Ansible Playbook for Loki Server with client-side encryption for S3 storage
Overview
We're looking for help writing an Ansible playbook that:
Assumes a new and empty Ubuntu 22.04 server
Installs Docker, Docker Compose, and enables Swarm mode
Installs Loki as a docker-compose stack
Installs Grafana as a docker-compose stack
Sets up an SSL (wildcard) certificate (pre-provided, not let's encrypt) to use by apache
Installs Apache2 and configures it to reverse-proxy + TLS offload the Docker stacks
Installs and configures a firewall (iptables/nftables)
Loki should use Minio object-storage as a backend
Firewalling allows access from restricted list of source IP addresses to port 443 (Apache2)
Firewalling allows access from restricted list of source IP addresses to port 22 (SSH)
Requirements of the playbook:
The playbook will live in a standalone private github repository
Usage of existing high-quality Roles and Collections (Ansible Galaxy) is encouraged
All environment-specific variables should be provided through an inventory file. No real hostnames, IPs, usernames, etc should be present in the repository
The repo contains clear documentation in the README.md file, explaining how to use the playbook and explaining the variables that can be set in the inventory file
The repo contains a documented example (ficticious) inventory file (.dist) as an example / template
The repo passes ansible-lint and ansible-review. Exceptions should be documented in the README.md file
The playbook should be written in a way that makes Loki and Grafana optional.
Deployment to production:
The playbook should be written in a way that makes it easy to deploy to production and staging environments by our admins
High quality documentation is essential
You'll be expected to support our admins to deploy the playbook to production (and to update the docs based on these experiences)
Badges
At LinkORB, we work with the Badge System for qualification and learning. Candidates will be evaluated on their ability to achieve the following badges:
🏅 Git Basics Understand and apply basic Git concepts
🏅 GitHub Basics Understand and apply basic GitHub concepts
🏅 YAML Basics Able to read, create and maintain YAML files.
That said, at LinkORB we understand that no one knows everything and the learning journey is part of what we love about the work.
Ready to take on this gig?
Great, we are excited to hear from you! Please send us your proposal at engineering@linkorb.com.
Working at LinkORB
LinkORB Engineering is the sub-group of LinkORB focused on the development and operations of our products and platforms:
innovative healthcare solutions for healthcare professionals and their patients.
We are a fully remote team collaborating almost entirely asynchronously to build and support products used by millions of families and thousands of healthcare professionals.