home init

hornos · May 12, 2013 · a88055b · a88055b
1 parent 8876f0b
commit a88055b
Show file tree

Hide file tree

Showing 48 changed files with 1,481 additions and 173 deletions.
diff --git a/README.md b/README.md
@@ -583,6 +583,10 @@ This command starts GSI SSH on port 2222:
 
 Test GSI SSH from OS X by `shf3` since it is the best CLI tool for SSH stuff. Check DNS resolution, client and host should resolv the root server names. Other users should be created by LDAP.
 
+### Grid FTP
+
+### Globus Online
+
 ### Apache with Globus cert
 You can use the Globus PKI for Apache SSL (the default CA is used):
 
@@ -592,6 +596,10 @@ You can use the Globus PKI for Apache SSL (the default CA is used):
 
     bin/play @@root globus_ajenti
 
+## SSH
+### GateONE
+### Mosh
+
 ## LDAP
 auto home, limits
 
@@ -829,15 +837,30 @@ At first, you have to run with `format=yes` to create the mongodb partition unde
 
   bin/play @@root-01 xcat
 
+## VPN
+### Tinc VPN
 
-## Grid
-### Globus
-#### PKI
-#### GSI-SSH
-#### GridFTP
-### GateONE
-## Tinc VPN
+### SoftEther
+### OpenVPN
+
+## Gateway Howto
+The *gateway* is Ubuntu-based home server, in particular a Zotac mini PC. You have to modify `space/.host` file to be able to inject machines on the local network, eg.:
+
+    listen_addresses="192.168.1.192"
+    router=192.168.1.1
+    # for the kickstart
+    http_listen="192.168.1.192:8080"
+
+IP of your OS X is in the `listen_addresses` list.
+
+Kickstart the gateway:
+
+    bin/jockey gateway 08:00:27:fb:2f:1d
 
-### Root Server VPN
+The installer initiates the network console and waits for an SSH login to continue. After reboot you have to run the following playbooks:
 
-### Tinc Over TOR
+    ./play root@gateway bootstrap
+    ./play @@gateway secure
+    ./play @@gateway homewall
+    ./play @@gateway basic_home
+    ./play @@gateway ajenti_home
diff --git a/ajenti.yml b/ajenti.yml
@@ -5,33 +5,64 @@
 - hosts: all
 
   tasks:
-  - name: Install Ajenti Repo
-    template: src=etc/yum.repos.d/ajenti.repo.j2
-              dest=/etc/yum.repos.d/ajenti.repo
-              owner=root
-              group=root
-              mode=0644
-    tags:
-      - repo
+### REDHAT
+    - name: Install Ajenti Repo
+      template: src=etc/yum.repos.d/ajenti.repo.j2
+                dest=/etc/yum.repos.d/ajenti.repo
+                owner=root
+                group=root
+                mode=0644
+      when: ansible_os_family == "RedHat"
+      tags:
+        - repo
 
-  - name: Install Ajenti packages
-    yum: name=$item
-         state=installed
-    with_items:
-      - ajenti
-    tags:
-      - packages
+    - name: Install Ajenti packages
+      yum: name=$item
+           state=installed
+      with_items:
+        - ajenti
+      when: ansible_os_family == "RedHat"
+      tags:
+        - packages
 
-  - name: Install /etc/shorewall/rules.d/ajenti
-    template: src=etc/shorewall/rules.d/ajenti.j2
-              dest=/etc/shorewall/rules.d/ajenti
-              owner=root
-              group=root
-              mode=0640
-    tags:
-      - firewall
-    notify:
-      - Restart shorewall
+### DEBIAN
+    - name: Install Ajenti Repo
+      apt_repository: repo='deb http://repo.ajenti.org/debian main main'
+      when: ansible_os_family == "Debian"
+      tags:
+        - packages
+        - repo
+
+    - name: Install Ajenti Key
+      apt_key: url=http://repo.ajenti.org/debian/key
+               state=present
+      when: ansible_os_family == "Debian"
+      tags:
+        - packages
+        - repo
+        - key
+
+    - name: Install Ajenti packages
+      apt: name=$item
+           state=installed
+           force=yes
+      with_items:
+        - ajenti
+      when: ansible_os_family == "Debian"
+      tags:
+        - packages
+
+### CONFIGURATION
+    - name: Install /etc/shorewall/rules.d/ajenti
+      template: src=etc/shorewall/rules.d/ajenti.j2
+                dest=/etc/shorewall/rules.d/ajenti
+                owner=root
+                group=root
+                mode=0640
+      tags:
+        - firewall
+      notify:
+        - Restart shorewall
 
   handlers:
     - name: Restart shorewall

diff --git a/ajenti_home.yml b/ajenti_home.yml
@@ -0,0 +1,70 @@
+#
+# http://ajenti.org/
+#
+---
+- hosts: all
+
+  tasks:
+### REDHAT
+    - name: Install Ajenti Repo
+      template: src=etc/yum.repos.d/ajenti.repo.j2
+                dest=/etc/yum.repos.d/ajenti.repo
+                owner=root
+                group=root
+                mode=0644
+      when: ansible_os_family == "RedHat"
+      tags:
+        - repo
+
+    - name: Install Ajenti packages
+      yum: name=$item
+           state=installed
+      with_items:
+        - ajenti
+      when: ansible_os_family == "RedHat"
+      tags:
+        - packages
+
+### DEBIAN
+    - name: Install Ajenti Repo
+      apt_repository: repo='deb http://repo.ajenti.org/debian main main'
+      when: ansible_os_family == "Debian"
+      tags:
+        - packages
+        - repo
+
+    - name: Install Ajenti Key
+      apt_key: url=http://repo.ajenti.org/debian/key
+               state=present
+      when: ansible_os_family == "Debian"
+      tags:
+        - packages
+        - repo
+        - key
+
+    - name: Install Ajenti packages
+      apt: name=$item
+           state=installed
+           force=yes
+      with_items:
+        - ajenti
+      when: ansible_os_family == "Debian"
+      tags:
+        - packages
+
+### CONFIGURATION
+    - name: Install /etc/shorewall/rules.d/ajenti
+      template: src=etc/shorewall/rules.d/ajenti_home.j2
+                dest=/etc/shorewall/rules.d/ajenti
+                owner=root
+                group=root
+                mode=0640
+      tags:
+        - firewall
+      notify:
+        - Restart shorewall
+
+  handlers:
+    - name: Restart shorewall
+      service: name=shorewall
+               state=restarted
diff --git a/basic_crypto.yml b/basic_crypto.yml
@@ -1,10 +1,11 @@
 #
+# TODO: tor
 #
 ---
 - hosts: all
 
   tasks:
-### REDHAT
+### PACKAGES
   - name: Install packages
     yum: name=$item
          state=installed
@@ -15,7 +16,23 @@
       - crypto-utils
       - gpgme
       - pygpgme
-      - tor
+#      - tor
     when: ansible_os_family == "RedHat"
     tags:
       - packages
+
+  - name: Install packages
+    apt: name=$item
+         state=installed
+    with_items:
+      - python-keyczar
+      - openssl
+      - encfs
+      - gnupg
+      - ecryptfs-utils
+      - python-pyme
+      - python-gnupg
+#      - tor
+    when: ansible_os_family == "Debian"
+    tags:
+      - packages
diff --git a/basic_home.yml b/basic_home.yml
@@ -0,0 +1,25 @@
+#
+# Basic configuration for root servers
+# 
+
+- include: basic_packages.yml
+- include: basic_python.yml
+
+# basic_services
+- include: dnsmasq_home.yml
+- include: ntp_server_home.yml
+- include: syslog-ng.yml
+- include: syslog-ng_loghost.yml
+- include: logcheck.yml
+
+- include: basic_ruby.yml
+- include: basic_crypto.yml
+- include: basic_tops.yml
+- include: basic_httpd.yml
+- include: phpsysinfo_home.yml
+- include: httpd_topcoat_home.yml
+- include: httpd_h5ai_home.yml
+- include: basic_tools.yml
+- include: basic_config.yml
+
+- include: ajenti_home.yml
diff --git a/basic_packages.yml b/basic_packages.yml
@@ -40,6 +40,7 @@
     tags:
       - packages
 
+# TODO: nodejs and repos
   - name: Install basic packages
     apt: name=$item
          state=installed
@@ -58,9 +59,14 @@
       - python-crypto
       - python-distutils-extra
       - python-openssl
+      - python-dev
       - make
       - multitail
       - rsstail
+      - xauth
+      - libtool
+      - python-software-properties
+      - software-properties-common
     when: ansible_os_family == "Debian"
     tags:
       - packages
diff --git a/basic_ruby.yml b/basic_ruby.yml
@@ -1,7 +1,7 @@
 ---
 - hosts: all
   tasks:
-
+### PACKAGES
   - name: Install ruby packages
     yum: name=$item
     with_items:
@@ -15,6 +15,20 @@
     tags:
       - packages
 
+  - name: Install ruby packages
+    apt: name=$item
+    with_items:
+      - make
+      - gcc
+      - g++
+      - zlib1g-dev
+      - libxml2-dev
+      - libxslt1-dev
+    when: ansible_os_family == "Debian"
+    tags:
+      - packages
+
+### RVM
   - name: Copy RVM Installer
     copy: src=root/install_rvm.sh
           dest=/root/install_rvm.sh

diff --git a/bin/play b/bin/play
@@ -44,7 +44,11 @@ fi
 
 ### common args
 key=./keys/${user}
-args="-u ${user} --private-key=${key} -i ${inventory} ${opts}"
+_key=""
+if test -r ${key} ; then
+  _key="--private-key=${key}"
+fi
+args="-u ${user} ${_key} -i ${inventory} ${opts}"
 cmd=""
 
 ### modules
@@ -101,7 +105,12 @@ case $gbn in
     grep ansible_ssh_host | \
     sed s/.*=// | uniq)
 
-    ssh -X ${opts} -i keys/${user} ${user}@${host}
+    key=keys/${user}
+    _key=""
+    if test -r ${_key} ; then
+      _key="-i ${key}"
+    fi
+    ssh -X ${opts} ${_key}  ${user}@${host}
     exit $?
     ;;
   help|*)