Skip to content

tedsluis/ansible-playbooks

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

647 Commits
inventory
inventory
 
 
roles
roles
 
 
.gitignore
.gitignore
 
 
Jenkinsfile
Jenkinsfile
 
 
LICENSE
LICENSE
 
 
NOTES.md
NOTES.md
 
 
README.md
README.md
 
 
alertmanager.yaml
alertmanager.yaml
 
 
ansible.cfg
ansible.cfg
 
 
awx.yaml
awx.yaml
 
 
baseline.yaml
baseline.yaml
 
 
blackbox.yaml
blackbox.yaml
 
 
build-images.yaml
build-images.yaml
 
 
chrony.yaml
chrony.yaml
 
 
dockerratelimit.py
dockerratelimit.py
 
 
firewall.yaml
firewall.yaml
 
 
get-images.yaml
get-images.yaml
 
 
gitea.yaml
gitea.yaml
 
 
grafana.yml
grafana.yml
 
 
haproxy-keepalived.yml
haproxy-keepalived.yml
 
 
httpd.yaml
httpd.yaml
 
 
jenkins.yaml
jenkins.yaml
 
 
karma.yaml
karma.yaml
 
 
kubernetes.yaml
kubernetes.yaml
 
 
ldapclient.yaml
ldapclient.yaml
 
 
letsencrypt.yaml
letsencrypt.yaml
 
 
linkding.yaml
linkding.yaml
 
 
nfsclient.yaml
nfsclient.yaml
 
 
nfsserver.yaml
nfsserver.yaml
 
 
nodeexporter.yaml
nodeexporter.yaml
 
 
openldap.yaml
openldap.yaml
 
 
openvpn.yaml
openvpn.yaml
 
 
piaware.yaml
piaware.yaml
 
 
pihole.yaml
pihole.yaml
 
 
postgres.yaml
postgres.yaml
 
 
prometheus.yaml
prometheus.yaml
 
 
provision.yaml
provision.yaml
 
 
raspberryfan.yaml
raspberryfan.yaml
 
 
registry.yaml
registry.yaml
 
 
rocketchat.yaml
rocketchat.yaml
 
 
snmpexporter.yaml
snmpexporter.yaml
 
 
sssd.yaml
sssd.yaml
 
 

Repository files navigation

playbooks for fedora on raspberry pi

Scope

  • raspberry 2b, 3b, 3b+, 4b-4gb, 4b-8gb, Lenovo Thinkpad T580, Intel Nuc
  • fedora 32, 33, 34
  • ansible & ansible-vault

what runs where

| fed127 | fed130 | fed143 | fed149 | fed157 | fed159 | fed160 | fed168 | fed171 | fed178 | openvpn | pihole | | rpi4b8g | rpi4b8g | rpi4b4g | rpi4b4g | rpi3b+ | rpi2b | rpi4b8g | rpi4b8g | rpi2b | rpi2b | rpi3b | rpi3b | | nvme128 | nvme128 | nvme512 | nvme1024 | | | nvme128 | | | | | |

f34 f34 f34 f34 f34 f34 f34
jenkins gitea build-images piaware haproxy alert manager awx haproxy piaware openvpn pihole
httpd get-images dump1090exporter keepalived blackbox linkding keepalived dump1090exporter openvpnexporter
letsencrypt nfsserver grafana openldap
postgres openldap karma
registry prometheus
snmpexporter

Playbooks

playbooks description
provision.yaml all roles -- full stack deployment
baseline.yaml baseline features
gitea.yaml git server deployment
httpd.yaml apache server deployment
pihole.yaml pihole server deployment
postgres.yaml postgres db deployment
rocketchat.yaml rocketchat server deployment

Inventory

inventory files and directories decription
inventory/all main group
inventory/host_vars/ host files
inventory/group_vars/ group files

encrypted varibles

To decrypt ansible encrypted variables, store the password in file and add environment variable to .bashrc:

$ ANSIBLE_VAULT_PASSWORD_FILE=~/.vault_pass.txt

create encrypted variable

$ ansible-vault encrypt_string  'SECRET' --name '_slack_webhook_secret'

show encrypted variable

$ ansible -i "localhost," all  -m debug -a 'msg="{{ _slack_webhook_secret }}"'  -e@roles/alertmanager/defaults/main.yml

dependicies

$ ansible-galaxy collection install community.general
$ ansible-galaxy collection install containers.podman
$ sudo dnf install python3-pip
$ sudo pip3 install virtualenv
$ virtualenv ansible
$ source ansible/bin/activate          # deactivate to exit
$ pip install ansible

Roles

roles readme inventory/group_vars/
baseline README.md
dnsmasq README.md
firewall README.md
gitea README.md gitea.yml
httpd README.md httpd.yml
letsencrypt README.md letsencrypt.yml
packages README.md
pihole README.md pihole.yml
postgres README.md postgres.yml
rocketchat README.md rocketchet.yml
ssh-keys-and-config README.md
users-and-groups README.md

Used port, users, groups

firewall ports
port service scope
22 ssh all hosts
53 dns pihole
80 http pihole
443 https pihole
2222 gitea ssh gitea
3000 gitea gitea
5432 postgres default inside podman network
30080 apache httpd http on host fed143
30443 apache httpd https on host fed143
31080 apache httpd http on host fed143
31433 apache httpd https on host fed143
users and groups
uid user guid group
1000 tedsluis 1000 tedsluis
1000 pi 1000 pi
1001 ansible 1001 ansible
1033 gitea 1033 gitea
1034 httpd 1034 httpd
1035 letsencrypt 1035 letsencrypt
1036 postgres 1036 postgres

Prepare raspberry firmware for mass storage usb storage

Boot with raspios image and perform a full-upgrade. Specificy beta, critical or stable in the file below:

pi@raspberrypi:~ $ sudo vi /etc/default/rpi-eeprom-update

Check for updates:

pi@raspberrypi:i~ $ sudo rpi-eeprom-update 
BCM2711 detected
VL805 firmware in bootloader EEPROM
*** UPDATE AVAILABLE ***
BOOTLOADER: update available
CURRENT: Thu  3 Sep 12:11:43 UTC 2020 (1599135103)
 LATEST: Wed 28 Oct 17:32:40 UTC 2020 (1603906360)
 FW DIR: /lib/firmware/raspberrypi/bootloader/beta
VL805: up-to-date
CURRENT: 000138a1
 LATEST: 000138a1

Apply update:

pi@raspberrypi:/lib/firmware/raspberrypi/bootloader/beta $ sudo rpi-eeprom-update -a
BCM2711 detected
VL805 firmware in bootloader EEPROM
*** INSTALLING EEPROM UPDATES ***
BOOTLOADER: update available
CURRENT: Thu  3 Sep 12:11:43 UTC 2020 (1599135103)
 LATEST: Wed 28 Oct 17:32:40 UTC 2020 (1603906360)
 FW DIR: /lib/firmware/raspberrypi/bootloader/beta
VL805: up-to-date
CURRENT: 000138a1
 LATEST: 000138a1
BOOTFS /boot
EEPROM updates pending. Please reboot to apply the update.

Reboot en login again.

Select a eeprom version:

pi@raspberrypi:~ $ cp /lib/firmware/raspberrypi/bootloader/critical/pieeprom-2020-09-03.bin .

Or download one from github:

pi@raspberry:~ $ wget https://github.com/raspberrypi/rpi-eeprom/raw/master/firmware/beta/pieeprom-2020-10-28.bin

List versions:

pi@raspberrypi:~ $ ls -l 
total 1540
-rw-r--r-- 1 pi pi 524288 Oct 30 15:22 pieeprom-2020-09-03.bin
-rw-r--r-- 1 pi pi 524288 Oct 30 10:49 pieeprom-2020-10-28.bin

Get boot config settings from eeprom:

pi@raspberrypi:~ $ rpi-eeprom-config pieeprom-2020-09-03.bin > bootconf.txt

Show boot config settings:

pi@raspberrypi:~ $ cat bootconf.txt
[all]
BOOT_UART=0
WAKE_ON_GPIO=1
POWER_OFF_ON_HALT=0
DHCP_TIMEOUT=45000
DHCP_REQ_TIMEOUT=4000
TFTP_FILE_TIMEOUT=30000
ENABLE_SELF_UPDATE=1
DISABLE_HDMI=0
BOOT_ORDER=0xf41

Edit boot config settings:

pi@raspberrypi:~ $ vi bootconf.txt

Create new eeprom with boot config settings:

pi@raspberrypi:~ $ rpi-eeprom-config --out pieeprom-new.bin --config bootconf.txt pieeprom-2020-09-03.bin

Show new eeprom + boot settings:

pi@raspberrypi:~ $ ls -l 
total 1540
-rw-r--r-- 1 pi pi    278 Oct 30 15:21 bootconf.txt
-rw-r--r-- 1 pi pi 524288 Oct 30 15:22 pieeprom-2020-09-03.bin
-rw-r--r-- 1 pi pi 524288 Oct 30 10:49 pieeprom-2020-10-28.bin
-rw-r--r-- 1 pi pi 524288 Oct 30 14:45 pieeprom-new.bin

Apply eeprom + boot settings:

pi@raspberrypi:~ $ sudo rpi-eeprom-update -d -f ./pieeprom-new.bin
BCM2711 detected
VL805 firmware in bootloader EEPROM
*** INSTALLING ./pieeprom-new.bin  ***
BOOTFS /boot
EEPROM update pending. Please reboot to apply the update.

Reboot raspberry to apply update and login again.

Show new boot config settings:

pi@raspberrypi:~ $ vcgencmd bootloader_config
[all]
BOOT_UART=0
WAKE_ON_GPIO=1
POWER_OFF_ON_HALT=0
DHCP_TIMEOUT=45000
DHCP_REQ_TIMEOUT=4000
TFTP_FILE_TIMEOUT=30000
TFTP_IP=
TFTP_PREFIX=0
BOOT_ORDER=0xf41               <------ boot order is sdcard, usb mass storage
SD_BOOT_MAX_RETRIES=3
NET_BOOT_MAX_RETRIES=5
USB_MSD_PWR_OFF_TIME=0
USB_MSD_DISCOVER_TIMEOUT=20
[none]
FREEZE_VERSION=0

more......

https://github.com/dysosmus/ansible-completion

$ git clone git@github.com:dysosmus/ansible-completion.git
$ cd ansible-completion
$ sudo cp *.bash /etc/bash_completion.d/

Reload shell: source ~/.bashrc or source ~/.profile

Install VIM plugin manager

https://github.com/junegunn/vim-plug

$ mkdir -p ~/.vim/autoload

$ curl -fLo ~/.vim/autoload/plug.vim --create-dirs \
    https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim

Install VIM syntax highlighting plugin for Ansible

https://github.com/pearofducks/ansible-vim

$ cat <<EOT >> ~/.vimrc 
" Plugins will be downloaded under the specified directory.
call plug#begin('~/.vim/plugged')

" Declare the list of plugins.
Plug 'pearofducks/ansible-vim'
  
" List ends here. Plugins become visible to Vim after this call.
call plug#end()
EOT

To update the plug-ins, use :PlugUpdate in VIM.

About

deploy stuff on fedora / raspberry using ansible

Topics

raspberry-pi ansible fedora raspberry ansible-roles

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages