Ansible Playbook: management-node

This playbook manages the services running on the management node. It is designed to allow running it on a freshly installed Ubuntu 22.04 LTS machine, but can also be used to re-configure an existing machine.

Step CA

Installs and configures the step Certificate Authority server and provisioner using the trfore.smallstep Ansible collection. The root certificate used by the CA server is automatically pulled from the host and stored in the GitLab repository so that it can be propagated and trusted on the other nodes.

Run the playbook with the ca tag to only set up the CA server:

ansible-playbook playbooks/management-node.yml --tags ca

Unbound

Installs and configures the unbound recursive DNS resolver. Unbound is installed as a systemd service and the playbook automatically configures systemd-resolved on the target host to use Unbound for DNS queries.

The Unbound configuration is built from the template found in provisioning/resources/templates/unbound.conf.j2, which is where the local DNS zones and forwarders are configured. Note that the resulting configuration is validated before it is applied, and any validation errors will result in the changes being discarded.

Run the playbook with the dns tag to only set up the DNS server:

ansible-playbook playbooks/management-node.yml --tags dns

To only re-configure an existing Unbound installation, use the dns-configure tag:

ansible-playbook playbooks/management-node.yml --tags dns-configure