Bradley/Random_Ansible_Stuff
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

moving some things around

Browse Source
This commit is contained in:
Bradley Bickford 2024-11-11 11:00:31 -05:00
parent 85531c0c0b
commit b579aa2f1f
10 changed files with 484 additions and 484 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.vscode/settings.json vendored
View File

@ -1,3 +1,3 @@
{ {
"ansible.python.interpreterPath": "c:\\Program Files\\Python312\\python.exe" "ansible.python.interpreterPath": "c:\\Program Files\\Python312\\python.exe"
} }

4
ansible.cfg
View File

@ -1,2 +1,2 @@
[defaults] [defaults]
host_key_checking = false host_key_checking = false

26
inventories/core_infrastructure
View File

@ -1,13 +1,13 @@
[ansible_nodes] [ansible_nodes]
blacktide ansible_host=192.168.3.2 connection=local blacktide ansible_host=192.168.3.2 connection=local
[podman_nodes] [podman_nodes]
arcade ansible_host=10.20.24.3 arcade ansible_host=10.20.24.3
beachpolice ansible_host=10.42.0.3 beachpolice ansible_host=10.42.0.3
bulletinboard ansible_host=10.26.48.3 bulletinboard ansible_host=10.26.48.3
lifeguard ansible_host=172.16.132.4 lifeguard ansible_host=172.16.132.4
beachsidelibrary ansible_host=10.12.34.3 beachsidelibrary ansible_host=10.12.34.3
[pfsense_nodes] [pfsense_nodes]
openocean ansible_host=172.16.132.2 openocean ansible_host=172.16.132.2
boardwalk ansible_host=10.77.7.2 boardwalk ansible_host=10.77.7.2

18
inventories/kubernetes
View File

@ -1,9 +1,9 @@
[masters] [masters]
kubemaster ansible_host=10.20.24.4 master=true kubemaster ansible_host=10.20.24.4 master=true
[workers] [workers]
kubeworker1 ansible_host=10.20.24.5 worker=true kubeworker1 ansible_host=10.20.24.5 worker=true
kubeworker2 ansible_host=10.20.24.6 worker=true kubeworker2 ansible_host=10.20.24.6 worker=true
[ansible_nodes] [ansible_nodes]
ansible ansible_host=10.20.24.3 connection=local ansible ansible_host=10.20.24.3 connection=local

326
playbooks/quadlets/database.yml → playbooks/IaC_database.yml
View File

@ -1,164 +1,164 @@
--- ---
- hosts: beachsidelibrary - hosts: beachsidelibrary
become: true become: true
become_method: sudo become_method: sudo
become_user: root become_user: root
vars: vars:
postgres_device: "/dev/vdc" postgres_device: "/dev/vdc"
postgres_vg_name: "vg_postgres" postgres_vg_name: "vg_postgres"
postgres_lv_name: "lv_pgdata" postgres_lv_name: "lv_pgdata"
postgres_data_directory: "/pgdata" postgres_data_directory: "/pgdata"
mysql_device: "/dev/vdd" mysql_device: "/dev/vdd"
mysql_vg_name: "vg_mysql" mysql_vg_name: "vg_mysql"
mysql_lv_name: "lv_mysql_data" mysql_lv_name: "lv_mysql_data"
mysql_data_directory: "/mysql_data" mysql_data_directory: "/mysql_data"
vars_prompt: vars_prompt:
- name: psql_password - name: psql_password
prompt: "Enter psql Password: " prompt: "Enter psql Password: "
private: true private: true
encrypt: sha512_crypt encrypt: sha512_crypt
confirm: true confirm: true
salt_size: 7 salt_size: 7
- name: mysql_password - name: mysql_password
prompt: "Enter mysql Password: " prompt: "Enter mysql Password: "
private: true private: true
encrypt: sha512_crypt encrypt: sha512_crypt
confirm: true confirm: true
salt_size: 7 salt_size: 7
tasks: tasks:
- name: Create psql user - name: Create psql user
ansible.builtin.user: ansible.builtin.user:
name: psql name: psql
password: "{{ psql_password }}" password: "{{ psql_password }}"
comment: "Podman user for Postgresql Database" comment: "Podman user for Postgresql Database"
uid: 2000 uid: 2000
- name: Build /pgdata mount - name: Build /pgdata mount
ansible.builtin.import_role: ansible.builtin.import_role:
name: make_lvm_mount name: make_lvm_mount
vars: vars:
device_name: "{{ postgres_device }}" device_name: "{{ postgres_device }}"
vg_name: "{{ postgres_vg_name }}" vg_name: "{{ postgres_vg_name }}"
lvs: lvs:
- lv_name: "{{ postgres_lv_name }}" - lv_name: "{{ postgres_lv_name }}"
lv_size: "100%FREE" lv_size: "100%FREE"
directories: directories:
- name: "{{ postgres_data_directory }}" - name: "{{ postgres_data_directory }}"
owner: psql owner: psql
group: psql group: psql
mode: "0755" mode: "0755"
lv: "{{ postgres_lv_name }}" lv: "{{ postgres_lv_name }}"
- name: Create mysql user - name: Create mysql user
ansible.builtin.user: ansible.builtin.user:
name: mysql name: mysql
password: "{{ mysql_password }}" password: "{{ mysql_password }}"
comment: "Podman user for MySQL Database" comment: "Podman user for MySQL Database"
uid: 2001 uid: 2001
- name: Build /mysql_data mount - name: Build /mysql_data mount
ansible.builtin.import_role: ansible.builtin.import_role:
name: make_lvm_mount name: make_lvm_mount
vars: vars:
device_name: "{{ mysql_device }}" device_name: "{{ mysql_device }}"
vg_name: "{{ mysql_vg_name }}" vg_name: "{{ mysql_vg_name }}"
lvs: lvs:
- lv_name: "{{ mysql_lv_name }}" - lv_name: "{{ mysql_lv_name }}"
lv_size: "100%FREE" lv_size: "100%FREE"
directories: directories:
- name: "{{ mysql_data_directory }}" - name: "{{ mysql_data_directory }}"
owner: mysql owner: mysql
group: mysql group: mysql
mode: "0755" mode: "0755"
lv: "{{ mysql_lv_name }}" lv: "{{ mysql_lv_name }}"
- name: Write subuid user entry for psql - name: Write subuid user entry for psql
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/subuid path: /etc/subuid
line: "psql:100000:2000" line: "psql:100000:2000"
insertafter: EOF insertafter: EOF
create: true create: true
state: present state: present
- name: Write subuid user entry for mysql - name: Write subuid user entry for mysql
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/subuid path: /etc/subuid
line: "mysql:102000:2000" line: "mysql:102000:2000"
insertafter: EOF insertafter: EOF
create: true create: true
state: present state: present
- name: Write subgid group entry for psql - name: Write subgid group entry for psql
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/subgid path: /etc/subgid
line: "psql:100000:2000" line: "psql:100000:2000"
insertafter: EOF insertafter: EOF
create: true create: true
state: present state: present
- name: Write subgid group entry for mysql - name: Write subgid group entry for mysql
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/subgid path: /etc/subgid
line: "mysql:102000:2000" line: "mysql:102000:2000"
insertafter: EOF insertafter: EOF
create: true create: true
state: present state: present
- name: Configure firewalld for postgres - name: Configure firewalld for postgres
ansible.posix.firewalld: ansible.posix.firewalld:
service: postgresql service: postgresql
state: enabled state: enabled
permanent: true permanent: true
immediate: true immediate: true
- name: Configure firewalld for mysql - name: Configure firewalld for mysql
ansible.posix.firewalld: ansible.posix.firewalld:
service: mysql service: mysql
state: enabled state: enabled
permanent: true permanent: true
immediate: true immediate: true
- name: Build postgres quadlet - name: Build postgres quadlet
containers.podman.podman_container: containers.podman.podman_container:
name: postgres name: postgres
image: "postgres:latest" image: "postgres:latest"
state: quadlet state: quadlet
quadlet_filename: "postgres-quadlet" quadlet_filename: "postgres-quadlet"
quadlet_file_mode: "0640" quadlet_file_mode: "0640"
user: "psql" user: "psql"
ports: ports:
- "5432:5432" - "5432:5432"
volumes: volumes:
- "{{ postgres_data_directory }}:/var/lib/postgresql/data" - "{{ postgres_data_directory }}:/var/lib/postgresql/data"
quadlet_options: quadlet_options:
- "AutoUpdate=registry" - "AutoUpdate=registry"
- "Pull=newer" - "Pull=newer"
- "" - ""
- | - |
[Install] [Install]
WantedBy=default.target WantedBy=default.target
env: env:
- POSTGRES_PASSWORD: "{{ psql_password }}" - POSTGRES_PASSWORD: "{{ psql_password }}"
- name: Build mysql quadlet - name: Build mysql quadlet
containers.podman.podman_container: containers.podman.podman_container:
name: mysql name: mysql
image: "mysql:latest" image: "mysql:latest"
state: quadlet state: quadlet
quadlet_filename: "mysql-quadlet" quadlet_filename: "mysql-quadlet"
quadlet_file_mode: "0640" quadlet_file_mode: "0640"
user: "mysql" user: "mysql"
ports: ports:
- "3306:3306" - "3306:3306"
volumes: volumes:
- "{{ mysql_data_directory }}:/var/lib/mysql" - "{{ mysql_data_directory }}:/var/lib/mysql"
quadlet_options: quadlet_options:
- "AutoUpdate=registry" - "AutoUpdate=registry"
- "Pull=newer" - "Pull=newer"
- "" - ""
- | - |
[Install] [Install]
WantedBy=default.target WantedBy=default.target
env: env:
- MYSQL_ROOT_PASSWORD: "{{ psql_password }}" - MYSQL_ROOT_PASSWORD: "{{ psql_password }}"

152
playbooks/fedora_configure_node_for_k8s.yml
View File

@ -1,76 +1,76 @@
--- ---
- hosts: masters,workers - hosts: masters,workers
become: true become: true
become_method: sudo become_method: sudo
become_user: root become_user: root
tasks: tasks:
- name: Update grub config to remove zram generation - name: Update grub config to remove zram generation
ansible.builtin.shell: ansible.builtin.shell:
cmd: grubby --update-kernel ALL --args='systemd.zram=0' cmd: grubby --update-kernel ALL --args='systemd.zram=0'
- name: Update grub config - name: Update grub config
ansible.builtin.shell: ansible.builtin.shell:
cmd: grub2-mkconfig -o /boot/grub2/grub.cfg cmd: grub2-mkconfig -o /boot/grub2/grub.cfg
- name: Reboot the system to get rid of the zram swap that's already been set up - name: Reboot the system to get rid of the zram swap that's already been set up
ansible.builtin.reboot: ansible.builtin.reboot:
reboot_timeout: 900 reboot_timeout: 900
- name: Set SELinux to Permissive - name: Set SELinux to Permissive
ansible.posix.selinux: ansible.posix.selinux:
state: disabled state: disabled
- name: Disable firewalld - name: Disable firewalld
ansible.builtin.service: ansible.builtin.service:
name: firewalld name: firewalld
enabled: false enabled: false
state: stopped state: stopped
- name: Install iptables components - name: Install iptables components
ansible.builtin.yum: ansible.builtin.yum:
name: name:
- iptables - iptables
- iproute-tc - iproute-tc
state: present state: present
- name: Add overlay modprobe module - name: Add overlay modprobe module
community.general.modprobe: community.general.modprobe:
name: overlay name: overlay
persistent: present persistent: present
state: present state: present
- name: Add br_netfilter module - name: Add br_netfilter module
community.general.modprobe: community.general.modprobe:
name: br_netfilter name: br_netfilter
persistent: present persistent: present
state: present state: present
- name: Create network settings configuration file - name: Create network settings configuration file
ansible.builtin.blockinfile: ansible.builtin.blockinfile:
path: "/etc/sysctl.d/99-kubernetes-cri.conf" path: "/etc/sysctl.d/99-kubernetes-cri.conf"
block: | block: |
net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1 net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-ip6tables = 1
create: true create: true
- name: Apply new sysctl settings - name: Apply new sysctl settings
ansible.builtin.shell: ansible.builtin.shell:
cmd: sysctl --system cmd: sysctl --system
changed_when: false changed_when: false
- name: Install cri-o and kubernetes - name: Install cri-o and kubernetes
ansible.builtin.yum: ansible.builtin.yum:
name: name:
- cri-o - cri-o
- containernetworking-plugins - containernetworking-plugins
- kubernetes - kubernetes
- kubernetes-kubeadm - kubernetes-kubeadm
- kubernetes-client - kubernetes-client
state: present state: present
- name: Enable and start cri-o - name: Enable and start cri-o
ansible.builtin.service: ansible.builtin.service:
name: crio name: crio
enabled: true enabled: true
state: started state: started

62
playbooks/make_ansible_user.yml
View File

@ -1,31 +1,31 @@
--- ---
- hosts: all - hosts: all
become: true become: true
become_method: su become_method: su
become_user: root become_user: root
tasks: tasks:
- name: Create the ansible user - name: Create the ansible user
ansible.builtin.user: ansible.builtin.user:
name: ansible name: ansible
append: true append: true
state: present state: present
createhome: true createhome: true
shell: /bin/bash shell: /bin/bash
- name: Make sure the sudoers dropin directory exists - name: Make sure the sudoers dropin directory exists
ansible.builtin.file: ansible.builtin.file:
path: "/etc/sudoers.d" path: "/etc/sudoers.d"
state: directory state: directory
- name: Create a sudoers file for the ansible user - name: Create a sudoers file for the ansible user
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: "/etc/sudoers.d/50-ansible" path: "/etc/sudoers.d/50-ansible"
line: "ansible ALL=(ALL) NOPASSWD: ALL" line: "ansible ALL=(ALL) NOPASSWD: ALL"
create: true create: true
validate: "visudo -cf %s" validate: "visudo -cf %s"
- name: Add authorized key for ansible user - name: Add authorized key for ansible user
ansible.builtin.authorized_key: ansible.builtin.authorized_key:
user: ansible user: ansible
key: "{{ lookup('ansible.builtin.file', '/home/ansible/.ssh/id_rsa.pub') }}" key: "{{ lookup('ansible.builtin.file', '/home/ansible/.ssh/id_rsa.pub') }}"

32
playbooks/patch.yml
View File

@ -1,16 +1,16 @@
--- ---
- hosts: all - hosts: all
become: true become: true
become_method: sudo become_method: sudo
become_user: root become_user: root
tasks: tasks:
- name: Update all packages - name: Update all packages
ansible.builtin.yum: ansible.builtin.yum:
name: "*" name: "*"
state: latest state: latest
async: 3600 async: 3600
poll: 60 poll: 60
- name: Reboot Node - name: Reboot Node
ansible.builtin.reboot: ansible.builtin.reboot:
reboot_timeout: 1800 reboot_timeout: 1800

114
playbooks/podman_setup.yml
View File

@ -1,58 +1,58 @@
--- ---
- hosts: podman_nodes - hosts: podman_nodes
become: true become: true
become_method: sudo become_method: sudo
become_user: root become_user: root
vars: vars:
dev_device: "/dev/vdb" dev_device: "/dev/vdb"
vg_name: "vg_podman" vg_name: "vg_podman"
lv_name: "lv_containers" lv_name: "lv_containers"
containers_directory: "/var/lib/containers" containers_directory: "/var/lib/containers"
tasks: tasks:
- name: Setup container directory volume group - name: Setup container directory volume group
community.general.lvg: community.general.lvg:
vg: "{{ vg_name }}" vg: "{{ vg_name }}"
pvs: "{{ dev_device }}" pvs: "{{ dev_device }}"
- name: Setup container directory logical volume - name: Setup container directory logical volume
community.general.lvol: community.general.lvol:
vg: "{{ vg_name }}" vg: "{{ vg_name }}"
lv: "{{ lv_name }}" lv: "{{ lv_name }}"
size: 100%FREE size: 100%FREE
- name: Create xfs filesystem on lib_containers logical volume - name: Create xfs filesystem on lib_containers logical volume
community.general.filesystem: community.general.filesystem:
fstype: xfs fstype: xfs
dev: /dev/mapper/{{ vg_name }}-{{ lv_name }} dev: /dev/mapper/{{ vg_name }}-{{ lv_name }}
- name: Create the containers directory - name: Create the containers directory
ansible.builtin.file: ansible.builtin.file:
path: "{{ containers_directory }}" path: "{{ containers_directory }}"
state: directory state: directory
mode: '0755' mode: '0755'
- name: Setup containers directory mount - name: Setup containers directory mount
ansible.posix.mount: ansible.posix.mount:
path: "{{ containers_directory }}" path: "{{ containers_directory }}"
src: "/dev/mapper/{{ vg_name }}-{{ lv_name }}" src: "/dev/mapper/{{ vg_name }}-{{ lv_name }}"
fstype: xfs fstype: xfs
state: mounted state: mounted
- name: Install podman and components - name: Install podman and components
ansible.builtin.yum: ansible.builtin.yum:
name: name:
- podman - podman
- passt - passt
- shadow-utils - shadow-utils
state: latest state: latest
async: 1200 async: 1200
poll: 60 poll: 60
- name: Force reinstall container-selinux - name: Force reinstall container-selinux
ansible.builtin.yum: ansible.builtin.yum:
name: container-selinux name: container-selinux
state: reinstall state: reinstall
async: 1200 async: 1200
poll: 60 poll: 60

230
playbooks/rocky_configure_node_for_k8s.yml
View File

@ -1,116 +1,116 @@
--- ---
- hosts: masters,workers - hosts: masters,workers
become: yes become: yes
become_method: sudo become_method: sudo
become_user: root become_user: root
tasks: tasks:
- name: Add overlay modprobe module - name: Add overlay modprobe module
community.general.modprobe: community.general.modprobe:
name: overlay name: overlay
persistent: present persistent: present
state: present state: present
- name: Add br_netfilter module - name: Add br_netfilter module
community.general.modprobe: community.general.modprobe:
name: br_netfilter name: br_netfilter
persistent: present persistent: present
state: present state: present
- name: Set SELinux to Permissive - name: Set SELinux to Permissive
ansible.posix.selinux: ansible.posix.selinux:
state: permissive state: permissive
- name: Set firewalld configuration | Master Nodes - name: Set firewalld configuration | Master Nodes
ansible.posix.firewalld: ansible.posix.firewalld:
port: "{{ item }}" port: "{{ item }}"
permanent: true permanent: true
state: enabled state: enabled
loop: loop:
- "6443/tcp" - "6443/tcp"
- "2379-2380/tcp" - "2379-2380/tcp"
- "10250/tcp" - "10250/tcp"
- "10251/tcp" - "10251/tcp"
- "10259/tcp" - "10259/tcp"
- "10257/tcp" - "10257/tcp"
- "179/tcp" - "179/tcp"
- "4789/udp" - "4789/udp"
when: master | default(false) when: master | default(false)
- name: Set firewalld configuration | Worker Nodes - name: Set firewalld configuration | Worker Nodes
ansible.posix.firewalld: ansible.posix.firewalld:
port: "{{ item }}" port: "{{ item }}"
permanent: true permanent: true
state: enabled state: enabled
loop: loop:
- "179/tcp" - "179/tcp"
- "10250/tcp" - "10250/tcp"
- "30000-32767/tcp" - "30000-32767/tcp"
- "4789/udp" - "4789/udp"
when: worker | default(false) when: worker | default(false)
- name: Create network settings configuration file - name: Create network settings configuration file
ansible.builtin.blockinfile: ansible.builtin.blockinfile:
path: "/etc/sysctl.d/99-kubernetes-cri.conf" path: "/etc/sysctl.d/99-kubernetes-cri.conf"
block: | block: |
net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1 net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-ip6tables = 1
create: true create: true
- name: Apply new sysctl settings - name: Apply new sysctl settings
ansible.builtin.shell: ansible.builtin.shell:
cmd: sysctl --system cmd: sysctl --system
changed_when: false changed_when: false
- name: Add docker repo - name: Add docker repo
ansible.builtin.shell: ansible.builtin.shell:
cmd: dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo cmd: dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
changed_when: false changed_when: false
- name: Install containerd - name: Install containerd
ansible.builtin.yum: ansible.builtin.yum:
name: containerd.io name: containerd.io
state: present state: present
- name: Build default containerd config - name: Build default containerd config
ansible.builtin.shell: ansible.builtin.shell:
cmd: set -o pipefail && mkdir -p /etc/containerd && containerd config default | tee /etc/containerd/config.toml cmd: set -o pipefail && mkdir -p /etc/containerd && containerd config default | tee /etc/containerd/config.toml
changed_when: false changed_when: false
- name: Restart containerd - name: Restart containerd
ansible.builtin.service: ansible.builtin.service:
name: containerd name: containerd
state: restarted state: restarted
enabled: true enabled: true
- name: Create Kubernetes repo - name: Create Kubernetes repo
ansible.builtin.blockinfile: ansible.builtin.blockinfile:
path: "/etc/yum.repos.d/kubernetes.repo" path: "/etc/yum.repos.d/kubernetes.repo"
create: true create: true
block: | block: |
[kubernetes] [kubernetes]
name=Kubernetes name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.31/rpm/ baseurl=https://pkgs.k8s.io/core:/stable:/v1.31/rpm/
enabled=1 enabled=1
gpgcheck=1 gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.31/rpm/repodata/repomd.xml.key gpgkey=https://pkgs.k8s.io/core:/stable:/v1.31/rpm/repodata/repomd.xml.key
exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
- name: Install Kubernetes components - name: Install Kubernetes components
ansible.builtin.yum: ansible.builtin.yum:
name: name:
- kubelet - kubelet
- kubeadm - kubeadm
- kubectl - kubectl
state: present state: present
disable_excludes: all disable_excludes: all
- name: Disable running swap - name: Disable running swap
ansible.builtin.shell: ansible.builtin.shell:
cmd: swapoff -a cmd: swapoff -a
changed_when: false changed_when: false
- name: Disable swap in fstab - name: Disable swap in fstab
ansible.builtin.shell: ansible.builtin.shell:
cmd: sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab cmd: sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
changed_when: false changed_when: false