Cet article présente la manière dont nous avons mis ça en œuvre, concrètement, sur nos serveurs, afin d'exploiter au maximum les possibilités d'automatisation fournies par le protocole de Let's Encrypt : ACME.
Rôle Ansible de l'article :
https://github.com/Sysnove/letsencrypt-client
These are my personal ansible roles. I share with joy, and comments are welcome, but I don't intend to make them generic nor perfect for everybody use. They suit my needs. Oh, and they all are using Debian systems.
For my current project we have Ansible deploy scripts for our handful of services to a set of development servers. This has generally worked well, but occasionally we need to SSH directly to the server to debug an issue. Ideally I'd like to SSH to a server via it's Ansible hostname rather than having to look up its IP or machine name.
Use this Ansible role with Tahoe-lafs - Least Authoratative Filesystem https://tahoe-lafs.org/trac/tahoe-lafs
This ansible role can help you reduce the complexity to a single command for deploying one or more Tahoe-LAFS storage servers, introducers and clients.
Disclaimer
There are probably bugs. This Ansible role is designed to be used with Tor and Tahoe-LAFS. It is possible it could also be used to configure Tahoe-LAFS grids without Tor... however this isn't how I use Tahoe-LAFS, so I only tested it with Tor (torsocks + Tor Hidden Services).
Ceph is a unified, distributed storage system designed for excellent performance, reliability and scalability.
http://ceph.com/docs/master/start/quick-rbd/
https://github.com/ceph/ceph-ansible
http://docs.ceph.com/docs/master/start/quick-ceph-deploy/
On November 11, 2014 Mozilla announced the Polaris Privacy Initiative. One key part of the initiative is us supporting the tor network by deploying tor middle relay nodes. On January 15, 2015 our first proof of concept (POC) went live.
TL;DR; here are our tor relays: https://globe.torproject.org/#/search/query=mozilla
DebOps is a collection of Ansible playbooks and roles which can create and maintain Debian-based Linux infrastructure, scalable from one virtual machine to an entire data center.
For now, you can hang out with the developers on IRC: #debops @ irc.FreeNode.net.
Github: https://github.com/debops
Ansible galaxy: https://galaxy.ansible.com/list#/users/6081
In this article, I talk mostly about Shell Scripts as the enemy. However, in practice, there are much worse offenders like not using any kind of script or not even having a checklist or any documentation whatsoever. // en contre point : http://fuckingshellscripts.org/
Meet Ansible, a system orchestration tool. It has no dependencies other than python and ssh. It doesn’t require any agents to be set up on the remote hosts and it doesn’t leave any traces after it runs either. What’s more, it comes with an extensive, built-in library of modules for controlling everything from package managers to cloud providers, to databases and everything else in between. If you’ve spent more time writing cookbooks rather than using them, Ansible will be your cure.
Meet Docker, a utility for creating virtualized Linux containers for shipping self-contained applications. As opposed to a traditional VM which runs a full-blown operating system on top of the host, Docker leverages LinuX Containers (LXC) which run in the same kernel, no hypervisor overhead. This results in a more efficient usage of system resource by trading some of the isolation specific to hypervisors.
Underwear is a library for easily deploying any Python-powered web application to one or more Linux servers. Underwear is configurable by a YAML template and takes care of installing packages, configuring web/WSGI servers, and securing the server.
What Problem Does Underwear Solve?
Despite the advent of configuration management tools such as Puppet, Chef, Ansible, and Salt, it remains difficult to deploy a web application because you have to first learn one of those tools and then write scripts in the tool’s domain-specific language.
Underwear makes deploying to a traditional Linux server stack as easy as deploying to Heroku by providing a pre-packaged, easily configurable library. Deployments can be executed simply by installing Underwear with pip, specifying the IP addresses of the server(s) to deploy to, then running a couple of commands.