tudattr/ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Finished lb and db

Browse Source 
Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
This commit is contained in:
Tuan-Dat Tran
2024-09-19 23:10:00 +02:00
parent 50abbf933c
commit 51a49d003d
51 changed files with 384 additions and 367 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
roles/common/templates/common/bash/bashrc.j2 → roles/common/files/bash/bashrc
View File

@@ -51,6 +51,3 @@ if ! shopt -oq posix; then
. /etc/bash_completion
fi
fi
. "$HOME/.cargo/env"

6
roles/common/handlers/main.yml Normal file
View File

@@ -0,0 +1,6 @@
---
- name: Restart sshd
service:
name: sshd
state: restarted
become: yes

3
roles/common/tasks/bash.yml
View File

@@ -1,10 +1,9 @@
---
- name: Copy .bashrc
template:
src: templates/common/bash/bashrc.j2
src: files/bash/bashrc
dest: "/home/{{ user }}/.bashrc"
owner: "{{ user }}"
group: "{{ user }}"
mode: 0644
become: yes
register: sshd

14
roles/common/tasks/hostname.yml Normal file
View File

@@ -0,0 +1,14 @@
---
- name: Set a hostname
ansible.builtin.hostname:
name: "{{ host.hostname }}"
become: true
- name: Update /etc/hosts to reflect the new hostname
lineinfile:
path: /etc/hosts
regexp: '^127\.0\.1\.1'
line: "127.0.1.1 {{ host.hostname }}"
state: present
backup: yes
become: true

3
roles/common/tasks/main.yml
View File

@@ -1,5 +1,6 @@
---
- include_tasks: time.yml
- include_tasks: essential.yml
- include_tasks: hostname.yml
- include_tasks: packages.yml
- include_tasks: bash.yml
- include_tasks: sshd.yml

2
roles/common/tasks/essential.yml → roles/common/tasks/packages.yml
View File

@@ -1,5 +1,5 @@
---
- name: Update and upgrade packages
- name: Update and upgrade packages
apt:
update_cache: yes
upgrade: yes

12
roles/common/tasks/sshd.yml
View File

@@ -1,11 +1,12 @@
---
- name: Copy sshd_config
template:
src: templates/common/ssh/sshd_config
src: templates/ssh/sshd_config
dest: /etc/ssh/sshd_config
mode: 0644
notify:
- Restart sshd
become: yes
register: sshd
- name: Copy pubkey
copy:
@@ -14,10 +15,3 @@
owner: "{{ user }}"
group: "{{ user }}"
mode: "644"
- name: Restart sshd
service:
name: "sshd"
state: "restarted"
become: yes
when: sshd.changed

0
roles/common/templates/common/ssh/sshd_config → roles/common/templates/ssh/sshd_config
View File

6
roles/k3s_server/handlers/main.yml Normal file
View File

@@ -0,0 +1,6 @@
---
- name: Restart sshd
service:
name: k3s
state: restarted
become: yes

6
roles/k3s_server/tasks/installation.yml Normal file
View File

@@ -0,0 +1,6 @@
---
- name: Install k3s
command: "curl -sfL https://get.k3s.io | sh -s - server --node-taint CriticalAddonsOnly=true:NoExecute --tls-san {{ k3s.loadbalancer.ip }}"
environment:
K3S_DATASTORE_ENDPOINT: "{{ k3s_db_connection_string }}"
become: true

2
roles/k3s_server/tasks/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
- include_tasks: installation.yml

0
roles/k3s_server/vars/main.yml Normal file
View File

6
roles/loadbalancer/handlers/main.yml Normal file
View File

@@ -0,0 +1,6 @@
---
- name: Restart nginx
systemd:
name: nginx
state: restarted
become: true

20
roles/loadbalancer/tasks/configuration.yml Normal file
View File

@@ -0,0 +1,20 @@
---
- name: Template the nginx config file with dynamic upstreams
template:
src: templates/nginx.conf.j2
dest: "{{ nginx_config_path }}"
owner: root
group: root
mode: "0644"
become: true
notify:
- Restart nginx
vars:
k3s_server_ips: "{{ k3s.server.ips }}"
- name: Enable nginx
systemd:
name: nginx
daemon_reload: true
enabled: true
become: true

12
roles/loadbalancer/tasks/installation.yml Normal file
View File

@@ -0,0 +1,12 @@
---
- name: Update apt cache
apt:
update_cache: yes
become: true
- name: Install Nginx
apt:
name:
- nginx-full
state: present
become: true

3
roles/loadbalancer/tasks/main.yml Normal file
View File

@@ -0,0 +1,3 @@
---
- include_tasks: installation.yml
- include_tasks: configuration.yml

16
roles/loadbalancer/templates/nginx.conf.j2 Normal file
View File

@@ -0,0 +1,16 @@
include /etc/nginx/modules-enabled/*.conf;
events {}
stream {
upstream k3s_servers {
{% for ip in k3s_server_ips %}
server {{ ip }}:6443;
{% endfor %}
}
server {
listen 6443;
proxy_pass k3s_servers;
}
}

1
roles/loadbalancer/vars/main.yml Normal file
View File

@@ -0,0 +1 @@
nginx_config_path: "/etc/nginx/nginx.conf"

6
roles/node_exporter/handlers/main.yml Normal file
View File

@@ -0,0 +1,6 @@
---
- name: Restart node_exporter
service:
name: node_exporter
state: restarted
become: true

10
roles/node_exporter/tasks/get_version.yml
View File

@@ -2,17 +2,17 @@
- name: Determine latest GitHub release (local)
delegate_to: localhost
uri:
url: "https://api.github.com/repos/prometheus/node_exporter/releases/{{ node_exporter.version }}"
url: "https://api.github.com/repos/prometheus/node_exporter/releases/{{ version }}"
body_format: json
register: _github_release
until: _github_release.status == 200
retries: 3
- name: Set node_exporter_version
- name: Set version
set_fact:
node_exporter_version: "{{ _github_release.json.tag_name
version: "{{ _github_release.json.tag_name
| regex_replace('^v?([0-9\\.]+)$', '\\1') }}"
- name: Set node_exporter.download_url
- name: Set download_url
set_fact:
node_exporter_download_url: "https://github.com/prometheus/node_exporter/releases/download/v{{ node_exporter_version }}/node_exporter-{{ node_exporter_version }}.linux-{{ go_arch }}.tar.gz"
download_url: "https://github.com/prometheus/node_exporter/releases/download/v{{ version }}/node_exporter-{{ version }}.linux-{{ go_arch }}.tar.gz"

10
roles/node_exporter/tasks/install.yml
View File

@@ -1,15 +1,15 @@
---
- name: Download/Extract "{{ node_exporter_download_url }}"
- name: Download/Extract "{{ download_url }}"
unarchive:
src: "{{ node_exporter_download_url }}"
src: "{{ download_url }}"
dest: /tmp/
remote_src: true
mode: 755
- name: Move node_exporter into path
copy:
src: "/tmp/node_exporter-{{ node_exporter_version }}.linux-{{ go_arch }}/node_exporter"
dest: "{{ node_exporter.bin_path }}"
src: "/tmp/node_exporter-{{ version }}.linux-{{ go_arch }}/node_exporter"
dest: "{{ bin_path }}"
mode: 755
remote_src: true
become: true
@@ -26,6 +26,4 @@
src: node_exporter.service.j2
dest: /etc/systemd/system/node_exporter.service
mode: 0644
register: node_exporter_service
become: true

7
roles/node_exporter/tasks/systemd.yml
View File

@@ -1,9 +1,10 @@
---
- name: Ensure node_exporter is running and enabled at boot.
service:
daemon_reload: true
name: node_exporter
state: restarted
state: started
daemon_reload: true
enabled: true
when: node_exporter_service is changed
notify:
- Restart node_exporter
become: true

2
roles/node_exporter/templates/node_exporter.service.j2
View File

@@ -4,7 +4,7 @@ Description=NodeExporter
[Service]
TimeoutStartSec=0
User=node_exporter
ExecStart={{ node_exporter.bin_path }} --web.listen-address={{ host.ip }}:{{ node_exporter.port }} {{ node_exporter.options }}
ExecStart={{ bin_path }} --web.listen-address={{ host.ip }}:{{ bind_port }} {{ options }}
[Install]
WantedBy=multi-user.target

6
roles/node_exporter/vars/main.yml
View File

@@ -6,3 +6,9 @@ go_arch_map:
armv6l: "armv6"
go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
bind_port: 9100
version: "latest"
serve: "localhost"
options: ""
bin_path: "/usr/local/bin/node_exporter"

6
roles/postgres/handlers/main.yml Normal file
View File

@@ -0,0 +1,6 @@
---
- name: Restart postgres
systemd:
name: postgres
state: restarted
become: true

10
roles/postgres/tasks/ansible_deps.yml Normal file
View File

@@ -0,0 +1,10 @@
---
- name: Update apt cache
apt:
update_cache: yes
become: true
- name: Install ansible dependencies
apt:
name: "{{ ansible_dependencies }}"
become: true

49
roles/postgres/tasks/configuration.yml Normal file
View File

@@ -0,0 +1,49 @@
---
- name: "Create postgres user: {{ db.user }}"
community.postgresql.postgresql_user:
state: present
name: "{{ db.user }}"
password: "{{ db.password }}"
become: true
become_user: "{{ db.default_user.user }}"
vars:
ansible_remote_temp: "/tmp/"
- name: "Create database: {{ db.name }}"
community.postgresql.postgresql_db:
state: present
name: "{{ db.name }}"
encoding: UTF8
lc_collate: "en_US.UTF-8"
lc_ctype: "en_US.UTF-8"
become: yes
become_user: postgres
vars:
ansible_remote_temp: "/tmp/"
- name: "Grant {{ db.user }} user access to db {{ db.name }}"
postgresql_privs:
type: database
database: "{{ db.name }}"
roles: "{{ db.user }}"
grant_option: no
privs: all
become: yes
become_user: postgres
vars:
ansible_remote_temp: "/tmp/"
- name: "Allow md5 connection for the {{ db.user }} user"
postgresql_pg_hba:
dest: "~/15/main/pg_hba.conf"
contype: host
databases: all
method: md5
users: "{{ db.user }}"
create: true
become: yes
become_user: postgres
notify:
- Restart postgres
vars:
ansible_remote_temp: "/tmp/"

14
roles/postgres/tasks/installation.yml Normal file
View File

@@ -0,0 +1,14 @@
---
- name: Install postgres
apt:
name: "{{ postgres_packages }}"
state: present
become: true
register: postgres_install
- name: Start and enable the service
systemd:
name: postgresql
state: started
enabled: true
become: true

4
roles/postgres/tasks/main.yml Normal file
View File

@@ -0,0 +1,4 @@
---
- include_tasks: ansible_deps.yml
- include_tasks: installation.yml
- include_tasks: configuration.yml

21
roles/postgres/vars/main.yml Normal file
View File

@@ -0,0 +1,21 @@
############################################
############### CHANGE THESE ###############
############################################
db:
default_user:
user: "postgres"
name: "database"
user: "user"
password: "password"
############################################
# Don't change these (probably)
ansible_dependencies:
- python3-pip
- python3-psycopg
- python3-pexpect
- acl
postgres_packages:
- postgresql
- postgresql-client

16
roles/wireguard/tasks/config.yml
View File

@@ -1,16 +0,0 @@
---
- name: Copy "{{ wg_config }}"
template:
src: "{{ wg_config }}"
dest: "{{ wg_remote_config }}"
owner: "root"
group: "root"
mode: "0600"
become: true
- name: Start wireguard
service:
name: "{{ wg_service }}"
state: started
enabled: yes
become: true

20
roles/wireguard/tasks/install.yml
View File

@@ -1,20 +0,0 @@
---
- name: Update and upgrade packages
apt:
update_cache: true
upgrade: true
autoremove: true
become: true
- name: Install WireGuard dependencies
apt:
name: "{{ wg_deps }}"
state: present
become: true
- name: Create resolveconf symlink Debian bug #939904
file:
src: /usr/bin/resolvectl
dest: /usr/local/bin/resolvconf
state: link
become: true

2
roles/wireguard/tasks/main.yml
View File

@@ -1,2 +0,0 @@
- include_tasks: install.yml
- include_tasks: config.yml

9
roles/wireguard/templates/wg0.conf
View File

@@ -1,9 +0,0 @@
[Interface]
PrivateKey = {{ vault_wg_pk }}
Address = {{ wg_ip }}
DNS = {{ wg_dns }}
[Peer]
PublicKey = {{ wg_pubkey }}
Endpoint = {{ wg_endpoint }}
AllowedIPs = {{ wg_allowed_ips }}