tudattr/ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

wip

Browse Source 
Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
This commit is contained in:
Tuan-Dat Tran
2025-06-07 00:16:54 +02:00
parent 6ff1ccecd0
commit 02168225b1
11 changed files with 187 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
.ansible-lint Normal file
View File

@@ -0,0 +1,31 @@
---
# .ansible-lint
# Specify exclude paths to prevent linting vendor roles, etc.
exclude_paths:
- ./.git/
- ./.venv/
- ./galaxy_roles/
# A list of rules to skip. This is a more modern and readable alternative to 'skip_list'.
skip_list:
- experimental
- fqcn-builtins
- no-handler
- var-naming
# Enforce certain rules that are not enabled by default.
enable_list:
- no-free-form
- var-spacing
- no-log-password
- no-relative-path
- command-instead-of-module
- fqcn[deep]
- no-changed-when
# Offline mode disables any features that require internet access.
offline: true
# Set the desired verbosity level.
verbosity: 1

17
.editorconfig Normal file
View File

@@ -0,0 +1,17 @@
root = true
[*]
indent_style = space
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true
[*.{yml,yaml}]
indent_size = 2
[*.py]
indent_size = 4
[*.md]
trim_trailing_whitespace = false

35
group_vars/proxmox/secrets_vm.yml
View File

@@ -1,17 +1,20 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
66386330343432366236303530313838613830376162613265346533336232393838323136306433 34363461373039313430373835363633343139303333353934393762383338396664616636653331
6631643363643761313164376132386433623137386539360a333263393236616432616439613733 6534613666613761663665323033383838663363376561620a636533303235393139653161643130
33653832333534333563623164616164663034303331373135633665636230333035373262656338 66316231383734343837656364643533633863613761633262653264663565303361323730613937
3038383463366466640a666264653332616637616661376666303331353333383833323538633666 3935386538643939660a386134643831386261323363326439663263376439353966346632333366
30656266353439366461636162336266356433336438393134326166343934353933633131343163 33653736343263663961333033336563656265303166383032326338343038653961383862363339
61643233616166316236636333633136353830626265343834333937353361363962656463656538 35343362306237656130653039366464643565663439636432316362316238613730313366303964
32336435643531613936343136663632386564373764306333323262306432626237323434336333 30666536373634613236353634363333316534626234386666633861663065343063666236386631
35323365326432616563663936623630386436336364323530613137636434653138383539623166 36366238353635333339643163336166353262386234376435313136643937663961373663303565
32326436643861366536393937343863653032336334333739653434346263393364666565316563 34306637656537666231373931363963646238343664323633306361336661303830396465663231
63353634313033316265666235366339653366363031343230313035336535643361616233646535 33663531613437333730653765666361623462666237396531313833336461373439373264613266
65396162326230656162313535646539663830646637623939613365363534663434343532653465 62633132343036386131646539386266313162653263663137303866363432626135383865343565
31613066353565626137363232386263666134613335656333616565643339386231646664343134 66393838663038353263633437653563346331356539333563396465663664623065623735626630
36333765366632386133313835306332646565353238633233613237343330316564343437313963 35333630623830623530663266343235643136623735643335373932303262323761626537643266
61636662353936323237393831326138363263306130633461323437616430323234646666313935 36383132303366633238356161616539343335656665356430656236633031383938616263633866
32643466323064623630363962316438386232333238633839613035643933633263663161316563 39306461626363336162396634616133306566353835343035356338616636346538303933626365
63616638313534643632 62363035613931353837313762383230313337326639616263393965386639666164666531343064
66653536626439366430356266393761646135646534616139633733663830643534333832663764
34623837323864613935626639613961343965323664326661336135653634346239346261343935
616232353632663332373138313962616433

15
group_vars/proxmox/vms.yml
View File

@@ -6,7 +6,7 @@ vms:
memory: 4096 # in MiB memory: 4096 # in MiB
net: net:
net0: "virtio,bridge=vmbr0,firewall=1" net0: "virtio,bridge=vmbr0,firewall=1"
boot_image: "{{ proxmox_cloud_init_images.ubuntu.name }}" boot_image: "{{ proxmox_cloud_init_images.debian.name }}"
ciuser: "{{ user }}" ciuser: "{{ user }}"
sshkeys: "{{ pubkey }}" sshkeys: "{{ pubkey }}"
disk_size: 128 # in Gb disk_size: 128 # in Gb
@@ -21,13 +21,24 @@ vms:
ciuser: "{{ user }}" ciuser: "{{ user }}"
sshkeys: "{{ pubkey }}" sshkeys: "{{ pubkey }}"
disk_size: 128 # in Gb disk_size: 128 # in Gb
- name: "docker-host13"
node: "lulu"
vmid: 413
cores: 2
memory: 4096 # in MiB
net:
net0: "virtio,bridge=vmbr0,firewall=1"
boot_image: "{{ proxmox_cloud_init_images.debian.name }}"
ciuser: "{{ user }}"
sshkeys: "{{ pubkey }}"
disk_size: 128 # in Gb
hostpci: hostpci:
hostpci0: "0000:00:02.0" hostpci0: "0000:00:02.0"
- name: "docker-host12" - name: "docker-host12"
node: "naruto01" node: "naruto01"
vmid: 412 vmid: 412
cores: 2 cores: 2
memory: 4096 # in MiB memory: 4096
net: net:
net0: "virtio,bridge=vmbr0,firewall=1" net0: "virtio,bridge=vmbr0,firewall=1"
boot_image: "{{ proxmox_cloud_init_images.ubuntu.name }}" boot_image: "{{ proxmox_cloud_init_images.ubuntu.name }}"

12
production.ini
View File

@@ -23,7 +23,7 @@ k3s-loadbalancer
k3s-agent[00:02] k3s-agent[00:02]
k3s-server[00:02] k3s-server[00:02]
k3s-longhorn[00:02] k3s-longhorn[00:02]
docker-host[00:01] # docker-host[00:01]
[k3s_nodes] [k3s_nodes]
k3s-server[00:02] k3s-server[00:02]
@@ -31,9 +31,9 @@ k3s-agent[00:02]
k3s-longhorn[00:02] k3s-longhorn[00:02]
[docker] [docker]
docker-host[00:01] # docker-host[00:01]
docker-host[10:12] docker-host14
docker-lb # docker-lb
[vps] [vps]
mii mii
@@ -54,8 +54,8 @@ k3s-postgres
k3s-loadbalancer k3s-loadbalancer
[docker_host] [docker_host]
docker-host[00:01] # docker-host[00:01]
docker-host[10:12] docker-host14
[docker_lb] [docker_lb]
docker-lb docker-lb

2
roles/docker_host/handlers/main.yml
View File

@@ -11,9 +11,11 @@
state: present state: present
retries: 3 retries: 3
delay: 5 delay: 5
become: true
- name: Restart host - name: Restart host
ansible.builtin.reboot: ansible.builtin.reboot:
connect_timeout: 5 connect_timeout: 5
reboot_timeout: 600 reboot_timeout: 600
test_command: whoami test_command: whoami
become: true

45
roles/docker_host/tasks/10_setup.yml
View File

@@ -1,4 +1,25 @@
--- ---
- name: Check if debian.sources file exists
ansible.builtin.stat:
path: /etc/apt/sources.list.d/debian.sources
register: debian_sources_stat
- name: Replace Components line to include non-free and non-free-firmware
ansible.builtin.replace:
path: /etc/apt/sources.list.d/debian.sources
regexp: "^Components:.*$"
replace: "Components: main non-free non-free-firmware"
when: debian_sources_stat.stat.exists
become: true
- name: "Wait for apt/dpkg locks to be released"
ansible.builtin.wait_for:
path: "{{ item }}"
state: absent
timeout: 300
delay: 5
loop: "{{ apt_lock_files }}"
- name: Setup VM Packages - name: Setup VM Packages
ansible.builtin.apt: ansible.builtin.apt:
name: "{{ item }}" name: "{{ item }}"
@@ -6,3 +27,27 @@
update_cache: true update_cache: true
loop: "{{ docker_host_package_common_dependencies }}" loop: "{{ docker_host_package_common_dependencies }}"
become: true become: true
- name: Gather installed package facts
ansible.builtin.package_facts:
manager: auto
- name: Filter for specific cloud kernel packages
ansible.builtin.set_fact:
cloud_kernel_packages: >-
{{
ansible_facts.packages.keys()
| select('search', 'linux-image')
| select('search', 'cloud')
| list
}}
- name: Use the list to remove the found packages
ansible.builtin.apt:
name: "{{ cloud_kernel_packages }}"
state: absent
autoremove: true
when: cloud_kernel_packages | length > 0
notify:
- Restart host
become: true

1
roles/docker_host/tasks/main.yml
View File

@@ -1,7 +1,6 @@
--- ---
- name: Setup VM - name: Setup VM
ansible.builtin.include_tasks: 10_setup.yml ansible.builtin.include_tasks: 10_setup.yml
- name: Install docker - name: Install docker
ansible.builtin.include_tasks: 20_installation.yml ansible.builtin.include_tasks: 20_installation.yml

7
roles/docker_host/vars/main.yml
View File

@@ -1,2 +1,9 @@
docker_host_package_common_dependencies: docker_host_package_common_dependencies:
- nfs-common - nfs-common
- firmware-misc-nonfree
- linux-image-amd64
apt_lock_files:
- /var/lib/dpkg/lock
- /var/lib/dpkg/lock-frontend
- /var/cache/apt/archives/lock

16
roles/proxmox/tasks/42_download_isos.yml
View File

@@ -10,3 +10,19 @@
dest: "{{ proxmox_dirs.isos }}/{{ distro.name }}" dest: "{{ proxmox_dirs.isos }}/{{ distro.name }}"
mode: "0644" mode: "0644"
when: not image_stat.stat.exists when: not image_stat.stat.exists
- name: Set raw image file name fact
ansible.builtin.set_fact:
raw_image_name: "{{ distro.name | splitext | first }}.img"
- name: Check if raw image already exists
ansible.builtin.stat:
path: "{{ proxmox_dirs.isos }}/{{ raw_image_name }}"
register: raw_image_stat
- name: Convert image to raw format
ansible.builtin.command:
cmd: "qemu-img convert -O raw {{ proxmox_dirs.isos }}/{{ distro.name }} {{ proxmox_dirs.isos }}/{{ raw_image_name }}"
when:
- download_result is changed or not raw_image_stat.stat.exists
- image_stat.stat.exists

31
roles/proxmox/tasks/56_provision_new_vm.yml
View File

@@ -32,6 +32,37 @@
vmid: "{{ vm.vmid }}" vmid: "{{ vm.vmid }}"
state: started state: started
- name: Stop VM
community.general.proxmox_kvm:
api_user: root@pam
api_password: "{{ vault.pve.aya01.root.sudo }}"
api_host: "192.168.20.12"
node: "{{ vm.node }}"
vmid: "{{ vm.vmid }}"
state: stopped
force: true
- name: Wait until VM is fully stopped
community.general.proxmox_vm_info:
api_user: "root@pam"
api_password: "{{ vault.pve.aya01.root.sudo }}"
api_host: "192.168.20.12"
node: "{{ vm.node }}"
vmid: "{{ vm.vmid }}"
register: vm_status_check
until: vm_status_check.proxmox_vms[0].status == "stopped"
retries: 24
delay: 5
- name: Start VM
community.general.proxmox_kvm:
api_user: root@pam
api_password: "{{ vault.pve.aya01.root.sudo }}"
api_host: "192.168.20.12"
node: "{{ vm.node }}"
vmid: "{{ vm.vmid }}"
state: started
- name: Wait for VM to appear on network - name: Wait for VM to appear on network
ansible.builtin.shell: | ansible.builtin.shell: |
nmap -sn -n -PR 192.168.20.0/24 | grep -B2 "{{ mac_address }}" | grep "Nmap scan report for" nmap -sn -n -PR 192.168.20.0/24 | grep -B2 "{{ mac_address }}" | grep "Nmap scan report for"