Initial Ansible infrastructure setup

2026-05-31 16:09:34 +02:00 · 2026-05-31 16:09:34 +02:00 · 492ab5c659
commit 492ab5c659
9 changed files with 222 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,4 @@
+.retry
+*.retry
+.retry
+*.retry
--- a/add-server.sh
+++ b/add-server.sh
@ -0,0 +1,46 @@
+#!/bin/bash
+set -euo pipefail
+
+if [ "$#" -ne 2 ]; then
+  echo "Gebruik: $0 <hostname> <ip>"
+  echo "Voorbeeld: $0 backup 10.10.9.69"
+  exit 1
+fi
+
+NAME="$1"
+IP="$2"
+ANSIBLE_DIR="/home/wouter/infra/ansible"
+INV="$ANSIBLE_DIR/inventories/lab.ini"
+MAINT_KEY="$(cat /home/wouter/.ssh/id_ed25519.pub)"
+
+if grep -q "^$NAME " "$INV"; then
+  echo "FOUT: hostname bestaat al in inventory."
+  exit 1
+fi
+
+if grep -q "ansible_host=$IP" "$INV"; then
+  echo "FOUT: IP bestaat al in inventory."
+  exit 1
+fi
+
+echo "1. Maintenance-key plaatsen op $IP..."
+ssh "wouter@$IP" "mkdir -p ~/.ssh && grep -qxF '$MAINT_KEY' ~/.ssh/authorized_keys 2>/dev/null || echo '$MAINT_KEY' >> ~/.ssh/authorized_keys && chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys"
+
+echo "2. Known_hosts bijwerken..."
+ssh-keygen -R "$IP" >/dev/null 2>&1 || true
+ssh-keyscan -H "$IP" >> /home/wouter/.ssh/known_hosts
+chmod 600 /home/wouter/.ssh/known_hosts
+
+echo "3. Toevoegen aan inventory..."
+sed -i "/^\[managed\]/a $NAME ansible_host=$IP" "$INV"
+
+echo "4. Hostname zetten..."
+ansible "$NAME" -i "$INV" -b --ask-become-pass -m command -a "hostnamectl set-hostname $NAME"
+
+echo "5. Sudoers voor Ansible zetten..."
+ansible "$NAME" -i "$INV" -b --ask-become-pass -m copy -a 'dest=/etc/sudoers.d/90-ansible content="wouter ALL=(ALL) NOPASSWD:ALL\n" owner=root group=root mode=0440'
+
+echo "6. Ping test..."
+ansible "$NAME" -i "$INV" -m ping
+
+echo "Klaar: $NAME toegevoegd."
--- a/inventories/lab.ini
+++ b/inventories/lab.ini
@ -0,0 +1,19 @@
+[managed]
+codex-backend ansible_host=10.10.9.239
+codex-frontend ansible_host=10.10.9.234
+git ansible_host=10.10.9.232
+manager ansible_host=10.10.9.231
+automation ansible_host=10.10.9.230
+dev ansible_host=10.10.9.237
+live ansible_host=10.10.9.238
+
+[maintenance_host]
+maintenance ansible_host=10.10.9.236
+
+[all:children]
+managed
+maintenance_host
+
+[all:vars]
+ansible_user=wouter
+ansible_python_interpreter=/usr/bin/python3
--- a/inventories/lab.ini.bak.20260531-152719
+++ b/inventories/lab.ini.bak.20260531-152719
@ -0,0 +1,20 @@
+[managed]
+demo ansible_host=10.10.9.69
+codex-backend ansible_host=10.10.9.239
+codex-frontend ansible_host=10.10.9.234
+git ansible_host=10.10.9.232
+manager ansible_host=10.10.9.231
+automation ansible_host=10.10.9.230
+dev ansible_host=10.10.9.237
+live ansible_host=10.10.9.238
+
+[maintenance_host]
+maintenance ansible_host=10.10.9.236
+
+[all:children]
+managed
+maintenance_host
+
+[all:vars]
+ansible_user=wouter
+ansible_python_interpreter=/usr/bin/python3
--- a/inventories/lab.ini.bak.20260531-152902
+++ b/inventories/lab.ini.bak.20260531-152902
@ -0,0 +1,20 @@
+[managed]
+demo ansible_host=10.10.9.69
+codex-backend ansible_host=10.10.9.239
+codex-frontend ansible_host=10.10.9.234
+git ansible_host=10.10.9.232
+manager ansible_host=10.10.9.231
+automation ansible_host=10.10.9.230
+dev ansible_host=10.10.9.237
+live ansible_host=10.10.9.238
+
+[maintenance_host]
+maintenance ansible_host=10.10.9.236
+
+[all:children]
+managed
+maintenance_host
+
+[all:vars]
+ansible_user=wouter
+ansible_python_interpreter=/usr/bin/python3
--- a/inventories/lab.ini.bak.20260531-153102
+++ b/inventories/lab.ini.bak.20260531-153102
@ -0,0 +1,20 @@
+[managed]
+demo ansible_host=10.10.9.69
+codex-backend ansible_host=10.10.9.239
+codex-frontend ansible_host=10.10.9.234
+git ansible_host=10.10.9.232
+manager ansible_host=10.10.9.231
+automation ansible_host=10.10.9.230
+dev ansible_host=10.10.9.237
+live ansible_host=10.10.9.238
+
+[maintenance_host]
+maintenance ansible_host=10.10.9.236
+
+[all:children]
+managed
+maintenance_host
+
+[all:vars]
+ansible_user=wouter
+ansible_python_interpreter=/usr/bin/python3
--- a/inventories/lab.ini.bak.20260531-154114
+++ b/inventories/lab.ini.bak.20260531-154114
@ -0,0 +1,20 @@
+[managed]
+demo ansible_host=10.10.9.70
+codex-backend ansible_host=10.10.9.239
+codex-frontend ansible_host=10.10.9.234
+git ansible_host=10.10.9.232
+manager ansible_host=10.10.9.231
+automation ansible_host=10.10.9.230
+dev ansible_host=10.10.9.237
+live ansible_host=10.10.9.238
+
+[maintenance_host]
+maintenance ansible_host=10.10.9.236
+
+[all:children]
+managed
+maintenance_host
+
+[all:vars]
+ansible_user=wouter
+ansible_python_interpreter=/usr/bin/python3
--- a/playbooks/update.yml
+++ b/playbooks/update.yml
@ -0,0 +1,31 @@
+- name: Update Ubuntu servers
+  hosts: all
+  become: true
+
+  tasks:
+    - name: Update apt cache
+      ansible.builtin.apt:
+        update_cache: true
+        cache_valid_time: 3600
+
+    - name: Upgrade packages
+      ansible.builtin.apt:
+        upgrade: dist
+
+    - name: Autoremove unused packages
+      ansible.builtin.apt:
+        autoremove: true
+
+    - name: Clean apt cache
+      ansible.builtin.apt:
+        autoclean: true
+
+    - name: Check if reboot is required
+      ansible.builtin.stat:
+        path: /var/run/reboot-required
+      register: reboot_required
+
+    - name: Show reboot required
+      ansible.builtin.debug:
+        msg: "Reboot required on {{ inventory_hostname }}"
+      when: reboot_required.stat.exists
--- a/remove-server.sh
+++ b/remove-server.sh
@ -0,0 +1,42 @@
+#!/bin/bash
+set -euo pipefail
+
+if [ "$#" -ne 1 ]; then
+  echo "Gebruik: $0 <hostname>"
+  echo "Voorbeeld: $0 backup"
+  exit 1
+fi
+
+NAME="$1"
+ANSIBLE_DIR="/home/wouter/infra/ansible"
+INV="$ANSIBLE_DIR/inventories/lab.ini"
+MAINT_PUBKEY="$(cat /home/wouter/.ssh/id_ed25519.pub)"
+
+if ! grep -q "^$NAME " "$INV"; then
+  echo "FOUT: hostname '$NAME' staat niet in inventory."
+  exit 1
+fi
+
+IP="$(awk -v name="$NAME" '$1 == name { for (i=1;i<=NF;i++) if ($i ~ /^ansible_host=/) { split($i,a,"="); print a[2] } }' "$INV")"
+
+echo "Server verwijderen: $NAME ($IP)"
+
+echo "1. Maintenance SSH-key verwijderen van server..."
+if ssh -o BatchMode=yes -o ConnectTimeout=5 "wouter@$IP" "echo ok" >/dev/null 2>&1; then
+  ssh "wouter@$IP" "grep -vxF '$MAINT_PUBKEY' ~/.ssh/authorized_keys > ~/.ssh/authorized_keys.tmp && mv ~/.ssh/authorized_keys.tmp ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
+  echo "Maintenance-key verwijderd."
+else
+  echo "WAARSCHUWING: server niet bereikbaar of key werkt niet. Inventory wordt wel opgeschoond."
+fi
+
+echo "2. Inventory backup maken..."
+cp "$INV" "$INV.bak.$(date +%Y%m%d-%H%M%S)"
+
+echo "3. Server uit inventory halen..."
+sed -i "/^$NAME /d" "$INV"
+
+echo "4. Known_hosts opschonen..."
+ssh-keygen -R "$IP" >/dev/null 2>&1 || true
+ssh-keygen -R "$NAME" >/dev/null 2>&1 || true
+
+echo "Klaar: $NAME verwijderd."