Ansible Inventory Project for the CD Platform Reference Implementation
Categories:
This a GitLab project that serves as the Ansible inventory for the reference implementation for the CD Platform of Dutch Police.
Products
| Product | Level | Link | Description |
|---|---|---|---|
| SonarQube | III | https://sh.1.1.1.3.nip.io/sonarqube/ | default admin with pw admin or akaufman |
| Nexus | IV | https://sh.1.1.1.3.nip.io/nexus/ | admin with pw secret or akaufman |
| Jira | II | https://sh.1.1.1.3.nip.io/jira/ | admin with pw secret2 |
| Bitbucket | II | https://sh.1.1.1.3.nip.io/bitbucket/ | |
| Confluence | II | https://sh.1.1.1.3.nip.io/confluence/ | admin with pw secret2 |
| Jenkins | I | https://sh.1.1.1.3.nip.io/jenkins/ | admin with pw supersecret |
| Sites | II | https://sh.1.1.1.3.nip.io/sites/ | Host static sites using Apache |
| AWX | I | https://awx.1.1.1.3.nip.io/ 1 | Open Source Ansible Tower. AWX is very much work in progress, see README
for info. Login admin with pw secret |
| Guacamole | I | https://sh.1.1.1.3.nip.io/desktop/ | Use Docker based desktops in your browser. |
1. AWX doesn’t support changing web context - it needs to run from root. 2. Jira and Confluence setup cannot be automated. You have to use the wizard to setup the database, admin account etc.
Capability Levels
| Level | Description |
|---|---|
| I - Basic Install | Automated application provisioning and configuration management |
| II - Full Lifecycle | Upgrade,rollback, rollforward, backup, restore |
| III - Insights | Basic monitoring, JMX, etc |
| IV - Project Environment | Managed project creation, access etc |
This repository includes a number of supporting products / components that are typically used in conjunction with the products above:
| Component | Purpose |
|---|---|
| reverse-proxy | Reverse proxy server |
| postgresql | Database for SonarQube, Jira, Bitbucket, Confluence |
| cacerts | Import certificates, CA bundles in keystores |
| lcm | Support LCM operations install, upgrade, rollback, rollforward |
| lvm | Create, size, manage logical volumes |
| monit | Basic monitoring e.g. disk space, CPU, swap etc |
| postfix | Mailrelay |
| proxy | Proxy server based on Squid |
| swid | Create SWID tags |
The repository also includes plays / roles for test and development purposes. See for example
- opendj.yml play and opendj/ role. This creates a simple LDAP server based on OpenDJ.
- env.yml play and env role. This role was added to configure an environment for a PetClinic example project. At this point it creates for example LDAP groups and accounts.
- oracle.yml play creates Oracle Database 12c Enterprise Edition based on Docker container .
This repository is created and maintained as a monolithic repository. External roles from Galaxy and GitHub are copied into this repository. Aside from that it tries to follow Ansible Best Practices as much as possible.
Getting Started
Install Ansible, Vagrant, VirtualBox on Ubuntu 18.04 machine. nip.io is used to DNS entries to IP addresses in the development environment.
Ansible
Add the Ansible repository and install Ansible .
sudo add-apt-repository ppa:ansible/ansible
sudo apt-get install ansible
This repository has been used with:
- Ansible 2.8.3 and Python 2.7.15.
- Ansible 2.10.3 and Python 3.6.9.
Vagrant
sudo wget https://releases.hashicorp.com/vagrant/2.2.6/vagrant_2.2.6_x86_64.deb
sudo dpkg -i vagrant_2.2.6_x86_64.deb
VirtualBox
sudo apt-get install virtualbox
Setup project directory
Git clone this repository for example to ~/ansible.
git clone cd ~/ansible
Note: if you run a vagrant command for example vagrant status a Ansible Vault
password stored in the file ~/ansible/vpass with content secret in root of the repository directory. This is used by Ansible vault for encrypting and decrypting secrets
.
Provision a first service
To get started, create for example the bitbucket service. For this you will also need the proxy node and the db node. So the command becomes
vagrant up proxy db bitbucket
The db node contains the PostgreSQL database used by Bitbucket. The proxy has a Apache2 reverse proxy server that will be used to access Bitbucket using self-signed certificates.
Note: the proxy node also includes a forward proxy server based on Squid. If you want to use this forward proxy you can enable it by removing proxy_skip of by setting it to false as shown below in proxy.yml](group_vars/all/proxy.yml).
proxy_skip: false # remove / false to enable forward proxy
Provision
Additionally create other nodes shown below. At a minimum you will need the proxy and postgresql node.
| Node | Service(s) | Link | Comments |
|---|---|---|---|
| proxy | Forward and reverse proxy, NFS server, OpenDJ server, Mailrelay | ||
| db | PostgreSQL server | ||
| oracle | Oracle Database 12c Enterprise Edition | See role for more information. | |
| sonarqube | SonarQube server | https://sh.1.1.1.3.nip.io/sonarqube/ | default admin with pw admin or akaufman |
| nexus | Nexus | https://sh.1.1.1.3.nip.io/nexus/ | admin with pw secret or akaufman |
| sites | Static “dimension” site | https://sh.1.1.1.3.nip.io/dimension/ | admin with pw supersecret |
| jenkins | Jenkins | https://sh.1.1.1.3.nip.io/jenkins/ | admin with pw supersecret |
| confluence | Confluence | https://sh.1.1.1.3.nip.io/confluence/ | admin with pw secret |
| jira | Jira | https://sh.1.1.1.3.nip.io/jira/ | admin with pw secret |
| bitbucket | Bitbucket | https://sh.1.1.1.3.nip.io/bitbucket/ | admin with pw secret |
| awx | AWX | https://awx.1.1.1.3.nip.io/ | |
| bastion | Guacamole | https://sh.1.1.1.3.nip.io/desktop/ |
LDAP accounts
| Account | Password | Role |
|---|---|---|
akaufman | secrets | admin |
Accounts en groups are in configured in host_vars/proxy.yml .
To provision a node use standard Vagrant commands see vagrant --help for example to provision SonarQube for a first time:
vagrant up proxy db sonarqube
To run the Ansible provisioner after nodes have been created using vagrant up you use vagrant provision <node>. See vagrant --help for more information.
LDAP
The proxy node includes a simple LDAP server based on OpenDJ. If you want to connect to the LDAP directory using a tool like Apache Directory Studio
use for example ldap://1.1.1.3:389 and cn=admin with password secret.
License
MIT License.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.