Skip to main content

Ansible ARA

ARA Setup

Ara wird über Docker-Compose aufgesetzt:

ara.compose:
version: "3"

services:
  server:
    image: recordsansible/ara-api
    container_name: ara-srv
    restart: always
    networks:
      - ara-srv
    volumes:
      - /srv/ara/:/opt/ara/
    ports:
      - "8001:8000"

networks:
    ara-srv:
        ipam:
            config:
                - subnet: 172.20.110.0/24

ARA Settings

/srv/ara/settings.yml:
DATABASE_ENGINE: 'django.db.backends.mysql'
DATABASE_NAME: 'ara'
DATABASE_USER: 'ara'
DATABASE_PASSWORD: '[REDACTED]'
DATABASE_HOST: 192.168.2.70

default:
  ALLOWED_HOSTS:
    - 127.0.0.1
    - ::1
    - localhost
    - ara.krumel.moe

Reverse Proxy Setup:

/etc/nginx/sites-available/ara.conf:
[..]
    auth_basic "";
    auth_basic_user_file /etc/nginx/htpasswd/htpasswd_ara;

    location / {
      proxy_pass http://localhost:8001/;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header Authorization "";
      proxy_set_header X-Forwarded-User $remote_user;
    }
[..]

Ansible Setup

Initialsetup:

# im Homeverzeichnis von dediziertem Ansible-User
python3 -m venv venv
source venv/bin/activate
pip3 ansible ara
git clone git@gitea.krumel.moe:krumel/ansible.git
# von außen gitea.krumel.moe:4567
init.sh:
#!/bin/bash
source ~/venv/bin/activate

# Configure Ansible to know where ARA's callback plugin is located
export ANSIBLE_CALLBACK_PLUGINS=$(python3 -m ara.setup.callback_plugins)

# Set up the ARA callback to know where the API server is
export ARA_API_CLIENT=http
export ARA_API_SERVER="http://127.0.0.1:8001"
# Extern
#export ARA_API_CLIENT=https
#export ARA_API_SERVER="https://ara.krumel.moe"

# Extern mit Auth
#export ARA_API_USERNAME=user
#export ARA_APU_PASSWORD=password

Ara-Optionen können auch in ansible.cfg konfiguriert werden, aber da diese unterschiedlich von Host zu Host sind, macht es mehr Sinn diese in ENV zu definieren.

Playbooks über Cron

crontab -e:
# zuerst init.sh ausführen, dann ansible-playbook *im* Ansible-Verzeichnis ausführen
# (damit ansible.cfg usw. gefunden wird)
# wenn die playbooks über ara aufgenommen werden, kann stdout auch nach /dev/null redirected werden
0 3 * * 5 ~/./init.sh && d ~/ansible && ansible-playbook playbooks/rpi_patches.yml
Back to top