ansible-role-komodo/examples/server_management/inventory/all.yml at main · samumatic/ansible-role-komodo · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# This is a fairly exhaustive example of pretty much all the ways
# that you could configure an inventory file to modify the behavior
# of the komodo role.
# Note that many of the tips/tricks here arent needed,
# but they may give some inspiration for how you want to
# configure your own setup, depending on your own system complexity

all:
  # Here you can have your typical inventory configurations.
  # Add additonal vars: section for ssh keyfiles, etc.
  hosts:
    komodo_host1:
      ansible_host: 10.1.10.4
    komodo_host2:
      ansible_host: 10.1.10.5
    komodo_host3:
      ansible_host: 10.1.10.6
    komodo_host4:
      ansible_host: 10.1.10.7
    localhost:
      ansible_host: localhost
      connection: local
  # Below we can create special komodo hosts, with komodo related variables
  # set so that each server might have its own particular behavior, or to
  # just conveniently set some defaults.
  children:
    komodo:
      vars:
        # These variables are only needed if using the server management feature
        # This feature allows the role to automatically register and update
        # servers in komodo core in addition to deploying periphery
        komodo_core_url: "https://komodo.example.com"
        # Encrypt these with vault!
        komodo_core_api_key: "some_api_key"
        komodo_core_api_secret: "some_api_secret"
        # Default to allowing server management feature. Can be overriden
        enable_server_management: true
        komodo_passkeys:
          - passkey1
      children:
        core:
          hosts:
            komodo_host1:
              # We can set a different periphery port if we want
              periphery_port: 8199
              # Can be an internal docker IP for example if on the same host
              # You can even make this static if needed in your compose file
              # with `ipv4_address: 172.20.0.101` on its specified internal docker network
              komodo_allowed_ips:
                - "172.20.0.101"
              # Can manually set the server address instead of autodetecting route
              # In this case since we want to communicate to core through its docker IP,
              # we can use host.docker.internal if we add
              #     extra_hosts:
              #      - host.docker.internal:host-gateway
              # to our komodo core compose file.
              server_address: https://host.docker.internal:{{ periphery_port }}
              # We can bind to a particular interface, like the internal docker host gateway
              # Can figure this out with docker network inspect bridge --format '{{ (index .IPAM.Config 0).Gateway }}'
              # for example. Or check gateway for docker0 on your host, etc. But you should be able to get it
              # automatically with ansible through {{ ansible_docker0.ipv4.address}}
              komodo_bind_ip: "{{ ansible_docker0.ipv4.address}}"
        periphery:
          hosts:
            komodo_host2:
              # This host will allow a new key to be generated and rotated
              # with every install and update
              generate_server_passkey: true
              # This host is specifying its name explicitly. The other hosts
              # will simply use their ansible inventory names
              server_name: "special-server"
              # We aren't seeing a bind_ip so make sure to use the ipv6 prefix
              # for ipv4 addresses.
              komodo_allowed_ips:
                - "::ffff:10.1.10.4"
            komodo_host3:
              # This host will specify its own specific server passkey
              # This passkey can be encrypted with vault!
              server_passkey: some-secret-passkey
              # We can either be explicit with the IP, or use our
              # inventory to determine the IP if we want
              komodo_allowed_ips:
                - "{{ hostvars['komodo_host1'].ansible_host }}"
              # Can also be komodo_bind_ip: {{ ansible_host }} to be more specific
              komodo_bind_ip: 0.0.0.0
            komodo_host4:
              # This host overrides the default behavior and doesnt allow server
              # management
              enable_server_management: false
              # We can manually specify all allowed passkeys in one list
              # These passkeys would need to be set globally in the core instance(s)
              # since we are not managing servers / passkeys automatically.
              # Can encrypt entries with vault!
              komodo_passkeys:
                - passkey1
                - passkey2
              # Maybe you have multiple core instances, for example.
              # If using an inventory setup like this, you could do..
              komodo_allow_ips: >-
                  {{
                    groups['core']
                    | map('extract', hostvars, 'ansible_host')
                    | list
                  }}
              # Or just manually specify them like this
              # komodo_allowed_ips:
              #  - "10.1.10.4"
              #  - "some.random.external.ip.maybe"
              komodo_bind_ip: "{{ ansible_host }}"