diff --git a/ansible.cfg b/ansible.cfg index 7437999..b1a385e 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -6,7 +6,7 @@ interpreter_python=python3 roles_path=./roles # (pathlist) Comma separated list of Ansible inventory sources -inventory=./inventory +inventory=./vars/ # (path) The vault password file to use. Equivalent to --vault-password-file or --vault-id # If executable, it will be run and the resulting stdout will be used as the password. @@ -36,3 +36,6 @@ skip=dark gray [tags] # (list) default list of tags to skip in your plays, has precedence over Run Tags ;skip= + +[inventory] +ignore_extensions={{(REJECT_EXTS + ('.orig', '.cfg', '.retry', '.bak'))}} diff --git a/group_vars/proxmox/secrets.yml b/group_vars/proxmox/secrets.yml deleted file mode 100644 index 62d881d..0000000 --- a/group_vars/proxmox/secrets.yml +++ /dev/null @@ -1,15 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -35333866323538343132373761316430616539643436646637633131366232346566656438303438 -3539333661363964633834613161626134323533653737650a613832323436663739663162303066 -31333130646631306539356233346632636132346539343734393065353033613865363466646632 -6565343937666530330a326130393934326435643837323631653862313232363466643534306131 -62376132383137336230366538326364663362346137613930633161663834393835623935373164 -65623564633765653137623361376130623363613263313835366464313039613532323661363461 -37366438616566643537656639316665363339633737363539636364316335663639303364663366 -62653734343364663830633534643931656439313763366138323663373464303137323864313637 -65316135343464393031343166366338323839326631623533343931353833643232643339386231 -38623735386465383964653663346631376531376261353933346661666131353533633331353437 -63336366623333653732306130316264393865633338653238303861646535343837396232366134 -63343037636361323239376436326431623165326366383561323832323730636532623039383734 -66663139656262643038303435346666323762343661336234663131343531636161636536646465 -6530333864323262363536393562346362306161653162346132 diff --git a/group_vars/proxmox/vars.yml b/group_vars/proxmox/vars.yml deleted file mode 100644 index 413dba2..0000000 --- a/group_vars/proxmox/vars.yml +++ /dev/null @@ -1,3 +0,0 @@ -proxmox_api_user: root -proxmox_api_host: 192.168.20.12 -proxmox_api_password: "{{ vault.pve.aya01.root.sudo }}" diff --git a/inventory/docker.ini b/inventory/docker.ini deleted file mode 100644 index 8c54767..0000000 --- a/inventory/docker.ini +++ /dev/null @@ -1,13 +0,0 @@ -[docker_host] -docker-host01 ansible_become_pass: "{{ vault.docker.host01.sudo }}" -docker-host10 -docker-host12 - -[docker_lb] -docker-lb ansible_become_pass: "{{ vault.docker.lb.sudo }}" - -[docker] - -[docker:children] -docker_host -docker_lb diff --git a/playbooks/docker-host.yml b/playbooks/docker-host.yml index 199fc11..ba53722 100644 --- a/playbooks/docker-host.yml +++ b/playbooks/docker-host.yml @@ -2,8 +2,6 @@ - name: Set up Servers hosts: docker_host gather_facts: true - vars_files: - - secrets.yml roles: - role: common tags: diff --git a/playbooks/docker-lb.yml b/playbooks/docker-lb.yml index 0a1c22e..06306d1 100644 --- a/playbooks/docker-lb.yml +++ b/playbooks/docker-lb.yml @@ -2,8 +2,6 @@ - name: Set up reverse proxy for docker hosts: docker gather_facts: true - vars_files: - - secrets.yml roles: - role: common tags: diff --git a/playbooks/k3s-agents.yml b/playbooks/k3s-agents.yml index de2d130..2d5f49f 100644 --- a/playbooks/k3s-agents.yml +++ b/playbooks/k3s-agents.yml @@ -1,8 +1,6 @@ - name: Set up Agents hosts: k3s_nodes gather_facts: yes - vars_files: - - secrets.yml pre_tasks: - name: Get K3s token from the first server when: host.ip == k3s.server.ips[0] and inventory_hostname in groups["k3s_server"] diff --git a/playbooks/k3s-servers.yml b/playbooks/k3s-servers.yml index 462beda..065ef2c 100644 --- a/playbooks/k3s-servers.yml +++ b/playbooks/k3s-servers.yml @@ -2,8 +2,6 @@ - name: Set up Servers hosts: k3s_server gather_facts: yes - vars_files: - - secrets.yml roles: - role: common tags: diff --git a/playbooks/k3s-storage.yml b/playbooks/k3s-storage.yml index 60b3621..35e29d4 100644 --- a/playbooks/k3s-storage.yml +++ b/playbooks/k3s-storage.yml @@ -1,8 +1,6 @@ - name: Set up storage hosts: k3s_nodes - gather_facts: yes - vars_files: - - secrets.yml + gather_facts: true pre_tasks: - name: Get K3s token from the first server when: host.ip == k3s.server.ips[0] and inventory_hostname in groups["k3s_server"] diff --git a/playbooks/loadbalancer.yml b/playbooks/loadbalancer.yml index 34e773d..9c6bc67 100644 --- a/playbooks/loadbalancer.yml +++ b/playbooks/loadbalancer.yml @@ -2,8 +2,6 @@ - name: Set up Servers hosts: loadbalancer gather_facts: yes - vars_files: - - secrets.yml roles: - role: common tags: diff --git a/playbooks/proxmox.yml b/playbooks/proxmox.yml index 52e7472..c746de8 100644 --- a/playbooks/proxmox.yml +++ b/playbooks/proxmox.yml @@ -2,8 +2,6 @@ - name: Run proxmox vm playbook hosts: proxmox gather_facts: true - vars_files: - - secrets.yml vars: is_localhost: "{{ inventory_hostname == '127.0.0.1' }}" is_proxmox_node: "{{ 'proxmox_nodes' in group_names }}" diff --git a/production.ini b/production.ini new file mode 100644 index 0000000..e8602af --- /dev/null +++ b/production.ini @@ -0,0 +1,63 @@ +[proxmox] +127.0.0.1 ansible_connection=local + +[proxmox:children] +proxmox_nodes + +[proxmox_nodes] +aya01 +lulu +inko +naruto01 + +[k3s] +k3s-postgres +k3s-loadbalancer +k3s-server[00:02] +k3s-agent[00:02] +k3s-longhorn[00:02] + +[vm] +k3s-postgres +k3s-loadbalancer +k3s-agent[00:02] +k3s-server[00:02] +k3s-longhorn[00:02] +# docker-host[00:01] + +[k3s_nodes] +k3s-server[00:02] +k3s-agent[00:02] +k3s-longhorn[00:02] + +[docker] +docker-host01 +docker-host10 +docker-host12 +docker-lb + +[vps] +mii + +[k3s_server] +k3s-server[00:02] + +[k3s_agent] +k3s-agent[00:02] + +[k3s_storage] +k3s-longhorn[00:02] + +[db] +k3s-postgres + +[loadbalancer] +k3s-loadbalancer + +[docker_host] +docker-host01 +docker-host10 +docker-host12 + +[docker_lb] +docker-lb diff --git a/roles/common/tasks/time.yml b/roles/common/tasks/time.yml index 5ad7cb7..e0c8327 100644 --- a/roles/common/tasks/time.yml +++ b/roles/common/tasks/time.yml @@ -1,11 +1,11 @@ --- -- name: Set timezone to "{{ timezone }}" +- name: Set timezone community.general.timezone: name: "{{ timezone }}" become: true when: ansible_user_id != "root" -- name: Set timezone to "{{ timezone }}" +- name: Set timezone community.general.timezone: name: "{{ timezone }}" when: ansible_user_id == "root" diff --git a/roles/proxmox/tasks/54_destroy_vm.yml b/roles/proxmox/tasks/54_destroy_vm.yml index 4b14aea..8c7357f 100644 --- a/roles/proxmox/tasks/54_destroy_vm.yml +++ b/roles/proxmox/tasks/54_destroy_vm.yml @@ -1,16 +1,18 @@ --- - name: Gather info about VM community.general.proxmox_vm_info: - api_user: root@pam - api_password: "{{ vault.pve.aya01.root.sudo }}" + api_user: "{{ proxmox_api_user }}@pam" + api_token_id: "{{ proxmox_api_token_id }}" + api_token_secret: "{{ proxmox_api_token_secret }}" api_host: "192.168.20.12" vmid: "{{ vm.vmid }}" register: vm_info - name: Stop VM community.general.proxmox_kvm: - api_user: root@pam - api_password: "{{ vault.pve.aya01.root.sudo }}" + api_user: "{{ proxmox_api_user }}@pam" + api_token_id: "{{ proxmox_api_token_id }}" + api_token_secret: "{{ proxmox_api_token_secret }}" api_host: "192.168.20.12" node: "{{ vm.node }}" vmid: "{{ vm.vmid }}" @@ -20,8 +22,9 @@ - name: Destroy VM community.general.proxmox_kvm: - api_user: root@pam - api_password: "{{ vault.pve.aya01.root.sudo }}" + api_user: "{{ proxmox_api_user }}@pam" + api_token_id: "{{ proxmox_api_token_id }}" + api_token_secret: "{{ proxmox_api_token_secret }}" api_host: "192.168.20.12" node: "{{ vm.node }}" vmid: "{{ vm.vmid }}" diff --git a/roles/proxmox/tasks/55_create_vm.yml b/roles/proxmox/tasks/55_create_vm.yml index 3e76d7e..0ac1a3e 100644 --- a/roles/proxmox/tasks/55_create_vm.yml +++ b/roles/proxmox/tasks/55_create_vm.yml @@ -2,7 +2,8 @@ - name: Create VM community.general.proxmox_kvm: api_user: "{{ proxmox_api_user }}@pam" - api_password: "{{ proxmox_api_password }}" + api_token_id: "{{ proxmox_api_token_id }}" + api_token_secret: "{{ proxmox_api_token_secret }}" api_host: "{{ proxmox_api_host }}" agent: true name: "{{ vm.name }}" diff --git a/roles/proxmox/tasks/56_provision_new_vm.yml b/roles/proxmox/tasks/56_provision_new_vm.yml index 7587584..b946bca 100644 --- a/roles/proxmox/tasks/56_provision_new_vm.yml +++ b/roles/proxmox/tasks/56_provision_new_vm.yml @@ -25,8 +25,9 @@ - name: Start VM community.general.proxmox_kvm: - api_user: root@pam - api_password: "{{ vault.pve.aya01.root.sudo }}" + api_user: "{{ proxmox_api_user }}@pam" + api_token_id: "{{ proxmox_api_token_id }}" + api_token_secret: "{{ proxmox_api_token_secret }}" api_host: "192.168.20.12" node: "{{ vm.node }}" vmid: "{{ vm.vmid }}" @@ -34,8 +35,9 @@ - name: Stop VM community.general.proxmox_kvm: - api_user: root@pam - api_password: "{{ vault.pve.aya01.root.sudo }}" + api_user: "{{ proxmox_api_user }}@pam" + api_token_id: "{{ proxmox_api_token_id }}" + api_token_secret: "{{ proxmox_api_token_secret }}" api_host: "192.168.20.12" node: "{{ vm.node }}" vmid: "{{ vm.vmid }}" @@ -44,8 +46,9 @@ - name: Wait until VM is fully stopped community.general.proxmox_vm_info: - api_user: "root@pam" - api_password: "{{ vault.pve.aya01.root.sudo }}" + api_user: "{{ proxmox_api_user }}@pam" + api_token_id: "{{ proxmox_api_token_id }}" + api_token_secret: "{{ proxmox_api_token_secret }}" api_host: "192.168.20.12" node: "{{ vm.node }}" vmid: "{{ vm.vmid }}" @@ -56,8 +59,9 @@ - name: Start VM community.general.proxmox_kvm: - api_user: root@pam - api_password: "{{ vault.pve.aya01.root.sudo }}" + api_user: "{{ proxmox_api_user }}@pam" + api_token_id: "{{ proxmox_api_token_id }}" + api_token_secret: "{{ proxmox_api_token_secret }}" api_host: "192.168.20.12" node: "{{ vm.node }}" vmid: "{{ vm.vmid }}" diff --git a/roles/proxmox/vars/main.yml b/roles/proxmox/vars/main.yml index 17ce0bc..8d88c79 100644 --- a/roles/proxmox/vars/main.yml +++ b/roles/proxmox/vars/main.yml @@ -3,7 +3,7 @@ proxmox_creator: ansible proxmox_storage: proxmox -proxmox_vault_file: ../group_vars/proxmox/secrets_vm.yml +proxmox_vault_file: ../vars/group_vars/proxmox/secrets_vm.yml proxmox_secrets_prefix: secrets_vm proxmox_cloud_init_images: debian: diff --git a/vars/docker.ini b/vars/docker.ini new file mode 100644 index 0000000..e7bbd5c --- /dev/null +++ b/vars/docker.ini @@ -0,0 +1,13 @@ +[docker_host] +docker-host01 ansible_become_pass="{{ vault.docker.host01.sudo }}" +docker-host10 +docker-host12 + +[docker_lb] +docker-lb ansible_become_pass="{{ vault.docker.lb.sudo }}" + +[docker] + +[docker:children] +docker_host +docker_lb diff --git a/group_vars/all/secrets.yml b/vars/group_vars/all/secrets.yml similarity index 100% rename from group_vars/all/secrets.yml rename to vars/group_vars/all/secrets.yml diff --git a/group_vars/all/vars.yml b/vars/group_vars/all/vars.yml similarity index 71% rename from group_vars/all/vars.yml rename to vars/group_vars/all/vars.yml index bb56366..ba34af6 100644 --- a/group_vars/all/vars.yml +++ b/vars/group_vars/all/vars.yml @@ -2,16 +2,16 @@ # Essential # -root: root -user: tudattr -timezone: Europe/Berlin +root: "root" +user: "tudattr" +timezone: "Europe/Berlin" puid: "1000" pgid: "1000" pk_path: "/media/veracrypt1/genesis" pubkey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqc9fnzfCz8fQDFzla+D8PBhvaMmFu2aF+TYkkZRxl9 tuan@genesis-2022-01-20" -public_domain: tudattr.dev -internal_domain: seyshiro.de +public_domain: "tudattr.dev" +internal_domain: "seyshiro.de" # # Packages diff --git a/group_vars/docker/docker.yml b/vars/group_vars/docker/docker.yml similarity index 100% rename from group_vars/docker/docker.yml rename to vars/group_vars/docker/docker.yml diff --git a/group_vars/docker/keycloak.yml b/vars/group_vars/docker/keycloak.yml similarity index 100% rename from group_vars/docker/keycloak.yml rename to vars/group_vars/docker/keycloak.yml diff --git a/group_vars/docker/port_mapping.yml b/vars/group_vars/docker/port_mapping.yml similarity index 100% rename from group_vars/docker/port_mapping.yml rename to vars/group_vars/docker/port_mapping.yml diff --git a/group_vars/docker/secrets.yml b/vars/group_vars/docker/secrets.yml similarity index 100% rename from group_vars/docker/secrets.yml rename to vars/group_vars/docker/secrets.yml diff --git a/group_vars/docker/vars.yml b/vars/group_vars/docker/vars.yml similarity index 100% rename from group_vars/docker/vars.yml rename to vars/group_vars/docker/vars.yml diff --git a/group_vars/k3s/secrets.yml b/vars/group_vars/k3s/secrets.yml similarity index 100% rename from group_vars/k3s/secrets.yml rename to vars/group_vars/k3s/secrets.yml diff --git a/group_vars/k3s/vars.yml b/vars/group_vars/k3s/vars.yml similarity index 100% rename from group_vars/k3s/vars.yml rename to vars/group_vars/k3s/vars.yml diff --git a/group_vars/proxmox/containers.yml b/vars/group_vars/proxmox/containers.yml similarity index 100% rename from group_vars/proxmox/containers.yml rename to vars/group_vars/proxmox/containers.yml diff --git a/vars/group_vars/proxmox/secrets.yml b/vars/group_vars/proxmox/secrets.yml new file mode 100644 index 0000000..a8c3fa5 --- /dev/null +++ b/vars/group_vars/proxmox/secrets.yml @@ -0,0 +1,16 @@ +$ANSIBLE_VAULT;1.1;AES256 +35336335313463633337373430646432306364613234666463373135306263383932323266303834 +3033643661303537303332316361326464336136623139350a373137396165623861623433303031 +37303264373362313534623966626665633339623464376236323436336563376261323739623033 +3066663137653562320a616130653165326530643562646531373736313064626164653661353535 +37633031626462663636366464323963653535333235633939636636376436646164333965326636 +62313164336265336539333261333732626562663966306537353763333339353030666133633064 +33336230646435616166346639363835373562313265306332346662636364326337616637346333 +39343063356138326536653933656164616264666662396132383865343630383139326531616464 +64333561313631616261303431336265623166386131613634646337396332653239323262343961 +66303938323337656662303562613736366366616663633639646566333737393765626365383963 +34616166336465376331366465303230666435626463383031653661376233626538353830356366 +34633239326532303931663435363365396535393733383637656139336164306663623761386135 +31313630383139376661343334616533316231393438663837383861313734313837623063366135 +64356334336133303164656338303339623631313461353139363838356337636462363862303436 +336363363733363436356663323962383030 diff --git a/group_vars/proxmox/secrets_vm.yml b/vars/group_vars/proxmox/secrets_vm.yml similarity index 100% rename from group_vars/proxmox/secrets_vm.yml rename to vars/group_vars/proxmox/secrets_vm.yml diff --git a/vars/group_vars/proxmox/vars.yml b/vars/group_vars/proxmox/vars.yml new file mode 100644 index 0000000..6da0fa9 --- /dev/null +++ b/vars/group_vars/proxmox/vars.yml @@ -0,0 +1,4 @@ +proxmox_api_host: 192.168.20.12 +proxmox_api_user: root +proxmox_api_token_id: root@pam!terraform +proxmox_api_token_secret: "{{ vault.pve.api.token_secret }}" diff --git a/group_vars/proxmox/vms.yml b/vars/group_vars/proxmox/vms.yml similarity index 96% rename from group_vars/proxmox/vms.yml rename to vars/group_vars/proxmox/vms.yml index 0b158e6..bd93c5e 100644 --- a/group_vars/proxmox/vms.yml +++ b/vars/group_vars/proxmox/vms.yml @@ -55,7 +55,7 @@ vms: # boot_image: "{{ proxmox_cloud_init_images.debian.name }}" # ciuser: "{{ user }}" # sshkeys: "{{ pubkey }}" -# disk_size: 50 # in Gb +# disk_size: 64 # in Gb # - name: "k3s-agent11" # node: "lulu" # vmid: 211 @@ -66,7 +66,7 @@ vms: # boot_image: "{{ proxmox_cloud_init_images.debian.name }}" # ciuser: "{{ user }}" # sshkeys: "{{ pubkey }}" -# disk_size: 128 # in Gb +# disk_size: 64 # in Gb # - name: "k3s-agent12" # node: "inko" # vmid: 212 @@ -77,4 +77,4 @@ vms: # boot_image: "{{ proxmox_cloud_init_images.debian.name }}" # ciuser: "{{ user }}" # sshkeys: "{{ pubkey }}" -# disk_size: 128 # in Gb +# disk_size: 64 # in Gb diff --git a/inventory/k3s.ini b/vars/k3s.ini similarity index 100% rename from inventory/k3s.ini rename to vars/k3s.ini diff --git a/inventory/proxmox.ini b/vars/proxmox.ini similarity index 100% rename from inventory/proxmox.ini rename to vars/proxmox.ini diff --git a/inventory/vps.ini b/vars/vps.ini similarity index 100% rename from inventory/vps.ini rename to vars/vps.ini