infra
/
ansible-role-zerotier
2
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity
55 Commits
3 Branches
9 Tags
132 KiB
Shell 100%
 
Go to file
Gio d2c2e6494c
Make authentication delegation configurable 
Before this commit the authentication task was runned as a local_action
so if the zerotier controller was on a different machine that the
ansible controller, the zerotier controller API had to bind to 0.0.0.0
instead of 127.0.0.1 with the security implication this burden this
imply (setup HTTPS, setup firewall and so on).
With this commit this behaviour is now configurable with zerotier_api_delegate
variable, by default that variable is set to localhost so it behave
exactly as before this commit, but if set the action is run on the
preferred machine, in my case the zerotier network controller is part of
the same playbook so I set
    zerotier_api_delegate: zerotierNetworkControllerMachineName
    zerotier_api_url: http://127.0.0.1:9993/
So I can benefit from this ansible role without the burden of setting up
global listening + HTTPS etc...
 		2018-10-15 18:08:01 +02:00
defaults Make authentication delegation configurable 2018-10-15 18:08:01 +02:00
handlers Add handlers 2017-07-27 00:24:07 +02:00
meta Remove company field 2018-07-26 00:18:29 +02:00
tasks Make authentication delegation configurable 2018-10-15 18:08:01 +02:00
tests ansible-galaxy init 2017-07-26 23:44:44 +02:00
vars somes fixups 2018-02-15 19:59:14 -06:00
.travis.yml Add .travis.yml (again?) 2017-07-27 02:10:42 +02:00
README.md Description option added 2018-04-05 01:32:16 +02:00

README.md

Build Status GitHub issues

ZeroTier

This Ansible role installs the zerotier-one package, adds and authorizes new members to (existing) ZeroTier networks, and tells the new member to join the network.

Requirements

This role has an optional access token variable to authorize the member using the ZeroTier API. The role also takes the ID of the ZeroTier network to automatically join the new member.

Role Variables

zerotier_api_url

The url where the Zerotier API lives. Must use HTTPS protocol. Default: https://my.zerotier.com

zerotier_accesstoken

The access token needed to authorize with the ZeroTier API. You can generate one in your account settings at https://my.zerotier.com/. If this is left out then the newly joined member will not be automatically authorized.

zerotier_network_id

The 16 character network ID of the network the new members should join. The node will not join any network if omitted.

zerotier_register_short_hostname

Used to register the short hostname (without the FQDN) on the network instead of the long one. Default: false

zerotier_member_ip_assignments

A list of IP addresses to assign this member. The member will be automatically assigned an address on the network if left out.

zerotier_member_description

Optional desription for a member.

Example Playbook

    - hosts: servers
      vars:
         zerotier_network_id: 1234567890qwerty
         zerotier_accesstoken: "{{ vault_zerotier_accesstoken }}"
         zerotier_register_short_hostname: true

      roles:
         - { role: m4rcu5nl.zerotier }

Example Inventory

    [servers]
    web1.example.com zerotier_member_ip_assignments='["192.168.195.1", "192.168.195.2"]'
    web2.example.com zerotier_member_ip_assignments='["192.168.195.3", "192.168.195.4"'
    db1.example.com zerotier_member_ip_assignments='["192.168.195.10"]'
    db2.example.com zerotier_member_ip_assignments='["192.168.195.11"]'
    db3.example.com zerotier_member_ip_assignments='["192.168.195.12"]'

    [webservers]
    web1.example.com
    web2.example.com

    [dbservers]
    db1.example.com
    db2.example.com
    db3.example.com

    [webservers:vars]
    zerotier_member_description='<AppName> webserver'

    [dbservers:vars]
    zerotier_member_description='<AppName> db cluster node'