diff options
Diffstat (limited to '_graveyard_')
18 files changed, 559 insertions, 0 deletions
diff --git a/_graveyard_/inventory/group_vars/k8s-lwl/vars.yml b/_graveyard_/inventory/group_vars/k8s-lwl/vars.yml new file mode 100644 index 00000000..6a93d86b --- /dev/null +++ b/_graveyard_/inventory/group_vars/k8s-lwl/vars.yml @@ -0,0 +1,50 @@ +--- +docker_pkg_provider: docker-com + +kubernetes_version: 1.22.5 +kubernetes_container_runtime: docker +kubernetes_network_plugin: kubeguard + +kubernetes: + cluster_name: lndwrbl-live + + dedicated_master: False + api_extra_sans: + - 178.63.180.137 + - k8s-master.lndwrbl.live + + pod_ip_range: 172.18.0.0/16 + pod_ip_range_size: 24 + service_ip_range: 172.18.192.0/18 + + +kubernetes_secrets: + encryption_config_keys: "{{ vault_kubernetes_encryption_config_keys }}" + + +kubeguard: + ## node_index must be in the range between 1 and 190 -> 189 hosts possible + ## + ## hardcoded hostnames are not nice but if we do this via host_vars + ## the info is spread over multiple files and this makes it more diffcult + ## to find mistakes, so it is nicer to keep it in one place... + node_index: + lw-live-01: 1 + lw-live-02: 2 + lw-live-03: 3 + lw-live-00: 100 + lw-live-dist0: 110 + lw-dione: 111 + lw-helene: 112 + lw-master: 127 + + direct_net_zones: + encoder: + transfer_net: 172.18.191.0/24 + node_interface: + lw-dione: eno2 + lw-helene: eno2 + +kubernetes_overlay_node_ip: "{{ kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[inventory_hostname]) | ipaddr(1) | ipaddr('address') }}" + +kubernetes_metrics_server_version: 0.5.0 diff --git a/_graveyard_/inventory/group_vars/lendwirbel-live-xx/vars.yml b/_graveyard_/inventory/group_vars/lendwirbel-live-xx/vars.yml new file mode 100644 index 00000000..6defdb17 --- /dev/null +++ b/_graveyard_/inventory/group_vars/lendwirbel-live-xx/vars.yml @@ -0,0 +1,2 @@ +--- +install_playbook: lendwirbel-live-xx diff --git a/_graveyard_/inventory/group_vars/lendwirbel-live/vars.yml b/_graveyard_/inventory/group_vars/lendwirbel-live/vars.yml new file mode 100644 index 00000000..a06be375 --- /dev/null +++ b/_graveyard_/inventory/group_vars/lendwirbel-live/vars.yml @@ -0,0 +1,29 @@ +--- +zsh_banner: lendwirbel + +acmetool_account_email: equinox@spreadspace.org +acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}" + +apt_repo_blackmagic_auth: + username: "spreadspace" + password: "{{ vault_apt_repo_blackmagic_auth.password }}" + +install: + cloud: + credentials: + token: "{{ vault_hcloud_api_token }}" + + +docker_storage: + type: lvm + vg: "{{ host_name }}" + lv: docker + size: 15G + fs: ext4 + +kubelet_storage: + type: lvm + vg: "{{ host_name }}" + lv: kubelet + size: 10G + fs: ext4 diff --git a/_graveyard_/inventory/host_vars/lw-dione.yml b/_graveyard_/inventory/host_vars/lw-dione.yml new file mode 100644 index 00000000..e5073987 --- /dev/null +++ b/_graveyard_/inventory/host_vars/lw-dione.yml @@ -0,0 +1,57 @@ +--- +install: + efi: true + disks: + primary: /dev/disk/by-id/nvme-SAMSUNG_MZVPW256HEGL-00000_S346NY0HC29501 + kernel_cmdline: + - "consoleblank=0" + - "nomodeset" + +network: + nameservers: + - 9.9.9.9 + domain: "{{ host_domain }}" + primary: &_network_primary_ + name: eno1 + address: 192.168.32.202/24 + gateway: 192.168.32.254 + interfaces: + - *_network_primary_ + + +base_packages_extra_host: + - exfat-fuse + - exfat-utils + - vlan + +admin_users_host: + - equinox + +docker_storage: + type: lvm + vg: "{{ host_name }}" + lv: docker + size: 15G + fs: ext4 + +kubelet_storage: + type: lvm + vg: "{{ host_name }}" + lv: kubelet + size: 10G + fs: ext4 + + +ntp_variant: chrony + +ntp_client: + pools: + - name: at.pool.ntp.org + options: iburst + +ntp_hwtimestamp_interfaces: + - name: "*" + +ntp_server: + allow: + - "192.168.32.0/24" diff --git a/_graveyard_/inventory/host_vars/lw-helene.yml b/_graveyard_/inventory/host_vars/lw-helene.yml new file mode 100644 index 00000000..a45f02d0 --- /dev/null +++ b/_graveyard_/inventory/host_vars/lw-helene.yml @@ -0,0 +1,51 @@ +--- +install: + efi: true + disks: + primary: /dev/disk/by-id/nvme-SAMSUNG_MZVPW256HEGL-00000_S346NB0J803346 + kernel_cmdline: + - "consoleblank=0" + - "nomodeset" + +network: + nameservers: + - 9.9.9.9 + domain: "{{ host_domain }}" + primary: &_network_primary_ + name: eno1 + address: 192.168.32.203/24 + gateway: 192.168.32.254 + interfaces: + - *_network_primary_ + + +base_packages_extra_host: + - exfat-fuse + - exfat-utils + - vlan + +admin_users_host: + - equinox + +docker_storage: + type: lvm + vg: "{{ host_name }}" + lv: docker + size: 15G + fs: ext4 + +kubelet_storage: + type: lvm + vg: "{{ host_name }}" + lv: kubelet + size: 10G + fs: ext4 + + +ntp_client: + servers: + - name: "192.168.32.202" + options: iburst minpoll 1 maxpoll 3 polltarget 30 + +ntp_hwtimestamp_interfaces: + - name: "*" diff --git a/_graveyard_/inventory/host_vars/lw-master.yml b/_graveyard_/inventory/host_vars/lw-master.yml new file mode 100644 index 00000000..cee52198 --- /dev/null +++ b/_graveyard_/inventory/host_vars/lw-master.yml @@ -0,0 +1,62 @@ +--- +install: + vm: + memory: 10G + numcpus: 6 + autostart: True + disks: + primary: /dev/sda + scsi: + sda: + type: zfs + name: root + size: 20g + # sdb: + # type: blockdev + # path: /dev/zvol/storage/streamstats + interfaces: + - bridge: br-public + name: primary0 + +network: + nameservers: "{{ vm_host.network.dns }}" + domain: "{{ host_domain }}" + systemd_link: + interfaces: "{{ install.interfaces }}" + primary: &_network_primary_ + name: primary0 + address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}" + gateway: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ipaddr('address') }}" + template: overlay + overlay: "{{ (vm_host.network.bridges.public.overlays.default.prefix | ipaddr(vm_host.network.bridges.public.overlays.default.offsets[inventory_hostname])).split('/')[0] }}" + interfaces: + - *_network_primary_ + +external_ip: "{{ network.primary.overlay }}" + +docker_storage: + type: lvm + vg: "{{ host_name }}" + lv: docker + size: 7G + fs: ext4 + +kubelet_storage: + type: lvm + vg: "{{ host_name }}" + lv: kubelet + size: 5G + fs: ext4 + + +lvm_groups: + streamstats: + pvs: + - /dev/sdb + +emc_stats_storage: + type: lvm + vg: streamstats + lv: stats + size: 42G + fs: ext4 diff --git a/_graveyard_/inventory/host_vars/lw-telesto.yml b/_graveyard_/inventory/host_vars/lw-telesto.yml new file mode 100644 index 00000000..8e9a0061 --- /dev/null +++ b/_graveyard_/inventory/host_vars/lw-telesto.yml @@ -0,0 +1,54 @@ +--- +debian_preseed_language: de +debian_preseed_country: AT +debian_preseed_locales: + - de_AT.UTF-8 + - de_DE.UTF-8 + - en_US.UTF-8 + +debian_preseed_no_splash: no +debian_preseed_install_tasks: + - xubuntu-desktop + + +install: + efi: yes + disks: + primary: software-raid + raid: + level: 1 + members: + - /dev/disk/by-id/ata-SAMSUNG_HD103UJ_S1PVJDWQ720808 + - /dev/disk/by-id/ata-SAMSUNG_HD103UJ_S1PVJDWQ720810 + system_lvm: + size: 50G + volumes: + - name: root + size: 20G + filesystem: ext4 + mountpoint: / + - name: var+log + size: 768M + filesystem: ext4 + mountpoint: /var/log + mount_options: + - noatime + - nodev + - noexec + +network: + nameservers: + - 9.9.9.9 + domain: "{{ host_domain }}" + primary: &_network_primary_ + name: eno1 + address: 192.168.32.201/24 + gateway: 192.168.32.254 + interfaces: + - *_network_primary_ + + +base_modules_blacklist: "{{ base_modules_blacklist_all_but_sound }}" + +admin_users_host: + - equinox diff --git a/_graveyard_/inventory/host_vars/lw-thetys.yml b/_graveyard_/inventory/host_vars/lw-thetys.yml new file mode 100644 index 00000000..a732782d --- /dev/null +++ b/_graveyard_/inventory/host_vars/lw-thetys.yml @@ -0,0 +1,52 @@ +--- +install: + efi: true + disks: + primary: /dev/disk/by-id/ata-TS32GMSA370_B475040161 + kernel_cmdline: + - "consoleblank=0" + +network: + nameservers: + - 9.9.9.9 + domain: "{{ host_domain }}" + primary: &_network_primary_ + name: eno1 + address: 192.168.28.202/24 + gateway: 192.168.28.254 + interfaces: + - *_network_primary_ + + +admin_users_host: + - equinox + +apt_repo_components: + - main + - contrib + - non-free ## for microcode updates + +spreadspace_apt_repo_components: + - container + + +docker_pkg_provider: docker-com + +docker_storage: + type: lvm + vg: "{{ host_name }}" + lv: docker + size: 10G + fs: ext4 + +kubelet_storage: + type: lvm + vg: "{{ host_name }}" + lv: kubelet + size: 5G + fs: ext4 + +kubernetes_version: 1.22.5 +kubernetes_container_runtime: docker +kubernetes_standalone_max_pods: 42 +kubernetes_standalone_cni_variant: with-portmap diff --git a/_graveyard_/inventory/hosts.ini b/_graveyard_/inventory/hosts.ini index bc1fafdb..2b79221f 100644 --- a/_graveyard_/inventory/hosts.ini +++ b/_graveyard_/inventory/hosts.ini @@ -22,6 +22,36 @@ r3-cccamp19-feedcode host_name=feedcode r3-cccamp19-av host_name=av + +############################### +# environment: spreadspace + +[lendwirbel-live:vars] +host_domain=lndwrbl.live +env_group=spreadspace + +[lendwirbel-live] +lw-thetys host_name=thetys +lw-telesto host_name=telesto +lw-dione host_name=dione +lw-helene host_name=helene +lw-master + +[lendwirbel-live:children] +lendwirbel-live-dist +lendwirbel-live-xx + +[lendwirbel-live-dist] +lw-live-dist0 host_name=cdn-dist0 + +[lendwirbel-live-xx] +lw-live-00 host_name=cdn-00 +lw-live-01 host_name=cdn-01 +lw-live-02 host_name=cdn-02 +lw-live-03 host_name=cdn-03 + + + ############################### # environment: dan @@ -64,3 +94,36 @@ vmhost-ch-gnocchi-guests [dolmetsch-ctl:children] ele-dolmetsch-ctl + +[hetzner] +lw-master + +[hcloud:children] +lendwirbel-live-dist +lendwirbel-live-xx + +[kubernetes-cluster:children] +k8s-lwl + +[standalone-kubelet] +lw-thetys + +### Kubernetes Cluster: lendwirbel-live +[k8s-lwl-encoder] +lw-dione +lw-helene + +[k8s-lwl-distribution:children] +lendwirbel-live-dist + +[k8s-lwl-streamer:children] +lendwirbel-live-xx + +[k8s-lwl-master] +lw-master + +[k8s-lwl:children] +k8s-lwl-master +k8s-lwl-encoder +k8s-lwl-distribution +k8s-lwl-streamer diff --git a/_graveyard_/spreadspace/group_vars/k8s-lwl.yml b/_graveyard_/spreadspace/group_vars/k8s-lwl.yml new file mode 100644 index 00000000..5fc69d0a --- /dev/null +++ b/_graveyard_/spreadspace/group_vars/k8s-lwl.yml @@ -0,0 +1,10 @@ +$ANSIBLE_VAULT;1.2;AES256;spreadspace +30386433346435633361623664663166623666363833376365653735303831643437356532646663 +3966666138623466653532663763363938613966663135640a373132653064366438616362376561 +61366437363736396465656137643566303635636538366130636363366561623339393232306635 +6131303737333633330a643862383839326335633363393266653936323166383264333535323235 +32323832383362313432306537663736646236656139336463393261356133343263306266343931 +62383064393735613232366162306230363636356237663035333566663132613833356638623965 +38653936643336383561343831666561393337346234653637303264626566393165616363656438 +36303563343962623361366535646563666132643466346533316433653166326264323131386231 +32623331343931613639663364333961613231343765363964396239383633653730 diff --git a/_graveyard_/spreadspace/group_vars/lendwirbel-live.yml b/_graveyard_/spreadspace/group_vars/lendwirbel-live.yml new file mode 100644 index 00000000..f35f6a2f --- /dev/null +++ b/_graveyard_/spreadspace/group_vars/lendwirbel-live.yml @@ -0,0 +1,20 @@ +$ANSIBLE_VAULT;1.2;AES256;spreadspace +61313636623330653337373661633432646633363638626333356362373264303737396665353033 +3463383333323563613761376235663033373563303961330a313663396537636631333133343663 +35306233613731616165396332336631353232653066306331613432303237636437666166626539 +6133333637666536640a376365313032623564623161373630353835663565306638343463383334 +37653635633363333232646363633962653937633066656330323635653933363837626437353165 +66363937333530336664613630623832333532366566396432373730323334663033643065353963 +37633866633434366232623963616135303136613130636537363534393432346266616565663238 +36373136316162666331313664363232643131653763333438333532626230376464336538323230 +37663963353331303832643638326661353730336135376264636537353233366361343230663532 +31313765663363653061336231616664316663333763666164643565656135623266306233363036 +33323033633331616334363765636238666163313733663164643835303164373436376363373961 +62393539343135373763653865323732643766326563393932393763336330386665363366323466 +30373831633838346266363431366130633462343165373439343939643132613436643432643637 +33656233643333323864366639356134643563303861323332636261316432653335393762346566 +36636664643337356235346361626437323631373338663963663638616338343939373730666239 +61303665626137373636396536356264393435663762653835313766373232383136396563346361 +35386638303535356131363338623434623261626466393338333730333262393538653139366633 +63353164636561313665653636326339343539383335303162326238633732383333376435346537 +316137346137303430353837646661666532 diff --git a/_graveyard_/spreadspace/k8s-lwl.yml b/_graveyard_/spreadspace/k8s-lwl.yml new file mode 100644 index 00000000..1aa09daa --- /dev/null +++ b/_graveyard_/spreadspace/k8s-lwl.yml @@ -0,0 +1,34 @@ +--- +- name: Basic Node Setup + hosts: k8s-lwl + roles: + - role: apt-repo/base + - role: core/base + - role: core/sshd/base + - role: core/zsh + +- import_playbook: ../common/kubernetes-cluster-layout.yml + vars: + kubernetes_cluster_layout: + nodes_group: k8s-lwl + masters: + - lw-master + +### hack hack hack... +- name: cook kubernetes secrets + hosts: _kubernetes_nodes_ + gather_facts: no + tasks: + - set_fact: + kubernetes_secrets: "{{ kubernetes_secrets }}" + - when: external_ip is defined + set_fact: + external_ip: "{{ external_ip }}" + +- import_playbook: ../common/kubernetes-cluster.yml +- import_playbook: ../common/kubernetes-cluster-cleanup.yml + +- name: install addons + hosts: _kubernetes_primary_master_ + roles: + - role: kubernetes/addons/metrics-server diff --git a/_graveyard_/spreadspace/lendwirbel-live-xx.yml b/_graveyard_/spreadspace/lendwirbel-live-xx.yml new file mode 100644 index 00000000..82a45785 --- /dev/null +++ b/_graveyard_/spreadspace/lendwirbel-live-xx.yml @@ -0,0 +1,12 @@ +--- +- name: Basic Setup + hosts: "{{ install_hostname }}" + roles: + - role: apt-repo/base + - role: core/base + - role: core/sshd/base + - role: core/zsh + - role: apt-repo/spreadspace + - role: acmetool/base + - role: acmetool/cert + acmetool_cert_name: "{{ host_name }}.{{ host_domain }}" diff --git a/_graveyard_/spreadspace/lw-dione.yml b/_graveyard_/spreadspace/lw-dione.yml new file mode 100644 index 00000000..af214d7f --- /dev/null +++ b/_graveyard_/spreadspace/lw-dione.yml @@ -0,0 +1,12 @@ +--- +- name: Basic Setup + hosts: lw-dione + roles: + - role: apt-repo/base + - role: core/base + - role: core/sshd/base + - role: core/zsh + - role: core/cpu-microcode + - role: core/ntp + - role: core/admin-users + - role: streaming/blackmagic/desktopvideo diff --git a/_graveyard_/spreadspace/lw-helene.yml b/_graveyard_/spreadspace/lw-helene.yml new file mode 100644 index 00000000..a9466c66 --- /dev/null +++ b/_graveyard_/spreadspace/lw-helene.yml @@ -0,0 +1,12 @@ +--- +- name: Basic Setup + hosts: lw-helene + roles: + - role: apt-repo/base + - role: core/base + - role: core/sshd/base + - role: core/zsh + - role: core/cpu-microcode + - role: core/ntp + - role: core/admin-users + - role: streaming/blackmagic/desktopvideo diff --git a/_graveyard_/spreadspace/lw-master.yml b/_graveyard_/spreadspace/lw-master.yml new file mode 100644 index 00000000..0f6f9390 --- /dev/null +++ b/_graveyard_/spreadspace/lw-master.yml @@ -0,0 +1,10 @@ +--- +- name: Basic Setup + hosts: lw-master + roles: + - role: apt-repo/base + - role: core/base + - role: core/sshd/base + - role: core/zsh + - role: storage/lvm/groups + - role: elevate/emc-stats diff --git a/_graveyard_/spreadspace/lw-telesto.yml b/_graveyard_/spreadspace/lw-telesto.yml new file mode 100644 index 00000000..ddac511b --- /dev/null +++ b/_graveyard_/spreadspace/lw-telesto.yml @@ -0,0 +1,14 @@ +--- +- name: Basic Setup + hosts: lw-telesto + roles: + - role: apt-repo/base + - role: core/base + - role: core/sshd/base + - role: core/zsh + - role: core/cpu-microcode + - role: core/admin-users + - role: streaming/blackmagic/desktopvideo + - role: apt-repo/spreadspace + - role: ws/base + - role: network/wireguard/base diff --git a/_graveyard_/spreadspace/lw-thetys.yml b/_graveyard_/spreadspace/lw-thetys.yml new file mode 100644 index 00000000..f32496af --- /dev/null +++ b/_graveyard_/spreadspace/lw-thetys.yml @@ -0,0 +1,15 @@ +--- +- name: Basic Setup + hosts: lw-thetys + roles: + - role: apt-repo/base + - role: core/base + - role: core/sshd/base + - role: core/zsh + - role: core/cpu-microcode + - role: core/admin-users + - role: apt-repo/spreadspace + - role: streaming/blackmagic/desktopvideo + - role: kubernetes/base + - role: kubernetes/standalone/base + - role: network/wireguard/base |