reachable.

cgit_port Default: 8210

For connections Cgit will use the configured port.

cgit_tag Default: 1.2.3

The version from Cgit in form of a tag which should be used.

cgit_image Default: {{ docker_registry_cgit }}/osism/cgit:{{ cgit_tag }}

Container image which will be used.

cgit_network Default: 172.31.101.112/28

The subnet for Cgit in the docker-compose file.

cgit_service_name Default: docker-compose@cgit

Name from the Cgit service to deal with it.

cgit_repositories_defaults

configuration: /opt/configuration/.git
inventory: /var/lib/docker/volumes/manager_inventory_reconciler/_data/.git
netbox: /opt/state/netbox/.git

Have a look at: cgit_repositories.

cgit_repositories_extra Default: {}

Have a look at: cgit_repositories.

cgit_repositories Default: cgit_repositories_defaults|combine(cgit_repositories_extra)

The repositories which are required for the installation of Cgit.

Traefik Variables

cgit_traefik Default: false

Set the configuration from Traefik to false. If true Traefik will be used.

traefik_external_network_name Default: traefik

Name of the Docker network for Traefik.

traefik_external_network_cidr Default: 172.31.254.0/24

The Traefik network segment for external traffic.

chrony

This ansible role will installing and configuring Chrony.

Role Variables

chrony_package_name Default: chrony

Package name of the required package for the installation of Chrony.

configuration_directory Default: /opt/configuration

Path to the directory which will contains the configuration files.

chrony_local_conf_template Default: "{{ configuration_directory }}/environments/generic/templates/chrony.conf.j2"

Path to the template-configuration-file.

chrony_servers Default: - 0.de.pool.ntp.org - 1.de.pool.ntp.org - 2.de.pool.ntp.org - 3.de.pool.ntp.org

List with NTP server which should be used.

chrony_server_options Default: iburst

NTP server options.

chrony_sync_rtc Default: false

Configure Chrony to synchronize the hardware clock.

chrony_allowed_subnets Default: - 10/8 - 192.168/16 - 172.16/12

Chrony limits access to clients that are on certain subnets. Adjust the following subnets here to limit client access to chrony servers.

chrony_bind_local_interfaces_only Default: true

If set to true, chronyd will never open the server port and will operate strictly in a client-only mode.

chrony_bindaddresses Default: []

Bind Chrony to specific addresses NOTE: It is only possible to set at most one IPv4 and one IPv6 address.

clamav

Clamav is a free virusscanner for Linux based distributions. This role will install and configure Clamav.

Role Variables

clamav_configuration_defaults

- regexp: '^.*Example$'
  state: absent
- regexp: '^.*LocalSocket .*$'
  line: 'LocalSocket {{ clamav_localsocket }}'

Have a look at clamav_configuration.

clamav_configuration_extra Default: []

Have a look at clamav_configuration.

clamav_configuration Default: clamav_configuration_defaults + clamav_configuration_extra

Here you can specify which things you want to change in the Clamav configuration.

clamav_package_names

Required packages for Clamav.

clamav_localsocket

The directory where the socket will be stored in.

clamav_configuration_path

Path to the configuration files.

clamav_daemon_service_name

Service name for handling the Clamav service.

clamav_freshclam_service_name

Freshclam is required for automaticly update the database from Clamav.

dnsdist

Dnsdist is a loadbalancer with goal to route the traffic to the best server. This role install and configure Dnsdist

Role Variables

operator_user Default: dragon

The user which will own the configuration directory and handles with Docker.

operator_group Default: operator_user

Group from the user which will own the configuration directory and handles with Docker.

docker_network_mtu Default: 1500

Because of Docker don’t check the default MTU from the system it is nessecary to set the MTU for Docker.

docker_registry_dnsdist Default: quay.io

Path to the registry that stores the Docker container images for Dnsdist.

dnsdist_configuration_directory Default: /opt/dnsdist/configuration

Path to the directory which will contains the configuration files.

dnsdist_docker_compose_directory Default: /opt/dnsdist

Directory which contains the docker-compose-files for Dnsdist.

dnsdist_network Default: 172.31.101.80/28

The subnet for Dnsdist in the docker-compose file.

dnsdist_service_name Default: docker-compose@dnsdist

Name from the Dnsdist service to deal with it.

dnsdist_container_name Default: dnsdist

Name from the container in which Dnsdist will run.

dnsdist_host Default: 127.0.0.1

The host where Dnsdist will be reachable.

dnsdist_hosts Default: - "{{ dnsdist_host }}"

The hosts where Dnsdist will be reachable.

dnsdist_port Default: 1053

Port which Dnsdist will be used for connections from outside.

dnsdist_tag Default: 1.6.1

The version from Dnsdist in form of a tag which should be used.

dnsdist_image Default: {{ docker_registry_dnsdist }}/osism/dnsdist:{{ dnsdist_tag }}

The container image to use.

dnsdist_servers Default: - 208.67.222.222 - 208.67.220.220 - 208.67.222.220 - 208.67.220.222

List of DNS servers to loadbalance.

docker

Ansible role for installation and configuration of Docker and all required components.

Role Variables

apt_cache_valid_time Default: 3600

Update the apt cache if it is older than the cache_valid_time.

docker_debug Default: false

Configure if Docker will start in the debug mode.

docker_experimental Default: false

Disables Docker experimental features.

docker_live_restore Default: true

This enables that containers won’t be shut down if the Daemon is unreachable.

docker_user Default: operator_user | default('dragon')

The user which docker will use for actions and which ownes the configuration directory.

docker_group Default: operator_group | default('dragon')

Group from the user.

docker_allow_restart Default: true

Enables the restart of the Docker daemon after reconfiguration.

docker_enforce_restart Default: false

Disables the enforcing the restart if the docker_enforce_restart value isn’t true.

docker_ignore_restart_groupname Default: manager

Hosts that are protected from the restart. Can only be overwritten by docker_enforce_restart.

docker_ipv6 Default: false

Disables Dockers ipv6 capabilities.

docker_disable_default_network Default: false

Enables the default network from Docker.

docker_log_driver Default: json-file

Here you can configure the log output destination.

docker_log_level Default: info

Level of detail from the logs which you want to collect.

docker_log_opts Default: max-size: 10m max-file: 3

Options for the logging.

docker_hosts_defaults Default: "unix:///var/run/docker.sock"

Look at docker_hosts.

docker_hosts_extra Default: []

Look at docker_hosts.

docker_hosts Default: docker_hosts_defaults + docker_hosts_extra

A list of hosts on which the Docker Engine will be run.

docker_service_name Default: docker

Service name for Docker to deal with it.

containerd_service_name Default: containerd

For using Docker you will need the Containerd service too. This declares the services from the Containerd.

docker_package_name Default: docker-ce

Package for the installation of Docker.

docker_cli_package_name Default: {{ docker_package_name }}-cli

Package name of the docker-cli.

containerd_package_name Default: containerd.io

The name of the package for Containerd.

Note

By default this role uses the packages from Docker itself. Therefore the packages of Ubuntu must not be installed. To use the packages of Ubuntu the following parameters have to be adjusted. The repository of Docker should then also not be included docker_package_name: docker.io containerd_package_name: containerd docker_packages_fail: []

docker_packages_fail Default: - containerd - docker.io

Checks if the packages are installed or not. If them are installed, the installation run will fail.

docker_python3_package_name Default: python3-docker

Required package for Python3-docker.

docker_python_package_name Default: python-docker

Package name for python-docker.

docker_python_package_names

This is a compose from the two variables before.

docker_python_install_from_pip Default: ansible_distribution_release == 'xenial'

If Xenial is the version of the distribution, Docker will be installed with pip instead of apt.

docker_pip_package_name Default: docker

Package name of Docker for installation with pip.

docker_pip_extra_args

Here you can define extra arguments for pip.

docker_version Default: 5:20.10.16

This “5:” must be prepended starting with version 18.09. Check available version under Ubuntu with apt-cache madison docker-ce.

docker_registry Default: index.docker.io

Path to the registry that stores the Docker container images.

docker_registry_docker_openpolicyagent Default: docker_registry

The registry where to get the Openpolicyagent.

docker_insecure_registries Default: []

List of allowed insecure registries.

docker_registry_mirrors Default: []

The mirrors of registries which can be used.

docker_storage_driver Default: overlay2

Overlay2 is the default choice for Docker CE

docker_configure_storage_block_device Default: false

Disable the configuration of a storage block device with exclusive usage for Docker.

docker_storage_block_device Default: /dev/sdb

On which device Docker will create the storage block device.

docker_storage_filesystem Default: ext4

The filesystem for the storage block device.

docker_storage_force Default: false

Disables the enforcement of configuring a filesystem.

docker_configure_proxy Default: false

Disables the proxy configuration for Docker.

docker_proxy_http Default: http://proxy.tld:8080

Docker proxy address.

docker_proxy_https Default: docker_proxy_http

Look at docker_proxy_http.

docker_proxy_no_proxy_default Default: - localhost - 127.0.0.1

Have a look at docker_proxy_no_proxy.

docker_proxy_no_proxy_extra Default: []

Have a look at docker_proxy_no_proxy.

docker_proxy_no_proxy Default: docker_proxy_no_proxy_default + docker_proxy_no_proxy_extra

A list of IP addresses which aren’t transfered via the proxy.

docker_configure_repository Default: true

Configure the system for installing Docker. Install dependencies, add the repository key and the repository itselfs.

docker_debian_repository_arch Default: amd64

Architecture from the target system.

docker_debian_repository_key Default: https://download.docker.com/linux/ubuntu/gpg

The url from which you will get the package.

docker_debian_repository Default: "deb [ arch={{ docker_debian_repository_arch }} ] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"

Name of the Docker debian repository.

docker_default_runtime Default: runc

Container-execution-runtime which should be used.

docker_dragonfly Default: false

No peer to peer network for container distribution.

docker_policies Default: false

Disables enhanced policy mechanismens for Docker.

docker_openpolicyagent_tag Default: 0.8

Version of openpolicyagent.

docker_openpolicyagent_image Default: {{ docker_registry_docker_openpolicyagent }}/openpolicyagent/opa-docker-authz-v2: {{ docker_openpolicyagent_tag }}

Image-url of openpolicyagent.

docker_authorization_plugins_defaults Default: docker_openpolicyagent_image

Look at docker_authorization_plugins.

docker_authorization_plugins_extra Default: []

Look at docker_authorization_plugins.

docker_authorization_plugins Default: docker_authorization_plugins_defaults + docker_authorization_plugins_extra

Images of the openpolicyagent as well as additional plugins.

docker_policy_files_defaults Default: default.rego

Look at docker_policy_files.

docker_policy_files_extra Default: []

Look at docker_policy_files.

docker_policy_files Default: docker_policy_files_defaults + docker_policy_files_extra

Configuration files that contain fine grained policies to interact with Docker.

docker_policy_allowed_registries_defaults Default: - index.docker.io - quay.io

Have a look at docker_policy_allowed_registries.

docker_policy_allowed_registries_extra Default: []

Have a look at docker_policy_allowed_registries.

docker_policy_allowed_registries Default: docker_policy_allowed_registries_defaults + docker_policy_allowed_registries_extra + docker_insecure_registries

Configuration of registries.

docker_zun Default: false

Disables the installation for OpenStack Zun.

docker_zun_hosts Default: tcp://{{ api_interface_address | default('api' | osism.services.kolla_address) | osism.services.put_address_in_context('url') }}:2375

On which hosts Zun should be avaiable.

docker_zun_opts Default: cluster-store: etcd://{% for host in groups.get('etcd', []) %}{{ 'api' | osism.services.kolla_address(host) | osism.services.put_address_in_context('url') }}: {{ hostvars[host]['etcd_client_port'] }}{% if not loop.last %}, {% endif %}{% endfor %}

Options for Zun.

docker_zun_cni_version Default: 0.3.1

Container-network-interface version for Zun.

docker_cni_config_dir Default: /etc/cni/net.d

Location of the Container-network-interface configuration file.

docker_cni_bin_dir Default: /opt/cni/bin

Binary location of the CNI.

containerd_grpc_gid Default: 42463

The group id for Go-lang RPC(Remote Procedure Call).

docker_opts Default: {}

Extra options for Docker.

docker_fact_files Default: - docker_containers - docker_images

Fact files for Docker images and containers.

docker_manage_containerd Default: true

Manage the containerd service with this role. Alternatively, osism.service.containerd can be used for this.

docker_facts Default: true

Copy docker fact files.

fail2ban

Fail2ban is a tool to denylist IP addresses. This role will install Fail2ban

Role Variables

fail2ban_service_name Default: fail2ban

PAckage name for Fail2ban.

fail2ban_package_name Default: fail2ban

Service name of Fail2ban.

falco

This ansible role installs Falco.

Role Variables

falco_configuration_files Default: netdata.conf

Configuration file for falco.

falco_service_name Default: falco

Service name for Falco.

falco_package_name Default: falco

The name of the package for Falco.

falco_configure_repository Default: false

Configure the system for installing Falco. Install dependencies, add the repository key and the repository itselfs. As default it is disabled.

falco_debian_repository_arch Default: amd64

Architecture of the target system.

falco_debian_repository_key Default: https://falco.org/repo/falcosecurity-3672BA8F.asc

The url from which you will get the repository-key.

falco_debian_repository Default: deb [ arch={{ falco_debian_repository_arch }} ] https://dl.bintray.com/falcosecurity/deb stable main

Name from the required package for the Falco installation.

frr

Ansible role for installation and configuration of FRRouting.

Role Variables

frr_package_name Default: frr

The package name for FRRouting.

frr_service_name Default: frr

Service name for FRRouting.

frr_sysctl_defaults Default: - name: net.ipv4.ip_forward value: 1 - name: net.ipv4.conf.all.send_redirects value: 0 - name: net.ipv4.conf.all.accept_redirects value: 0 - name: net.ipv4.fib_multipath_hash_policy value: 1 - name: net.ipv4.conf.default.ignore_routes_with_linkdown value: 1 - name: net.ipv4.conf.all.rp_filter value: 2

Have a look at frr_sysctl.

frr_sysctl_extra Default: []

Have a look at frr_sysctl.

frr_sysctl Default: frr_sysctl_defaults + frr_sysctl_extra

A list with kernel parameters for FRRouting.

frr_dummy_interface

frr_interfaces

frr_local_as

frr_remote_as

hddtemp

With this role you can install and configure hddtmp/lm-sensors. This tool checks the temperature of a block device.

Role Variables

hddtemp_conf_file

Path to configuration file.

Hddtemp Variables

RUN_DAEMON Default: true

Hddtemp network daemon switch. If set to true, hddtemp will listen for incoming connections.

DISKS Default: /dev/hda

List of devices you want to use with hddtemp. If none specified, hddtemp will probe standard devices.

DISKS_NOPROBE Default: ""

List of devices you want to use with hddtemp, but that would not be probed for a working sensor.

INTERFACE Default: 127.0.0.1

IP address of the interface on which you want hddtemp to be bound on. If none specified, goes to 127.0.0.1. Use 0.0.0.0 to bind hddtemp on all interfaces.

PORT Default: 7634

Port number on which you want hddtemp to listen on. If none specified, the port 7634 is used.

DATABASE Default: /etc/hddtemp.db

Database file to use. If none specified, /etc/hddtemp.db is used.

SEPARATOR Default: |

Separator to use between fields. The default separator is ‘|’.

RUN_SYSLOG Default: 0

Logging period (in seconds) for the temperatures. If set to a value different than 0, hddtemp will run as a daemon periodically logging the temperatures through syslog.

OPTIONS

Other options to pass to hddtemp.

homer

This ansible role install and configure Homer. Homer is a dashboard for that collects various managing tools.

Role Variables

operator_user Default: dragon

The user which will own the configuration directory and handles with Docker.

operator_group Default: operator_user

Group from the user which will own the configuration directory and handles with Docker.

docker_network_mtu Default: 1500

Because of Docker don’t check the default MTU from the system it is nessecary to set the MTU for Docker.

docker_registry_homer Default: quay.io

Path to the registry that stores the Docker container images for Homer.

homer_configuration_directory Default: /opt/homer/configuration

In this directory the configuration files will be stored.

homer_docker_compose_directory Default: /opt/homer

Path to the directory where the docker-compose-files from Homer will be stored.

homer_host Default: 127.0.0.1

The host where Homer will be reachable.

homer_port Default: 8080

Port which Homer will be used for connections from outside.

homer_tag Default: 22.02.2

Version from Homer in form of a tag which should be used.

homer_image Default: {{ docker_registry_homer }}/osism/homer:{{ homer_tag }}

The container image to use.

homer_container_name Default: homer

Name of the container in which Homer will run.

homer_network Default: 172.31.100.208/28

The subnet for Homer in the docker-compose file.

homer_service_name Default: docker-compose@homer

Name from the Homer service to deal with it.

Urls for the services

The following Variables define the urls to the webservices that OSISM provides:

homer_url_ara Default: http://{{ ara_server_host|default(ansible_default_ipv4.address) }}:{{ ara_server_port|default(8120) }}

homer_url_ceph Default: http://{{ kolla_internal_vip_address }}:8140

homer_url_flower Default: http://{{ flower_host|default(ansible_default_ipv4.address) }}:{{ flower_port|default(5555) }}

homer_url_grafana Default: http://{{ kolla_internal_vip_address }}:3000

homer_url_horizon Default: http://{{ kolla_internal_vip_address }}

homer_url_keycloak Default: http://{{ keycloak_host|default(ansible_default_ipv4.address) }}:{{ keycloak_port|default(8170) }}

homer_url_kibana Default: http://{{ kolla_internal_vip_address }}:5601

homer_url_netbox Default: http://{{ netbox_host|default(ansible_default_ipv4.address) }}:{{ netbox_port|default(8121) }}

homer_url_netdata Default: http://{{ netdata_host|default(ansible_default_ipv4.address) }}:{{ netdata_port|default(19999) }}

homer_url_patchman Default: http://{{ patchman_host|default(ansible_default_ipv4.address) }}:{{ patchman_port|default(8150) }}

homer_url_phpmyadmin Default: http://{{ phpmyadmin_host|default(ansible_default_ipv4.address) }}:{{ phpmyadmin_port|default(8110) }}

homer_url_prometheus Default: http://{{ kolla_internal_vip_address }}:9090

homer_url_rabbitmq Default: http://{{ kolla_internal_vip_address }}:15672

homer_url_vault Default: http://{{ vault_host|default(ansible_default_ipv4.address) }}:{{ vault_port|default(8200) }}

Traefik Variables

homer_traefik Default: false

Set the configuration from Traefik to false. If true Traefik will be used.

traefik_external_network_name Default: traefik

Name of the Docker network for Traefik.

traefik_external_network_cidr Default: 172.31.254.0/24

The Traefik network segment for external traffic.

jenkins

With this ansible role you can install and configure Jenkins.

Role Variables

docker_network_mtu Default: 1500

Because of Docker don’t check the default MTU from the system it is nessecary to set the MTU for Docker.

docker_registry_jenkins Default: quay.io

Path to the registry that stores the Docker container images for Jenkins.

operator_user Default: dragon

The user which will own the configuration directory and handles with Docker.

operator_group Default: operator_user

Group from the user which will own the configuration directory and handles with Docker.

jenkins_configuration_directory Default: /opt/jenkins/configuration

In this directory the configuration files will be stored.

jenkins_docker_compose_directory Default: /opt/jenkins

Path to the directory where the docker-compose-files from Jenkins will be stored.

jenkins_tag Default: 2

Version from Jenkins in form of a tag which should be used.

jenkins_image Default: {{ docker_registry_jenkins }}/osism/jenkins:{{ jenkins_tag }}

The container image to use.

jenkins_host Default: 127.0.0.1

The host where Jenkins will be reachable.

jenkins_port Default: 4441

Port which Jenkins will be used for connections from outside.

jenkins_network Default: 172.31.100.224/28

The subnet for Jenkins in the docker-compose file.

jenkins_password Default: password

Default password for the first login.

jenkins_username Default: jenkins

Username for the first login.

jenkins_disable_jenkins_initialization Default: no

The value should be a string. Possible values are no or yes. Disables the default configuration options. For more information have a look here: https://github.com/bitnami/bitnami-docker-jenkins

jenkins_java_opts Default: ""

Here you can define java options.

jenkins_service_name Default: docker-compose@jenkins

Name from the Jenkins service to deal with it.

journald

This role configures options for journald.

Role Variables

journald_SystemMaxUse Default: 2000M

Control how many disk space journald can use.

journald_SystemKeepFree Default: 1000M

Configure how many disk space journald have to leave free.

journald_SystemMaxFileSize Default: 100M

This defines how large individual journald files may become.

journald_RuntimeMaxUse Default: 2000M

Control how many disk space journal can use.

journald_RuntimeKeepFree Default: 1000M

Configure how many disk space journald have to leave free.

journald_RuntimeMaxFileSize Default: 100M

This defines how large individual journald files may become.

journald_service_name Default: systemd-journald

Name from the journald service to deal with it.

keycloak

Ansible role for installation and configuration keycloak and all its components. Keycloak is an Identity and Access Management (IAM) tool.

Operator Variables

operator_user Default: dragon

The user which will own the configuration directory and handles with Docker.

operator_group Default: operator_user

Group from the user which will own the configuration directory and handles with Docker.

Docker Variables

docker_network_mtu Default: 1500

Because of Docker dose not check the default MTU from the system it is nessecary to set the MTU for Docker.

docker_registry_keycloak Default: quay.io

Path to the registry that stores the Docker container images for Keycloak.

docker_registry_postgres Default: index.docker.io

The registry for the Postgres Docker container.

Keycloak Variables

keycloak_configuration_directory Default: /opt/keycloak/configuration

In this directory the configuration files for Keycloak will be stored.

keycloak_secrets_directory Default: /opt/keycloak/secrets

This directory will store the secrets file.

keycloak_docker_compose_directory Default: /opt/keycloak

Path to the directory where the docker-compose-files from Keycloak will be stored.

keycloak_network Default: 172.31.100.144/28

The subnet for Keycloak in the docker-compose file.

keycloak_container_name Default: keycloak

Name of the container in which Keycloak will run.

keycloak_service_name Default: docker-compose@keycloak

Name from the Keycloak service to deal with it.

keycloak_host Default: 127.0.0.1

The host where Keycloak will be reachable.

keycloak_port Default: 8170

Port which Keycloak will use for connections from outside.

keycloak_tag Default: legacy

Version from Keycloak in form of a tag which should be used.

keycloak_image Default: {{ docker_registry_keycloak }}/keycloak/keycloak:{{ keycloak_tag }}

The container image to use.

keycloak_username Default: admin

Default login user name for the first login. You should change it for more security.

keycloak_password Default: password

Password for the first login. For more security you should change it after the first login.

Postgres Variables

postgres_tag Default: 14-alpine

Version from Postgres in form of a tag which should be used.

postgres_image Default: {{ docker_registry_postgres }}/library/postgres:{{ postgres_tag }}

The container image to use.

keycloak_postgres_password Default: password

Password for the first login. For more security you should change it after the first login.

keycloak_postgres_username Default: keycloak

Default login user name for the first login. You should change it for more security.

keycloak_postgres_databasename Default: keycloak

The name for the Postgres database from Keycloak.

MariaDB Variables

keycloak_galera_backend_enable Default: false

Disable the Galera database. Galera provides high availability for mariadb or mysql databases.

keycloak_use_preconfigured_databases Default: false

The database provided with Keycloak will be disabled.

Traefik Variables

keycloak_traefik Default: false

Set the configuration from Traefik to false. If true Traefik will be used.

traefik_external_network_name Default: traefik

Name of the Docker network for Traefik.

traefik_external_network_cidr Default: 172.31.254.0/24

The Traefik network segment for external traffic.

lldpd

Ansible role for the Lldpd insatllation. Lldpd is a daemon able to receive and send LLDP frames.

Role Variables

lldpd_package_name Default: lldpd

The name of the package for Lldpd.

lldpd_service_name Default: lldpd

Name from the Lldpd service to deal with it.

manager

This ansible role install and configure the OSISM Manager Server and all its required comopnents.

Docker Variables

docker_registry Default: index.docker.io

The Docker registry which stores container files which are needed for the manager.

docker_registry_ansible Default: quay.io

Container registry which stores container files which are needed for the manager.

docker_registry_service Default: docker_registry

Look at docker_registry.

The following Variables declares for which service, which registry is to use:

docker_registry_ara_server Default: docker_registry_ansible

docker_registry_inventory_reconciler Default: docker_registry_ansible

docker_registry_mariadb Default: docker_registry_service

docker_registry_osism Default: docker_registry_ansible

docker_registry_osism_netbox Default: docker_registry_ansible

docker_registry_receptor Default: docker_registry_ansible

docker_registry_redis Default: docker_registry_service

docker_registry_vault Default: docker_registry_service

docker_network_mtu Default: 1500

Set this to the MTU for your outside connection.

Generic Variables

manager_network Default: 172.31.101.0/27

The subnet for the Manager in the docker-compose file.

manager_service_name Default: docker-compose@manager

Name from the Manager service to deal with it.

Directories Variables

ansible_directory Default: /opt/ansible

Directory for the ansible configuration file.

archive_directory Default: /opt/archive

# Fix me

cache_directory Default: /opt/ansible/cache

Path to the cache which ansible should use.

configuration_directory Default: /opt/configuration

Directory where the configuration files for Osism are stored.

logs_directory Default: /opt/ansible/logs

Location of the logfiles from the installation.

secrets_directory Default: /opt/ansible/secrets

Directory which contains the secret files.

state_directory Default: /opt/state

In this directory the state files will be stored.

manager_docker_compose_directory Default: /opt/manager

Path to the directory where the docker-compose-files from the Manager will be stored.

manager_configuration_directory Default: /opt/manager/configuration

This directory will contain the configuration files for the Manager.

Operator user Variables

operator_user Default: dragon

The user which will own the configuration directory and handles with Docker.

operator_group Default: operator_user

Group from the user which will own the configuration directory and handles with Docker.

Private keys

deploy_private_key

-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

operator_private_key

-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

private_keys

These are the private keys in for deploy and operator.

Packages

required_packages_manager Default: python3-virtualenv

Required packages for the Manager installation.

Netbox Integration Variables

enable_netbox Default: netbox_enable

Look at netbox_enable.

netbox_enable Default: false

Disables Netbox integration for deployment.

netbox_api_url Default: ""

Url to reach the Netbox API.

netbox_api_token Default: ""

Access token for Netbox API.

Inventory-reconciler Variables

inventory_reconciler_tag Default: latest

Version from the Inventory-reconciler in form of a tag which should be used.

inventory_reconciler_image Default: {{ docker_registry_inventory_reconciler }} /osism/inventory-reconciler:{{ inventory_reconciler_tag }}

The container image to use.

Ansible services Variables

Note: The osism-ansible service is always enabled and cannot be disabled.

ansible_services_defaults

- name: ceph-ansible
  container_name: "{{ ceph_ansible_container_name }}"
  tag: "{{ ceph_ansible_tag }}"
  image: "{{ ceph_ansible_image }}"
  enable: "{{ enable_ceph_ansible }}"
- name: kolla-ansible
  container_name: "{{ kolla_ansible_container_name }}"
  tag: "{{ kolla_ansible_tag }}"
  image: "{{ kolla_ansible_image }}"
  enable: "{{ enable_kolla_ansible }}"

Required services for Osism.

ansible_services_extra Default: []

Here you can define extra services besides ceph-ansible and kolla-ansible.

ansible_services Default: ansible_services_defaults + ansible_services_extra

A compose of ansible_services_defaults and ansible_services_extra.

Osism-ansible Variables

osism_ansible_container_name Default: osism-ansible

Name of the container in which Osism-ansible will run.

osism_ansible_tag Default: latest

Version from Osism-ansible in form of a tag which should be used.

osism_ansible_image Default: {{ docker_registry_ansible }}/osism/osism-ansible:{{ osism_ansible_tag }}

The container image to use.

Ceph-ansible Variables

enable_ceph_ansible Default: ceph_ansible_enable

Have a look at ceph_ansible_enable.

ceph_ansible_enable Default: true

Enables Ceph-ansible integration for deployment.

ceph_ansible_container_name Default: ceph-ansible

Name of the container in which Ceph-ansible will run.

ceph_ansible_tag Default: pacific

Version in form of a tag which should be used.

ceph_ansible_image Default: {{ docker_registry_ansible }}/osism/ceph-ansible:{{ ceph_ansible_tag }}

The container image to use.

Kolla-ansible Variables

enable_kolla_ansible Default: kolla_ansible_enable

Look at kolla_ansible_enable.

kolla_ansible_enable Default: true

Enables Kolla-ansible integration for deployment.

kolla_ansible_container_name Default: kolla-ansible

Name of the container in which Kolla-ansible will run.

kolla_ansible_tag Default: xena

Version in form of a tag which should be used.

kolla_ansible_image Default: {{ docker_registry_ansible }}/osism/kolla-ansible:{{ kolla_ansible_tag }}

The container image to use.

Redis Variables

manager_redis_tag Default: 7.0.0-alpine

Version in form of a tag which should be used.

manager_redis_image Default: {{ docker_registry_redis }}/library/redis:{{ manager_redis_tag }}

The container image to use.

Ara Variables

enable_ara Default: ara_enable

Look at ara_enable.

ara_enable Default: true

Enables Ara integration for deployment.

ara_username Default: ara

Defines the ara user.

ara_password Default: password

The password for ara.

ara_server_traefik Default: false

Set the configuration from Traefik to false. If true Traefik will be used.

ara_server_host Default: ansible_default_ipv4.address

Hostname for the Ara server.

ara_server_port Default: 8120

Port for the Ara server.

ara_workers Default: 5

Amount of workers Ara should spawn.

ara_worker_class Default: sync

The Type of worker which Ara spawns.

ara_server_tag Default: 1.5.8

Version which should be used.

ara_server_image Default: {{ docker_registry_ara_server }}/osism/ara-server:{{ ara_server_tag }}

The container image to use.

ara_server_database_type Default: mysql

Select the database backend for Ara.

ara_server_mariadb_host Default: ansible_default_ipv4.address

Address of the MariaDB database for Ara.

ara_server_mariadb_port Default: 3306

Port from the MariaDB database.

ara_server_mariadb_username Default: ara

Database username for Aras MariaDB.

ara_server_mariadb_password Default: password

Password for the database.

ara_server_mariadb_databasename Default: ara_server_mariadb_username

Name for the database Ara should use.

ara_server_mariadb_tag Default: 10.8.3

The Version which should be used.

ara_server_mariadb_image Default: {{ docker_registry_mariadb }}/library/mariadb:{{ ara_server_mariadb_tag }}

The container image to use.

Celery Variables

enable_celery Default: celery_enable

Have a look at celery_enable.

celery_enable Default: true

Disables Celery integration for deployment.

osism_tag Default: latest

The Version which should used.

osism_image Default: {{ docker_registry_osism }}/osism/osism:{{ osism_tag }}

The container image which should used.

osism_netbox_tag Default: latest

Version which should be used.

osism_netbox_image Default: {{ docker_registry_osism_netbox }}/osism/osism-netbox:{{ osism_netbox_tag }}

The container image which should used.

flower_host Default: ansible_default_ipv4.address

Address of the Flower server for Celery queue.

flower_port Default: 5555

Port which Flower will use for connections from outside.

flower_traefik Default: false

Set the configuration from Traefik to false. If true Traefik will be used.

osism_api_host Default: ansible_default_ipv4.address

Address of the Osism API.

osism_api_port Default: 8000

Port for the Osism API.

Vault Variables

vault_container_name Default: vault

Name of the container in which Vault will run.

enable_vault Default: false

Enables Vault integration for deployment.

vault_host Default: ansible_default_ipv4.address

Address of the HashiCorp Vault server.

vault_port Default: 8200

Port which Vault will use for connections from outside.

vault_tag Default: 1.10.3

The Version which should used.

vault_image Default: {{ docker_registry_vault }}/hashicorp/vault:{{ vault_tag }}

The container image to use.

vault_output_key_shares Default: false

Disables the output of the Vault unlock keys.

vault_write_key_shares Default: false

Disables the writing Vault unlock keys to a file.

vault_key_shares_path Default: {{ manager_secrets_directory }}/vault_key_shares.yml

Location of the file which contains the Vault unlock keys.

Wrapper Variables

manager_wrapper_scripts Default: - osism - osism-ansible - osism-ceph - osism-custom - osism-generic - osism-infrastructure - osism-kolla - osism-manager - osism-mirror - osism-monitoring - osism-openstack - osism-run - osism-run-without-secrets - osism-state - osism-update-manager - osism-validate

List of template files that generate wrapper scripts. These scripts perform docker-exec commands in the respektive containers.

Enviroment Variables

manager_environment_extra Default: {}

Enviroments variables that will be added at the ansible container start.

Listener Variables

enable_listener Default: true

Enable listener service.

manager_listener_broker_uri Default: amqp://openstack:password@127.0.0.1:5672/

Url to task queue broker.

OpenStack Variables

manager_openstack_os_project_domain_name Default: Default

manager_openstack_os_user_domain_name Default: Default

manager_openstack_os_project_name Default: admin

manager_openstack_os_username Default: admin

manager_openstack_os_password Default: password

manager_openstack_os_auth_url Default: http://localhost:5000/v3

Enviroment variables for the Osism container. These are the credentials to access the OpenStack installation.

Traefik Variables

traefik_external_network_name Default: traefik

Name of the Manager network for Traefik.

traefik_external_network_cidr Default: 172.31.254.0/24

The Traefik network segment for external traffic.

Replicas

manager_netbox_replicas Default: 1

Define how many replicas from Netbox will be installed.

Service integrations

manager_enable_bifrost Default: false

Enable bifrost integration.

manager_enable_ironic Default: true

Enable ironic integration.

Other services

beat_enable Default: true

Enable beat service.

flower_enable Default: false

Enable flower service.

minikube

This ansible role installs Minikube. Minikube is a tool to let a single node Kubernetes cluster run on your system.

Role Variables

minikube_service_user Default: {{ operator_user | default('dragon') }}

User for the Minicube service.

minikube_service_group Default: {{ operator_group | default('dragon') }}

Group for the user of the Minicube service.

minikube_driver Default: docker

Run driver for Minikube installation.

minikube_service_name Default: minikube

Name from the Minicube service to deal with it.

minikube_version Default: 1.18.1

Version from Minicube which should be used.

minikube_package_url Default: https://github.com/kubernetes/minikube/releases/download/ v{{ minikube_version }}/minikube_{{ minikube_version }}-0_amd64.deb

The url from which you will get the package for Minicube.

netbox

Ansible role for installation and configuration Netbox and all its components. Netbox is an infrastructure resource modeling (IRM) tool to empower network automation.

Operator Variables

operator_user Default: dragon

The user which will own the configuration directory.

operator_group Default: operator_user

Group from the user which will own the configuration directory.

Docker Variables

docker_network_mtu Default: 1500

Set this to the MTU for your outside connection.

docker_registry_netbox Default: quay.io

Name of the registry for the Netbox container image.

docker_registry_postgres Default: index.docker.io

Name of the registry for the Postgres container image.

docker_registry_redis Default: index.docker.io

Name of the registry for the Redis container image.

Variables for Netbox

netbox_configuration_directory Default: /opt/netbox/configuration

The directory where the configuration for the Netbox will be stored.

netbox_secrets_directory Default: /opt/netbox/secrets

Directory which contains the secret files.

netbox_docker_compose_directory Default: /opt/netbox

Path to the directory where the docker-compose-files from Netbox will be stored.

netbox_network Default: 172.31.100.176/28

The network to use for the Netbox container.

netbox_service_name Default: docker-compose@netbox

Name of the docker-compose service for Netbox.

netbox_host Default: 127.0.0.1

Hostname for the Netbox server.

netbox_port Default: 8121

Port for the Netbox server.

netbox_osism_api_host Default: netbox_host

Sets the Osism API host.

netbox_osism_api_port Default: 8000

Sets th eOsism API port.

netbox_userid Default: 101

Defines the userid for container user inside the netbox container.

netbox_tag Default: v3.2.3-ldap

Version of Netbox which should be used.

netbox_image Default: {{ docker_registry_netbox }}/osism/netbox:{{ netbox_tag }}

The container image to use.

netbox_secret_key Default: 00000000-0000-0000-0000-000000000000

The secret key for Netbox.

netbox_superuser_name Default: admin

The name for the superuser.

netbox_superuser_email Default: netbox@osism.local

Email Address for the superuser.

netbox_superuser_password Default: password

Password for the superuser.

netbox_superuser_api_token Default: 0000000000000000000000000000000000000000

Api Token for the superuser.

netbox_user_name Default: dragon

User for Netbox.

netbox_user_api_token Default: 1111111111111111111111111111111111111111

Api token for the Netbox user.

netbox_ldap_enable Default: false

LDAP should not be used for user authentication against netbox.

netbox_ldap_server_uri Default: ldap://localhost:389

Address of the LDAP server.

netbox_ldap_bind_dn Default: ""

Username used for connecting to the LDAP server.

netbox_ldap_bind_password Default: ""

Password used for connecting to the LDAP server.

netbox_ldap_user_dn_template

If required define the LDAP user template here.

netbox_ldap_user_search_attr Default: sAMAccountName

Defines which attribute of a user DN is the naming attribute.

netbox_ldap_user_search_basedn Default: ""

Defines the users base DN string.

netbox_ldap_group_search_class Default: group

Defines the search class for a group (can be user or group)

netbox_ldap_group_search_basedn Default: ""

Defines the group base DN string.

netbox_ldap_group_type Default: NestedGroupOfNamesType

Sets the type of the LDAP group.

netbox_ldap_require_group_dn

When a group DN string is required, set this

netbox_ldap_is_admin_dn

If a DN is required to login as an admin. You need to define the DN here if required.

netbox_ldap_is_superuser_dn

If a DN is required to get superuser rights. You need to define the DN here if required.

netbox_ldap_start_tls Default: false

Configures if START TLS should be used.

netbox_ldap_ignore_cert_errors Default: false

Wheater certificate issues should be ignored or not.

netbox_ldap_mirror_groups Default: false

Configures if groups from ldap should be mirrored to netbox.

netbox_ldap_find_group_perms Default: true

If true, configures the rights from LDAP automatically to matching group names in netbox.

netbox_ldap_cache_timeout Default: 3600

Cache time span before an information becomes invalid if there is no connection to the server.

netbox_metrics Default: True

Configures, if netbox should offer a metrics endpoint which can be monitored.

netbox_initializers Default: - custom_fields - device_roles - device_types - groups - manufacturers - object_permissions - prefix_vlan_roles - sites - tags - users - webhooks

List of files which contain preconfigured settings for netbox data. (Like device types, custom fields, etc.)

netbox_extra Default: {}

Additional environment variables for the netbox container.

netbox_plugins_defaults Default: - netbox_initializers - netbox_plugin_osism

Plugins for Netbox which should be installed at default.

netbox_plugins_extra Default: []

Here you can define extra plugins.

netbox_plugins Default: netbox_plugins_defaults + netbox_plugins_extra

Compose of netbox_plugins_defaults + netbox_plugins_extra.

netbox_plugins_config_osism

grafana: "http://{{ kolla_internal_vip_address|default('127.0.0.1') }}:3000"
netdata: "http://{{ netdata_api_host|default('127.0.0.1') }}:19999"

OSISM specific configuration for plugins of netbox. Contains mostly urls to other connected services.

netbox_plugins_config Default: netbox_plugin_osism: {{ netbox_plugins_config_osism }}

Configuration for all Plugins of netbox.

Postgres Variables

postgres_tag Default: 14.3-alpine

Version of Postgres which should be used.

postgres_image Default: {{ docker_registry_postgres }}/library/postgres:{{ postgres_tag }}

The container image to use.

netbox_postgres_password Default: password

Password for the Netbox-Postgres database.

netbox_postgres_username Default: netbox

Username for the Netbox-Postgres database.

netbox_postgres_databasename Default: netbox

Name for the Netbox-Postgres database.

Redis Variables

netbox_redis_tag Default: 7.0.0-alpine

Version for Redis which should be used.

netbox_redis_image Default: {{ docker_registry_redis }}/library/redis:{{ netbox_redis_tag }}

The container image to use.

Traefik Variables

netbox_traefik Default: false

Set the configuration from Traefik to false. If true Traefik will be used.

traefik_external_network_name Default: traefik

Name of Netbox network for Traefik.

traefik_external_network_cidr Default: 172.31.254.0/24

The Traefik network segment for external traffic.

Initializers Variables

netbox_init_object_permissions

read_write_all:
  enabled: true
  description: 'Read/Write all objects'
  object_types: all
  actions:
    - add
    - change
    - delete
    - view
  groups:
    - netbox-writers
read_all:
  enabled: true
  description: 'Read all objects'
  object_types: all
  actions:
    - view
  groups:
    - netbox-readers

Part of the initial data to configure netbox. contains permission settings for read_write_all and read_write permission.

netbox_init_groups

netbox-writers:
  users:
    - "{{ netbox_user_name }}"
netbox-readers:
  users: []

Sets permissions trough netbox groups by adding users to the respective groups.

netbox_init_users_template Default: {'{{ netbox_user_name }}': {'api_token': '{{ netbox_user_api_token }}'}}

String in a specific format that adds users to netbox with name and api token.

netbox_init_users Default: netbox_init_users_template

Have a look at netbox_init_users_template.

netdata

This ansible role install and configure Netdata. Netdata is a tool for collecting system metrics and transform these in visualize these metrics in real-time.

Role Variables

netdata_configuration_files Default: - netdata.conf - stream.conf

Files for the Netdata configuration.

netdata_service_name Default: netdata

Service name for Netdata to deal with it.

netdata_package_name Default: netdata

Package for the installation of Netdata.

netdata_configure_repository Default: false

Configure the system for installing Netdata.

netdata_debian_repository_arch Default: amd64

Architecture from the target system.

netdata_debian_repository_key Default: https://packagecloud.io/netdata/netdata-edge/gpgkey

netdata_debian_repository Default: deb [ arch={{ netdata_debian_repository_arch }} ] https://packagecloud.io/netdata/netdata-edge/ubuntu/ {{ ansible_distribution_release }} main

The url from which you will get the package.

netdata_host_type Default: client

The type of the host. Possible values: [client, server]

netdata_api_host Default: 127.0.0.1

IP address of the Netdata API.

netdata_api_port Default: 19999

Port for the Netdata API.

netdata_hostname Default: inventory_hostname_short

The short hostname provided from the ansible inventory.

netdata_update_every Default: 5

Interval in seconds how often netdata should update the data

netdata_page_cache_size Default: 128

Memory for metrics storage, in MiB

netdata_accept_a_streaming_request_every_seconds Default: 1

Limit on how often a parent node will accept streaming requests from its child nodes

netdata_default_history Default: 3600

Default history size of past values

netdata_enable_cloud Default: false

Connect netdata daemons to the netdata cloud.

netdata_memory_mode Default: map

Mode in which the metrics are stored. Possible values: dbengine, ram, save, map, none, alloc

netdata_sys_vm_max_map_count Default: 262120

NOTE: The more nodes streaming to the server the higher this value must be set.

nexus

This role is based on the following two roles:

Docker Variables

docker_network_mtu Default: 1500

Set this to the MTU for your outside connection.

docker_registry Default: index.docker.io

Look at docker_registry_nexus.

docker_registry_nexus Default: docker_registry

The registry for the Nexus Docker container.

Operator Variables

operator_user Default: dragon

The user which will own the configuration directory.

operator_group Default: operator_user

Group from the user which will own the configuration directory.

Nexus Variables

nexus_docker_compose_directory Default: /opt/nexus

Path to the directory where the docker-compose-files from Nexus will be stored.

nexus_configuration_directory Default: /opt/nexus/configuration

In this directory the configuration files for Nexus will be stored.

nexus_host Default: 127.0.0.1

The host where Nexus will be reachable.

nexus_port Default: 8190

Port which Nexus will use for connections from outside.

nexus_tag Default: 3.39.0

Version from Nexus which should be used.

nexus_image Default: {{ docker_registry_nexus }}/osism/nexus:{{ nexus_tag }}

The container image to use.

nexus_network Default: 172.31.101.32/28

The subnet for Nexus in the docker-compose file.

nexus_container_name Default: nexus

Name of the container in which Nexus will run.

nexus_service_name Default: docker-compose@nexus

Name from the Nexus service to deal with it.

nexus_provision_scripts Default: - anonymous.json - cleanup.json - docker-hub.json - docker-quay.json - ubuntu-archive.json - ubuntu-docker.json

# FIX ME

nexus_provision_groovy_scripts Default: - create_repos_from_list - setup_http_proxy - setup_realms - update_admin_password

# FIX ME

nexus_admin_username Default: admin

Username for the Nexus admin.

nexus_admin_password Default: password

Password for the Nexus admin.

nexus_with_http_proxy Default: false

Configure Nexus to use HTTP Proxy or not.

nexus_http_proxy_host Default: proxy.example.com

Proxy HTTP host for Nexus.

nexus_http_proxy_port Default: 8080

Port which should be used for the HTTP proxy.

nexus_http_proxy_username Default: ""

Username for HTTP proxy.

nexus_http_proxy_password Default: ""

Password for HTTP proxy.

nexus_with_https_proxy Default: false

Configure Nexus to use HTTPS Proxy or not.

nexus_https_proxy_host Default: proxy.example.com

Proxy HTTPS host for Nexus.

nexus_https_proxy_port Default: 8080

Port which should be used for the HTTPS proxy.

nexus_https_proxy_username Default: ""

Username for HTTPS proxy.

nexus_https_proxy_password Default: ""

Password for HTTPS proxy.

nexus_proxy_exclude_hosts Default: - "localhost" - "127.*" - "[::1]"

If proxy is enabled these hosts should bypass the proxy.

nexus_docker_bearer_token_realm Default: true

Bearer token for Docker realm.

nexus_repos_apt_defaults

blob_store: default
strict_content_validation: true
layout_policy: strict  # strict or permissive
write_policy: allow_once  # one of "allow", "allow_once" or "deny"
maximum_component_age: 1440  # Nexus gui default. For proxies only
maximum_metadata_age: 1440  # Nexus gui default. For proxies only
negative_cache_enabled: true  # Nexus gui default. For proxies only
negative_cache_ttl: 1440  # Nexus gui default. For proxies only
flat: false  # Nexus gui default. For proxies only

Defines how Nexus should deal with apt repositories.

nexus_repos_docker_defaults

blob_store: default
force_basic_auth: true
strict_content_validation: true
version_policy: release  # release, snapshot or mixed
layout_policy: strict  # strict or permissive
write_policy: allow_once  # one of "allow", "allow_once" or "deny"
maximum_component_age: 1440  # Nexus gui default. For proxies only
maximum_metadata_age: 1440  # Nexus gui default. For proxies only
negative_cache_enabled: true  # Nexus gui default. For proxies only
negative_cache_ttl: 1440  # Nexus gui default. For proxies only
# More about Foreign Layers https://help.sonatype.com/repomanager3/formats/docker-registry/foreign-layers
cache_foreign_layers: false  # Nexus gui default. For proxies only
foreign_layer_url_whitelist: []  # Nexus gui default. For proxies only

Defines how Nexus should deal with Docker repositories.

nexus_repos_docker_proxy

- name: docker-quay
  http_port: 8192
  v1_enabled: false
  index_type: "HUB"
  remote_url: "https://quay.io"
  use_nexus_certificates_to_access_index: false
  force_basic_auth: false
  cache_foreign_layers: true
- name: docker-hub
  http_port: 8191
  v1_enabled: false
  index_type: "HUB"
  remote_url: "https://registry-1.docker.io"
  use_nexus_certificates_to_access_index: false
  force_basic_auth: false
  cache_foreign_layers: true

Configuration for the used Docker registries.

nexus_repos_apt_proxy

- name: ubuntu-docker
  remote_url: https://download.docker.com/linux/ubuntu/
  distribution: focal
  flat: true
- name: ubuntu-archive
  remote_url: http://archive.ubuntu.com/ubuntu/
  distribution: focal
  flat: true

Apt repositories that should be added to Nexus proxy.

Traefik Variables

nexus_traefik Default: false

Set the configuration from Traefik to false. If true Traefik will be used.

traefik_external_network_name Default: traefik

Name of the Nexus network for Traefik.

traefik_external_network_cidr Default: 172.31.254.0/24

The Traefik network segment for external traffic.

traefik_host Default: 127.0.0.1

Host Address where the Traefik proxy is located.

traefik_port_http Default: 80

Port which traefik will use for HTTP connections.

traefik_port_https Default: 443

This Port will used for HTTPS connections.

openldap

This ansible role install and configure Openldap and its components. Openldap is a tool that allows you to build and manage a LDAP directory.

Operator Variables

operator_user Default: dragon

The user which will own the configuration directory.

operator_group Default: operator_user

Group from the user which will own the configuration directory.

Docker Variables

docker_network_mtu Default: 1500

Set this to the MTU for your outside connection.

docker_registry_openldap Default: quay.io

The registry for the Openldap Docker container.

docker_registry_umc Default: quay.io

Registry for the UMC Docker container.

Openldap Variables

openldap_configuration_directory Default: /opt/openldap/configuration

In this directory the configuration files for Openldap will be stored.

openldap_secrets_directory Default: /opt/openldap/secrets

This directory will store the secrets file.

openldap_docker_compose_directory Default: /opt/openldap

Path to the directory where the docker-compose-files from Openldap will be stored.

openldap_network Default: 172.31.100.240/28

The network to use for the Openldap container.

openldap_container_name Default: openldap

Name of the container in which Openldap will run.

openldap_service_name Default: docker-compose@openldap

Name from the Openldap service to deal with it.

openldap_host Default: 127.0.0.1

The host where Openldap will be reachable.

openldap_ldap_port Default: 389

Port which Openldap will use for connections from outside.

openldap_ldaps_port Default: 636

Secure port which Openldap will use for connections.

openldap_tag Default: build-25862

Version of Openldap which should be used.

openldap_image Default: {{ docker_registry_openldap }}/univention/upx-ldap-server:{{ openldap_tag }}

The container image to use.

openldap_domain_name Default: osism.local

Configures the Ldap domain.

openldap_base_dn Default: dc=osism,dc=local

Defines the base dn string.

openldap_password Default: password

Password for Openldap.

openldap_cacert_pem

# FIX ME

openldap_cert_pem

# FIX ME

openldap_private_key

# FIX ME

openldap_dh_parameters

# FIX ME

UDM Variables

udm_rest_host Default: 127.0.0.1

The host where UDM will be reachable.

udm_rest_port Default: 9979

Port which UDM will use for connections.

udm_rest_container_name Default: udm-rest

Name of the container in which UDM will run.

udm_rest_tag Default: build-24328

Version from UDM which should used.

udm_rest_image Default: {{ docker_registry_udm_rest }}/univention/upx-udm-rest:{{ udm_rest_tag }}

The container image to use.

UMC Variables

umc_web_host Default: 127.0.0.1

# FIX ME

umc_web_port Default: 8090

Port which UMC-web will use for connections.

umc_web_container_name Default: umc-web

Name of the container in which UMC-web will run.

umc_web_tag Default: build-24437

Version which should used.

umc_web_image Default: {{ docker_registry_umc }}/univention/upx-umc-web:{{ umc_web_tag }}

The container image to use.

umc_gateway_host Default: 127.0.0.1

# FIX ME

umc_gateway_http_port Default: 8191

HTTP port for UMC.

umc_gateway_https_port Default: 8192

HTTPS port for UMC.

umc_gateway_container_name Default: umc-gateway

Name of the container in which UMC-gateway will run.

umc_gateway_tag Default: build-24437

Version which should used.

umc_gateway_image Default: {{ docker_registry_umc }}/univention/upx-umc-gateway:{{ umc_gateway_tag }}

The container image to use.

umc_server_host Default: 127.0.0.1

The host where UMC will be reachable.

umc_server_port Default: 6670

Port which UMC will use for connections.

umc_server_container_name Default: umc-server

Name of the container in which UMC will run.

umc_server_tag Default: build-24437

Version of UMC which should used.

umc_server_image Default: {{ docker_registry_umc }}/univention/upx-umc-server:{{ umc_server_tag }}

The container image to use.

openstack_health_monitor

This ansible role install and configure the Openstack-health-monitor. Openstack-health-monitor is an external programm that monitors Openstack API endpoints.

Docker Variables

docker_network_mtu Default: 1500

Set this to the MTU for your outside connection.

docker_registry_openstack_health_monitor Default: quay.io

The registry for the Openstack-health-monitor Docker container.

Operator Variables

operator_user Default: dragon

The user which will own the configuration directory.

operator_group Default: operator_user

Group from the user which will own the configuration directory.

Common Variables

openstack_health_monitor_install_type Default: container

Which type for instalation you prefer to use. The values that can be used are package or container.

openstack_health_monitor_clouds_yml_path Default: /opt/configuration/environments/openstack/clouds.yml

Path to the clouds.yml.

openstack_health_monitor_secure_yml_path Default: /opt/configuration/environments/openstack/secure.yml

Credentials for the clouds.yml configured in the secure.yml.

Configuration Variables

These are variables for the openstack-health-monitor:

openstack_health_monitor_ADDJHVOLSIZE Default: 0

openstack_health_monitor_ADDVMVOLSIZE Default: 0

openstack_health_monitor_AZS Default: nova

openstack_health_monitor_DATADIR Default: /data

openstack_health_monitor_FLAVOR Default: 1C-1GB-5GB

openstack_health_monitor_IMG Default: Ubuntu 20.04

openstack_health_monitor_JHFLAVOR Default: 1C-1GB-5GB

openstack_health_monitor_JHIMG Default: Ubuntu 20.04

openstack_health_monitor_OS_CLOUD Default: openstack_health_monitor

openstack_health_monitor_arguments Default: -O -C -D -N 1 -i 1 -n 2

Cronjob Variables

openstack_health_monitor_cronjob Default: false

Enable cronjob for healthcheck.

openstack_health_monitor_cronjob_minute Default: */10

Interval in minutes for healthcheck in the cronformat.

openstack_health_monitor_cronjob_hour Default: *

Interval in hours for healthcheck in the cronformat.

Container Variables

openstack_health_monitor_configuration_directory Default: /opt/openstack_health_monitor/configuration

In this directory the configuration files for Openstack-health-monitor will be stored.

openstack_health_monitor_docker_compose_directory Default: /opt/openstack_health_monitor

Path to the directory where the docker-compose-files from Openstack-health-monitor will be stored.

openstack_health_monitor_tag Default: v3.0.0

Version from the Openstack-health-monitor which should be installed.

openstack_health_monitor_image Default: {{ docker_registry_openstack_health_monitor }}/sovereigncloudstack /openstack-health-monitor:{{ openstack_health_monitor_tag }}

The container image to use.

openstack_health_monitor_container_name Default: openstack_health_monitor

Name of the container.

openstack_health_monitor_service_name Default: docker-compose@openstack_health_monitor

Name of the service.

openstack_health_monitor_network Default: 172.31.100.160/28

The network to use for the Openstack-health-monitor container.

openstackclient

This ansbile role install the OpenStackClient. OpenStackClient is a command-line client for OpenStack that brings the command set for Compute, Identity, Image, Object Storage and Block Storage APIs together in a single shell with a uniform command structure.

Docker Variables

docker_network_mtu Default: 1500

Set this to the MTU for your outside connection.

docker_registry_openstackclient Default: quay.io

The registry for the OpenStackClient Docker container.

Operator Variables

operator_user Default: dragon

The user which will own the configuration directory.

operator_group Default: operator_user

Group from the user which will own the configuration directory.

Openstackclient Variables

openstackclient_install_type Default: container

Which type for instalation you prefer to use. The values that can be used are package or container.

openstackclient_version Default: xena

The Version from the OpenStackClient which should used.

Container Variables

openstackclient_configuration_directory Default: /opt/openstackclient/configuration

In this directory the configuration files for OpenStackClient will be stored.

openstackclient_data_directory Default: /opt/openstackclient/data

Directory where the data for the OpenStackClient will be stored.

openstackclient_docker_compose_directory Default: /opt/openstackclient

Path to the directory where the docker-compose-files from OpenStackClient will be stored.

openstackclient_tag Default: {{ openstackclient_version }}

Version from the OpenStackClient which should be installed.

openstackclient_image Default: {{ docker_registry_openstackclient }}/osism/openstackclient:{{ openstackclient_tag }}

The container image to use.

openstackclient_container_name Default: openstackclient

Name of the container in which OpenStackClient will run.

openstackclient_network Default: 172.31.100.16/28

The network to use for the OpenStackClient container.

openstackclient_service_name Default: docker-compose@openstackclient

The network to use for the OpenStackClient container.

Package Variables

openstackclient_configure_repository Default: true

Configure the system for installing OpenStackClient. Install dependencies, add the repository key and the repository itselfs.

openstackclient_debian_repository_arch Default: amd64

Architecture from the target system.

openstackclient_debian_repository_key Default: 391A9AA2147192839E9DB0315EDB1B62EC4926EA

The url from which you will get the package.

openstackclient_debian_repository Default: deb [ arch={{ openstackclient_debian_repository_arch }} ] http://ubuntu-cloud.archive.canonical.com/ubuntu {{ ansible_distribution_release }}-updates/ {{ openstackclient_version }} main

Name of the OpenStackClient debian repository.

openstackclient_debian_packages Default: - python3-openstackclient - python3-heatclient - python3-magnumclient

Required packages for installing OpenStackClient.

patchman

This ansible role install and configure Patchman and required components. Patchman is a maleware and vulnerability tool for websites. It will patch automaticly if it find something.

Operator Variables

operator_user Default: dragon

The user which will own the configuration directory.

operator_group Default: operator_user

Group from the user which will own the configuration directory.

Docker Variables

docker_network_mtu Default: 1500

Set this to the MTU for your outside connection.

docker_registry_patchman Default: quay.io

The registry for the Patchman Docker container.

docker_registry_postgres Default: index.docker.io

Registry for the Postgres Docker container files.

docker_registry_memcached Default: index.docker.io

The registry for the Memcached container files.

Patchman Variables

patchman_configuration_directory Default: /opt/patchman/configuration

In this directory the configuration files for Patchman will be stored.

patchman_docker_compose_directory Default: /opt/patchman

Path to the directory where the docker-compose-files from Patchman will be stored.

patchman_host Default: 127.0.0.1

The host where Patchman will be reachable.

patchman_port Default: 8150

Port which Patchman will use for connections from outside.

patchman_server_url Default: http://{{ patchman_host }}:{{ patchman_port }}

The url under which Patchman is reachable.

patchman_tag Default: 2.0.3

Version from the Patchman which should be installed.

patchman_image Default: {{ docker_registry_patchman }}/osism/patchman:{{ patchman_tag }}

The container image to use.

patchman_container_name Default: patchman

Name of the container in which Patchman will run.

patchman_network Default: 172.31.100.80/28

The network to use for the Patchman container.

patchman_service_name Default: docker-compose@patchman

Name from the Patchman service to deal with it.

patchman_username Default: patchman

Username for Patchman login.

patchman_password Default: password

Password for Patchman login.

patchman_secret_key Default: aiGe7eedievootee3ook3aeshok2sa4p

The secret key for patchman.

patchman_cron_day Default: *

Day-parameter for the Patchman cronjob.

patchman_cron_hour Default: 1

Hour-parameter for the Patchman cronjob.

patchman_cron_minute Default: 3

Minute-parameter for the Patchman cronjob.

patchman_cron_user Default: {{ operator_user|default('dragon') }}

User that should hold the cronjobs for Patchman.

patchman_debug Default: False

Disable debugging messages.

patchman_update_statfile Default: /tmp/patchman.stat

File to safe the last execution time of Patchman.

patchman_update Default: true

Enables the update funktion from Patchman.

patchman_update_force Default: false

Forces the update run to be executed.

patchman_update_valid_time Default: 86400

Defines the intervall for how long an update is considerd as valid.

Postgres Variables

postgres_tag Default: 14.2-alpine

Version of Postgres which should be used.

postgres_image Default: {{ docker_registry_postgres }}/library/postgres:{{ postgres_tag }}

The container image to use.

patchman_postgres_username Default: patchman

Username for the Patchman-Postgres database.

patchman_postgres_password Default: password

Password for the Patchman-Postgres database.

patchman_postgres_databasename Default: patchman_postgres_username

Password for the Patchman-Postgres database.

Memcached Variables

patchman_memcached_tag Default: 1.6.14-alpine

Version from Memcached which should used.

patchman_memcached_image Default: {{ docker_registry_memcached }}/library/memcached:{{ patchman_memcached_tag }}

The container image to use.

Traefik Variables

patchman_traefik Default: false

Set the configuration from Traefik to false. If true Traefik will be used.

traefik_external_network_name Default: traefik

Name of Patchman network for Traefik.

traefik_external_network_cidr Default: 172.31.254.0/24

The Traefik network segment for external traffic.

patchman_client

This ansible role install Patchman-client. The Patchman-client manage the list of packages for the Patchman server. Patchman-client can also be used to inspect the version of a package on a certain host.

Role Variables

patchman_client_cron_day Default: *

Day-parameter for the Patchman-client cronjob.

patchman_client_cron_hour Default: 0

Hour-Parameter for the Patchman-client cronjob.

patchman_client_cron_minute Default: 3

Minute-parameter for the Patchman-client cronjob.

patchman_client_cron_user Default: {{ operator_user|default('dragon') }}

User that should hold the cronjobs for Patchman-client.

patchman_client_curl_options Default: --insecure --connect-timeout 60 --max-time 300

Settings for curl.

patchman_client_report Default: 0

# FIX ME

patchman_client_tags Default: Server

# FIX ME

patchman_client_host Default: localhost

The host where Patchman-client will be reachable.

patchman_client_port Default: 8150

Port which Patchman-client will use for connections from outside.

patchman_client_server_url Default: http://{{ patchman_client_host }}:{{ patchman_client_port }}

The url under which Patchman server is reachable.

patchman_client_update_statfile Default: /tmp/patchman-client.stat

File to safe the last execution time of Patchman-client.

patchman_client_update Default: true

Enables the update funktion from Patchman-client.

patchman_client_update_force Default: false

Forces the update run to be executed.

patchman_client_update_valid_time Default: 86400

Defines the intervall for how long an update is considerd as valid.

phpmyadmin

Ansible role to install and configure Phpmyadmin. Phpmyadmin is a tool to manage MySQL and MariaDB database over the web.

Docker Variables

docker_network_mtu Default: 1500

Set this to the MTU for your outside connection.

docker_registry Default: index.docker.io

Have a look at docker_registry_phpmyadmin

docker_registry_phpmyadmin Default: docker_registry

The registry for the Phpmyadmin Docker container.

Operator Variables

operator_user Default: dragon

The user which will own the configuration directory.

operator_group Default: operator_user

Group from the user which will own the configuration directory.

Phpmyadmin Variables

phpmyadmin_docker_compose_directory Default: /opt/phpmyadmin

Path to the directory where the docker-compose-files from Phpmyadmin will be stored.

phpmyadmin_host Default: 127.0.0.1

The host where Phpmyadmin will be reachable.

phpmyadmin_database_host Default: 127.0.0.1

Host for the database.

phpmyadmin_port Default: 8110

Port which Phpmyadmin will use for connections from outside.

phpmyadmin_tag Default: 5.2

Version from the Phpmyadmin which should be installed.

phpmyadmin_image Default: {{ docker_registry_phpmyadmin }} /phpmyadmin/phpmyadmin:{{ phpmyadmin_tag }}

The container image to use.

phpmyadmin_network Default: 172.31.100.32/28

The network to use for the Phpmyadmin container.

phpmyadmin_service_name Default: docker-compose@phpmyadmin

Name from the Phpmyadmin service to deal with it.

Traefik Variables

phpmyadmin_traefik Default: false

Set the configuration from Traefik to false. If true Traefik will be used.

traefik_external_network_name Default: traefik

Name of Phpmyadmin network for Traefik.

traefik_external_network_cidr Default: 172.31.254.0/24

The Traefik network segment for external traffic.

rng

This ansible role install Haveged. Haveged is a random number generator.

Role Variables

rng_service_name Default: haveged

Service name of haveged.

rng_package_name Default: haveged

Package name for installing haveged.

rsyslog

This ansible role install and configure rsyslog with fluentd. Rsyslog transfer the log data to fluentd which makes the data more readable.

Role Variables

rsyslog_service_name Default: rsyslog

Name from the Rsyslog service to deal with it.

rsyslog_package_name Default: rsyslog

Package name from Rsyslog.

rsyslog_fluentd Default: true

Enable fluentd export.

rsyslog_fluentd_port Default: 5140

Fluentd server port.

rsyslog_fluentd_host Default: 127.0.0.1

Fluentd server IP.

fluentd_port Default: rsyslog_fluentd_port

Look at rsyslog_fluentd_port.

fluentd_host Default: rsyslog_fluentd_host

Look at rsyslog_fluentd_host.

rundeck

Ansible role for installing and configuring Rundeck and its components. Rundeck enables self-service operations. You can give specific users access to your existing tools, services and scripts.

Operator Variables

operator_user Default: dragon

The user which will own the configuration directory.

operator_group Default: operator_user

Group from the user which will own the configuration directory.

Docker Variables

docker_network_mtu Default: 1500

Set this to the MTU for your outside connection.

docker_registry_rundeck Default: index.docker.io

The registry for the Rundeck Docker container.

docker_registry_postgres Default: index.docker.io

Registry for the Postgres Docker container.

Rundeck Variables

rundeck_configuration_directory Default: /opt/rundeck/configuration

In this directory the configuration files for Rundeck will be stored.

rundeck_secrets_directory Default: /opt/rundeck/secrets

Directory which contains the secret files.

rundeck_docker_compose_directory Default: /opt/rundeck

Path to the directory where the docker-compose-files from Rundeck will be stored.

rundeck_network Default: 172.31.100.192/28

The network to use for the Rundeck container.

rundeck_service_name Default: docker-compose@rundeck

Name from the Rundeck service to deal with it.

rundeck_host Default: 127.0.0.1

The host where Rundeck will be reachable.

rundeck_port Default: 4440

Port which Rundeck will use for connections from outside.

rundeck_tag Default: 3.3.10

Version from the Rundeck which should be installed.

rundeck_image Default: {{ docker_registry_rundeck }}/rundeck/rundeck:{{ rundeck_tag }}

The container image to use.

Postgres Variables

rundeck_postgres_tag Default: 13-alpine

Version of Postgres which should be used.

rundeck_postgres_image Default: {{ docker_registry_postgres }}/library/postgres:{{ rundeck_postgres_tag }}

The container image to use.

rundeck_postgres_password Default: password

Password for the Rundeck-Postgres database.

rundeck_postgres_username Default: rundeck

Username for the Rundeck-Postgres database.

rundeck_postgres_databasename Default: rundeck

Name for the Rundeck-Postgres database.

smartd

This ansible role installs Smartd. Hard drive monitoring daemon.

Role Variables

smartd_package_name Default: smartmontools

Package name of smartd for installation.

smartd_service_name Default: smartd

Service name of smartd.

tang

This ansible role install Tang. Tang server for binding data to network presence.

Role Variables

tang_service_name Default: tangd: The tang service and process name

systemd_destination Default: /lib/systemd/system: The default systemd path

tang_port Default: 80: The default port for tang is 80, which is normally reserved for webservices

traefik

Ansible role for installing ang configuring Traefik. Traefik is a reverse proxy and loadbalancer for managing microservices.

Docker Variables

docker_network_mtu Default: 1500

Set this to the MTU for your outside connection.

docker_registry Default: index.docker.io

The registry for the Traefik Docker container.

docker_registry_traefik Default: docker_registry

Look at docker_registry.

Operator Variables

operator_user Default: dragon

The user which will own the configuration directory.

operator_group Default: operator_user

Group from the user which will own the configuration directory.

Traefik Variables

traefik_docker_compose_directory Default: /opt/traefik

Path to the directory where the docker-compose-files from Traefik will be stored.

traefik_certificates_directory Default: /opt/traefik/certificates

Directory which strores the certificates.

traefik_configuration_directory Default: /opt/traefik/configuration

In this directory the configuration files for Traefik will be stored.

traefik_host Default: 127.0.0.1

The host where Traefik will be reachable.

traefik_port Default: 8122

This port is for the Traefik dashboard.

traefik_port_http Default: 80

Port which Traefik will use for connections from outside.

traefik_port_https Default: 443

Port which Traefik will use for connections from outside via https.

traefik_certificates Default: {}

If you want to add self-signed certificates you can do it here.

Example:

traefik_certificates
  dashboard:
    cert: "-----BEGIN CERTIFICATE-----..."
    key: "-----BEGIN PRIVATE KEY-----..."

traefik_tag Default: v2.7.0

Version from the Traefik which should be installed.

traefik_image Default: {{ docker_registry_traefik }}/traefik:{{ traefik_tag }}

The container image to use.

traefik_network Default: 172.31.101.48/28

Network which is behind Traefik.

traefik_container_name Default: traefik

Container name for the Traefik service.

traefik_service_name Default: docker-compose@traefik

Name from the Traefik service to deal with it.

traefik_external_network_name Default: traefik

Network name of the external network for Traefik.

traefik_external_network_cidr Default: 172.31.254.0/24

The Traefik network segment for external traffic.

traefik_pilot_dashboard Default: false

Disable the Traefik dashboard.

traefik_log_level Default: INFO

Level of detail for the log messages.

virtualbmc

Ansible role for installing Virtualbmc. Virtualbmc is a bare metall controller for virtual machines.

Operator Variables

operator_user Default: dragon

The user which will own the configuration directory.

operator_group Default: operator_user

Group from the user which will own the configuration directory.

Docker Variables

docker_network_mtu Default: 1500

Set this to the MTU for your outside connection.

docker_registry_virtualbmc Default: quay.io

The registry for the Virtualbmc Docker container.

Virtualbmc Variables

virtualbmc_container_name Default: virtualbmc

Name of the container in which Virtualbmc will run.

virtualbmc_configuration_directory Default: /opt/virtualbmc/configuration

In this directory the configuration files for Virtualbmc will be stored.

virtualbmc_docker_compose_directory Default: /opt/virtualbmc

Path to the directory where the docker-compose-files from Virtualbmc will be stored.

virtualbmc_network Default: 172.31.101.128/28

The network to use for the Virtualbmc container.

virtualbmc_service_name Default: docker-compose@virtualbmc

Name from the Virtualbmc service to deal with it.

virtualbmc_host Default: 127.0.0.1

The host where Virtualbmc will be reachable.

virtualbmc_port Default: 6230-6239

Port which Virtualbmc will use for connections from outside.

virtualbmc_tag Default: 2.2.1

Version from the Virtualbmc which should be installed.

virtualbmc_image Default: {{ docker_registry_virtualbmc }}/osism/virtualbmc:{{ virtualbmc_tag }}

The container image to use.

wireguard

An ansible role for installation and configuration of wireguard. Sets up VPN service for a set of local users.

Role Variables

wireguard_users

List of users that will be configured for access. Each item is a dict with keys:

- name: Name of the user
- key: The public wireguard key of the user
- ip: The IP address assigned to the user

wireguard_mtu Default: 1360

Maximum Transfer Unit for wireguard. The default should allow connections to work through most consumer and cloud networks.

wireguard_server_address Default: 192.168.48.254/24

The VPN server address.

wireguard_listen_port Default: 51820

The port on which the wireguard server is listening.

wireguard_server_public_address Default: WIREGUARD_PUBLIC_IP_ADDRESS

The public IP address of the wireguard server that clients can connect to.

wireguard_create_client_config Default: false

Whether to create client config files. Assumes the user names to be local on the server and their home directory to be /home/user.name.

Zuul Deployment