From 1b2e596b15181c983efb2c8b3030f2f11d28bd72 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Mon, 2 Mar 2020 00:54:50 +0100
Subject: emc k8s cluster is now complete

---
 dan/emc-00.yml                        | 11 +++++++++
 dan/emc-01.yml                        | 11 +++++++++
 dan/emc-02.yml                        | 11 +++++++++
 dan/emc-03.yml                        | 11 +++++++++
 dan/emc-dist.yml                      |  1 -
 dan/emc-dist0.yml                     |  7 ++++++
 dan/emc-xx.yml                        |  4 +--
 dan/emc_acmehack.yml                  | 29 ----------------------
 dan/group_vars/emc.yml                | 10 ++++++++
 inventory/group_vars/emc-dist.yml     | 21 ++++++++++++++++
 inventory/group_vars/emc-xx/main.yml  | 21 ++++++++++++++++
 inventory/hosts.ini                   | 46 ++++++++++++++++++-----------------
 roles/acmetool/base/defaults/main.yml |  2 +-
 roles/cloud/install/tasks/hcloud.yml  | 21 ++++++++++------
 14 files changed, 142 insertions(+), 64 deletions(-)
 create mode 100644 dan/emc-00.yml
 create mode 100644 dan/emc-01.yml
 create mode 100644 dan/emc-02.yml
 create mode 100644 dan/emc-03.yml
 create mode 100644 dan/emc-dist0.yml
 delete mode 100644 dan/emc_acmehack.yml
 create mode 100644 dan/group_vars/emc.yml
 create mode 100644 inventory/group_vars/emc-dist.yml

diff --git a/dan/emc-00.yml b/dan/emc-00.yml
new file mode 100644
index 00000000..2238f0c4
--- /dev/null
+++ b/dan/emc-00.yml
@@ -0,0 +1,11 @@
+---
+- name: Basic Setup
+  hosts: emc-00
+  roles:
+  - role: base
+  - role: sshd
+  - role: zsh
+  - role: apt-repo/spreadspace
+  - role: acmetool/base
+  - role: acmetool/cert
+    acmetool_cert_name: "{{ host_name }}.{{ host_domain }}"
diff --git a/dan/emc-01.yml b/dan/emc-01.yml
new file mode 100644
index 00000000..d8582867
--- /dev/null
+++ b/dan/emc-01.yml
@@ -0,0 +1,11 @@
+---
+- name: Basic Setup
+  hosts: emc-01
+  roles:
+  - role: base
+  - role: sshd
+  - role: zsh
+  - role: apt-repo/spreadspace
+  - role: acmetool/base
+  - role: acmetool/cert
+    acmetool_cert_name: "{{ host_name }}.{{ host_domain }}"
diff --git a/dan/emc-02.yml b/dan/emc-02.yml
new file mode 100644
index 00000000..78b4737a
--- /dev/null
+++ b/dan/emc-02.yml
@@ -0,0 +1,11 @@
+---
+- name: Basic Setup
+  hosts: emc-02
+  roles:
+  - role: base
+  - role: sshd
+  - role: zsh
+  - role: apt-repo/spreadspace
+  - role: acmetool/base
+  - role: acmetool/cert
+    acmetool_cert_name: "{{ host_name }}.{{ host_domain }}"
diff --git a/dan/emc-03.yml b/dan/emc-03.yml
new file mode 100644
index 00000000..87814119
--- /dev/null
+++ b/dan/emc-03.yml
@@ -0,0 +1,11 @@
+---
+- name: Basic Setup
+  hosts: emc-03
+  roles:
+  - role: base
+  - role: sshd
+  - role: zsh
+  - role: apt-repo/spreadspace
+  - role: acmetool/base
+  - role: acmetool/cert
+    acmetool_cert_name: "{{ host_name }}.{{ host_domain }}"
diff --git a/dan/emc-dist.yml b/dan/emc-dist.yml
index d9796969..0e2318f4 100644
--- a/dan/emc-dist.yml
+++ b/dan/emc-dist.yml
@@ -2,7 +2,6 @@
 - name: Basic Setup
   hosts: emc-dist
   roles:
-  - role: slim/hetzner
   - role: base
   - role: sshd
   - role: zsh
diff --git a/dan/emc-dist0.yml b/dan/emc-dist0.yml
new file mode 100644
index 00000000..9efb2731
--- /dev/null
+++ b/dan/emc-dist0.yml
@@ -0,0 +1,7 @@
+---
+- name: Basic Setup
+  hosts: emc-dist0
+  roles:
+  - role: base
+  - role: sshd
+  - role: zsh
diff --git a/dan/emc-xx.yml b/dan/emc-xx.yml
index f1a57b2c..7b80f76e 100644
--- a/dan/emc-xx.yml
+++ b/dan/emc-xx.yml
@@ -1,12 +1,10 @@
 ---
 - name: Basic Setup
-  hosts: emc-xx:!emc-00
+  hosts: emc-xx
   roles:
-  - role: slim/hetzner
   - role: base
   - role: sshd
   - role: zsh
-  - role: admin-user
   - role: apt-repo/spreadspace
   - role: acmetool/base
   - role: acmetool/cert
diff --git a/dan/emc_acmehack.yml b/dan/emc_acmehack.yml
deleted file mode 100644
index dd66d35c..00000000
--- a/dan/emc_acmehack.yml
+++ /dev/null
@@ -1,29 +0,0 @@
----
-- name: create certificates for host
-  hosts: emc-xx:helene
-  vars:
-    acmetool_directory_server: "{{ acmetool_directory_server_le_live_v1 }}"
-  roles:
-  - role: acmetool/base
-  - role: acmetool/cert
-    acmetool_cert_name: "{{ inventory_hostname }}"
-    acmetool_cert_hostnames:
-    - "{{ inventory_hostname }}.spreadspace.org"
-
-- name: create certificates for names running on emc-00
-  hosts: emc-00
-  roles:
-  - role: acmetool/cert
-    acmetool_cert_name: emc
-    acmetool_cert_hostnames:
-    - stream.elevate.at
-    - elevate-live.spreadspace.org
-    - elevate-stats.spreadspace.org
-
-- name: create certificates for names running on helene
-  hosts: emc-helene
-  roles:
-  - role: acmetool/cert
-    acmetool_cert_name: emc
-    acmetool_cert_hostnames:
-    - elevate-feed.spreadspace.org
diff --git a/dan/group_vars/emc.yml b/dan/group_vars/emc.yml
new file mode 100644
index 00000000..a8c4004f
--- /dev/null
+++ b/dan/group_vars/emc.yml
@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.2;AES256;dan
+62373236353033346534363864356138396637653435313339373964323334386465323634303863
+6132306331343566333838386530326332353037393637660a643534326336383665306230316237
+64633266336233306661663231333031663933373432353139323163373932323930393636373035
+6238346263333632660a646533653935633964326439386237303838613166383331393534383566
+36336662346632326663633734656435396339343264363733343434323061623438663662343866
+33643237623235356431303638323836633137383334363830623565396161623563623439663762
+35356135666465366463336564343730616633383863313833303830333464356234383339363334
+61613331663264356462396165663565303463333932363331386134663230363262393664346161
+6133
diff --git a/inventory/group_vars/emc-dist.yml b/inventory/group_vars/emc-dist.yml
new file mode 100644
index 00000000..e53a98ad
--- /dev/null
+++ b/inventory/group_vars/emc-dist.yml
@@ -0,0 +1,21 @@
+---
+install:
+  cloud:
+    credentials:
+      token: "{{ vault_hcloud_api_token }}"
+  disks:
+    root_lvm_size: all
+
+network: {}
+
+docker_lvm:
+  vg: "{{ host_name }}"
+  lv: docker
+  size: 15G
+  fs: ext4
+
+kubelet_lvm:
+  vg: "{{ host_name }}"
+  lv: kubelet
+  size: 10G
+  fs: ext4
diff --git a/inventory/group_vars/emc-xx/main.yml b/inventory/group_vars/emc-xx/main.yml
index 823a1c05..c73b8962 100644
--- a/inventory/group_vars/emc-xx/main.yml
+++ b/inventory/group_vars/emc-xx/main.yml
@@ -1,2 +1,23 @@
 ---
 acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}"
+
+install:
+  cloud:
+    credentials:
+      token: "{{ vault_hcloud_api_token }}"
+  disks:
+    root_lvm_size: all
+
+network: {}
+
+docker_lvm:
+  vg: "{{ host_name }}"
+  lv: docker
+  size: 15G
+  fs: ext4
+
+kubelet_lvm:
+  vg: "{{ host_name }}"
+  lv: kubelet
+  size: 10G
+  fs: ext4
diff --git a/inventory/hosts.ini b/inventory/hosts.ini
index 121e251f..0cad20a1 100644
--- a/inventory/hosts.ini
+++ b/inventory/hosts.ini
@@ -110,25 +110,6 @@ k8s-test-atlas
 k8s-test-2019vm
 
 
-[emc:vars]
-host_domain=elev8.at
-env_group=dan
-ansible_port=222
-
-[emc]
-emc-master
-
-[emc:children]
-emc-dist
-emc-xx
-
-[emc-dist]
-#emc-dist0
-
-[emc-xx]
-#emc-0[0:6]
-
-
 ###############################
 # environment: dan
 
@@ -183,7 +164,7 @@ ele-calypso host_name=calypso
 ele-dione host_name=dione
 ele-helene host_name=helene
 ele-uhrturm host_name=uhrturm
-ele-lt host_name=liquidtruth ansible_port=222
+ele-lt host_name=liquidtruth
 ele-laptop host_name=elevatop
 ele-orpheum
 ele-tub
@@ -198,6 +179,25 @@ ele-dolmetsch-raspi
 ele-infobeamer
 
 
+[emc:vars]
+host_domain=elev8.at
+env_group=dan
+ansible_port=222
+
+[emc]
+emc-master
+
+[emc:children]
+emc-dist
+emc-xx
+
+[emc-dist]
+emc-dist0
+
+[emc-xx]
+emc-0[0:3]
+
+
 ###############################
 # host categories
 
@@ -248,7 +248,10 @@ sk-2019vm
 [hcloud]
 ch-mimas2
 ele-lt
-emc-dist0
+
+[hcloud:children]
+emc-dist
+emc-xx
 
 [hetzner]
 emc-master
@@ -256,7 +259,6 @@ sk-testvm
 sk-torrent
 
 [hetzner:children]
-emc-xx
 hroot
 hcloud
 
diff --git a/roles/acmetool/base/defaults/main.yml b/roles/acmetool/base/defaults/main.yml
index b8ceb881..df82d26c 100644
--- a/roles/acmetool/base/defaults/main.yml
+++ b/roles/acmetool/base/defaults/main.yml
@@ -3,7 +3,7 @@ acmetool_directory_server_le_live_v1: "https://acme-v01.api.letsencrypt.org/dire
 acmetool_directory_server_le_staging_v1: "https://acme-staging.api.letsencrypt.org/directory"
 
 acmetool_directory_server_le_live_v2: "https://acme-v02.api.letsencrypt.org/directory"
-acmetool_directory_server_le_staging_v2: "acme-staging-v02.api.letsencrypt.org/directory"
+acmetool_directory_server_le_staging_v2: "https://acme-staging-v02.api.letsencrypt.org/directory"
 
 ## this can't be changed after the account as been created (aka after the first run)
 ## and it's not recommended to keep this empty so we don't define it here which will lead to an error
diff --git a/roles/cloud/install/tasks/hcloud.yml b/roles/cloud/install/tasks/hcloud.yml
index 646d80da..7e87c114 100644
--- a/roles/cloud/install/tasks/hcloud.yml
+++ b/roles/cloud/install/tasks/hcloud.yml
@@ -38,14 +38,19 @@
     status_code: 201
   delegate_to: localhost
 
-- name: do a hardware reset
-  uri:
-    url: "https://api.hetzner.cloud/v1/servers/{{ serverstatus.json.servers[0].id }}/actions/reset"
-    method: POST
-    headers:
-      Authorization: "Bearer {{ install_cooked.cloud.credentials.token }}"
-    status_code: 201
-  delegate_to: localhost
+## TODO: remove this once the task below is fixed
+- pause:
+    prompt: Please reset the server {{ install_cooked.cloud.server_name | default(inventory_hostname) }} and press enter...
+
+### TODO this does not work????
+# - name: do a hardware reset
+#   uri:
+#     url: "https://api.hetzner.cloud/v1/servers/{{ serverstatus.json.servers[0].id }}/actions/reset"
+#     method: POST
+#     headers:
+#       Authorization: "Bearer {{ install_cooked.cloud.credentials.token }}"
+#     status_code: 201
+#   delegate_to: localhost
 
 ### TODO: would be nice to get the SSH host key from robot
 - name: completely ignore ssh host keys for now
-- 
cgit v1.2.3