Home

ChicagoLUG Meeting Notes

Base Ansible Repository on Github https://github.com/chicagolug/chicagolug-ansible

git clone https://github.com/chicagolug/chicagolug-ansible.git cd chicagolug-ansible && git fetch

List of Ansible Modules

http://docs.ansible.com/ansible/latest/modules/list_of_all_modules.html

command module: http://docs.ansible.com/ansible/latest/modules/command_module.html

git module: http://docs.ansible.com/ansible/latest/modules/git_module.html#git

ChicagoLUG website repository https://github.com/chicagolug/chicagolug-hugo

Roles can go in the "roles" directory, for example: roles/ssh-setup roles/nginx-setup . . . etc

Rackspace cloud URL: https://mycloud.rackspace.com

wget https://github.com/gohugoio/hugo/releases/download/v0.38.1/hugo_0.38.1_Linux-64bit.tar.gz

tar xvf hugo_0.38.1_Linux-64bit.tar.gz

sudo cp -av hugo /usr/local/bin/hugo

tutorial: https://serversforhackers.com/c/an-ansible2-tutorial

+++ ansible.cfg - common defaults I like to use +++

[defaults] retry_files_enabled = False host_key_checking = False

# pretty print in verbose mode stdout_callback = debug # metrics for ansible runs callback_whitelist = timer, profile_tasks

[ssh_connection] pipelining = True control_path = ~/.ansible/cp/ansible-ssh-%%h-%%p-%%r ssh_args = -o RequestTTY=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ControlMaster=auto -o ControlPersist=60s

+++ Lets Encrypt Notes +++ https://letsencrypt.org/how-it-works/

select means to interface and manage
- Domain Validation: use web resource or dns record
- ansible module or a client ... what's the difference... why 1 or the other
- no actual plugin for nginx... nginx + certbot (has a plugin to config nginx) [email protected]
setup
- install nginx, have config
- install certbot ... (works for centos 7 too) https://certbot.eff.org/lets-encrypt/centos6-nginx
- configure
  - email address (urgent renewals and security notices)
cert renewal
- cron
- other ?
default nginx instance
test domain

Our current Nginx Configs are here: https://github.com/chicagolug/chicagolug-nginx (that's our entire /etc/nginx directory)

Basing ssh configuration of this repo in the chicagolug github org: https://github.com/chicagolug/ansible-ssh-hardening

Use chef inventory for ansible https://tjheeta.github.io/2015/01/18/ansible-chef-inventory/

Discourse status:

need mailgun credentials DONE
need a place to run docker DONE
need DNS records for wherever we want to run the server DONE

WARNING: Discourse requires at least 2GB of swap when running with 2GB of RAM or less. This system does not appear to have sufficient swap space.

discourse server shell dump: # yum install git -y # yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo # yum install docker-ce # systemctl enable docker; systemctl start docker

`# mkdir /var/discourse`

`# git clone https://github.com/discourse/discourse_docker.git /var/discourse`

`# cd /var/discourse`

`# ./discourse-setup`

Setup output:

`Hostname      : discourse.chicagolug.org`

`Email         : [email protected],[email protected]`

`SMTP address  : smtp.mailgun.org`

`SMTP port     : 587`

`SMTP username : chicagolug`

`SMTP password : <mailgun passwd>`

`Let's Encrypt : [email protected]`

Waiting on DNS to update... made an A record discourse.chicagolug.org -> 192.237.167.25..

Am not using let's encrypt because DNS is slow - we can add this later ?

# firewall-cmd --zone=public --add-port=80/tcp # firewall-cmd --zone=public --add-port=443/tcp

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Home

ChicagoLUG Meeting Notes

Clone this wiki locally