From 2a442070a042e2e27a64a6c4119df7a7fd635798 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 23 May 2020 07:50:16 +0200 Subject: sk-tomnext and both VMs running on it are finally done --- common/cloud-install.yml | 16 ++++----- common/vm-install.yml | 16 ++++----- dan/host_vars/sk-tomnext-nc.yml | 14 ++++++++ dan/sk-tomnext-hp.yml | 6 ++++ dan/sk-tomnext-nc.yml | 17 +++++++++ inventory/host_vars/sk-tomnext-hp.yml | 32 +++++++++++++++++ inventory/host_vars/sk-tomnext-nc.yml | 66 +++++++++++++++++++++++++++++++++-- inventory/host_vars/sk-tomnext.yml | 10 +++--- inventory/hosts.ini | 3 +- remove-known-host.sh | 12 +++++-- 10 files changed, 163 insertions(+), 29 deletions(-) create mode 100644 dan/host_vars/sk-tomnext-nc.yml create mode 100644 dan/sk-tomnext-hp.yml create mode 100644 dan/sk-tomnext-nc.yml create mode 100644 inventory/host_vars/sk-tomnext-hp.yml diff --git a/common/cloud-install.yml b/common/cloud-install.yml index e21d4bf1..414cabd1 100644 --- a/common/cloud-install.yml +++ b/common/cloud-install.yml @@ -29,14 +29,6 @@ roles: - role: cloud/post-install -- name: run host playbook - vars: - params: - files: - - "../{{ install_environment }}/{{ install_hostname }}.yml" - - "../{{ install_environment }}/{{ install_playbook | default('common') }}.yml" - import_playbook: "{{ q('first_found', params) | first }}" - - name: reboot and wait for machine come back hosts: "{{ install_hostname }}" gather_facts: no @@ -44,3 +36,11 @@ - role: reboot-and-wait reboot_delay: 10 reboot_timeout: 120 + +- name: run host playbook + vars: + params: + files: + - "../{{ install_environment }}/{{ install_hostname }}.yml" + - "../{{ install_environment }}/{{ install_playbook | default('common') }}.yml" + import_playbook: "{{ q('first_found', params) | first }}" diff --git a/common/vm-install.yml b/common/vm-install.yml index d449926e..7aaf32fc 100644 --- a/common/vm-install.yml +++ b/common/vm-install.yml @@ -58,14 +58,6 @@ - role: vm/guest when: install_distro in ['debian', 'ubuntu'] -- name: run host playbook - vars: - params: - files: - - "../{{ install_environment }}/{{ install_hostname }}.yml" - - "../{{ install_environment }}/{{ install_playbook | default('common') }}.yml" - import_playbook: "{{ q('first_found', params) | first }}" - - name: reboot and wait for VM come back hosts: "{{ install_hostname }}" gather_facts: no @@ -73,3 +65,11 @@ - role: reboot-and-wait reboot_delay: 10 reboot_timeout: 120 + +- name: run host playbook + vars: + params: + files: + - "../{{ install_environment }}/{{ install_hostname }}.yml" + - "../{{ install_environment }}/{{ install_playbook | default('common') }}.yml" + import_playbook: "{{ q('first_found', params) | first }}" diff --git a/dan/host_vars/sk-tomnext-nc.yml b/dan/host_vars/sk-tomnext-nc.yml new file mode 100644 index 00000000..74badcb1 --- /dev/null +++ b/dan/host_vars/sk-tomnext-nc.yml @@ -0,0 +1,14 @@ +$ANSIBLE_VAULT;1.2;AES256;dan +39383530376638633762616162653834303633316365353238316464373534653462623962646662 +3536616637633035613832663331396236383936393331640a373033623664316136343239373935 +65323762663761333164326638363530393033626561663964313536303036333631363237613437 +3238336132626632300a636166386434646332613630623563633835306235373463633234303634 +31363236396139353833656139353537396337353864653738316631663638633539613865613864 +66343761366438373435326232616333316135313464623737333830316364333165396361383065 +39346232336662653239343837333138626263383337613762306464343231393932386635666237 +61336133316631306666633666653162653836613761363030393462633965336335316165346436 +64633032623633663761663266646234633961303531383761363064616231376163666665346563 +65646239343938313766346236616436313862623765326233656531383733663437313563613433 +33313532643436653234313833653962636265653864306331373433396338623435646562643631 +61306531663065653164663431653735633933616662663264656538343364373436366365383132 +3833 diff --git a/dan/sk-tomnext-hp.yml b/dan/sk-tomnext-hp.yml new file mode 100644 index 00000000..b0c38093 --- /dev/null +++ b/dan/sk-tomnext-hp.yml @@ -0,0 +1,6 @@ +--- +- name: do nothing + hosts: sk-tomnext-hp + tasks: + - debug: + msg: this host is not managed by ansible ... nothing to do here diff --git a/dan/sk-tomnext-nc.yml b/dan/sk-tomnext-nc.yml new file mode 100644 index 00000000..b1cf028a --- /dev/null +++ b/dan/sk-tomnext-nc.yml @@ -0,0 +1,17 @@ +--- +- name: Basic Setup + hosts: sk-tomnext-nc + roles: + - role: base + - role: sshd + - role: zsh + - role: apt-repo/base + - role: admin-user + - role: zfs/base + - role: apt-repo/spreadspace + - role: zfs/sanoid + - role: kubernetes/base + - role: kubernetes/standalone + - role: acmetool/base + - role: nginx/base + - role: apps/nextcloud diff --git a/inventory/host_vars/sk-tomnext-hp.yml b/inventory/host_vars/sk-tomnext-hp.yml new file mode 100644 index 00000000..68b924c7 --- /dev/null +++ b/inventory/host_vars/sk-tomnext-hp.yml @@ -0,0 +1,32 @@ +--- +vm_host: sk-tomnext + +install: + host: "{{ vm_host }}" + mem: 8192 + numcpu: 4 + disks: + primary: /dev/sda + scsi: + sda: + type: zfs + name: root + size: 50g + interfaces: + - bridge: br-public + name: primary0 + autostart: True + +network: + nameservers: "{{ hostvars[vm_host].vm_host.network.dns }}" + domain: "{{ host_domain }}" + systemd_link: + interfaces: "{{ install.interfaces }}" + primary: + interface: primary0 + ip: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr(hostvars[vm_host].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}" + mask: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}" + gateway: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr('address') }}" + overlay: "{{ (hostvars[vm_host].vm_host.network.bridges.public.overlay.prefix | ipaddr(hostvars[vm_host].vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}" + +external_ip: "{{ network.primary.overlay }}" diff --git a/inventory/host_vars/sk-tomnext-nc.yml b/inventory/host_vars/sk-tomnext-nc.yml index a302a298..19117003 100644 --- a/inventory/host_vars/sk-tomnext-nc.yml +++ b/inventory/host_vars/sk-tomnext-nc.yml @@ -11,15 +11,15 @@ install: sda: type: zfs name: root - size: 50g + size: 15g sdb: type: zfs name: data - size: 20g + size: 600g interfaces: - bridge: br-public name: primary0 - autostart: False + autostart: True network: nameservers: "{{ hostvars[vm_host].vm_host.network.dns }}" @@ -34,3 +34,63 @@ network: overlay: "{{ (hostvars[vm_host].vm_host.network.bridges.public.overlay.prefix | ipaddr(hostvars[vm_host].vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}" external_ip: "{{ network.primary.overlay }}" + + +apt_repo_components: +- main +- contrib ## for zfs + + +zfs_arc_size: + min: "{{ 2 * 1024 * 1024 * 1024 }}" + max: "{{ 8 * 1024 * 1024 * 1024 }}" + +zfs_zpools: + storage: + mountpoint: /srv/storage + create_vdevs: /dev/sdb + +zfs_sanoid_modules: + storage/nextcloud: + use_template: production + recursive: yes + process_children_only: yes + + +docker_zfs: + pool: storage + name: docker + size: 15G + +kubelet_zfs: + pool: storage + name: kubelet + size: 15G + +kubernetes_version: 1.18.3 +kubernetes_container_runtime: docker +kubernetes_standalone_max_pods: 15 +kubernetes_standalone_pod_cidr: 192.168.255.0/24 +kubernetes_standalone_cni_variant: with-portmap + + +acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}" + + +nextcloud_zfs: + pool: storage + name: nextcloud + size: 500G + +nextcloud_instances: + team.tomwaitz.eu: + # new: true + version: 18.0.4 + port: 8100 + hostnames: + - team.tomwaitz.eu + quota: 100G + database: + type: mariadb + version: 10.5.3 + password: "{{ vault_nextcloud_database_passwords['team.tomwaitz.eu'] }}" diff --git a/inventory/host_vars/sk-tomnext.yml b/inventory/host_vars/sk-tomnext.yml index 57f3dcf1..22a96897 100644 --- a/inventory/host_vars/sk-tomnext.yml +++ b/inventory/host_vars/sk-tomnext.yml @@ -10,7 +10,6 @@ install: network: {} base_intel_nic_stability_fix: true - ssh_keys_root: "{{ ssh_keys.equinox[env_group] + ssh_keys.dan }}" apt_repo_components: @@ -18,6 +17,7 @@ apt_repo_components: - contrib ## for zfs - non-free ## for microcode updates + cryptdisk_volumes: crypto-nvme0: passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme0'].passphrase }}" @@ -36,16 +36,14 @@ zfs_zpools: mountpoint: /srv/storage create_vdevs: mirror /dev/mapper/crypto-nvme0 /dev/mapper/crypto-nvme1 - zfs_sanoid_modules: - storage/docker: - use_template: ignore - storage/kubelet: - use_template: ignore storage/vm: use_template: production recursive: yes process_children_only: yes + storage/vm/sk-tomnext-nc: + use_template: ignore + recursive: yes vm_host: diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 02d900e2..edc73ac1 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -130,7 +130,7 @@ sk-cloudia host_name=cloudia sk-2019vm host_name=2019vm sk-tomnext host_name=tomnext sk-tomnext-nc host_name=tomnext-nc -sk-tomnext-hp +sk-tomnext-hp host_name=homepage host_domain="" sk-testvm host_name=testvm sk-torrent host_name=torrent @@ -311,6 +311,7 @@ k8s-lwl sk-cloudia ele-thetys lw-thetys +sk-tomnext-nc [kubernetes:children] kubernetes-cluster diff --git a/remove-known-host.sh b/remove-known-host.sh index aab40144..647909ea 100755 --- a/remove-known-host.sh +++ b/remove-known-host.sh @@ -11,13 +11,19 @@ ssh_port=$(ssh -G "$short" | grep "^port " | awk '{ print($2) }' ) known_hosts_file=$(ssh -G "$short" | grep "^userknownhostsfile " | awk '{ print($2) }' ) known_hosts_file=${known_hosts_file/#\~/$HOME} +declare -a names +names+=("$short") +names+=("$ssh_host") +names+=("$ssh_host:$ssh_port") +names+=("[$ssh_host]:$ssh_port") + cd "${BASH_SOURCE%/*}" source common/utils.sh ansible_variable__get host_name "$short" || exit 1 -ansible_variable__get host_domain "$short" || exit 1 - +names+=("$host_name") +ansible_variable__get host_domain "$short" > /dev/null 2>&1 && names+=("$host_name.$host_domain") -for name in "$short" "$ssh_host" "$ssh_host:$ssh_port" "[$ssh_host]:$ssh_port" "$host_name" "$host_name.$host_domain"; do +for name in ${names[@]} ; do ssh-keygen -f "$known_hosts_file" -R "$name" done -- cgit v1.2.3