added creating new vps, fine tuned inventories (now using 2), + doc

2024-11-11 19:28:55 +01:00 · 2024-11-11 19:28:55 +01:00 · 562fec8549
commit 562fec8549
parent 9c4b80cb5b
17 changed files with 161 additions and 70 deletions
--- a/32
+++ b/32
@ -1,22 +1,42 @@
-.PHONY: all deploy depoy-v deploy-vv deploy-vvv deploy-vvv check
+.PHONY: all deploy depoy-v deploy-vv deploy-vvv deploy-vvv check clean clean-v clean-vv clean-vvv clean-vvvv

 TOKEN = $(shell ansible-vault decrypt --vault-password-file ~/.config/ansible/hcloud.secret --output - group_vars/all/vars.yaml | cut -d' ' -f2)

+SNAPSHOT = $(shell hcloud image  list -t snapshot -o yaml | yq '. | map(select(.description == "FreeBSD-14.1-RELEASE-hcloud-init")) | .[].id')
+
+DEPLOY_COMMAND = ansible-playbook deploy.yaml -i inventory
+CLEAN_COMMAND = ansible-playbook cleanup.yaml -i inventory
+ENV = HCLOUD_TOKEN="$(TOKEN)" SNAPSHOT="$(SNAPSHOT)"

 deploy:
-	HCLOUD_TOKEN="$(TOKEN)" ansible-playbook deploy.yaml -i inventory
+	$(ENV) $(DEPLOY_COMMAND)

 deploy-v:
-	HCLOUD_TOKEN="$(TOKEN)" ansible-playbook -v deploy.yaml -i inventory
+	$(ENV) ANSIBLE_VERBOSITY=1 $(DEPLOY_COMMAND)

 deploy-vv:
-	HCLOUD_TOKEN="$(TOKEN)" ansible-playbook -vv deploy.yaml -i inventory
+	$(ENV) ANSIBLE_VERBOSITY=2 $(DEPLOY_COMMAND)

 deploy-vvv:
-	HCLOUD_TOKEN="$(TOKEN)" ansible-playbook -vvv deploy.yaml -i inventory
+	$(ENV) ANSIBLE_VERBOSITY=3 $(DEPLOY_COMMAND)

 deploy-vvvv:
-	HCLOUD_TOKEN="$(TOKEN)" ansible-playbook -vvvv deploy.yaml -i inventory
+	$(ENV) ANSIBLE_VERBOSITY=4 $(DEPLOY_COMMAND)
+
+clean:
+	$(ENV) $(CLEAN_COMMAND)
+
+clean-v:
+	$(ENV) ANSIBLE_VERBOSITY=1 $(CLEAN_COMMAND)
+
+clean-vv:
+	$(ENV) ANSIBLE_VERBOSITY=2 $(CLEAN_COMMAND)
+
+clean-vvv:
+	$(ENV) ANSIBLE_VERBOSITY=3 $(CLEAN_COMMAND)
+
+clean-vvvv:
+	$(ENV) ANSIBLE_VERBOSITY=4 $(CLEAN_COMMAND)

 check:
 	ansible-playbook -vvv --ask-vault-pass deploy.yaml -i inventory --syntax-check
--- a/README.md
+++ b/README.md
@ -0,0 +1,55 @@
+## Ansible roles and playbook to maintain bsdnix.de
+
+### Basics
+
+In order to be able to deploy freebsd vps' on Hetzner cloud you need to do:
+
+- first create a vps with debian
+- from there install freebsd using mfs method (uncle google will tell you)
+- update the freebsd system
+- install python and https://github.com/paulc/hcloud-freebsd
+- enable hcloud-freebsd
+- `/etc/rc.conf` shall not contain a hostname or ip config, hcloud-freebsd will
+  add it. Even ipv6 only works, since the script grabs the server vars from
+  169.254.169.254, which will be reachable even if the server has no public ipv4 ip
+- cleanup history, logs, etc
+- shutdown the vps
+- create a snapshot, name it visely, I name mine like: `FreeBSD-14.1-RELEASE-hcloud-init`
+- delete the builder vps
+
+Then you can deploy new freebsd vps' using this snapshot. They'll come
+up, configure themselves to be reachable.
+
+The `deploy.yaml` playbook will then use the hetzner cloud dynamic
+inventory to discover your vps. So, you have to call `make deploy`
+twice: once to deploy a new vps and second time to configure
+it. Subsequent calls only configure of course.
+
+### Setup ansible
+
+- Create `group_vars/all/vars.yaml` with this content:
+  ```yaml
+  hetzner_cloud_token: <YOUR-HETZNER-HCLOUD-TOKEN>
+  ```
+- Create a file containing some generated password:
+  `pwgen -ys 32 1 > ~/.config/ansible/hcloud.secret`
+  
+- Encrypt the vars file:
+  `ansible-vault encrypt --vault-password-file
+  ~/.config/ansible/hcloud.secret group_vars/all/vars.yaml`
+  
+Now the hetzner ansible plugin is able to call hcloud with the
+appropriate token, no need to enter it manually anymore. Also, while
+the yaml file containing the token might be part of your public repo,
+it is a ansible vauld, properly encrypted and the key stays local on
+your work machine.
+
+### To use
+
+- `make deploy`: deploy a new shell VPS and configure it
+   if it already exists, only configure
+   
+- `make clean`: remove the shell VPC. Do not do this with the production instance!
+
+
+To make the output more verbose, add `-v[vvv]` to the target, e.g.: `make depoy-vvvv`
--- a/TODO.md
+++ b/TODO.md
@ -1,5 +1,7 @@
 ## Install tarball

+### install from tarball example:
+
 ```yaml
 - name: "If jdk not exists then only download and unarchive"
  unarchive:
@ -12,3 +14,9 @@
  command: mv /opt/jdk-17_linux-arch64 /opt/jdk-17
  when: foo.changed == True
 ```
+
+### configure DNS record for newly created instance
+
+https://github.com/bodsch/ansible-collection-dns/blob/main/roles/knot/README.md
+
+or using e3 using wrapper script around `jaildk exec dns knotc ...`
--- a/ansible.cfg
+++ b/ansible.cfg
@ -6,4 +6,4 @@ stdout_callback: yaml
 pipelining = True

 [inventory]
-enable_plugins = hcloud
+enable_plugins = hcloud, host_list, yaml
--- a/bak/Makefile
+++ b/bak/Makefile
@ -1,7 +0,0 @@
-.PHONY: all deploy check
-
-deploy:
-	ansible-playbook -vvv --ask-vault-pass server-role.yaml -i inventory
-
-check:
-	ansible-playbook -vvv --ask-vault-pass server-role.yaml -i inventory --syntax-check
--- a/bak/group_vars/all.yaml
+++ b/bak/group_vars/all.yaml
@ -1,5 +0,0 @@
-type: cpx11
-image: 191285714
-packages:
-  - cpdup
-  - bash
--- a/bak/host_vars/shell.yaml
+++ b/bak/host_vars/shell.yaml
@ -1,2 +0,0 @@
-hostname: shell.daemon.de
-ansible_user: root
--- a/bak/inventory/all.yaml
+++ b/bak/inventory/all.yaml
@ -1,3 +0,0 @@
-shellservers:
-  hosts:
-    shell.daemon.de:
--- a/bak/roles/server/tasks/main.yaml
+++ b/bak/roles/server/tasks/main.yaml
@ -1,19 +0,0 @@
---
-# - name: Create server
-#   hcloud_server:
-#     api_token: "{{ hcloud_token }}"
-#     name: "{{ hostname }}"
-#     server_type: "{{ type }}"
-#     image: "{{ image }}"
-#     location: ash
-#     enable_ipv4: false
-#     state: present
-#   register: server
-
- command: which python
-  register: result
-
-# - name: Install Packages
-#   community.general.pkgng:
-#     state: present
-#     name: "{{ packages }}"
--- a/bak/server-role.yaml
+++ b/bak/server-role.yaml
@ -1,23 +0,0 @@
---
- name: Create BSDNIX Servers
-  hosts: all
-  connection: local
-  gather_facts: False
-  user: root
-  vars:
-    # generated with:
-    # echo -n $(hcloud config get token --allow-sensitive) \
-    #     | ansible-vault encrypt_string --stdin-name hcloud_token
-    hcloud_token: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          64393765623232326566303864653934396432613235626330326335383332623437396163336432
-          3035386161376333386334653863323933393366636537300a666338373539633566336230353362
-          66653331663364346137383637666332333565373138646533313339323034353833383832336261
-          3665656264356165300a636633366166363261663663336664653832646666313936396665356132
-          37373235623735633266353963666364363461303939343532636131643164333930343434336366
-          36346235336561386237323931333435343461336239323435356634333439303765313663656231
-          65313964306535376236613635346363376235363330303962353365383537616139393965646563
-          37356465653663373362
-  roles:
-    - role: server
-          
--- a/cleanup.yaml
+++ b/cleanup.yaml
@ -0,0 +1,8 @@
+---
+- name: Remove BSDNIX Servers
+  hosts: vps
+  connection: local
+  gather_facts: False
+  user: root
+  roles:
+    - role: remove
--- a/deploy.yaml
+++ b/deploy.yaml
@ -1,6 +1,6 @@
 ---
- name: Create BSDNIX Servers
-  hosts: all
+- name: Configure BSDNIX Servers
+  hosts: running
  gather_facts: true
  user: root
  roles:
@ -8,3 +8,11 @@
    - role: network
    - role: firewall
    - role: jails
+
+- name: Create BSDNIX Servers
+  hosts: vps
+  connection: local
+  gather_facts: False
+  user: root
+  roles:
+    - role: install
--- a/group_vars/all/all.yaml
+++ b/group_vars/all/all.yaml
@ -1,6 +1,20 @@
-type: cpx11
-image: 191285714
+type: cx22
+
+# resolved on startup in Makefile
+image: "{{ lookup('ansible.builtin.env', 'SNAPSHOT') }}"
+
+# extranous general packages we might need
 packages:
  - cpdup
  - bash
+
+# used by bastille to build a base
 release: 14.1-RELEASE
+
+location: fsn1
+
+# must already exist in group project
+ssh_keys:
+  - scip@e3
+  - scip@tripod
+  - scip@pixel8
--- a/inventory/hosts.hcloud.yaml
+++ b/inventory/hosts.hcloud.yaml
@ -1,4 +1,5 @@
 plugin: hcloud
+group: running
 status:
  - running
 groups:
--- a/inventory/vps.yaml
+++ b/inventory/vps.yaml
@ -0,0 +1,5 @@
+---
+vps:
+  hosts:
+    shell:
+      hostname: shell.daemon.de
--- a/roles/install/tasks/main.yaml
+++ b/roles/install/tasks/main.yaml
@ -0,0 +1,19 @@
+---
+- name: Create server
+  hcloud_server:
+    name: "{{ hostname }}"
+    server_type: "{{ type }}"
+    image: "{{ image }}"
+    location: "{{ location }}"
+    enable_ipv4: false
+    state: present
+    ssh_keys: "{{ ssh_keys }}"
+  register: server
+
+# - command: which python
+#   register: result
+
+# - name: Install Packages
+#   community.general.pkgng:
+#     state: present
+#     name: "{{ packages }}"
--- a/roles/remove/tasks/main.yaml
+++ b/roles/remove/tasks/main.yaml
@ -0,0 +1,12 @@
+---
+- name: Remove server
+  hcloud_server:
+    name: "{{ hostname }}"
+    server_type: "{{ type }}"
+    image: "{{ image }}"
+    location: "{{ location }}"
+    enable_ipv4: false
+    state: absent
+    ssh_keys: "{{ ssh_keys }}"
+  register: server
+