Decom the K8s cluster, roll all its jobs into one singular machine
This commit is contained in:
parent
a1d5e94a2e
commit
3f3c7b8392
@ -64,10 +64,10 @@ Test:
|
||||
- if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
|
||||
- if [ -n "$error" ]; then echo "Return code $error"; false; fi
|
||||
|
||||
Play_Against_PiK8S:
|
||||
Play_Against_Pis:
|
||||
stage: play
|
||||
script:
|
||||
- ansible-playbook -l device_roles_pik8s-master,device_roles_pik8s-node,device_roles_pik8s-storage site.yml --vault-password-file /vaultpw || error="$?"
|
||||
- ansible-playbook -l manufacturers_raspi site.yml --vault-password-file /vaultpw || error="$?"
|
||||
- if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
|
||||
- if [ -n "$error" ]; then echo "Return code $error"; false; fi
|
||||
Play_Against_Desktops:
|
||||
|
@ -260,6 +260,29 @@ secret_snmp_rouser_privacy_passphrase: !vault |
|
||||
3764363538636232630a383730323433343239663461373030383132626532306130363965316661
|
||||
64353932376139613765303764313463353366663535653135393637633835353566
|
||||
|
||||
# For home media stuff
|
||||
secret_transmission_user_pass: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
63386231316662313039646435323861343762386135616437613530653932363333353130333232
|
||||
3161383737386631336362313139316433656337396538330a656663336338613533393032663433
|
||||
33346663613731656236666561303530613961363733336261363130646639326361356134386332
|
||||
6335336139346331300a643962653936323135666463343865393162346637616263373636383534
|
||||
39663833613135383761643661373163383138316534333264633835613965616135
|
||||
secret_pia_user: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
38343633366234633430356364633634653433633963393332303439613966353438663066633465
|
||||
3333333237306430346633336565613932396564353032660a373462333736343062626135316239
|
||||
65306462643563323565386331373930326231353866626336643533663136353238626663373566
|
||||
3763303637633838660a353362303966633931356538616636363438623165303536663535383764
|
||||
6337
|
||||
secret_pia_pass: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
31333661636562386633396130383630383332303662613739393339373134326330373137656531
|
||||
3934636662663265303137346163326461306461356138340a323662313130653539633338303035
|
||||
62313265633338356436393033353438666634363536613266346139666364613238396338363731
|
||||
6633666366353538300a613965633766653332613465326137396562313230343161346162343762
|
||||
37643164663466343166346534303932613763643965623066353336363238643266
|
||||
|
||||
# For Steam games
|
||||
steam_username: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
|
@ -1,2 +0,0 @@
|
||||
# vim:ft=ansible
|
||||
kubernetes_role: master
|
@ -1,2 +0,0 @@
|
||||
# vim:ft=ansible
|
||||
kubernetes_role: node
|
@ -1,3 +0,0 @@
|
||||
# vim:ft=ansible
|
||||
keepalived_state: MASTER
|
||||
keepalived_priority: 50
|
@ -1,2 +0,0 @@
|
||||
# vim:ft=ansible
|
||||
keepalived_priority: 49
|
@ -1,2 +0,0 @@
|
||||
# vim:ft=ansible
|
||||
keepalived_priority: 48
|
@ -1,2 +0,0 @@
|
||||
# vim:ft=ansible
|
||||
keepalived_priority: 47
|
@ -1,2 +0,0 @@
|
||||
# vim:ft=ansible
|
||||
keepalived_priority: 46
|
@ -1,59 +0,0 @@
|
||||
#!/usr/bin/env ansible-playbook
|
||||
# vim:ft=ansible:
|
||||
---
|
||||
# k8s
|
||||
- hosts: device_roles_pik8s-master,device_roles_pik8s-node
|
||||
gather_facts: no
|
||||
roles:
|
||||
- role: k8s
|
||||
tags: [ k8s, skip-pull ]
|
||||
- role: backup
|
||||
vars:
|
||||
backup_s3backup_list_extra:
|
||||
- /etc/kubernetes
|
||||
tags: [ k8s, backup ]
|
||||
- hosts: device_roles_pik8s-master
|
||||
gather_facts: no
|
||||
tasks:
|
||||
- name: install openshift
|
||||
pip: name=openshift state=latest
|
||||
tags: [ k8s, packages, pip ]
|
||||
- hosts: device_roles_pik8s-node
|
||||
gather_facts: no
|
||||
roles:
|
||||
- role: keepalived
|
||||
vars:
|
||||
keepalived_stanzas:
|
||||
- name: VI_1
|
||||
state: "{{ keepalived_state | default('BACKUP') }}"
|
||||
interface: eth0
|
||||
virtual_router_id: 51
|
||||
priority: "{{ keepalived_priority }}"
|
||||
advert_int: 1
|
||||
auth_pass: "{{ secret_keepalived_pass }}"
|
||||
vip: "192.168.102.200/16"
|
||||
- name: VI_2
|
||||
state: "{{ keepalived_state | default('BACKUP') }}"
|
||||
interface: eth0
|
||||
virtual_router_id: 52
|
||||
priority: "{{ keepalived_priority }}"
|
||||
advert_int: 1
|
||||
auth_pass: "{{ secret_keepalived_pass }}"
|
||||
vip: "192.168.102.201/16"
|
||||
- name: VI_3
|
||||
state: "{{ keepalived_state | default('BACKUP') }}"
|
||||
interface: eth0
|
||||
virtual_router_id: 53
|
||||
priority: "{{ keepalived_priority }}"
|
||||
advert_int: 1
|
||||
auth_pass: "{{ secret_keepalived_pass }}"
|
||||
vip: "192.168.102.202/16"
|
||||
- name: VI_4
|
||||
state: "{{ keepalived_state | default('BACKUP') }}"
|
||||
interface: eth0
|
||||
virtual_router_id: 54
|
||||
priority: "{{ keepalived_priority }}"
|
||||
advert_int: 1
|
||||
auth_pass: "{{ secret_keepalived_pass }}"
|
||||
vip: "192.168.102.240/16"
|
||||
tags: [ k8s, keepalived ]
|
@ -1,19 +1,20 @@
|
||||
#!/usr/bin/env ansible-playbook
|
||||
# vim:ft=ansible:
|
||||
---
|
||||
# Mass storage Pis
|
||||
- hosts: device_roles_pik8s-storage
|
||||
# Home media storage Pi
|
||||
- hosts: pi-media-1.desu.ltd
|
||||
module_defaults:
|
||||
docker_container:
|
||||
state: started
|
||||
restart_policy: unless-stopped
|
||||
pull: yes
|
||||
tasks:
|
||||
# The specific mount here is because each storage node as an M.2 SSD hooked up to it
|
||||
# So we mount that and use the SD card for normal OS shenanigans
|
||||
- name: assure mount directory
|
||||
file: path=/data state=directory mode=0755
|
||||
tags: [ pis, storage ]
|
||||
- name: assure mount
|
||||
mount: path=/data src=LABEL=mass state=mounted fstype=ext4
|
||||
tags: [ pis, storage ]
|
||||
- hosts: pi-storage-1.desu.ltd
|
||||
tasks:
|
||||
- name: assure directories in mount
|
||||
file: path=/data/{{ item }} state=directory mode=0755
|
||||
with_items:
|
||||
@ -26,15 +27,79 @@
|
||||
- { path: /var/lib/postgresql, src: postgresql }
|
||||
- { path: /srv/nfs, src: nfs }
|
||||
tags: [ pis, storage ]
|
||||
- name: ensure docker network
|
||||
docker_network: name=web
|
||||
tags: [ docker ]
|
||||
- name: ensure docker nginx config
|
||||
copy:
|
||||
dest: /data/nginx/conf.d/vhosts.conf
|
||||
mode: "0644"
|
||||
content: |
|
||||
server {
|
||||
listen 80 default_server;
|
||||
server_name transmission.local.desu.ltd;
|
||||
location / {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass http://transmission:9091;
|
||||
}
|
||||
}
|
||||
server {
|
||||
listen 80;
|
||||
server_name jackett.local.desu.ltd;
|
||||
location / {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass http://jackett:9117;
|
||||
}
|
||||
}
|
||||
server {
|
||||
listen 80;
|
||||
server_name sonarr.local.desu.ltd;
|
||||
location / {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass http://sonarr:8989;
|
||||
}
|
||||
}
|
||||
server {
|
||||
listen 80;
|
||||
server_name radarr.local.desu.ltd;
|
||||
location / {
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass http://radarr:7878;
|
||||
}
|
||||
}
|
||||
tags: [ docker, ingress ]
|
||||
- name: include tasks for apps
|
||||
include_tasks: tasks/app/{{ task }}
|
||||
with_items:
|
||||
- redis.yml
|
||||
loop_control:
|
||||
loop_var: task
|
||||
tags: [ always ]
|
||||
- name: include tasks for web services
|
||||
include_tasks: tasks/web/{{ task }}
|
||||
with_items:
|
||||
- transmission.yml
|
||||
- jackett.yml
|
||||
- sonarr.yml
|
||||
- radarr.yml
|
||||
- ingress-insecure.yml
|
||||
loop_control:
|
||||
loop_var: task
|
||||
tags: [ always ]
|
||||
roles:
|
||||
- role: backup
|
||||
vars:
|
||||
backup_s3backup_list_extra:
|
||||
- /srv/nfs/k8s/default/web-9iron-pvc
|
||||
- /srv/nfs/k8s/default/web-grafana-pvc
|
||||
- /srv/nfs/k8s/default/web-jackett-config-pvc
|
||||
- /srv/nfs/k8s/default/web-netbox-pvc
|
||||
- /srv/nfs/k8s/default/web-transmission-config-pvc
|
||||
- /data/transmisson
|
||||
- /data/jackett
|
||||
- /data/sonarr
|
||||
backup_time: "Mon *-*-* 02:00:00"
|
||||
tags: [ backup ]
|
||||
- role: postgresql
|
13
playbooks/tasks/web/ingress-insecure.yml
Normal file
13
playbooks/tasks/web/ingress-insecure.yml
Normal file
@ -0,0 +1,13 @@
|
||||
# vim:ft=ansible:
|
||||
- name: docker deploy nginx proxy
|
||||
docker_container:
|
||||
name: ingress
|
||||
image: nginx:latest
|
||||
networks:
|
||||
- name: web
|
||||
aliases: [ "ingress" ]
|
||||
ports:
|
||||
- "80:80"
|
||||
volumes:
|
||||
- /data/nginx/conf.d:/etc/nginx/conf.d
|
||||
tags: [ docker, ingress ]
|
13
playbooks/tasks/web/jackett.yml
Normal file
13
playbooks/tasks/web/jackett.yml
Normal file
@ -0,0 +1,13 @@
|
||||
# vim:ft=ansible:
|
||||
- name: docker deploy jackett
|
||||
docker_container:
|
||||
name: jackett
|
||||
image: linuxserver/jackett:latest
|
||||
env:
|
||||
AUTO_UPDATE: "false"
|
||||
networks:
|
||||
- name: web
|
||||
aliases: [ "jackett" ]
|
||||
volumes:
|
||||
- /data/jackett/config:/config
|
||||
tags: [ docker, jackett ]
|
13
playbooks/tasks/web/radarr.yml
Normal file
13
playbooks/tasks/web/radarr.yml
Normal file
@ -0,0 +1,13 @@
|
||||
# vim:ft=ansible:
|
||||
- name: docker deploy radarr
|
||||
docker_container:
|
||||
name: radarr
|
||||
image: linuxserver/radarr:latest
|
||||
networks:
|
||||
- name: web
|
||||
aliases: [ "radarr" ]
|
||||
volumes:
|
||||
- /data/radarr/config:/config
|
||||
- /data/shared/downloads:/data
|
||||
- /data/shared/media:/tv
|
||||
tags: [ docker, radarr ]
|
13
playbooks/tasks/web/sonarr.yml
Normal file
13
playbooks/tasks/web/sonarr.yml
Normal file
@ -0,0 +1,13 @@
|
||||
# vim:ft=ansible:
|
||||
- name: docker deploy sonarr
|
||||
docker_container:
|
||||
name: sonarr
|
||||
image: linuxserver/sonarr:latest
|
||||
networks:
|
||||
- name: web
|
||||
aliases: [ "sonarr" ]
|
||||
volumes:
|
||||
- /data/sonarr/config:/config
|
||||
- /data/shared/downloads:/data
|
||||
- /data/shared/media:/tv
|
||||
tags: [ docker, sonarr ]
|
26
playbooks/tasks/web/transmission.yml
Normal file
26
playbooks/tasks/web/transmission.yml
Normal file
@ -0,0 +1,26 @@
|
||||
# vim:ft=ansible:
|
||||
- name: docker deploy transmission
|
||||
docker_container:
|
||||
name: transmission
|
||||
image: haugene/transmission-openvpn:latest
|
||||
env:
|
||||
USER: transmission
|
||||
PASS: "{{ secret_transmission_user_pass }}"
|
||||
OPENVPN_PROVIDER: PIA
|
||||
OPENVPN_CONFIG: france
|
||||
OPENVPN_USERNAME: "{{ secret_pia_user }}"
|
||||
OPENVPN_PASSWORD: "{{ secret_pia_pass }}"
|
||||
LOCAL_NETWORK: 192.168.0.0/16
|
||||
capabilities:
|
||||
- NET_ADMIN
|
||||
ports:
|
||||
- 51413:51413/tcp
|
||||
- 51413:51413/udp
|
||||
networks:
|
||||
- name: web
|
||||
aliases: [ "transmission" ]
|
||||
volumes:
|
||||
- /data/transmission/config:/config
|
||||
- /data/shared/downloads:/data
|
||||
- /data/transmission/watch:/watch
|
||||
tags: [ docker, transmission ]
|
6
site.yml
6
site.yml
@ -10,10 +10,8 @@
|
||||
- import_playbook: playbooks/tags_zerotier.yml
|
||||
- import_playbook: playbooks/tags_snmp.yml
|
||||
- import_playbook: playbooks/tags_nagios.yml
|
||||
# Device roles
|
||||
- import_playbook: playbooks/device_roles_pik8s-storage.yml
|
||||
- import_playbook: playbooks/device_roles_pik8s.yml
|
||||
- import_playbook: playbooks/device_roles_workstation.yml
|
||||
# Home configuration
|
||||
- import_playbook: playbooks/home_media.yml
|
||||
# Production configuration
|
||||
- import_playbook: playbooks/prod_db.yml
|
||||
- import_playbook: playbooks/prod_web.yml
|
||||
|
Loading…
Reference in New Issue
Block a user