kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-03-26 03:03:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Created SETUP.md

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-03-16 22:53:57 +01:00
parent 74edb197de
commit 3cfa69a248
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
3 changed files with 127 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,5 +1,4 @@
site.retry
*__pycache__
docs/*
!docs/.gitkeep
venv

11
README.md
View File

@ -14,17 +14,6 @@ Our intuitive interface, coupled with in-depth documentation, makes it accessibl
With CyMaIS, setting up a secure, scalable, and robust IT infrastructure is not just faster and easier, but also aligned with the best industry practices, ensuring that your organization stays ahead in the ever-evolving digital landscape.
## Vision
Our project is anchored in the vision of transforming IT infrastructure deployment into a seamless, secure, and scalable experience.
We are committed to developing a fully automated solution that enables businesses of any size and industry to set up a 100% secure and infinitely scalable IT infrastructure in just 24 hours.
Leveraging the power of Open Source, our tool not only promises to uphold the highest standards of security and adaptability but also embodies a commitment to transparency and community-driven innovation.
This is not just a step towards simplifying IT management it's a leap towards democratizing access to advanced technology, ensuring every business can quickly adapt and thrive in the digital age.
For a deeper understanding of our goals and the ethos driving our project, we invite you to explore our detailed **[Vision Statement](./VISION.md)**. Here, you'll find the cornerstone principles that guide our development process and our commitment to making a lasting impact in the realm of IT infrastructure.
## Key Benefits of CyMaIS for Your Business
**CyMaIS - Cyber Master Infrastructure Solution** revolutionizes IT infrastructure management, making it simpler, safer, and more adaptable for businesses of all sizes. Here's how it can benefit your organization:

127
SETUP.md Normal file
View File

@ -0,0 +1,127 @@
# Setup Guide
This guide explains how to deploy and manage the Cyber Master Infrastructure Solution (CyMaIS) using Ansible. CyMaIS is based on a collection of playbooks and an inventory (computer-inventory) that defines your servers and personal computers. The playbooks use different “modes” to control behavior such as updates, backups, resets, and cleanup tasks. This document outlines how to use Ansible Vault, describes the various operating modes, and shows example commands to run the playbooks.
---
## Prerequisites
- **Ansible Installed:** Ensure that Ansible is installed on your control node.
- **Inventory File:** Have an inventory file that lists your servers and PCs. (Paths in examples are general; adjust them to your environment.)
- **Vault Password File (Optional):** Prepare a file with your vault password if you prefer not to enter it interactively.
---
## Ansible Vault Basics
CyMaIS uses Ansible Vault to protect sensitive data (e.g. passwords). Use these common commands:
### Edit an Encrypted File
```bash
ansible-vault edit <filename.yml> --vault-password-file <your-vault-pass-file>
```
### Decrypt a File
```bash
ansible-vault decrypt <filename.yml> --vault-password-file <your-vault-pass-file>
```
### Encrypt a File
```bash
ansible-vault encrypt <filename.yml> --vault-password-file <your-vault-pass-file>
```
### Encrypt a String
```bash
ansible-vault encrypt_string --vault-password-file <your-vault-pass-file> 'example' --name 'test'
```
---
## Operating Modes
CyMaIS playbooks support several modes that control which tasks are executed:
- **mode_reset** (`true`/`false`):
When enabled, cleans up all CyMaIS-related files. Use this mode when you need to reinitialize the system completely. _Note: Run the full playbook when using reset mode._
- **mode_test** (`true`/`false`):
Executes test routines instead of production routines. Useful for staging or validation.
- **mode_update** (`true`/`false`):
Enables update tasks to upgrade packages and Docker images. Set to `false` if you want to skip updates.
- **mode_backup** (`true`/`false`):
Activates backup procedures before applying updates. This ensures your data is backed up prior to any changes.
- **mode_cleanup** (`true`/`false`):
Performs cleanup of unused files and configurations (e.g., removing obsolete certificates or Docker volumes).
These modes are defined in your group variables (e.g., in a file like `group_vars/all/01_modes.yml`) and can be overridden via extra variables when running playbooks.
---
## Deploying on Servers
To deploy CyMaIS on your servers, use an Ansible playbook that targets your server inventory. Below are some example commands:
### Configure All Servers
```bash
ansible-playbook -i /path/to/your/inventory/servers.yml /path/to/cymais/playbook.servers.yml --ask-vault-pass
```
### Configure a Specific Server
For example, to target a server named `galaxyserver`:
```bash
ansible-playbook -i /path/to/your/inventory/servers.tmp /path/to/cymais/playbook.servers.yml --limit galaxyserver --ask-vault-pass
```
### Run in Temporary Mode Without Update
```bash
ansible-playbook -i /path/to/your/inventory/servers.tmp /path/to/cymais/playbook.servers.yml --limit galaxyserver -e "mode_update=false" --ask-vault-pass
```
### Run Without Update and Backup
```bash
ansible-playbook -i /path/to/your/inventory/servers.tmp /path/to/cymais/playbook.servers.yml --limit galaxyserver -e "mode_update=false" -e "mode_backup=false" --ask-vault-pass
```
### Run with Cleanup and Debug (Using a Vault Password File)
```bash
ansible-playbook -i /path/to/your/inventory/servers.tmp /path/to/cymais/playbook.servers.yml --limit galaxyserver -e "mode_update=false" -e "mode_backup=false" -e "mode_cleanup=true" -e "enable_debug=true" -v --vault-password-file /path/to/your/vault_pass.txt
```
---
## Using a Vault Password File
To avoid entering your vault password interactively every time, use the `--vault-password-file` option:
```bash
--vault-password-file /path/to/your/vault_pass.txt
```
Ensure the vault password file is stored securely.
---
## Password Generation
You can generate a secure random password and encrypt it with Ansible Vault. For example:
```bash
ansible-vault encrypt_string "$(cat /dev/urandom | tr -dc 'A-Za-z0-9' | head -c 32)" --vault-password-file /path/to/your/vault_pass.txt | xclip -selection clipboard
```
This command generates a 32-character alphanumeric password, encrypts it, and copies the result to your clipboard.
---
## Final Notes
- **Customizing Paths and Variables:**
All file paths and configuration variables are defined in group variables (e.g., `group_vars/all/*.yml`) and role variable files. Adjust these to suit your deployment environment.
- **Combining Modes:**
The different modes (reset, test, update, backup, cleanup) can be combined by passing extra variables (using `-e`) on the command line. This flexibility allows you to tailor the playbook run to your current needs.
- **Debugging:**
If you need more verbose output or troubleshooting information, add the `-v` (or `-vvv`) option when running the playbook.
This guide should give you a comprehensive starting point for managing your infrastructure with CyMaIS. For further details, consult the individual role documentation and the accompanying repository README files.