scip/bsdnix
1
0
Fork 0
Code Issues Pull Requests Activity
12 Commits 1 Branch 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

Ansible roles and playbook to maintain bsdnix.de

Prepare hetzner cloud

In order to be able to deploy freebsd vps' on Hetzner cloud you need to do:

  • first create a vps with debian
  • from there install freebsd using mfs method (uncle google will tell you)
  • update the freebsd system
  • install python and https://github.com/paulc/hcloud-freebsd
  • enable hcloud-freebsd
  • /etc/rc.conf shall not contain a hostname or ip config, hcloud-freebsd will add it. Even ipv6 only works, since the script grabs the server vars from 169.254.169.254, which will be reachable even if the server has no public ipv4 ip
  • cleanup history, logs, etc
  • shutdown the vps
  • create a snapshot, name it visely, I name mine like: FreeBSD-14.1-RELEASE-hcloud-init
  • delete the builder vps
  • update the snapshot name in group_vars/all/all.yaml

Then you can deploy new freebsd vps' using this snapshot. They'll come up, configure themselves to be reachable.

The create.yaml playbook will create a new vps if it doesn't exist yet and the deploy.yaml playbook will then use the hetzner cloud dynamic inventory to discover your vps.

Setup ansible

  • Create group_vars/all/vars.yaml with this content:

    hetzner_cloud_token: <YOUR-HETZNER-HCLOUD-TOKEN>

  • Create a file containing some generated password: pwgen -ys 32 1 > ~/.config/ansible/hcloud.secret

  • Encrypt the vars file: ansible-vault encrypt group_vars/all/vars.yaml

Now the hetzner ansible plugin is able to call hcloud with the appropriate token, no need to enter it manually anymore. Also, while the yaml file containing the token might be part of your public repo, it is a ansible vauld, properly encrypted and the key stays local on your work machine.

The token is then being used as an environment variable setup in the Makefile.

To use

  • make: create a new VPS and configure it

  • make create: create a new VPS and auxillary services

  • make deploy: configure the VPS

  • make clean: remove the shell VPC. Do not do this with the production instance!

To make the output more verbose, add verbose=N to the target, e.g.: make depoy verbose=2 where N is the verbosity level (0-4)

If you want to execute only a subset of a playbook, remove the active tag from it.

Updating

(not yet completely determined!)

  • create a new release snapshot as outlined above
  • add a new vps to the local inventory (inventory/vps.yaml)
  • run make
  • remove the old vps

or: just call freebsd-update - however, if you ever need to rebuild the vps, then it will come up with the - then - old release. So, better rebuild from scratch to update.

Deleting

CAUTION the cleanup.yaml playbook removes ALL running vps instances! Better use the hcloud cli to do this. The cleanup playbook just exists to make development of the deployment easier so that I don't need to pay for an non-ready instance running while I'm not working on it.

Description
bsdnix.de deployment repo
Readme 215 KiB
Languages
Shell 33.2%
Emacs Lisp 33%
Jinja 21.6%
Vim Script 7%
Makefile 5.2%