From 6413ee32c2659b6ef26741cba13c5bee5ec6413d Mon Sep 17 00:00:00 2001 From: eric o meehan Date: Wed, 3 Jul 2024 15:48:10 +0000 Subject: [PATCH] v0.0.2 --- group_vars/control_plane.yml | 17 +++++++++ group_vars/workers.yml | 11 ++++++ host_vars/alpha-control-plane.yml | 15 +++++++- host_vars/alpha-worker-0.yml | 15 +++++++- roles/ericomeehan.configure_network/README.md | 38 +++++++++++++++++++ .../defaults/main.yml | 2 + .../handlers/main.yml | 2 + .../meta/main.yml | 0 .../tasks/Debian_firewall.yml | 7 ++++ .../tasks/Debian_interfaces.yml | 6 +++ .../tasks/main.yml | 7 ++++ .../templates/Debian_interfaces.j2 | 10 +++++ .../tests/inventory | 0 .../tests/test.yml | 5 +++ .../vars/main.yml | 2 + .../README.md | 0 .../defaults/main.yml | 0 .../handlers/main.yml | 0 .../meta/main.yml | 34 +++++++++++++++++ .../tasks/dump_debconf_db.yml} | 2 +- .../tasks/main.yml | 4 ++ .../tests/inventory | 2 + .../tests/test.yml | 0 .../vars/main.yml | 0 site.yml | 4 +- 25 files changed, 178 insertions(+), 5 deletions(-) create mode 100644 roles/ericomeehan.configure_network/README.md create mode 100644 roles/ericomeehan.configure_network/defaults/main.yml create mode 100644 roles/ericomeehan.configure_network/handlers/main.yml rename roles/{ericomeehan.dump-debconf-database => ericomeehan.configure_network}/meta/main.yml (100%) create mode 100644 roles/ericomeehan.configure_network/tasks/Debian_firewall.yml create mode 100644 roles/ericomeehan.configure_network/tasks/Debian_interfaces.yml create mode 100644 roles/ericomeehan.configure_network/tasks/main.yml create mode 100644 roles/ericomeehan.configure_network/templates/Debian_interfaces.j2 rename roles/{ericomeehan.dump-debconf-database => ericomeehan.configure_network}/tests/inventory (100%) create mode 100644 roles/ericomeehan.configure_network/tests/test.yml create mode 100644 roles/ericomeehan.configure_network/vars/main.yml rename roles/{ericomeehan.dump-debconf-database => ericomeehan.save_initial_configuration}/README.md (100%) rename roles/{ericomeehan.dump-debconf-database => ericomeehan.save_initial_configuration}/defaults/main.yml (100%) rename roles/{ericomeehan.dump-debconf-database => ericomeehan.save_initial_configuration}/handlers/main.yml (100%) create mode 100644 roles/ericomeehan.save_initial_configuration/meta/main.yml rename roles/{ericomeehan.dump-debconf-database/tasks/main.yml => ericomeehan.save_initial_configuration/tasks/dump_debconf_db.yml} (90%) create mode 100644 roles/ericomeehan.save_initial_configuration/tasks/main.yml create mode 100644 roles/ericomeehan.save_initial_configuration/tests/inventory rename roles/{ericomeehan.dump-debconf-database => ericomeehan.save_initial_configuration}/tests/test.yml (100%) rename roles/{ericomeehan.dump-debconf-database => ericomeehan.save_initial_configuration}/vars/main.yml (100%) diff --git a/group_vars/control_plane.yml b/group_vars/control_plane.yml index f75b7c5..d5adb24 100644 --- a/group_vars/control_plane.yml +++ b/group_vars/control_plane.yml @@ -1,3 +1,20 @@ --- # Group vars for Kubernetes control plane nodes kubernetes_role: control_plane +iptables_forward_policy: ACCEPT +iptables_open_ports: + - interface: any + protocol: tcp + port: 6443 + - interface: any + protocol: tcp + port: '2379:2380' + - interface: any + protocol: tcp + port: 10250 + - interface: any + protocol: tcp + port: 10257 + - interface: any + protocol: tcp + port: 10259 diff --git a/group_vars/workers.yml b/group_vars/workers.yml index a5fe477..c1ca1cc 100644 --- a/group_vars/workers.yml +++ b/group_vars/workers.yml @@ -1,3 +1,14 @@ --- # Group vars for Kubernetes worker nodes kubernetes_role: node +iptables_forward_policy: ACCEPT +iptables_open_ports: + - interface: any + protocol: tcp + port: 10250 + - interface: any + protocol: tcp + port: 10256 + - interface: any + protocol: tcp + port: "30000:32767" diff --git a/host_vars/alpha-control-plane.yml b/host_vars/alpha-control-plane.yml index 92afe5d..71ed4da 100644 --- a/host_vars/alpha-control-plane.yml +++ b/host_vars/alpha-control-plane.yml @@ -1,3 +1,16 @@ --- # Host vars for alpha-control-plane -os: debin +network_interfaces: " +# The primary network interface +auto eno8303 +iface eno8303 inet static + address 10.0.0.2/16 + gateway 10.0.0.1 +iface eno8303 inet6 static + address fc00:6572:6963:a::2/64 + gateway fc00:6572:6963:a::1 + +# The secondary network interface +allow-hotplug eno8403 +iface eno8403 inet dhcp +" diff --git a/host_vars/alpha-worker-0.yml b/host_vars/alpha-worker-0.yml index ed09138..0c4d95f 100644 --- a/host_vars/alpha-worker-0.yml +++ b/host_vars/alpha-worker-0.yml @@ -1,3 +1,16 @@ --- # Host vars for alpha-worker-0 -os: debian +network_interfaces: " +# The primary network interface +auto eno1np0 +iface eno1np0 inet static + address 10.0.0.3/16 + gateway 10.0.0.1 +iface eno1np0 inet6 static + address fc00:6572:6963:a::3/64 + gateway fc00:6572:6963:a::1 + +# The secondary network interface +allow-hotplug eno2np1 +iface eno2np1 inet dhcp +" diff --git a/roles/ericomeehan.configure_network/README.md b/roles/ericomeehan.configure_network/README.md new file mode 100644 index 0000000..d06b87d --- /dev/null +++ b/roles/ericomeehan.configure_network/README.md @@ -0,0 +1,38 @@ +ericomeehan.configure_network +========= + +Role to configure network interfaces for eom.dev. + +Requirements +------------ + +None + +Role Variables +-------------- + +network_interfaces: A string defining network interfaces for a Debian node + +Dependencies +------------ + +None + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +Eric O'Neill Meehan diff --git a/roles/ericomeehan.configure_network/defaults/main.yml b/roles/ericomeehan.configure_network/defaults/main.yml new file mode 100644 index 0000000..3584b72 --- /dev/null +++ b/roles/ericomeehan.configure_network/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for configure_network diff --git a/roles/ericomeehan.configure_network/handlers/main.yml b/roles/ericomeehan.configure_network/handlers/main.yml new file mode 100644 index 0000000..719bce6 --- /dev/null +++ b/roles/ericomeehan.configure_network/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for configure_network diff --git a/roles/ericomeehan.dump-debconf-database/meta/main.yml b/roles/ericomeehan.configure_network/meta/main.yml similarity index 100% rename from roles/ericomeehan.dump-debconf-database/meta/main.yml rename to roles/ericomeehan.configure_network/meta/main.yml diff --git a/roles/ericomeehan.configure_network/tasks/Debian_firewall.yml b/roles/ericomeehan.configure_network/tasks/Debian_firewall.yml new file mode 100644 index 0000000..3b0e69d --- /dev/null +++ b/roles/ericomeehan.configure_network/tasks/Debian_firewall.yml @@ -0,0 +1,7 @@ +--- +# tasks file for Debian_firewall +- name: Enable nftables + service: + name: nftables + state: started + enabled: true diff --git a/roles/ericomeehan.configure_network/tasks/Debian_interfaces.yml b/roles/ericomeehan.configure_network/tasks/Debian_interfaces.yml new file mode 100644 index 0000000..b2dabe6 --- /dev/null +++ b/roles/ericomeehan.configure_network/tasks/Debian_interfaces.yml @@ -0,0 +1,6 @@ +--- +# tasks file for Debian_interfaces +- name: Configure network interfaces for a Debian node + template: + src: "Debian_interfaces.j2" + dest: /etc/network/interfaces diff --git a/roles/ericomeehan.configure_network/tasks/main.yml b/roles/ericomeehan.configure_network/tasks/main.yml new file mode 100644 index 0000000..b09615f --- /dev/null +++ b/roles/ericomeehan.configure_network/tasks/main.yml @@ -0,0 +1,7 @@ +--- +# tasks file for configure_network +- include_tasks: Debian_interfaces.yml + when: ansible_os_family == "Debian" + +- include_tasks: Debian_firewall.yml + when: ansible_os_family == "Debian" diff --git a/roles/ericomeehan.configure_network/templates/Debian_interfaces.j2 b/roles/ericomeehan.configure_network/templates/Debian_interfaces.j2 new file mode 100644 index 0000000..dd30243 --- /dev/null +++ b/roles/ericomeehan.configure_network/templates/Debian_interfaces.j2 @@ -0,0 +1,10 @@ +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +source /etc/network/interfaces.d/* + +# The loopback network interface +auto lo +iface lo inet loopback + +{{ network_interfaces }} diff --git a/roles/ericomeehan.dump-debconf-database/tests/inventory b/roles/ericomeehan.configure_network/tests/inventory similarity index 100% rename from roles/ericomeehan.dump-debconf-database/tests/inventory rename to roles/ericomeehan.configure_network/tests/inventory diff --git a/roles/ericomeehan.configure_network/tests/test.yml b/roles/ericomeehan.configure_network/tests/test.yml new file mode 100644 index 0000000..fc98652 --- /dev/null +++ b/roles/ericomeehan.configure_network/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - configure_network diff --git a/roles/ericomeehan.configure_network/vars/main.yml b/roles/ericomeehan.configure_network/vars/main.yml new file mode 100644 index 0000000..38debb7 --- /dev/null +++ b/roles/ericomeehan.configure_network/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for configure_network diff --git a/roles/ericomeehan.dump-debconf-database/README.md b/roles/ericomeehan.save_initial_configuration/README.md similarity index 100% rename from roles/ericomeehan.dump-debconf-database/README.md rename to roles/ericomeehan.save_initial_configuration/README.md diff --git a/roles/ericomeehan.dump-debconf-database/defaults/main.yml b/roles/ericomeehan.save_initial_configuration/defaults/main.yml similarity index 100% rename from roles/ericomeehan.dump-debconf-database/defaults/main.yml rename to roles/ericomeehan.save_initial_configuration/defaults/main.yml diff --git a/roles/ericomeehan.dump-debconf-database/handlers/main.yml b/roles/ericomeehan.save_initial_configuration/handlers/main.yml similarity index 100% rename from roles/ericomeehan.dump-debconf-database/handlers/main.yml rename to roles/ericomeehan.save_initial_configuration/handlers/main.yml diff --git a/roles/ericomeehan.save_initial_configuration/meta/main.yml b/roles/ericomeehan.save_initial_configuration/meta/main.yml new file mode 100644 index 0000000..ea68190 --- /dev/null +++ b/roles/ericomeehan.save_initial_configuration/meta/main.yml @@ -0,0 +1,34 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/roles/ericomeehan.dump-debconf-database/tasks/main.yml b/roles/ericomeehan.save_initial_configuration/tasks/dump_debconf_db.yml similarity index 90% rename from roles/ericomeehan.dump-debconf-database/tasks/main.yml rename to roles/ericomeehan.save_initial_configuration/tasks/dump_debconf_db.yml index 1f9c735..629ade9 100644 --- a/roles/ericomeehan.dump-debconf-database/tasks/main.yml +++ b/roles/ericomeehan.save_initial_configuration/tasks/dump_debconf_db.yml @@ -1,5 +1,5 @@ --- -# tasks file for dump_debconf_database +# tasks file for dump_debconf_db - name: Install debconf-utils apt: name: debconf-utils diff --git a/roles/ericomeehan.save_initial_configuration/tasks/main.yml b/roles/ericomeehan.save_initial_configuration/tasks/main.yml new file mode 100644 index 0000000..07f8a8c --- /dev/null +++ b/roles/ericomeehan.save_initial_configuration/tasks/main.yml @@ -0,0 +1,4 @@ +--- +# tasks file for dump_debconf_database +- include_tasks: dump_debconf_db.yml + when: ansible_os_family == "Debian" diff --git a/roles/ericomeehan.save_initial_configuration/tests/inventory b/roles/ericomeehan.save_initial_configuration/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/roles/ericomeehan.save_initial_configuration/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/roles/ericomeehan.dump-debconf-database/tests/test.yml b/roles/ericomeehan.save_initial_configuration/tests/test.yml similarity index 100% rename from roles/ericomeehan.dump-debconf-database/tests/test.yml rename to roles/ericomeehan.save_initial_configuration/tests/test.yml diff --git a/roles/ericomeehan.dump-debconf-database/vars/main.yml b/roles/ericomeehan.save_initial_configuration/vars/main.yml similarity index 100% rename from roles/ericomeehan.dump-debconf-database/vars/main.yml rename to roles/ericomeehan.save_initial_configuration/vars/main.yml diff --git a/site.yml b/site.yml index a5e3b78..8e197a8 100644 --- a/site.yml +++ b/site.yml @@ -4,5 +4,5 @@ hosts: all become: true roles: - - role: ericomeehan.dump-debconf-database - where: os == "debian" + - role: ericomeehan.save_initial_configuration + - role: ericomeehan.configure_network