Skip to main content

Add-On Playbooks

These playbooks extend your base NetActuate infrastructure with additional services and configurations. Use them after provisioning your initial servers.

Firewall Configuration

Configure UFW firewall rules on your servers:

---
- hosts: netactuate_servers
  become: true

  tasks:
    - name: Install UFW
      apt:
        name: ufw
        state: present
        update_cache: true

    - name: Allow SSH
      ufw:
        rule: allow
        port: "22"
        proto: tcp

    - name: Allow HTTP
      ufw:
        rule: allow
        port: "80"
        proto: tcp

    - name: Allow HTTPS
      ufw:
        rule: allow
        port: "443"
        proto: tcp

    - name: Enable UFW
      ufw:
        state: enabled
        policy: deny

Monitoring Agent

Deploy a monitoring agent to all servers:

---
- hosts: netactuate_servers
  become: true

  vars:
    monitoring_endpoint: "https://monitoring.example.com/api"

  tasks:
    - name: Install monitoring dependencies
      apt:
        name:
          - curl
          - jq
        state: present

    - name: Download monitoring agent
      get_url:
        url: "https://releases.example.com/agent/latest/agent-linux-amd64"
        dest: /usr/local/bin/monitoring-agent
        mode: "0755"

    - name: Create agent configuration
      template:
        src: templates/agent.conf.j2
        dest: /etc/monitoring-agent.conf
        mode: "0644"

    - name: Create systemd service
      copy:
        dest: /etc/systemd/system/monitoring-agent.service
        content: |
          [Unit]
          Description=Monitoring Agent
          After=network.target

          [Service]
          ExecStart=/usr/local/bin/monitoring-agent -config /etc/monitoring-agent.conf
          Restart=always
          RestartSec=5

          [Install]
          WantedBy=multi-user.target

    - name: Enable and start monitoring agent
      systemd:
        name: monitoring-agent
        enabled: true
        state: started
        daemon_reload: true

SSL Certificate Provisioning

Set up Let's Encrypt certificates with Certbot:

---
- hosts: web_servers
  become: true

  vars:
    domain: "example.com"
    email: "admin@example.com"

  tasks:
    - name: Install Certbot
      apt:
        name:
          - certbot
          - python3-certbot-nginx
        state: present
        update_cache: true

    - name: Obtain SSL certificate
      command: >
        certbot --nginx -d {{ domain }}
        --non-interactive --agree-tos
        --email {{ email }}
      args:
        creates: /etc/letsencrypt/live/{{ domain }}/fullchain.pem

    - name: Enable auto-renewal timer
      systemd:
        name: certbot.timer
        enabled: true
        state: started

Log Rotation

Configure log rotation for application logs:

---
- hosts: netactuate_servers
  become: true

  tasks:
    - name: Configure application log rotation
      copy:
        dest: /etc/logrotate.d/application
        content: |
          /var/log/application/*.log {
              daily
              missingok
              rotate 14
              compress
              delaycompress
              notifempty
              create 0640 www-data adm
              sharedscripts
              postrotate
                  systemctl reload application 2>/dev/null || true
              endscript
          }

Usage

  1. Update your inventory file with your server IPs.
  2. Run the desired playbook:
ansible-playbook -i inventory.ini add-on-firewall.yml

Need Help?

If you need assistance with add-on playbooks, visit our support page.