paskao
b986762f49
Add mail test
|
8 years ago | |
|---|---|---|
| group_vars | 8 years ago | |
| library | 8 years ago | |
| local_actions | 8 years ago | |
| plays | 8 years ago | |
| roles | 8 years ago | |
| tests | 8 years ago | |
| .gitignore | 8 years ago | |
| README.md | 8 years ago | |
| VERSION | 8 years ago | |
| setup.yml | 8 years ago | |
| test.yml | 8 years ago |
README.md
ERRE
This is just an experiment in alpha version, so be careful when you use it.
This tool is aims to deploy and manage a server network distributed around different geographic areas. Each server is conneted to the others with a Tinc VPN over Tor Hidden Service.
In this kind of infrastructure there are 3 types of nodes:
- frontends
- backends
- storages
Frontends
Frontends are the public nodes of the network. They load balance the users traffic over the backends. Here isn't stored the users data.
Backends
Backends are the core nodes, on which the users services run. Here is stored the users data and the users traffic is encrypted at this level.
Storages
Storages are in charge to store the backup data.
The network
There are 3 kinds of network rings:
- Frontend-Backends (fb): connect a frontend with all the backends.
- Backends-Backends (bb): connect all backends.
- Backend-Storage (bs): connect backends with the storages.
Simple schema:
------------ ------------
| frontend | | frontend |
------------ ------------
| |
|___________________|___________
| | | |
| ____________ |___|_______ |
| | | | | |
----------- ----------- -----------
| backend |<--->| backend |<--->| backend |
----------- ----------- -----------
| | |
| | |
|_______________|______________|
| |
----------- -----------
| storage | | storage |
----------- -----------
User services
Actually are implemented the following user services:
- XMPP (with ejabberd)
- POP/IMAP (with dovecot)
- SMTP (with postfix)
System services
Actually are implemented the following system services:
- NTP, to sync servers date
- Tor Hidden Service, to create an hidden communication between nodes
- Tinc, to create the encrypted VPNs around nodes
- OpenLDAP, to store user authentication data
- nss-pam-ldap, to authenticate the ldap users as pam
- Ejabberd, to serve the XMPP service to users
- Postfix, to serve the SMTP service
- Dovecot, to server POP/IMAP service
Usage
Installation
$ virtualenv venv --no-site-packages
$ source venv/bin/activate
$ pip install ansible
Ansible configuration
Supposing you cloned this repository into /opt/erre/ you must create the /opt/erre/ansible.cfg file with this content:
[defaults]
roles_path = /opt/erre/roles/
library = /opt/erre/library/
General configuration
Inside the groups_var/all file there are the main variables. The data_path variable is the directory where ansible will store the generated data, like passwords and cryptography keys.
Inventory configuration
Each server network you want manage with this tool needs its inventory file. You can put it in the inventories directory and should contains this kind of configuration:
$ cat inventory/example
f1 ansible_user=root ansible_host=f1.mydomain.org ansible_port=22 public_ip=1.1.1.1
f2 ansible_user=root ansible_host=f2.mydomain.org ansible_port=22 public_ip=1.1.1.2
b1 ansible_user=root ansible_host=b1.mydomain.org ansible_port=22
b2 ansible_user=root ansible_host=b2.mydomain.org ansible_port=22
s1 ansible_user=root ansible_host=s1.mydomain.org ansible_port=22
s2 ansible_user=root ansible_host=s2.mydomain.org ansible_port=22
[frontend]
f1
f2
[backend]
b1
b2
[backend_xmpp]
b1
[storage]
s1
s2
Install
To run the installation of the network, just type the following command:
$ ansible-playbook -i inventories/example setup.yml
When installation ends, you'll find passwords and some other data generated by ansible in the data_path directory.
Tests
Internal ping
This test checks if each node can ping the others nodes on the VPN rings. You should run the test in this way:
$ ansible-playbook -i inventories/example tests/networking/internal-ping.yml