Step 4: Creating Ansible inventory files

For disaster recovery, you must create Ansible® inventory files both the primary and secondary appliance.

Procedure

  1. Create the inventory file for the primary appliance.
    1. Copy the /usr/share/resilient-dr/ansible/templates/inventory.template.yml file.
    2. Save it to the /usr/share/resilient-dr/ansible/inventories folder.
    3. Rename the file.

      Use a name that represents the primary appliance, such as resilient_hosts_primary_machine_a.yml.

    4. Edit the file and make the following changes:
      Table 1. Configuration for the primary appliance inventory file
      Variable Value

      master_hosts

      Change <REPLACE_ME_WITH_AN_IP_OR_FQDN> to the IP address or fully qualified domain name of appliance A.

      This is used by Ansible for targeting when running the playbooks.

      receiver_hosts

      Change <REPLACE_ME_WITH_AN_IP_OR_FQDN> to the fully qualified domain name or IP address of appliance B.

      This is used by Ansible for targeting when running the playbooks.

      inv_vars_master_host

      Change <REPLACE_ME_WITH_AN_FQDN> to the fully qualified domain name of appliance A.

      This must match the common name of the SSL server certificates for this instance.

      inv_vars_receiver_host

      Change <REPLACE_ME_WITH_AN_FQDN> to the fully qualified domain name of appliance B.

      This must match the common name of the SSL server certs for this instance.

      inv_vars_master_host_firewalld_range

      Specify the range of IP addresses that can interact with the appliance through the Postgres port.

      The range is enforced using firewalld on the primary appliance only. The range must be set using a netmask, and the IP address must be the IP address of the receiver host.

      inv_vars_master_host_firewalld_network_zone

      Specify the network zone to which you want Ansible to add the firewalld postgres connection rule.

      This is set to the default value of internal.

      inv_vars_postgres_ssl_certs_vault_file

      Specify the user-created SSL certs vault file (created from ansible/templates/ssl_certs_vault.template.yml) within ansible/files used to store the master host SSL certificates (server.crt, server.key, and root.crt). This must be the set of certs created for this machine.

      Do not specify the inv_vars_postgres_ssl_certs_vault_file variable unless you are using the supply method for the postgres SSL certs, which is specified in the group_vars/all/vault file.
  2. Create the inventory file for the secondary appliance.
    1. Copy the /usr/share/resilient-dr/ansible/templates/inventory.template.yml file.
    2. Save it to the /usr/share/resilient-dr/ansible/inventories folder.
    3. Rename the file.

      Use a name that represents the secondary appliance, such as resilient_hosts_secondary_machine_b.yml.

    4. Edit the file and make the following changes:
      Table 2. Configuration for the secondary appliance inventory file
      Variable Value

      master_hosts

      Change <REPLACE_ME_WITH_AN_IP_OR_FQDN> to the IP address or fully qualified domain name of appliance B.

      This is used by Ansible for targeting when running the playbooks.

      receiver_hosts

      Change <REPLACE_ME_WITH_AN_IP_OR_FQDN> to the fully qualified domain name or IP address of appliance A.

      This is used by Ansible for targeting when running the playbooks.

      inv_vars_master_host

      Change <REPLACE_ME_WITH_AN_FQDN> to the fully qualified domain name of appliance B.

      This must match the common name of the SSL server certificates for this instance.

      inv_vars_receiver_host

      Change <REPLACE_ME_WITH_AN_FQDN> to the fully qualified domain name of appliance A.

      This must match the common name of the SSL server certs for this instance.

      inv_vars_master_host_firewalld_range

      Specify the range of IP addresses that can interact with the appliance through the Postgres port.

      The range is enforced using firewalld on the primary appliance only. The range must be set using a netmask, and the IP address must be the IP address of the receiver host.

      inv_vars_master_host_firewalld_network_zone

      Specify the network zone to which you want Ansible to add the firewalld postgres connection rule.

      This is set to the default value of internal.

      inv_vars_postgres_ssl_certs_vault_file

      Specify the SSL certificate vault file (created from ansible/templates/ssl_certs_vault.template.yml) within ansible/files/ used to store the master_host ssl certificates (server.crt, server.key and root.crt). This must be the set of certs created for this machine.

      Do not specify the inv_vars_postgres_ssl_certs_vault_file variable unless you are using the supply method for the postgres SSL certs, which is specified in the group_vars/all/vault file.

What to do next

You must complete these configuration steps on each of the appliance systems.

After you complete the configuration on both appliances, proceed to Step 5: Creating Ansible vault files.