DevOps/ansible-role-eom
1
0
Fork 0
Code Issues 17 Pull Requests Actions Packages Projects Releases Wiki Activity

v1.0.6

Browse Source
This commit is contained in:
Eric Meehan 2024-11-25 08:35:30 -05:00
parent e8178f218d
commit 1627b4b6b4
5 changed files with 294 additions and 283 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
tasks/jupyter.yaml Normal file
View File

@ -0,0 +1,100 @@
---
# tasks file for jupyter hub
- name: Add jupyter repository
kubernetes.core.helm_repository:
name: jupyterhub
repo_url: https://hub.jupyter.org/helm-chart/
- name: Update Helm repos
command: helm repo update
- name: Deploy Jupyter Hub
kubernetes.core.helm:
name: jupyter
chart_ref: jupyterhub/jupyterhub
release_namespace: jupyter
create_namespace: true
timeout: 2h
values:
prePuller:
hook:
enabled: false
continuous:
enabled: false
hub:
config:
Authenticator:
admin_users:
- eric
allow_all: true
JupyterHub:
admin_access: true
authenticator_class: ldapauthenticator.LDAPAuthenticator
LDAPAuthenticator:
server_address: openldap.auth.svc.cluster.local
server_port: 389
use_ssl: false
tls_strategy: insecure
lookup_dn: true
lookup_dn_search_user: cn=readonly,dc=eom,dc=dev
lookup_dn_search_password: "{{ ldap_readonly_password }}"
lookup_dn_search_filter: ({login_attr}={login})
lookup_dn_user_dn_attribute: cn
user_search_base: ou=People,dc=eom,dc=dev
user_attribute: uid
db:
pvc:
storage: 16Gi
singleuser:
extraFiles:
jupyter_notebook_config.json:
mountPath: /etc/jupyter/jupyter_notebook_config.json
# data is a YAML structure here but will be rendered to JSON file as our
# file extension is ".json".
data:
MappingKernelManager:
cull_idle_timeout: 1200
cull_interval: 120
cull_connected: true
cull_busy: false
storage:
capacity: 32Gi
image:
name: jupyter/minimal-notebook
tag: latest
pullPolicy: IfNotPresent
memory:
guarantee: 1G
profileList:
- display_name: Minimal notebook
description: Command-line tools useful when working in Jupyter applications
kubespawner_override:
image: jupyter/minimal-notebook
tag: latest
pullPolicy: IfNotPresent
default: true
- display_name: Tensorflow notebook
description: Python deep learning libraries
kubespawner_override:
image: jupyter/tensorflow-notebook
tag: latest
pullPolicy: IfNotPresent
- display_name: Data science notebook
description: Libraries for data analysis from the Python, R, and Julia communities
kubespawner_override:
image: jupyter/datascience-notebook
tag: latest
pullPolicy: IfNotPresent
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: ca-issuer
ingressClassName: nginx
hosts:
- jupyter.eom.dev
pathSuffix:
pathType: Prefix
tls:
- hosts:
- jupyter.eom.dev
secretName: jupyterhub

12
tasks/mastodon.yaml
View File

@ -1,20 +1,12 @@
---
# tasks file for mastodon
- name: Add bitnami repository
kubernetes.core.helm_repository:
name: bitnami
repo_url: https://charts.bitnami.com/bitnami
- name: Update Helm repos
command: helm repo update
- name: Deploy Mastodon
kubernetes.core.helm:
name: mastodon
chart_ref: bitnami/mastodon
release_namespace: mastodon
create_namespace: true
timeout: 300s
timeout: 600s
values:
adminUser: "mastodon"
adminEmail: "mastodon@mail.eom.dev"
@ -29,7 +21,7 @@
extraConfig:
LDAP_ENABLED: "true"
LDAP_HOST: openldap.auth.svc.cluster.local
LDAP_PORT: "387"
LDAP_PORT: "389"
LDAP_METHOD: plain
LDAP_BASE: dc=eom,dc=dev
LDAP_BIND_DN: cn=readonly,dc=eom,dc=dev

45
tasks/mediawiki.yaml Normal file
View File

@ -0,0 +1,45 @@
---
# tasks file for mediawiki
- name: Deploy MediaWiki
kubernetes.core.helm:
name: mediawiki
chart_ref: bitnami/mediawiki
release_namespace: mediawiki
create_namespace: true
values:
mediawikiUser: mediawiki
mediawikiPassword: "{{ mediawiki_admin_password }}"
mediawikiEmail: mediawiki@mail.eom.dev
mediawikiName: MediaWiki
mediawikiHost: https://wiki.eom.dev/
smtpHost: mail.eom.dev
smtpPort: 587
smtpUser: mediawiki
smtpPassword: "{{ mediawiki_mail_password }}"
persistence:
size: 32Gi
service:
type: ClusterIP
ingress:
enabled: true
annotations:
cert-manager.io/clusteer-issuer: ca-issuer
ingressClassName: nginx
pathType: Prefix
hostname: wiki.eom.dev
extraHosts:
- mediawiki.eom.dev
path: /
tls: true
extraTls:
- hosts:
- wiki.eom.dev
- mediawiki.eom.dev
secretName: mediawiki
mariadb:
auth:
rootPassword: "{{ mariadb_root_password }}"
password: "{{ mediawiki_mariadb_password }}"
primary:
persistence:
size: 128Gi

273
tasks/monitor.yaml
View File

@ -1,273 +0,0 @@
---
# tasks file for grafana
- name: Create monitoring namespace
k8s:
state: present
definition:
apiVersion: v1
kind: Namespace
metadata:
name: monitor
- name: Create PVC for MySQL
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql
namespace: monitor
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 64Gi
- name: Create Deployment for MySQL
k8s:
state: present
definition:
apiVersion: v1
kind: Deployment
metadata:
name: mysql
namespace: monitor
labels:
app: mysql
spec:
replicas: 1
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql
volumeMounts:
- name: data
mountPath: /var/lib/mysql
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
value: "{{ mysql_root_password }}"
- name: MYSQL_DATABASE
value: grafana
- name: MYSQL_USER
value: grafana
- name: MYSQL_PASSWORD
value: "{{ grafana_mysql_password }}"
volumes:
- name: data
persistentVolumeClaim:
claimName: mysql
- name: Create Service for MySQL
k8s:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: mysql
namespace: monitor
spec:
selector:
app: mysql
ports:
- port: 3306
name: mysql
type: ClusterIP
- name: Create PVC for InfluxDB
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: influxdb
namespace: monitor
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 128Gi
- name: Create Deployment for InfluxDB
k8s:
state: present
definition:
apiVersion: v1
kind: Deployment
metadata:
name: influxdb
namespace: monitor
labels:
app: influxdb
spec:
replicas: 1
selector:
matchLabels:
app: influxdb
template:
metadata:
labels:
app: influxdb
spec:
containers:
- name: influxdb
image: influxdb
env:
- name: DOCKER_INFLUXDB_INIT_MODE
value: setup
- name: DOCKER_INFLUXDB_INIT_USERNAME
value: grafana
- name: DOCKER_INFLUXDB_INIT_PASSWORD
value: "{{ grafana_influxdb_password }}"
- name: DOCKER_INFLUXDB_INIT_ORG
value: grafana
- name: DOCKER_INFLUXDB_INIT_BUCKET
value: default
- name: DOCKER_INFLUXDB_INIT_RETENTION
value: 1w
volumeMounts:
- name: data
mountPath: /var/lib/influxdb
ports:
- containerPort: 8086
volumes:
- name: data
persistentVolumeClaim:
claimName: influxdb
- name: Create Service for InfluxDB
k8s:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: influxdb
namespace: monitor
spec:
selector:
app: influxdb
ports:
- port: 8086
name: influxdb
type: LoadBalancer
- name: Create a config map for grafana
k8s:
state: present
api_version: v1
kind: ConfigMap
name: grafana
namespace: monitor
definition:
data:
ldap.toml: "{{ lookup('template', 'ldap.toml.j2') }}"
- name: Create Deployment for Grafana
k8s:
state: present
definition:
apiVersion: v1
kind: Deployment
metadata:
name: grafana
namespace: monitor
labels:
app: grafana
spec:
replicas: 1
selector:
matchLabels:
app: grafana
template:
metadata:
labels:
app: grafana
spec:
containers:
- name: grafana
image: grafana/grafana
ports:
- containerPort: 3000
env:
- name: GF_DATABASE_TYPE
value: mysql
- name: GF_DATABASE_HOST
value: mysql
- name: GF_DATABASE_USER
value: grafana
- name: GF_DATABASE_PASSWORD
value: "{{ grafana_mysql_password }}"
- name: GF_AUTH_LDAP_ENABLED
value: "true"
- name: GF_AUTH_LDAP_CONFIG_FILE
value: /etc/grafana/cm/ldap.toml
- name: GF_AUTH_LDAP_ALLOW_SIGN_UP
value: "true"
volumeMounts:
- name: config
mountPath: /etc/grafana/cm
volumes:
- name: config
configMap:
name: grafana
- name: Create Service for Grafana
k8s:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: grafana
namespace: monitor
spec:
selector:
app: grafana
ports:
- port: 80
targetPort: 3000
name: grafana
type: ClusterIP
- name: Create Ingress
k8s:
state: present
definition:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: ca-issuer
name: grafana
namespace: monitor
spec:
ingressClassName: nginx
rules:
- host: grafana.eom.dev
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: grafana
port:
number: 80
tls:
- hosts:
- grafana.eom.dev
secretName: grafana

147
tasks/monitoring.yaml Normal file
View File

@ -0,0 +1,147 @@
---
# tasks file for grafana
- name: Create monitoring namespace
k8s:
state: present
definition:
apiVersion: v1
kind: Namespace
metadata:
name: monitoring
- name: Deploy Prometheus
kubernetes.core.helm:
name: prometheus
chart_ref: bitnami/prometheus
release_namespace: monitoring
timeout: 300s
values:
server:
persistence:
size: 32Gi
extraScrapeConfigs:
- job_name: libvirt_exporter
static_configs:
- targets:
- 192.168.1.48:9177
labels:
instance: poweredge-t640
- job_name: node_exporter
static_configs:
- targets:
- 192.168.1.95:9100
labels:
instance: poweredge-r350
- targets:
- 192.168.1.48:9100
labels:
instance: poweredge-t640
- targets:
- 192.168.1.59:9100
labels:
instance: alpha-control-plane
- targets:
- 192.168.1.91:9100
labels:
instance: alpha-worker-0
- targets:
- 192.168.1.71:9100
labels:
instance: alpha-worker-1
- targets:
- 192.168.1.74:9100
labels:
instance: alpha-worker-2
- targets:
- 192.168.1.75:9100
labels:
instance: alpha-worker-3
- targets:
- 192.168.1.60:9100
labels:
instance: alpha-worker-4
- targets:
- 192.168.1.66:9100
labels:
instance: alpha-worker-5
- targets:
- 192.168.1.38:9100
labels:
instance: alpha-worker-6
- targets:
- 192.168.1.92:9100
labels:
instance: alpha-worker-7
- targets:
- 192.168.1.67:9100
labels:
instance: alpha-worker-8
- targets:
- 192.168.1.63:9100
labels:
instance: alpha-worker-9
- targets:
- 192.168.1.86:9100
labels:
instance: alpha-worker-10
- targets:
- 192.168.1.68:9100
labels:
instance: alpha-worker-11
- targets:
- 192.168.1.72:9100
labels:
instance: alpha-worker-12
metrics_path: /metrics
- name: Deploy Grafana
kubernetes.core.helm:
name: grafana
chart_ref: bitnami/grafana
release_namespace: monitoring
timeout: 300s
values:
admin:
user: grafana
password: "{{ grafana_admin_password }}"
persistence:
size: 32Gi
smtp:
enabled: true
user: grafana
password: "{{ grafana_mail_password }}"
host: mail.eom.dev
fromAddress: grafana@mail.eom.dev
fromName: Grafana
ldap:
enabled: true
allowSignUp: true
configuration: "{{ lookup('template', 'ldap.toml.j2') }}"
ingress:
enabled: true
pathType: Prefix
hostname: grafana.eom.dev
annotations:
cert-manager.io/cluster-issuer: ca-issuer
ingressClassName: nginx
tls: true
datasources:
secretDefinition:
apiVersion: 1
datasources:
- name: Prometheus
type: prometheus
access: proxy
orgId: 1
url: http://prometheus.monitoring.svc.cluster.local
version: 1
editable: true
isDefault: true
- name: Alertmanager
uid: alertmanager
type: alertmanager
access: proxy
orgId: 1
url: http://prometheus-alertmanager.monitoring.svc.cluster.local:9093
version: 1
editable: true