move lendwirbel k8s cluster to graveyard

author: Christian Pointner <equinox@spreadspace.org> 2022-01-11 17:36:10 +0100
committer: Christian Pointner <equinox@spreadspace.org> 2022-01-11 18:07:55 +0100
commit: 2ff93996b073b4f6d22d9e57b49e6849da474cf6 (patch)
tree: 3d1b945f7d57e35c43947a2d536ac587a9b59157 /_graveyard_
parent: some more apt-repo cleanup for kubernetes roles (diff)
18 files changed, 559 insertions, 0 deletions
diff --git a/_graveyard_/inventory/group_vars/k8s-lwl/vars.yml b/_graveyard_/inventory/group_vars/k8s-lwl/vars.yml
new file mode 100644
index 00000000..6a93d86b
--- /dev/null
+++ b/_graveyard_/inventory/group_vars/k8s-lwl/vars.yml
@@ -0,0 +1,50 @@
+---
+docker_pkg_provider: docker-com
+
+kubernetes_version: 1.22.5
+kubernetes_container_runtime: docker
+kubernetes_network_plugin: kubeguard
+
+kubernetes:
+  cluster_name: lndwrbl-live
+
+  dedicated_master: False
+  api_extra_sans:
+  - 178.63.180.137
+  - k8s-master.lndwrbl.live
+
+  pod_ip_range: 172.18.0.0/16
+  pod_ip_range_size: 24
+  service_ip_range: 172.18.192.0/18
+
+
+kubernetes_secrets:
+  encryption_config_keys: "{{ vault_kubernetes_encryption_config_keys }}"
+
+
+kubeguard:
+  ## node_index must be in the range between 1 and 190 -> 189 hosts possible
+  ##
+  ## hardcoded hostnames are not nice but if we do this via host_vars
+  ## the info is spread over multiple files and this makes it more diffcult
+  ## to find mistakes, so it is nicer to keep it in one place...
+  node_index:
+    lw-live-01: 1
+    lw-live-02: 2
+    lw-live-03: 3
+    lw-live-00: 100
+    lw-live-dist0: 110
+    lw-dione: 111
+    lw-helene: 112
+    lw-master: 127
+
+  direct_net_zones:
+    encoder:
+      transfer_net: 172.18.191.0/24
+      node_interface:
+        lw-dione: eno2
+        lw-helene: eno2
+
+kubernetes_overlay_node_ip: "{{ kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[inventory_hostname]) | ipaddr(1) | ipaddr('address') }}"
+
+kubernetes_metrics_server_version: 0.5.0
diff --git a/_graveyard_/inventory/group_vars/lendwirbel-live-xx/vars.yml b/_graveyard_/inventory/group_vars/lendwirbel-live-xx/vars.yml
new file mode 100644
index 00000000..6defdb17
--- /dev/null
+++ b/_graveyard_/inventory/group_vars/lendwirbel-live-xx/vars.yml
@@ -0,0 +1,2 @@
+---
+install_playbook: lendwirbel-live-xx
diff --git a/_graveyard_/inventory/group_vars/lendwirbel-live/vars.yml b/_graveyard_/inventory/group_vars/lendwirbel-live/vars.yml
new file mode 100644
index 00000000..a06be375
--- /dev/null
+++ b/_graveyard_/inventory/group_vars/lendwirbel-live/vars.yml
@@ -0,0 +1,29 @@
+---
+zsh_banner: lendwirbel
+
+acmetool_account_email: equinox@spreadspace.org
+acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}"
+
+apt_repo_blackmagic_auth:
+  username: "spreadspace"
+  password: "{{ vault_apt_repo_blackmagic_auth.password }}"
+
+install:
+  cloud:
+    credentials:
+      token: "{{ vault_hcloud_api_token }}"
+
+
+docker_storage:
+  type: lvm
+  vg: "{{ host_name }}"
+  lv: docker
+  size: 15G
+  fs: ext4
+
+kubelet_storage:
+  type: lvm
+  vg: "{{ host_name }}"
+  lv: kubelet
+  size: 10G
+  fs: ext4
diff --git a/_graveyard_/inventory/host_vars/lw-dione.yml b/_graveyard_/inventory/host_vars/lw-dione.yml
new file mode 100644
index 00000000..e5073987
--- /dev/null
+++ b/_graveyard_/inventory/host_vars/lw-dione.yml
@@ -0,0 +1,57 @@
+---
+install:
+  efi: true
+  disks:
+    primary: /dev/disk/by-id/nvme-SAMSUNG_MZVPW256HEGL-00000_S346NY0HC29501
+  kernel_cmdline:
+    - "consoleblank=0"
+    - "nomodeset"
+
+network:
+  nameservers:
+    - 9.9.9.9
+  domain: "{{ host_domain }}"
+  primary: &_network_primary_
+    name: eno1
+    address: 192.168.32.202/24
+    gateway: 192.168.32.254
+  interfaces:
+  - *_network_primary_
+
+
+base_packages_extra_host:
+  - exfat-fuse
+  - exfat-utils
+  - vlan
+
+admin_users_host:
+  - equinox
+
+docker_storage:
+  type: lvm
+  vg: "{{ host_name }}"
+  lv: docker
+  size: 15G
+  fs: ext4
+
+kubelet_storage:
+  type: lvm
+  vg: "{{ host_name }}"
+  lv: kubelet
+  size: 10G
+  fs: ext4
+
+
+ntp_variant: chrony
+
+ntp_client:
+  pools:
+  - name: at.pool.ntp.org
+    options: iburst
+
+ntp_hwtimestamp_interfaces:
+  - name: "*"
+
+ntp_server:
+  allow:
+  - "192.168.32.0/24"
diff --git a/_graveyard_/inventory/host_vars/lw-helene.yml b/_graveyard_/inventory/host_vars/lw-helene.yml
new file mode 100644
index 00000000..a45f02d0
--- /dev/null
+++ b/_graveyard_/inventory/host_vars/lw-helene.yml
@@ -0,0 +1,51 @@
+---
+install:
+  efi: true
+  disks:
+    primary: /dev/disk/by-id/nvme-SAMSUNG_MZVPW256HEGL-00000_S346NB0J803346
+  kernel_cmdline:
+    - "consoleblank=0"
+    - "nomodeset"
+
+network:
+  nameservers:
+    - 9.9.9.9
+  domain: "{{ host_domain }}"
+  primary: &_network_primary_
+    name: eno1
+    address: 192.168.32.203/24
+    gateway: 192.168.32.254
+  interfaces:
+  - *_network_primary_
+
+
+base_packages_extra_host:
+  - exfat-fuse
+  - exfat-utils
+  - vlan
+
+admin_users_host:
+  - equinox
+
+docker_storage:
+  type: lvm
+  vg: "{{ host_name }}"
+  lv: docker
+  size: 15G
+  fs: ext4
+
+kubelet_storage:
+  type: lvm
+  vg: "{{ host_name }}"
+  lv: kubelet
+  size: 10G
+  fs: ext4
+
+
+ntp_client:
+  servers:
+  - name: "192.168.32.202"
+    options: iburst minpoll 1 maxpoll 3 polltarget 30
+
+ntp_hwtimestamp_interfaces:
+  - name: "*"
diff --git a/_graveyard_/inventory/host_vars/lw-master.yml b/_graveyard_/inventory/host_vars/lw-master.yml
new file mode 100644
index 00000000..cee52198
--- /dev/null
+++ b/_graveyard_/inventory/host_vars/lw-master.yml
@@ -0,0 +1,62 @@
+---
+install:
+  vm:
+    memory: 10G
+    numcpus: 6
+    autostart: True
+  disks:
+    primary: /dev/sda
+    scsi:
+      sda:
+        type: zfs
+        name: root
+        size: 20g
+      # sdb:
+      #   type: blockdev
+      #   path: /dev/zvol/storage/streamstats
+  interfaces:
+  - bridge: br-public
+    name: primary0
+
+network:
+  nameservers: "{{ vm_host.network.dns }}"
+  domain: "{{ host_domain }}"
+  systemd_link:
+    interfaces: "{{ install.interfaces }}"
+  primary: &_network_primary_
+    name: primary0
+    address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ipaddr('address') }}"
+    template: overlay
+    overlay: "{{ (vm_host.network.bridges.public.overlays.default.prefix | ipaddr(vm_host.network.bridges.public.overlays.default.offsets[inventory_hostname])).split('/')[0] }}"
+  interfaces:
+  - *_network_primary_
+
+external_ip: "{{ network.primary.overlay }}"
+
+docker_storage:
+  type: lvm
+  vg: "{{ host_name }}"
+  lv: docker
+  size: 7G
+  fs: ext4
+
+kubelet_storage:
+  type: lvm
+  vg: "{{ host_name }}"
+  lv: kubelet
+  size: 5G
+  fs: ext4
+
+
+lvm_groups:
+  streamstats:
+    pvs:
+    - /dev/sdb
+
+emc_stats_storage:
+  type: lvm
+  vg: streamstats
+  lv: stats
+  size: 42G
+  fs: ext4
diff --git a/_graveyard_/inventory/host_vars/lw-telesto.yml b/_graveyard_/inventory/host_vars/lw-telesto.yml
new file mode 100644
index 00000000..8e9a0061
--- /dev/null
+++ b/_graveyard_/inventory/host_vars/lw-telesto.yml
@@ -0,0 +1,54 @@
+---
+debian_preseed_language: de
+debian_preseed_country: AT
+debian_preseed_locales:
+  - de_AT.UTF-8
+  - de_DE.UTF-8
+  - en_US.UTF-8
+
+debian_preseed_no_splash: no
+debian_preseed_install_tasks:
+  - xubuntu-desktop
+
+
+install:
+  efi: yes
+  disks:
+    primary: software-raid
+    raid:
+      level: 1
+      members:
+      - /dev/disk/by-id/ata-SAMSUNG_HD103UJ_S1PVJDWQ720808
+      - /dev/disk/by-id/ata-SAMSUNG_HD103UJ_S1PVJDWQ720810
+  system_lvm:
+    size: 50G
+    volumes:
+    - name: root
+      size: 20G
+      filesystem: ext4
+      mountpoint: /
+    - name: var+log
+      size: 768M
+      filesystem: ext4
+      mountpoint: /var/log
+      mount_options:
+      - noatime
+      - nodev
+      - noexec
+
+network:
+  nameservers:
+    - 9.9.9.9
+  domain: "{{ host_domain }}"
+  primary: &_network_primary_
+    name: eno1
+    address: 192.168.32.201/24
+    gateway: 192.168.32.254
+  interfaces:
+  - *_network_primary_
+
+
+base_modules_blacklist: "{{ base_modules_blacklist_all_but_sound }}"
+
+admin_users_host:
+  - equinox
diff --git a/_graveyard_/inventory/host_vars/lw-thetys.yml b/_graveyard_/inventory/host_vars/lw-thetys.yml
new file mode 100644
index 00000000..a732782d
--- /dev/null
+++ b/_graveyard_/inventory/host_vars/lw-thetys.yml
@@ -0,0 +1,52 @@
+---
+install:
+  efi: true
+  disks:
+    primary: /dev/disk/by-id/ata-TS32GMSA370_B475040161
+  kernel_cmdline:
+    - "consoleblank=0"
+
+network:
+  nameservers:
+    - 9.9.9.9
+  domain: "{{ host_domain }}"
+  primary: &_network_primary_
+    name: eno1
+    address: 192.168.28.202/24
+    gateway: 192.168.28.254
+  interfaces:
+  - *_network_primary_
+
+
+admin_users_host:
+  - equinox
+
+apt_repo_components:
+  - main
+  - contrib
+  - non-free ## for microcode updates
+
+spreadspace_apt_repo_components:
+  - container
+
+
+docker_pkg_provider: docker-com
+
+docker_storage:
+  type: lvm
+  vg: "{{ host_name }}"
+  lv: docker
+  size: 10G
+  fs: ext4
+
+kubelet_storage:
+  type: lvm
+  vg: "{{ host_name }}"
+  lv: kubelet
+  size: 5G
+  fs: ext4
+
+kubernetes_version: 1.22.5
+kubernetes_container_runtime: docker
+kubernetes_standalone_max_pods: 42
+kubernetes_standalone_cni_variant: with-portmap
diff --git a/_graveyard_/inventory/hosts.ini b/_graveyard_/inventory/hosts.ini
index bc1fafdb..2b79221f 100644
--- a/_graveyard_/inventory/hosts.ini
+++ b/_graveyard_/inventory/hosts.ini
@@ -22,6 +22,36 @@ r3-cccamp19-feedcode host_name=feedcode
 r3-cccamp19-av host_name=av
 
 
+
+###############################
+# environment: spreadspace
+
+[lendwirbel-live:vars]
+host_domain=lndwrbl.live
+env_group=spreadspace
+
+[lendwirbel-live]
+lw-thetys host_name=thetys
+lw-telesto host_name=telesto
+lw-dione host_name=dione
+lw-helene host_name=helene
+lw-master
+
+[lendwirbel-live:children]
+lendwirbel-live-dist
+lendwirbel-live-xx
+
+[lendwirbel-live-dist]
+lw-live-dist0 host_name=cdn-dist0
+
+[lendwirbel-live-xx]
+lw-live-00 host_name=cdn-00
+lw-live-01 host_name=cdn-01
+lw-live-02 host_name=cdn-02
+lw-live-03 host_name=cdn-03
+
+
+
 ###############################
 # environment: dan
 
@@ -64,3 +94,36 @@ vmhost-ch-gnocchi-guests
 
 [dolmetsch-ctl:children]
 ele-dolmetsch-ctl
+
+[hetzner]
+lw-master
+
+[hcloud:children]
+lendwirbel-live-dist
+lendwirbel-live-xx
+
+[kubernetes-cluster:children]
+k8s-lwl
+
+[standalone-kubelet]
+lw-thetys
+
+### Kubernetes Cluster: lendwirbel-live
+[k8s-lwl-encoder]
+lw-dione
+lw-helene
+
+[k8s-lwl-distribution:children]
+lendwirbel-live-dist
+
+[k8s-lwl-streamer:children]
+lendwirbel-live-xx
+
+[k8s-lwl-master]
+lw-master
+
+[k8s-lwl:children]
+k8s-lwl-master
+k8s-lwl-encoder
+k8s-lwl-distribution
+k8s-lwl-streamer
diff --git a/_graveyard_/spreadspace/group_vars/k8s-lwl.yml b/_graveyard_/spreadspace/group_vars/k8s-lwl.yml
new file mode 100644
index 00000000..5fc69d0a
--- /dev/null
+++ b/_graveyard_/spreadspace/group_vars/k8s-lwl.yml
@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.2;AES256;spreadspace
+30386433346435633361623664663166623666363833376365653735303831643437356532646663
+3966666138623466653532663763363938613966663135640a373132653064366438616362376561
+61366437363736396465656137643566303635636538366130636363366561623339393232306635
+6131303737333633330a643862383839326335633363393266653936323166383264333535323235
+32323832383362313432306537663736646236656139336463393261356133343263306266343931
+62383064393735613232366162306230363636356237663035333566663132613833356638623965
+38653936643336383561343831666561393337346234653637303264626566393165616363656438
+36303563343962623361366535646563666132643466346533316433653166326264323131386231
+32623331343931613639663364333961613231343765363964396239383633653730
diff --git a/_graveyard_/spreadspace/group_vars/lendwirbel-live.yml b/_graveyard_/spreadspace/group_vars/lendwirbel-live.yml
new file mode 100644
index 00000000..f35f6a2f
--- /dev/null
+++ b/_graveyard_/spreadspace/group_vars/lendwirbel-live.yml
@@ -0,0 +1,20 @@
+$ANSIBLE_VAULT;1.2;AES256;spreadspace
+61313636623330653337373661633432646633363638626333356362373264303737396665353033
+3463383333323563613761376235663033373563303961330a313663396537636631333133343663
+35306233613731616165396332336631353232653066306331613432303237636437666166626539
+6133333637666536640a376365313032623564623161373630353835663565306638343463383334
+37653635633363333232646363633962653937633066656330323635653933363837626437353165
+66363937333530336664613630623832333532366566396432373730323334663033643065353963
+37633866633434366232623963616135303136613130636537363534393432346266616565663238
+36373136316162666331313664363232643131653763333438333532626230376464336538323230
+37663963353331303832643638326661353730336135376264636537353233366361343230663532
+31313765663363653061336231616664316663333763666164643565656135623266306233363036
+33323033633331616334363765636238666163313733663164643835303164373436376363373961
+62393539343135373763653865323732643766326563393932393763336330386665363366323466
+30373831633838346266363431366130633462343165373439343939643132613436643432643637
+33656233643333323864366639356134643563303861323332636261316432653335393762346566
+36636664643337356235346361626437323631373338663963663638616338343939373730666239
+61303665626137373636396536356264393435663762653835313766373232383136396563346361
+35386638303535356131363338623434623261626466393338333730333262393538653139366633
+63353164636561313665653636326339343539383335303162326238633732383333376435346537
+316137346137303430353837646661666532
diff --git a/_graveyard_/spreadspace/k8s-lwl.yml b/_graveyard_/spreadspace/k8s-lwl.yml
new file mode 100644
index 00000000..1aa09daa
--- /dev/null
+++ b/_graveyard_/spreadspace/k8s-lwl.yml
@@ -0,0 +1,34 @@
+---
+- name: Basic Node Setup
+  hosts: k8s-lwl
+  roles:
+  - role: apt-repo/base
+  - role: core/base
+  - role: core/sshd/base
+  - role: core/zsh
+
+- import_playbook: ../common/kubernetes-cluster-layout.yml
+  vars:
+    kubernetes_cluster_layout:
+      nodes_group: k8s-lwl
+      masters:
+      - lw-master
+
+### hack hack hack...
+- name: cook kubernetes secrets
+  hosts: _kubernetes_nodes_
+  gather_facts: no
+  tasks:
+  - set_fact:
+      kubernetes_secrets: "{{ kubernetes_secrets }}"
+  - when: external_ip is defined
+    set_fact:
+      external_ip: "{{ external_ip }}"
+
+- import_playbook: ../common/kubernetes-cluster.yml
+- import_playbook: ../common/kubernetes-cluster-cleanup.yml
+
+- name: install addons
+  hosts: _kubernetes_primary_master_
+  roles:
+  - role: kubernetes/addons/metrics-server
diff --git a/_graveyard_/spreadspace/lendwirbel-live-xx.yml b/_graveyard_/spreadspace/lendwirbel-live-xx.yml
new file mode 100644
index 00000000..82a45785
--- /dev/null
+++ b/_graveyard_/spreadspace/lendwirbel-live-xx.yml
@@ -0,0 +1,12 @@
+---
+- name: Basic Setup
+  hosts: "{{ install_hostname }}"
+  roles:
+  - role: apt-repo/base
+  - role: core/base
+  - role: core/sshd/base
+  - role: core/zsh
+  - role: apt-repo/spreadspace
+  - role: acmetool/base
+  - role: acmetool/cert
+    acmetool_cert_name: "{{ host_name }}.{{ host_domain }}"
diff --git a/_graveyard_/spreadspace/lw-dione.yml b/_graveyard_/spreadspace/lw-dione.yml
new file mode 100644
index 00000000..af214d7f
--- /dev/null
+++ b/_graveyard_/spreadspace/lw-dione.yml
@@ -0,0 +1,12 @@
+---
+- name: Basic Setup
+  hosts: lw-dione
+  roles:
+  - role: apt-repo/base
+  - role: core/base
+  - role: core/sshd/base
+  - role: core/zsh
+  - role: core/cpu-microcode
+  - role: core/ntp
+  - role: core/admin-users
+  - role: streaming/blackmagic/desktopvideo
diff --git a/_graveyard_/spreadspace/lw-helene.yml b/_graveyard_/spreadspace/lw-helene.yml
new file mode 100644
index 00000000..a9466c66
--- /dev/null
+++ b/_graveyard_/spreadspace/lw-helene.yml
@@ -0,0 +1,12 @@
+---
+- name: Basic Setup
+  hosts: lw-helene
+  roles:
+  - role: apt-repo/base
+  - role: core/base
+  - role: core/sshd/base
+  - role: core/zsh
+  - role: core/cpu-microcode
+  - role: core/ntp
+  - role: core/admin-users
+  - role: streaming/blackmagic/desktopvideo
diff --git a/_graveyard_/spreadspace/lw-master.yml b/_graveyard_/spreadspace/lw-master.yml
new file mode 100644
index 00000000..0f6f9390
--- /dev/null
+++ b/_graveyard_/spreadspace/lw-master.yml
@@ -0,0 +1,10 @@
+---
+- name: Basic Setup
+  hosts: lw-master
+  roles:
+  - role: apt-repo/base
+  - role: core/base
+  - role: core/sshd/base
+  - role: core/zsh
+  - role: storage/lvm/groups
+  - role: elevate/emc-stats
diff --git a/_graveyard_/spreadspace/lw-telesto.yml b/_graveyard_/spreadspace/lw-telesto.yml
new file mode 100644
index 00000000..ddac511b
--- /dev/null
+++ b/_graveyard_/spreadspace/lw-telesto.yml
@@ -0,0 +1,14 @@
+---
+- name: Basic Setup
+  hosts: lw-telesto
+  roles:
+  - role: apt-repo/base
+  - role: core/base
+  - role: core/sshd/base
+  - role: core/zsh
+  - role: core/cpu-microcode
+  - role: core/admin-users
+  - role: streaming/blackmagic/desktopvideo
+  - role: apt-repo/spreadspace
+  - role: ws/base
+  - role: network/wireguard/base
diff --git a/_graveyard_/spreadspace/lw-thetys.yml b/_graveyard_/spreadspace/lw-thetys.yml
new file mode 100644
index 00000000..f32496af
--- /dev/null
+++ b/_graveyard_/spreadspace/lw-thetys.yml
@@ -0,0 +1,15 @@
+---
+- name: Basic Setup
+  hosts: lw-thetys
+  roles:
+  - role: apt-repo/base
+  - role: core/base
+  - role: core/sshd/base
+  - role: core/zsh
+  - role: core/cpu-microcode
+  - role: core/admin-users
+  - role: apt-repo/spreadspace
+  - role: streaming/blackmagic/desktopvideo
+  - role: kubernetes/base
+  - role: kubernetes/standalone/base
+  - role: network/wireguard/base
author	Christian Pointner <equinox@spreadspace.org>	2022-01-11 17:36:10 +0100
committer	Christian Pointner <equinox@spreadspace.org>	2022-01-11 18:07:55 +0100
commit	2ff93996b073b4f6d22d9e57b49e6849da474cf6 (patch)
tree	3d1b945f7d57e35c43947a2d536ac587a9b59157 /_graveyard_
parent	some more apt-repo cleanup for kubernetes roles (diff)