Referentie
Playbooks
backend.yml
yaml
- name: Setup Controlhost
hosts: controlhost
become: true
roles: [ssh]
- name: Setup Common Requirements
hosts: backend
become: true
roles: [common]
- name: Setup Database
hosts: database
become: true
roles: [database]
- name: Setup API
hosts: api
become: true
roles: [api]
- name: Setup Proxy
hosts: api
become: true
roles:
- role: proxy
vars:
proxy_server_name: 'backend.wildfire.ugent.be'
proxy_backends:
- path: '/'
upstream: 'http://127.0.0.1:3000/'
proxy_enable_https: false
proxy_api_enable: falsefrontend.yml
yaml
- name: Setup Controlhost
hosts: controlhost
become: true
roles: [ssh]
- name: Setup Common Requirements
hosts: frontend
become: true
roles: [common]
- name: Setup Viewer
hosts: viewer
become: true
roles: [viewer]
- name: Setup Admin Portal
hosts: adminportal
become: true
roles: [adminportal]
- name: Setup Proxy
hosts: frontend
become: true
roles:
- role: proxy
vars:
proxy_server_name: 'wildfire.ugent.be'
proxy_backends:
- path: '/'
upstream: 'http://127.0.0.1:3001'
- path: '/admin/'
upstream: 'http://127.0.0.1:3002'
proxy_enable_https: true
proxy_ssl_cert: '/etc/ssl/certs/wildfire.ugent.be.crt'
proxy_ssl_key: '/etc/ssl/private/wildfire.ugent.be.key'full.yml (uittreksel)
yaml
- name: Setup Common Requirements
hosts: frontend, backend
become: true
roles: [common]
- name: Setup Proxy Frontend
hosts: frontend
become: true
roles:
- role: proxy
vars:
proxy_server_name: 'wildfire.ugent.be'
proxy_backends:
- { path: '/', upstream: 'http://127.0.0.1:3001' }
- { path: '/admin/', upstream: 'http://127.0.0.1:3002' }
proxy_enable_https: true
proxy_ssl_cert: '/etc/ssl/certs/wildfire.ugent.be.crt'
proxy_ssl_key: '/etc/ssl/private/wildfire.ugent.be.key'
- name: Setup Proxy Backend
hosts: api
become: true
roles:
- role: proxy
vars:
proxy_server_name: 'wfbackend.ugent.be'
proxy_backends:
- { path: '/', upstream: 'http://127.0.0.1:3000/' }
proxy_enable_https: false
proxy_api_enable: falseAnsible Executor Dockerfile
dockerfile
FROM almalinux:10-minimal
WORKDIR /ansible
COPY requirements.yml .
RUN microdnf update -y
RUN microdnf install -y python3 python3-pip
RUN python3 -m pip install Ansible-Core Ansible-Lint
RUN ansible-galaxy collection install -r requirements.yml
RUN microdnf install -y openssh-clients
CMD [ "ansible-lint", "--help" ]Nginx vhost (HTTP‑only, frontend)
nginx
server {
listen 80;
server_name 10.129.80.89;
location = /healthz { access_log off; return 200 "ok\n"; add_header Content-Type text/plain; }
location / { proxy_pass http://127.0.0.1:3001/; proxy_http_version 1.1;
proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; }
location ^~ /admin/_nuxt/ { proxy_pass http://127.0.0.1:3002/_nuxt/; }
location ^~ /admin/assets/ { proxy_pass http://127.0.0.1:3002/assets/; }
location /admin/ { proxy_pass http://127.0.0.1:3002/; proxy_http_version 1.1;
proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; }
location /api/v1/ { proxy_pass http://10.129.80.64:3000/; proxy_http_version 1.1;
proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; }
}