diff options
| -rw-r--r-- | dan/host_vars/sk-testvm.yml | 20 | ||||
| -rw-r--r-- | dan/sk-testvm.yml | 15 | ||||
| -rw-r--r-- | inventory/host_vars/sk-cloudia/vars.yml | 4 | ||||
| -rw-r--r-- | inventory/host_vars/sk-testvm.yml | 50 | ||||
| -rw-r--r-- | inventory/hosts.ini | 1 | ||||
| -rw-r--r-- | roles/apps/collabora/code/templates/pod.yml.j2 | 1 | ||||
| -rw-r--r-- | roles/apps/etherpad-lite/templates/pod-with-mariadb.yml.j2 | 1 | ||||
| -rw-r--r-- | roles/apps/jitsi/meet/templates/pod.yml.j2 | 27 | ||||
| -rw-r--r-- | roles/apps/nextcloud/tasks/main.yml | 5 | ||||
| -rw-r--r-- | roles/apps/nextcloud/templates/pod-with-mariadb.yml.j2 | 1 | ||||
| -rw-r--r-- | roles/kubernetes/base/tasks/cri_docker.yml | 13 | ||||
| -rw-r--r-- | roles/nginx/base/defaults/main.yml | 2 | ||||
| -rw-r--r-- | roles/nginx/base/tasks/main.yml | 9 |
13 files changed, 135 insertions, 14 deletions
diff --git a/dan/host_vars/sk-testvm.yml b/dan/host_vars/sk-testvm.yml new file mode 100644 index 00000000..033f490c --- /dev/null +++ b/dan/host_vars/sk-testvm.yml @@ -0,0 +1,20 @@ +$ANSIBLE_VAULT;1.2;AES256;dan +35666266336366353336306161626463373466323434316163653235623464626134316237333961 +3139623939363464366539646365323136393939316333630a373365623838663038306438636537 +63663830653332316132353033326638663332363636623131666266313065323430346634333339 +6339336365343265660a353637373133323634646463396137353130663731623265663064653337 +66363135376339363862316134373631643765383935333030323938653337396435356361353638 +35346665376262306565393339646238353230363439333762306633316331643963653466313961 +32613063306437633333386265663562616563616664613962633564373563326539363866313763 +30613232353663643066613732316564666361646163366437323765633935656238336632323733 +65386135656435313466653666623233303661343530613932373961643634346562393532663462 +31353262323133363537303035383639353334323935613831376637613964663635306637643037 +62303134633064616531353039383336363563376365326234323835643233306139363032663536 +63373534323731366365393632623432326561303863616261306233616436383266646361356636 +64383831363863363738633065386435343935633137613964316237666566313430623061636439 +31646661333161623465316564323835653062343730343331353339363664663331303735346162 +63646531646430303630356132376232656639313163376631373135313237633334646135653239 +37386437633432376564383964636266623230363834633239356565376530633838333533346335 +66383966313862353130663334383535376464613638366330303962656336613765656362393335 +37643066353734303733346234633736653663376639656633306635363061623163376139616564 +646461383234653235356164626537326664 diff --git a/dan/sk-testvm.yml b/dan/sk-testvm.yml new file mode 100644 index 00000000..a8447074 --- /dev/null +++ b/dan/sk-testvm.yml @@ -0,0 +1,15 @@ +--- +- name: Basic Setup + hosts: sk-testvm + roles: + - role: base + - role: sshd + - role: zsh + - role: apt-repo/base + - role: kubernetes/base + - role: kubernetes/standalone + - role: apt-repo/spreadspace + - role: acmetool/base + - role: nginx/base + - role: apps/jitsi/meet + - role: apps/nextcloud diff --git a/inventory/host_vars/sk-cloudia/vars.yml b/inventory/host_vars/sk-cloudia/vars.yml index f3b832e9..15dcb860 100644 --- a/inventory/host_vars/sk-cloudia/vars.yml +++ b/inventory/host_vars/sk-cloudia/vars.yml @@ -33,10 +33,10 @@ kubelet_zfs: kubernetes_version: 1.18.2 kubernetes_container_runtime: docker -kubernetes_standalone_max_pods: 42 +kubernetes_standalone_max_pods: 100 kubernetes_standalone_resolv_conf: /var/run/systemd/resolve/resolv.conf kubernetes_standalone_pod_cidr: 192.168.255.0/24 -kubernetes_standalone_cni_variant: with-localonly-portmap +kubernetes_standalone_cni_variant: with-portmap acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}" diff --git a/inventory/host_vars/sk-testvm.yml b/inventory/host_vars/sk-testvm.yml index 8ffb8ac7..e1a94c60 100644 --- a/inventory/host_vars/sk-testvm.yml +++ b/inventory/host_vars/sk-testvm.yml @@ -3,8 +3,8 @@ vm_host: sk-2019vm install: host: "{{ vm_host }}" - mem: 1024 - numcpu: 1 + mem: 10240 + numcpu: 4 disks: primary: /dev/sda scsi: @@ -36,3 +36,49 @@ external_ip: "{{ network.primary.overlay }}" # # https://owncloud.org/news/upgrading-owncloud-on-debian-stable-to-official-packages/ # + +docker_lvm: + vg: "{{ host_name }}" + lv: docker + size: 10G + fs: ext4 + +kubelet_lvm: + vg: "{{ host_name }}" + lv: kubelet + size: 5G + fs: ext4 + + +kubernetes_version: 1.18.2 +kubernetes_container_runtime: docker +kubernetes_standalone_max_pods: 42 +kubernetes_standalone_pod_cidr: 192.168.255.0/24 +kubernetes_standalone_cni_variant: with-portmap + + +nginx_server_names_hash_bucket_size: 64 +acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}" + + +jitsi_meet_base_path: /srv/jitsi/meet + +jitsi_meet_version: stable-4548-1 +jitsi_meet_hostnames: + - meet-dev.elev8.at + +jitsi_meet_secrets: "{{ vault_jitsi_meet_secrets }}" + + +nextcloud_base_path: /srv/nextcloud +nextcloud_instances: + wolke-dev.elev8.at: + # new: true + version: 18.0.4 + port: 8100 + hostnames: + - wolke-dev.elev8.at + database: + type: mariadb + version: 10.4.13 + password: "{{ vault_nextcloud_database_passwords['wolke-dev.elev8.at'] }}" diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 89d073a8..a6a2c75e 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -305,6 +305,7 @@ k8s-lwl sk-cloudia ele-thetys lw-thetys +sk-testvm [kubernetes:children] kubernetes-cluster diff --git a/roles/apps/collabora/code/templates/pod.yml.j2 b/roles/apps/collabora/code/templates/pod.yml.j2 index ee4651a1..8ed092ac 100644 --- a/roles/apps/collabora/code/templates/pod.yml.j2 +++ b/roles/apps/collabora/code/templates/pod.yml.j2 @@ -26,6 +26,7 @@ spec: ports: - containerPort: 9980 hostPort: {{ item.value.port }} + hostIP: 127.0.0.1 volumes: - name: config hostPath: diff --git a/roles/apps/etherpad-lite/templates/pod-with-mariadb.yml.j2 b/roles/apps/etherpad-lite/templates/pod-with-mariadb.yml.j2 index a4acdd21..9391290f 100644 --- a/roles/apps/etherpad-lite/templates/pod-with-mariadb.yml.j2 +++ b/roles/apps/etherpad-lite/templates/pod-with-mariadb.yml.j2 @@ -22,6 +22,7 @@ spec: ports: - containerPort: 9001 hostPort: {{ item.value.port }} + hostIP: 127.0.0.1 - name: database image: "mariadb:{{ item.value.database.version }}" securityContext: diff --git a/roles/apps/jitsi/meet/templates/pod.yml.j2 b/roles/apps/jitsi/meet/templates/pod.yml.j2 index 93a4a33f..1504211a 100644 --- a/roles/apps/jitsi/meet/templates/pod.yml.j2 +++ b/roles/apps/jitsi/meet/templates/pod.yml.j2 @@ -18,8 +18,10 @@ spec: - name: jicofo image: "jitsi/jicofo:{{ jitsi_meet_version }}" resources: + requests: + memory: "1Gi" limits: - memory: "5Gi" + memory: "4Gi" volumeMounts: - name: config subPath: jicofo @@ -50,6 +52,8 @@ spec: - name: prosody image: "jitsi/prosody:{{ jitsi_meet_version }}" resources: + requests: + memory: "128Mi" limits: memory: "512Mi" volumeMounts: @@ -89,11 +93,15 @@ spec: - name: web image: "jitsi/web:{{ jitsi_meet_version }}" resources: + requests: + memory: "256Mi" limits: memory: "1Gi" ports: - - containerPort: 80 + - protocol: TCP + containerPort: 80 hostPort: {{ jitsi_meet_http_port }} + hostIP: 127.0.0.1 volumeMounts: - name: config subPath: web @@ -129,8 +137,15 @@ spec: - name: jvb image: "jitsi/jvb:{{ jitsi_meet_version }}" resources: + requests: + memory: "1Gi" limits: - memory: "5Gi" + memory: "4Gi" + ports: + - protocol: UDP + containerPort: {{ jitsi_meet_jvb_port }} + hostPort: {{ jitsi_meet_jvb_port }} + hostIP: "{{ external_ip | default(ansible_default_ipv4.address) }}" volumeMounts: - name: config subPath: jvb @@ -157,13 +172,11 @@ spec: - name: JVB_BREWERY_MUC value: jvbbrewery - name: JVB_PORT - value: "10000" + value: "{{ jitsi_meet_jvb_port }}" - name: JVB_TCP_HARVESTER_DISABLED value: "true" - - name: JVB_STUN_SERVERS - value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302 - name: DOCKER_HOST_ADDRESS - value: "{{ ansible_default_ipv4.address }}" + value: "{{ external_ip | default(ansible_default_ipv4.address) }}" - name: TZ value: {{ jitsi_meet_timezone }} diff --git a/roles/apps/nextcloud/tasks/main.yml b/roles/apps/nextcloud/tasks/main.yml index 7d52be32..68e9dc78 100644 --- a/roles/apps/nextcloud/tasks/main.yml +++ b/roles/apps/nextcloud/tasks/main.yml @@ -12,7 +12,7 @@ - name: create zfs volumes for instances loop: "{{ nextcloud_instances | dict2items }}" loop_control: - label: "{{ item.key }} ({{ item.value.quota }})" + label: "{{ item.key }} ({{ item.value.quota | default('-') }})" zfs: name: "{{ nextcloud_zfs.pool }}/{{ nextcloud_zfs.name }}/{{ item.key }}" state: present @@ -174,7 +174,8 @@ prompt: | ************* {{ item.key }} is a new instance ** - ** Please run the following commands to finalize the installation + ** Go to https://{{ item.value.hostnames[0] }} and finalize the + ** installation. After that run the following commands: ** ** $ nextcloud-occ {{ item.key }} db:add-missing-indices ** $ nextcloud-occ {{ item.key }} db:convert-filecache-bigint diff --git a/roles/apps/nextcloud/templates/pod-with-mariadb.yml.j2 b/roles/apps/nextcloud/templates/pod-with-mariadb.yml.j2 index dfef3810..72f8cb7a 100644 --- a/roles/apps/nextcloud/templates/pod-with-mariadb.yml.j2 +++ b/roles/apps/nextcloud/templates/pod-with-mariadb.yml.j2 @@ -41,6 +41,7 @@ spec: ports: - containerPort: 8080 hostPort: {{ item.value.port }} + hostIP: 127.0.0.1 - name: database image: "mariadb:{{ item.value.database.version }}" args: diff --git a/roles/kubernetes/base/tasks/cri_docker.yml b/roles/kubernetes/base/tasks/cri_docker.yml index 50558d70..0c400e2c 100644 --- a/roles/kubernetes/base/tasks/cri_docker.yml +++ b/roles/kubernetes/base/tasks/cri_docker.yml @@ -1,11 +1,22 @@ --- - - name: make sure the kubernetes_cri_socket variable is configured correctly assert: msg: "The variable kubernetes_cri_socket is not configured correctly. You might need to move your host to the group kubernetes-cluster or standalone-kubelet!" that: - not kubernetes_cri_socket +- name: create systemd snippet directory + file: + path: /etc/systemd/system/kubelet.service.d/ + state: directory + +- name: install systemd snippet to make sure kubelet starts after docker + copy: + content: | + [Unit] + After=docker.service + dest: /etc/systemd/system/kubelet.service.d/after-docker.conf + - name: disable bridge and iptables in docker daemon config set_fact: docker_daemon_config: "{{ docker_daemon_config | default({}) | combine({'exec-opts': ['native.cgroupdriver=systemd'], 'bridge': 'none', 'iptables': false}) }}" diff --git a/roles/nginx/base/defaults/main.yml b/roles/nginx/base/defaults/main.yml index 9dd53cdf..79c79b49 100644 --- a/roles/nginx/base/defaults/main.yml +++ b/roles/nginx/base/defaults/main.yml @@ -14,3 +14,5 @@ nginx_snippets: nginx_dhparam_size: 2048 nginx_stream_module: no + +# nginx_server_names_hash_bucket_size: 64 diff --git a/roles/nginx/base/tasks/main.yml b/roles/nginx/base/tasks/main.yml index b0e7df5b..572b1513 100644 --- a/roles/nginx/base/tasks/main.yml +++ b/roles/nginx/base/tasks/main.yml @@ -33,3 +33,12 @@ - name: install and setup stream module when: nginx_stream_module import_tasks: stream.yml + +- name: configure server_names_hash_bucket_size + when: nginx_server_names_hash_bucket_size is defined + lineinfile: + regexp: "^(\\s*)#?\\s*server_names_hash_bucket_size\\s" + line: "\\1server_names_hash_bucket_size {{ nginx_server_names_hash_bucket_size }};" + dest: /etc/nginx/nginx.conf + backrefs: yes + notify: restart nginx |