Freifunk Stuttgart Ansible
Setup
Install ansible
Install ansible from your distribution or use a virtualenv and install from pip:
- Create virtualenv:
python3 -m venv my-venv-directory
- Enter virtualenv:
source my-venv-directory/bin/activate
- Install ansible:
pip install ansible
Then, install requirements from Ansible Galaxy:
LC_ALL=C.UTF-8 ansible-galaxy install -r requirements.yml
Using nix
Use nix-shell
or nix develop
to use ansible.
Update to newer nixpkgs version (check functionality and add a commit afterwards):
nix flake update
Using direnv
Run mkdir .direnv && direnv allow .
to enable direnv integration with nix flakes.
SSH Aliases
Some hosts are only reachable through a jumphost, e.g. Containers or VMs on a
proxmox. To access them, this playbook assumes you have configured an SSH alias
in your ssh_config (~/.ssh/config
) like so:
Host *.ffs03
User root
ProxyCommand ssh ffs03 -W 10.0.3.$(( $(echo %n | sed -e 's/.ffs03//') - 3000 )):22
Usage
To deploy everything everywhere:
LC_ALL=C.UTF-8 ansible-playbook -v -i inventory/ all.yml
To deploy everything on a single host
LC_ALL=C.UTF-8 ansible-playbook -v -i inventory/test --limit example.com all.yml
where example.com
denotes the hostname as defined in the inventory directory.
Roles
Users
Deploys user accounts on systems and deploys public keys.
The user database
The idea is to maintain a global user database in group_vars/all
. For each
user, we store the UID and a list of public keys there. Example entry for a
user named johndoe
with UID 1234
and a public key:
user_database:
johndoe:
uid: 1234
pubkeys:
- "ssh-rsa ... john@doe"
Creating user accounts
Note that this doesn't create the user anywhere.
You can use a host var or a group var to actually create users.
Creating accounts on hosts
To create a user on a specific host, define the variable users
in host_vars
For example adding this to host_vars/example.com/users
:
users:
- johndoe
will deploy the johndoe user as defined in the user_database
above on
example.com
.
Creating accounts on groups
This can be a bit annoying if you just want to grant a group of people
access to a bunch of hosts in a group. To grant a user access to a group of
hosts, define the variable users_group
in group_vars
.
For example adding this to group_vars/dc01
:
users_group:
- johndoe
will deploy the johndoe user as defined in the user_database
above on
all hosts in the group dc01
.
Deploying pubkeys for the root user
Pubkeys defined in the user_database
can also be deployed for the root user.
Deploying pubkeys for the root user on hosts
This is achieved by adding a user's name to the users_root
list. For example
adding this to host_vars/example.com/users
:
users_root:
- johndoe
will deploy all pubkeys defined in the user_database
for johndoe in the root
account on host `example.com.
Deploying pubkeys for the root user on groups
This is achieved by adding a user's name to the users_root_group
list. For example
adding this to group_vars/dc01
:
users_root_group:
- johndoe
will deploy all pubkeys defined in the user_database
for johndoe in the root
account on all hosts in group dc01
.
DHCP Server
We support up to 4 DHCP servers in our network. The config is generated using (FfsConfigGenerator)[https://github.com/freifunk-stuttgart/FfsConfigGenerator], which contains the IP ranges of all our segments.
The range served by a DHCP sever (the pool in kea speech) is determined by the instance number of the DHCP server. Set it in the dhcp_server_instance
variable. Valid values are 1-4.