From 17447210485bbe379beb9c7e9a3034e900110ed9 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 1 Dec 2018 23:14:05 +0100 Subject: moved to multi environment repo structure --- .gitignore | 6 +- ansible.cfg | 17 ++- apply-role.sh | 10 +- chaos-at-home/generic.yaml | 5 + elevate/generic.yaml | 5 + environment.sh | 82 ++++++++++++++ generic.yaml | 5 - gpg/add-key.sh | 17 ++- gpg/create-environment.sh | 40 +++++++ gpg/get-vault-pass- | 2 + gpg/get-vault-pass-chaos-at-home | 2 + gpg/get-vault-pass-elevate | 2 + gpg/get-vault-pass-spreadspace | 2 + gpg/get-vault-pass.sh | 20 +++- gpg/gpg2.sh | 10 +- gpg/list-keys.sh | 10 +- gpg/remove-keys.sh | 19 ++-- gpg/set-vault-pass.sh | 15 ++- gpg/vault-keyring-chaos-at-home.gpg | Bin 0 -> 37630 bytes gpg/vault-keyring-elevate.gpg | Bin 0 -> 37630 bytes gpg/vault-keyring-spreadspace.gpg | Bin 0 -> 37014 bytes gpg/vault-keyring.gpg | Bin 37014 -> 0 bytes gpg/vault-pass-chaos-at-home.gpg | 19 ++++ gpg/vault-pass-elevate.gpg | 19 ++++ gpg/vault-pass-spreadspace.gpg | 19 ++++ gpg/vault-pass.gpg | 19 ---- group_vars/all/vars.yml | 15 --- group_vars/elevate/vars.yml | 4 - group_vars/hetzner/vars.yml | 6 -- group_vars/k8s-emc/vars.yml | 39 ------- group_vars/skillz/vars.yml | 2 - group_vars/spreadspace/vars.yml | 4 - group_vars/spreadspace/vault.yml | 10 -- host_vars/calypso.yml | 10 -- host_vars/dione.yml | 22 ---- host_vars/elesearch.yml | 29 ----- host_vars/emc-master.yml | 41 ------- host_vars/emc-stats.yml | 52 --------- host_vars/helene.yml | 22 ---- host_vars/sk2013.yml | 33 ------ host_vars/sk2016.yml | 32 ------ host_vars/telesto.yml | 10 -- host_vars/thetys.yml | 10 -- hosts.ini | 94 ---------------- inventory/group_vars/all/main.yml | 15 +++ inventory/group_vars/elevate/main.yml | 4 + inventory/group_vars/hetzner/main.yml | 6 ++ inventory/group_vars/k8s-emc/main.yml | 39 +++++++ inventory/group_vars/skillz/main.yml | 2 + inventory/group_vars/spreadspace/main.yml | 8 ++ inventory/host_vars/calypso.yml | 10 ++ inventory/host_vars/dione.yml | 22 ++++ inventory/host_vars/elesearch.yml | 29 +++++ inventory/host_vars/emc-master.yml | 41 +++++++ inventory/host_vars/emc-stats.yml | 52 +++++++++ inventory/host_vars/helene.yml | 22 ++++ inventory/host_vars/sk2013.yml | 33 ++++++ inventory/host_vars/sk2016.yml | 32 ++++++ inventory/host_vars/telesto.yml | 10 ++ inventory/host_vars/thetys.yml | 10 ++ inventory/hosts.ini | 138 ++++++++++++++++++++++++ roles/blackmagic-desktopvideo/defaults/main.yml | 4 + roles/blackmagic-desktopvideo/tasks/main.yml | 2 +- spreadspace/generic.yaml | 5 + spreadspace/group_vars/spreadspace.yml | 10 ++ 65 files changed, 785 insertions(+), 489 deletions(-) create mode 100644 chaos-at-home/generic.yaml create mode 100644 elevate/generic.yaml create mode 100644 environment.sh delete mode 100644 generic.yaml create mode 100755 gpg/create-environment.sh create mode 100755 gpg/get-vault-pass- create mode 100755 gpg/get-vault-pass-chaos-at-home create mode 100755 gpg/get-vault-pass-elevate create mode 100755 gpg/get-vault-pass-spreadspace create mode 100644 gpg/vault-keyring-chaos-at-home.gpg create mode 100644 gpg/vault-keyring-elevate.gpg create mode 100644 gpg/vault-keyring-spreadspace.gpg delete mode 100644 gpg/vault-keyring.gpg create mode 100644 gpg/vault-pass-chaos-at-home.gpg create mode 100644 gpg/vault-pass-elevate.gpg create mode 100644 gpg/vault-pass-spreadspace.gpg delete mode 100644 gpg/vault-pass.gpg delete mode 100644 group_vars/all/vars.yml delete mode 100644 group_vars/elevate/vars.yml delete mode 100644 group_vars/hetzner/vars.yml delete mode 100644 group_vars/k8s-emc/vars.yml delete mode 100644 group_vars/skillz/vars.yml delete mode 100644 group_vars/spreadspace/vars.yml delete mode 100644 group_vars/spreadspace/vault.yml delete mode 100644 host_vars/calypso.yml delete mode 100644 host_vars/dione.yml delete mode 100644 host_vars/elesearch.yml delete mode 100644 host_vars/emc-master.yml delete mode 100644 host_vars/emc-stats.yml delete mode 100644 host_vars/helene.yml delete mode 100644 host_vars/sk2013.yml delete mode 100644 host_vars/sk2016.yml delete mode 100644 host_vars/telesto.yml delete mode 100644 host_vars/thetys.yml delete mode 100644 hosts.ini create mode 100644 inventory/group_vars/all/main.yml create mode 100644 inventory/group_vars/elevate/main.yml create mode 100644 inventory/group_vars/hetzner/main.yml create mode 100644 inventory/group_vars/k8s-emc/main.yml create mode 100644 inventory/group_vars/skillz/main.yml create mode 100644 inventory/group_vars/spreadspace/main.yml create mode 100644 inventory/host_vars/calypso.yml create mode 100644 inventory/host_vars/dione.yml create mode 100644 inventory/host_vars/elesearch.yml create mode 100644 inventory/host_vars/emc-master.yml create mode 100644 inventory/host_vars/emc-stats.yml create mode 100644 inventory/host_vars/helene.yml create mode 100644 inventory/host_vars/sk2013.yml create mode 100644 inventory/host_vars/sk2016.yml create mode 100644 inventory/host_vars/telesto.yml create mode 100644 inventory/host_vars/thetys.yml create mode 100644 inventory/hosts.ini create mode 100644 roles/blackmagic-desktopvideo/defaults/main.yml create mode 100644 spreadspace/generic.yaml create mode 100644 spreadspace/group_vars/spreadspace.yml diff --git a/.gitignore b/.gitignore index 808abb82..7324c79b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,8 @@ -/log -/gpg/vault-keyring.gpg~ *.pyc *.retry .*.sw? +/log +/gpg/vault-keyring-*.gpg~ +/.galaxy /.cache/ +/artifacts/ diff --git a/ansible.cfg b/ansible.cfg index f44889fd..8d436f20 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,19 +1,26 @@ [defaults] -inventory = ./hosts.ini -roles_path = ./roles:../roles -remote_user = root +inventory = ./inventory/hosts.ini +roles_path = ./.galaxy:./roles +nocows = 1 + log_path = ./log remote_tmp = /tmp/.ansible/tmp -nocows=1 -vault_password_file = ./gpg/get-vault-pass.sh + +filter_plugins = ./filter_plugins gathering = smart fact_caching = jsonfile fact_caching_connection = ./.cache/facts fact_caching_timeout = 7200 +## this will be set by environment.sh +#vault_identity_list = spreadspace@gpg/get-vault-pass-spreadsprace +## only try keys with matching vault-ids +vault_id_match = True + var_compression_level = 9 + [ssh_connection] pipelining = True ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s diff --git a/apply-role.sh b/apply-role.sh index 3d39f345..a2b0ac4f 100755 --- a/apply-role.sh +++ b/apply-role.sh @@ -1,13 +1,15 @@ #!/bin/bash -if [ -z "$1" ] || [ -z "$2" ] ; then - echo "$0 " +if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ] ; then + echo "$0 " exit 1 fi +env="$1" +shift hosts="$1" shift role="$1" shift -echo "######## applying the role '$role' to host(s) '$hosts' ########" -exec ansible-playbook -e "myhosts=$hosts" -e "myrole=$role" $@ generic.yaml +echo "######## applying the role '$role' to host(s) '$hosts' in environment '$env' ########" +exec ansible-playbook -e "myhosts=$hosts" -e "myrole=$role" $@ "$env/generic.yaml" diff --git a/chaos-at-home/generic.yaml b/chaos-at-home/generic.yaml new file mode 100644 index 00000000..d3b8de82 --- /dev/null +++ b/chaos-at-home/generic.yaml @@ -0,0 +1,5 @@ +--- +- name: "Apply role {{ myrole }} to hosts: {{ myhosts }}" + hosts: "{{ myhosts }}" + roles: + - role: "{{ myrole }}" diff --git a/elevate/generic.yaml b/elevate/generic.yaml new file mode 100644 index 00000000..d3b8de82 --- /dev/null +++ b/elevate/generic.yaml @@ -0,0 +1,5 @@ +--- +- name: "Apply role {{ myrole }} to hosts: {{ myhosts }}" + hosts: "{{ myhosts }}" + roles: + - role: "{{ myrole }}" diff --git a/environment.sh b/environment.sh new file mode 100644 index 00000000..38a38340 --- /dev/null +++ b/environment.sh @@ -0,0 +1,82 @@ +## +## must be sourced in your interactive shell or by scripts before using vault files +## + +print_error() { + echo "\033[1;31mERROR:\033[1;0m $1" +} + +vault_environment__get() { + echo "${ANSIBLE_VAULT_IDENTITY_LIST}" | tr ',' '\n' | awk -F '@' '{ print($1) }' | sed '/^$/d' +} + +vault_environment__set() { + unset ANSIBLE_VAULT_IDENTITY_LIST + for e in "$@"; do + vault_environment__activate $e + done +} + +vault_environment__activate() { + if [ -z "$1" ]; then + print_error "please specify an environment" + return + fi + + if [ ! -f "gpg/get-vault-pass-$1" ]; then + print_error "failed to activate environment: '$1' .. could not find password file 'gpg/get-vault-pass-$1'" + return + fi + + for e in $(vault_environment__get); do + if [ "$1" = "$e" ]; then + return + fi + done + + if [ -z "${ANSIBLE_VAULT_IDENTITY_LIST}" ]; then + export ANSIBLE_VAULT_IDENTITY_LIST="$1@gpg/get-vault-pass-$1" + else + export ANSIBLE_VAULT_IDENTITY_LIST="${ANSIBLE_VAULT_IDENTITY_LIST},$1@gpg/get-vault-pass-$1" + fi +} + +vault_environment__deactivate() { + local new_list + + if [ -z "$1" ]; then + print_error "please specify an environment" + return + fi + + new_list="" + for e in $(vault_environment__get); do + if [ "$1" != "$e" ]; then + if [ -z "$new_list" ]; then + new_list="$e@gpg/get-vault-pass-$e" + else + new_list="$new_list,$e@gpg/get-vault-pass-$e" + fi + fi + done + + if [ -z "$new_list" ]; then + unset ANSIBLE_VAULT_IDENTITY_LIST + else + export ANSIBLE_VAULT_IDENTITY_LIST="$new_list" + fi +} + +op="$1" +if [ -n "$op" ]; then + shift +fi + +case $op in + activate|deactivate|set|get) + "vault_environment__$op" "$@" + ;; + *) + print_error "unknown operation: '$op'" + ;; +esac diff --git a/generic.yaml b/generic.yaml deleted file mode 100644 index d3b8de82..00000000 --- a/generic.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: "Apply role {{ myrole }} to hosts: {{ myhosts }}" - hosts: "{{ myhosts }}" - roles: - - role: "{{ myrole }}" diff --git a/gpg/add-key.sh b/gpg/add-key.sh index 98e29174..82970a91 100755 --- a/gpg/add-key.sh +++ b/gpg/add-key.sh @@ -1,21 +1,28 @@ #!/bin/bash +if [ -z "$1" ]; then + echo "Usage: $0 [ ]" + exit 1 +fi +NAME="$1" +shift + if [ -z "$1" ]; then echo "no keyfile specified, reading from stdin ..." fi -"${BASH_SOURCE%/*}/gpg2.sh" --import $@ +"${BASH_SOURCE%/*}/gpg2.sh" "$NAME" --import "$@" if [ $? -ne 0 ]; then - echo -e "\nERROR: import key(s) failed. Please revert any changes of the file gpg/vault-keyring.gpg." + echo -e "\nERROR: importing key(s) failed. Please revert any changes of the file gpg/vault-keyring-$NAME.gpg." exit 1 fi echo "" -"${BASH_SOURCE%/*}/get-vault-pass.sh" | "${BASH_SOURCE%/*}/set-vault-pass.sh" +"${BASH_SOURCE%/*}/get-vault-pass-$NAME" | "${BASH_SOURCE%/*}/set-vault-pass.sh" "$NAME" if [ $? -ne 0 ]; then echo -e "\nERROR: reencrypting vault password file failed!" - echo " You might want to revert any changes on gpg/vault-pass.gpg and gpg/vault-keyring.gpg!!" + echo " You might want to revert any changes on gpg/vault-pass-$NAME.gpg and gpg/vault-keyring-$NAME.gpg!!" exit 1 fi echo "Successfully reencrypted vault password file!" -echo " Don't forget to commit the changes in gpg/vault-pass.gpg and gpg/vault-keyring.gpg." +echo " Don't forget to commit the changes in gpg/vault-pass-$NAME.gpg and gpg/vault-keyring-$NAME.gpg." diff --git a/gpg/create-environment.sh b/gpg/create-environment.sh new file mode 100755 index 00000000..7ee5827b --- /dev/null +++ b/gpg/create-environment.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +if [ -z "$1" ]; then + echo "Usage: $0 [ ]" + exit 1 +fi +NAME="$1" +shift + +if [ -e "${BASH_SOURCE%/*}/get-vault-pass-$NAME" ]; then + echo "environment '$NAME' already exists." + exit 0 +fi + + +if [ -z "$1" ]; then + echo "no keyfile specified, reading from stdin ..." +fi + +"${BASH_SOURCE%/*}/gpg2.sh" "$NAME" --import "$@" +if [ $? -ne 0 ]; then + echo -e "\nERROR: importing key(s) failed." + exit 1 +fi + + +### enable this as soon https://github.com/ansible/ansible/issues/18319 has landed +#ln -s get-vault-pass- "${BASH_SOURCE%/*}/get-vault-pass-$NAME" +cp "${BASH_SOURCE%/*}/get-vault-pass-" "${BASH_SOURCE%/*}/get-vault-pass-$NAME" + +echo "" +echo "Please type in passphrase:" +"${BASH_SOURCE%/*}/set-vault-pass.sh" "$NAME" +if [ $? -ne 0 ]; then + echo -e "\nERROR: creating vault password file failed!" + exit 1 +fi +echo "" +echo "Successfully created vault password file!" +echo " Don't forget to commit gpg/get-vault-pass-$NAME, gpg/vault-pass-$NAME.gpg and gpg/vault-keyring-$NAME.gpg." diff --git a/gpg/get-vault-pass- b/gpg/get-vault-pass- new file mode 100755 index 00000000..37f60413 --- /dev/null +++ b/gpg/get-vault-pass- @@ -0,0 +1,2 @@ +#!/bin/bash +exec "${BASH_SOURCE%/*}/get-vault-pass.sh" "${BASH_SOURCE##*/get-vault-pass-}" diff --git a/gpg/get-vault-pass-chaos-at-home b/gpg/get-vault-pass-chaos-at-home new file mode 100755 index 00000000..37f60413 --- /dev/null +++ b/gpg/get-vault-pass-chaos-at-home @@ -0,0 +1,2 @@ +#!/bin/bash +exec "${BASH_SOURCE%/*}/get-vault-pass.sh" "${BASH_SOURCE##*/get-vault-pass-}" diff --git a/gpg/get-vault-pass-elevate b/gpg/get-vault-pass-elevate new file mode 100755 index 00000000..37f60413 --- /dev/null +++ b/gpg/get-vault-pass-elevate @@ -0,0 +1,2 @@ +#!/bin/bash +exec "${BASH_SOURCE%/*}/get-vault-pass.sh" "${BASH_SOURCE##*/get-vault-pass-}" diff --git a/gpg/get-vault-pass-spreadspace b/gpg/get-vault-pass-spreadspace new file mode 100755 index 00000000..37f60413 --- /dev/null +++ b/gpg/get-vault-pass-spreadspace @@ -0,0 +1,2 @@ +#!/bin/bash +exec "${BASH_SOURCE%/*}/get-vault-pass.sh" "${BASH_SOURCE##*/get-vault-pass-}" diff --git a/gpg/get-vault-pass.sh b/gpg/get-vault-pass.sh index 202c94f7..6cf2ff9a 100755 --- a/gpg/get-vault-pass.sh +++ b/gpg/get-vault-pass.sh @@ -1,2 +1,20 @@ #!/bin/bash -gpg2 --decrypt --batch < "${BASH_SOURCE%/*}/vault-pass.gpg" 2> /dev/null +if [ -z "$1" ]; then + echo "Usage: $0 " + exit 1 +fi +NAME="$1" +shift + +gpg2 --decrypt --batch --no-tty --quiet < "${BASH_SOURCE%/*}/vault-pass-$NAME.gpg" + +# Ansible up to including 2.6 seems to have a bug which ignores the setting of 'vault_id_match = True' +# in ansible.cfg (or the equivalent environment variable). +# +# To make it possible to use ansible-vault view as a textconv filter for git, we need to support +# the case that some people do not have access to all vaults. So let's return an invalid +# secret, and pretend success. +if [ $? -ne 0 ]; then + echo This is my secret. There are many others like it, but this one is mine. My secret is my best friend. It is my life. I must master it as I must master my life. Without me, my secret is useless. Without my secret, I am useless. Please do not quote from movies when searching for a passphrase. + exit 0 +fi diff --git a/gpg/gpg2.sh b/gpg/gpg2.sh index 27435ab5..2c0f2157 100755 --- a/gpg/gpg2.sh +++ b/gpg/gpg2.sh @@ -1,2 +1,10 @@ #!/bin/bash -exec gpg2 --keyring "${BASH_SOURCE%/*}/vault-keyring.gpg" --secret-keyring /dev/null --no-options --no-default-keyring --trust-model always $@ + +if [ -z "$1" ]; then + echo "Usage: $0 [ .. additional parameters passwd on to gpg2 .. ]" + exit 1 +fi +NAME="$1" +shift + +exec gpg2 --keyring "${BASH_SOURCE%/*}/vault-keyring-$NAME.gpg" --secret-keyring /dev/null --no-default-keyring --trust-model always "$@" diff --git a/gpg/list-keys.sh b/gpg/list-keys.sh index 4b010495..4166fa59 100755 --- a/gpg/list-keys.sh +++ b/gpg/list-keys.sh @@ -1,2 +1,10 @@ #!/bin/bash -exec "${BASH_SOURCE%/*}/gpg2.sh" --list-keys $@ + +if [ -z "$1" ]; then + echo "Usage: $0 [ .. additional parameters passwd on to gpg2 .. ]" + exit 1 +fi +NAME="$1" +shift + +exec "${BASH_SOURCE%/*}/gpg2.sh" "$NAME" --list-keys "$@" diff --git a/gpg/remove-keys.sh b/gpg/remove-keys.sh index 80ae1573..d5fd93c3 100755 --- a/gpg/remove-keys.sh +++ b/gpg/remove-keys.sh @@ -1,9 +1,16 @@ #!/bin/bash +if [ -z "$1" ]; then + echo "Usage: $0 [ [ [ .. ] ] ]" + exit 1 +fi +NAME="$1" +shift + if [ -z "$1" ]; then echo "Please specify at least one key ID!" echo "" - echo "You can find out the key ID using the command: gpg/list-keys.sh" + echo "You can find out the key ID using the command: ${0%/*}/list-keys.sh $NAME" echo "" echo " Here is an example output:" echo "" @@ -18,18 +25,18 @@ if [ -z "$1" ]; then exit 1 fi -"${BASH_SOURCE%/*}/gpg2.sh" --delete-keys $@ +"${BASH_SOURCE%/*}/gpg2.sh" $NAME --delete-keys $@ if [ $? -ne 0 ]; then - echo -e "\nERROR: removing key(s) failed. Please revert any changes of the file gpg/vault-keyring.gpg." + echo -e "\nERROR: removing key(s) failed. Please revert any changes of the file gpg/vault-keyring-$NAME.gpg." exit 1 fi echo "" -"${BASH_SOURCE%/*}/get-vault-pass.sh" | "${BASH_SOURCE%/*}/set-vault-pass.sh" +"${BASH_SOURCE%/*}/get-vault-pass-$NAME" | "${BASH_SOURCE%/*}/set-vault-pass.sh" "$NAME" if [ $? -ne 0 ]; then echo -e "\nERROR: reencrypting vault password file failed!" - echo " You might want to revert any changes on gpg/vault-pass.gpg and gpg/vault-keyring.gpg!!" + echo " You might want to revert any changes on gpg/vault-pass-$NAME.gpg and gpg/vault-keyring-$NAME.gpg!!" exit 1 fi echo "Successfully reencrypted vault password file!" -echo " Don't forget to commit the changes in gpg/vault-pass.gpg and gpg/vault-keyring.gpg." +echo " Don't forget to commit the changes in gpg/vault-pass-$NAME.gpg and gpg/vault-keyring-$NAME.gpg." diff --git a/gpg/set-vault-pass.sh b/gpg/set-vault-pass.sh index 1fb3426c..64191a37 100755 --- a/gpg/set-vault-pass.sh +++ b/gpg/set-vault-pass.sh @@ -1,6 +1,13 @@ #!/bin/bash -keyids=$("${BASH_SOURCE%/*}/gpg2.sh" --list-keys --with-colons --fast-list-mode 2>/dev/null | awk -F: '/^pub/{printf "%s\n", $5}') +if [ -z "$1" ]; then + echo "Usage: $0 " + exit 1 +fi +NAME="$1" +shift + +keyids=$("${BASH_SOURCE%/*}/list-keys.sh" "$NAME" --with-colons --fast-list-mode 2>/dev/null | awk -F: '/^pub/{printf "%s\n", $5}') if [ -z "$keyids" ]; then echo "ERROR: no keys to encrypt to, is the keyring empty?" exit 1 @@ -12,9 +19,9 @@ for keyid in $keyids; do done -"${BASH_SOURCE%/*}/gpg2.sh" --yes --trust-model always --encrypt -a -o "${BASH_SOURCE%/*}/vault-pass.gpg.$$" $receipients +"${BASH_SOURCE%/*}/gpg2.sh" "$NAME" --yes --encrypt -a -o "${BASH_SOURCE%/*}/vault-pass-$NAME.gpg.$$" $receipients if [ $? -ne 0 ]; then - rm -f "${BASH_SOURCE%/*}/vault-pass.gpg.$$" + rm -f "${BASH_SOURCE%/*}/vault-pass-$NAME.gpg.$$" exit 1 fi -mv "${BASH_SOURCE%/*}/vault-pass.gpg.$$" "${BASH_SOURCE%/*}/vault-pass.gpg" +mv "${BASH_SOURCE%/*}/vault-pass-$NAME.gpg.$$" "${BASH_SOURCE%/*}/vault-pass-$NAME.gpg" diff --git a/gpg/vault-keyring-chaos-at-home.gpg b/gpg/vault-keyring-chaos-at-home.gpg new file mode 100644 index 00000000..864ce7d3 Binary files /dev/null and b/gpg/vault-keyring-chaos-at-home.gpg differ diff --git a/gpg/vault-keyring-elevate.gpg b/gpg/vault-keyring-elevate.gpg new file mode 100644 index 00000000..161d61bc Binary files /dev/null and b/gpg/vault-keyring-elevate.gpg differ diff --git a/gpg/vault-keyring-spreadspace.gpg b/gpg/vault-keyring-spreadspace.gpg new file mode 100644 index 00000000..8d2e0443 Binary files /dev/null and b/gpg/vault-keyring-spreadspace.gpg differ diff --git a/gpg/vault-keyring.gpg b/gpg/vault-keyring.gpg deleted file mode 100644 index 8d2e0443..00000000 Binary files a/gpg/vault-keyring.gpg and /dev/null differ diff --git a/gpg/vault-pass-chaos-at-home.gpg b/gpg/vault-pass-chaos-at-home.gpg new file mode 100644 index 00000000..b69478a6 --- /dev/null +++ b/gpg/vault-pass-chaos-at-home.gpg @@ -0,0 +1,19 @@ +-----BEGIN PGP MESSAGE----- + +hQIMA+Qd5U24qffPAQ//XhC91fRTgM2g8c9sPYLVakqUrr0ErQNWCUvKCRQxV3TA +sxgKWdIpuam4mW7HkE96BHGB+qLd//lrq+LM3jCZFUHgGal1XyWgHwAoHNC0y8Cg +5LKdVyGhDeeh8dSAs9pYouyfwUx3UTG9sFFcm5Nl7KFXP38VHA9ZyerUmC0g7t7F +l5mQmtK+Nc+ZBrZ5+Yr79U/f1VeKaNX2qkDbBrQmO+VubZ4covr4S1amG34ymvlr +2mLf+9wV8sGiOikZTzdDyCtO+32BpjuYvfoZnFRpTdCeKa0niFyrzvqFn6C0No9H +zhIY/SDdfauzLIIvj6WODOW0H6ILVGJ0Eq9KGACTAka+98uhIunHB4MKpOBC01x9 +LLCiISodqIfQuuOHVz4jJqHAwq+MGm0vmoWOfqiNDnOnRCC2kJnMP9K/wynPmXdm +eLSfOz9/8sOqW0MLL5Ugz0sZr9+5rdISlSf2/oa4ssJb3uUQwlSGkG+2MwD0dEMT +wowZBJOrGhGtKxzLRzSsErkng/j/arW3NU9Rai9RIzfyUFjDND5SqnTBdWp+AZqc +YGAeQ1hBTPQzYppx9qgF51p0rGzBmoB9/wC3Td0HavJaswtiwUL4/BATenoMzkG4 +KnB81ZFpkFW1Ze3XilFtmKXXqWpj7dURQ54D4moIwV2dk6dSCKmRumJVREKa5NvS +vAHID0sr7R7BF4z/IrdElmrXa1HExsPAIkPLeyUeU8fkvToSJ009avz6f68hkWEp +vR4hzN6Fe14HU4m9NP8Gn7HJsBnym8d93E8KVKcyEdCb9La1FfFHWm2Ado85Vll0 +EN/GMVhrD2sbX4Dz7+TCklx7n+hzZahankBgP4/1ZyTrrUyQvYNuczXPanckmrCV +DQaYuh+RY1C4bRgQZy47nQzCsYqZpxyn6jH2LvWZWyN9xDuj6vPefphfawqv +=MPgO +-----END PGP MESSAGE----- diff --git a/gpg/vault-pass-elevate.gpg b/gpg/vault-pass-elevate.gpg new file mode 100644 index 00000000..382a0e3a --- /dev/null +++ b/gpg/vault-pass-elevate.gpg @@ -0,0 +1,19 @@ +-----BEGIN PGP MESSAGE----- + +hQIMA+Qd5U24qffPARAAh/hpOPDkQFckrlbmwFYiKtMyzJcHVOeSckFAsGYh0BFa +MzcbLqdRPGDwZL9yIruc/6ubQv1zqq8MZcvRW7BZkkCzBk5h2BcJ76iMgWfcwte6 +Jc2pmog36GihU9t41BJFtxm6mazEN4JTW3SC6i1boMPEJBOEcSIu8SBAFNGm0nCq +GL0j9Rw/T/EiMtmjY6c9nMTSnhOtcedpWeBsMPtYoWAo8/ea1kaGHCON+UGs6/4D +QUhI/ate8RA0vAD6NFkZE9C+uwU22/cyT7pZZTA11ohF32aF4vyVgMf9UY0+MYy0 ++msJZps2KRmECcVZiFGQZ2/OwU4tnYq53jUwL1erzADeFAco4vKtc7yVffN/pIn8 +aQ48kaKe9WT064fe92zWJfWF285fyEB8we72j6AmwA5RxIViVvl/2xdCdYNN6yv+ +kqYmdCEBdMHhcDz73K2mCGeqlkB8+DVpeHwtn+TT5J1IeFkCiK2LD2PtpyqV7BTn +dExQaKtUCbF3+jiPTv6N5ChMbY5ql2roN2zzHgoGVNREGaTxJXnkroJpxaelf4Q3 +ahnNE+/3G16TNCpzYXBNWh9wIHh+6mFhwqKxPy40goW4TMXqSs9+n1MCQhu8GCTH +8CsW6tK98vBgzbhoWLyyNVa40hdltw4+D0YdRle+YFqHaiXJcf2/FjaLoz+jSXvS +uwHQGVypRlmepR7lAKTTVCEjBrJ3lnW7LcBsHEKTr1gX+UleiPri5e029BRLcJDR +PJE4PBi7fp4tAUgSiN6D+mVF0+eXz2px+NVPAeavveMY/oTl8GsPQc/hYtjW9CnM +nhadEDPSmkaLMkCjR6XApprZtuoPyHPSTFIKGTe4bSU1Ezbpd9XNfXcU2Gz55JEk +rAvuyAfHqyXB1zzyA3UTPvRDAw0TN72wbMPEg2v5TE8TFB2Q3XoDuZYsN/A= +=fg/w +-----END PGP MESSAGE----- diff --git a/gpg/vault-pass-spreadspace.gpg b/gpg/vault-pass-spreadspace.gpg new file mode 100644 index 00000000..20130b37 --- /dev/null +++ b/gpg/vault-pass-spreadspace.gpg @@ -0,0 +1,19 @@ +-----BEGIN PGP MESSAGE----- + +hQIMA+Qd5U24qffPAQ/+M6LI5+vmyfQqiH14FM6W7q/rjtKpAmkSHrUs2XyFsoF4 +Z0fK8sZivjY/HHxD+hjQJ1GDCEBjQTEgdUmEopj/Di4BS851tClBapa+UPQHezVf +1LvNEti2e4ghdGDLd+UGF24Mu2SwLyE4neO/VBg2AYiX3AAO+35nIUgrzarVCvhB +FP6jja1oLmMFfNCw9xSbM1JozwlSOZWPFGt/W1exfthJvFx2r60IdLlBjl6R8SS9 +2sWcFU3tIjcKX1hCFzt+iv+Ks1dPsOIex5GRi2YWl6EOsuafBo7AlhcIXdDSNEyC ++ieXY8VAMqb8kTbaITP+eMYy/gw43Eo5dRyu+kS95pnLcguM8gsaxTgxTW8WGWPh +JH6ezxyuWS1AlrT0/T9qQtPzz6RO01UpeP/Uwe03p16uCOI5tNOrESoG4OSnwwav +BP2R6KdjMmPhIheK14krIMRFssx8bWq1/Ib8qkXeVUcFRRnpTdsTtj9hkOM9eLxS +IJjO5/ny9wQRtO9Mm8QMLBewb602WI8qdE0zSKBofKZUHr92JH+wD69vTkHu3LUi +tQEGXM5oKUfkbWa+hmNdTPsjPesfR/N/AtAK5vyTofIxs4qGXfoMgnPgchkVi8uK +IpiSot0Bawg/SIkdTOg3KYaJgqFrqic7eozFj/s89rWNMf0zYiIUkMrrYlQCpYrS +vAF2iuZCv0WapCgENJ/hykA3XXGn/CeQ6jSpILfLA7fXY0ndblrZONw52+ST0VBn +3EtV7dvhrx0uaN54u4jdLCI6y5lBfSQaPYtqSl3Gduhl7VzF4FJiXGf6J8yORPaj +qnIchQmbXoTefnTSvBT+GGWYfQXd7kxnxsL4tR8HzOUZe9pR7XesVdl9TLUjU8NP +c+aUDAhpCnf32VKmmZGyvIFyH0WcIKgEza5n2Q1mRGLhs9duMTHnC1kjv9wb +=lDHb +-----END PGP MESSAGE----- diff --git a/gpg/vault-pass.gpg b/gpg/vault-pass.gpg deleted file mode 100644 index 20130b37..00000000 --- a/gpg/vault-pass.gpg +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN PGP MESSAGE----- - -hQIMA+Qd5U24qffPAQ/+M6LI5+vmyfQqiH14FM6W7q/rjtKpAmkSHrUs2XyFsoF4 -Z0fK8sZivjY/HHxD+hjQJ1GDCEBjQTEgdUmEopj/Di4BS851tClBapa+UPQHezVf -1LvNEti2e4ghdGDLd+UGF24Mu2SwLyE4neO/VBg2AYiX3AAO+35nIUgrzarVCvhB -FP6jja1oLmMFfNCw9xSbM1JozwlSOZWPFGt/W1exfthJvFx2r60IdLlBjl6R8SS9 -2sWcFU3tIjcKX1hCFzt+iv+Ks1dPsOIex5GRi2YWl6EOsuafBo7AlhcIXdDSNEyC -+ieXY8VAMqb8kTbaITP+eMYy/gw43Eo5dRyu+kS95pnLcguM8gsaxTgxTW8WGWPh -JH6ezxyuWS1AlrT0/T9qQtPzz6RO01UpeP/Uwe03p16uCOI5tNOrESoG4OSnwwav -BP2R6KdjMmPhIheK14krIMRFssx8bWq1/Ib8qkXeVUcFRRnpTdsTtj9hkOM9eLxS -IJjO5/ny9wQRtO9Mm8QMLBewb602WI8qdE0zSKBofKZUHr92JH+wD69vTkHu3LUi -tQEGXM5oKUfkbWa+hmNdTPsjPesfR/N/AtAK5vyTofIxs4qGXfoMgnPgchkVi8uK -IpiSot0Bawg/SIkdTOg3KYaJgqFrqic7eozFj/s89rWNMf0zYiIUkMrrYlQCpYrS -vAF2iuZCv0WapCgENJ/hykA3XXGn/CeQ6jSpILfLA7fXY0ndblrZONw52+ST0VBn -3EtV7dvhrx0uaN54u4jdLCI6y5lBfSQaPYtqSl3Gduhl7VzF4FJiXGf6J8yORPaj -qnIchQmbXoTefnTSvBT+GGWYfQXd7kxnxsL4tR8HzOUZe9pR7XesVdl9TLUjU8NP -c+aUDAhpCnf32VKmmZGyvIFyH0WcIKgEza5n2Q1mRGLhs9duMTHnC1kjv9wb -=lDHb ------END PGP MESSAGE----- diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml deleted file mode 100644 index 65417f03..00000000 --- a/group_vars/all/vars.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -equinox_user: - name: equinox - # password: "{{ vault_equinox_password }}" - shell: /bin/zsh - - -ssh_keys: - equinox: - chaos: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDL8afqxWieebpxezBuLj2CIx/iAuTY9ziJt8JCJE0qYh+B2wXe9e+sPaKwz5yyS0X0MoEPHbYuVytxGQfGhdVR57gWWTYq5MBBFEqmu5MexAFKlNxad4TNQQwhs7rnI+lptKJO+rqeG/vaQBgao+61ZVwRR5Zr1zsXEoo5m4VB8VPo3TW0nSb97LdMyUmb1TaqDKJ5hrtrV6YcokXzE8FwHMK15oJsuJC7YUReijol3hGsRVw1H5S1zu4uDz7G32dPVxoLOPgupnf0SxnXdNVfNU50MHHSK68HzBXz4/rE1YLacRPloOhO7xegkWd5KGa09opEbUGzGu/lSXgHuAJpPgloy14cehDhLJ7F7SbXK4QBBtVgV+1CYXG2eJsRHIdkWiTWLuG+QZ4oEFLjQBjWpUYsEiDt9FEtSVCtKH2vBk26ps5yIoSCtYq6POvg9miGgcpQA6HHwh5ekVUaKRGWuMdAIvjvQSlCsFjYkxD1NpCgU1RhyWWTI3xTSKzTxcXiCWWZoBDJVoW46EpSvySsOpxL/hLxJwMR8ouc6cPRZZl3m51824Rv3LdEXNBmn3vnojzIvrOed3sxpD0+7+tbA4J1uTbAxtkOMhK94WXKiUAOD7e5bJYdzajvDD2T9tkj/Mqdo8z3iR2/yjkGMEAeWWVOQEh7QhQS7OFEAKK4fw== equinox@chaos-at-home.org - ele: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwjCMiwyz7f0b1b6S5RjGbYXjd+hkTVsNzZ9xIkqqvdF8zCU6qZTqkhem13m6E1aPjALl0iyrmpb8N2pmASD7axUaTMTDd2tktkB3LULBbQCCApMnw5viZc9fm9dLBdbdiYyRtNrpk/b39V+9uViAbRtATBrYS5vV/14gT42WxPhpFiCz6A5JsKpmbBafS9vfexnqLTvKBtYLt+zhuS9eFovMHM5k7Qq4mRdKe+wdMBDeRls2z2G/ZjPrfHAkw2WctFUdSY+YAVzLB0SddVWnbOSZ19tsnzskyHpDD49LWb7wYl0OJ9fhxO02lnxW5Vdpwwwx8I7FVH83fDTQpzfSdr8tMY3F9rvCmi4noiTGDE2AAWqh73unKuydvBomNYX8HbuiJO9eTgwUIRAqsl8vHNU5rA10YF5r2SUqofrBNfINUH8x0NhpLGzNPIlazndaPY1no+XeQRQtgSU1bdDQzmySyyn5g9mlMSTU+jHfzyoK7yqlKE0W/R2ZTOEwr6+uRdFqn+mWmB0Mr20YavjVretseVs1AkmqaVClEO1juwb/CWI//Nd4uboD9zdZwkHmCjLlOmC+GkGrnLValaqQDh8iR8aKiVbaQVffl3ph1pD3BCn79KJy56YySLTbaI4lFDUHherkTdvgyMVmZJZMROzwuX7i4bi04TZ/GKTfDrw== equinox@elevate.at - ff: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjqlbFhzWRt2EnUrd7AFgR2iqPbV655OE38184ws+RvO82ImpJsKy80AvLQ3DhplLAN2W9kROBn3bga89pK7Sf78EwYYb5e+McVA0vUH/mnPurJpgPHg6q34yW5G5JVqKTmlqzQMDzmYw0iFNcieGmWXmx2QTtHj8qLuGOuBOE6/mljhgE7Pq4S0oyMjH2tLOhHS1Lykh5DH/OaHpofyUcd2uOCkgOClOUBHZ7Oo82J7yk5SZSVcrjQ4psO9ptqWNmw58ZBX5OPDTV/N7wPjgr2TL3HfCe8gkf2jERsghKufSuFpf2P6bNrK4k+grxB+LXuZihvOxJGRjemqImqvqaADLs23yCUWhgF/9oQ25ACydRGhHc56KIC3lQ3KOGoYT2IGo3Si/bQ7FpQIkODRWPHNKqbpItGm07uSTvkPZ4CadlG0MRhlOEjzRQgP1GYjr8w6917RZxO3DHndC1TfsciYhuwDGLon8WNtw1AjqRXolGnrkB2GsEENGvtJC97dioxPamOBctu06xdmDXwYpynXePoAp4+XxFlj/lUC8draUrKjAh++/LkId2Ldlxm0b1tGyfPl1ox1Gu9lY4QwoeGsTm/RJFnVH8kKns0aLHIlSdYp1+XdlQmBYSIIvVYFynVOQIKBzMBqQG9wcLbnMt7+Kz4coPI0TSvmn2dbDVKw== equinox@ffgraz.net - mur: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDUW4fz/Vs4w5JMIFxoftimcbkqksZPDMfbHH/wfPKFAfJdi+fdGfWqqP7hy2/1iREF5W0L5dz9zQus0xS1/kkneUUL3CCKBD3+VzZqIbhy5rMlifd+jacVV+UZGhl/WP/wagu4+Mv0/ksXIlN6/2Pv2+ojjpGeCv4FHG/kR68zKoKNLxjHiTKt3LM9AFtx3Pn3ghIO3egbzaQ8vnTdQjGJHiosfKxiGZfnkAWvrMMq1sCJUJS7A8n2S3QUjoap3OYrVqFcPO4R/VaCaBWVdSKrymnpOGABvP9QuGenZ0CFXgl+p5QwKJz7n3CQHooUai+FPmmrCmtRV1QICyON8vdNI4hU5O1ksZOYxa0vptfqd//FMyauek5JzCDr4ExOWaZvhGsvZdLuWwiN/8KwpsgY+duiqWVC9jCOymFBPQ0Qik1hjCLXUWxDKcJIpF3WfHaHPESAlmNCKPbH5X7oBDOI5k96J34vDl1cBLjcVydtwfwbJmbApOMz3IukoUlYusbvLo2bJicHolkNrlS6qcSbaPpKsrjZ5II0Fks/S39q5rE//nVsY5oE35Gm5Pb7gndSuo/l01WOANYmKuYiwUz/XC62fis7fxiCxmLPMG3PIym7E3pe+lTjSOI3SN24cgwArDEvGZhqeyOHN468Yt8mPersXvY/cUMS1XFvLadtnw== equinox@mur.at - r3: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDj7AcnQZCRihToOI7/L5YslP4bkZlZwR2dg6hV8EfQ+37z1p0imhoqc2Oz/zIEgOVARBHkn5XmfR9Bu6e3YfKpXpJXC9O3jpRSw34Xac/8qXzWZsqVAXbtzvBlYA/G4j0NQM9XIVBa1ZzBZu87xeE4KUWzO80fnQ+G3GSBp28BM4TUiSOmX9y58chPZfUp2DE80fInoXv11ikLLCBDXfMkzFCZ4Gcexhr0TYcBUgLV7ufL0xqLg4yE+Z21PLtttvVYgZIers2nWetLPoREi5yDGKeCjJVyT00X2rp6h3eFkc/VaHfb5c2MY9/4BOt+cbFCx73sG0C1SnSzWd624K/8CEoJTsX4MazLLrxwi3hIwiYX1mCCfq4+S4PpSFvMUGdMWB52PkBRXulQislCVBA/lzma93xJr1jWVFSikjkvAUt8Zt33vHMRd7RMYDfsDVIEKpUT49cBj0v7zs6IVE858J33sUZoVXaiA2sjsap8RguNtjJMSYx8+nwkQAjxwlTiV2J6pHGQHJDyeVsqGlnMpEk32ZeSs/BQ7XWPG62FT3SN6E4C/fa8dawvs7RgY0cbZkhucECBu9Zto/KakIhzLtFzgDighPmK5SlAPoNEJLJYPo5ry2SBTysc4uV7xYZSQ6OVofeQeFXKL8oPe/ZAvKafn3Zk0mQcCtH0Z8q8iQ== equinox@realraum.at - spread: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtmysXjBidEwJek6hBgaENiyVOwroFi19xRZZw+cYYqi6asDfF6B/h6gYNkJGWo0rD5ZaLdau1O210O5Xu+TfK1e2bZbxuFIj2fguUkat9wN6IQIO2m2Wcf4k/eiTmtAE3dp0l5ThMqfxxE8dj76mOOrUHCfJUIVoATGs4X5TLcGcXroAcZ+DFFoDzjxjFYNmIuUNtXDwXTpPc63SAYmRvW0ZYZlvH1qZ6irLh+GtE1dZ1Q5lQZvp6xUYcjInbpcd5Ko3KbG/In7sNmUCI7iaTwC4DPDTcHFj99Ll1jruAbdaQqe+ClZv55dbQ+92RDF6fsuQBD8FeRz7nYChvCqNPT1KOvcVsDtbW0iJ1PZ05QdE27w23wJj9OE0JWM09P3AH3ttswHaJ+P4s7mSxxK2m6YZcqop3czLlWWoGna0ynd5eV6l/rtvAQUvBOXjKQ5fPQY5d9cF0Z87NBE54HM9a/IKZ2toU2MuYNUpI/DUoAA9ILS4bJm3AUz8wbaC5EiuIhbM6I/u0NANamaQKRrolGNP4ETaQvhABs+S3/NSSBy4DMjtwax2BxyenF6i89vyHPNY+LZzBOn842yUlEGn6Z11MxiE5fhIfMPUclSYi5bQJDf1fvAyAo59/AX8sPqRK+/OCLIgLwdtW6D4OZGXjqrBJe2j/5uZSJEsl6ROyKw== equinox@spreadspace.org diff --git a/group_vars/elevate/vars.yml b/group_vars/elevate/vars.yml deleted file mode 100644 index 1808db88..00000000 --- a/group_vars/elevate/vars.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -sshserver_root_keys: "{{ [ ssh_keys.equinox.ele ] | join('\n') }}" - -acmetool_account_email: equinox@elevate.at diff --git a/group_vars/hetzner/vars.yml b/group_vars/hetzner/vars.yml deleted file mode 100644 index 2e5c8b4a..00000000 --- a/group_vars/hetzner/vars.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -debian_mirror: - packages: http://mirror.hetzner.de/debian/packages - security: http://mirror.hetzner.de/debian/security - -ubuntu_mirror: http://mirror.hetzner.de/ubuntu/packages diff --git a/group_vars/k8s-emc/vars.yml b/group_vars/k8s-emc/vars.yml deleted file mode 100644 index 6b1344ae..00000000 --- a/group_vars/k8s-emc/vars.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -docker_pkg_version: 17.03.2~ce-0~debian-stretch - -kubernetes: - pkg_version: 1.9.6-00 - - dedicated_master: True - api_advertise_ip: 144.76.160.141 - api_extra_sans: - - emc-master.spreadspace.org - - pod_ip_range: 172.18.0.0/16 - pod_ip_range_size: 24 - service_ip_range: 172.18.192.0/18 - ## net_index must be in the range between 1 and 190 -> 189 hosts possible - ## - ## hardcoded hostnames are not nice but if we do this via host_vars - ## the info is spread over multiple files and this makes it more diffcult - ## to find mistakes, so it is nicer to keep it in one place... - net_index: - emc-01: 1 - emc-02: 2 - emc-03: 3 - emc-04: 4 - emc-05: 5 - emc-06: 6 - emc-test: 99 - emc-00: 100 - dione: 101 - helene: 102 - emc-stats: 120 - emc-master: 127 - - direct_net_zones: - encoder: - transfer_net: 172.18.191.0/24 - node_interface: - dione: eno2 - helene: eno2 diff --git a/group_vars/skillz/vars.yml b/group_vars/skillz/vars.yml deleted file mode 100644 index 4d8f679d..00000000 --- a/group_vars/skillz/vars.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -sshserver_root_keys: "{{ [ ssh_keys.equinox.ele ] | join('\n') }}" diff --git a/group_vars/spreadspace/vars.yml b/group_vars/spreadspace/vars.yml deleted file mode 100644 index 30011725..00000000 --- a/group_vars/spreadspace/vars.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -sshserver_root_keys: "{{ [ ssh_keys.equinox.spread ] | join('\n') }}" - -acmetool_account_email: equinox@spreadspace.org diff --git a/group_vars/spreadspace/vault.yml b/group_vars/spreadspace/vault.yml deleted file mode 100644 index 625cf08f..00000000 --- a/group_vars/spreadspace/vault.yml +++ /dev/null @@ -1,10 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -32323866383432633535336666356561623133626164346637376531333330313938363639303763 -6665643638373736653863366537336432333662396638660a336564616431313330623065643733 -66326231663364303432623839363638303565646438373333653837633235373961656633366333 -6330393836653433610a386633343737646663313764356538653664336539366630313837323739 -38363165373462386230356338396662653634316534343738643438343132616132333238623333 -30313339653537643066343262373339336363333030353538326466653833313638356639316237 -39313632373831613161306535656133363266353133343865373561346266306538363935303538 -30313164356361613265613763616364316330663735653662643937666166316562633339363037 -3733 diff --git a/host_vars/calypso.yml b/host_vars/calypso.yml deleted file mode 100644 index ff853586..00000000 --- a/host_vars/calypso.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -base_packages_extra_host: -- exfat-fuse -- exfat-utils -- vlan - -admin_user_host: -- "{{ equinox_user }}" - -sshserver_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" diff --git a/host_vars/dione.yml b/host_vars/dione.yml deleted file mode 100644 index 75b289c2..00000000 --- a/host_vars/dione.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -base_packages_extra_host: -- exfat-fuse -- exfat-utils -- vlan - -admin_user_host: -- "{{ equinox_user }}" - -sshserver_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" - -docker_lvm: - vg: dione - lv: docker - size: 15G - fs: ext4 - -kubelet_lvm: - vg: dione - lv: kubelet - size: 10G - fs: ext4 diff --git a/host_vars/elesearch.yml b/host_vars/elesearch.yml deleted file mode 100644 index 0e235000..00000000 --- a/host_vars/elesearch.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -vm_install_host: sk2013 - -vm_install: - host: "{{ vm_install_host }}" - mem: 1024 - numcpu: 4 - disks: - primary: vda - virtio: - vda: - vg: storage - lv: "{{ inventory_hostname }}" - size: 50g - interfaces: - - bridge: "{{ hostvars[vm_install_host].vm_host.network.interface }}" - name: primary0 - autostart: True - -vm_network: - nameservers: "{{ hostvars[vm_install_host].vm_host.network.nameservers }}" - domain: elevate.at - systemd_link: - interfaces: "{{ vm_install.interfaces }}" - primary: - interface: primary0 - ip: "{{ (hostvars[vm_install_host].vm_host.network.ip+'/'+hostvars[vm_install_host].vm_host.network.mask) | ipaddr(hostvars[vm_install_host].vm_host.network.indices[inventory_hostname]) | ipaddr('address') }}" - mask: "{{ hostvars[vm_install_host].vm_host.network.mask }}" - gateway: "{{ hostvars[vm_install_host].vm_host.network.gateway | default(hostvars[vm_install_host].vm_host.network.ip) }}" diff --git a/host_vars/emc-master.yml b/host_vars/emc-master.yml deleted file mode 100644 index 95b3062a..00000000 --- a/host_vars/emc-master.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -vm_install_host: sk2013 - -vm_install: - host: "{{ vm_install_host }}" - mem: 1024 - numcpu: 2 - disks: - primary: vda - virtio: - vda: - vg: storage - lv: "{{ inventory_hostname }}" - size: 42g - interfaces: - - bridge: "{{ hostvars[vm_install_host].vm_host.network.interface }}" - name: primary0 - autostart: True - -vm_network: - nameservers: "{{ hostvars[vm_install_host].vm_host.network.nameservers }}" - domain: spreadspace.org - systemd_link: - interfaces: "{{ vm_install.interfaces }}" - primary: - interface: primary0 - ip: "{{ (hostvars[vm_install_host].vm_host.network.ip+'/'+hostvars[vm_install_host].vm_host.network.mask) | ipaddr(hostvars[vm_install_host].vm_host.network.indices[inventory_hostname]) | ipaddr('address') }}" - mask: "{{ hostvars[vm_install_host].vm_host.network.mask }}" - gateway: "{{ hostvars[vm_install_host].vm_host.network.gateway | default(hostvars[vm_install_host].vm_host.network.ip) }}" - -docker_lvm: - vg: "{{ inventory_hostname }}" - lv: docker - size: 10G - fs: ext4 - -kubelet_lvm: - vg: "{{ inventory_hostname }}" - lv: kubelet - size: 10G - fs: ext4 diff --git a/host_vars/emc-stats.yml b/host_vars/emc-stats.yml deleted file mode 100644 index 89352b4f..00000000 --- a/host_vars/emc-stats.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -vm_install_host: sk2016 - -vm_install: - host: "{{ vm_install_host }}" - mem: 8192 - numcpu: 6 - disks: - primary: vda - virtio: - vda: - vg: storage - lv: "{{ inventory_hostname }}" - size: 42g - vdb: - vg: storage - lv: "{{ inventory_hostname }}-data" - size: 100g - interfaces: - - bridge: "{{ hostvars[vm_install_host].vm_host.network.interface }}" - name: primary0 - autostart: True - -vm_network: - nameservers: "{{ hostvars[vm_install_host].vm_host.network.nameservers }}" - domain: spreadspace.org - systemd_link: - interfaces: "{{ vm_install.interfaces }}" - primary: - interface: primary0 - ip: "{{ (hostvars[vm_install_host].vm_host.network.ip+'/'+hostvars[vm_install_host].vm_host.network.mask) | ipaddr(hostvars[vm_install_host].vm_host.network.indices[inventory_hostname]) | ipaddr('address') }}" - mask: "{{ hostvars[vm_install_host].vm_host.network.mask }}" - gateway: "{{ hostvars[vm_install_host].vm_host.network.gateway | default(hostvars[vm_install_host].vm_host.network.ip) }}" - -docker_lvm: - vg: "{{ inventory_hostname }}" - lv: docker - size: 15G - fs: ext4 - -kubelet_lvm: - vg: "{{ inventory_hostname }}" - lv: kubelet - size: 10G - fs: ext4 - -emc_stats_lvm: - pvs: /dev/vdb - vg: "{{ inventory_hostname }}-data" - lv: stats - size: 50G - fs: ext4 diff --git a/host_vars/helene.yml b/host_vars/helene.yml deleted file mode 100644 index b40fb069..00000000 --- a/host_vars/helene.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -base_packages_extra_host: -- exfat-fuse -- exfat-utils -- vlan - -admin_user_host: -- "{{ equinox_user }}" - -sshserver_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" - -docker_lvm: - vg: helene - lv: docker - size: 15G - fs: ext4 - -kubelet_lvm: - vg: helene - lv: kubelet - size: 10G - fs: ext4 diff --git a/host_vars/sk2013.yml b/host_vars/sk2013.yml deleted file mode 100644 index 920748c1..00000000 --- a/host_vars/sk2013.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -sshserver_allowusers_host: -- backuppc -- equinox -- dan - -vm_host: - installer: - net_if: virbr - preseed_path: /srv/preseed - path: /srv/installer - distros: - - distro: debian - codename: stretch - arch: - - amd64 - - i386 - - distro: ubuntu - codename: xenial - arch: - - amd64 - - i386 - network: - interface: virbr - ip: 192.168.160.254 - mask: 255.255.255.0 - nameservers: - - 213.133.100.100 - - 213.133.98.98 - - 213.133.99.99 - indices: - emc-master: 141 - elesearch: 142 diff --git a/host_vars/sk2016.yml b/host_vars/sk2016.yml deleted file mode 100644 index 872223db..00000000 --- a/host_vars/sk2016.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -sshserver_allowusers_host: -- backuppc -- equinox -- dan - -vm_host: - installer: - net_if: virbr - preseed_path: /srv/preseed - path: /srv/installer - distros: - - distro: debian - codename: stretch - arch: - - amd64 - - i386 - - distro: ubuntu - codename: xenial - arch: - - amd64 - - i386 - network: - interface: virbr - ip: 192.168.216.254 - mask: 255.255.255.0 - nameservers: - - 213.133.100.100 - - 213.133.98.98 - - 213.133.99.99 - indices: - emc-stats: 200 diff --git a/host_vars/telesto.yml b/host_vars/telesto.yml deleted file mode 100644 index ff853586..00000000 --- a/host_vars/telesto.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -base_packages_extra_host: -- exfat-fuse -- exfat-utils -- vlan - -admin_user_host: -- "{{ equinox_user }}" - -sshserver_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" diff --git a/host_vars/thetys.yml b/host_vars/thetys.yml deleted file mode 100644 index ff853586..00000000 --- a/host_vars/thetys.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -base_packages_extra_host: -- exfat-fuse -- exfat-utils -- vlan - -admin_user_host: -- "{{ equinox_user }}" - -sshserver_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" diff --git a/hosts.ini b/hosts.ini deleted file mode 100644 index 28fb4e4e..00000000 --- a/hosts.ini +++ /dev/null @@ -1,94 +0,0 @@ -[chaos-at-home] -prometheus -web -mail -stats -auth -atlas -pan -keyserver -mimas - -[spreadspace] -ssbuild -calypso -telesto -thetys -dione -helene -emc-test - - -[skillz] -sk2013 -sk2016 -sktorrent - - -[emc-xx] -#emc-0[0:6] -emc-00 - -[elevate] -elewolke -elestream -elemedia -elesearch -emc-stats -emc-master - -[elevate:children] -emc-xx - - -[kvmhosts] -prometheus -atlas -sk2013 -sk2016 - -[hetzner] -sk2013 -sk2016 -emc-stats -emc-master -mimas -sktorrent -elewolke -elestream -elesearch - -[hetzner:children] -emc-xx - - -[scaleway-kernel] -# emc-test - -[scaleway] -emc-test - -[scaleway:children] -scaleway-kernel - - -### kubernetes cluster: emc - -[k8s-emc-encoder] -#dione -#helene - -[k8s-emc-streamer:children] -emc-xx - -[k8s-emc-master] -emc-master - -[k8s-emc-stats] -emc-stats - -[k8s-emc:children] -k8s-emc-master -k8s-emc-encoder -k8s-emc-streamer -k8s-emc-stats diff --git a/inventory/group_vars/all/main.yml b/inventory/group_vars/all/main.yml new file mode 100644 index 00000000..65417f03 --- /dev/null +++ b/inventory/group_vars/all/main.yml @@ -0,0 +1,15 @@ +--- +equinox_user: + name: equinox + # password: "{{ vault_equinox_password }}" + shell: /bin/zsh + + +ssh_keys: + equinox: + chaos: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDL8afqxWieebpxezBuLj2CIx/iAuTY9ziJt8JCJE0qYh+B2wXe9e+sPaKwz5yyS0X0MoEPHbYuVytxGQfGhdVR57gWWTYq5MBBFEqmu5MexAFKlNxad4TNQQwhs7rnI+lptKJO+rqeG/vaQBgao+61ZVwRR5Zr1zsXEoo5m4VB8VPo3TW0nSb97LdMyUmb1TaqDKJ5hrtrV6YcokXzE8FwHMK15oJsuJC7YUReijol3hGsRVw1H5S1zu4uDz7G32dPVxoLOPgupnf0SxnXdNVfNU50MHHSK68HzBXz4/rE1YLacRPloOhO7xegkWd5KGa09opEbUGzGu/lSXgHuAJpPgloy14cehDhLJ7F7SbXK4QBBtVgV+1CYXG2eJsRHIdkWiTWLuG+QZ4oEFLjQBjWpUYsEiDt9FEtSVCtKH2vBk26ps5yIoSCtYq6POvg9miGgcpQA6HHwh5ekVUaKRGWuMdAIvjvQSlCsFjYkxD1NpCgU1RhyWWTI3xTSKzTxcXiCWWZoBDJVoW46EpSvySsOpxL/hLxJwMR8ouc6cPRZZl3m51824Rv3LdEXNBmn3vnojzIvrOed3sxpD0+7+tbA4J1uTbAxtkOMhK94WXKiUAOD7e5bJYdzajvDD2T9tkj/Mqdo8z3iR2/yjkGMEAeWWVOQEh7QhQS7OFEAKK4fw== equinox@chaos-at-home.org + ele: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwjCMiwyz7f0b1b6S5RjGbYXjd+hkTVsNzZ9xIkqqvdF8zCU6qZTqkhem13m6E1aPjALl0iyrmpb8N2pmASD7axUaTMTDd2tktkB3LULBbQCCApMnw5viZc9fm9dLBdbdiYyRtNrpk/b39V+9uViAbRtATBrYS5vV/14gT42WxPhpFiCz6A5JsKpmbBafS9vfexnqLTvKBtYLt+zhuS9eFovMHM5k7Qq4mRdKe+wdMBDeRls2z2G/ZjPrfHAkw2WctFUdSY+YAVzLB0SddVWnbOSZ19tsnzskyHpDD49LWb7wYl0OJ9fhxO02lnxW5Vdpwwwx8I7FVH83fDTQpzfSdr8tMY3F9rvCmi4noiTGDE2AAWqh73unKuydvBomNYX8HbuiJO9eTgwUIRAqsl8vHNU5rA10YF5r2SUqofrBNfINUH8x0NhpLGzNPIlazndaPY1no+XeQRQtgSU1bdDQzmySyyn5g9mlMSTU+jHfzyoK7yqlKE0W/R2ZTOEwr6+uRdFqn+mWmB0Mr20YavjVretseVs1AkmqaVClEO1juwb/CWI//Nd4uboD9zdZwkHmCjLlOmC+GkGrnLValaqQDh8iR8aKiVbaQVffl3ph1pD3BCn79KJy56YySLTbaI4lFDUHherkTdvgyMVmZJZMROzwuX7i4bi04TZ/GKTfDrw== equinox@elevate.at + ff: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjqlbFhzWRt2EnUrd7AFgR2iqPbV655OE38184ws+RvO82ImpJsKy80AvLQ3DhplLAN2W9kROBn3bga89pK7Sf78EwYYb5e+McVA0vUH/mnPurJpgPHg6q34yW5G5JVqKTmlqzQMDzmYw0iFNcieGmWXmx2QTtHj8qLuGOuBOE6/mljhgE7Pq4S0oyMjH2tLOhHS1Lykh5DH/OaHpofyUcd2uOCkgOClOUBHZ7Oo82J7yk5SZSVcrjQ4psO9ptqWNmw58ZBX5OPDTV/N7wPjgr2TL3HfCe8gkf2jERsghKufSuFpf2P6bNrK4k+grxB+LXuZihvOxJGRjemqImqvqaADLs23yCUWhgF/9oQ25ACydRGhHc56KIC3lQ3KOGoYT2IGo3Si/bQ7FpQIkODRWPHNKqbpItGm07uSTvkPZ4CadlG0MRhlOEjzRQgP1GYjr8w6917RZxO3DHndC1TfsciYhuwDGLon8WNtw1AjqRXolGnrkB2GsEENGvtJC97dioxPamOBctu06xdmDXwYpynXePoAp4+XxFlj/lUC8draUrKjAh++/LkId2Ldlxm0b1tGyfPl1ox1Gu9lY4QwoeGsTm/RJFnVH8kKns0aLHIlSdYp1+XdlQmBYSIIvVYFynVOQIKBzMBqQG9wcLbnMt7+Kz4coPI0TSvmn2dbDVKw== equinox@ffgraz.net + mur: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDUW4fz/Vs4w5JMIFxoftimcbkqksZPDMfbHH/wfPKFAfJdi+fdGfWqqP7hy2/1iREF5W0L5dz9zQus0xS1/kkneUUL3CCKBD3+VzZqIbhy5rMlifd+jacVV+UZGhl/WP/wagu4+Mv0/ksXIlN6/2Pv2+ojjpGeCv4FHG/kR68zKoKNLxjHiTKt3LM9AFtx3Pn3ghIO3egbzaQ8vnTdQjGJHiosfKxiGZfnkAWvrMMq1sCJUJS7A8n2S3QUjoap3OYrVqFcPO4R/VaCaBWVdSKrymnpOGABvP9QuGenZ0CFXgl+p5QwKJz7n3CQHooUai+FPmmrCmtRV1QICyON8vdNI4hU5O1ksZOYxa0vptfqd//FMyauek5JzCDr4ExOWaZvhGsvZdLuWwiN/8KwpsgY+duiqWVC9jCOymFBPQ0Qik1hjCLXUWxDKcJIpF3WfHaHPESAlmNCKPbH5X7oBDOI5k96J34vDl1cBLjcVydtwfwbJmbApOMz3IukoUlYusbvLo2bJicHolkNrlS6qcSbaPpKsrjZ5II0Fks/S39q5rE//nVsY5oE35Gm5Pb7gndSuo/l01WOANYmKuYiwUz/XC62fis7fxiCxmLPMG3PIym7E3pe+lTjSOI3SN24cgwArDEvGZhqeyOHN468Yt8mPersXvY/cUMS1XFvLadtnw== equinox@mur.at + r3: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDj7AcnQZCRihToOI7/L5YslP4bkZlZwR2dg6hV8EfQ+37z1p0imhoqc2Oz/zIEgOVARBHkn5XmfR9Bu6e3YfKpXpJXC9O3jpRSw34Xac/8qXzWZsqVAXbtzvBlYA/G4j0NQM9XIVBa1ZzBZu87xeE4KUWzO80fnQ+G3GSBp28BM4TUiSOmX9y58chPZfUp2DE80fInoXv11ikLLCBDXfMkzFCZ4Gcexhr0TYcBUgLV7ufL0xqLg4yE+Z21PLtttvVYgZIers2nWetLPoREi5yDGKeCjJVyT00X2rp6h3eFkc/VaHfb5c2MY9/4BOt+cbFCx73sG0C1SnSzWd624K/8CEoJTsX4MazLLrxwi3hIwiYX1mCCfq4+S4PpSFvMUGdMWB52PkBRXulQislCVBA/lzma93xJr1jWVFSikjkvAUt8Zt33vHMRd7RMYDfsDVIEKpUT49cBj0v7zs6IVE858J33sUZoVXaiA2sjsap8RguNtjJMSYx8+nwkQAjxwlTiV2J6pHGQHJDyeVsqGlnMpEk32ZeSs/BQ7XWPG62FT3SN6E4C/fa8dawvs7RgY0cbZkhucECBu9Zto/KakIhzLtFzgDighPmK5SlAPoNEJLJYPo5ry2SBTysc4uV7xYZSQ6OVofeQeFXKL8oPe/ZAvKafn3Zk0mQcCtH0Z8q8iQ== equinox@realraum.at + spread: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtmysXjBidEwJek6hBgaENiyVOwroFi19xRZZw+cYYqi6asDfF6B/h6gYNkJGWo0rD5ZaLdau1O210O5Xu+TfK1e2bZbxuFIj2fguUkat9wN6IQIO2m2Wcf4k/eiTmtAE3dp0l5ThMqfxxE8dj76mOOrUHCfJUIVoATGs4X5TLcGcXroAcZ+DFFoDzjxjFYNmIuUNtXDwXTpPc63SAYmRvW0ZYZlvH1qZ6irLh+GtE1dZ1Q5lQZvp6xUYcjInbpcd5Ko3KbG/In7sNmUCI7iaTwC4DPDTcHFj99Ll1jruAbdaQqe+ClZv55dbQ+92RDF6fsuQBD8FeRz7nYChvCqNPT1KOvcVsDtbW0iJ1PZ05QdE27w23wJj9OE0JWM09P3AH3ttswHaJ+P4s7mSxxK2m6YZcqop3czLlWWoGna0ynd5eV6l/rtvAQUvBOXjKQ5fPQY5d9cF0Z87NBE54HM9a/IKZ2toU2MuYNUpI/DUoAA9ILS4bJm3AUz8wbaC5EiuIhbM6I/u0NANamaQKRrolGNP4ETaQvhABs+S3/NSSBy4DMjtwax2BxyenF6i89vyHPNY+LZzBOn842yUlEGn6Z11MxiE5fhIfMPUclSYi5bQJDf1fvAyAo59/AX8sPqRK+/OCLIgLwdtW6D4OZGXjqrBJe2j/5uZSJEsl6ROyKw== equinox@spreadspace.org diff --git a/inventory/group_vars/elevate/main.yml b/inventory/group_vars/elevate/main.yml new file mode 100644 index 00000000..1808db88 --- /dev/null +++ b/inventory/group_vars/elevate/main.yml @@ -0,0 +1,4 @@ +--- +sshserver_root_keys: "{{ [ ssh_keys.equinox.ele ] | join('\n') }}" + +acmetool_account_email: equinox@elevate.at diff --git a/inventory/group_vars/hetzner/main.yml b/inventory/group_vars/hetzner/main.yml new file mode 100644 index 00000000..2e5c8b4a --- /dev/null +++ b/inventory/group_vars/hetzner/main.yml @@ -0,0 +1,6 @@ +--- +debian_mirror: + packages: http://mirror.hetzner.de/debian/packages + security: http://mirror.hetzner.de/debian/security + +ubuntu_mirror: http://mirror.hetzner.de/ubuntu/packages diff --git a/inventory/group_vars/k8s-emc/main.yml b/inventory/group_vars/k8s-emc/main.yml new file mode 100644 index 00000000..6b1344ae --- /dev/null +++ b/inventory/group_vars/k8s-emc/main.yml @@ -0,0 +1,39 @@ +--- +docker_pkg_version: 17.03.2~ce-0~debian-stretch + +kubernetes: + pkg_version: 1.9.6-00 + + dedicated_master: True + api_advertise_ip: 144.76.160.141 + api_extra_sans: + - emc-master.spreadspace.org + + pod_ip_range: 172.18.0.0/16 + pod_ip_range_size: 24 + service_ip_range: 172.18.192.0/18 + ## net_index must be in the range between 1 and 190 -> 189 hosts possible + ## + ## hardcoded hostnames are not nice but if we do this via host_vars + ## the info is spread over multiple files and this makes it more diffcult + ## to find mistakes, so it is nicer to keep it in one place... + net_index: + emc-01: 1 + emc-02: 2 + emc-03: 3 + emc-04: 4 + emc-05: 5 + emc-06: 6 + emc-test: 99 + emc-00: 100 + dione: 101 + helene: 102 + emc-stats: 120 + emc-master: 127 + + direct_net_zones: + encoder: + transfer_net: 172.18.191.0/24 + node_interface: + dione: eno2 + helene: eno2 diff --git a/inventory/group_vars/skillz/main.yml b/inventory/group_vars/skillz/main.yml new file mode 100644 index 00000000..4d8f679d --- /dev/null +++ b/inventory/group_vars/skillz/main.yml @@ -0,0 +1,2 @@ +--- +sshserver_root_keys: "{{ [ ssh_keys.equinox.ele ] | join('\n') }}" diff --git a/inventory/group_vars/spreadspace/main.yml b/inventory/group_vars/spreadspace/main.yml new file mode 100644 index 00000000..cfe1ec2b --- /dev/null +++ b/inventory/group_vars/spreadspace/main.yml @@ -0,0 +1,8 @@ +--- +sshserver_root_keys: "{{ [ ssh_keys.equinox.spread ] | join('\n') }}" + +acmetool_account_email: equinox@spreadspace.org + +blackmagic_desktopvideo_apt: + username: "streaming" + password: "{{ vault_spreadspace.blackmagic_desktopvideo_apt_password }}" diff --git a/inventory/host_vars/calypso.yml b/inventory/host_vars/calypso.yml new file mode 100644 index 00000000..ff853586 --- /dev/null +++ b/inventory/host_vars/calypso.yml @@ -0,0 +1,10 @@ +--- +base_packages_extra_host: +- exfat-fuse +- exfat-utils +- vlan + +admin_user_host: +- "{{ equinox_user }}" + +sshserver_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" diff --git a/inventory/host_vars/dione.yml b/inventory/host_vars/dione.yml new file mode 100644 index 00000000..75b289c2 --- /dev/null +++ b/inventory/host_vars/dione.yml @@ -0,0 +1,22 @@ +--- +base_packages_extra_host: +- exfat-fuse +- exfat-utils +- vlan + +admin_user_host: +- "{{ equinox_user }}" + +sshserver_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" + +docker_lvm: + vg: dione + lv: docker + size: 15G + fs: ext4 + +kubelet_lvm: + vg: dione + lv: kubelet + size: 10G + fs: ext4 diff --git a/inventory/host_vars/elesearch.yml b/inventory/host_vars/elesearch.yml new file mode 100644 index 00000000..0e235000 --- /dev/null +++ b/inventory/host_vars/elesearch.yml @@ -0,0 +1,29 @@ +--- +vm_install_host: sk2013 + +vm_install: + host: "{{ vm_install_host }}" + mem: 1024 + numcpu: 4 + disks: + primary: vda + virtio: + vda: + vg: storage + lv: "{{ inventory_hostname }}" + size: 50g + interfaces: + - bridge: "{{ hostvars[vm_install_host].vm_host.network.interface }}" + name: primary0 + autostart: True + +vm_network: + nameservers: "{{ hostvars[vm_install_host].vm_host.network.nameservers }}" + domain: elevate.at + systemd_link: + interfaces: "{{ vm_install.interfaces }}" + primary: + interface: primary0 + ip: "{{ (hostvars[vm_install_host].vm_host.network.ip+'/'+hostvars[vm_install_host].vm_host.network.mask) | ipaddr(hostvars[vm_install_host].vm_host.network.indices[inventory_hostname]) | ipaddr('address') }}" + mask: "{{ hostvars[vm_install_host].vm_host.network.mask }}" + gateway: "{{ hostvars[vm_install_host].vm_host.network.gateway | default(hostvars[vm_install_host].vm_host.network.ip) }}" diff --git a/inventory/host_vars/emc-master.yml b/inventory/host_vars/emc-master.yml new file mode 100644 index 00000000..95b3062a --- /dev/null +++ b/inventory/host_vars/emc-master.yml @@ -0,0 +1,41 @@ +--- +vm_install_host: sk2013 + +vm_install: + host: "{{ vm_install_host }}" + mem: 1024 + numcpu: 2 + disks: + primary: vda + virtio: + vda: + vg: storage + lv: "{{ inventory_hostname }}" + size: 42g + interfaces: + - bridge: "{{ hostvars[vm_install_host].vm_host.network.interface }}" + name: primary0 + autostart: True + +vm_network: + nameservers: "{{ hostvars[vm_install_host].vm_host.network.nameservers }}" + domain: spreadspace.org + systemd_link: + interfaces: "{{ vm_install.interfaces }}" + primary: + interface: primary0 + ip: "{{ (hostvars[vm_install_host].vm_host.network.ip+'/'+hostvars[vm_install_host].vm_host.network.mask) | ipaddr(hostvars[vm_install_host].vm_host.network.indices[inventory_hostname]) | ipaddr('address') }}" + mask: "{{ hostvars[vm_install_host].vm_host.network.mask }}" + gateway: "{{ hostvars[vm_install_host].vm_host.network.gateway | default(hostvars[vm_install_host].vm_host.network.ip) }}" + +docker_lvm: + vg: "{{ inventory_hostname }}" + lv: docker + size: 10G + fs: ext4 + +kubelet_lvm: + vg: "{{ inventory_hostname }}" + lv: kubelet + size: 10G + fs: ext4 diff --git a/inventory/host_vars/emc-stats.yml b/inventory/host_vars/emc-stats.yml new file mode 100644 index 00000000..89352b4f --- /dev/null +++ b/inventory/host_vars/emc-stats.yml @@ -0,0 +1,52 @@ +--- +vm_install_host: sk2016 + +vm_install: + host: "{{ vm_install_host }}" + mem: 8192 + numcpu: 6 + disks: + primary: vda + virtio: + vda: + vg: storage + lv: "{{ inventory_hostname }}" + size: 42g + vdb: + vg: storage + lv: "{{ inventory_hostname }}-data" + size: 100g + interfaces: + - bridge: "{{ hostvars[vm_install_host].vm_host.network.interface }}" + name: primary0 + autostart: True + +vm_network: + nameservers: "{{ hostvars[vm_install_host].vm_host.network.nameservers }}" + domain: spreadspace.org + systemd_link: + interfaces: "{{ vm_install.interfaces }}" + primary: + interface: primary0 + ip: "{{ (hostvars[vm_install_host].vm_host.network.ip+'/'+hostvars[vm_install_host].vm_host.network.mask) | ipaddr(hostvars[vm_install_host].vm_host.network.indices[inventory_hostname]) | ipaddr('address') }}" + mask: "{{ hostvars[vm_install_host].vm_host.network.mask }}" + gateway: "{{ hostvars[vm_install_host].vm_host.network.gateway | default(hostvars[vm_install_host].vm_host.network.ip) }}" + +docker_lvm: + vg: "{{ inventory_hostname }}" + lv: docker + size: 15G + fs: ext4 + +kubelet_lvm: + vg: "{{ inventory_hostname }}" + lv: kubelet + size: 10G + fs: ext4 + +emc_stats_lvm: + pvs: /dev/vdb + vg: "{{ inventory_hostname }}-data" + lv: stats + size: 50G + fs: ext4 diff --git a/inventory/host_vars/helene.yml b/inventory/host_vars/helene.yml new file mode 100644 index 00000000..b40fb069 --- /dev/null +++ b/inventory/host_vars/helene.yml @@ -0,0 +1,22 @@ +--- +base_packages_extra_host: +- exfat-fuse +- exfat-utils +- vlan + +admin_user_host: +- "{{ equinox_user }}" + +sshserver_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" + +docker_lvm: + vg: helene + lv: docker + size: 15G + fs: ext4 + +kubelet_lvm: + vg: helene + lv: kubelet + size: 10G + fs: ext4 diff --git a/inventory/host_vars/sk2013.yml b/inventory/host_vars/sk2013.yml new file mode 100644 index 00000000..920748c1 --- /dev/null +++ b/inventory/host_vars/sk2013.yml @@ -0,0 +1,33 @@ +--- +sshserver_allowusers_host: +- backuppc +- equinox +- dan + +vm_host: + installer: + net_if: virbr + preseed_path: /srv/preseed + path: /srv/installer + distros: + - distro: debian + codename: stretch + arch: + - amd64 + - i386 + - distro: ubuntu + codename: xenial + arch: + - amd64 + - i386 + network: + interface: virbr + ip: 192.168.160.254 + mask: 255.255.255.0 + nameservers: + - 213.133.100.100 + - 213.133.98.98 + - 213.133.99.99 + indices: + emc-master: 141 + elesearch: 142 diff --git a/inventory/host_vars/sk2016.yml b/inventory/host_vars/sk2016.yml new file mode 100644 index 00000000..872223db --- /dev/null +++ b/inventory/host_vars/sk2016.yml @@ -0,0 +1,32 @@ +--- +sshserver_allowusers_host: +- backuppc +- equinox +- dan + +vm_host: + installer: + net_if: virbr + preseed_path: /srv/preseed + path: /srv/installer + distros: + - distro: debian + codename: stretch + arch: + - amd64 + - i386 + - distro: ubuntu + codename: xenial + arch: + - amd64 + - i386 + network: + interface: virbr + ip: 192.168.216.254 + mask: 255.255.255.0 + nameservers: + - 213.133.100.100 + - 213.133.98.98 + - 213.133.99.99 + indices: + emc-stats: 200 diff --git a/inventory/host_vars/telesto.yml b/inventory/host_vars/telesto.yml new file mode 100644 index 00000000..ff853586 --- /dev/null +++ b/inventory/host_vars/telesto.yml @@ -0,0 +1,10 @@ +--- +base_packages_extra_host: +- exfat-fuse +- exfat-utils +- vlan + +admin_user_host: +- "{{ equinox_user }}" + +sshserver_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" diff --git a/inventory/host_vars/thetys.yml b/inventory/host_vars/thetys.yml new file mode 100644 index 00000000..ff853586 --- /dev/null +++ b/inventory/host_vars/thetys.yml @@ -0,0 +1,10 @@ +--- +base_packages_extra_host: +- exfat-fuse +- exfat-utils +- vlan + +admin_user_host: +- "{{ equinox_user }}" + +sshserver_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" diff --git a/inventory/hosts.ini b/inventory/hosts.ini new file mode 100644 index 00000000..771b1b2c --- /dev/null +++ b/inventory/hosts.ini @@ -0,0 +1,138 @@ +[all:vars] +ansible_host={{ inventory_hostname }}.{{ host_domain }} +ansible_user=root +ansible_port=22000 + + +############################### +# environment: chaos-at-home + +[chaos-at-home:vars] +host_domain=chaos-at-home.org +environment_group=chaos-at-home + +[chaos-at-home] +prometheus +web +mail +stats +auth +atlas +pan +keyserver +mimas + + +############################### +# environment: spreadspace + +[spreadspace:vars] +host_domain=spreadspace.org +environment_group=spreadspace + +[spreadspace] +build ansible_port=222 +calypso +telesto +thetys +dione +helene +emc-test + + +############################### +# environment: elevate + +[skillz:vars] +host_domain=skillz.biz +environment_group=elevate + +[skillz] +sk2013 +sk2016 +sktorrent + + +[elevate:vars] +host_domain=elevate.at +environment_group=elevate + +[elevate] +elewolke +elestream +elemedia +elesearch + +[elevate:children] +emc + + +[emc:vars] +host_domain=spreadspace.org + +[emc] +emc-stats +emc-master + +[emc:children] +emc-xx + +[emc-xx] +#emc-0[0:6] +emc-00 + + +############################### +# host categories + +[kvmhosts] +prometheus +atlas +sk2013 +sk2016 + +[hetzner] +sk2013 +sk2016 +emc-stats +emc-master +mimas +sktorrent +elewolke +elestream +elesearch + +[hetzner:children] +emc-xx + + +[scaleway-kernel] +# emc-test + +[scaleway] +emc-test + +[scaleway:children] +scaleway-kernel + + +### kubernetes cluster: emc + +[k8s-emc-encoder] +#dione +#helene + +[k8s-emc-streamer:children] +emc-xx + +[k8s-emc-master] +emc-master + +[k8s-emc-stats] +emc-stats + +[k8s-emc:children] +k8s-emc-master +k8s-emc-encoder +k8s-emc-streamer +k8s-emc-stats diff --git a/roles/blackmagic-desktopvideo/defaults/main.yml b/roles/blackmagic-desktopvideo/defaults/main.yml new file mode 100644 index 00000000..8dde7e4d --- /dev/null +++ b/roles/blackmagic-desktopvideo/defaults/main.yml @@ -0,0 +1,4 @@ +--- +blackmagic_desktopvideo_apt: + username: "change-me" +# password: "secret" diff --git a/roles/blackmagic-desktopvideo/tasks/main.yml b/roles/blackmagic-desktopvideo/tasks/main.yml index 632f36ea..5283b628 100644 --- a/roles/blackmagic-desktopvideo/tasks/main.yml +++ b/roles/blackmagic-desktopvideo/tasks/main.yml @@ -11,7 +11,7 @@ - name: add repository entry apt_repository: - repo: deb https://{{ vault_build_spreadspace_blackmagic.username }}:{{ vault_build_spreadspace_blackmagic.password }}@build.spreadspace.org/ {{ ansible_distribution_release }} blackmagic + repo: "deb https://{{ blackmagic_desktopvideo_apt.username }}:{{ blackmagic_desktopvideo_apt.password }}@build.spreadspace.org/ {{ ansible_distribution_release }} blackmagic" state: present filename: blackmagic mode: 0600 diff --git a/spreadspace/generic.yaml b/spreadspace/generic.yaml new file mode 100644 index 00000000..d3b8de82 --- /dev/null +++ b/spreadspace/generic.yaml @@ -0,0 +1,5 @@ +--- +- name: "Apply role {{ myrole }} to hosts: {{ myhosts }}" + hosts: "{{ myhosts }}" + roles: + - role: "{{ myrole }}" diff --git a/spreadspace/group_vars/spreadspace.yml b/spreadspace/group_vars/spreadspace.yml new file mode 100644 index 00000000..c34fdc8d --- /dev/null +++ b/spreadspace/group_vars/spreadspace.yml @@ -0,0 +1,10 @@ +$ANSIBLE_VAULT;1.2;AES256;spreadspace +31313137643137373839333838343730353634616138643463333262373737356639396539643233 +3839663334323736343239373961353164646565653562390a383831383638383434623863333337 +34366232356438386563643165303735663737373566363038653061323765303466376135303565 +6331623630653931660a626235376639376231633735656333333764643064393834363134663936 +63393563323334373231643237353362653839326235336538363730356364643566303566316665 +64396539333132353131326664323866313161386232393536643733386231643737363962666531 +65336366336435633933666436616261303265326232386639333562323032393832633037636266 +36356262346132663165653530363239316438653637326330636537356234646535376365396538 +6231 -- cgit v1.2.3