dearsky/wifi-densepose
1
0
Fork 0
Code Issues 20 Pull Requests 5 Actions Packages Projects Releases 1 Wiki Activity
Files
claude/integrate-ruvector-rvf-mF1Hp
wifi-densepose/ansible/playbook.yml
rUv c378b705ca updates
2025-06-07 11:44:19 +00:00

511 lines
13 KiB
YAML
Raw Permalink Blame History

---
# WiFi-DensePose Ansible Playbook
# This playbook configures servers for WiFi-DensePose deployment
- name: Configure WiFi-DensePose Infrastructure
hosts: all
become: yes
gather_facts: yes
vars:
# Application Configuration
app_name: wifi-densepose
app_user: wifi-densepose
app_group: wifi-densepose
app_home: /opt/wifi-densepose
# Docker Configuration
docker_version: "24.0"
docker_compose_version: "2.21.0"
# Kubernetes Configuration
kubernetes_version: "1.28"
kubectl_version: "1.28.0"
helm_version: "3.12.0"
# Monitoring Configuration
node_exporter_version: "1.6.1"
prometheus_version: "2.45.0"
grafana_version: "10.0.0"
# Security Configuration
fail2ban_enabled: true
ufw_enabled: true
# System Configuration
timezone: "UTC"
ntp_servers:
- "0.pool.ntp.org"
- "1.pool.ntp.org"
- "2.pool.ntp.org"
- "3.pool.ntp.org"
pre_tasks:
- name: Update package cache
apt:
update_cache: yes
cache_valid_time: 3600
when: ansible_os_family == "Debian"
- name: Update package cache (RedHat)
yum:
update_cache: yes
when: ansible_os_family == "RedHat"
tasks:
# System Configuration
- name: Set timezone
timezone:
name: "{{ timezone }}"
- name: Install essential packages
package:
name:
- curl
- wget
- git
- vim
- htop
- unzip
- jq
- python3
- python3-pip
- ca-certificates
- gnupg
- lsb-release
- apt-transport-https
state: present
- name: Configure NTP
template:
src: ntp.conf.j2
dest: /etc/ntp.conf
backup: yes
notify: restart ntp
# Security Configuration
- name: Install and configure UFW firewall
block:
- name: Install UFW
package:
name: ufw
state: present
- name: Reset UFW to defaults
ufw:
state: reset
- name: Configure UFW defaults
ufw:
direction: "{{ item.direction }}"
policy: "{{ item.policy }}"
loop:
- { direction: 'incoming', policy: 'deny' }
- { direction: 'outgoing', policy: 'allow' }
- name: Allow SSH
ufw:
rule: allow
port: '22'
proto: tcp
- name: Allow HTTP
ufw:
rule: allow
port: '80'
proto: tcp
- name: Allow HTTPS
ufw:
rule: allow
port: '443'
proto: tcp
- name: Allow Kubernetes API
ufw:
rule: allow
port: '6443'
proto: tcp
- name: Allow Node Exporter
ufw:
rule: allow
port: '9100'
proto: tcp
src: '10.0.0.0/8'
- name: Enable UFW
ufw:
state: enabled
when: ufw_enabled
- name: Install and configure Fail2Ban
block:
- name: Install Fail2Ban
package:
name: fail2ban
state: present
- name: Configure Fail2Ban jail
template:
src: jail.local.j2
dest: /etc/fail2ban/jail.local
backup: yes
notify: restart fail2ban
- name: Start and enable Fail2Ban
systemd:
name: fail2ban
state: started
enabled: yes
when: fail2ban_enabled
# User Management
- name: Create application group
group:
name: "{{ app_group }}"
state: present
- name: Create application user
user:
name: "{{ app_user }}"
group: "{{ app_group }}"
home: "{{ app_home }}"
shell: /bin/bash
system: yes
create_home: yes
- name: Create application directories
file:
path: "{{ item }}"
state: directory
owner: "{{ app_user }}"
group: "{{ app_group }}"
mode: '0755'
loop:
- "{{ app_home }}"
- "{{ app_home }}/logs"
- "{{ app_home }}/data"
- "{{ app_home }}/config"
- "{{ app_home }}/backups"
# Docker Installation
- name: Install Docker
block:
- name: Add Docker GPG key
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
- name: Add Docker repository
apt_repository:
repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
state: present
- name: Install Docker packages
package:
name:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-buildx-plugin
- docker-compose-plugin
state: present
- name: Add users to docker group
user:
name: "{{ item }}"
groups: docker
append: yes
loop:
- "{{ app_user }}"
- "{{ ansible_user }}"
- name: Start and enable Docker
systemd:
name: docker
state: started
enabled: yes
- name: Configure Docker daemon
template:
src: docker-daemon.json.j2
dest: /etc/docker/daemon.json
backup: yes
notify: restart docker
# Kubernetes Tools Installation
- name: Install Kubernetes tools
block:
- name: Add Kubernetes GPG key
apt_key:
url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
state: present
- name: Add Kubernetes repository
apt_repository:
repo: "deb https://apt.kubernetes.io/ kubernetes-xenial main"
state: present
- name: Install kubectl
package:
name: kubectl={{ kubectl_version }}-00
state: present
- name: Hold kubectl package
dpkg_selections:
name: kubectl
selection: hold
- name: Install Helm
unarchive:
src: "https://get.helm.sh/helm-v{{ helm_version }}-linux-amd64.tar.gz"
dest: /tmp
remote_src: yes
creates: /tmp/linux-amd64/helm
- name: Copy Helm binary
copy:
src: /tmp/linux-amd64/helm
dest: /usr/local/bin/helm
mode: '0755'
remote_src: yes
# Monitoring Setup
- name: Install Node Exporter
block:
- name: Create node_exporter user
user:
name: node_exporter
system: yes
shell: /bin/false
home: /var/lib/node_exporter
create_home: no
- name: Download Node Exporter
unarchive:
src: "https://github.com/prometheus/node_exporter/releases/download/v{{ node_exporter_version }}/node_exporter-{{ node_exporter_version }}.linux-amd64.tar.gz"
dest: /tmp
remote_src: yes
creates: "/tmp/node_exporter-{{ node_exporter_version }}.linux-amd64"
- name: Copy Node Exporter binary
copy:
src: "/tmp/node_exporter-{{ node_exporter_version }}.linux-amd64/node_exporter"
dest: /usr/local/bin/node_exporter
mode: '0755'
owner: node_exporter
group: node_exporter
remote_src: yes
- name: Create Node Exporter systemd service
template:
src: node_exporter.service.j2
dest: /etc/systemd/system/node_exporter.service
notify:
- reload systemd
- restart node_exporter
- name: Start and enable Node Exporter
systemd:
name: node_exporter
state: started
enabled: yes
daemon_reload: yes
# Log Management
- name: Configure log rotation
template:
src: wifi-densepose-logrotate.j2
dest: /etc/logrotate.d/wifi-densepose
- name: Create log directories
file:
path: "{{ item }}"
state: directory
owner: syslog
group: adm
mode: '0755'
loop:
- /var/log/wifi-densepose
- /var/log/wifi-densepose/application
- /var/log/wifi-densepose/nginx
- /var/log/wifi-densepose/monitoring
# System Optimization
- name: Configure system limits
template:
src: limits.conf.j2
dest: /etc/security/limits.d/wifi-densepose.conf
- name: Configure sysctl parameters
template:
src: sysctl.conf.j2
dest: /etc/sysctl.d/99-wifi-densepose.conf
notify: reload sysctl
# Backup Configuration
- name: Install backup tools
package:
name:
- rsync
- awscli
state: present
- name: Create backup script
template:
src: backup.sh.j2
dest: "{{ app_home }}/backup.sh"
mode: '0755'
owner: "{{ app_user }}"
group: "{{ app_group }}"
- name: Configure backup cron job
cron:
name: "WiFi-DensePose backup"
minute: "0"
hour: "2"
job: "{{ app_home }}/backup.sh"
user: "{{ app_user }}"
# SSL/TLS Configuration
- name: Install SSL tools
package:
name:
- openssl
- certbot
- python3-certbot-nginx
state: present
- name: Create SSL directory
file:
path: /etc/ssl/wifi-densepose
state: directory
mode: '0755'
# Health Check Script
- name: Create health check script
template:
src: health-check.sh.j2
dest: "{{ app_home }}/health-check.sh"
mode: '0755'
owner: "{{ app_user }}"
group: "{{ app_group }}"
- name: Configure health check cron job
cron:
name: "WiFi-DensePose health check"
minute: "*/5"
job: "{{ app_home }}/health-check.sh"
user: "{{ app_user }}"
handlers:
- name: restart ntp
systemd:
name: ntp
state: restarted
- name: restart fail2ban
systemd:
name: fail2ban
state: restarted
- name: restart docker
systemd:
name: docker
state: restarted
- name: reload systemd
systemd:
daemon_reload: yes
- name: restart node_exporter
systemd:
name: node_exporter
state: restarted
- name: reload sysctl
command: sysctl --system
# Additional playbooks for specific environments
- name: Configure Development Environment
hosts: development
become: yes
tasks:
- name: Install development tools
package:
name:
- build-essential
- python3-dev
- nodejs
- npm
state: present
- name: Configure development Docker settings
template:
src: docker-daemon-dev.json.j2
dest: /etc/docker/daemon.json
backup: yes
notify: restart docker
- name: Configure Production Environment
hosts: production
become: yes
tasks:
- name: Configure production security settings
sysctl:
name: "{{ item.name }}"
value: "{{ item.value }}"
state: present
reload: yes
loop:
- { name: 'net.ipv4.ip_forward', value: '0' }
- { name: 'net.ipv4.conf.all.send_redirects', value: '0' }
- { name: 'net.ipv4.conf.default.send_redirects', value: '0' }
- { name: 'net.ipv4.conf.all.accept_source_route', value: '0' }
- { name: 'net.ipv4.conf.default.accept_source_route', value: '0' }
- name: Configure production log levels
lineinfile:
path: /etc/rsyslog.conf
line: "*.info;mail.none;authpriv.none;cron.none /var/log/messages"
create: yes
- name: Install production monitoring
package:
name:
- auditd
- aide
state: present
- name: Configure Kubernetes Nodes
hosts: kubernetes
become: yes
tasks:
- name: Configure kubelet
template:
src: kubelet-config.yaml.j2
dest: /var/lib/kubelet/config.yaml
notify: restart kubelet
- name: Configure container runtime
template:
src: containerd-config.toml.j2
dest: /etc/containerd/config.toml
notify: restart containerd
- name: Start and enable kubelet
systemd:
name: kubelet
state: started
enabled: yes
handlers:
- name: restart kubelet
systemd:
name: kubelet
state: restarted
- name: restart containerd
systemd:
name: containerd
state: restarted
Reference in New Issue View Git Blame Copy Permalink