From e596ff0e8300f1d0b49671055ac272d6b522f1bd Mon Sep 17 00:00:00 2001 From: Lino Silva Date: Tue, 3 Jan 2023 11:59:54 +0000 Subject: [PATCH 1/2] feat: changed lxc to vm in k3s --- inventory/my-cluster/host_vars/daruk | 14 +++ inventory/my-cluster/host_vars/epona | 2 + inventory/my-cluster/host_vars/epona-pihole | 8 ++ .../my-cluster/host_vars/k3s-agent-daruk | 5 + .../my-cluster/host_vars/k3s-agent-revali | 3 +- .../my-cluster/host_vars/k3s-agent-urbosa | 3 +- .../my-cluster/host_vars/k3s-master-epona | 3 +- .../my-cluster/host_vars/k3s-master-mipha | 3 +- inventory/my-cluster/host_vars/mipha | 4 +- inventory/my-cluster/host_vars/revali | 2 + inventory/my-cluster/host_vars/revali-pihole | 8 ++ inventory/my-cluster/host_vars/urbosa | 16 ++-- inventory/my-cluster/host_vars/urbosa-pihole | 8 ++ inventory/my-cluster/hosts.ini | 14 ++- playbook-frigate.yml | 28 ++++++ playbook-k3s.yml | 56 +++++++++++ roles/frigate/install-docker/tasks/main.yml | 5 + roles/frigate/provision/cgroup/tasks/main.yml | 1 - roles/frigate/provision/create/tasks/main.yml | 4 +- roles/k3s/master/tasks/main.yml | 6 +- roles/k3s/provision/cloud-init/tasks/main.yml | 21 ++++ roles/k3s/provision/create/tasks/main.yml | 66 +++++++++---- roles/k3s/provision/delete/tasks/main.yml | 37 ++++--- roles/k3s/provision/pre/tasks/main.yml | 7 ++ roles/k3s/provision/start/tasks/main.yml | 13 ++- roles/longhorn/tasks/main.yml | 5 - roles/pihole/provision/create/tasks/main.yml | 25 +++++ roles/pihole/provision/delete/tasks/main.yml | 26 +++++ .../provision/enable-ssh/tasks/main.yml | 8 ++ roles/pihole/provision/pre/tasks/main.yml | 12 +++ roles/pihole/provision/start/tasks/main.yml | 9 ++ roles/prereq/tasks/main.yml | 59 ++++++++++-- site.yml | 96 ------------------- 33 files changed, 413 insertions(+), 164 deletions(-) create mode 100644 inventory/my-cluster/host_vars/daruk create mode 100644 inventory/my-cluster/host_vars/epona-pihole create mode 100644 inventory/my-cluster/host_vars/k3s-agent-daruk create mode 100644 inventory/my-cluster/host_vars/revali-pihole create mode 100644 inventory/my-cluster/host_vars/urbosa-pihole create mode 100644 playbook-frigate.yml create mode 100644 playbook-k3s.yml create mode 100644 roles/k3s/provision/cloud-init/tasks/main.yml create mode 100644 roles/pihole/provision/create/tasks/main.yml create mode 100644 roles/pihole/provision/delete/tasks/main.yml create mode 100644 roles/pihole/provision/enable-ssh/tasks/main.yml create mode 100644 roles/pihole/provision/pre/tasks/main.yml create mode 100644 roles/pihole/provision/start/tasks/main.yml delete mode 100644 site.yml diff --git a/inventory/my-cluster/host_vars/daruk b/inventory/my-cluster/host_vars/daruk new file mode 100644 index 0000000..9b4599d --- /dev/null +++ b/inventory/my-cluster/host_vars/daruk @@ -0,0 +1,14 @@ +--- +ansible_user: root +ansible_host: 10.0.2.6 +ansible_ssh_pass: "{{ proxmox_api_password }}" +ip_addr: 10.0.2.6 +k3s_mac_addr: DE:05:FF:02:47:D8 +k3s_hostname: k3s-agent-daruk +k3s_lxc_host: 10.0.3.6 +k3s_vm_host: 10.0.3.106 +k3s_cores: 8 +k3s_memory: 4096 +k3s_disk: 150 +k3s_vmid: 606 +k3s_template_id: 900 diff --git a/inventory/my-cluster/host_vars/epona b/inventory/my-cluster/host_vars/epona index e19062a..c5c4619 100644 --- a/inventory/my-cluster/host_vars/epona +++ b/inventory/my-cluster/host_vars/epona @@ -6,7 +6,9 @@ ip_addr: 10.0.2.2 k3s_mac_addr: de:05:ff:02:47:d7 k3s_hostname: k3s-master-epona k3s_lxc_host: 10.0.3.2 +k3s_vm_host: 10.0.3.102 k3s_cores: 4 k3s_memory: 8192 k3s_disk: 75 k3s_vmid: 601 +k3s_template_id: 901 diff --git a/inventory/my-cluster/host_vars/epona-pihole b/inventory/my-cluster/host_vars/epona-pihole new file mode 100644 index 0000000..69a7391 --- /dev/null +++ b/inventory/my-cluster/host_vars/epona-pihole @@ -0,0 +1,8 @@ +--- + +ansible_user: root +ansible_host: 10.0.2.13 +ansible_ssh_pass: "{{ proxmox_api_password }}" +mac_addr: EA:11:8B:05:5A:88 +vmid: 203 +node: epona diff --git a/inventory/my-cluster/host_vars/k3s-agent-daruk b/inventory/my-cluster/host_vars/k3s-agent-daruk new file mode 100644 index 0000000..b245b05 --- /dev/null +++ b/inventory/my-cluster/host_vars/k3s-agent-daruk @@ -0,0 +1,5 @@ +--- + +ansible_user: root +ansible_host: 10.0.3.106 +ansible_ssh_pass: "{{ proxmox_api_password }}" diff --git a/inventory/my-cluster/host_vars/k3s-agent-revali b/inventory/my-cluster/host_vars/k3s-agent-revali index cd1f2fe..a10e05d 100644 --- a/inventory/my-cluster/host_vars/k3s-agent-revali +++ b/inventory/my-cluster/host_vars/k3s-agent-revali @@ -1,4 +1,5 @@ --- + ansible_user: root -ansible_host: 10.0.3.4 +ansible_host: 10.0.3.104 ansible_ssh_pass: "{{ proxmox_api_password }}" diff --git a/inventory/my-cluster/host_vars/k3s-agent-urbosa b/inventory/my-cluster/host_vars/k3s-agent-urbosa index 3821ae2..7be35db 100644 --- a/inventory/my-cluster/host_vars/k3s-agent-urbosa +++ b/inventory/my-cluster/host_vars/k3s-agent-urbosa @@ -1,4 +1,5 @@ --- + ansible_user: root -ansible_host: 10.0.3.3 +ansible_host: 10.0.3.105 ansible_ssh_pass: "{{ proxmox_api_password }}" diff --git a/inventory/my-cluster/host_vars/k3s-master-epona b/inventory/my-cluster/host_vars/k3s-master-epona index d0280d6..0a7c69c 100644 --- a/inventory/my-cluster/host_vars/k3s-master-epona +++ b/inventory/my-cluster/host_vars/k3s-master-epona @@ -1,4 +1,5 @@ --- + ansible_user: root -ansible_host: 10.0.3.2 +ansible_host: 10.0.3.102 ansible_ssh_pass: "{{ proxmox_api_password }}" diff --git a/inventory/my-cluster/host_vars/k3s-master-mipha b/inventory/my-cluster/host_vars/k3s-master-mipha index 5147cc3..fd1efd8 100644 --- a/inventory/my-cluster/host_vars/k3s-master-mipha +++ b/inventory/my-cluster/host_vars/k3s-master-mipha @@ -1,4 +1,5 @@ --- + ansible_user: root -ansible_host: 10.0.3.1 +ansible_host: 10.0.3.103 ansible_ssh_pass: "{{ proxmox_api_password }}" diff --git a/inventory/my-cluster/host_vars/mipha b/inventory/my-cluster/host_vars/mipha index 5a2e948..79072c7 100644 --- a/inventory/my-cluster/host_vars/mipha +++ b/inventory/my-cluster/host_vars/mipha @@ -5,8 +5,10 @@ ansible_ssh_pass: "{{ proxmox_api_password }}" ip_addr: 10.0.2.3 k3s_mac_addr: 0e:a0:ff:8c:70:df k3s_hostname: k3s-master-mipha -k3s_lxc_host: 10.0.3.1 +k3s_lxc_host: 10.0.3.3 +k3s_vm_host: 10.0.3.103 k3s_cores: 4 k3s_memory: 6144 k3s_disk: 75 k3s_vmid: 602 +k3s_template_id: 902 diff --git a/inventory/my-cluster/host_vars/revali b/inventory/my-cluster/host_vars/revali index b632f6d..472d664 100644 --- a/inventory/my-cluster/host_vars/revali +++ b/inventory/my-cluster/host_vars/revali @@ -6,7 +6,9 @@ ip_addr: 10.0.2.4 k3s_mac_addr: 32:47:89:3f:1a:e2 k3s_hostname: k3s-agent-revali k3s_lxc_host: 10.0.3.4 +k3s_vm_host: 10.0.3.104 k3s_cores: 2 k3s_memory: 4096 k3s_disk: 200 k3s_vmid: 603 +k3s_template_id: 903 diff --git a/inventory/my-cluster/host_vars/revali-pihole b/inventory/my-cluster/host_vars/revali-pihole new file mode 100644 index 0000000..c2157e9 --- /dev/null +++ b/inventory/my-cluster/host_vars/revali-pihole @@ -0,0 +1,8 @@ +--- + +ansible_user: root +ansible_host: 10.0.2.12 +ansible_ssh_pass: "{{ proxmox_api_password }}" +mac_addr: C2:F5:B2:99:92:51 +vmid: 202 +node: revali diff --git a/inventory/my-cluster/host_vars/urbosa b/inventory/my-cluster/host_vars/urbosa index 39bf312..3a74060 100644 --- a/inventory/my-cluster/host_vars/urbosa +++ b/inventory/my-cluster/host_vars/urbosa @@ -3,10 +3,12 @@ ansible_user: root ansible_host: 10.0.2.5 ansible_ssh_pass: "{{ proxmox_api_password }}" ip_addr: 10.0.2.5 -k3s_mac_addr: ee:36:d5:79:f8:ff -k3s_hostname: k3s-agent-urbosa -k3s_lxc_host: 10.0.3.3 -k3s_cores: 3 -k3s_memory: 2048 -k3s_disk: 80 -k3s_vmid: 604 +# k3s_mac_addr: ee:36:d5:79:f8:ff +# k3s_hostname: k3s-agent-urbosa +# k3s_lxc_host: 10.0.3.5 +# k3s_vm_host: 10.0.3.105 +# k3s_cores: 3 +# k3s_memory: 2048 +# k3s_disk: 80 +# k3s_vmid: 604 +# k3s_template_id: 904 diff --git a/inventory/my-cluster/host_vars/urbosa-pihole b/inventory/my-cluster/host_vars/urbosa-pihole new file mode 100644 index 0000000..35ed9a1 --- /dev/null +++ b/inventory/my-cluster/host_vars/urbosa-pihole @@ -0,0 +1,8 @@ +--- + +ansible_user: root +ansible_host: 10.0.2.11 +ansible_ssh_pass: "{{ proxmox_api_password }}" +mac_addr: 72:2E:3C:F0:2A:B3 +vmid: 201 +node: urbosa diff --git a/inventory/my-cluster/hosts.ini b/inventory/my-cluster/hosts.ini index cfbd9f1..e797a15 100644 --- a/inventory/my-cluster/hosts.ini +++ b/inventory/my-cluster/hosts.ini @@ -3,8 +3,8 @@ k3s-master-mipha k3s-master-epona [node] -k3s-agent-urbosa k3s-agent-revali +k3s-agent-daruk [k3s_cluster:children] master @@ -16,8 +16,20 @@ frigate [lxc:children] k3s_cluster +[k3s_hosts] +mipha +epona +revali +daruk + [baremetal] mipha epona urbosa revali +daruk + +[pihole] +epona-pihole +revali-pihole +urbosa-pihole \ No newline at end of file diff --git a/playbook-frigate.yml b/playbook-frigate.yml new file mode 100644 index 0000000..b839524 --- /dev/null +++ b/playbook-frigate.yml @@ -0,0 +1,28 @@ +--- +- hosts: localhost + become: yes + roles: + - role: frigate/provision/delete + - role: frigate/provision/create + +- hosts: epona + become: yes + roles: + - role: frigate/provision/cgroup + +- hosts: localhost + become: yes + roles: + - role: frigate/provision/start + +- hosts: epona + become: yes + roles: + - role: frigate/provision/enable-ssh + +- hosts: frigate + become: yes + roles: + - role: frigate/update + - role: frigate/install-docker + - role: frigate/install-app diff --git a/playbook-k3s.yml b/playbook-k3s.yml new file mode 100644 index 0000000..ddbe9ab --- /dev/null +++ b/playbook-k3s.yml @@ -0,0 +1,56 @@ +--- +# - hosts: localhost +# gather_facts: no +# become: yes +# roles: +# - role: k3s/provision/delete +- hosts: localhost + gather_facts: no + become: yes + roles: + - role: k3s/provision/create +- hosts: k3s_hosts + gather_facts: yes + become: yes + roles: + - role: k3s/provision/pre + - role: k3s/provision/cloud-init +- hosts: localhost + gather_facts: no + become: yes + roles: + - role: k3s/provision/start +- hosts: k3s_cluster + gather_facts: yes + become: yes + roles: + - role: prereq + - role: download +- hosts: master + become: yes + roles: + - role: k3s/master + +- hosts: node + become: yes + roles: + - role: k3s/node + +- hosts: master + become: yes + roles: + - role: k3s/post + +- hosts: master + become: yes + roles: + - role: k3s/copy-config +- hosts: localhost + become: yes + roles: + - role: longhorn + - role: traefik + - role: nginx + - role: cert-manager + - role: authelia + - role: redis diff --git a/roles/frigate/install-docker/tasks/main.yml b/roles/frigate/install-docker/tasks/main.yml index 855b990..8a71452 100644 --- a/roles/frigate/install-docker/tasks/main.yml +++ b/roles/frigate/install-docker/tasks/main.yml @@ -9,3 +9,8 @@ - name: Execute script ansible.builtin.shell: /tmp/get-docker.sh + +- name: Enable docker on startup + ansible.builtin.shell: | + systemctl enable docker.service + systemctl enable containerd.service diff --git a/roles/frigate/provision/cgroup/tasks/main.yml b/roles/frigate/provision/cgroup/tasks/main.yml index 8021cf8..f1d695c 100644 --- a/roles/frigate/provision/cgroup/tasks/main.yml +++ b/roles/frigate/provision/cgroup/tasks/main.yml @@ -8,7 +8,6 @@ lxc.cgroup2.devices.allow: c 226:128 rwm lxc.cgroup2.devices.allow: c 29:0 rwm lxc.cgroup2.devices.allow: c 189:* rwm - lxc.apparmor.profile: unconfined lxc.cgroup2.devices.allow: a lxc.mount.entry: /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file 0, 0 lxc.mount.entry: /dev/bus/usb/002 dev/bus/usb/002 none bind,optional,create=dir 0, 0 diff --git a/roles/frigate/provision/create/tasks/main.yml b/roles/frigate/provision/create/tasks/main.yml index 3a05122..e7e7012 100644 --- a/roles/frigate/provision/create/tasks/main.yml +++ b/roles/frigate/provision/create/tasks/main.yml @@ -20,9 +20,9 @@ swap: 0 searchdomain: "home" onboot: 1 - mounts: '{"mp0":"/mnt/pve/hyrule-8tb-nfs/frigate/config,mp=/config","mp1":"/mnt/pve/hyrule-8tb-nfs/frigate/media,mp=/media/frigate","mp2":"local-lvm:16,mp=/db"}' + mounts: '{"mp0":"/mnt/pve/hyrule-8tb-nfs/frigate/config,mp=/config","mp1":"/mnt/pve/hyrule-8tb-nfs/frigate/media,mp=/media/frigate","mp2":"local-lvm:50,mp=/db"}' features: - nesting=1 - keyctl=1 - disk: local-lvm:30 + disk: local-lvm:50 force: yes diff --git a/roles/k3s/master/tasks/main.yml b/roles/k3s/master/tasks/main.yml index d891065..e577f01 100644 --- a/roles/k3s/master/tasks/main.yml +++ b/roles/k3s/master/tasks/main.yml @@ -75,8 +75,8 @@ cmd: k3s kubectl get nodes -l "node-role.kubernetes.io/master=true" -o=jsonpath="{.items[*].metadata.name}" register: nodes until: nodes.rc == 0 and (nodes.stdout.split() | length) == (groups['master'] | length) - retries: "{{ retry_count | default(20) }}" - delay: 10 + retries: "{{ retry_count | default(40) }}" + delay: 20 changed_when: false always: - name: Save logs of k3s-init.service @@ -84,7 +84,7 @@ when: log_destination vars: log_destination: >- - {{ lookup('ansible.builtin.env', 'ANSIBLE_K3S_LOG_DIR', default=False) }} + {{ lookup('ansible.builtin.env', 'ANSIBLE_K3S_LOG_DIR', default=True) }} - name: Kill the temporary service used for initialization systemd: name: k3s-init diff --git a/roles/k3s/provision/cloud-init/tasks/main.yml b/roles/k3s/provision/cloud-init/tasks/main.yml new file mode 100644 index 0000000..59d2c1c --- /dev/null +++ b/roles/k3s/provision/cloud-init/tasks/main.yml @@ -0,0 +1,21 @@ +--- +- name: Configure cloud-init - IP + ansible.builtin.command: qm set "{{ k3s_vmid }}" --ipconfig0 ip="{{ k3s_vm_host }}"/21,gw=10.0.0.1 + +- name: Configure cloud-init - User + ansible.builtin.command: qm set "{{ k3s_vmid }}" --ciuser "root" + +- name: Configure cloud-init - Password + ansible.builtin.command: qm set "{{ k3s_vmid }}" --cipassword "{{ ansible_ssh_pass }}" + +- name: Copy SSH Pub key + ansible.builtin.copy: + src: ~/.ssh/id_rsa.pub + dest: /tmp/ansible_controller-key.pub + mode: 0600 + +- name: Configure cloud-init - SSH Key + ansible.builtin.command: qm set "{{ k3s_vmid }}" --sshkey /tmp/ansible_controller-key.pub + +- name: Configure networking + ansible.builtin.command: qm set "{{ k3s_vmid }}" --net0 virtio={{ k3s_mac_addr }},bridge=vmbr0 diff --git a/roles/k3s/provision/create/tasks/main.yml b/roles/k3s/provision/create/tasks/main.yml index 70a9fa2..b50e19a 100644 --- a/roles/k3s/provision/create/tasks/main.yml +++ b/roles/k3s/provision/create/tasks/main.yml @@ -1,27 +1,51 @@ --- - name: Create containers - community.general.proxmox: - vmid: "{{ hostvars[item]['k3s_vmid'] }}" - node: "{{ item }}" + # community.general.proxmox: + # vmid: "{{ hostvars[item]['k3s_vmid'] }}" + # node: "{{ item }}" + # api_user: root@pam + # api_password: "{{ proxmox_api_password }}" + # api_host: 10.0.2.2 + # password: "{{ lxc_password }}" + # hostname: "{{ hostvars[item]['k3s_hostname'] }}" + # ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst" + # netif: "{'net0':'name=eth0,\ + # gw=10.0.0.1,\ + # ip={{ hostvars[item]['k3s_lxc_host'] }}/21,\ + # hwaddr={{ hostvars[item]['k3s_mac_addr'] }},\ + # bridge=vmbr0'}" + # cores: "{{ hostvars[item]['k3s_cores'] }}" + # memory: "{{ hostvars[item]['k3s_memory'] }}" + # unprivileged: no + # swap: 0 + # searchdomain: "home" + # onboot: 1 + # features: + # - nesting=1 + # disk: local-lvm:{{ hostvars[item]['k3s_disk'] }} + # force: yes + # loop: "{{ groups['k3s_hosts'] }}" + proxmox_kvm: + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + name: "{{ hostvars[item]['k3s_hostname'] }}" + node: "{{ item }}" + newid: "{{ hostvars[item]['k3s_vmid'] }}" + clone: debian-10-openstack-amd64 + vmid: "{{ hostvars[item]['k3s_template_id'] }}" + timeout: 900 + loop: "{{ groups['k3s_hosts'] }}" + +- name: Update VMs + proxmox_kvm: api_user: root@pam api_password: "{{ proxmox_api_password }}" api_host: 10.0.2.2 - password: "{{ lxc_password }}" - hostname: "{{ hostvars[item]['k3s_hostname'] }}" - ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst" - netif: "{'net0':'name=eth0,\ - gw=10.0.0.1,\ - ip={{ hostvars[item]['k3s_lxc_host'] }}/21,\ - hwaddr={{ hostvars[item]['k3s_mac_addr'] }},\ - bridge=vmbr0'}" - cores: "{{ hostvars[item]['k3s_cores'] }}" memory: "{{ hostvars[item]['k3s_memory'] }}" - unprivileged: no - swap: 0 - searchdomain: "home" - onboot: 1 - features: - - nesting=1 - disk: local-lvm:{{ hostvars[item]['k3s_disk'] }} - force: yes - loop: "{{ groups['baremetal'] }}" + cores: "{{ hostvars[item]['k3s_cores'] }}" + vmid: "{{ hostvars[item]['k3s_vmid'] }}" + node: "{{ item }}" + update: yes + agent: yes + loop: "{{ groups['k3s_hosts'] }}" diff --git a/roles/k3s/provision/delete/tasks/main.yml b/roles/k3s/provision/delete/tasks/main.yml index 815633c..0148346 100644 --- a/roles/k3s/provision/delete/tasks/main.yml +++ b/roles/k3s/provision/delete/tasks/main.yml @@ -1,29 +1,44 @@ --- - name: Stop containers - community.general.proxmox: - vmid: "{{ hostvars[item]['k3s_vmid'] }}" + # community.general.proxmox: + # vmid: "{{ hostvars[item]['k3s_vmid'] }}" + # api_user: root@pam + # api_password: "{{ proxmox_api_password }}" + # api_host: 10.0.2.2 + # state: stopped + proxmox_kvm: api_user: root@pam api_password: "{{ proxmox_api_password }}" api_host: 10.0.2.2 + name: "{{ hostvars[item]['k3s_hostname'] }}" + node: "{{ item }}" state: stopped - loop: "{{ groups['baremetal'] }}" + timeout: 240 + loop: "{{ groups['k3s_hosts'] }}" ignore_errors: true - timeout: 90 - name: Remove containers - community.general.proxmox: - vmid: "{{ hostvars[item]['k3s_vmid'] }}" + # community.general.proxmox: + # vmid: "{{ hostvars[item]['k3s_vmid'] }}" + # api_user: root@pam + # api_password: "{{ proxmox_api_password }}" + # api_host: "{{ hostvars[item]['ip_addr'] }}" + # state: absent + proxmox_kvm: api_user: root@pam api_password: "{{ proxmox_api_password }}" - api_host: "{{ hostvars[item]['ip_addr'] }}" + api_host: 10.0.2.2 + name: "{{ hostvars[item]['k3s_hostname'] }}" + node: "{{ item }}" state: absent - loop: "{{ groups['baremetal'] }}" + timeout: 90 + loop: "{{ groups['k3s_hosts'] }}" ignore_errors: true - timeout: 90 - name: Remove .ssh/known_hosts lines ansible.builtin.lineinfile: path: /Users/lino.silva/.ssh/known_hosts state: absent - regexp: '^{{ hostvars[item]["k3s_lxc_host"] }}' - loop: "{{ groups['baremetal'] }}" + # regexp: '^{{ hostvars[item]["k3s_lxc_host"] }}' + regexp: '^{{ hostvars[item]["k3s_vm_host"] }}' + loop: "{{ groups['k3s_hosts'] }}" diff --git a/roles/k3s/provision/pre/tasks/main.yml b/roles/k3s/provision/pre/tasks/main.yml index f36342f..abb3384 100644 --- a/roles/k3s/provision/pre/tasks/main.yml +++ b/roles/k3s/provision/pre/tasks/main.yml @@ -1,4 +1,11 @@ --- +# - name: Move storage to local_lvm +# ansible.builtin.command: qm disk move "{{ k3s_vmid }}" scsi0 local-lvm +# ignore_errors: true + +# - name: Resize storage +# ansible.builtin.command: qm disk resize "{{ k3s_vmid }}" scsi0 +"{{ k3s_disk }}G" + - name: Allow ipv4 forwarding ansible.builtin.shell: "sysctl net.ipv4.ip_forward=1" diff --git a/roles/k3s/provision/start/tasks/main.yml b/roles/k3s/provision/start/tasks/main.yml index b0a0a9a..98df55e 100644 --- a/roles/k3s/provision/start/tasks/main.yml +++ b/roles/k3s/provision/start/tasks/main.yml @@ -1,9 +1,16 @@ --- - name: Start deployments - community.general.proxmox: - vmid: "{{ hostvars[item]['k3s_vmid'] }}" + # community.general.proxmox: + # vmid: "{{ hostvars[item]['k3s_vmid'] }}" + # api_user: root@pam + # api_password: "{{ proxmox_api_password }}" + # api_host: 10.0.2.2 + # state: started + community.general.cloud.misc.proxmox_kvm: api_user: root@pam api_password: "{{ proxmox_api_password }}" api_host: 10.0.2.2 + name: "{{ hostvars[item]['k3s_hostname'] }}" + node: "{{ item }}" state: started - loop: "{{ groups['baremetal'] }}" + loop: "{{ groups['k3s_hosts'] }}" diff --git a/roles/longhorn/tasks/main.yml b/roles/longhorn/tasks/main.yml index f6ce698..81e36f5 100644 --- a/roles/longhorn/tasks/main.yml +++ b/roles/longhorn/tasks/main.yml @@ -1,9 +1,4 @@ --- -- name: Add longhorn dependencies - apt: - name: nfs-common open-iscsi util-linux - state: present - - name: Add longhorn helm repo kubernetes.core.helm_repository: name: longhorn diff --git a/roles/pihole/provision/create/tasks/main.yml b/roles/pihole/provision/create/tasks/main.yml new file mode 100644 index 0000000..061d6c6 --- /dev/null +++ b/roles/pihole/provision/create/tasks/main.yml @@ -0,0 +1,25 @@ +--- +- name: Create Piholes + community.general.proxmox: + vmid: "{{ hostvars[item]['vmid'] }}" + node: "{{ hostvars[item]['node'] }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + password: "{{ lxc_password }}" + hostname: "{{ item }}" + ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst" + netif: "{'net0':'name=eth0,\ + gw=10.0.0.1,\ + ip={{ hostvars[item]['ansible_host'] }}/21,\ + hwaddr={{ hostvars[item]['mac_addr'] }},\ + bridge=vmbr0'}" + cores: 1 + memory: 2048 + unprivileged: no + swap: 512 + searchdomain: "home" + onboot: 1 + disk: local-lvm:8 + force: yes + loop: "{{ groups['pihole'] }}" diff --git a/roles/pihole/provision/delete/tasks/main.yml b/roles/pihole/provision/delete/tasks/main.yml new file mode 100644 index 0000000..950bfd9 --- /dev/null +++ b/roles/pihole/provision/delete/tasks/main.yml @@ -0,0 +1,26 @@ +--- +- name: Stop containers + community.general.proxmox: + vmid: "{{ vmid }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + state: stopped + ignore_errors: true + timeout: 90 + +- name: Remove containers + community.general.proxmox: + vmid: "{{ vmid }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + state: absent + ignore_errors: true + timeout: 90 + +- name: Remove .ssh/known_hosts lines + ansible.builtin.lineinfile: + path: /Users/lino.silva/.ssh/known_hosts + state: absent + regexp: "^{{ ansible_host }}" diff --git a/roles/pihole/provision/enable-ssh/tasks/main.yml b/roles/pihole/provision/enable-ssh/tasks/main.yml new file mode 100644 index 0000000..36efd21 --- /dev/null +++ b/roles/pihole/provision/enable-ssh/tasks/main.yml @@ -0,0 +1,8 @@ +--- +# Unable to use ansible.builtin.lineinfile, because we need to run this through the proxmox host (because SSH is not enabled duh) + +- name: Allow SSH into LXC + ansible.builtin.command: lxc-attach -n "{{ vmid }}" -- sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config + +- name: Restart SSH Service + ansible.builtin.command: lxc-attach -n "{{ vmid }}" service ssh restart diff --git a/roles/pihole/provision/pre/tasks/main.yml b/roles/pihole/provision/pre/tasks/main.yml new file mode 100644 index 0000000..f36342f --- /dev/null +++ b/roles/pihole/provision/pre/tasks/main.yml @@ -0,0 +1,12 @@ +--- +- name: Allow ipv4 forwarding + ansible.builtin.shell: "sysctl net.ipv4.ip_forward=1" + +- name: Allow ipv6 forwarding + ansible.builtin.shell: "sysctl net.ipv6.conf.all.forwarding=1" + +- name: Uncomment ipv4 forward line on /etc/sysctl.conf + ansible.builtin.shell: "sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf" + +- name: Uncomment ipv6 forward line on /etc/sysctl.conf + ansible.builtin.shell: "sed -i 's/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/g' /etc/sysctl.conf" diff --git a/roles/pihole/provision/start/tasks/main.yml b/roles/pihole/provision/start/tasks/main.yml new file mode 100644 index 0000000..b0a0a9a --- /dev/null +++ b/roles/pihole/provision/start/tasks/main.yml @@ -0,0 +1,9 @@ +--- +- name: Start deployments + community.general.proxmox: + vmid: "{{ hostvars[item]['k3s_vmid'] }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + state: started + loop: "{{ groups['baremetal'] }}" diff --git a/roles/prereq/tasks/main.yml b/roles/prereq/tasks/main.yml index ff65fe2..ae9c035 100644 --- a/roles/prereq/tasks/main.yml +++ b/roles/prereq/tasks/main.yml @@ -1,30 +1,62 @@ --- +- name: Run the equivalent of "apt-get update" as a separate step + ansible.builtin.apt: + update_cache: yes + +- name: Upgrade the OS (apt-get dist-upgrade) + ansible.builtin.apt: + upgrade: full + +- name: Install QMEU Guest Agent + ansible.builtin.apt: + name: qemu-guest-agent + update_cache: yes + state: present + +- name: Install NFS-Common + ansible.builtin.apt: + name: nfs-common + update_cache: yes + state: present + +- name: Install open-iscsi + ansible.builtin.apt: + name: open-iscsi + update_cache: yes + state: present + +- name: Install util-linux + ansible.builtin.apt: + name: util-linux + update_cache: yes + state: present + - name: Set same timezone on every Server - timezone: + community.general.system.timezone: name: "{{ system_timezone }}" when: (system_timezone is defined) and (system_timezone != "Your/Timezone") - name: Set SELinux to disabled state - selinux: + ansible.posix.selinux: state: disabled when: ansible_os_family == "RedHat" - name: Enable IPv4 forwarding - sysctl: + ansible.posix.sysctl: name: net.ipv4.ip_forward value: "1" state: present reload: yes - name: Enable IPv6 forwarding - sysctl: + ansible.posix.sysctl: name: net.ipv6.conf.all.forwarding value: "1" state: present reload: yes - name: Enable IPv6 router advertisements - sysctl: + ansible.posix.sysctl: name: net.ipv6.conf.all.accept_ra value: "2" state: present @@ -35,16 +67,25 @@ content: "br_netfilter" dest: /etc/modules-load.d/br_netfilter.conf mode: "u=rw,g=,o=" - when: ansible_os_family == "RedHat" - name: Load br_netfilter - modprobe: + community.general.system.modprobe: name: br_netfilter state: present - when: ansible_os_family == "RedHat" + +- name: Add overlay to /etc/modules-load.d/ + copy: + content: "overlay" + dest: /etc/modules-load.d/overlay.conf + mode: "u=rw,g=,o=" + +- name: Load overlay + community.general.system.modprobe: + name: overlay + state: present - name: Set bridge-nf-call-iptables (just to be sure) - sysctl: + ansible.posix.sysctl: name: "{{ item }}" value: "1" state: present diff --git a/site.yml b/site.yml deleted file mode 100644 index 01d486a..0000000 --- a/site.yml +++ /dev/null @@ -1,96 +0,0 @@ ---- -# - hosts: localhost -# gather_facts: no -# become: yes -# roles: -# - role: k3s/provision/delete - -# - hosts: localhost -# gather_facts: now -# become: yes -# roles: -# - role: k3s/provision/create - -# - hosts: baremetal -# gather_facts: yes -# become: yes -# roles: -# - role: k3s/provision/pre -# - role: k3s/provision/cgroup - -# - hosts: localhost -# gather_facts: no -# become: yes -# roles: -# - role: k3s/provision/start - -# - hosts: baremetal -# gather_facts: yes -# become: yes -# roles: -# - role: k3s/provision/enable-ssh - -# - hosts: k3s_cluster -# gather_facts: yes -# become: yes -# roles: -# - role: prereq -# - role: download - -# - hosts: master -# become: yes -# roles: -# - role: k3s/master - -# - hosts: node -# become: yes -# roles: -# - role: k3s/node - -# - hosts: master -# become: yes -# roles: -# - role: k3s/post - -# - hosts: master -# become: yes -# roles: -# - role: k3s/copy-config - -# - hosts: localhost -# become: yes -# roles: -# - role: longhorn -# - role: traefik -# - role: nginx -# - role: cert-manager -# - role: authelia -# - role: redis - -- hosts: localhost - become: yes - roles: - - role: frigate/provision/delete - - role: frigate/provision/create - -- hosts: epona - become: yes - roles: - - role: frigate/provision/cgroup - -- hosts: localhost - become: yes - roles: - - role: frigate/provision/start - -- hosts: epona - become: yes - roles: - - role: frigate/provision/enable-ssh - -- hosts: frigate - become: yes - roles: - - role: frigate/update - - role: frigate/install-docker - - role: frigate/install-app -- 2.52.0 From c9c9861a822c23679b0639ebcf62de6d2faad588 Mon Sep 17 00:00:00 2001 From: Lino Silva Date: Tue, 3 Jan 2023 11:59:54 +0000 Subject: [PATCH 2/2] feat: changed lxc to vm in k3s --- inventory/my-cluster/host_vars/daruk | 14 +++ inventory/my-cluster/host_vars/epona | 2 + inventory/my-cluster/host_vars/epona-pihole | 8 ++ .../my-cluster/host_vars/k3s-agent-daruk | 5 + .../my-cluster/host_vars/k3s-agent-revali | 3 +- .../my-cluster/host_vars/k3s-agent-urbosa | 3 +- .../my-cluster/host_vars/k3s-master-epona | 3 +- .../my-cluster/host_vars/k3s-master-mipha | 3 +- inventory/my-cluster/host_vars/mipha | 4 +- inventory/my-cluster/host_vars/revali | 2 + inventory/my-cluster/host_vars/revali-pihole | 8 ++ inventory/my-cluster/host_vars/urbosa | 16 ++-- inventory/my-cluster/host_vars/urbosa-pihole | 8 ++ inventory/my-cluster/hosts.ini | 14 ++- playbook-frigate.yml | 28 ++++++ playbook-k3s.yml | 56 +++++++++++ roles/frigate/install-docker/tasks/main.yml | 5 + roles/frigate/provision/cgroup/tasks/main.yml | 1 - roles/frigate/provision/create/tasks/main.yml | 4 +- roles/k3s/master/tasks/main.yml | 6 +- roles/k3s/provision/cloud-init/tasks/main.yml | 21 ++++ roles/k3s/provision/create/tasks/main.yml | 66 +++++++++---- roles/k3s/provision/delete/tasks/main.yml | 37 ++++--- roles/k3s/provision/pre/tasks/main.yml | 7 ++ roles/k3s/provision/start/tasks/main.yml | 13 ++- roles/longhorn/tasks/main.yml | 5 - roles/pihole/provision/create/tasks/main.yml | 25 +++++ roles/pihole/provision/delete/tasks/main.yml | 26 +++++ .../provision/enable-ssh/tasks/main.yml | 8 ++ roles/pihole/provision/pre/tasks/main.yml | 12 +++ roles/pihole/provision/start/tasks/main.yml | 9 ++ roles/prereq/tasks/main.yml | 59 ++++++++++-- site.yml | 96 ------------------- 33 files changed, 413 insertions(+), 164 deletions(-) create mode 100644 inventory/my-cluster/host_vars/daruk create mode 100644 inventory/my-cluster/host_vars/epona-pihole create mode 100644 inventory/my-cluster/host_vars/k3s-agent-daruk create mode 100644 inventory/my-cluster/host_vars/revali-pihole create mode 100644 inventory/my-cluster/host_vars/urbosa-pihole create mode 100644 playbook-frigate.yml create mode 100644 playbook-k3s.yml create mode 100644 roles/k3s/provision/cloud-init/tasks/main.yml create mode 100644 roles/pihole/provision/create/tasks/main.yml create mode 100644 roles/pihole/provision/delete/tasks/main.yml create mode 100644 roles/pihole/provision/enable-ssh/tasks/main.yml create mode 100644 roles/pihole/provision/pre/tasks/main.yml create mode 100644 roles/pihole/provision/start/tasks/main.yml delete mode 100644 site.yml diff --git a/inventory/my-cluster/host_vars/daruk b/inventory/my-cluster/host_vars/daruk new file mode 100644 index 0000000..9b4599d --- /dev/null +++ b/inventory/my-cluster/host_vars/daruk @@ -0,0 +1,14 @@ +--- +ansible_user: root +ansible_host: 10.0.2.6 +ansible_ssh_pass: "{{ proxmox_api_password }}" +ip_addr: 10.0.2.6 +k3s_mac_addr: DE:05:FF:02:47:D8 +k3s_hostname: k3s-agent-daruk +k3s_lxc_host: 10.0.3.6 +k3s_vm_host: 10.0.3.106 +k3s_cores: 8 +k3s_memory: 4096 +k3s_disk: 150 +k3s_vmid: 606 +k3s_template_id: 900 diff --git a/inventory/my-cluster/host_vars/epona b/inventory/my-cluster/host_vars/epona index e19062a..c5c4619 100644 --- a/inventory/my-cluster/host_vars/epona +++ b/inventory/my-cluster/host_vars/epona @@ -6,7 +6,9 @@ ip_addr: 10.0.2.2 k3s_mac_addr: de:05:ff:02:47:d7 k3s_hostname: k3s-master-epona k3s_lxc_host: 10.0.3.2 +k3s_vm_host: 10.0.3.102 k3s_cores: 4 k3s_memory: 8192 k3s_disk: 75 k3s_vmid: 601 +k3s_template_id: 901 diff --git a/inventory/my-cluster/host_vars/epona-pihole b/inventory/my-cluster/host_vars/epona-pihole new file mode 100644 index 0000000..69a7391 --- /dev/null +++ b/inventory/my-cluster/host_vars/epona-pihole @@ -0,0 +1,8 @@ +--- + +ansible_user: root +ansible_host: 10.0.2.13 +ansible_ssh_pass: "{{ proxmox_api_password }}" +mac_addr: EA:11:8B:05:5A:88 +vmid: 203 +node: epona diff --git a/inventory/my-cluster/host_vars/k3s-agent-daruk b/inventory/my-cluster/host_vars/k3s-agent-daruk new file mode 100644 index 0000000..b245b05 --- /dev/null +++ b/inventory/my-cluster/host_vars/k3s-agent-daruk @@ -0,0 +1,5 @@ +--- + +ansible_user: root +ansible_host: 10.0.3.106 +ansible_ssh_pass: "{{ proxmox_api_password }}" diff --git a/inventory/my-cluster/host_vars/k3s-agent-revali b/inventory/my-cluster/host_vars/k3s-agent-revali index cd1f2fe..a10e05d 100644 --- a/inventory/my-cluster/host_vars/k3s-agent-revali +++ b/inventory/my-cluster/host_vars/k3s-agent-revali @@ -1,4 +1,5 @@ --- + ansible_user: root -ansible_host: 10.0.3.4 +ansible_host: 10.0.3.104 ansible_ssh_pass: "{{ proxmox_api_password }}" diff --git a/inventory/my-cluster/host_vars/k3s-agent-urbosa b/inventory/my-cluster/host_vars/k3s-agent-urbosa index 3821ae2..7be35db 100644 --- a/inventory/my-cluster/host_vars/k3s-agent-urbosa +++ b/inventory/my-cluster/host_vars/k3s-agent-urbosa @@ -1,4 +1,5 @@ --- + ansible_user: root -ansible_host: 10.0.3.3 +ansible_host: 10.0.3.105 ansible_ssh_pass: "{{ proxmox_api_password }}" diff --git a/inventory/my-cluster/host_vars/k3s-master-epona b/inventory/my-cluster/host_vars/k3s-master-epona index d0280d6..0a7c69c 100644 --- a/inventory/my-cluster/host_vars/k3s-master-epona +++ b/inventory/my-cluster/host_vars/k3s-master-epona @@ -1,4 +1,5 @@ --- + ansible_user: root -ansible_host: 10.0.3.2 +ansible_host: 10.0.3.102 ansible_ssh_pass: "{{ proxmox_api_password }}" diff --git a/inventory/my-cluster/host_vars/k3s-master-mipha b/inventory/my-cluster/host_vars/k3s-master-mipha index 5147cc3..fd1efd8 100644 --- a/inventory/my-cluster/host_vars/k3s-master-mipha +++ b/inventory/my-cluster/host_vars/k3s-master-mipha @@ -1,4 +1,5 @@ --- + ansible_user: root -ansible_host: 10.0.3.1 +ansible_host: 10.0.3.103 ansible_ssh_pass: "{{ proxmox_api_password }}" diff --git a/inventory/my-cluster/host_vars/mipha b/inventory/my-cluster/host_vars/mipha index 5a2e948..79072c7 100644 --- a/inventory/my-cluster/host_vars/mipha +++ b/inventory/my-cluster/host_vars/mipha @@ -5,8 +5,10 @@ ansible_ssh_pass: "{{ proxmox_api_password }}" ip_addr: 10.0.2.3 k3s_mac_addr: 0e:a0:ff:8c:70:df k3s_hostname: k3s-master-mipha -k3s_lxc_host: 10.0.3.1 +k3s_lxc_host: 10.0.3.3 +k3s_vm_host: 10.0.3.103 k3s_cores: 4 k3s_memory: 6144 k3s_disk: 75 k3s_vmid: 602 +k3s_template_id: 902 diff --git a/inventory/my-cluster/host_vars/revali b/inventory/my-cluster/host_vars/revali index b632f6d..472d664 100644 --- a/inventory/my-cluster/host_vars/revali +++ b/inventory/my-cluster/host_vars/revali @@ -6,7 +6,9 @@ ip_addr: 10.0.2.4 k3s_mac_addr: 32:47:89:3f:1a:e2 k3s_hostname: k3s-agent-revali k3s_lxc_host: 10.0.3.4 +k3s_vm_host: 10.0.3.104 k3s_cores: 2 k3s_memory: 4096 k3s_disk: 200 k3s_vmid: 603 +k3s_template_id: 903 diff --git a/inventory/my-cluster/host_vars/revali-pihole b/inventory/my-cluster/host_vars/revali-pihole new file mode 100644 index 0000000..c2157e9 --- /dev/null +++ b/inventory/my-cluster/host_vars/revali-pihole @@ -0,0 +1,8 @@ +--- + +ansible_user: root +ansible_host: 10.0.2.12 +ansible_ssh_pass: "{{ proxmox_api_password }}" +mac_addr: C2:F5:B2:99:92:51 +vmid: 202 +node: revali diff --git a/inventory/my-cluster/host_vars/urbosa b/inventory/my-cluster/host_vars/urbosa index 39bf312..3a74060 100644 --- a/inventory/my-cluster/host_vars/urbosa +++ b/inventory/my-cluster/host_vars/urbosa @@ -3,10 +3,12 @@ ansible_user: root ansible_host: 10.0.2.5 ansible_ssh_pass: "{{ proxmox_api_password }}" ip_addr: 10.0.2.5 -k3s_mac_addr: ee:36:d5:79:f8:ff -k3s_hostname: k3s-agent-urbosa -k3s_lxc_host: 10.0.3.3 -k3s_cores: 3 -k3s_memory: 2048 -k3s_disk: 80 -k3s_vmid: 604 +# k3s_mac_addr: ee:36:d5:79:f8:ff +# k3s_hostname: k3s-agent-urbosa +# k3s_lxc_host: 10.0.3.5 +# k3s_vm_host: 10.0.3.105 +# k3s_cores: 3 +# k3s_memory: 2048 +# k3s_disk: 80 +# k3s_vmid: 604 +# k3s_template_id: 904 diff --git a/inventory/my-cluster/host_vars/urbosa-pihole b/inventory/my-cluster/host_vars/urbosa-pihole new file mode 100644 index 0000000..35ed9a1 --- /dev/null +++ b/inventory/my-cluster/host_vars/urbosa-pihole @@ -0,0 +1,8 @@ +--- + +ansible_user: root +ansible_host: 10.0.2.11 +ansible_ssh_pass: "{{ proxmox_api_password }}" +mac_addr: 72:2E:3C:F0:2A:B3 +vmid: 201 +node: urbosa diff --git a/inventory/my-cluster/hosts.ini b/inventory/my-cluster/hosts.ini index cfbd9f1..e797a15 100644 --- a/inventory/my-cluster/hosts.ini +++ b/inventory/my-cluster/hosts.ini @@ -3,8 +3,8 @@ k3s-master-mipha k3s-master-epona [node] -k3s-agent-urbosa k3s-agent-revali +k3s-agent-daruk [k3s_cluster:children] master @@ -16,8 +16,20 @@ frigate [lxc:children] k3s_cluster +[k3s_hosts] +mipha +epona +revali +daruk + [baremetal] mipha epona urbosa revali +daruk + +[pihole] +epona-pihole +revali-pihole +urbosa-pihole \ No newline at end of file diff --git a/playbook-frigate.yml b/playbook-frigate.yml new file mode 100644 index 0000000..b839524 --- /dev/null +++ b/playbook-frigate.yml @@ -0,0 +1,28 @@ +--- +- hosts: localhost + become: yes + roles: + - role: frigate/provision/delete + - role: frigate/provision/create + +- hosts: epona + become: yes + roles: + - role: frigate/provision/cgroup + +- hosts: localhost + become: yes + roles: + - role: frigate/provision/start + +- hosts: epona + become: yes + roles: + - role: frigate/provision/enable-ssh + +- hosts: frigate + become: yes + roles: + - role: frigate/update + - role: frigate/install-docker + - role: frigate/install-app diff --git a/playbook-k3s.yml b/playbook-k3s.yml new file mode 100644 index 0000000..ddbe9ab --- /dev/null +++ b/playbook-k3s.yml @@ -0,0 +1,56 @@ +--- +# - hosts: localhost +# gather_facts: no +# become: yes +# roles: +# - role: k3s/provision/delete +- hosts: localhost + gather_facts: no + become: yes + roles: + - role: k3s/provision/create +- hosts: k3s_hosts + gather_facts: yes + become: yes + roles: + - role: k3s/provision/pre + - role: k3s/provision/cloud-init +- hosts: localhost + gather_facts: no + become: yes + roles: + - role: k3s/provision/start +- hosts: k3s_cluster + gather_facts: yes + become: yes + roles: + - role: prereq + - role: download +- hosts: master + become: yes + roles: + - role: k3s/master + +- hosts: node + become: yes + roles: + - role: k3s/node + +- hosts: master + become: yes + roles: + - role: k3s/post + +- hosts: master + become: yes + roles: + - role: k3s/copy-config +- hosts: localhost + become: yes + roles: + - role: longhorn + - role: traefik + - role: nginx + - role: cert-manager + - role: authelia + - role: redis diff --git a/roles/frigate/install-docker/tasks/main.yml b/roles/frigate/install-docker/tasks/main.yml index dc9ec85..d5baba9 100644 --- a/roles/frigate/install-docker/tasks/main.yml +++ b/roles/frigate/install-docker/tasks/main.yml @@ -20,3 +20,8 @@ name: root groups: docker append: yes + +- name: Enable docker on startup + ansible.builtin.shell: | + systemctl enable docker.service + systemctl enable containerd.service diff --git a/roles/frigate/provision/cgroup/tasks/main.yml b/roles/frigate/provision/cgroup/tasks/main.yml index 8021cf8..f1d695c 100644 --- a/roles/frigate/provision/cgroup/tasks/main.yml +++ b/roles/frigate/provision/cgroup/tasks/main.yml @@ -8,7 +8,6 @@ lxc.cgroup2.devices.allow: c 226:128 rwm lxc.cgroup2.devices.allow: c 29:0 rwm lxc.cgroup2.devices.allow: c 189:* rwm - lxc.apparmor.profile: unconfined lxc.cgroup2.devices.allow: a lxc.mount.entry: /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file 0, 0 lxc.mount.entry: /dev/bus/usb/002 dev/bus/usb/002 none bind,optional,create=dir 0, 0 diff --git a/roles/frigate/provision/create/tasks/main.yml b/roles/frigate/provision/create/tasks/main.yml index 3a05122..e7e7012 100644 --- a/roles/frigate/provision/create/tasks/main.yml +++ b/roles/frigate/provision/create/tasks/main.yml @@ -20,9 +20,9 @@ swap: 0 searchdomain: "home" onboot: 1 - mounts: '{"mp0":"/mnt/pve/hyrule-8tb-nfs/frigate/config,mp=/config","mp1":"/mnt/pve/hyrule-8tb-nfs/frigate/media,mp=/media/frigate","mp2":"local-lvm:16,mp=/db"}' + mounts: '{"mp0":"/mnt/pve/hyrule-8tb-nfs/frigate/config,mp=/config","mp1":"/mnt/pve/hyrule-8tb-nfs/frigate/media,mp=/media/frigate","mp2":"local-lvm:50,mp=/db"}' features: - nesting=1 - keyctl=1 - disk: local-lvm:30 + disk: local-lvm:50 force: yes diff --git a/roles/k3s/master/tasks/main.yml b/roles/k3s/master/tasks/main.yml index d891065..e577f01 100644 --- a/roles/k3s/master/tasks/main.yml +++ b/roles/k3s/master/tasks/main.yml @@ -75,8 +75,8 @@ cmd: k3s kubectl get nodes -l "node-role.kubernetes.io/master=true" -o=jsonpath="{.items[*].metadata.name}" register: nodes until: nodes.rc == 0 and (nodes.stdout.split() | length) == (groups['master'] | length) - retries: "{{ retry_count | default(20) }}" - delay: 10 + retries: "{{ retry_count | default(40) }}" + delay: 20 changed_when: false always: - name: Save logs of k3s-init.service @@ -84,7 +84,7 @@ when: log_destination vars: log_destination: >- - {{ lookup('ansible.builtin.env', 'ANSIBLE_K3S_LOG_DIR', default=False) }} + {{ lookup('ansible.builtin.env', 'ANSIBLE_K3S_LOG_DIR', default=True) }} - name: Kill the temporary service used for initialization systemd: name: k3s-init diff --git a/roles/k3s/provision/cloud-init/tasks/main.yml b/roles/k3s/provision/cloud-init/tasks/main.yml new file mode 100644 index 0000000..59d2c1c --- /dev/null +++ b/roles/k3s/provision/cloud-init/tasks/main.yml @@ -0,0 +1,21 @@ +--- +- name: Configure cloud-init - IP + ansible.builtin.command: qm set "{{ k3s_vmid }}" --ipconfig0 ip="{{ k3s_vm_host }}"/21,gw=10.0.0.1 + +- name: Configure cloud-init - User + ansible.builtin.command: qm set "{{ k3s_vmid }}" --ciuser "root" + +- name: Configure cloud-init - Password + ansible.builtin.command: qm set "{{ k3s_vmid }}" --cipassword "{{ ansible_ssh_pass }}" + +- name: Copy SSH Pub key + ansible.builtin.copy: + src: ~/.ssh/id_rsa.pub + dest: /tmp/ansible_controller-key.pub + mode: 0600 + +- name: Configure cloud-init - SSH Key + ansible.builtin.command: qm set "{{ k3s_vmid }}" --sshkey /tmp/ansible_controller-key.pub + +- name: Configure networking + ansible.builtin.command: qm set "{{ k3s_vmid }}" --net0 virtio={{ k3s_mac_addr }},bridge=vmbr0 diff --git a/roles/k3s/provision/create/tasks/main.yml b/roles/k3s/provision/create/tasks/main.yml index 70a9fa2..b50e19a 100644 --- a/roles/k3s/provision/create/tasks/main.yml +++ b/roles/k3s/provision/create/tasks/main.yml @@ -1,27 +1,51 @@ --- - name: Create containers - community.general.proxmox: - vmid: "{{ hostvars[item]['k3s_vmid'] }}" - node: "{{ item }}" + # community.general.proxmox: + # vmid: "{{ hostvars[item]['k3s_vmid'] }}" + # node: "{{ item }}" + # api_user: root@pam + # api_password: "{{ proxmox_api_password }}" + # api_host: 10.0.2.2 + # password: "{{ lxc_password }}" + # hostname: "{{ hostvars[item]['k3s_hostname'] }}" + # ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst" + # netif: "{'net0':'name=eth0,\ + # gw=10.0.0.1,\ + # ip={{ hostvars[item]['k3s_lxc_host'] }}/21,\ + # hwaddr={{ hostvars[item]['k3s_mac_addr'] }},\ + # bridge=vmbr0'}" + # cores: "{{ hostvars[item]['k3s_cores'] }}" + # memory: "{{ hostvars[item]['k3s_memory'] }}" + # unprivileged: no + # swap: 0 + # searchdomain: "home" + # onboot: 1 + # features: + # - nesting=1 + # disk: local-lvm:{{ hostvars[item]['k3s_disk'] }} + # force: yes + # loop: "{{ groups['k3s_hosts'] }}" + proxmox_kvm: + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + name: "{{ hostvars[item]['k3s_hostname'] }}" + node: "{{ item }}" + newid: "{{ hostvars[item]['k3s_vmid'] }}" + clone: debian-10-openstack-amd64 + vmid: "{{ hostvars[item]['k3s_template_id'] }}" + timeout: 900 + loop: "{{ groups['k3s_hosts'] }}" + +- name: Update VMs + proxmox_kvm: api_user: root@pam api_password: "{{ proxmox_api_password }}" api_host: 10.0.2.2 - password: "{{ lxc_password }}" - hostname: "{{ hostvars[item]['k3s_hostname'] }}" - ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst" - netif: "{'net0':'name=eth0,\ - gw=10.0.0.1,\ - ip={{ hostvars[item]['k3s_lxc_host'] }}/21,\ - hwaddr={{ hostvars[item]['k3s_mac_addr'] }},\ - bridge=vmbr0'}" - cores: "{{ hostvars[item]['k3s_cores'] }}" memory: "{{ hostvars[item]['k3s_memory'] }}" - unprivileged: no - swap: 0 - searchdomain: "home" - onboot: 1 - features: - - nesting=1 - disk: local-lvm:{{ hostvars[item]['k3s_disk'] }} - force: yes - loop: "{{ groups['baremetal'] }}" + cores: "{{ hostvars[item]['k3s_cores'] }}" + vmid: "{{ hostvars[item]['k3s_vmid'] }}" + node: "{{ item }}" + update: yes + agent: yes + loop: "{{ groups['k3s_hosts'] }}" diff --git a/roles/k3s/provision/delete/tasks/main.yml b/roles/k3s/provision/delete/tasks/main.yml index 815633c..0148346 100644 --- a/roles/k3s/provision/delete/tasks/main.yml +++ b/roles/k3s/provision/delete/tasks/main.yml @@ -1,29 +1,44 @@ --- - name: Stop containers - community.general.proxmox: - vmid: "{{ hostvars[item]['k3s_vmid'] }}" + # community.general.proxmox: + # vmid: "{{ hostvars[item]['k3s_vmid'] }}" + # api_user: root@pam + # api_password: "{{ proxmox_api_password }}" + # api_host: 10.0.2.2 + # state: stopped + proxmox_kvm: api_user: root@pam api_password: "{{ proxmox_api_password }}" api_host: 10.0.2.2 + name: "{{ hostvars[item]['k3s_hostname'] }}" + node: "{{ item }}" state: stopped - loop: "{{ groups['baremetal'] }}" + timeout: 240 + loop: "{{ groups['k3s_hosts'] }}" ignore_errors: true - timeout: 90 - name: Remove containers - community.general.proxmox: - vmid: "{{ hostvars[item]['k3s_vmid'] }}" + # community.general.proxmox: + # vmid: "{{ hostvars[item]['k3s_vmid'] }}" + # api_user: root@pam + # api_password: "{{ proxmox_api_password }}" + # api_host: "{{ hostvars[item]['ip_addr'] }}" + # state: absent + proxmox_kvm: api_user: root@pam api_password: "{{ proxmox_api_password }}" - api_host: "{{ hostvars[item]['ip_addr'] }}" + api_host: 10.0.2.2 + name: "{{ hostvars[item]['k3s_hostname'] }}" + node: "{{ item }}" state: absent - loop: "{{ groups['baremetal'] }}" + timeout: 90 + loop: "{{ groups['k3s_hosts'] }}" ignore_errors: true - timeout: 90 - name: Remove .ssh/known_hosts lines ansible.builtin.lineinfile: path: /Users/lino.silva/.ssh/known_hosts state: absent - regexp: '^{{ hostvars[item]["k3s_lxc_host"] }}' - loop: "{{ groups['baremetal'] }}" + # regexp: '^{{ hostvars[item]["k3s_lxc_host"] }}' + regexp: '^{{ hostvars[item]["k3s_vm_host"] }}' + loop: "{{ groups['k3s_hosts'] }}" diff --git a/roles/k3s/provision/pre/tasks/main.yml b/roles/k3s/provision/pre/tasks/main.yml index f36342f..abb3384 100644 --- a/roles/k3s/provision/pre/tasks/main.yml +++ b/roles/k3s/provision/pre/tasks/main.yml @@ -1,4 +1,11 @@ --- +# - name: Move storage to local_lvm +# ansible.builtin.command: qm disk move "{{ k3s_vmid }}" scsi0 local-lvm +# ignore_errors: true + +# - name: Resize storage +# ansible.builtin.command: qm disk resize "{{ k3s_vmid }}" scsi0 +"{{ k3s_disk }}G" + - name: Allow ipv4 forwarding ansible.builtin.shell: "sysctl net.ipv4.ip_forward=1" diff --git a/roles/k3s/provision/start/tasks/main.yml b/roles/k3s/provision/start/tasks/main.yml index b0a0a9a..98df55e 100644 --- a/roles/k3s/provision/start/tasks/main.yml +++ b/roles/k3s/provision/start/tasks/main.yml @@ -1,9 +1,16 @@ --- - name: Start deployments - community.general.proxmox: - vmid: "{{ hostvars[item]['k3s_vmid'] }}" + # community.general.proxmox: + # vmid: "{{ hostvars[item]['k3s_vmid'] }}" + # api_user: root@pam + # api_password: "{{ proxmox_api_password }}" + # api_host: 10.0.2.2 + # state: started + community.general.cloud.misc.proxmox_kvm: api_user: root@pam api_password: "{{ proxmox_api_password }}" api_host: 10.0.2.2 + name: "{{ hostvars[item]['k3s_hostname'] }}" + node: "{{ item }}" state: started - loop: "{{ groups['baremetal'] }}" + loop: "{{ groups['k3s_hosts'] }}" diff --git a/roles/longhorn/tasks/main.yml b/roles/longhorn/tasks/main.yml index f6ce698..81e36f5 100644 --- a/roles/longhorn/tasks/main.yml +++ b/roles/longhorn/tasks/main.yml @@ -1,9 +1,4 @@ --- -- name: Add longhorn dependencies - apt: - name: nfs-common open-iscsi util-linux - state: present - - name: Add longhorn helm repo kubernetes.core.helm_repository: name: longhorn diff --git a/roles/pihole/provision/create/tasks/main.yml b/roles/pihole/provision/create/tasks/main.yml new file mode 100644 index 0000000..061d6c6 --- /dev/null +++ b/roles/pihole/provision/create/tasks/main.yml @@ -0,0 +1,25 @@ +--- +- name: Create Piholes + community.general.proxmox: + vmid: "{{ hostvars[item]['vmid'] }}" + node: "{{ hostvars[item]['node'] }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + password: "{{ lxc_password }}" + hostname: "{{ item }}" + ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst" + netif: "{'net0':'name=eth0,\ + gw=10.0.0.1,\ + ip={{ hostvars[item]['ansible_host'] }}/21,\ + hwaddr={{ hostvars[item]['mac_addr'] }},\ + bridge=vmbr0'}" + cores: 1 + memory: 2048 + unprivileged: no + swap: 512 + searchdomain: "home" + onboot: 1 + disk: local-lvm:8 + force: yes + loop: "{{ groups['pihole'] }}" diff --git a/roles/pihole/provision/delete/tasks/main.yml b/roles/pihole/provision/delete/tasks/main.yml new file mode 100644 index 0000000..950bfd9 --- /dev/null +++ b/roles/pihole/provision/delete/tasks/main.yml @@ -0,0 +1,26 @@ +--- +- name: Stop containers + community.general.proxmox: + vmid: "{{ vmid }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + state: stopped + ignore_errors: true + timeout: 90 + +- name: Remove containers + community.general.proxmox: + vmid: "{{ vmid }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + state: absent + ignore_errors: true + timeout: 90 + +- name: Remove .ssh/known_hosts lines + ansible.builtin.lineinfile: + path: /Users/lino.silva/.ssh/known_hosts + state: absent + regexp: "^{{ ansible_host }}" diff --git a/roles/pihole/provision/enable-ssh/tasks/main.yml b/roles/pihole/provision/enable-ssh/tasks/main.yml new file mode 100644 index 0000000..36efd21 --- /dev/null +++ b/roles/pihole/provision/enable-ssh/tasks/main.yml @@ -0,0 +1,8 @@ +--- +# Unable to use ansible.builtin.lineinfile, because we need to run this through the proxmox host (because SSH is not enabled duh) + +- name: Allow SSH into LXC + ansible.builtin.command: lxc-attach -n "{{ vmid }}" -- sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config + +- name: Restart SSH Service + ansible.builtin.command: lxc-attach -n "{{ vmid }}" service ssh restart diff --git a/roles/pihole/provision/pre/tasks/main.yml b/roles/pihole/provision/pre/tasks/main.yml new file mode 100644 index 0000000..f36342f --- /dev/null +++ b/roles/pihole/provision/pre/tasks/main.yml @@ -0,0 +1,12 @@ +--- +- name: Allow ipv4 forwarding + ansible.builtin.shell: "sysctl net.ipv4.ip_forward=1" + +- name: Allow ipv6 forwarding + ansible.builtin.shell: "sysctl net.ipv6.conf.all.forwarding=1" + +- name: Uncomment ipv4 forward line on /etc/sysctl.conf + ansible.builtin.shell: "sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf" + +- name: Uncomment ipv6 forward line on /etc/sysctl.conf + ansible.builtin.shell: "sed -i 's/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/g' /etc/sysctl.conf" diff --git a/roles/pihole/provision/start/tasks/main.yml b/roles/pihole/provision/start/tasks/main.yml new file mode 100644 index 0000000..b0a0a9a --- /dev/null +++ b/roles/pihole/provision/start/tasks/main.yml @@ -0,0 +1,9 @@ +--- +- name: Start deployments + community.general.proxmox: + vmid: "{{ hostvars[item]['k3s_vmid'] }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + state: started + loop: "{{ groups['baremetal'] }}" diff --git a/roles/prereq/tasks/main.yml b/roles/prereq/tasks/main.yml index ff65fe2..ae9c035 100644 --- a/roles/prereq/tasks/main.yml +++ b/roles/prereq/tasks/main.yml @@ -1,30 +1,62 @@ --- +- name: Run the equivalent of "apt-get update" as a separate step + ansible.builtin.apt: + update_cache: yes + +- name: Upgrade the OS (apt-get dist-upgrade) + ansible.builtin.apt: + upgrade: full + +- name: Install QMEU Guest Agent + ansible.builtin.apt: + name: qemu-guest-agent + update_cache: yes + state: present + +- name: Install NFS-Common + ansible.builtin.apt: + name: nfs-common + update_cache: yes + state: present + +- name: Install open-iscsi + ansible.builtin.apt: + name: open-iscsi + update_cache: yes + state: present + +- name: Install util-linux + ansible.builtin.apt: + name: util-linux + update_cache: yes + state: present + - name: Set same timezone on every Server - timezone: + community.general.system.timezone: name: "{{ system_timezone }}" when: (system_timezone is defined) and (system_timezone != "Your/Timezone") - name: Set SELinux to disabled state - selinux: + ansible.posix.selinux: state: disabled when: ansible_os_family == "RedHat" - name: Enable IPv4 forwarding - sysctl: + ansible.posix.sysctl: name: net.ipv4.ip_forward value: "1" state: present reload: yes - name: Enable IPv6 forwarding - sysctl: + ansible.posix.sysctl: name: net.ipv6.conf.all.forwarding value: "1" state: present reload: yes - name: Enable IPv6 router advertisements - sysctl: + ansible.posix.sysctl: name: net.ipv6.conf.all.accept_ra value: "2" state: present @@ -35,16 +67,25 @@ content: "br_netfilter" dest: /etc/modules-load.d/br_netfilter.conf mode: "u=rw,g=,o=" - when: ansible_os_family == "RedHat" - name: Load br_netfilter - modprobe: + community.general.system.modprobe: name: br_netfilter state: present - when: ansible_os_family == "RedHat" + +- name: Add overlay to /etc/modules-load.d/ + copy: + content: "overlay" + dest: /etc/modules-load.d/overlay.conf + mode: "u=rw,g=,o=" + +- name: Load overlay + community.general.system.modprobe: + name: overlay + state: present - name: Set bridge-nf-call-iptables (just to be sure) - sysctl: + ansible.posix.sysctl: name: "{{ item }}" value: "1" state: present diff --git a/site.yml b/site.yml deleted file mode 100644 index 01d486a..0000000 --- a/site.yml +++ /dev/null @@ -1,96 +0,0 @@ ---- -# - hosts: localhost -# gather_facts: no -# become: yes -# roles: -# - role: k3s/provision/delete - -# - hosts: localhost -# gather_facts: now -# become: yes -# roles: -# - role: k3s/provision/create - -# - hosts: baremetal -# gather_facts: yes -# become: yes -# roles: -# - role: k3s/provision/pre -# - role: k3s/provision/cgroup - -# - hosts: localhost -# gather_facts: no -# become: yes -# roles: -# - role: k3s/provision/start - -# - hosts: baremetal -# gather_facts: yes -# become: yes -# roles: -# - role: k3s/provision/enable-ssh - -# - hosts: k3s_cluster -# gather_facts: yes -# become: yes -# roles: -# - role: prereq -# - role: download - -# - hosts: master -# become: yes -# roles: -# - role: k3s/master - -# - hosts: node -# become: yes -# roles: -# - role: k3s/node - -# - hosts: master -# become: yes -# roles: -# - role: k3s/post - -# - hosts: master -# become: yes -# roles: -# - role: k3s/copy-config - -# - hosts: localhost -# become: yes -# roles: -# - role: longhorn -# - role: traefik -# - role: nginx -# - role: cert-manager -# - role: authelia -# - role: redis - -- hosts: localhost - become: yes - roles: - - role: frigate/provision/delete - - role: frigate/provision/create - -- hosts: epona - become: yes - roles: - - role: frigate/provision/cgroup - -- hosts: localhost - become: yes - roles: - - role: frigate/provision/start - -- hosts: epona - become: yes - roles: - - role: frigate/provision/enable-ssh - -- hosts: frigate - become: yes - roles: - - role: frigate/update - - role: frigate/install-docker - - role: frigate/install-app -- 2.52.0