From ed6723e1daf07cd1463c2151dda4f4399c81711b Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Thu, 4 May 2023 12:29:29 +0200 Subject: [PATCH] add expand to two hypervisors --- ansible/inventory/host_vars/manager.yml | 30 +++++----- ansible/inventory/host_vars/worker1.yml | 4 -- ansible/inventory/hosts.yml | 10 +++- ansible/playbooks/setup.yml | 9 --- ansible/roles/cyberchef/docker-stack.yml.j2 | 3 + ansible/roles/forgejo/docker-stack.yml.j2 | 2 +- ansible/roles/inbucket/docker-stack.yml.j2 | 14 +++-- ansible/roles/kms/docker-stack.yml.j2 | 4 ++ ansible/roles/traefik/docker-stack.yml.j2 | 3 +- ansible/roles/traefik/tasks/main.yml | 5 ++ terraform/main.tf | 64 ++++++++++++++++++--- 11 files changed, 105 insertions(+), 43 deletions(-) delete mode 100644 ansible/inventory/host_vars/worker1.yml diff --git a/ansible/inventory/host_vars/manager.yml b/ansible/inventory/host_vars/manager.yml index 0857056..299decc 100644 --- a/ansible/inventory/host_vars/manager.yml +++ b/ansible/inventory/host_vars/manager.yml @@ -1,18 +1,22 @@ docker_node_labels: - hostname: maestro + labels: {} + - hostname: swarmpub1 labels: - traefik: "true" - forgejo: "true" - - hostname: worker1 - labels: - syncthing: "true" - seafile: "true" - radicale: "true" + public: "true" mastodon: "true" - freshrss: "true" - hedgedoc: "true" + - hostname: swarmpub2 + labels: + public: "true" + - hostname: swarmpriv1 + labels: + private: "true" overleaf: "true" - -data_directories: - - 'traefik' - - 'forgejo' + syncthing: "true" + hedgedoc: "true" + radicale: "true" + - hostname: swarmpriv2 + labels: + private: "true" + seafile: "true" + freshrss: "true" diff --git a/ansible/inventory/host_vars/worker1.yml b/ansible/inventory/host_vars/worker1.yml deleted file mode 100644 index 9cca17a..0000000 --- a/ansible/inventory/host_vars/worker1.yml +++ /dev/null @@ -1,4 +0,0 @@ -data_directories: - - 'syncthing' - - 'seafile/data' - - 'seafile/db' diff --git a/ansible/inventory/hosts.yml b/ansible/inventory/hosts.yml index f2b948c..983401e 100644 --- a/ansible/inventory/hosts.yml +++ b/ansible/inventory/hosts.yml @@ -5,5 +5,11 @@ all: children: workers: hosts: - worker1: - ansible_host: worker1.dmz + swarmpub1: + ansible_host: swarmpub1.dmz + swarmpub2: + ansible_host: swarmpub2.dmz + swarmpriv1: + ansible_host: swarmpriv1.dmz + swarmpriv2: + ansible_host: swarmpriv2.dmz diff --git a/ansible/playbooks/setup.yml b/ansible/playbooks/setup.yml index 9e8a7f1..258779a 100644 --- a/ansible/playbooks/setup.yml +++ b/ansible/playbooks/setup.yml @@ -15,15 +15,6 @@ changed_when: "rm.rc == 0" failed_when: "false" - # TODO: this creates permission issues. Should create them by hand for now. - # - name: Create data directories - # file: - # state: directory - # path: "{{ data_directory_base }}/{{ item }}" - # recurse: true - # mode: 0777 - # loop: "{{ data_directories }}" - roles: - setup_apt - docker diff --git a/ansible/roles/cyberchef/docker-stack.yml.j2 b/ansible/roles/cyberchef/docker-stack.yml.j2 index 209b2b3..1219f45 100644 --- a/ansible/roles/cyberchef/docker-stack.yml.j2 +++ b/ansible/roles/cyberchef/docker-stack.yml.j2 @@ -11,6 +11,9 @@ services: networks: - traefik deploy: + placement: + constraints: + - "node.labels.public == true" labels: - traefik.enable=true - traefik.http.routers.cyberchef.entrypoints=websecure diff --git a/ansible/roles/forgejo/docker-stack.yml.j2 b/ansible/roles/forgejo/docker-stack.yml.j2 index 1bd5b19..d72e831 100644 --- a/ansible/roles/forgejo/docker-stack.yml.j2 +++ b/ansible/roles/forgejo/docker-stack.yml.j2 @@ -28,7 +28,7 @@ services: deploy: placement: constraints: - - "node.labels.forgejo == true" + - node.role == manager labels: - traefik.port=443 - traefik.enable=true diff --git a/ansible/roles/inbucket/docker-stack.yml.j2 b/ansible/roles/inbucket/docker-stack.yml.j2 index e072bc7..54a57ee 100644 --- a/ansible/roles/inbucket/docker-stack.yml.j2 +++ b/ansible/roles/inbucket/docker-stack.yml.j2 @@ -2,8 +2,12 @@ version: "3.7" services: - kms-server: - image: inbucket/inbucket - ports: - - 2500:2500 - - 9000:9000 + kms-server: + image: inbucket/inbucket + ports: + - 2500:2500 + - 9000:9000 + deploy: + placement: + constraints: + - "node.labels.public == true" diff --git a/ansible/roles/kms/docker-stack.yml.j2 b/ansible/roles/kms/docker-stack.yml.j2 index aeb7460..9511e1d 100644 --- a/ansible/roles/kms/docker-stack.yml.j2 +++ b/ansible/roles/kms/docker-stack.yml.j2 @@ -6,3 +6,7 @@ services: image: teddysun/kms ports: - 1688:1688 + deploy: + placement: + constraints: + - "node.labels.public == true" diff --git a/ansible/roles/traefik/docker-stack.yml.j2 b/ansible/roles/traefik/docker-stack.yml.j2 index 3139127..75621ac 100644 --- a/ansible/roles/traefik/docker-stack.yml.j2 +++ b/ansible/roles/traefik/docker-stack.yml.j2 @@ -20,7 +20,8 @@ services: - 444:444 deploy: placement: - constraints: [node.labels.traefik == true] + constraints: + - node.role == manager labels: - traefik.enable=true - traefik.http.routers.dashboard.entrypoints=localsecure diff --git a/ansible/roles/traefik/tasks/main.yml b/ansible/roles/traefik/tasks/main.yml index b2efa90..88415d4 100644 --- a/ansible/roles/traefik/tasks/main.yml +++ b/ansible/roles/traefik/tasks/main.yml @@ -1,3 +1,8 @@ +- name: Create working directory + file: + path: /srv/traefik + state: directory + - name: Create Traefik network docker_network: name: traefik diff --git a/terraform/main.tf b/terraform/main.tf index 92d39a7..31100c6 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -15,20 +15,68 @@ provider "libvirt" { uri = "qemu+ssh://root@atlas.hyp/system" } +provider "libvirt" { + alias = "jefke" + uri = "qemu+ssh://root@jefke.hyp/system" +} + module "manager" { - source = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian" + #source = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian" + source = "/home/pim/repos/tf-modules/debian" name = "maestro" domain_name = "tf-maestro" memory = 1024 mac = "CA:FE:C0:FF:EE:08" + hypervisor_host = "atlas.hyp" + providers = { + libvirt = libvirt + } } -module "workers" { - for_each = { - worker1 = "tf-worker1" +module "swarmpub1" { + #source = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian" + source = "/home/pim/repos/tf-modules/debian" + name = "swarmpub1" + domain_name = "tf-swarmpub1" + memory = 1024 * 5 + hypervisor_host = "atlas.hyp" + providers = { + libvirt = libvirt + } +} + +module "swarmpriv1" { + #source = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian" + source = "/home/pim/repos/tf-modules/debian" + name = "swarmpriv1" + domain_name = "tf-swarmpriv1" + memory = 1024 * 5 + hypervisor_host = "atlas.hyp" + providers = { + libvirt = libvirt + } +} + +module "swarmpub2" { + #source = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian" + source = "/home/pim/repos/tf-modules/debian" + name = "swarmpub2" + domain_name = "tf-swarmpub2" + memory = 1024 * 3 + hypervisor_host = "jefke.hyp" + providers = { + libvirt = libvirt.jefke + } +} + +module "swarmpriv2" { + #source = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian" + source = "/home/pim/repos/tf-modules/debian" + name = "swarmpriv2" + domain_name = "tf-swarmpriv2" + memory = 1024 * 3 + hypervisor_host = "jefke.hyp" + providers = { + libvirt = libvirt.jefke } - source = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian" - name = each.key - domain_name = each.value - memory = 1024 * 3 }