MyPaas by D2-SI & S&B Digital is an Ansible playbook for startups or small companies which want to build a modern and fully automated infrastructure.
This infrastructure will be composed by :
- Ubuntu 16.04 VPS VMs on OVH Public Cloud
- Docker Swarm 17.xx
- A software factory
- Gitlab
- Jenkins
- Rundeck
- Monitoring with DatadogHQ
- Team chat with Slack
- Productivity tools
- Nextcloud
- Dokuwiki
- Automatic encrypted backup with Duplicity and OVH Cloud Storage
- Security
- CIS Benchmark for Ubuntu 16.04 (based on https://github.com/grupoversia/cis-ubuntu-ansible)
- Let's Encrypt
- OpenLDAP
- OpenVPN
- Fail2ban
- Log management with OVH PaaS Logs (soon)
- Vulnerability scanner with OpenVAS and CoreOS Clair (soon)
- And more !
- Create a free account on DatadogHQ and get the api key, and the app key (
datadog.api_keyanddatadog.app_key) - Create an account on Slack and get a token (
slack.teamandslack.token) - Create 2 sets of SSH keys for Gitlab (
jenkins.gitlab_webhook_publickey,jenkins.gitlab_webhook_privatekey) and Jenkins Slave (jenkins.jenkins_slave_privatekey) - Create a password for Docker Registry and generate its htpasswd string with http://www.htaccesstools.com/htpasswd-generator/ (
registry.passandregistry.htpasswd_pass) - Create an OVH account, create a Cloud project with paiement options
- Create your OVH API tokens with all permissions on cloud and domain endpoints : https://eu.api.ovh.com/createToken/ (o
vh.project,ovh.region,ovh.application_key,ovh.application_secret,ovh.endpoint,ovh.consumer_key) - Create your OVH domain name (
tld_hostnameandtop_dn) - Create an admin mail account on your domain name (
mail.*) - Generate many passwords, passphrases, secret keys, encrypting keys with
pwgen 64 20 - Rename
vars.yml-templatetovars.yml - Fill every field in
vars.ymlwith everything we just generated
- Create all elements of your cloud project :
ansible-playbook -i ansible_hosts --ask-sudo-pass main.yml - Create your VMs and install all the tools :
ansible-playbook -i ansible_hosts --ask-sudo-pass deploy.yml