NotificationsYou must be signed in to change notification settings
Fork4
Star0

Commitbe7f47e

authored

Merge pull request#45 from QuLogic/update

Update to Fedora 41

2 parents471195e +7f56982 commitbe7f47eCopy full SHA for be7f47e

File tree

5 files changed

+48

-16

lines changed

5 files changed

+48

-16

lines changed

`‎README.md`

Lines changed: 19 additions & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -37,10 +37,14 @@ Before you can run our Ansible playbooks, you need to meet the following`
`37`	`37`	`prerequisites:`
`38`	`38`
`39`	`39`	`* Create a DigitalOcean API token, and pass it to the inventory generator by`
`40`		- setting the`DO_API_TOKEN` environment variable.
	`40`	+ setting the`DO_API_TOKEN` environment variable. The API token must have
	`41`	`+ access to the following scopes:`
	`42`	`+- Read: droplet, firewall, monitoring, project, ssh_key`
	`43`	`+- Create: droplet`
	`44`	`+- Update: droplet, monitoring, project`
`41`	`45`	`* If you are creating a new droplet, and want to configure DNS as well, then`
`42`		`- create a CloudFlare API token, and pass it to the Ansible playbook by setting`
`43`		- the`CLOUDFLARE_TOKEN` environment variable.
	`46`	`+ create a CloudFlare API token with DNS edit permissions, and pass it to the`
	`47`	+Ansible playbook by settingthe`CLOUDFLARE_TOKEN` environment variable.
`44`	`48`	`* Set the vault decryption password of the Ansible vaulted file with our`
`45`	`49`	secrets. This may be done by setting the`ANSIBLE_VAULT_PASSWORD_FILE`
`46`	`50`	`environment variable to point to a file containing the password.`
`@@ -117,7 +121,7 @@ Initial setup`
`117`	`121`	`The summary of the initial setup is:`
`118`	`122`
`119`	`123`	`1. Create the droplet with monitoring and relevant SSH keys.`
`120`		`-2. Assign new droplet to the matplotlib.org project and the Web firewall.`
	`124`	`+2. Assign new droplet to the matplotlib.org project.`
`121`	`125`	`3. Add DNS entries pointing to the server on CloudFlare.`
`122`	`126`	`4. Grab the SSH host fingerprints.`
`123`	`127`	`5. Reboot.`
`@@ -144,7 +148,8 @@ ansible-playbook create.yml --extra-vars "host=pluto functional=web99 ssh_keys='`
`144`	`148`
`145`	`149`	`The playbook will create the server, as well as add DNS records on CloudFlare.`
`146`	`150`	Note, you must set`DO_API_TOKEN` and`CLOUDFLARE_TOKEN` in the environment to
`147`		`-access these services.`
	`151`	`+access these services. The droplet ID and IP address will be printed at the`
	`152`	`+end of the playbook.`
`148`	`153`
`149`	`154`	`Then, to ensure you are connecting to the expected server, you should grab the`
`150`	`155`	`SSH host keys via the DigitalOcean Droplet Console:`
`@@ -159,16 +164,21 @@ Note down the outputs to verify later, e.g.,`
`159`	`164`
`160`	`165`	```
`161`	`166`	`# Use these for comparison when connecting yourself.`
`162`		`-1024 SHA256:J2sbqvhI/VszBtVvPabgxyz6sRnGLrZUn0kqfv4doAM root@mercury.matplotlib.org (DSA)`
`163`		`-256 SHA256:J0rOMayXhL1+5wbm4WQNpAvmscDjqwJjAtk1SLemRMI root@mercury.matplotlib.org (ECDSA)`
`164`		`-256 SHA256:y8EDRGMpLWOW72x47MVKsAfSAl8JHjsOc/RGaiMTPGs root@mercury.matplotlib.org (ED25519)`
`165`		`-3072 SHA256:AyuNO8FES5k9vobv0Pu9XpvtjVFZ1bTTNxb1lo+AuRA root@mercury.matplotlib.org (RSA)`
	`167`	`+256 SHA256:p6MiA8+IO1WcpXHDOQ4rhiVCo+MDxWB7ehfNfxvbDkU root@venus.matplotlib.org (ECDSA)`
	`168`	`+256 SHA256:RfDahJqnQFLeFN+zl9f+hmB+W05OoZK26NfNQkj6KtY root@venus.matplotlib.org (ED25519)`
	`169`	`+3072 SHA256:tYwdULlz5/XP5Ze7PCj9XpO3VIMEZkiOiFuhr9nke34 root@venus.matplotlib.org (RSA)`
`166`	`170`	```
`167`	`171`
`168`	`172`	`Finally, you should reboot the droplet. This is due to a bug in cloud-init on`
`169`	`173`	`DigitalOcean, which generates a new machine ID after startup, causing system`
`170`	`174`	`logs to be seem invisible.`
`171`	`175`
	`176`	`+This can be done from the Console, or via the CLI:`
	`177`	`+`
	`178`	+```
	`179`	`+doctl compute droplet-action reboot <droplet-id>`
	`180`	+```
	`181`	`+`
`172`	`182`	`Running Ansible`
`173`	`183`	`---------------`
`174`	`184`

`‎collections/requirements.yml`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -2,5 +2,5 @@`
`2`	`2`	`collections:`
`3`	`3`	`-name:ansible.posix`
`4`	`4`	`-name:community.general`
`5`		`-version:">=2.0.0"`
	`5`	`+version:">=8.0.0"`
`6`	`6`	`-name:community.digitalocean`

`‎create.yml`

Lines changed: 18 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -91,9 +91,7 @@`
`91`	`91`	`community.digitalocean.digital_ocean_droplet:`
`92`	`92`	`state:present`
`93`	`93`	`name:"{{ host }}.matplotlib.org"`
`94`		`-firewall:`
`95`		`- -Web`
`96`		`-image:fedora-39-x64`
	`94`	`+image:fedora-41-x64`
`97`	`95`	`monitoring:true`
`98`	`96`	`project:matplotlib.org`
`99`	`97`	`region:tor1`
`@@ -117,6 +115,8 @@`
`117`	`115`	`map(attribute='ip_address') \|`
`118`	`116`	`first`
`119`	`117`	`}}`
	`118`	`+tags:`
	`119`	`+ -website`
`120`	`120`	`zone:matplotlib.org`
`121`	`121`
`122`	`122`	`-name:Setup functional DNS for droplet on CloudFlare`
`@@ -126,8 +126,23 @@`
`126`	`126`	`record:"{{ functional }}"`
`127`	`127`	`type:CNAME`
`128`	`128`	`value:"{{ host }}.matplotlib.org"`
	`129`	`+tags:`
	`130`	`+ -website`
`129`	`131`	`zone:matplotlib.org`
`130`	`132`
	`133`	`+ -name:Print droplet info`
	`134`	`+ansible.builtin.debug:`
	`135`	`+msg:`
	`136`	`+ -"Droplet ID is {{ new_droplet.data.droplet.id }}"`
	`137`	`+ ->-`
	`138`	`+ First Public IPv4 is {{`
	`139`	`+ (new_droplet.data.droplet.networks.v4 \| selectattr('type', 'equalto', 'public')).0.ip_address \|`
	`140`	`+ default('<none>', true) }}`
	`141`	`+ ->-`
	`142`	`+ First Private IPv4 is {{`
	`143`	`+ (new_droplet.data.droplet.networks.v4 \| selectattr('type', 'equalto', 'private')).0.ip_address \|`
	`144`	`+ default('<none>', true) }}`
	`145`	`+`
`131`	`146`	`vars:`
`132`	`147`	`# We currently name servers based on planets in the Solar System.`
`133`	`148`	`valid_planets:`

`‎files/dnf5-automatic.conf`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+[commands]`
	`2`	`+apply_updates = yes`

`‎matplotlib.org.yml`

Lines changed: 8 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@`
`45`	`45`	`-name:Install server maintenance`
`46`	`46`	`ansible.builtin.dnf:`
`47`	`47`	`name:`
`48`		`- -dnf-automatic`
	`48`	`+ -dnf5-plugin-automatic`
`49`	`49`	`-fail2ban`
`50`	`50`	`state:present`
`51`	`51`
`@@ -63,8 +63,8 @@`
`63`	`63`	`name:`
`64`	`64`	`-golang-github-prometheus`
`65`	`65`	`-golang-github-prometheus-alertmanager`
`66`		`- -golang-github-prometheus-node-exporter`
`67`	`66`	`-grafana`
	`67`	`+ -node-exporter`
`68`	`68`	`# Remove this when Loki is packaged.`
`69`	`69`	`-podman`
`70`	`70`	`state:present`
`@@ -77,9 +77,14 @@`
`77`	`77`
`78`	`78`	`# Automatic updates`
`79`	`79`	`# #################`
	`80`	`+ -name:Configure automatic updates`
	`81`	`+ansible.builtin.copy:`
	`82`	`+src:dnf5-automatic.conf`
	`83`	`+dest:/etc/dnf/dnf5-plugins/automatic.conf`
	`84`	`+`
`80`	`85`	`-name:Enable automatic updates`
`81`	`86`	`ansible.builtin.systemd:`
`82`		`-name:dnf-automatic-install.timer`
	`87`	`+name:dnf5-automatic.timer`
`83`	`88`	`enabled:true`
`84`	`89`	`state:started`
`85`	`90`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitbe7f47e

File tree

5 files changed

5 files changed

`‎README.md`

`‎collections/requirements.yml`

`‎create.yml`

`‎files/dnf5-automatic.conf`

`‎matplotlib.org.yml`

0 commit comments