tinc
Installing tinc mesh vpn is optional and
experimental. It allows having a private network interface vpn0 on
the target VMs.
Warning
We currently only use tinc for test clusters and have not made sure if the default settings it comes with provide adequate security to protect your data. If using tinc and the following tinc.yml playbook, make your own checks first!
Note
Ensure to run the tinc.yml playbook first if you use tinc, before other playbooks.
From wire-server-deploy/ansible, where you created a hosts.ini file.
Add a
vpn_ip=Z.Z.Z.Zitem to each entry in the hosts file with a (fresh) IP range if you wish to use tinc.Add a group
vpn:
# this is a minimal example
[all]
server1 ansible_host=X.X.X.X vpn_ip=10.10.1.XXX
server2 ansible_host=X.X.X.X vpn_ip=10.10.1.YYY
[cassandra]
server1
server2
[vpn:children]
cassandra
# add other server groups here as necessary
Also ensure subsequent playbooks make use of the newly-created interface by setting:
[all:vars]
minio_network_interface = vpn0
cassandra_network_interface = vpn0
elasticsearch_network_interface = vpn0
redis_network_interface = vpn0
Configure the physical network interface inside tinc.yml if it is not
eth0. Then:
ansible-playbook -i hosts.ini tinc.yml -vv