senke/talas-group
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
talas-group/04_INFRA_DEPLOIEMENT/Notes_Operations/deploy_padeia_ansible_commandes.txt
senke 66471934af Initial commit: Talas Group project management & documentation 
Knowledge base of ~80+ markdown files across 14 domains (00-13),
Logseq graph, hardware design files (KiCAD), infrastructure configs,
and talas-wiki static site.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 20:10:41 +02:00

153 lines
3.3 KiB
Text
Raw Permalink Blame History

pad-db-1 --> ansible-playbook playbooks/postgres.yml -i inventories/hosting/inventory --limit pad-db-1
ansible-playbook playbooks/haproxy.yml -i inventories/hosting/inventory --limit pad-rp-1
---
# file: host_vars/pad-rp-2/public
# settings for haproxy
haproxy_letsencrypt: true
haproxy_coraza: true
haproxy_tls_profile: "modern"
haproxy_https_monitoring:
- padeia.neox-it.net
haproxy_backend:
- name: "padeia-app"
server:
- name: "pad-app-1"
fqdn: "pad-app-1.p.neox-it.cloud"
port: "8080"
haproxy_frontend:
default_backend: "padeia-app"
79 - common_name: "padeia.neox-it.net"
# END WEBHOSTING
En tentant d'installer HAProxy avec Coraza sur pad-rp-1, deux problèmes se sont posés :
- Le rôle Coraza n'est pas fonctionnel, j'ai créé une PR pour corriger ça (référence à l'ancien ticket IT-14817)
- Le domaine temporaire "padeia.neox-it.net" ne fait pas partie des entrées DNS publiques, une PR été créée pour ça (ticket IT-15199)
- location: "padeia.neox-it.net"
uid_list: [ "pad-rp-1", "pad-rp-2" ]
# END WEBHOSTING
En tentant d'installer haproxy avec coraza sur pad-rp-1, deux problème ce sont posés :
- Le role coraza n'est pas fonctionnel, j'ai créé une PR pour régler ca (avec l'ancien ticket IT-548545).
- Le domaine temporaire "glou.gloup-it.net" ne fait pas partis des entrées DNS public. Idem ticket et PR créé IT-549948.
# settings for haproxy
haproxy_letsencrypt: true
haproxy_coraza: true
haproxy_tls_profile: "modern"
haproxy_https_monitoring:
- padeia.neox-it.net
haproxy_backend:
- name: "padeia-app"
server:
- name: "pad-app-1"
fqdn: "pad-app-1.p.neox-it.cloud"
port: "8080"
haproxy_frontend:
default_backend: "padeia-app"
minute: "{{ 59 | random(seed='glouglou.fr') }}"
---
# file: host_vars/pad-rp-1/public
# settings for haproxy
haproxy_letsencrypt: true
haproxy_coraza: true
haproxy_waf_sample_percent: 50
haproxy_tls_profile: "modern"
haproxy_https_monitoring:
- p3.neox-it.net
haproxy_backend:
- name: "padeia-app"
server:
- name: "pad-app-1"
fqdn: "pad-app-1.p.neox-it.cloud"
port: "8080"
haproxy_frontend:
default_backend: "padeia-app"
chain INPUTv4 {
tcp dport { 22 } ip saddr @oui_oui_peers counter accept comment "SSH session at DC"
define pub_auth_certificate {
10.12.1.70/32
}
chain FORWARD v4 {
ip saddr $pub_auth_certificate ip daddr $th3_private_v4 tcp dport 22 accept comment "Allow cert publisher to SSH in TH3"
}
nmilovanovic@fedora:~$ cat ~/.ssh/id_ed25519.pub
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+FnEmDjlODbZ6U8Y3Cq1a23IDhvgSdYMjphTlQ5+dx nmilovanovic@fedora
update nftables comment 3
IT-15164
IT-15166
IT-15199
IT-12625
https://tracker.cosium.com/browse/IT-12625
https://tracker.cosium.com/browse/IT-15164
https://tracker.cosium.com/browse/IT-15166
https://tracker.cosium.com/browse/IT-15199
https://git.cosium.com/projects/IT/repos/ansible/pull-requests/5731/overview
https://git.cosium.com/projects/IT/repos/ansible/pull-requests/5704/overview
https://git.cosium.com/projects/IT/repos/ansible/pull-requests/5679/overview
https://git.cosium.com/projects/IT/repos/ansible/pull-requests/5678/overview
https://git.cosium.com/projects/IT/repos/ansible/pull-requests/5707/overview
Reference in a new issue View git blame Copy permalink