DevOps/software-infrastructure
1
0
Fork 0
Code Issues 11 Pull Requests Actions Packages Projects Releases Wiki Activity

v1.0.0

Browse Source
This commit is contained in:
Eric Meehan 2024-11-11 15:46:28 -05:00
parent 3c1ec13720
commit 6e7ee42c1e
58 changed files with 600 additions and 403 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.gitmodules vendored
View File

@ -1,21 +1,21 @@
[submodule "roles/ericomeehan.eom"] [submodule "roles/ericomeehan.eom"]
path = roles/ericomeehan.eom path = roles/ericomeehan.eom
url = https://git.eom.dev/ansible-role-eom url = https://git.eom.dev/eric/ansible-role-eom.git
[submodule "roles/ericomeehan.debian"] [submodule "roles/ericomeehan.debian"]
path = roles/ericomeehan.debian path = roles/ericomeehan.debian
url = https://git.eom.dev/ansible-role-debian url = https://git.eom.dev/eric/ansible-role-deban.git
[submodule "roles/ericomeehan.gondwana"] [submodule "roles/ericomeehan.gondwana"]
path = roles/ericomeehan.gondwana path = roles/ericomeehan.gondwana
url = https://git.eom.dev/ansible-role-gondwana url = https://git.eom.dev/eric/ansible-role-gondwana.git
[submodule "roles/ericomeehan.ericomeehan"] [submodule "roles/ericomeehan.ericomeehan"]
path = roles/ericomeehan.ericomeehan path = roles/ericomeehan.ericomeehan
url = https://git.eom.dev/ansible-role-ericomeehan url = https://git.eom.dev/eric/ansible-role-ericomeehan.git
[submodule "roles/ericomeehan.nvidia_driver"] [submodule "roles/ericomeehan.nvidia_driver"]
path = roles/ericomeehan.nvidia_driver path = roles/ericomeehan.nvidia_driver
url = https://git.eom.dev/ansible-role-nvidia-driver url = https://git.eom.dev/eric/ansible-role-nvidia-driver.git
[submodule "roles/ericomeehan.kraken-bot"] [submodule "roles/ericomeehan.kraken-bot"]
path = roles/ericomeehan.kraken-bot path = roles/ericomeehan.kraken-bot
url = https://git.eom.dev/ansible-role-kraken-bot url = https://git.eom.dev/eric/ansible-role-kraken-bot.git
[submodule "roles/ericomeehan.qemu-network"] [submodule "roles/ericomeehan.qemu-network"]
path = roles/ericomeehan.qemu-network path = roles/ericomeehan.qemu-network
url = https://git.eom.dev/ansible-role-qemu-network url = https://git.eom.dev/ansible-role-qemu-network

3
cluster.yaml
View File

@ -1,8 +1,5 @@
--- ---
# Playbook for deploying a Kubernetes cluster # Playbook for deploying a Kubernetes cluster
- name: Create network bridge
- name: Create virtual machines
- name: Prepare cluster environments - name: Prepare cluster environments
hosts: cluster_nodes hosts: cluster_nodes
become: true become: true

1
group_vars/all.yml
View File

@ -1,3 +1,4 @@
--- ---
# Global defaults # Global defaults
docker_needed: false
nvidia_driver_needed: false nvidia_driver_needed: false

6
group_vars/alpha.yaml
View File

@ -1 +1,5 @@
nfs_path: alpha cluster_name: alpha
metallb_addresses:
- 192.168.1.160-192.168.1.191
metallb_asn: 6501
letsencrypt_url: https://acme-v02.api.letsencrypt.org/directory

6
group_vars/beta.yaml
View File

@ -1 +1,5 @@
nfs_path: beta cluster_name: beta
metallb_addresses:
- 192.168.1.192-192.168.1.223
metallb_asn: 6502
letsencrypt_url: https://acme-staging-v02.api.letsencrypt.org/directory

4
group_vars/clusters.yml
View File

@ -1,3 +1,7 @@
--- ---
# Group vars for clusters # Group vars for clusters
containerd_config_cgroup_driver_systemd: true containerd_config_cgroup_driver_systemd: true
kubernetes_version: '1.31'
kubernetes_version_rehl_package: '1.31.1'
kubernetes_allow_pods_on_control_plane: false
kubernetes_join_command_extra_opts: "--ignore-preflight-errors=Port-10250"

6
group_vars/gamma.yaml
View File

@ -1 +1,5 @@
nfs_path: gamma cluster_name: gamma
metallb_addresses:
- 192.168.1.96-224.168.1.255
metallb_asn: 6503
letsencrypt_url: https://acme-staging-v02.api.letsencrypt.org/directory

7
group_vars/vms.yaml
View File

@ -4,19 +4,16 @@ type: kvm
name: my_vm_name name: my_vm_name
instance_id: "iid-{{ name }}" instance_id: "iid-{{ name }}"
packages: packages:
- nfs-common
- openssh-server - openssh-server
- prometheus-node-exporter - prometheus-node-exporter
- qemu-guest-agent - qemu-guest-agent
open_ports:
- interface: any
protocol: tcp
port: 22
memory: memory:
unit: MiB unit: MiB
value: 4096 value: 4096
vcpu: vcpu:
placement: static placement: static
value: 2 value: 1
os: os:
type: type:
arch: x86_64 arch: x86_64

6
group_vars/workstations.yaml
View File

@ -1,2 +1,6 @@
# Vars file for workstations # Vars file for workstations
open_ports: "" docker_needed: true
open_ports:
- interface: any
protocol: tcp
port: 22

59
host_vars/gateway.yaml
View File

@ -1,59 +0,0 @@
---
# Host vars for gateway
name: gateway
interfaces:
- type: network
source:
network: lan
model:
type: virtio
address:
type: pci
domain: 0x0000
bus: 0x01
slot: 0x00
function: 0x0
- type: network
source:
network: wan
model:
type: virtio
address:
type: pci
domain: 0x0000
bus: 0x02
slot: 0x00
function: 0x0
- type: network
source:
network: alpha
model:
type: virtio
address:
type: pci
domain: 0x0000
bus: 0x03
slot: 0x00
function: 0x0
- type: network
source:
network: beta
model:
type: virtio
address:
type: pci
domain: 0x0000
bus: 0x04
slot: 0x00
function: 0x0
- type: network
source:
network: gamma
model:
type: virtio
address:
type: pci
domain: 0x0000
bus: 0x08
slot: 0x00
function: 0x0

15
host_vars/inspiron-3670.yaml
View File

@ -1,16 +1,3 @@
# Host vars for inspiron-3670 # Host vars for inspiron-3670
docker_needed: false
nvidia_driver_needed: true nvidia_driver_needed: true
packages:
- curl
- davfs2
- gimp
- git
- gphoto2
- latexml
- neovim
- passwordsafe
- texlive-full
- thunderbird
- tmux
- torbrowser-launcher
- w3m

2
host_vars/latitude-7230.yaml
View File

@ -1,3 +1,3 @@
# Host vars for latitude-7230 # Host vars for latitude-7230
ansible_connection: local ansible_connection: local
open_ports: ""

3
host_vars/poweredge-r350.yaml
View File

@ -12,5 +12,4 @@ libvirt_networks:
bridge: bridge:
name: lan name: lan
dev: eno8403 dev: eno8403
libvirt_guests: libvirt_guests: ""
- vpn

9
host_vars/poweredge-t640.yaml
View File

@ -7,8 +7,13 @@ libvirt_networks:
bridge: bridge:
name: wan name: wan
dev: eno1np0 dev: eno1np0
- name: lan
forward:
mode: bridge
bridge:
name: lan
dev: eno2np1
libvirt_guests: libvirt_guests:
- network-file-system
- alpha-control-plane - alpha-control-plane
- alpha-worker-0 - alpha-worker-0
- alpha-worker-1 - alpha-worker-1
@ -24,3 +29,5 @@ libvirt_guests:
- gamma-worker-1 - gamma-worker-1
- gamma-worker-2 - gamma-worker-2
- gamma-worker-3 - gamma-worker-3
nfs_exports: ["/data *(rw,sync,no_root_squash)"]
nvidia_driver_needed: true

18
host_vars/vpn.yaml
View File

@ -1,18 +0,0 @@
---
# Host vars for vpn
name: vpn
packages:
- openssh-server
- openvpn
- prometheus-node-exporter
interfaces:
- type: network
source:
network: wan
model:
type: virtio
- type: network
source:
network: lan
model:
type: virtio

3
inventories/attlocal.yml → inventories/eom.dev.yml
View File

@ -13,9 +13,6 @@ all:
poweredge-t640: poweredge-t640:
vms: vms:
hosts:
network-file-system:
vpn:
children: children:
clusters: clusters:
children: children:

220
hypervisors.yaml → main.yaml
View File

@ -1,18 +1,49 @@
--- ---
# Playbook for hypervisors # Playbook for eom.dev
- name: Initialize hypervisors - name: Initialize workstations
hosts: hypervisors hosts: workstations
become: true become: true
vars_files:
- ../secrets.yaml
roles: roles:
- role: ericomeehan.debian - role: ericomeehan.debian
- role: ericomeehan.ericomeehan - role: ericomeehan.ericomeehan
- role: ericomeehan.nvidia_driver
when: nvidia_driver_needed == true
- role: geerlingguy.docker
when: docker_needed == true
- name: Deploy virtual machines - name: Initialize hypervisors
hosts: hypervisors hosts: hypervisors
become: true become: true
vars_files: vars_files:
- ../secrets.yaml - ../secrets.yaml
pre_tasks: roles:
- role: ericomeehan.debian
- role: ericomeehan.ericomeehan
- role: ericomeehan.nvidia_driver
when: nvidia_driver_needed == true
- name: Initialize Network File Systems
hosts: poweredge-t640
become: true
roles:
- role: geerlingguy.nfs
tasks:
- name: Create NFS directories
file:
path: "{{ item }}"
state: directory
loop:
- /data/alpha
- /data/beta
- /data/gamma
- /data/eric
- name: Prepare virtualization environments
hosts: hypervisors
become: true
tasks:
- name: Install packages for virtualization - name: Install packages for virtualization
apt: apt:
update_cache: yes update_cache: yes
@ -38,9 +69,25 @@
line: 'net.ipv6.conf.all.forwarding = 1' line: 'net.ipv6.conf.all.forwarding = 1'
state: present state: present
- name: Copy interfaces template
template:
src: interfaces.j2
dest: /etc/network/interfaces
- name: Reload sysctl configuration - name: Reload sysctl configuration
command: sysctl --system command: sysctl --system
- name: Reload network service
service:
name: networking
state: restarted
- name: Deploy virtual machines
hosts: hypervisors
become: true
vars_files:
- ../secrets.yaml
tasks:
- name: Define libvirt networks - name: Define libvirt networks
community.libvirt.virt_net: community.libvirt.virt_net:
name: "{{ item.name }}" name: "{{ item.name }}"
@ -134,33 +181,21 @@
command: "virsh reset {{ item }}" command: "virsh reset {{ item }}"
loop: "{{ libvirt_guests }}" loop: "{{ libvirt_guests }}"
- name: Copy SSH keys - name: Wait for manual tasks
hosts: localhost hosts: localhost
tasks: tasks:
- name: Wait for manual tasks - name: Trust SSH identities
pause: pause:
prompt: "Press Enter to continue..." prompt: "Press Enter to continue..."
- name: Initialize virtual machines - name: Initialize virtual machines
hosts: vms hosts: vms
become: true become: true
pre_tasks: vars_files:
- name: Append text from files/motd to the beginning of remote motd file - ../secrets.yaml
blockinfile:
path: /etc/motd
marker: ""
block: |
{{ lookup('file', 'motd') }}
roles: roles:
- role: ericomeehan.ericomeehan - role: ericomeehan.ericomeehan
- name: Initialize Network File Systems
hosts: network-file-system
become: true
roles:
- role: geerlingguy.nfs
- name: Initialize Kubernetes clusters - name: Initialize Kubernetes clusters
hosts: clusters hosts: clusters
become: true become: true
@ -220,32 +255,141 @@
roles: roles:
- role: geerlingguy.helm - role: geerlingguy.helm
- name: Install NFS Common - name: Deploy base Kubernetes resources
hosts: workers hosts: control_planes
become: true become: true
tasks: tasks:
- name: Install nfs-common - name: Add NFS Provisioner repository
apt:
name: nfs-common
state: present
- name: Configure default storage class
hosts: control-planes
become: true
tasks:
- name: Install helm repo
kubernetes.core.helm_repository: kubernetes.core.helm_repository:
name: nfs-subdir-external-provisioner name: nfs-subdir-external-provisioner
repo_url: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/ repo_url: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
- name: Deploy nfs provisioner - name: Add MetalLB repository
kubernetes.core.helm_repository:
name: metallb
repo_url: https://metallb.github.io/metallb
- name: Add Ingress Nginx repository
kubernetes.core.helm_repository:
name: ingress-nginx
repo_url: https://kubernetes.github.io/ingress-nginx
- name: Add cert-manager repository
kubernetes.core.helm_repository:
name: jetstack
repo_url: https://charts.jetstack.io
- name: Update Helm repos
command: helm repo update
- name: Deploy NFS Provisioner
kubernetes.core.helm: kubernetes.core.helm:
name: nfs-subdir-external-provisioner name: nfs-subdir-external-provisioner
chart_ref: nfs-subdir-external-provisioner/nfs-subdir-external-provisioner chart_ref: nfs-subdir-external-provisioner/nfs-subdir-external-provisioner
release_namespace: default release_namespace: nfs-provisioner
create_namespace: true
values: values:
nfs: nfs:
server: network-file-system server: poweredge-t640
path: "/data/{{ nfs_path }}" path: "/data/{{ cluster_name }}"
storageClass: storageClass:
defaultClass: true defaultClass: true
- name: Deploy MetalLB
kubernetes.core.helm:
name: metallb
chart_ref: metallb/metallb
release_namespace: metallb
create_namespace: true
- name: Wait for MetalLB to initialize
wait_for:
timeout: 120
- name: Deploy BGP Peer
k8s:
state: present
definition:
apiVersion: metallb.io/v1beta2
kind: BGPPeer
metadata:
name: bgp-peer
namespace: metallb
spec:
myASN: "{{ metallb_asn }}"
peerASN: 6500
peerAddress: 192.168.1.1
- name: Deploy address pool
k8s:
state: present
definition:
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: pool0
namespace: metallb
spec:
addresses: "{{ metallb_addresses }}"
- name: Deploy BGP Advertisement
k8s:
state: present
definition:
apiVersion: metallb.io/v1beta1
kind: BGPAdvertisement
metadata:
name: bgp-advertisement
namespace: metallb
spec:
ipAddressPools:
- pool0
- name: Deploy Ingress Nginx
kubernetes.core.helm:
name: ingress-nginx
chart_ref: ingress-nginx/ingress-nginx
release_namespace: ingress-nginx
create_namespace: true
values:
controller:
annotations:
acme.cert-manager.io/http01-edit-in-place: 'true'
extraArgs:
update-status: "false"
- name: Deploy cert-manager
kubernetes.core.helm:
name: cert-manager
chart_ref: jetstack/cert-manager
release_namespace: cert-manager
create_namespace: true
values:
crds:
enabled: true
- name: Deploy Cluster Issuer
k8s:
state: present
definition:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: ca-issuer
spec:
acme:
server: "{{ letsencrypt_url }}"
email: eric@eom.dev
privateKeySecretRef:
name: letsencrypt-issuer-key
solvers:
- http01:
ingress:
ingressClassName: nginx
- name: Port forward HTTP(S) to Ingress Controllers
hosts: localhost
tasks:
- name: Wait for manual tasks
pause:
prompt: "Press Enter to continue..."

2
roles/ericomeehan.eom

@ -1 +1 @@
Subproject commit 2d395340236352edaeb15cea56a9e65cc740453a Subproject commit be231a903113d5092a8b1ea6830c1bbbaad424b6

2
roles/ericomeehan.ericomeehan

@ -1 +1 @@
Subproject commit ba6296a2ec7fdbdea8d9676e6423d326b4c3a4d0 Subproject commit 4dc7f7917edb012b15268a4e94c81b55592130a5

2
roles/ericomeehan.gondwana

@ -1 +1 @@
Subproject commit 0ca51b452a430820c15bb0a8424c6d65eb7db349 Subproject commit c1bed4ec3766ae456ca7e55ec2699e640d76a884

1
roles/ericomeehan.libvirt-factory
View File

@ -1 +0,0 @@
/home/eric/Desktop/ansible-role-libvirt-vm

38
roles/ericomeehan.nvidia_driver_debian/README.md
View File

@ -1,38 +0,0 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

5
roles/ericomeehan.nvidia_driver_debian/defaults/main.yml
View File

@ -1,5 +0,0 @@
---
# defaults file for ericomeehan.nvidia_driver_debian
nvidia_driver_skip_reboot: false
nvidia_driver_source: nvidia
nvidia_driver_tesla: false

2
roles/ericomeehan.nvidia_driver_debian/handlers/main.yml
View File

@ -1,2 +0,0 @@
---
# handlers file for ericomeehan.nvidia_driver_debian

34
roles/ericomeehan.nvidia_driver_debian/meta/main.yml
View File

@ -1,34 +0,0 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

9
roles/ericomeehan.nvidia_driver_debian/tasks/main.yml
View File

@ -1,9 +0,0 @@
---
# tasks file for ericomeehan.nvidia_driver_debian
- name: Install Nvidia proprietary drivers
include_tasks: nvidia-proprietary.yml
when: nvidia_driver_source == "nvidia"
- name: Install nouveau and mesa drivers
include_tasks: nouveau-mesa.yml
when: nvidia_driver_source == "nouveau"

18
roles/ericomeehan.nvidia_driver_debian/tasks/nouveau-mesa.yml
View File

@ -1,18 +0,0 @@
---
# tasks file for nouveau-mesa
- name: Update apt
become: yes
apt:
update_cache: yes
- name: Install nouveau and mesa
apt:
state: present
name:
- xserver-xorg-video-nouveau
- mesa-utils
register: install_driver
- name: Reboot after driver install
reboot:
when: install_driver.changed and not nvidia_driver_skip_reboot

38
roles/ericomeehan.nvidia_driver_debian/tasks/nvidia-proprietary-old.yml
View File

@ -1,38 +0,0 @@
---
# tasks file for nvidia-proprietary
- name: Add contrib & non-free repository
replace:
dest: /etc/apt/sources.list
regexp: '^(deb(?!.* contrib).*)'
replace: '\1 contrib non-free'
- name: Update apt
become: yes
apt:
update_cache: yes
- name: Install Linux headers
apt:
name: linux-headers-{{ ansible_kernel }}
state: present
- name: Install Nvidia and CUDA drivers
apt:
state: present
name:
- nvidia-driver
- firmware-misc-nonfree
- nvidia-cuda-dev
- nvidia-cuda-toolkit
register: install_driver
- name: Install tesla drivers
apt:
state: present
name:
- nvidia-tesla-470-driver
when: nvidia_driver_tesla == true
- name: Reboot after driver install
reboot:
when: install_driver.changed and not nvidia_driver_skip_reboot

61
roles/ericomeehan.nvidia_driver_debian/tasks/nvidia-proprietary.yml
View File

@ -1,61 +0,0 @@
---
# tasks file for nvidia-proprietary
- name: Add contrib & non-free repository
replace:
dest: /etc/apt/sources.list
regexp: '^(deb(?!.* contrib).*)'
replace: '\1 contrib non-free'
- name: Install Linux headers
apt:
name: linux-headers-{{ ansible_kernel }}
state: present
- name: Download Nvidia driver local repo
get_url:
url: https://us.download.nvidia.com/tesla/550.90.07/nvidia-driver-local-repo-debian12-550.90.07_1.0-1_amd64.deb
dest: /tmp/nvidia-driver-local-repo-debian12-550.90.07_1.0-1_amd64.deb
- name: Install Nvidia driver local repo
apt:
deb: /tmp/nvidia-driver-local-repo-debian12-550.90.07_1.0-1_amd64.deb
state: present
- name: Add Nvidia driver local repo keyring
copy:
remote_src: true
src: /var/nvidia-driver-local-repo-debian12-550.90.07/nvidia-driver-local-3FEEC8FF-keyring.gpg
dest: /usr/share/keyrings/nvidia-driver-local-3FEEC8FF-keyring.gpg
- name: Download CUDA repo
get_url:
url: https://developer.download.nvidia.com/compute/cuda/12.4.1/local_installers/cuda-repo-debian12-12-4-local_12.4.1-550.54.15-1_amd64.deb
dest: /tmp/cuda-repo-debian12-12-4-local_12.4.1-550.54.15-1_amd64.deb
- name: Install CUDA repo
apt:
deb: /tmp/cuda-repo-debian12-12-4-local_12.4.1-550.54.15-1_amd64.deb
state: present
- name: Add CUDA repo keyring
copy:
remote_src: true
src: /var/cuda-repo-debian12-12-4-local/cuda-C5AA6424-keyring.gpg
dest: /usr/share/keyrings/cuda-C5AA6424-keyring.gpg
- name: Update package list
apt:
update_cache: yes
- name: Install Nvidia driver and CUDA toolkit
apt:
name:
- firmware-misc-nonfree
- cuda-toolkit-12-4
- nvidia-driver=550.90.07-1
state: present
register: install_driver
- name: Reboot after driver install
reboot:
when: install_driver.changed and not nvidia_driver_skip_reboot

2
roles/ericomeehan.nvidia_driver_debian/tests/inventory
View File

@ -1,2 +0,0 @@
localhost

5
roles/ericomeehan.nvidia_driver_debian/tests/test.yml
View File

@ -1,5 +0,0 @@
---
- hosts: localhost
remote_user: root
roles:
- ericomeehan.nvidia_driver_debian

2
roles/ericomeehan.nvidia_driver_debian/vars/main.yml
View File

@ -1,2 +0,0 @@
---
# vars file for ericomeehan.nvidia_driver_debian

1
roles/ericomeehan.qemu-network

@ -1 +0,0 @@
Subproject commit aa1a12a3f5cdf6398b4f6dbc2df00e48a55542c4

3
roles/geerlingguy.nfs/.ansible-lint Normal file
View File

@ -0,0 +1,3 @@
skip_list:
- 'yaml'
- 'role-name'

4
roles/geerlingguy.nfs/.github/FUNDING.yml vendored Normal file
View File

@ -0,0 +1,4 @@
# These are supported funding model platforms
---
github: geerlingguy
patreon: geerlingguy

66
roles/geerlingguy.nfs/.github/workflows/ci.yml vendored Normal file
View File

@ -0,0 +1,66 @@
---
name: CI
'on':
pull_request:
push:
branches:
- master
schedule:
- cron: "30 1 * * 3"
defaults:
run:
working-directory: 'geerlingguy.nfs'
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v4
with:
path: 'geerlingguy.nfs'
- name: Set up Python 3.
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install yamllint
- name: Lint code.
run: |
yamllint .
molecule:
name: Molecule
runs-on: ubuntu-latest
strategy:
matrix:
distro:
- rockylinux9
- ubuntu2004
steps:
- name: Check out the codebase.
uses: actions/checkout@v4
with:
path: 'geerlingguy.nfs'
- name: Set up Python 3.
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install ansible molecule molecule-plugins[docker] docker
- name: Run Molecule tests.
run: molecule test
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
MOLECULE_DISTRO: ${{ matrix.distro }}

40
roles/geerlingguy.nfs/.github/workflows/release.yml vendored Normal file
View File

@ -0,0 +1,40 @@
---
# This workflow requires a GALAXY_API_KEY secret present in the GitHub
# repository or organization.
#
# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy
# See: https://github.com/ansible/galaxy/issues/46
name: Release
'on':
push:
tags:
- '*'
defaults:
run:
working-directory: 'geerlingguy.nfs'
jobs:
release:
name: Release
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v4
with:
path: 'geerlingguy.nfs'
- name: Set up Python 3.
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install Ansible.
run: pip3 install ansible-core
- name: Trigger a new import on Galaxy.
run: >-
ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }}
$(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)

34
roles/geerlingguy.nfs/.github/workflows/stale.yml vendored Normal file
View File

@ -0,0 +1,34 @@
---
name: Close inactive issues
'on':
schedule:
- cron: "55 19 * * 6" # semi-random time
jobs:
close-issues:
runs-on: ubuntu-latest
permissions:
issues: write
pull-requests: write
steps:
- uses: actions/stale@v8
with:
days-before-stale: 120
days-before-close: 60
exempt-issue-labels: bug,pinned,security,planned
exempt-pr-labels: bug,pinned,security,planned
stale-issue-label: "stale"
stale-pr-label: "stale"
stale-issue-message: |
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
close-issue-message: |
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
stale-pr-message: |
This pr has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
close-pr-message: |
This pr has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
repo-token: ${{ secrets.GITHUB_TOKEN }}

5
roles/geerlingguy.nfs/.gitignore vendored Normal file
View File

@ -0,0 +1,5 @@
*.retry
*/__pycache__
*.pyc
.cache

10
roles/geerlingguy.nfs/.yamllint Normal file
View File

@ -0,0 +1,10 @@
---
extends: default
rules:
line-length:
max: 120
level: warning
ignore: |
.github/workflows/stale.yml

20
roles/geerlingguy.nfs/LICENSE Normal file
View File

@ -0,0 +1,20 @@
The MIT License (MIT)
Copyright (c) 2017 Jeff Geerling
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

40
roles/geerlingguy.nfs/README.md Normal file
View File

@ -0,0 +1,40 @@
# Ansible Role: NFS
[![CI](https://github.com/geerlingguy/ansible-role-nfs/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-nfs/actions?query=workflow%3ACI)
Installs NFS utilities on RedHat/CentOS or Debian/Ubuntu.
## Requirements
None.
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
nfs_exports: []
A list of exports which will be placed in the `/etc/exports` file. See Ubuntu's simple [Network File System (NFS)](https://ubuntu.com/server/docs/service-nfs) guide for more info and examples. (Simple example: `nfs_exports: [ "/home/public *(rw,sync,no_root_squash)" ]`).
nfs_rpcbind_state: started
nfs_rpcbind_enabled: true
(RedHat/CentOS/Fedora only) The state of the `rpcbind` service, and whether it should be enabled at system boot.
## Dependencies
None.
## Example Playbook
- hosts: db-servers
roles:
- { role: geerlingguy.nfs }
## License
MIT / BSD
## Author Information
This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).

5
roles/geerlingguy.nfs/defaults/main.yml Normal file
View File

@ -0,0 +1,5 @@
---
nfs_exports: []
nfs_rpcbind_state: started
nfs_rpcbind_enabled: true

3
roles/geerlingguy.nfs/handlers/main.yml Normal file
View File

@ -0,0 +1,3 @@
---
- name: reload nfs
command: 'exportfs -ra'

2
roles/geerlingguy.nfs/meta/.galaxy_install_info Normal file
View File

@ -0,0 +1,2 @@
install_date: 'Mon 11 Nov 2024 01:39:36 AM '
version: 2.1.0

27
roles/geerlingguy.nfs/meta/main.yml Normal file
View File

@ -0,0 +1,27 @@
---
dependencies: []
galaxy_info:
role_name: nfs
author: geerlingguy
description: NFS installation for Linux.
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 2.10
platforms:
- name: Fedora
versions:
- all
- name: Debian
versions:
- all
- name: Ubuntu
versions:
- all
galaxy_tags:
- system
- nfs
- filesystem
- share
- nfsv4
- efs

13
roles/geerlingguy.nfs/molecule/default/converge.yml Normal file
View File

@ -0,0 +1,13 @@
---
- name: Converge
hosts: all
become: true
pre_tasks:
- name: Update apt cache.
apt: update_cache=yes cache_valid_time=600
when: ansible_os_family == 'Debian'
changed_when: false
roles:
- role: geerlingguy.nfs

21
roles/geerlingguy.nfs/molecule/default/molecule.yml Normal file
View File

@ -0,0 +1,21 @@
---
role_name_check: 1
dependency:
name: galaxy
options:
ignore-errors: true
driver:
name: docker
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux9}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
cgroupns_mode: host
privileged: true
pre_build_image: true
provisioner:
name: ansible
playbooks:
converge: ${MOLECULE_PLAYBOOK:-converge.yml}

36
roles/geerlingguy.nfs/tasks/main.yml Normal file
View File

@ -0,0 +1,36 @@
---
# Include variables and define needed variables.
- name: Include OS-specific variables.
include_vars: "{{ ansible_os_family }}.yml"
- name: Include overrides specific to Fedora.
include_vars: Fedora.yml
when:
- ansible_os_family == 'RedHat'
- ansible_distribution == "Fedora"
# Setup/install tasks.
- include_tasks: setup-RedHat.yml
when: ansible_os_family == 'RedHat'
- include_tasks: setup-Debian.yml
when: ansible_os_family == 'Debian'
- name: Ensure directories to export exist
file: # noqa 208
path: "{{ item }}"
state: directory
with_items: "{{ nfs_exports | map('split') | map('first') | unique }}"
- name: Copy exports file.
template:
src: exports.j2
dest: /etc/exports
owner: root
group: root
mode: 0644
notify: reload nfs
- name: Ensure nfs is running.
service: "name={{ nfs_server_daemon }} state=started enabled=yes"
when: nfs_exports|length

7
roles/geerlingguy.nfs/tasks/setup-Debian.yml Normal file
View File

@ -0,0 +1,7 @@
---
- name: Ensure NFS utilities are installed.
apt:
name:
- nfs-common
- nfs-kernel-server
state: present

9
roles/geerlingguy.nfs/tasks/setup-RedHat.yml Normal file
View File

@ -0,0 +1,9 @@
---
- name: Ensure NFS utilities are installed.
package: name=nfs-utils state=present
- name: Ensure rpcbind is running as configured.
service:
name: rpcbind
state: "{{ nfs_rpcbind_state }}"
enabled: "{{ nfs_rpcbind_enabled }}"

13
roles/geerlingguy.nfs/templates/exports.j2 Normal file
View File

@ -0,0 +1,13 @@
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
#
{% for export in nfs_exports %}
{{ export }}
{% endfor %}

2
roles/geerlingguy.nfs/vars/Debian.yml Normal file
View File

@ -0,0 +1,2 @@
---
nfs_server_daemon: nfs-kernel-server

2
roles/geerlingguy.nfs/vars/Fedora.yml Normal file
View File

@ -0,0 +1,2 @@
---
nfs_server_daemon: nfs-server

2
roles/geerlingguy.nfs/vars/RedHat.yml Normal file
View File

@ -0,0 +1,2 @@
---
nfs_server_daemon: nfs-server

3
templates/user-data.j2
View File

@ -24,8 +24,7 @@ chpasswd:
expire: false expire: false
users: users:
- name: eric - name: eric
type: text type: RANDOM
password: 123abc
ssh_pwauth: false ssh_pwauth: false

7
test.yaml
View File

@ -1,6 +1,7 @@
---
- name: Execute test - name: Execute test
hosts: gamma-control-plane hosts: alpha-control-plane
become: true become: true
vars_files:
- ../secrets.yaml
roles: roles:
- ericomeehan.gondwana - role: ericomeehan.eom

27
workstations.yaml
View File

@ -6,30 +6,7 @@
roles: roles:
- role: ericomeehan.debian - role: ericomeehan.debian
- role: ericomeehan.ericomeehan - role: ericomeehan.ericomeehan
- role: ericomeehan.nvidia_driver
when: nvidia_driver_needed == true
- role: geerlingguy.docker - role: geerlingguy.docker
when: docker_needed == true when: docker_needed == true
tasks:
- name: Add contrib repository
replace:
dest: /etc/apt/sources.list
regexp: '^(deb(?!.* contrib).*)'
replace: '\1 contrib'
- name: Install packages for user environment
become: yes
apt:
update_cache: yes
name:
- ansible
- curl
- davfs2
- gimp
- git
- gnome-boxes
- neovim
- passwordsafe
- python3-venv
- tmux
- torbrowser-launcher
state: present