diff --git a/README.md b/README.md index 0e4caed..c53b17c 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,26 @@ -Ansible for configuring base hosts +The general idea is to bootstrap a bare metal host into a functioning kubernetes cluster. -Packer for creating VM templates. +- Install Arch linux on the bare metal +- Configure the bare metal Arch host as a hypervisor (qemu/kvm) +- Install Arch linux into a VM on the hypervisor then convert it to a template. +- Deploy 3 (or more) VMs from the template (uses backing store qcow images). +- Create a kubernetes cluster from those 3 VMs. +- Install calico networking into the cluster. +- Remove the taint from control plane nodes. <-- Optional +- Deploy workloads into the cluster -Terraform for deploying VMs based on those templates. +What you don't see here is setup/configuration of an Opnsense VM to act as a firewall, this is too far off from being possible to automate. -Ansible for configuring deployed VMs into clusters. +Opnsense provides firewall, routing (including BGP peering to calico nodes), DNS and acts as a HA proxy load balancer to the kubernetes nodes. I'll add notes at some point on how to configure opnsense but it's not something that can be done sensibly with ansible. + +What you'll also need: + +Clone the git repo +Create a vault_password file (chmod 600) under the ansible directory. .gitignore should ensure this doesn't get commited to source control. +Create an ansible vault in your inventory directory tree to hold sensitive variables such as 'ansible_become_pass'. Again .gitignore should ensure this vault file remains only on your workstation. + +Check the defaults files for roles carefully. Variables are a scattered mess right now and need to be properly amalgamated. + +Ansible roles were written to work on an Arch linux workstation, some tasks are intended to install packages to localhost (such as kubectl) and use pacman modules to do so. + +If you encounter problems with these change those tasks to use your relvant package manager module, eg apt or yum. diff --git a/ansible/playbooks/03_vm_deploy.yaml b/ansible/playbooks/03_vm_deploy.yaml index f845c5b..6fecf51 100644 --- a/ansible/playbooks/03_vm_deploy.yaml +++ b/ansible/playbooks/03_vm_deploy.yaml @@ -6,13 +6,6 @@ roles: - vm_deploy -# - name: python bootstrap -# hosts: k8s -# gather_facts: false -# become: true -# roles: -# - python-install - # - name: vm hardening # hosts: k8s # gather_facts: true diff --git a/ansible/playbooks/04_k8s.yaml b/ansible/playbooks/04_k8s.yaml index ccfac72..d951c9b 100644 --- a/ansible/playbooks/04_k8s.yaml +++ b/ansible/playbooks/04_k8s.yaml @@ -1,10 +1,10 @@ --- -# - name: configure control plane -# hosts: k8s_control -# gather_facts: true -# become: true -# roles: -# - k8s_control +- name: configure control plane + hosts: k8s_control + gather_facts: true + become: true + roles: + - k8s_control - name: configure calico networking hosts: localhost diff --git a/ansible/playbooks/99_vm_destroy.yaml b/ansible/playbooks/99_vm_destroy.yaml index 6102d4a..de634a6 100644 --- a/ansible/playbooks/99_vm_destroy.yaml +++ b/ansible/playbooks/99_vm_destroy.yaml @@ -4,19 +4,4 @@ gather_facts: true become: true roles: - - vm_destroy - -# - name: python bootstrap -# hosts: k8s -# gather_facts: false -# become: true -# roles: -# - python-install - -# - name: vm hardening -# hosts: k8s -# gather_facts: true -# become: true -# roles: -# - sshd -# - firewall \ No newline at end of file + - vm_destroy \ No newline at end of file diff --git a/ansible/roles/vm_destroy/defaults/main.yml b/ansible/roles/vm_destroy/defaults/main.yml index 2320692..016ac53 100644 --- a/ansible/roles/vm_destroy/defaults/main.yml +++ b/ansible/roles/vm_destroy/defaults/main.yml @@ -12,8 +12,8 @@ vm_cpu: "4" vm_cpu_cores: "2" vm_cpu_threads: "2" vm_bridge: "br1" -vm_mac_prefix: "52:54:00:e3:af:" -vm_subnet_prefix: "192.168.199.1" # vm suffix will be appended to this +vm_mac_prefix: "52:54:00:e3:af:" # vm name suffix will be appended to this +vm_subnet_prefix: "192.168.199.1" # vm name suffix will be appended to this vm_subnet_suffix: "/24" vm_gateway: "192.168.199.254" vm_ntp: "192.168.199.254" diff --git a/ansible/roles/vm_destroy/tasks/destroy.yaml b/ansible/roles/vm_destroy/tasks/destroy.yaml index 72a6d24..970fcdc 100644 --- a/ansible/roles/vm_destroy/tasks/destroy.yaml +++ b/ansible/roles/vm_destroy/tasks/destroy.yaml @@ -26,11 +26,6 @@ state: shutdown name: "{{ vm_name }}" - # - name: destroy the vm - # community.libvirt.virt: - # state: destroyed - # name: "{{ vm_name }}" - - name: delete the firmware vars file ansible.builtin.file: path: "{{ firmware_vhd_pool_dir }}/{{ vm_name }}_VARS.fd" diff --git a/ansible/roles/vm_disks/tasks/main.yaml b/ansible/roles/vm_disks/tasks/main.yaml index 0f5e29d..048cb3d 100644 --- a/ansible/roles/vm_disks/tasks/main.yaml +++ b/ansible/roles/vm_disks/tasks/main.yaml @@ -1,6 +1,5 @@ --- - name: install parted package - become: true community.general.pacman: name: parted state: latest diff --git a/terraform/README.md b/terraform/README.md deleted file mode 100644 index e69de29..0000000 diff --git a/zz_archived/README.md b/zz_archived/README.md new file mode 100644 index 0000000..620a8bb --- /dev/null +++ b/zz_archived/README.md @@ -0,0 +1,2 @@ +old stuff that didn't work out or was abandoned for a better approach. +Ignore what you see here. \ No newline at end of file diff --git a/packer/docker/README.md b/zz_archived/packer/docker/README.md similarity index 100% rename from packer/docker/README.md rename to zz_archived/packer/docker/README.md diff --git a/packer/libvirt/arch/arch-minimal.auto.pkrvars.hcl b/zz_archived/packer/libvirt/arch/arch-minimal.auto.pkrvars.hcl similarity index 100% rename from packer/libvirt/arch/arch-minimal.auto.pkrvars.hcl rename to zz_archived/packer/libvirt/arch/arch-minimal.auto.pkrvars.hcl diff --git a/packer/libvirt/arch/arch-minimal.build.pkr.hcl b/zz_archived/packer/libvirt/arch/arch-minimal.build.pkr.hcl similarity index 100% rename from packer/libvirt/arch/arch-minimal.build.pkr.hcl rename to zz_archived/packer/libvirt/arch/arch-minimal.build.pkr.hcl diff --git a/packer/libvirt/arch/arch-minimal.variables.pkr.hcl b/zz_archived/packer/libvirt/arch/arch-minimal.variables.pkr.hcl similarity index 100% rename from packer/libvirt/arch/arch-minimal.variables.pkr.hcl rename to zz_archived/packer/libvirt/arch/arch-minimal.variables.pkr.hcl diff --git a/packer/proxmox/README.md b/zz_archived/packer/proxmox/README.md similarity index 100% rename from packer/proxmox/README.md rename to zz_archived/packer/proxmox/README.md diff --git a/packer/proxmox/rocky/files/99-pve.cfg b/zz_archived/packer/proxmox/rocky/files/99-pve.cfg similarity index 100% rename from packer/proxmox/rocky/files/99-pve.cfg rename to zz_archived/packer/proxmox/rocky/files/99-pve.cfg diff --git a/packer/proxmox/rocky/http/meta-data b/zz_archived/packer/proxmox/rocky/http/meta-data similarity index 100% rename from packer/proxmox/rocky/http/meta-data rename to zz_archived/packer/proxmox/rocky/http/meta-data diff --git a/packer/proxmox/rocky/http/user-data b/zz_archived/packer/proxmox/rocky/http/user-data similarity index 100% rename from packer/proxmox/rocky/http/user-data rename to zz_archived/packer/proxmox/rocky/http/user-data diff --git a/packer/proxmox/rocky/rocky-minimal.pkr.hcl b/zz_archived/packer/proxmox/rocky/rocky-minimal.pkr.hcl similarity index 100% rename from packer/proxmox/rocky/rocky-minimal.pkr.hcl rename to zz_archived/packer/proxmox/rocky/rocky-minimal.pkr.hcl