Skip to content

Ansible playbook for deploying a distributed hybrid cloud on a budget

Notifications You must be signed in to change notification settings

cycneuramus/ansible-hybrid-cloud

Repository files navigation

Overview

This Ansible playbook deploys a container orchestration cluster on a group of servers distributed over several data centers. In this particular setup, the assumption on infrastructure is:

NODE ROLE DATACENTER
apex Manager / Worker 1
horreum Worker 1
arca Manager / Worker 2
arm Manger / Worker 3

Features

  • Orchestration: The cluster is orchestrated by Nomad (default) or Docker Swarm mode
  • Encryption: Cluster nodes communicate exclusively over a private Wireguard mesh network
  • Security: CrowdSec (default) or Fail2ban; reasonably hardened ssh config; unattended upgrades
  • Need-to-know: Service ports (HTTPS, IMAP, DoT, etc.) are open on ingress nodes only; all requests get reverse-proxied to services over the encrypted mesh network
  • Cloud storage: Rclone as a Docker volume plugin or systemd-managed FUSE mounts (default) for using almost any cloud storage as a storage backend for services
  • Distributed storage: GlusterFS or Syncthing (default)

CAUTION

This is a personalized setup, not a cookie-cutter playbook, so any use outside of the intended environment requires the appropriate adjustments to roles and variables.

Releases

No releases published

Packages

No packages published