diff --git a/inventory/my-cluster/group_vars/all.yml b/inventory/my-cluster/group_vars/all.yml index 467cd3d..0814d77 100644 --- a/inventory/my-cluster/group_vars/all.yml +++ b/inventory/my-cluster/group_vars/all.yml @@ -268,4 +268,24 @@ nextcloud_admin_pwd: !vault | 3762643937346435636635306461663461373138636666380a363761616137373430666236306636 38663933656231386532333032353731643936653534666530333664333835316561663335633238 3531623266386432620a643861666538396437323234623162383437646663653036663836383233 - 62636461303338313436343934656165363361396332343961396434356161363736 \ No newline at end of file + 62636461303338313436343934656165363361396332343961396434356161363736 + +minio_root_user: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 63336437653937636433646632333231356331616135613363303138303535386662373131643865 + 6538643332666634356366353439396461356633643561620a376236316162336261633966323934 + 31666166303862643937306636363436333137626531633361323964393632633638333434366165 + 6636313930363936330a616566343031343264333965653531363133353766336635626463386461 + 33326533643032363436663635383631666564623263356663363232336432316433663566343135 + 63653237343338373332616436636664626663626436653064623037353565393964653738356331 + 613838353865326664333064653137343730 + +minio_root_pwd: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 62386334663539323161393961646133376162306366363430616231376366326339643637613935 + 3931313637653866623834626161616466303538643936630a363361343533636330363136633231 + 31386531633264656434363762353766303038346231666433343934323430373264353232333162 + 6561393463646163380a333333313038316165653939386438396264653738376564613161393264 + 66323635653065313463623532313832613931393161353466666133663361386261323865353531 + 39633030333164666361343139663566656534623539353939653932656631376130613436636234 + 313132666561333238303632643836656361 \ No newline at end of file diff --git a/inventory/my-cluster/host_vars/minio b/inventory/my-cluster/host_vars/minio new file mode 100644 index 0000000..4775314 --- /dev/null +++ b/inventory/my-cluster/host_vars/minio @@ -0,0 +1,6 @@ +--- + +ansible_user: root +ansible_host: 10.0.2.35 +ansible_ssh_pass: "{{ proxmox_api_password }}" +vmid: 635 diff --git a/inventory/my-cluster/hosts.ini b/inventory/my-cluster/hosts.ini index 0357be0..e91a03a 100644 --- a/inventory/my-cluster/hosts.ini +++ b/inventory/my-cluster/hosts.ini @@ -16,6 +16,7 @@ vaultwarden gitea paperless nextcloud +minio [baremetal] mipha diff --git a/playbook-minio.yml b/playbook-minio.yml new file mode 100644 index 0000000..1149a39 --- /dev/null +++ b/playbook-minio.yml @@ -0,0 +1,23 @@ +--- +- hosts: localhost + become: yes + roles: + - role: minio/provision/delete + - role: minio/provision/create + - role: minio/provision/start + vars: + vmid: 635 + +- hosts: impa + become: yes + roles: + - role: minio/enable-ssh + vars: + vmid: 635 + +- hosts: minio + become: yes + roles: + - role: minio/update + - role: minio/install-docker + - role: minio/install-app diff --git a/roles/minio/enable-ssh/tasks/main.yml b/roles/minio/enable-ssh/tasks/main.yml new file mode 100644 index 0000000..ce1109e --- /dev/null +++ b/roles/minio/enable-ssh/tasks/main.yml @@ -0,0 +1,12 @@ +--- +# Unable to use ansible.builtin.lineinfile, because we need to run this through the proxmox host (because SSH is not enabled duh) + +- name: Pause for 10 seconds to wait for SSH server + ansible.builtin.pause: + seconds: 10 + +- name: Allow SSH into LXC + ansible.builtin.command: lxc-attach -n 635 -- sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config + +- name: Restart SSH Service + ansible.builtin.command: lxc-attach -n 635 service ssh restart diff --git a/roles/minio/install-app/tasks/main.yml b/roles/minio/install-app/tasks/main.yml new file mode 100644 index 0000000..3aa3110 --- /dev/null +++ b/roles/minio/install-app/tasks/main.yml @@ -0,0 +1,20 @@ +--- +- name: Create directory for docker-compose + ansible.builtin.file: + path: /root/docker/ + state: directory + mode: "0755" + +- name: Copy docker-compose file + template: + src: "docker-compose.yml" + dest: /root/docker/docker-compose.yml + owner: root + group: root + mode: 0755 + +- name: Run docker-compose + ansible.builtin.shell: + args: + cmd: docker compose up -d + chdir: /root/docker/ diff --git a/roles/minio/install-app/templates/docker-compose.yml b/roles/minio/install-app/templates/docker-compose.yml new file mode 100644 index 0000000..09ad50b --- /dev/null +++ b/roles/minio/install-app/templates/docker-compose.yml @@ -0,0 +1,23 @@ +version: '3.7' + +services: + minio: + container_name: minio + image: quay.io/minio/minio:RELEASE.2022-06-03T01-40-53Z + command: server --console-address ":80" /data + environment: + MINIO_ROOT_USER: {{ minio_root_user }} + MINIO_ROOT_PASSWORD: {{ minio_root_pwd }} + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] + interval: 30s + timeout: 20s + retries: 3 + hostname: minio + restart: always + ports: + - 9000:9000 + - 9090:9090 + - 80:80 + volumes: + - /data/minio:/data diff --git a/roles/minio/install-docker/tasks/main.yml b/roles/minio/install-docker/tasks/main.yml new file mode 100644 index 0000000..d5baba9 --- /dev/null +++ b/roles/minio/install-docker/tasks/main.yml @@ -0,0 +1,27 @@ +--- +- name: Get convenience script + uri: + url: "https://get.docker.com" + method: GET + dest: /tmp/get-docker.sh + mode: a+x + creates: /tmp/get-docker.sh + +- name: Execute script + ansible.builtin.shell: /tmp/get-docker.sh + +- name: Ensure group "docker" exists + ansible.builtin.group: + name: docker + state: present + +- name: Add root user to docker group + ansible.builtin.user: + name: root + groups: docker + append: yes + +- name: Enable docker on startup + ansible.builtin.shell: | + systemctl enable docker.service + systemctl enable containerd.service diff --git a/roles/minio/provision/create/tasks/main.yml b/roles/minio/provision/create/tasks/main.yml new file mode 100644 index 0000000..24bd044 --- /dev/null +++ b/roles/minio/provision/create/tasks/main.yml @@ -0,0 +1,30 @@ +--- +- name: Create container + community.general.proxmox: + vmid: 635 + node: impa + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + password: "{{ lxc_password }}" + hostname: minio + ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst" + netif: "{'net0':'name=eth0,\ + gw=10.0.0.1,\ + ip=10.0.2.35/21,\ + hwaddr=cc:c6:cf:de:20:35,\ + bridge=vmbr0'}" + cores: 2 + memory: 2048 + unprivileged: no + swap: 0 + searchdomain: "home" + onboot: 1 + features: + - nesting=1 + - keyctl=1 + mounts: '{ + "mp0":"nvme:30,mp=/data,backup=1" + }' + disk: nvme:10 + force: yes diff --git a/roles/minio/provision/delete/tasks/main.yml b/roles/minio/provision/delete/tasks/main.yml new file mode 100644 index 0000000..79dc87a --- /dev/null +++ b/roles/minio/provision/delete/tasks/main.yml @@ -0,0 +1,26 @@ +--- +- name: Stop container + community.general.proxmox: + vmid: "{{ vmid }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + state: stopped + ignore_errors: true + timeout: 90 + +- name: Remove containers + community.general.proxmox: + vmid: "{{ vmid }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + state: absent + ignore_errors: true + timeout: 90 + +- name: Remove .ssh/known_hosts lines + ansible.builtin.lineinfile: + path: /Users/lino.silva/.ssh/known_hosts + state: absent + regexp: "^10.0.2.35" diff --git a/roles/minio/provision/start/tasks/main.yml b/roles/minio/provision/start/tasks/main.yml new file mode 100644 index 0000000..de86b9b --- /dev/null +++ b/roles/minio/provision/start/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- name: Start deployments + community.general.proxmox: + vmid: "{{ vmid }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + state: started diff --git a/roles/minio/update/tasks/main.yml b/roles/minio/update/tasks/main.yml new file mode 100644 index 0000000..8227bf4 --- /dev/null +++ b/roles/minio/update/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- name: Update all packages to their latest version + become: true + ansible.builtin.apt: + update_cache: yes + upgrade: full