DevOps/software-infrastructure
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
2ff0bc1502
software-infrastructure/main.yaml
Eric Meehan 2ff0bc1502 Nvidia Tesla T4
2025-03-08 11:59:41 -05:00

282 lines
6.9 KiB
YAML
Raw Blame History

---
# Playbook for eom.dev
- name: Initialize workstations
hosts: workstations
become: true
vars_files:
- ../secrets.yaml
roles:
- role: ericomeehan.debian
- role: ericomeehan.ericomeehan
- role: ericomeehan.nvidia_driver
when: nvidia_driver_needed == true
- role: geerlingguy.docker
when: docker_needed == true
- name: Initialize hypervisors
hosts: hypervisors
become: true
vars_files:
- ../secrets.yaml
roles:
- role: ericomeehan.debian
- role: ericomeehan.ericomeehan
- role: ericomeehan.nvidia_driver
when: nvidia_driver_needed == true
- name: Initialize Network File Systems
hosts: poweredge-t640
become: true
roles:
- role: geerlingguy.nfs
tasks:
- name: Create NFS directories
file:
path: "{{ item }}"
state: directory
loop:
- /data/alpha
- /data/beta
- /data/gamma
- /data/eric
- name: Setup virtualization
hosts: hypervisors
become: true
vars_files:
- ../secrets.yaml
roles:
- role: ericomeehan.libvirt_guests
vars:
doSetup: true
- name: Wait for manual tasks
hosts: localhost
tasks:
- name: Trust SSH identities
pause:
prompt: "Press Enter to continue..."
- name: Initialize virtual machines
hosts: vms
become: true
vars_files:
- ../secrets.yaml
roles:
- role: ericomeehan.ericomeehan
- name: Initialize Kubernetes clusters
hosts: clusters
become: true
pre_tasks:
- name: Enable IPv4 packet forwarding
lineinfile:
path: /etc/sysctl.conf
line: 'net.ipv4.ip_forward = 1'
state: present
- name: Enable IPv6 packet forwarding
lineinfile:
path: /etc/sysctl.conf
line: 'net.ipv6.conf.all.forwarding = 1'
state: present
- name: Reload sysctl configuration
command: sysctl --system
- name: Enable br_netfilter kernel module
command: modprobe br_netfilter
- name: Add the module to a configuration file for persistence
lineinfile:
path: /etc/modules-load.d/modules.conf
line: "br_netfilter"
- name: Install kubernetes library
apt:
name: python3-kubernetes
state: present
roles:
- role: geerlingguy.containerd
- name: Alpha Cluster
hosts: alpha
become: true
roles:
- role: geerlingguy.kubernetes
- name: Beta Cluster
hosts: beta
become: true
roles:
- role: geerlingguy.kubernetes
- name: Gamma Cluster
hosts: gamma
become: true
roles:
- role: geerlingguy.kubernetes
- name: Install Helm
hosts: control_planes
become: true
roles:
- role: geerlingguy.helm
- name: Deploy base Kubernetes resources
hosts: control_planes
become: true
tasks:
- name: Add NFS Provisioner repository
kubernetes.core.helm_repository:
name: nfs-subdir-external-provisioner
repo_url: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
- name: Add MetalLB repository
kubernetes.core.helm_repository:
name: metallb
repo_url: https://metallb.github.io/metallb
- name: Add Ingress Nginx repository
kubernetes.core.helm_repository:
name: ingress-nginx
repo_url: https://kubernetes.github.io/ingress-nginx
- name: Add cert-manager repository
kubernetes.core.helm_repository:
name: jetstack
repo_url: https://charts.jetstack.io
- name: Add bitnami repository
kubernetes.core.helm_repository:
name: bitnami
repo_url: https://charts.bitnami.com/bitnami
- name: Add nvdp repository
kubernetes.core.helm_repository:
name: nvdp
repo_url: https://nvidia.github.io/k8s-device-plugin
- name: Update Helm repos
command: helm repo update
- name: Deploy NFS Provisioner
kubernetes.core.helm:
name: nfs-subdir-external-provisioner
chart_ref: nfs-subdir-external-provisioner/nfs-subdir-external-provisioner
release_namespace: nfs-provisioner
create_namespace: true
values:
nfs:
server: poweredge-t640
path: "/data/{{ cluster_name }}"
storageClass:
defaultClass: true
- name: Deploy MetalLB
kubernetes.core.helm:
name: metallb
chart_ref: metallb/metallb
release_namespace: metallb
create_namespace: true
- name: Wait for MetalLB to initialize
wait_for:
timeout: 120
- name: Deploy BGP Peer
k8s:
state: present
definition:
apiVersion: metallb.io/v1beta2
kind: BGPPeer
metadata:
name: bgp-peer
namespace: metallb
spec:
myASN: "{{ metallb_asn }}"
peerASN: 6500
peerAddress: 192.168.1.1
- name: Deploy address pool
k8s:
state: present
definition:
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: pool0
namespace: metallb
spec:
addresses: "{{ metallb_addresses }}"
- name: Deploy BGP Advertisement
k8s:
state: present
definition:
apiVersion: metallb.io/v1beta1
kind: BGPAdvertisement
metadata:
name: bgp-advertisement
namespace: metallb
spec:
ipAddressPools:
- pool0
- name: Deploy Ingress Nginx
kubernetes.core.helm:
name: ingress-nginx
chart_ref: ingress-nginx/ingress-nginx
release_namespace: ingress-nginx
create_namespace: true
values:
controller:
annotations:
acme.cert-manager.io/http01-edit-in-place: 'true'
extraArgs:
update-status: "false"
- name: Deploy cert-manager
kubernetes.core.helm:
name: cert-manager
chart_ref: jetstack/cert-manager
release_namespace: cert-manager
create_namespace: true
values:
crds:
enabled: true
- name: Deploy Cluster Issuer
k8s:
state: present
definition:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: ca-issuer
spec:
acme:
server: "{{ letsencrypt_url }}"
email: eric@eom.dev
privateKeySecretRef:
name: letsencrypt-issuer-key
solvers:
- http01:
ingress:
ingressClassName: nginx
- name: Deploy nvidia device plugin
kubernetes.core.helm:
name: nvdp
chart_ref: nvdp/nvidia-device-plugin
release_namespace: nvidia-device-plugin
create_namespace: true
- name: Port forward HTTP(S) to Ingress Controllers
hosts: localhost
tasks:
- name: Wait for manual tasks
pause:
prompt: "Press Enter to continue..."
Reference in New Issue View Git Blame Copy Permalink