commit 492ab5c659332802fa63c75c50a21c9927d39325 Author: Wouter Date: Sun May 31 16:09:34 2026 +0200 Initial Ansible infrastructure setup diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ea40b03 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +.retry +*.retry +.retry +*.retry diff --git a/add-server.sh b/add-server.sh new file mode 100755 index 0000000..6d97edc --- /dev/null +++ b/add-server.sh @@ -0,0 +1,46 @@ +#!/bin/bash +set -euo pipefail + +if [ "$#" -ne 2 ]; then + echo "Gebruik: $0 " + echo "Voorbeeld: $0 backup 10.10.9.69" + exit 1 +fi + +NAME="$1" +IP="$2" +ANSIBLE_DIR="/home/wouter/infra/ansible" +INV="$ANSIBLE_DIR/inventories/lab.ini" +MAINT_KEY="$(cat /home/wouter/.ssh/id_ed25519.pub)" + +if grep -q "^$NAME " "$INV"; then + echo "FOUT: hostname bestaat al in inventory." + exit 1 +fi + +if grep -q "ansible_host=$IP" "$INV"; then + echo "FOUT: IP bestaat al in inventory." + exit 1 +fi + +echo "1. Maintenance-key plaatsen op $IP..." +ssh "wouter@$IP" "mkdir -p ~/.ssh && grep -qxF '$MAINT_KEY' ~/.ssh/authorized_keys 2>/dev/null || echo '$MAINT_KEY' >> ~/.ssh/authorized_keys && chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys" + +echo "2. Known_hosts bijwerken..." +ssh-keygen -R "$IP" >/dev/null 2>&1 || true +ssh-keyscan -H "$IP" >> /home/wouter/.ssh/known_hosts +chmod 600 /home/wouter/.ssh/known_hosts + +echo "3. Toevoegen aan inventory..." +sed -i "/^\[managed\]/a $NAME ansible_host=$IP" "$INV" + +echo "4. Hostname zetten..." +ansible "$NAME" -i "$INV" -b --ask-become-pass -m command -a "hostnamectl set-hostname $NAME" + +echo "5. Sudoers voor Ansible zetten..." +ansible "$NAME" -i "$INV" -b --ask-become-pass -m copy -a 'dest=/etc/sudoers.d/90-ansible content="wouter ALL=(ALL) NOPASSWD:ALL\n" owner=root group=root mode=0440' + +echo "6. Ping test..." +ansible "$NAME" -i "$INV" -m ping + +echo "Klaar: $NAME toegevoegd." diff --git a/inventories/lab.ini b/inventories/lab.ini new file mode 100644 index 0000000..84f8516 --- /dev/null +++ b/inventories/lab.ini @@ -0,0 +1,19 @@ +[managed] +codex-backend ansible_host=10.10.9.239 +codex-frontend ansible_host=10.10.9.234 +git ansible_host=10.10.9.232 +manager ansible_host=10.10.9.231 +automation ansible_host=10.10.9.230 +dev ansible_host=10.10.9.237 +live ansible_host=10.10.9.238 + +[maintenance_host] +maintenance ansible_host=10.10.9.236 + +[all:children] +managed +maintenance_host + +[all:vars] +ansible_user=wouter +ansible_python_interpreter=/usr/bin/python3 diff --git a/inventories/lab.ini.bak.20260531-152719 b/inventories/lab.ini.bak.20260531-152719 new file mode 100644 index 0000000..33a0a18 --- /dev/null +++ b/inventories/lab.ini.bak.20260531-152719 @@ -0,0 +1,20 @@ +[managed] +demo ansible_host=10.10.9.69 +codex-backend ansible_host=10.10.9.239 +codex-frontend ansible_host=10.10.9.234 +git ansible_host=10.10.9.232 +manager ansible_host=10.10.9.231 +automation ansible_host=10.10.9.230 +dev ansible_host=10.10.9.237 +live ansible_host=10.10.9.238 + +[maintenance_host] +maintenance ansible_host=10.10.9.236 + +[all:children] +managed +maintenance_host + +[all:vars] +ansible_user=wouter +ansible_python_interpreter=/usr/bin/python3 diff --git a/inventories/lab.ini.bak.20260531-152902 b/inventories/lab.ini.bak.20260531-152902 new file mode 100644 index 0000000..33a0a18 --- /dev/null +++ b/inventories/lab.ini.bak.20260531-152902 @@ -0,0 +1,20 @@ +[managed] +demo ansible_host=10.10.9.69 +codex-backend ansible_host=10.10.9.239 +codex-frontend ansible_host=10.10.9.234 +git ansible_host=10.10.9.232 +manager ansible_host=10.10.9.231 +automation ansible_host=10.10.9.230 +dev ansible_host=10.10.9.237 +live ansible_host=10.10.9.238 + +[maintenance_host] +maintenance ansible_host=10.10.9.236 + +[all:children] +managed +maintenance_host + +[all:vars] +ansible_user=wouter +ansible_python_interpreter=/usr/bin/python3 diff --git a/inventories/lab.ini.bak.20260531-153102 b/inventories/lab.ini.bak.20260531-153102 new file mode 100644 index 0000000..33a0a18 --- /dev/null +++ b/inventories/lab.ini.bak.20260531-153102 @@ -0,0 +1,20 @@ +[managed] +demo ansible_host=10.10.9.69 +codex-backend ansible_host=10.10.9.239 +codex-frontend ansible_host=10.10.9.234 +git ansible_host=10.10.9.232 +manager ansible_host=10.10.9.231 +automation ansible_host=10.10.9.230 +dev ansible_host=10.10.9.237 +live ansible_host=10.10.9.238 + +[maintenance_host] +maintenance ansible_host=10.10.9.236 + +[all:children] +managed +maintenance_host + +[all:vars] +ansible_user=wouter +ansible_python_interpreter=/usr/bin/python3 diff --git a/inventories/lab.ini.bak.20260531-154114 b/inventories/lab.ini.bak.20260531-154114 new file mode 100644 index 0000000..5b139ae --- /dev/null +++ b/inventories/lab.ini.bak.20260531-154114 @@ -0,0 +1,20 @@ +[managed] +demo ansible_host=10.10.9.70 +codex-backend ansible_host=10.10.9.239 +codex-frontend ansible_host=10.10.9.234 +git ansible_host=10.10.9.232 +manager ansible_host=10.10.9.231 +automation ansible_host=10.10.9.230 +dev ansible_host=10.10.9.237 +live ansible_host=10.10.9.238 + +[maintenance_host] +maintenance ansible_host=10.10.9.236 + +[all:children] +managed +maintenance_host + +[all:vars] +ansible_user=wouter +ansible_python_interpreter=/usr/bin/python3 diff --git a/playbooks/update.yml b/playbooks/update.yml new file mode 100644 index 0000000..a9be020 --- /dev/null +++ b/playbooks/update.yml @@ -0,0 +1,31 @@ +- name: Update Ubuntu servers + hosts: all + become: true + + tasks: + - name: Update apt cache + ansible.builtin.apt: + update_cache: true + cache_valid_time: 3600 + + - name: Upgrade packages + ansible.builtin.apt: + upgrade: dist + + - name: Autoremove unused packages + ansible.builtin.apt: + autoremove: true + + - name: Clean apt cache + ansible.builtin.apt: + autoclean: true + + - name: Check if reboot is required + ansible.builtin.stat: + path: /var/run/reboot-required + register: reboot_required + + - name: Show reboot required + ansible.builtin.debug: + msg: "Reboot required on {{ inventory_hostname }}" + when: reboot_required.stat.exists diff --git a/remove-server.sh b/remove-server.sh new file mode 100755 index 0000000..41eb263 --- /dev/null +++ b/remove-server.sh @@ -0,0 +1,42 @@ +#!/bin/bash +set -euo pipefail + +if [ "$#" -ne 1 ]; then + echo "Gebruik: $0 " + echo "Voorbeeld: $0 backup" + exit 1 +fi + +NAME="$1" +ANSIBLE_DIR="/home/wouter/infra/ansible" +INV="$ANSIBLE_DIR/inventories/lab.ini" +MAINT_PUBKEY="$(cat /home/wouter/.ssh/id_ed25519.pub)" + +if ! grep -q "^$NAME " "$INV"; then + echo "FOUT: hostname '$NAME' staat niet in inventory." + exit 1 +fi + +IP="$(awk -v name="$NAME" '$1 == name { for (i=1;i<=NF;i++) if ($i ~ /^ansible_host=/) { split($i,a,"="); print a[2] } }' "$INV")" + +echo "Server verwijderen: $NAME ($IP)" + +echo "1. Maintenance SSH-key verwijderen van server..." +if ssh -o BatchMode=yes -o ConnectTimeout=5 "wouter@$IP" "echo ok" >/dev/null 2>&1; then + ssh "wouter@$IP" "grep -vxF '$MAINT_PUBKEY' ~/.ssh/authorized_keys > ~/.ssh/authorized_keys.tmp && mv ~/.ssh/authorized_keys.tmp ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys" + echo "Maintenance-key verwijderd." +else + echo "WAARSCHUWING: server niet bereikbaar of key werkt niet. Inventory wordt wel opgeschoond." +fi + +echo "2. Inventory backup maken..." +cp "$INV" "$INV.bak.$(date +%Y%m%d-%H%M%S)" + +echo "3. Server uit inventory halen..." +sed -i "/^$NAME /d" "$INV" + +echo "4. Known_hosts opschonen..." +ssh-keygen -R "$IP" >/dev/null 2>&1 || true +ssh-keygen -R "$NAME" >/dev/null 2>&1 || true + +echo "Klaar: $NAME verwijderd."