🤝Jobs

Ansible Playbook for Loki Server with client-side encryption for S3 storage

overview

We're looking for help writing an Ansible playbook that:

  • Assumes a new and empty Ubuntu 22.04 server
  • Installs Docker, Docker Compose, and enables Swarm mode
  • Installs Loki as a docker-compose stack
  • Installs Grafana as a docker-compose stack
  • Sets up an SSL (wildcard) certificate (pre-provided, not let's encrypt) to use by apache
  • Installs Apache2 and configures it to reverse-proxy + TLS offload the Docker stacks
  • Installs and configures a firewall (iptables/nftables)
  • Loki should use Minio object-storage as a backend
  • Firewalling allows access from restricted list of source IP addresses to port 443 (Apache2)
  • Firewalling allows access from restricted list of source IP addresses to port 22 (SSH)

Requirements of the playbook:

  • The playbook will live in a standalone private github repository
  • Usage of existing high-quality Roles and Collections (Ansible Galaxy) is encouraged
  • All environment-specific variables should be provided through an inventory file. No real hostnames, IPs, usernames, etc should be present in the repository
  • The repo contains clear documentation in the README.md file, explaining how to use the playbook and explaining the variables that can be set in the inventory file
  • The repo contains a documented example (ficticious) inventory file (.dist) as an example / template
  • The repo passes ansible-lint and ansible-review. Exceptions should be documented in the README.md file
  • The playbook should be written in a way that makes Loki and Grafana optional.

Deployment to production:

  • The playbook should be written in a way that makes it easy to deploy to production and staging environments by our admins
  • High quality documentation is essential
  • You'll be expected to support our admins to deploy the playbook to production (and to update the docs based on these experiences)

At LinkORB, the Ansible Playbook for Loki Server with client-side encryption for S3 storage:

Candidate screening

Given the technical nature of our team and our async-first way or working, we often leverage candidate screening exercises to start the interview process. For this role, exercises will align with the following badges:

That said, at LinkORB we understand that no one knows everything and the learning journey is part of what we love about the work.

Working at LinkORB

LinkORB Engineering is the sub-group of LinkORB focused on the development and operations of our products and platforms: innovative healthcare solutions for healthcare professionals and their patients.

We are a fully remote team collaborating almost entirely asynchronously to build and support products used by millions of families and thousands of healthcare professionals.

Read more about LinkORB Engineering. Specifically, you might check out our: