refactor(ansible): centralize inventory and variables in 'vars' directory

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>

ansible.cfg

@@ -6,7 +6,7 @@ interpreter_python=python3
 roles_path=./roles
 
 # (pathlist) Comma separated list of Ansible inventory sources
-inventory=./inventory
+inventory=./vars/
 
 # (path) The vault password file to use. Equivalent to --vault-password-file or --vault-id
 # If executable, it will be run and the resulting stdout will be used as the password.
@@ -36,3 +36,6 @@ skip=dark gray
 [tags]
 # (list) default list of tags to skip in your plays, has precedence over Run Tags
 ;skip=
+
+[inventory]
+ignore_extensions={{(REJECT_EXTS + ('.orig', '.cfg', '.retry', '.bak'))}}

group_vars/proxmox/secrets.yml

@@ -1,15 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-35333866323538343132373761316430616539643436646637633131366232346566656438303438
-3539333661363964633834613161626134323533653737650a613832323436663739663162303066
-31333130646631306539356233346632636132346539343734393065353033613865363466646632
-6565343937666530330a326130393934326435643837323631653862313232363466643534306131
-62376132383137336230366538326364663362346137613930633161663834393835623935373164
-65623564633765653137623361376130623363613263313835366464313039613532323661363461
-37366438616566643537656639316665363339633737363539636364316335663639303364663366
-62653734343364663830633534643931656439313763366138323663373464303137323864313637
-65316135343464393031343166366338323839326631623533343931353833643232643339386231
-38623735386465383964653663346631376531376261353933346661666131353533633331353437
-63336366623333653732306130316264393865633338653238303861646535343837396232366134
-63343037636361323239376436326431623165326366383561323832323730636532623039383734
-66663139656262643038303435346666323762343661336234663131343531636161636536646465
-6530333864323262363536393562346362306161653162346132

group_vars/proxmox/vars.yml

@@ -1,3 +0,0 @@
-proxmox_api_user: root
-proxmox_api_host: 192.168.20.12
-proxmox_api_password: "{{ vault.pve.aya01.root.sudo }}"

inventory/docker.ini

@@ -1,13 +0,0 @@
-[docker_host]
-docker-host01 ansible_become_pass: "{{ vault.docker.host01.sudo }}"
-docker-host10
-docker-host12
-
-[docker_lb]
-docker-lb ansible_become_pass: "{{ vault.docker.lb.sudo }}"
-
-[docker]
-
-[docker:children]
-docker_host
-docker_lb

playbooks/docker-host.yml

@@ -2,8 +2,6 @@
 - name: Set up Servers
   hosts: docker_host
   gather_facts: true
-  vars_files:
-    - secrets.yml
   roles:
     - role: common
       tags:

playbooks/docker-lb.yml

@@ -2,8 +2,6 @@
 - name: Set up reverse proxy for docker
   hosts: docker
   gather_facts: true
-  vars_files:
-    - secrets.yml
   roles:
     - role: common
       tags:

playbooks/k3s-agents.yml

@@ -1,8 +1,6 @@
 - name: Set up Agents
   hosts: k3s_nodes
   gather_facts: yes
-  vars_files:
-    - secrets.yml
   pre_tasks:
     - name: Get K3s token from the first server
       when: host.ip == k3s.server.ips[0] and inventory_hostname in groups["k3s_server"]

playbooks/k3s-servers.yml

@@ -2,8 +2,6 @@
 - name: Set up Servers
   hosts: k3s_server
   gather_facts: yes
-  vars_files:
-    - secrets.yml
   roles:
     - role: common
       tags:

playbooks/k3s-storage.yml

@@ -1,8 +1,6 @@
 - name: Set up storage
   hosts: k3s_nodes
-  gather_facts: yes
-  vars_files:
-    - secrets.yml
+  gather_facts: true
   pre_tasks:
     - name: Get K3s token from the first server
       when: host.ip == k3s.server.ips[0] and inventory_hostname in groups["k3s_server"]

playbooks/loadbalancer.yml

@@ -2,8 +2,6 @@
 - name: Set up Servers
   hosts: loadbalancer
   gather_facts: yes
-  vars_files:
-    - secrets.yml
   roles:
     - role: common
       tags:

playbooks/proxmox.yml

@@ -2,8 +2,6 @@
 - name: Run proxmox vm playbook
   hosts: proxmox
   gather_facts: true
-  vars_files:
-    - secrets.yml
   vars:
     is_localhost: "{{ inventory_hostname == '127.0.0.1' }}"
     is_proxmox_node: "{{ 'proxmox_nodes' in group_names }}"

production.ini

@@ -0,0 +1,63 @@
+[proxmox]
+127.0.0.1 ansible_connection=local
+
+[proxmox:children]
+proxmox_nodes
+
+[proxmox_nodes]
+aya01
+lulu
+inko
+naruto01
+
+[k3s]
+k3s-postgres
+k3s-loadbalancer
+k3s-server[00:02]
+k3s-agent[00:02]
+k3s-longhorn[00:02]
+
+[vm]
+k3s-postgres
+k3s-loadbalancer
+k3s-agent[00:02]
+k3s-server[00:02]
+k3s-longhorn[00:02]
+# docker-host[00:01]
+
+[k3s_nodes]
+k3s-server[00:02]
+k3s-agent[00:02]
+k3s-longhorn[00:02]
+
+[docker]
+docker-host01
+docker-host10
+docker-host12
+docker-lb
+
+[vps]
+mii
+
+[k3s_server]
+k3s-server[00:02]
+
+[k3s_agent]
+k3s-agent[00:02]
+
+[k3s_storage]
+k3s-longhorn[00:02]
+
+[db]
+k3s-postgres
+
+[loadbalancer]
+k3s-loadbalancer
+
+[docker_host]
+docker-host01
+docker-host10
+docker-host12
+
+[docker_lb]
+docker-lb

roles/common/tasks/time.yml

@@ -1,11 +1,11 @@
 ---
-- name: Set timezone to "{{ timezone }}"
+- name: Set timezone
   community.general.timezone:
     name: "{{ timezone }}"
   become: true
   when: ansible_user_id != "root"
 
-- name: Set timezone to "{{ timezone }}"
+- name: Set timezone
   community.general.timezone:
     name: "{{ timezone }}"
   when: ansible_user_id == "root"

roles/proxmox/tasks/54_destroy_vm.yml

@@ -1,16 +1,18 @@
 ---
 - name: Gather info about VM
   community.general.proxmox_vm_info:
-    api_user: root@pam
-    api_password: "{{ vault.pve.aya01.root.sudo }}"
+    api_user: "{{ proxmox_api_user }}@pam"
+    api_token_id: "{{ proxmox_api_token_id }}"
+    api_token_secret: "{{ proxmox_api_token_secret }}"
     api_host: "192.168.20.12"
     vmid: "{{ vm.vmid }}"
   register: vm_info
 
 - name: Stop VM
   community.general.proxmox_kvm:
-    api_user: root@pam
-    api_password: "{{ vault.pve.aya01.root.sudo }}"
+    api_user: "{{ proxmox_api_user }}@pam"
+    api_token_id: "{{ proxmox_api_token_id }}"
+    api_token_secret: "{{ proxmox_api_token_secret }}"
     api_host: "192.168.20.12"
     node: "{{ vm.node }}"
     vmid: "{{ vm.vmid }}"
@@ -20,8 +22,9 @@
 
 - name: Destroy VM
   community.general.proxmox_kvm:
-    api_user: root@pam
-    api_password: "{{ vault.pve.aya01.root.sudo }}"
+    api_user: "{{ proxmox_api_user }}@pam"
+    api_token_id: "{{ proxmox_api_token_id }}"
+    api_token_secret: "{{ proxmox_api_token_secret }}"
     api_host: "192.168.20.12"
     node: "{{ vm.node }}"
     vmid: "{{ vm.vmid }}"

roles/proxmox/tasks/55_create_vm.yml

@@ -2,7 +2,8 @@
 - name: Create VM
   community.general.proxmox_kvm:
     api_user: "{{ proxmox_api_user }}@pam"
-    api_password: "{{ proxmox_api_password }}"
+    api_token_id: "{{ proxmox_api_token_id }}"
+    api_token_secret: "{{ proxmox_api_token_secret }}"
     api_host: "{{ proxmox_api_host }}"
     agent: true
     name: "{{ vm.name }}"

roles/proxmox/tasks/56_provision_new_vm.yml

@@ -25,8 +25,9 @@
 
 - name: Start VM
   community.general.proxmox_kvm:
-    api_user: root@pam
-    api_password: "{{ vault.pve.aya01.root.sudo }}"
+    api_user: "{{ proxmox_api_user }}@pam"
+    api_token_id: "{{ proxmox_api_token_id }}"
+    api_token_secret: "{{ proxmox_api_token_secret }}"
     api_host: "192.168.20.12"
     node: "{{ vm.node }}"
     vmid: "{{ vm.vmid }}"
@@ -34,8 +35,9 @@
 
 - name: Stop VM
   community.general.proxmox_kvm:
-    api_user: root@pam
-    api_password: "{{ vault.pve.aya01.root.sudo }}"
+    api_user: "{{ proxmox_api_user }}@pam"
+    api_token_id: "{{ proxmox_api_token_id }}"
+    api_token_secret: "{{ proxmox_api_token_secret }}"
     api_host: "192.168.20.12"
     node: "{{ vm.node }}"
     vmid: "{{ vm.vmid }}"
@@ -44,8 +46,9 @@
 
 - name: Wait until VM is fully stopped
   community.general.proxmox_vm_info:
-    api_user: "root@pam"
-    api_password: "{{ vault.pve.aya01.root.sudo }}"
+    api_user: "{{ proxmox_api_user }}@pam"
+    api_token_id: "{{ proxmox_api_token_id }}"
+    api_token_secret: "{{ proxmox_api_token_secret }}"
     api_host: "192.168.20.12"
     node: "{{ vm.node }}"
     vmid: "{{ vm.vmid }}"
@@ -56,8 +59,9 @@
 
 - name: Start VM
   community.general.proxmox_kvm:
-    api_user: root@pam
-    api_password: "{{ vault.pve.aya01.root.sudo }}"
+    api_user: "{{ proxmox_api_user }}@pam"
+    api_token_id: "{{ proxmox_api_token_id }}"
+    api_token_secret: "{{ proxmox_api_token_secret }}"
     api_host: "192.168.20.12"
     node: "{{ vm.node }}"
     vmid: "{{ vm.vmid }}"

roles/proxmox/vars/main.yml

@@ -3,7 +3,7 @@ proxmox_creator: ansible
 
 proxmox_storage: proxmox
 
-proxmox_vault_file: ../group_vars/proxmox/secrets_vm.yml
+proxmox_vault_file: ../vars/group_vars/proxmox/secrets_vm.yml
 proxmox_secrets_prefix: secrets_vm
 proxmox_cloud_init_images:
   debian:

vars/docker.ini

@@ -0,0 +1,13 @@
+[docker_host]
+docker-host01 ansible_become_pass="{{ vault.docker.host01.sudo }}"
+docker-host10
+docker-host12
+
+[docker_lb]
+docker-lb ansible_become_pass="{{ vault.docker.lb.sudo }}"
+
+[docker]
+
+[docker:children]
+docker_host
+docker_lb

vars/group_vars/all/vars.yml

@@ -2,16 +2,16 @@
 # Essential
 #
 
-root: root
-user: tudattr
-timezone: Europe/Berlin
+root: "root"
+user: "tudattr"
+timezone: "Europe/Berlin"
 puid: "1000"
 pgid: "1000"
 pk_path: "/media/veracrypt1/genesis"
 pubkey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqc9fnzfCz8fQDFzla+D8PBhvaMmFu2aF+TYkkZRxl9 tuan@genesis-2022-01-20"
 
-public_domain: tudattr.dev
-internal_domain: seyshiro.de
+public_domain: "tudattr.dev"
+internal_domain: "seyshiro.de"
 
 #
 # Packages

vars/group_vars/proxmox/secrets.yml

@@ -0,0 +1,16 @@
+$ANSIBLE_VAULT;1.1;AES256
+35336335313463633337373430646432306364613234666463373135306263383932323266303834
+3033643661303537303332316361326464336136623139350a373137396165623861623433303031
+37303264373362313534623966626665633339623464376236323436336563376261323739623033
+3066663137653562320a616130653165326530643562646531373736313064626164653661353535
+37633031626462663636366464323963653535333235633939636636376436646164333965326636
+62313164336265336539333261333732626562663966306537353763333339353030666133633064
+33336230646435616166346639363835373562313265306332346662636364326337616637346333
+39343063356138326536653933656164616264666662396132383865343630383139326531616464
+64333561313631616261303431336265623166386131613634646337396332653239323262343961
+66303938323337656662303562613736366366616663633639646566333737393765626365383963
+34616166336465376331366465303230666435626463383031653661376233626538353830356366
+34633239326532303931663435363365396535393733383637656139336164306663623761386135
+31313630383139376661343334616533316231393438663837383861313734313837623063366135
+64356334336133303164656338303339623631313461353139363838356337636462363862303436
+336363363733363436356663323962383030

vars/group_vars/proxmox/vars.yml

@@ -0,0 +1,4 @@
+proxmox_api_host: 192.168.20.12
+proxmox_api_user: root
+proxmox_api_token_id: root@pam!terraform
+proxmox_api_token_secret: "{{ vault.pve.api.token_secret }}"

vars/group_vars/proxmox/vms.yml

@@ -55,7 +55,7 @@ vms:
 #    boot_image: "{{ proxmox_cloud_init_images.debian.name }}"
 #    ciuser: "{{ user }}"
 #    sshkeys: "{{ pubkey }}"
-#    disk_size: 50 # in Gb
+#    disk_size: 64 # in Gb
 #  - name: "k3s-agent11"
 #    node: "lulu"
 #    vmid: 211
@@ -66,7 +66,7 @@ vms:
 #    boot_image: "{{ proxmox_cloud_init_images.debian.name }}"
 #    ciuser: "{{ user }}"
 #    sshkeys: "{{ pubkey }}"
-#    disk_size: 128 # in Gb
+#    disk_size: 64 # in Gb
 #  - name: "k3s-agent12"
 #    node: "inko"
 #    vmid: 212
@@ -77,4 +77,4 @@ vms:
 #    boot_image: "{{ proxmox_cloud_init_images.debian.name }}"
 #    ciuser: "{{ user }}"
 #    sshkeys: "{{ pubkey }}"
-#    disk_size: 128 # in Gb
+#    disk_size: 64 # in Gb