tudattr/ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor(ansible): restructure inventory and remove postgres role

Browse Source 
Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
This commit is contained in:
Tuan-Dat Tran
2025-07-12 20:35:26 +02:00
parent cb8ccd8f00
commit 3d7f652ff3
42 changed files with 114 additions and 513 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ansible.cfg
View File

@@ -6,7 +6,7 @@ interpreter_python=python3
roles_path=./roles
# (pathlist) Comma separated list of Ansible inventory sources
inventory=./production.ini
inventory=./inventory
# (path) The vault password file to use. Equivalent to --vault-password-file or --vault-id
# If executable, it will be run and the resulting stdout will be used as the password.

46
group_vars/k3s/secrets.yml
View File

@@ -1,26 +1,22 @@
$ANSIBLE_VAULT;1.1;AES256
66323965326561656434636164616434353663633933346332373537663136323465323461306337
3733663066623866333534366430663761653262646662650a323938306636653965656361646330
66313965376537643033666165366435653862663231383366636166373238666334313836313138
6164353263323136300a653236636334643832396534623735316465623133373838353163313136
33303331313037376336623637356633383734343338386634646335616632646366366138643539
37303531346430323330396637316632643065346537386433663431373437376261366263306264
63323235303632356661373463383565613764323733343839653139613766633036346234316432
37626432333935613566386631346161623133366438343630316237363730626234336462303132
38323132363631653432643462306133323266333637346139343961623430363436663763383234
66343232386263646633653739343963333364386630376638396261326563333935643437646638
63656664633838336535613963393434336264656265356238306237626361336533643363323838
30376236613236386133383130633164306632323630383932383432353439646266386239383834
32346431306662346166653738333138643733623739623536303639663136336533373230643533
64323037303161306435316662653237356161393239656362383261306366336134353438326233
62363532396336616261383735386535396363386339333962623233383534393033306662666266
66316237616137366639333439613732666638376163373235306663323762613466363636346337
38393762653537316134316234363066363439623164356237313566626533326332646663313838
38383633616538353833353634376236656433383464303538613663383838633538616136313365
64643438316638333433366137656634353039663763353734616432306465386563353665666136
63383739323038333537396433303332343235383562376438633237663465396366643438353862
32646637323530356432386662613366323234323639653139306665623865613666623133656465
31636334666638623939393366663935363434613731386365303130343439376430613331663561
30353738346138343563383738393666333761333231303366386563303165363039313263343563
36303533353165323461376461623665313938356535363462663737643265636137613366616639
38383761343161336462373563383338393435326331353132333336666330306638
34316133396533396139633865623964346462666461313938663138313133393538636137383239
3135346533313734393638396530383066623765326266360a666235636561623863613538346235
38663039313737373961383935636233633563376230326535636539633366363261316436636630
3834383036386132640a383566323963666531623333336635636266623666343262386566653133
34613765323062646362333364366533613234356132333864373139316631633039616666323731
38643562333432393736626566346234336333643132373535316532336339623533333863656131
65333537643637326465333030663662653461326231613363386637316333323064333163396130
30653934663465613461666566623935626530663161666436616338333235313338333830386235
30353331333731393336616466396438356131383737366137346266336136353236623765366266
31393161366433613562373663616434343161663539313536316538616530613166656562633466
37663864643763626663373731313664333832386138363132646631366431636634393933363830
34336536313064626333353630613366326539326662316236666263336435363061333634663964
62346662643361313434663065363534643635633733376634396534363962653735666338366661
32623939343334326237663934363337316364376264626566303539613564336361343762663431
38313737336332316263333664373663653366306165386631663730346163613839303166613064
31653638623064653665393739636664316139383732323036636636336538396238313337323562
39666235313439336336336635386638633562383630383565336436626137383432373632613563
37373235326562393966383037663764306430393431346662363530386563633638316539323833
30316130336439633961303930376132613030366265313835386536363730326564333561313833
65393136333330653231343830323534623463663765393166666631353035613238376161636632
3838

10
group_vars/k3s/vars.yml
View File

@@ -1,11 +1,3 @@
db:
default_user:
user: "postgres"
name: "k3s"
user: "k3s"
password: "{{ vault_k3s.postgres.db.password }}"
listen_address: "{{ k3s.db.ip }}"
k3s:
net: "192.168.20.0/24"
server:
@@ -24,5 +16,3 @@ k3s:
- 192.168.20.25
- 192.168.20.26
- 192.168.20.27
k3s_db_connection_string: "postgres://{{ db.user }}:{{ db.password }}@{{ k3s.db.ip }}:{{ k3s.db.default_port }}/{{ db.name }}"

44
group_vars/proxmox/vms.yml
View File

@@ -34,3 +34,47 @@ vms:
ciuser: "{{ user }}"
sshkeys: "{{ pubkey }}"
disk_size: 128 # in Gb
- name: "k3s-server10"
node: "naruto01"
vmid: 110
cores: 2
memory: 4096 # in MiB
net:
net0: "virtio,bridge=vmbr0,firewall=1"
boot_image: "{{ proxmox_cloud_init_images.debian.name }}"
ciuser: "{{ user }}"
sshkeys: "{{ pubkey }}"
disk_size: 64 # in Gb
# - name: "k3s-agent10"
# node: "naruto01"
# vmid: 210
# cores: 2
# memory: 4096 # in MiB
# net:
# net0: "virtio,bridge=vmbr0,firewall=1"
# boot_image: "{{ proxmox_cloud_init_images.debian.name }}"
# ciuser: "{{ user }}"
# sshkeys: "{{ pubkey }}"
# disk_size: 50 # in Gb
# - name: "k3s-agent11"
# node: "lulu"
# vmid: 211
# cores: 2
# memory: 4096 # in MiB
# net:
# net0: "virtio,bridge=vmbr0,firewall=1"
# boot_image: "{{ proxmox_cloud_init_images.debian.name }}"
# ciuser: "{{ user }}"
# sshkeys: "{{ pubkey }}"
# disk_size: 128 # in Gb
# - name: "k3s-agent12"
# node: "inko"
# vmid: 212
# cores: 2
# memory: 4096 # in MiB
# net:
# net0: "virtio,bridge=vmbr0,firewall=1"
# boot_image: "{{ proxmox_cloud_init_images.debian.name }}"
# ciuser: "{{ user }}"
# sshkeys: "{{ pubkey }}"
# disk_size: 128 # in Gb

10
host_vars/aya01.yml
View File

@@ -1,10 +0,0 @@
---
# ansible_user: "root"
# ansible_host: 192.168.20.12
# ansible_port: 22
# ansible_ssh_private_key_file: "{{ pk_path }}"
# ansible_become_pass: "{{ vault.pve.aya01.root.sudo }}"
#
# host:
# hostname: "aya01"
# ip: "{{ ansible_host }}"

10
host_vars/docker-host00.yml
View File

@@ -1,10 +0,0 @@
---
# Configure this in ~/.ssh/config*
# ansible_user: "{{ user }}"
# ansible_host: 192.168.20.34
# ansible_port: 22
# ansible_ssh_private_key_file: "{{ pk_path }}"
ansible_become_pass: "{{ vault.docker.host00.sudo }}"
# host:
# hostname: "docker-host00"
# ip: "192.168.20.34"

11
host_vars/docker-host01.yml
View File

@@ -1,11 +0,0 @@
---
# Configure this in ~/.ssh/config*
# ansible_user: "{{ user }}"
# ansible_host: 192.168.20.35
# ansible_port: 22
# ansible_ssh_private_key_file: "{{ pk_path }}"
ansible_become_pass: "{{ vault.docker.host01.sudo }}"
#
# host:
# hostname: "docker-host01"
# ip: "192.168.20.35"

10
host_vars/docker-host02.yml
View File

@@ -1,10 +0,0 @@
---
# Configure this in ~/.ssh/config*
# ansible_user: "{{ user }}"
# ansible_host: 192.168.20.36
# ansible_port: 22
# ansible_ssh_private_key_file: "{{ pk_path }}"
ansible_become_pass: "{{ vault.docker.host02.sudo }}"
# host:
# hostname: "docker-host02"
# ip: "192.168.20.36"

9
host_vars/docker-lb.yml
View File

@@ -1,9 +0,0 @@
---
# ansible_user: "{{ user }}"
# ansible_host: 192.168.20.37
# ansible_port: 22
# ansible_ssh_private_key_file: "{{ pk_path }}"
ansible_become_pass: "{{ vault.docker.lb.sudo }}"
# host:
# hostname: "docker-lb"
# ip: "192.168.20.37"

10
host_vars/inko.yml
View File

@@ -1,10 +0,0 @@
---
# ansible_user: "root"
# ansible_host: 192.168.20.14
# ansible_port: 22
# ansible_ssh_private_key_file: "{{ pk_path }}"
# ansible_become_pass: "{{ vault.pve.inko.root.sudo }}"
#
# host:
# hostname: "inko"
# ip: "{{ ansible_host }}"

10
host_vars/k3s-agent00.yml
View File

@@ -1,10 +0,0 @@
---
ansible_user: "{{ user }}"
ansible_host: 192.168.20.25
ansible_port: 22
ansible_ssh_private_key_file: "{{ pk_path }}"
ansible_become_pass: "{{ vault_k3s.agent00.sudo }}"
host:
hostname: "k3s-agent00"
ip: "{{ ansible_host }}"

10
host_vars/k3s-agent01.yml
View File

@@ -1,10 +0,0 @@
---
ansible_user: "{{ user }}"
ansible_host: 192.168.20.26
ansible_port: 22
ansible_ssh_private_key_file: "{{ pk_path }}"
ansible_become_pass: "{{ vault_k3s.agent01.sudo }}"
host:
hostname: "k3s-agent01"
ip: "{{ ansible_host }}"

10
host_vars/k3s-agent02.yml
View File

@@ -1,10 +0,0 @@
---
ansible_user: "{{ user }}"
ansible_host: 192.168.20.27
ansible_port: 22
ansible_ssh_private_key_file: "{{ pk_path }}"
ansible_become_pass: "{{ vault_k3s.agent02.sudo }}"
host:
hostname: "k3s-agent02"
ip: "{{ ansible_host }}"

9
host_vars/k3s-loadbalancer.yml
View File

@@ -1,9 +0,0 @@
---
ansible_user: "{{ user }}"
ansible_host: 192.168.20.22
ansible_port: 22
ansible_ssh_private_key_file: "{{ pk_path }}"
ansible_become_pass: "{{ vault_k3s.loadbalancer.sudo }}"
host:
hostname: "k3s-loadbalancer"
ip: "{{ ansible_host }}"

10
host_vars/k3s-longhorn00.yml
View File

@@ -1,10 +0,0 @@
---
ansible_user: "{{ user }}"
ansible_host: 192.168.20.32
ansible_port: 22
ansible_ssh_private_key_file: "{{ pk_path }}"
ansible_become_pass: "{{ vault_k3s.longhorn00.sudo }}"
host:
hostname: "k3s-longhorn00"
ip: "{{ ansible_host }}"

10
host_vars/k3s-longhorn01.yml
View File

@@ -1,10 +0,0 @@
---
ansible_user: "{{ user }}"
ansible_host: 192.168.20.33
ansible_port: 22
ansible_ssh_private_key_file: "{{ pk_path }}"
ansible_become_pass: "{{ vault_k3s.longhorn01.sudo }}"
host:
hostname: "k3s-longhorn01"
ip: "{{ ansible_host }}"

10
host_vars/k3s-longhorn02.yml
View File

@@ -1,10 +0,0 @@
---
ansible_user: "{{ user }}"
ansible_host: 192.168.20.31
ansible_port: 22
ansible_ssh_private_key_file: "{{ pk_path }}"
ansible_become_pass: "{{ vault_k3s.longhorn02.sudo }}"
host:
hostname: "k3s-longhorn02"
ip: "{{ ansible_host }}"

9
host_vars/k3s-postgres.yml
View File

@@ -1,9 +0,0 @@
---
ansible_user: "{{ user }}"
ansible_host: 192.168.20.23
ansible_port: 22
ansible_ssh_private_key_file: "{{ pk_path }}"
ansible_become_pass: "{{ vault_k3s.postgres.sudo }}"
host:
hostname: "k3s-postgres"
ip: "{{ ansible_host }}"

9
host_vars/k3s-server00.yml
View File

@@ -1,9 +0,0 @@
---
ansible_user: "{{ user }}"
ansible_host: 192.168.20.21
ansible_port: 22
ansible_ssh_private_key_file: "{{ pk_path }}"
ansible_become_pass: "{{ vault_k3s.server00.sudo }}"
host:
hostname: "k3s-server00"
ip: "{{ ansible_host }}"

10
host_vars/k3s-server01.yml
View File

@@ -1,10 +0,0 @@
---
ansible_user: "{{ user }}"
ansible_host: 192.168.20.24
ansible_port: 22
ansible_ssh_private_key_file: "{{ pk_path }}"
ansible_become_pass: "{{ vault_k3s.server01.sudo }}"
host:
hostname: "k3s-server01"
ip: "{{ ansible_host }}"

10
host_vars/k3s-server02.yml
View File

@@ -1,10 +0,0 @@
---
ansible_user: "{{ user }}"
ansible_host: 192.168.20.30
ansible_port: 22
ansible_ssh_private_key_file: "{{ pk_path }}"
ansible_become_pass: "{{ vault_k3s.server02.sudo }}"
host:
hostname: "k3s-server02"
ip: "{{ ansible_host }}"

10
host_vars/lulu.yml
View File

@@ -1,10 +0,0 @@
---
# ansible_user: "root"
# ansible_host: 192.168.20.28
# ansible_port: 22
# ansible_ssh_private_key_file: "{{ pk_path }}"
# ansible_become_pass: "{{ vault.pve.lulu.root.sudo }}"
#
# host:
# hostname: "lulu"
# ip: "{{ ansible_host }}"

13
inventory/docker.ini Normal file
View File

@@ -0,0 +1,13 @@
[docker_host]
docker-host01 ansible_become_pass: "{{ vault.docker.host01.sudo }}"
docker-host10
docker-host12
[docker_lb]
docker-lb ansible_become_pass: "{{ vault.docker.lb.sudo }}"
[docker]
[docker:children]
docker_host
docker_lb

21
inventory/k3s.ini Normal file
View File

@@ -0,0 +1,21 @@
[k3s]
[k3s:children]
k3s_server
k3s_agent
k3s_storage
k3s_storage
k3s_loadbalancer
[k3s_server]
k3s-server10
[k3s_agent]
k3s-agent[10:12]
[k3s_storage]
k3s-longhorn[10:12]
[k3s_loadbalancer]
k3s-loadbalancer

11
inventory/proxmox.ini Normal file
View File

@@ -0,0 +1,11 @@
[proxmox]
127.0.0.1 ansible_connection=local
[proxmox:children]
proxmox_nodes
[proxmox_nodes]
aya01
lulu
inko
naruto01

3
inventory/vps.ini Normal file
View File

@@ -0,0 +1,3 @@
[vps]
mii

19
playbooks/db.yml
View File

@@ -1,19 +0,0 @@
---
- name: Set up Servers
hosts: db
gather_facts: yes
vars_files:
- secrets.yml
roles:
- role: common
tags:
- common
- role: postgres
tags:
- postgres
- role: node_exporter
tags:
- node_exporter
- role: postgres_exporter
tags:
- postgres_exporter

63
production.ini
View File

@@ -1,63 +0,0 @@
[proxmox]
127.0.0.1 ansible_connection=local
[proxmox:children]
proxmox_nodes
[proxmox_nodes]
aya01
lulu
inko
naruto01
[k3s]
k3s-postgres
k3s-loadbalancer
k3s-server[00:02]
k3s-agent[00:02]
k3s-longhorn[00:02]
[vm]
k3s-postgres
k3s-loadbalancer
k3s-agent[00:02]
k3s-server[00:02]
k3s-longhorn[00:02]
# docker-host[00:01]
[k3s_nodes]
k3s-server[00:02]
k3s-agent[00:02]
k3s-longhorn[00:02]
[docker]
docker-host01
docker-host10
docker-host12
docker-lb
[vps]
mii
[k3s_server]
k3s-server[00:02]
[k3s_agent]
k3s-agent[00:02]
[k3s_storage]
k3s-longhorn[00:02]
[db]
k3s-postgres
[loadbalancer]
k3s-loadbalancer
[docker_host]
docker-host01
docker-host10
docker-host12
[docker_lb]
docker-lb

3
roles/k3s_server/tasks/installation.yml
View File

@@ -17,8 +17,6 @@
/tmp/k3s_install.sh server \
--node-taint CriticalAddonsOnly=true:NoExecute \
--tls-san {{ k3s.loadbalancer.ip }}
environment:
K3S_DATASTORE_ENDPOINT: "{{ k3s_db_connection_string }}"
become: true
async: 300
poll: 0
@@ -53,6 +51,5 @@
--node-taint CriticalAddonsOnly=true:NoExecute \
--tls-san {{ k3s.loadbalancer.ip }}
environment:
K3S_DATASTORE_ENDPOINT: "{{ k3s_db_connection_string }}"
K3S_TOKEN: "{{ hostvars[(hostvars | dict2items | map(attribute='value') | map('dict2items') | map('selectattr', 'key', 'match', 'host') | map('selectattr', 'value.ip', 'match', k3s.server.ips[0] ) | select() | first | items2dict).host.hostname].k3s_token }}"
become: true

6
roles/postgres/handlers/main.yml
View File

@@ -1,6 +0,0 @@
---
- name: Restart postgres
ansible.builtin.systemd:
name: postgresql
state: restarted
become: true

10
roles/postgres/tasks/ansible_deps.yml
View File

@@ -1,10 +0,0 @@
---
- name: Update apt cache
ansible.builtin.apt:
update_cache: true
become: true
- name: Install ansible dependencies
ansible.builtin.apt:
name: "{{ ansible_dependencies }}"
become: true

69
roles/postgres/tasks/configuration.yml
View File

@@ -1,69 +0,0 @@
---
- name: "Create postgres user: {{ db.user }}"
community.postgresql.postgresql_user:
state: present
name: "{{ db.user }}"
password: "{{ db.password }}"
become: true
become_user: "{{ db.default_user.user }}"
vars:
ansible_remote_temp: "/tmp/"
- name: "Create database: {{ db.name }}"
community.postgresql.postgresql_db:
state: present
name: "{{ db.name }}"
encoding: UTF8
lc_collate: "en_US.UTF-8"
lc_ctype: "en_US.UTF-8"
become: true
become_user: postgres
vars:
ansible_remote_temp: "/tmp/"
- name: "Grant privileges to {{ db.user }}"
community.postgresql.postgresql_privs:
db: "{{ db.name }}"
privs: ALL
type: database
roles: "{{ db.user }}"
become: true
become_user: postgres
vars:
ansible_remote_temp: "/tmp/"
- name: "Grant all privileges on schema public to {{ db.user }};"
community.postgresql.postgresql_privs:
db: "{{ db.name }}"
privs: ALL
type: schema
obj: "public"
roles: "{{ db.user }}"
become: true
become_user: postgres
vars:
ansible_remote_temp: "/tmp/"
- name: "Allow md5 connection for the user {{ db.user }}"
community.postgresql.postgresql_pg_hba:
dest: "/etc/postgresql/15/main/pg_hba.conf"
contype: host
databases: all
method: md5
address: "{{ k3s.net }}"
users: "{{ db.user }}"
create: false
become: true
notify:
- Restart postgres
- name: "Set public listen address"
become: true
ansible.builtin.lineinfile:
dest: "/etc/postgresql/15/main/conf.d/listen.conf"
regexp: "^#?listen_addresses="
line: "listen_addresses='{{ db.listen_address | default('localhost') }}'"
state: present
mode: "644"
create: true
notify: "Restart postgres"

14
roles/postgres/tasks/installation.yml
View File

@@ -1,14 +0,0 @@
---
- name: Install postgres
ansible.builtin.apt:
name: "{{ postgres_packages }}"
state: present
become: true
- name: Start and enable the service
ansible.builtin.systemd:
name: postgresql
state: started
daemon_reload: true
enabled: true
become: true

7
roles/postgres/tasks/main.yml
View File

@@ -1,7 +0,0 @@
---
- name: Install ansible dependencies for this role
ansible.builtin.include_tasks: ansible_deps.yml
- name: Install postgres
ansible.builtin.include_tasks: installation.yml
- name: Configure Database
ansible.builtin.include_tasks: configuration.yml

9
roles/postgres/vars/main.yml
View File

@@ -1,9 +0,0 @@
ansible_dependencies:
- python3-pip
- python3-psycopg
- python3-pexpect
- acl
postgres_packages:
- postgresql
- postgresql-client

6
roles/postgres_exporter/handlers/main.yml
View File

@@ -1,6 +0,0 @@
---
- name: "Restart {{ bin_name }}"
ansible.builtin.service:
name: "{{ bin_name }}"
state: restarted
become: true

18
roles/postgres_exporter/tasks/get_version.yml
View File

@@ -1,18 +0,0 @@
---
- name: Determine latest GitHub release (local)
delegate_to: localhost
ansible.builtin.uri:
url: "https://api.github.com/repos/{{ repository }}/releases/{{ version }}"
body_format: json
register: _github_release
until: _github_release.status == 200
retries: 3
- name: Set version
ansible.builtin.set_fact:
tag: "{{ _github_release.json.tag_name
| regex_replace('^v?([0-9\\.]+)$', '\\1') }}"
- name: Set download_url
ansible.builtin.set_fact:
download_url: "https://github.com/{{ repository }}/releases/download/v{{ tag }}/{{ bin_name }}-{{ tag }}.linux-{{ go_arch }}.tar.gz"

29
roles/postgres_exporter/tasks/install.yml
View File

@@ -1,29 +0,0 @@
---
- name: Download/Extract "{{ download_url }}"
ansible.builtin.unarchive:
src: "{{ download_url }}"
dest: /tmp/
remote_src: true
mode: "755"
- name: "Move binary into path: {{ bin_path }}"
ansible.builtin.copy:
src: "/tmp/{{ bin_name }}-{{ tag }}.linux-{{ go_arch }}/{{ bin_name }}"
dest: "{{ bin_path }}"
mode: "755"
remote_src: true
become: true
- name: "Create user: {{ bin_name }}"
ansible.builtin.user:
name: "{{ bin_name }}"
shell: /sbin/nologin
state: present
become: true
- name: Copy the node_exporter systemd unit file.
ansible.builtin.template:
src: "{{ bin_name }}.service.j2"
dest: "/etc/systemd/system/{{ bin_name }}.service"
mode: "644"
become: true

7
roles/postgres_exporter/tasks/main.yml
View File

@@ -1,7 +0,0 @@
---
- name: Get Version
ansible.builtin.include_tasks: get_version.yml
- name: Install exporter
ansible.builtin.include_tasks: install.yml
- name: Create service
ansible.builtin.include_tasks: systemd.yml

10
roles/postgres_exporter/tasks/systemd.yml
View File

@@ -1,10 +0,0 @@
---
- name: "Ensure service is running and enabled: {{ bin_name }}"
ansible.builtin.service:
name: "{{ bin_name }}"
state: started
daemon_reload: true
enabled: true
notify:
- Restart "{{ bin_name }}"
become: true

14
roles/postgres_exporter/templates/postgres_exporter.service.j2
View File

@@ -1,14 +0,0 @@
[Unit]
Description=PostgresExporter
[Service]
TimeoutStartSec=0
User={{ bin_name }}
ExecStart={{ bin_path }} --web.listen-address={{ ansible_host }}:{{ bind_port }} {{ options }}
Environment="DATA_SOURCE_URI=localhost:5432/postgres?sslmode=disable"
Environment="DATA_SOURCE_USER={{ db.user }}"
Environment="DATA_SOURCE_PASS={{ db.password }}"
[Install]
WantedBy=multi-user.target

16
roles/postgres_exporter/vars/main.yml
View File

@@ -1,16 +0,0 @@
go_arch_map:
i386: "386"
x86_64: "amd64"
aarch64: "arm64"
armv7l: "armv7"
armv6l: "armv6"
go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
repository: "prometheus-community/postgres_exporter"
bind_port: 9187
version: "latest"
serve: "localhost"
options: ""
bin_name: postgres_exporter
bin_path: "/usr/local/bin/{{ bin_name }}"