Ansible Infrastructure Management

Overview

Ansible is used for automated infrastructure management across all project servers. This FDD outlines the structure, roles, and playbooks used to maintain consistent server configurations.

Status

• Basic server setup playbooks
• Common role for standard configurations
• Monitoring role for Prometheus/Grafana
• Inventory management for production servers
• Development environment playbooks
• Backup and restore procedures
• Disaster recovery playbooks

TODO

Inventory Migration

• Import and configure prod servers:

  • prod12 (138.201.82.203)
  • prod17-fsn (49.13.30.146)
  • prod18-hel (37.27.105.83)
  • prod19-hel (95.216.193.249)
  • prod24-fin (95.216.19.225)

• Import and configure dev servers:

  • dev8 (5.161.52.126)
  • dev20-usa (5.78.78.186) # Amnezia VPN
  • dev21-hel (37.27.88.96)
  • dev22-hel (37.27.203.171) # Amnezia VPN
  • dev23-fsn (49.12.240.7) # Amnezia VPN

• Import and configure laptops:

  • kuu
  • armbian
  • redmi
  • devmate

Migration Steps for Each Server

1. Add to appropriate inventory group
2. Configure SSH key access
3. Run basic server setup
4. Install monitoring stack
5. Verify configuration
6. Document server-specific roles

Components

Directory Structure

ansible/
├── inventories/
│   └── production/
│       └── inventory.ini
├── playbooks/
│   ├── site.yml
│   ├── server-setup.yml
│   ├── monitoring.yml
│   └── cockpit.yml
└── roles/
    ├── common/
    │   └── tasks/
    │       └── main.yml
    └── monitoring/
        └── tasks/
            └── main.yml

Server Groups

• [desktops]: Development machines with GPU support
• [laptops]: Developer workstations
• [servers]: Production servers
• [gpu_hosts]: Machines with GPU capabilities
• [monitoring_servers]: Servers running monitoring stack
• [development_machines]: Local development environments
• [production_servers]: Production deployment targets

Technical Implementation

Common Role

The common role provides base configuration for all servers:

• User setup with sudo privileges
• Essential packages installation
• UFW firewall configuration
• Standard directory structure
• Git and shell environment setup

Monitoring Role

Handles installation and configuration of:

• Prometheus for metrics collection
• Grafana for visualization
• Node exporter for system metrics
• Custom exporters as needed

Server Setup

Basic server provisioning includes:

• System package updates
• Security configurations
• Essential services installation
• Network setup

Configuration

Inventory Management

• Production inventory in inventories/production/inventory.ini
• Server groups defined by functionality
• Host-specific variables when needed
• Common variables in [all:vars] section

SSH Access

• Key-based authentication required
• Passwordless sudo for dev user
• UFW configured to allow SSH

Security Measures

• UFW enabled by default
• SSH key authentication only
• Fail2ban for brute force protection
• Regular system updates

Development Guidelines

Adding New Servers

1. Add server to appropriate group in inventory
2. Configure SSH key access
3. Run site.yml playbook
4. Verify configuration

Creating New Roles

1. Use ansible-galaxy init for structure
2. Follow existing role patterns
3. Document in this FDD
4. Test on development servers first

Playbook Development

1. Start with existing playbooks as templates
2. Use --check mode for testing
3. Document all variables
4. Include clear task names

Best Practices

• Use tags for selective execution
• Keep tasks idempotent
• Document all changes
• Test before production deployment

NEXT_TASK: Implement development environment playbooks with standardized configurations for Docker, Node.js, and development tools across all dev machines