parent
0ed180375e
commit
7f8e7f0c99
GPG key ID:
59B3F0C24135C6A9
25 changed files with 261 additions and 530 deletions
|
|
@ -1,217 +0,0 @@
|
|||
<!doctype html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<title>Enroll Examples</title>
|
||||
<meta name="description" content="Copy/paste recipes for Enroll: one host, fleets, drift detection, and safe storage.">
|
||||
|
||||
<!-- Fonts -->
|
||||
<link rel="preconnect" href="https://fonts.googleapis.com">
|
||||
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
|
||||
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&family=JetBrains+Mono:wght@400;500;600&display=swap" rel="stylesheet">
|
||||
|
||||
<!-- Bootstrap -->
|
||||
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
|
||||
<link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css" rel="stylesheet">
|
||||
|
||||
<link href="assets/css/site.css" rel="stylesheet">
|
||||
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<nav class="navbar navbar-expand-lg bg-white bg-opacity-75 sticky-top border-bottom" data-bs-theme="light">
|
||||
<div class="container py-1">
|
||||
<a class="navbar-brand fw-bold d-flex align-items-center gap-2" href="index.html">
|
||||
<img class="brand-mark" src="assets/img/enroll.svg" alt="Enroll">
|
||||
<span>Enroll</span>
|
||||
</a>
|
||||
<button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#nav" aria-controls="nav" aria-expanded="false" aria-label="Toggle navigation">
|
||||
<span class="navbar-toggler-icon"></span>
|
||||
</button>
|
||||
<div class="collapse navbar-collapse" id="nav">
|
||||
<ul class="navbar-nav ms-auto align-items-lg-center gap-lg-2">
|
||||
<li class="nav-item"><a class="nav-link" href="docs.html">Docs</a></li>
|
||||
<li class="nav-item"><a class="nav-link" href="examples.html">Examples</a></li>
|
||||
<li class="nav-item"><a class="nav-link" href="security.html">Security Design</a></li>
|
||||
<li class="nav-item ms-lg-2">
|
||||
<a class="btn btn-sm btn-outline-dark" href="https://git.mig5.net/mig5/enroll" target="_blank" rel="noreferrer">
|
||||
<i class="bi bi-git"></i> Repo
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
</nav>
|
||||
|
||||
|
||||
<header class="py-5 hero">
|
||||
<div class="container py-3">
|
||||
<div class="kicker mb-3"><i class="bi bi-terminal"></i> Examples</div>
|
||||
<h1 class="display-6 fw-bold mb-2">Copy/paste recipes</h1>
|
||||
<p class="lead mb-0">Practical flows you can adapt to your environment.</p>
|
||||
</div>
|
||||
</header>
|
||||
|
||||
<main class="py-5">
|
||||
<div class="container">
|
||||
|
||||
<div class="row g-4">
|
||||
<div class="col-lg-6">
|
||||
<div class="feature-card p-4 h-100">
|
||||
<div class="fw-semibold mb-2">Enroll a single host (local)</div>
|
||||
<div class="codeblock terminal">
|
||||
<button class="btn btn-sm btn-outline-secondary copy-btn" data-copy-target="#ex-single-local"><i class="bi bi-clipboard"></i> Copy</button>
|
||||
<pre class="mb-0"><code id="ex-single-local"><span class="prompt">$</span> enroll harvest --out /tmp/enroll-harvest
|
||||
<span class="prompt">$</span> enroll manifest --harvest /tmp/enroll-harvest \
|
||||
--out /tmp/enroll-ansible
|
||||
<span class="prompt">$</span> ansible-playbook -i "localhost," -c local \
|
||||
/tmp/enroll-ansible/playbook.yml --diff --check</code></pre>
|
||||
</div>
|
||||
<p class="small text-secondary mt-2 mb-0">Great for "make this box reproducible" or building a golden role set.</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="col-lg-6">
|
||||
<div class="feature-card p-4 h-100">
|
||||
<div class="fw-semibold mb-2">Enroll a remote host (over SSH)</div>
|
||||
<div class="codeblock terminal">
|
||||
<button class="btn btn-sm btn-outline-secondary copy-btn" data-copy-target="#ex-remote"><i class="bi bi-clipboard"></i> Copy</button>
|
||||
<pre class="mb-0"><code id="ex-remote"><span class="prompt">$</span> enroll harvest \
|
||||
--remote-host myhost.example.com \
|
||||
--remote-user myuser \
|
||||
--out /tmp/enroll-harvest
|
||||
<span class="prompt">$</span> enroll manifest \
|
||||
--harvest /tmp/enroll-harvest \
|
||||
--out /tmp/enroll-ansible</code></pre>
|
||||
</div>
|
||||
<p class="small text-secondary mt-2 mb-0">No need to manually run commands on the server - your bundle lands locally. If your remote user needs a password for sudo, pass in <code>--ask-become-pass</code> or <code>-K</code>, just like in Ansible. If you don't want to use sudo, pass <code>--no-sudo</code>, but your harvest may contain less data.</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="col-lg-6">
|
||||
<div class="feature-card p-4 h-100">
|
||||
<div class="fw-semibold mb-2">Fleets: multi-site output</div>
|
||||
<div class="codeblock terminal">
|
||||
<button class="btn btn-sm btn-outline-secondary copy-btn" data-copy-target="#ex-multisite"><i class="bi bi-clipboard"></i> Copy</button>
|
||||
<pre class="mb-0"><code id="ex-multisite"><span class="prompt">$</span> fqdn="$(hostname -f)"
|
||||
<span class="prompt">$</span> enroll single-shot --remote-host "$fqdn" \
|
||||
--remote-user myuser \
|
||||
--out /tmp/enroll-ansible \
|
||||
--fqdn "$fqdn"
|
||||
<span class="prompt">$</span> ansible-playbook "/tmp/enroll-ansible/playbooks/${fqdn}.yml"</code></pre>
|
||||
</div>
|
||||
<p class="small text-secondary mt-2 mb-0">Shared roles + host inventory keeps one host's differences from breaking another.</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="col-lg-6">
|
||||
<div class="feature-card p-4 h-100">
|
||||
<div class="fw-semibold mb-2">Drift detection with <code>enroll diff</code></div>
|
||||
<div class="codeblock terminal">
|
||||
<button class="btn btn-sm btn-outline-secondary copy-btn" data-copy-target="#ex-diff"><i class="bi bi-clipboard"></i> Copy</button>
|
||||
<pre class="mb-0"><code id="ex-diff"><span class="prompt">$</span> enroll diff \
|
||||
--old /path/to/harvestA \
|
||||
--new /path/to/harvestB \
|
||||
--format markdown
|
||||
<span class="prompt">$</span> enroll diff --old /path/to/golden --new /path/to/current \
|
||||
--webhook https://example.net/webhook \
|
||||
--webhook-format json \
|
||||
--webhook-header 'X-Enroll-Secret: ...' \
|
||||
--exit-code</code></pre>
|
||||
</div>
|
||||
<p class="small text-secondary mt-2 mb-0">Use it in cron or CI to alert on change.</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="col-lg-6">
|
||||
<div class="feature-card p-4 h-100">
|
||||
<div class="fw-semibold mb-2">Explain a harvest with <code>enroll explain</code></div>
|
||||
<div class="codeblock terminal">
|
||||
<button class="btn btn-sm btn-outline-secondary copy-btn" data-copy-target="#ex-explain"><i class="bi bi-clipboard"></i> Copy</button>
|
||||
<pre class="mb-0"><code id="ex-explain"><span class="prompt">$</span> enroll explain /tmp/enroll-harvest
|
||||
|
||||
# machine-readable (reasons, examples, inventory breakdown)
|
||||
<span class="prompt">$</span> enroll explain /tmp/enroll-harvest --format json | jq .
|
||||
|
||||
# encrypted bundle
|
||||
<span class="prompt">$</span> enroll explain /var/lib/enroll/harvest.tar.gz.sops --sops</code></pre>
|
||||
</div>
|
||||
<p class="small text-secondary mt-2 mb-0">Great for answering "why did it include/exclude that file?" before you generate a manifest.</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<hr class="my-5">
|
||||
|
||||
<div class="row g-4">
|
||||
<div class="col-lg-6">
|
||||
<div class="callout p-4 h-100">
|
||||
<div class="fw-semibold mb-2"><i class="bi bi-shield-check"></i> Safe harvesting (default)</div>
|
||||
<p class="small text-secondary mb-3">Enroll tries to avoid harvesting files that might contain secrets. If you need to capture "everything", pass <code>--dangerous</code> and treat the output as sensitive.</p>
|
||||
<p class="small text-secondary mb-3">You can still control what gets collected and what doesn't by using <code>--include</code> and <code>--exclude</code> flags.</p>
|
||||
<div class="terminal"><pre class="mb-0"><code><span class="prompt">$</span> enroll harvest --dangerous --out /tmp/enroll-harvest</code></pre></div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-lg-6">
|
||||
<div class="callout p-4 h-100">
|
||||
<div class="fw-semibold mb-2"><i class="bi bi-lock"></i> Encrypt bundles at rest (SOPS)</div>
|
||||
<p class="small text-secondary mb-3">Produce a single encrypted file for harvest and/or manifest output (requires SOPS to be installed).</p>
|
||||
<p class="small text-secondary mb-3">This is especially a good idea if you are using <code>--dangerous</code>, which might sweep up secrets (see above).</p>
|
||||
<div class="terminal"><pre class="mb-0"><code><span class="prompt">$</span> enroll harvest --dangerous --out /tmp/harvest \
|
||||
--sops <FINGERPRINT>
|
||||
<span class="prompt">$</span> enroll manifest --harvest /tmp/harvest/harvest.tar.gz.sops \
|
||||
--out /tmp/enroll-ansible --sops <FINGERPRINT></code></pre></div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
</main>
|
||||
|
||||
|
||||
<footer class="py-5">
|
||||
<div class="container">
|
||||
<div class="row g-4 align-items-start">
|
||||
<div class="col-lg-6">
|
||||
<div class="d-flex align-items-center gap-2 mb-2">
|
||||
<img class="brand-mark" src="assets/img/enroll.svg" alt="Enroll">
|
||||
<div class="fw-bold">Enroll (a mig5 project)</div>
|
||||
<span class="badge badge-soft rounded-pill">CLI</span>
|
||||
<span class="badge badge-soft rounded-pill">Ansible</span>
|
||||
</div>
|
||||
<p class="smallprint mb-3">Reverse-engineering servers into Ansible.</p>
|
||||
<div class="d-flex flex-wrap gap-2">
|
||||
<a class="btn btn-sm btn-outline-dark" href="https://git.mig5.net/mig5/enroll" target="_blank" rel="noreferrer"><i class="bi bi-git"></i> Repo</a>
|
||||
<a class="btn btn-sm btn-outline-dark" href="https://pypi.org/project/enroll/" target="_blank" rel="noreferrer"><i class="bi bi-box"></i> PyPI</a>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-lg-3">
|
||||
<div class="fw-semibold mb-2">Site</div>
|
||||
<ul class="list-unstyled small mb-0">
|
||||
<li><a class="link-secondary text-decoration-none" href="docs.html">Docs</a></li>
|
||||
<li><a class="link-secondary text-decoration-none" href="examples.html">Examples</a></li>
|
||||
<li><a class="link-secondary text-decoration-none" href="security.html">Security Design</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
<div class="col-lg-3">
|
||||
<div class="fw-semibold mb-2">Contact</div>
|
||||
<ul class="list-unstyled small mb-0">
|
||||
<li><a class="link-secondary text-decoration-none" href="https://nr.mig5.net/forms/mig5/contact" target="_blank" rel="noreferrer">Form</a></li>
|
||||
<li><span class="text-secondary">Fediverse:</span> <a class="link-secondary text-decoration-none" href="https://goto.mig5.net/@mig5" target="_blank" rel="noreferrer">@mig5</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
<hr class="my-4">
|
||||
<div class="d-flex flex-column flex-md-row justify-content-between align-items-md-center gap-2 small">
|
||||
<div class="text-secondary">© <span id="year"></span> <a href="https://mig5.net" target="_blank" rel="noopener noreferrer">mig5 system administration</a></div>
|
||||
</div>
|
||||
</div>
|
||||
</footer>
|
||||
|
||||
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script>
|
||||
<script src="assets/js/site.js"></script>
|
||||
<script>document.getElementById('year').textContent = new Date().getFullYear();</script>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue