summaryrefslogtreecommitdiff
path: root/spreadspace
diff options
context:
space:
mode:
Diffstat (limited to 'spreadspace')
-rw-r--r--spreadspace/acme-emc.yml29
-rw-r--r--spreadspace/calypso.yml10
-rw-r--r--spreadspace/dione.yml9
-rw-r--r--spreadspace/emc-master.yml7
-rw-r--r--spreadspace/emc-stats.yml8
-rw-r--r--spreadspace/emc-test.yml7
-rw-r--r--spreadspace/emc-xx.yml9
-rw-r--r--spreadspace/generic.yaml5
-rw-r--r--spreadspace/group_vars/spreadspace.yml10
-rw-r--r--spreadspace/helene.yml10
-rw-r--r--spreadspace/k8s-emc.yml96
-rw-r--r--spreadspace/telesto.yml9
-rw-r--r--spreadspace/thetys.yml10
-rw-r--r--spreadspace/vm-install.yml2
14 files changed, 221 insertions, 0 deletions
diff --git a/spreadspace/acme-emc.yml b/spreadspace/acme-emc.yml
new file mode 100644
index 00000000..41fff42b
--- /dev/null
+++ b/spreadspace/acme-emc.yml
@@ -0,0 +1,29 @@
+---
+- name: create certificates for host
+ hosts: emc-xx:helene
+ vars:
+ acmetool_directory_server: "{{ acmetool_directory_server_le_live }}"
+ roles:
+ - role: acmetool/base
+ - role: acmetool/cert
+ acmetool_cert_name: "{{ inventory_hostname }}"
+ acmetool_cert_hostnames:
+ - "{{ inventory_hostname }}.spreadspace.org"
+
+- name: create certificates for names running on emc-00
+ hosts: emc-00
+ roles:
+ - role: acmetool/cert
+ acmetool_cert_name: emc
+ acmetool_cert_hostnames:
+ - stream.elevate.at
+ - elevate-live.spreadspace.org
+ - elevate-stats.spreadspace.org
+
+- name: create certificates for names running on helene
+ hosts: helene
+ roles:
+ - role: acmetool/cert
+ acmetool_cert_name: emc
+ acmetool_cert_hostnames:
+ - elevate-feed.spreadspace.org
diff --git a/spreadspace/calypso.yml b/spreadspace/calypso.yml
new file mode 100644
index 00000000..cd6a9ac0
--- /dev/null
+++ b/spreadspace/calypso.yml
@@ -0,0 +1,10 @@
+---
+- name: Basic Setup
+ hosts: calypso
+ roles:
+ - role: base
+ - role: sshserver
+ - role: zsh
+ - role: admin-user
+ - role: blackmagic-desktopvideo
+ - role: spreadspace-apt-repo
diff --git a/spreadspace/dione.yml b/spreadspace/dione.yml
new file mode 100644
index 00000000..70b6a077
--- /dev/null
+++ b/spreadspace/dione.yml
@@ -0,0 +1,9 @@
+---
+- name: Basic Setup
+ hosts: dione
+ roles:
+ - role: base
+ - role: sshserver
+ - role: zsh
+ - role: admin-user
+ - role: blackmagic-desktopvideo
diff --git a/spreadspace/emc-master.yml b/spreadspace/emc-master.yml
new file mode 100644
index 00000000..b12e8004
--- /dev/null
+++ b/spreadspace/emc-master.yml
@@ -0,0 +1,7 @@
+---
+- name: Basic Setup
+ hosts: emc-master
+ roles:
+ - role: base
+ - role: sshserver
+ - role: zsh
diff --git a/spreadspace/emc-stats.yml b/spreadspace/emc-stats.yml
new file mode 100644
index 00000000..767b58aa
--- /dev/null
+++ b/spreadspace/emc-stats.yml
@@ -0,0 +1,8 @@
+---
+- name: Basic Setup
+ hosts: emc-stats
+ roles:
+ - role: base
+ - role: sshserver
+ - role: zsh
+ - role: emc-stats
diff --git a/spreadspace/emc-test.yml b/spreadspace/emc-test.yml
new file mode 100644
index 00000000..a8805fc7
--- /dev/null
+++ b/spreadspace/emc-test.yml
@@ -0,0 +1,7 @@
+---
+- name: Basic Setup
+ hosts: emc-test
+ roles:
+ - role: base
+ - role: sshserver
+ - role: zsh
diff --git a/spreadspace/emc-xx.yml b/spreadspace/emc-xx.yml
new file mode 100644
index 00000000..e2005178
--- /dev/null
+++ b/spreadspace/emc-xx.yml
@@ -0,0 +1,9 @@
+---
+- name: Basic Setup
+ hosts: emc-xx
+ roles:
+ - role: hetzner-slim
+ - role: base
+ - role: sshserver
+ - role: zsh
+ - role: admin-user
diff --git a/spreadspace/generic.yaml b/spreadspace/generic.yaml
new file mode 100644
index 00000000..d3b8de82
--- /dev/null
+++ b/spreadspace/generic.yaml
@@ -0,0 +1,5 @@
+---
+- name: "Apply role {{ myrole }} to hosts: {{ myhosts }}"
+ hosts: "{{ myhosts }}"
+ roles:
+ - role: "{{ myrole }}"
diff --git a/spreadspace/group_vars/spreadspace.yml b/spreadspace/group_vars/spreadspace.yml
new file mode 100644
index 00000000..c34fdc8d
--- /dev/null
+++ b/spreadspace/group_vars/spreadspace.yml
@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.2;AES256;spreadspace
+31313137643137373839333838343730353634616138643463333262373737356639396539643233
+3839663334323736343239373961353164646565653562390a383831383638383434623863333337
+34366232356438386563643165303735663737373566363038653061323765303466376135303565
+6331623630653931660a626235376639376231633735656333333764643064393834363134663936
+63393563323334373231643237353362653839326235336538363730356364643566303566316665
+64396539333132353131326664323866313161386232393536643733386231643737363962666531
+65336366336435633933666436616261303265326232386639333562323032393832633037636266
+36356262346132663165653530363239316438653637326330636537356234646535376365396538
+6231
diff --git a/spreadspace/helene.yml b/spreadspace/helene.yml
new file mode 100644
index 00000000..d3619d9d
--- /dev/null
+++ b/spreadspace/helene.yml
@@ -0,0 +1,10 @@
+---
+- name: Basic Setup
+ hosts: helene
+ roles:
+ - role: base
+ - role: sshserver
+ - role: zsh
+ - role: admin-user
+ - role: blackmagic-desktopvideo
+ - role: acmetool/base
diff --git a/spreadspace/k8s-emc.yml b/spreadspace/k8s-emc.yml
new file mode 100644
index 00000000..b6f09808
--- /dev/null
+++ b/spreadspace/k8s-emc.yml
@@ -0,0 +1,96 @@
+---
+- name: prepare variables and do some sanity checks
+ hosts: k8s-emc
+ gather_facts: no
+ run_once: yes
+ tasks:
+ - name: setup variables
+ set_fact:
+ kubernetes_nodes: "{{ groups['k8s-emc'] }}"
+ kubernetes_nodes_master: "{{ groups['k8s-emc-master'] | first }}"
+
+ - name: check whether every node has a net_index assigned
+ fail:
+ msg: "There are nodes without an assigned net-index: {{ kubernetes_nodes | difference(kubernetes.net_index.keys()) | join(', ') }}"
+ failed_when: kubernetes_nodes | difference(kubernetes.net_index.keys()) | length > 0
+
+ - name: check whether net indizes are unique
+ fail:
+ msg: "There are duplicate entries in the net_index table, every net-index is only allowed once"
+ failed_when: (kubernetes.net_index.keys() | length) != (kubernetes.net_index.values() | unique | length)
+
+ - name: check whether net indizes are all > 0
+ fail:
+ msg: "At least one net-index is < 1 (indizes start at 1)"
+ failed_when: (kubernetes.net_index.values() | min) < 1
+
+########
+- name: install kubernetes and overlay network
+ hosts: k8s-emc
+ roles:
+ ## Since `base` has a dependency for docker it would install and start the daemon
+ ## without the docker daemon config file generated by `net`.
+ ## This means that the docker daemon will create a bridge and install iptables rules
+ ## upon first startup (the first time this playbook runs on a specific host).
+ ## Since it is a tedious task to remove the interface and the firewall rules it is much
+ ## easier to just run `net` before `base` as `net` does not need anything from `base`.
+ - role: kubernetes/net
+ - role: kubernetes/base
+
+- name: configure kubernetes master
+ hosts: k8s-emc-master
+ roles:
+ - role: kubernetes/master
+
+- name: configure kubernetes nodes
+ hosts: k8s-emc:!k8s-emc-master
+ roles:
+ - role: kubernetes/node
+
+########
+- name: check for nodes to be removed
+ hosts: k8s-emc-master
+ tasks:
+ - name: fetch list of current nodes
+ command: kubectl get nodes -o name
+ changed_when: False
+ check_mode: no
+ register: kubectl_node_list
+
+ - name: generate list of nodes to be removed
+ with_items: "{{ kubectl_node_list.stdout_lines | map('replace', 'nodes/', '') | list | difference(kubernetes_nodes) }}"
+ add_host:
+ name: "{{ item }}"
+ inventory_dir: "{{inventory_dir}}"
+ group: _k8s-emc-remove_
+ changed_when: False
+
+ - name: drain superflous nodes
+ with_items: "{{ groups['_k8s-emc-remove_'] | default([]) }}"
+ command: "kubectl drain {{ item }} --delete-local-data --force --ignore-daemonsets"
+
+- name: try to clean superflous nodes
+ hosts: _k8s-emc-remove_
+ vars:
+ k8s_remove_node: yes
+ roles:
+ - role: kubernetes/node
+ - role: kubernetes/net
+
+- name: remove node from api server
+ hosts: k8s-emc-master
+ tasks:
+ - name: remove superflous nodes
+ with_items: "{{ groups['_k8s-emc-remove_'] | default([]) }}"
+ command: "kubectl delete node {{ item }}"
+
+ - name: wait a litte before removing bootstrap-token so new nodes have time to generate certificates for themselves
+ when: kube_bootstrap_token != ""
+ pause:
+ seconds: 42
+
+ - name: remove bootstrap-token
+ when: kube_bootstrap_token != ""
+ command: "kubectl --namespace kube-system delete secret bootstrap-token-{{ kube_bootstrap_token.split('.') | first }}"
+
+### TODO: add node labels (ie. for ingress daeomnset)
diff --git a/spreadspace/telesto.yml b/spreadspace/telesto.yml
new file mode 100644
index 00000000..11b45596
--- /dev/null
+++ b/spreadspace/telesto.yml
@@ -0,0 +1,9 @@
+---
+- name: Basic Setup
+ hosts: telesto
+ roles:
+ - role: base
+ - role: sshserver
+ - role: zsh
+ - role: admin-user
+ - role: blackmagic-desktopvideo
diff --git a/spreadspace/thetys.yml b/spreadspace/thetys.yml
new file mode 100644
index 00000000..fffeb769
--- /dev/null
+++ b/spreadspace/thetys.yml
@@ -0,0 +1,10 @@
+---
+- name: Basic Setup
+ hosts: thetys
+ roles:
+ - role: base
+ - role: sshserver
+ - role: zsh
+ - role: admin-user
+ - role: blackmagic-desktopvideo
+ - role: spreadspace-apt-repo
diff --git a/spreadspace/vm-install.yml b/spreadspace/vm-install.yml
new file mode 100644
index 00000000..b5d8bf2e
--- /dev/null
+++ b/spreadspace/vm-install.yml
@@ -0,0 +1,2 @@
+---
+- import_playbook: ../common/vm-install.yml
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 08:55:01 +0000