Bradley/Random_Ansible_Stuff
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

moving some things around

Browse Source
This commit is contained in:
Bradley Bickford 2024-11-11 11:00:31 -05:00
parent 85531c0c0b
commit b579aa2f1f
10 changed files with 484 additions and 484 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.vscode/settings.json vendored
View File

@ -1,3 +1,3 @@
{
"ansible.python.interpreterPath": "c:\\Program Files\\Python312\\python.exe"
{
"ansible.python.interpreterPath": "c:\\Program Files\\Python312\\python.exe"
}

4
ansible.cfg
View File

@ -1,2 +1,2 @@
[defaults]
host_key_checking = false
[defaults]
host_key_checking = false

26
inventories/core_infrastructure
View File

@ -1,13 +1,13 @@
[ansible_nodes]
blacktide ansible_host=192.168.3.2 connection=local
[podman_nodes]
arcade ansible_host=10.20.24.3
beachpolice ansible_host=10.42.0.3
bulletinboard ansible_host=10.26.48.3
lifeguard ansible_host=172.16.132.4
beachsidelibrary ansible_host=10.12.34.3
[pfsense_nodes]
openocean ansible_host=172.16.132.2
boardwalk ansible_host=10.77.7.2
[ansible_nodes]
blacktide ansible_host=192.168.3.2 connection=local
[podman_nodes]
arcade ansible_host=10.20.24.3
beachpolice ansible_host=10.42.0.3
bulletinboard ansible_host=10.26.48.3
lifeguard ansible_host=172.16.132.4
beachsidelibrary ansible_host=10.12.34.3
[pfsense_nodes]
openocean ansible_host=172.16.132.2
boardwalk ansible_host=10.77.7.2

18
inventories/kubernetes
View File

@ -1,9 +1,9 @@
[masters]
kubemaster ansible_host=10.20.24.4 master=true
[workers]
kubeworker1 ansible_host=10.20.24.5 worker=true
kubeworker2 ansible_host=10.20.24.6 worker=true
[ansible_nodes]
ansible ansible_host=10.20.24.3 connection=local
[masters]
kubemaster ansible_host=10.20.24.4 master=true
[workers]
kubeworker1 ansible_host=10.20.24.5 worker=true
kubeworker2 ansible_host=10.20.24.6 worker=true
[ansible_nodes]
ansible ansible_host=10.20.24.3 connection=local

326
playbooks/quadlets/database.yml → playbooks/IaC_database.yml
View File

@ -1,164 +1,164 @@
---
- hosts: beachsidelibrary
become: true
become_method: sudo
become_user: root
vars:
postgres_device: "/dev/vdc"
postgres_vg_name: "vg_postgres"
postgres_lv_name: "lv_pgdata"
postgres_data_directory: "/pgdata"
mysql_device: "/dev/vdd"
mysql_vg_name: "vg_mysql"
mysql_lv_name: "lv_mysql_data"
mysql_data_directory: "/mysql_data"
vars_prompt:
- name: psql_password
prompt: "Enter psql Password: "
private: true
encrypt: sha512_crypt
confirm: true
salt_size: 7
- name: mysql_password
prompt: "Enter mysql Password: "
private: true
encrypt: sha512_crypt
confirm: true
salt_size: 7
tasks:
- name: Create psql user
ansible.builtin.user:
name: psql
password: "{{ psql_password }}"
comment: "Podman user for Postgresql Database"
uid: 2000
- name: Build /pgdata mount
ansible.builtin.import_role:
name: make_lvm_mount
vars:
device_name: "{{ postgres_device }}"
vg_name: "{{ postgres_vg_name }}"
lvs:
- lv_name: "{{ postgres_lv_name }}"
lv_size: "100%FREE"
directories:
- name: "{{ postgres_data_directory }}"
owner: psql
group: psql
mode: "0755"
lv: "{{ postgres_lv_name }}"
- name: Create mysql user
ansible.builtin.user:
name: mysql
password: "{{ mysql_password }}"
comment: "Podman user for MySQL Database"
uid: 2001
- name: Build /mysql_data mount
ansible.builtin.import_role:
name: make_lvm_mount
vars:
device_name: "{{ mysql_device }}"
vg_name: "{{ mysql_vg_name }}"
lvs:
- lv_name: "{{ mysql_lv_name }}"
lv_size: "100%FREE"
directories:
- name: "{{ mysql_data_directory }}"
owner: mysql
group: mysql
mode: "0755"
lv: "{{ mysql_lv_name }}"
- name: Write subuid user entry for psql
ansible.builtin.lineinfile:
path: /etc/subuid
line: "psql:100000:2000"
insertafter: EOF
create: true
state: present
- name: Write subuid user entry for mysql
ansible.builtin.lineinfile:
path: /etc/subuid
line: "mysql:102000:2000"
insertafter: EOF
create: true
state: present
- name: Write subgid group entry for psql
ansible.builtin.lineinfile:
path: /etc/subgid
line: "psql:100000:2000"
insertafter: EOF
create: true
state: present
- name: Write subgid group entry for mysql
ansible.builtin.lineinfile:
path: /etc/subgid
line: "mysql:102000:2000"
insertafter: EOF
create: true
state: present
- name: Configure firewalld for postgres
ansible.posix.firewalld:
service: postgresql
state: enabled
permanent: true
immediate: true
- name: Configure firewalld for mysql
ansible.posix.firewalld:
service: mysql
state: enabled
permanent: true
immediate: true
- name: Build postgres quadlet
containers.podman.podman_container:
name: postgres
image: "postgres:latest"
state: quadlet
quadlet_filename: "postgres-quadlet"
quadlet_file_mode: "0640"
user: "psql"
ports:
- "5432:5432"
volumes:
- "{{ postgres_data_directory }}:/var/lib/postgresql/data"
quadlet_options:
- "AutoUpdate=registry"
- "Pull=newer"
- ""
- |
[Install]
WantedBy=default.target
env:
- POSTGRES_PASSWORD: "{{ psql_password }}"
- name: Build mysql quadlet
containers.podman.podman_container:
name: mysql
image: "mysql:latest"
state: quadlet
quadlet_filename: "mysql-quadlet"
quadlet_file_mode: "0640"
user: "mysql"
ports:
- "3306:3306"
volumes:
- "{{ mysql_data_directory }}:/var/lib/mysql"
quadlet_options:
- "AutoUpdate=registry"
- "Pull=newer"
- ""
- |
[Install]
WantedBy=default.target
env:
- MYSQL_ROOT_PASSWORD: "{{ psql_password }}"
---
- hosts: beachsidelibrary
become: true
become_method: sudo
become_user: root
vars:
postgres_device: "/dev/vdc"
postgres_vg_name: "vg_postgres"
postgres_lv_name: "lv_pgdata"
postgres_data_directory: "/pgdata"
mysql_device: "/dev/vdd"
mysql_vg_name: "vg_mysql"
mysql_lv_name: "lv_mysql_data"
mysql_data_directory: "/mysql_data"
vars_prompt:
- name: psql_password
prompt: "Enter psql Password: "
private: true
encrypt: sha512_crypt
confirm: true
salt_size: 7
- name: mysql_password
prompt: "Enter mysql Password: "
private: true
encrypt: sha512_crypt
confirm: true
salt_size: 7
tasks:
- name: Create psql user
ansible.builtin.user:
name: psql
password: "{{ psql_password }}"
comment: "Podman user for Postgresql Database"
uid: 2000
- name: Build /pgdata mount
ansible.builtin.import_role:
name: make_lvm_mount
vars:
device_name: "{{ postgres_device }}"
vg_name: "{{ postgres_vg_name }}"
lvs:
- lv_name: "{{ postgres_lv_name }}"
lv_size: "100%FREE"
directories:
- name: "{{ postgres_data_directory }}"
owner: psql
group: psql
mode: "0755"
lv: "{{ postgres_lv_name }}"
- name: Create mysql user
ansible.builtin.user:
name: mysql
password: "{{ mysql_password }}"
comment: "Podman user for MySQL Database"
uid: 2001
- name: Build /mysql_data mount
ansible.builtin.import_role:
name: make_lvm_mount
vars:
device_name: "{{ mysql_device }}"
vg_name: "{{ mysql_vg_name }}"
lvs:
- lv_name: "{{ mysql_lv_name }}"
lv_size: "100%FREE"
directories:
- name: "{{ mysql_data_directory }}"
owner: mysql
group: mysql
mode: "0755"
lv: "{{ mysql_lv_name }}"
- name: Write subuid user entry for psql
ansible.builtin.lineinfile:
path: /etc/subuid
line: "psql:100000:2000"
insertafter: EOF
create: true
state: present
- name: Write subuid user entry for mysql
ansible.builtin.lineinfile:
path: /etc/subuid
line: "mysql:102000:2000"
insertafter: EOF
create: true
state: present
- name: Write subgid group entry for psql
ansible.builtin.lineinfile:
path: /etc/subgid
line: "psql:100000:2000"
insertafter: EOF
create: true
state: present
- name: Write subgid group entry for mysql
ansible.builtin.lineinfile:
path: /etc/subgid
line: "mysql:102000:2000"
insertafter: EOF
create: true
state: present
- name: Configure firewalld for postgres
ansible.posix.firewalld:
service: postgresql
state: enabled
permanent: true
immediate: true
- name: Configure firewalld for mysql
ansible.posix.firewalld:
service: mysql
state: enabled
permanent: true
immediate: true
- name: Build postgres quadlet
containers.podman.podman_container:
name: postgres
image: "postgres:latest"
state: quadlet
quadlet_filename: "postgres-quadlet"
quadlet_file_mode: "0640"
user: "psql"
ports:
- "5432:5432"
volumes:
- "{{ postgres_data_directory }}:/var/lib/postgresql/data"
quadlet_options:
- "AutoUpdate=registry"
- "Pull=newer"
- ""
- |
[Install]
WantedBy=default.target
env:
- POSTGRES_PASSWORD: "{{ psql_password }}"
- name: Build mysql quadlet
containers.podman.podman_container:
name: mysql
image: "mysql:latest"
state: quadlet
quadlet_filename: "mysql-quadlet"
quadlet_file_mode: "0640"
user: "mysql"
ports:
- "3306:3306"
volumes:
- "{{ mysql_data_directory }}:/var/lib/mysql"
quadlet_options:
- "AutoUpdate=registry"
- "Pull=newer"
- ""
- |
[Install]
WantedBy=default.target
env:
- MYSQL_ROOT_PASSWORD: "{{ psql_password }}"

152
playbooks/fedora_configure_node_for_k8s.yml
View File

@ -1,76 +1,76 @@
---
- hosts: masters,workers
become: true
become_method: sudo
become_user: root
tasks:
- name: Update grub config to remove zram generation
ansible.builtin.shell:
cmd: grubby --update-kernel ALL --args='systemd.zram=0'
- name: Update grub config
ansible.builtin.shell:
cmd: grub2-mkconfig -o /boot/grub2/grub.cfg
- name: Reboot the system to get rid of the zram swap that's already been set up
ansible.builtin.reboot:
reboot_timeout: 900
- name: Set SELinux to Permissive
ansible.posix.selinux:
state: disabled
- name: Disable firewalld
ansible.builtin.service:
name: firewalld
enabled: false
state: stopped
- name: Install iptables components
ansible.builtin.yum:
name:
- iptables
- iproute-tc
state: present
- name: Add overlay modprobe module
community.general.modprobe:
name: overlay
persistent: present
state: present
- name: Add br_netfilter module
community.general.modprobe:
name: br_netfilter
persistent: present
state: present
- name: Create network settings configuration file
ansible.builtin.blockinfile:
path: "/etc/sysctl.d/99-kubernetes-cri.conf"
block: |
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
create: true
- name: Apply new sysctl settings
ansible.builtin.shell:
cmd: sysctl --system
changed_when: false
- name: Install cri-o and kubernetes
ansible.builtin.yum:
name:
- cri-o
- containernetworking-plugins
- kubernetes
- kubernetes-kubeadm
- kubernetes-client
state: present
- name: Enable and start cri-o
ansible.builtin.service:
name: crio
enabled: true
state: started
---
- hosts: masters,workers
become: true
become_method: sudo
become_user: root
tasks:
- name: Update grub config to remove zram generation
ansible.builtin.shell:
cmd: grubby --update-kernel ALL --args='systemd.zram=0'
- name: Update grub config
ansible.builtin.shell:
cmd: grub2-mkconfig -o /boot/grub2/grub.cfg
- name: Reboot the system to get rid of the zram swap that's already been set up
ansible.builtin.reboot:
reboot_timeout: 900
- name: Set SELinux to Permissive
ansible.posix.selinux:
state: disabled
- name: Disable firewalld
ansible.builtin.service:
name: firewalld
enabled: false
state: stopped
- name: Install iptables components
ansible.builtin.yum:
name:
- iptables
- iproute-tc
state: present
- name: Add overlay modprobe module
community.general.modprobe:
name: overlay
persistent: present
state: present
- name: Add br_netfilter module
community.general.modprobe:
name: br_netfilter
persistent: present
state: present
- name: Create network settings configuration file
ansible.builtin.blockinfile:
path: "/etc/sysctl.d/99-kubernetes-cri.conf"
block: |
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
create: true
- name: Apply new sysctl settings
ansible.builtin.shell:
cmd: sysctl --system
changed_when: false
- name: Install cri-o and kubernetes
ansible.builtin.yum:
name:
- cri-o
- containernetworking-plugins
- kubernetes
- kubernetes-kubeadm
- kubernetes-client
state: present
- name: Enable and start cri-o
ansible.builtin.service:
name: crio
enabled: true
state: started

62
playbooks/make_ansible_user.yml
View File

@ -1,31 +1,31 @@
---
- hosts: all
become: true
become_method: su
become_user: root
tasks:
- name: Create the ansible user
ansible.builtin.user:
name: ansible
append: true
state: present
createhome: true
shell: /bin/bash
- name: Make sure the sudoers dropin directory exists
ansible.builtin.file:
path: "/etc/sudoers.d"
state: directory
- name: Create a sudoers file for the ansible user
ansible.builtin.lineinfile:
path: "/etc/sudoers.d/50-ansible"
line: "ansible ALL=(ALL) NOPASSWD: ALL"
create: true
validate: "visudo -cf %s"
- name: Add authorized key for ansible user
ansible.builtin.authorized_key:
user: ansible
key: "{{ lookup('ansible.builtin.file', '/home/ansible/.ssh/id_rsa.pub') }}"
---
- hosts: all
become: true
become_method: su
become_user: root
tasks:
- name: Create the ansible user
ansible.builtin.user:
name: ansible
append: true
state: present
createhome: true
shell: /bin/bash
- name: Make sure the sudoers dropin directory exists
ansible.builtin.file:
path: "/etc/sudoers.d"
state: directory
- name: Create a sudoers file for the ansible user
ansible.builtin.lineinfile:
path: "/etc/sudoers.d/50-ansible"
line: "ansible ALL=(ALL) NOPASSWD: ALL"
create: true
validate: "visudo -cf %s"
- name: Add authorized key for ansible user
ansible.builtin.authorized_key:
user: ansible
key: "{{ lookup('ansible.builtin.file', '/home/ansible/.ssh/id_rsa.pub') }}"

32
playbooks/patch.yml
View File

@ -1,16 +1,16 @@
---
- hosts: all
become: true
become_method: sudo
become_user: root
tasks:
- name: Update all packages
ansible.builtin.yum:
name: "*"
state: latest
async: 3600
poll: 60
- name: Reboot Node
ansible.builtin.reboot:
reboot_timeout: 1800
---
- hosts: all
become: true
become_method: sudo
become_user: root
tasks:
- name: Update all packages
ansible.builtin.yum:
name: "*"
state: latest
async: 3600
poll: 60
- name: Reboot Node
ansible.builtin.reboot:
reboot_timeout: 1800

114
playbooks/podman_setup.yml
View File

@ -1,58 +1,58 @@
---
- hosts: podman_nodes
become: true
become_method: sudo
become_user: root
vars:
dev_device: "/dev/vdb"
vg_name: "vg_podman"
lv_name: "lv_containers"
containers_directory: "/var/lib/containers"
tasks:
- name: Setup container directory volume group
community.general.lvg:
vg: "{{ vg_name }}"
pvs: "{{ dev_device }}"
- name: Setup container directory logical volume
community.general.lvol:
vg: "{{ vg_name }}"
lv: "{{ lv_name }}"
size: 100%FREE
- name: Create xfs filesystem on lib_containers logical volume
community.general.filesystem:
fstype: xfs
dev: /dev/mapper/{{ vg_name }}-{{ lv_name }}
- name: Create the containers directory
ansible.builtin.file:
path: "{{ containers_directory }}"
state: directory
mode: '0755'
- name: Setup containers directory mount
ansible.posix.mount:
path: "{{ containers_directory }}"
src: "/dev/mapper/{{ vg_name }}-{{ lv_name }}"
fstype: xfs
state: mounted
- name: Install podman and components
ansible.builtin.yum:
name:
- podman
- passt
- shadow-utils
state: latest
async: 1200
poll: 60
- name: Force reinstall container-selinux
ansible.builtin.yum:
name: container-selinux
state: reinstall
async: 1200
poll: 60
---
- hosts: podman_nodes
become: true
become_method: sudo
become_user: root
vars:
dev_device: "/dev/vdb"
vg_name: "vg_podman"
lv_name: "lv_containers"
containers_directory: "/var/lib/containers"
tasks:
- name: Setup container directory volume group
community.general.lvg:
vg: "{{ vg_name }}"
pvs: "{{ dev_device }}"
- name: Setup container directory logical volume
community.general.lvol:
vg: "{{ vg_name }}"
lv: "{{ lv_name }}"
size: 100%FREE
- name: Create xfs filesystem on lib_containers logical volume
community.general.filesystem:
fstype: xfs
dev: /dev/mapper/{{ vg_name }}-{{ lv_name }}
- name: Create the containers directory
ansible.builtin.file:
path: "{{ containers_directory }}"
state: directory
mode: '0755'
- name: Setup containers directory mount
ansible.posix.mount:
path: "{{ containers_directory }}"
src: "/dev/mapper/{{ vg_name }}-{{ lv_name }}"
fstype: xfs
state: mounted
- name: Install podman and components
ansible.builtin.yum:
name:
- podman
- passt
- shadow-utils
state: latest
async: 1200
poll: 60
- name: Force reinstall container-selinux
ansible.builtin.yum:
name: container-selinux
state: reinstall
async: 1200
poll: 60

230
playbooks/rocky_configure_node_for_k8s.yml
View File

@ -1,116 +1,116 @@
---
- hosts: masters,workers
become: yes
become_method: sudo
become_user: root
tasks:
- name: Add overlay modprobe module
community.general.modprobe:
name: overlay
persistent: present
state: present
- name: Add br_netfilter module
community.general.modprobe:
name: br_netfilter
persistent: present
state: present
- name: Set SELinux to Permissive
ansible.posix.selinux:
state: permissive
- name: Set firewalld configuration | Master Nodes
ansible.posix.firewalld:
port: "{{ item }}"
permanent: true
state: enabled
loop:
- "6443/tcp"
- "2379-2380/tcp"
- "10250/tcp"
- "10251/tcp"
- "10259/tcp"
- "10257/tcp"
- "179/tcp"
- "4789/udp"
when: master | default(false)
- name: Set firewalld configuration | Worker Nodes
ansible.posix.firewalld:
port: "{{ item }}"
permanent: true
state: enabled
loop:
- "179/tcp"
- "10250/tcp"
- "30000-32767/tcp"
- "4789/udp"
when: worker | default(false)
- name: Create network settings configuration file
ansible.builtin.blockinfile:
path: "/etc/sysctl.d/99-kubernetes-cri.conf"
block: |
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
create: true
- name: Apply new sysctl settings
ansible.builtin.shell:
cmd: sysctl --system
changed_when: false
- name: Add docker repo
ansible.builtin.shell:
cmd: dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
changed_when: false
- name: Install containerd
ansible.builtin.yum:
name: containerd.io
state: present
- name: Build default containerd config
ansible.builtin.shell:
cmd: set -o pipefail && mkdir -p /etc/containerd && containerd config default | tee /etc/containerd/config.toml
changed_when: false
- name: Restart containerd
ansible.builtin.service:
name: containerd
state: restarted
enabled: true
- name: Create Kubernetes repo
ansible.builtin.blockinfile:
path: "/etc/yum.repos.d/kubernetes.repo"
create: true
block: |
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.31/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.31/rpm/repodata/repomd.xml.key
exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
- name: Install Kubernetes components
ansible.builtin.yum:
name:
- kubelet
- kubeadm
- kubectl
state: present
disable_excludes: all
- name: Disable running swap
ansible.builtin.shell:
cmd: swapoff -a
changed_when: false
- name: Disable swap in fstab
ansible.builtin.shell:
cmd: sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
---
- hosts: masters,workers
become: yes
become_method: sudo
become_user: root
tasks:
- name: Add overlay modprobe module
community.general.modprobe:
name: overlay
persistent: present
state: present
- name: Add br_netfilter module
community.general.modprobe:
name: br_netfilter
persistent: present
state: present
- name: Set SELinux to Permissive
ansible.posix.selinux:
state: permissive
- name: Set firewalld configuration | Master Nodes
ansible.posix.firewalld:
port: "{{ item }}"
permanent: true
state: enabled
loop:
- "6443/tcp"
- "2379-2380/tcp"
- "10250/tcp"
- "10251/tcp"
- "10259/tcp"
- "10257/tcp"
- "179/tcp"
- "4789/udp"
when: master | default(false)
- name: Set firewalld configuration | Worker Nodes
ansible.posix.firewalld:
port: "{{ item }}"
permanent: true
state: enabled
loop:
- "179/tcp"
- "10250/tcp"
- "30000-32767/tcp"
- "4789/udp"
when: worker | default(false)
- name: Create network settings configuration file
ansible.builtin.blockinfile:
path: "/etc/sysctl.d/99-kubernetes-cri.conf"
block: |
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
create: true
- name: Apply new sysctl settings
ansible.builtin.shell:
cmd: sysctl --system
changed_when: false
- name: Add docker repo
ansible.builtin.shell:
cmd: dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
changed_when: false
- name: Install containerd
ansible.builtin.yum:
name: containerd.io
state: present
- name: Build default containerd config
ansible.builtin.shell:
cmd: set -o pipefail && mkdir -p /etc/containerd && containerd config default | tee /etc/containerd/config.toml
changed_when: false
- name: Restart containerd
ansible.builtin.service:
name: containerd
state: restarted
enabled: true
- name: Create Kubernetes repo
ansible.builtin.blockinfile:
path: "/etc/yum.repos.d/kubernetes.repo"
create: true
block: |
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.31/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.31/rpm/repodata/repomd.xml.key
exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
- name: Install Kubernetes components
ansible.builtin.yum:
name:
- kubelet
- kubeadm
- kubectl
state: present
disable_excludes: all
- name: Disable running swap
ansible.builtin.shell:
cmd: swapoff -a
changed_when: false
- name: Disable swap in fstab
ansible.builtin.shell:
cmd: sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
changed_when: false