paskao b986762f49 Add mail test | 8 years ago | |
---|---|---|
group_vars | 8 years ago | |
library | 8 years ago | |
local_actions | 8 years ago | |
plays | 8 years ago | |
roles | 8 years ago | |
tests | 8 years ago | |
.gitignore | 8 years ago | |
README.md | 8 years ago | |
VERSION | 8 years ago | |
setup.yml | 8 years ago | |
test.yml | 8 years ago |
This is just an experiment in alpha version, so be careful when you use it.
This tool is aims to deploy and manage a server network distributed around different geographic areas. Each server is conneted to the others with a Tinc VPN over Tor Hidden Service.
In this kind of infrastructure there are 3 types of nodes:
Frontends are the public nodes of the network. They load balance the users traffic over the backends. Here isn't stored the users data.
Backends are the core nodes, on which the users services run. Here is stored the users data and the users traffic is encrypted at this level.
Storages are in charge to store the backup data.
There are 3 kinds of network rings:
Simple schema:
------------ ------------
| frontend | | frontend |
------------ ------------
| |
|___________________|___________
| | | |
| ____________ |___|_______ |
| | | | | |
----------- ----------- -----------
| backend |<--->| backend |<--->| backend |
----------- ----------- -----------
| | |
| | |
|_______________|______________|
| |
----------- -----------
| storage | | storage |
----------- -----------
Actually are implemented the following user services:
Actually are implemented the following system services:
$ virtualenv venv --no-site-packages
$ source venv/bin/activate
$ pip install ansible
Supposing you cloned this repository into /opt/erre/ you must create the /opt/erre/ansible.cfg file with this content:
[defaults]
roles_path = /opt/erre/roles/
library = /opt/erre/library/
Inside the groups_var/all file there are the main variables. The data_path variable is the directory where ansible will store the generated data, like passwords and cryptography keys.
Each server network you want manage with this tool needs its inventory file. You can put it in the inventories directory and should contains this kind of configuration:
$ cat inventory/example
f1 ansible_user=root ansible_host=f1.mydomain.org ansible_port=22 public_ip=1.1.1.1
f2 ansible_user=root ansible_host=f2.mydomain.org ansible_port=22 public_ip=1.1.1.2
b1 ansible_user=root ansible_host=b1.mydomain.org ansible_port=22
b2 ansible_user=root ansible_host=b2.mydomain.org ansible_port=22
s1 ansible_user=root ansible_host=s1.mydomain.org ansible_port=22
s2 ansible_user=root ansible_host=s2.mydomain.org ansible_port=22
[frontend]
f1
f2
[backend]
b1
b2
[backend_xmpp]
b1
[storage]
s1
s2
To run the installation of the network, just type the following command:
$ ansible-playbook -i inventories/example setup.yml
When installation ends, you'll find passwords and some other data generated by ansible in the data_path directory.
This test checks if each node can ping the others nodes on the VPN rings. You should run the test in this way:
$ ansible-playbook -i inventories/example tests/networking/internal-ping.yml