tidy up

2022-11-01 22:50:18 +13:00 · 2022-11-01 22:50:18 +13:00 · a07565128e
commit a07565128e
parent 29e722d1b5
18 changed files with 34 additions and 41 deletions
--- a/README.md
+++ b/README.md
@ -1,7 +1,26 @@
-Ansible for configuring base hosts
+The general idea is to bootstrap a bare metal host into a functioning kubernetes cluster.
-Packer for creating VM templates.
+- Install Arch linux on the bare metal
 - Configure the bare metal Arch host as a hypervisor (qemu/kvm)
 - Install Arch linux into a VM on the hypervisor then convert it to a template.
 - Deploy 3 (or more) VMs from the template (uses backing store qcow images).
 - Create a kubernetes cluster from those 3 VMs.
 - Install calico networking into the cluster.
 - Remove the taint from control plane nodes. <-- Optional
 - Deploy workloads into the cluster
-Terraform for deploying VMs based on those templates.
+What you don't see here is setup/configuration of an Opnsense VM to act as a firewall, this is too far off from being possible to automate.
-Ansible for configuring deployed VMs into clusters.
+Opnsense provides firewall, routing (including BGP peering to calico nodes), DNS and acts as a HA proxy load balancer to the kubernetes nodes. I'll add notes at some point on how to configure opnsense but it's not something that can be done sensibly with ansible.
 What you'll also need:
 Clone the git repo
 Create a vault_password file (chmod 600) under the ansible directory. .gitignore should ensure this doesn't get commited to source control.
 Create an ansible vault in your inventory directory tree to hold sensitive variables such as 'ansible_become_pass'. Again .gitignore should ensure this vault file remains only on your workstation.
 Check the defaults files for roles carefully. Variables are a scattered mess right now and need to be properly amalgamated.
 Ansible roles were written to work on an Arch linux workstation, some tasks are intended to install packages to localhost (such as kubectl) and use pacman modules to do so.
 If you encounter problems with these change those tasks to use your relvant package manager module, eg apt or yum.
--- a/ansible/playbooks/03_vm_deploy.yaml
+++ b/ansible/playbooks/03_vm_deploy.yaml
@ -6,13 +6,6 @@
  roles:
    - vm_deploy
 # - name: python bootstrap
 #   hosts: k8s
 #   gather_facts: false
 #   become: true
 #   roles:
 #     - python-install
 # - name: vm hardening
 #   hosts: k8s
 #   gather_facts: true
--- a/ansible/playbooks/04_k8s.yaml
+++ b/ansible/playbooks/04_k8s.yaml
@ -1,10 +1,10 @@
 ---
-# - name: configure control plane
+- name: configure control plane
-#   hosts: k8s_control
+  hosts: k8s_control
-#   gather_facts: true
+  gather_facts: true
-#   become: true
+  become: true
-#   roles:
+  roles:
-#     - k8s_control
+    - k8s_control
 - name: configure calico networking
  hosts: localhost
--- a/ansible/playbooks/99_vm_destroy.yaml
+++ b/ansible/playbooks/99_vm_destroy.yaml
@ -4,19 +4,4 @@
  gather_facts: true
  become: true
  roles:
-    - vm_destroy
+    - vm_destroy
 # - name: python bootstrap
 #   hosts: k8s
 #   gather_facts: false
 #   become: true
 #   roles:
 #     - python-install
 # - name: vm hardening
 #   hosts: k8s
 #   gather_facts: true
 #   become: true
 #   roles:
 #     - sshd
 #     - firewall
--- a/ansible/roles/vm_destroy/defaults/main.yml
+++ b/ansible/roles/vm_destroy/defaults/main.yml
@ -12,8 +12,8 @@ vm_cpu: "4"
 vm_cpu_cores: "2"
 vm_cpu_threads: "2"
 vm_bridge: "br1"
-vm_mac_prefix: "52:54:00:e3:af:"
+vm_mac_prefix: "52:54:00:e3:af:" # vm name suffix will be appended to this
-vm_subnet_prefix: "192.168.199.1" # vm suffix will be appended to this
+vm_subnet_prefix: "192.168.199.1" # vm name suffix will be appended to this
 vm_subnet_suffix: "/24"
 vm_gateway: "192.168.199.254"
 vm_ntp: "192.168.199.254"
--- a/ansible/roles/vm_destroy/tasks/destroy.yaml
+++ b/ansible/roles/vm_destroy/tasks/destroy.yaml
@ -26,11 +26,6 @@
      state: shutdown
      name: "{{ vm_name }}"
  # - name: destroy the vm
  #   community.libvirt.virt:
  #     state: destroyed
  #     name: "{{ vm_name }}"
  - name: delete the firmware vars file
    ansible.builtin.file:
      path: "{{ firmware_vhd_pool_dir }}/{{ vm_name }}_VARS.fd"
--- a/ansible/roles/vm_disks/tasks/main.yaml
+++ b/ansible/roles/vm_disks/tasks/main.yaml
@ -1,6 +1,5 @@
 ---
 - name: install parted package
  become: true
  community.general.pacman:
    name: parted
    state: latest
--- a/terraform/README.md
+++ b/terraform/README.md
--- a/zz_archived/README.md
+++ b/zz_archived/README.md
@ -0,0 +1,2 @@
 old stuff that didn't work out or was abandoned for a better approach.
 Ignore what you see here.
--- a/zz_archived/packer/docker/README.md
+++ b/zz_archived/packer/docker/README.md
--- a/zz_archived/packer/libvirt/arch/arch-minimal.auto.pkrvars.hcl
+++ b/zz_archived/packer/libvirt/arch/arch-minimal.auto.pkrvars.hcl
--- a/zz_archived/packer/libvirt/arch/arch-minimal.build.pkr.hcl
+++ b/zz_archived/packer/libvirt/arch/arch-minimal.build.pkr.hcl
--- a/zz_archived/packer/libvirt/arch/arch-minimal.variables.pkr.hcl
+++ b/zz_archived/packer/libvirt/arch/arch-minimal.variables.pkr.hcl
--- a/zz_archived/packer/proxmox/README.md
+++ b/zz_archived/packer/proxmox/README.md
--- a/zz_archived/packer/proxmox/rocky/files/99-pve.cfg
+++ b/zz_archived/packer/proxmox/rocky/files/99-pve.cfg
--- a/zz_archived/packer/proxmox/rocky/http/meta-data
+++ b/zz_archived/packer/proxmox/rocky/http/meta-data
--- a/zz_archived/packer/proxmox/rocky/http/user-data
+++ b/zz_archived/packer/proxmox/rocky/http/user-data
--- a/zz_archived/packer/proxmox/rocky/rocky-minimal.pkr.hcl
+++ b/zz_archived/packer/proxmox/rocky/rocky-minimal.pkr.hcl
		`@ -0,0 +1,2 @@`
							`old stuff that didn't work out or was abandoned for a better approach.`
							`Ignore what you see here.`