From 9057c75b1ffdd9247058415dc693b785f2782996 Mon Sep 17 00:00:00 2001 From: Thomas von Dein Date: Sun, 17 Nov 2024 16:34:32 +0100 Subject: [PATCH] updated README, added tags, fixed knownhosts, added cron mount --- Makefile | 15 +++++++++------ README.md | 14 +++++++++++--- cleanup.yaml | 1 + create.yaml | 14 ++++---------- deploy.yaml | 1 + group_vars/all/all.yaml | 8 ++++++-- roles/install/tasks/main.yaml | 4 ++-- roles/remove/tasks/main.yaml | 2 +- roles/server/tasks/main.yaml | 26 ++++++++++++++++++-------- roles/storage/tasks/main.yaml | 4 ++-- 10 files changed, 55 insertions(+), 34 deletions(-) diff --git a/Makefile b/Makefile index 25d9f08..24374ae 100644 --- a/Makefile +++ b/Makefile @@ -1,16 +1,19 @@ .PHONY: all deploy check clean create debug + TOKEN = $(shell ansible-vault decrypt --vault-password-file \ - ~/.config/ansible/hcloud.secret --output - group_vars/all/vars.yaml | cut -d' ' -f2) + ~/.config/ansible/hcloud.secret --output - \ + group_vars/all/vars.yaml | cut -d' ' -f2) SNAPSHOT = $(shell hcloud image list -t snapshot -o yaml | \ yq '. | map(select(.description == "FreeBSD-14.1-RELEASE-hcloud-init")) | .[].id') -CREATE_COMMAND = ansible-playbook create.yaml -i inventory -DEPLOY_COMMAND = ansible-playbook deploy.yaml -i inventory -CLEAN_COMMAND = ansible-playbook cleanup.yaml -i inventory -HOSTS_COMMAND = ansible-playbook knownhosts.yaml -i inventory -DEBUG_COMMAND = ansible-playbook debug.yaml -i inventory +OPTIONS = -i inventory -t active +CREATE_COMMAND = ansible-playbook create.yaml $(OPTIONS) +DEPLOY_COMMAND = ansible-playbook deploy.yaml $(OPTIONS) +CLEAN_COMMAND = ansible-playbook cleanup.yaml $(OPTIONS) +HOSTS_COMMAND = ansible-playbook knownhosts.yaml $(OPTIONS) +DEBUG_COMMAND = ansible-playbook debug.yaml $(OPTIONS) ENV = HCLOUD_TOKEN="$(TOKEN)" SNAPSHOT="$(SNAPSHOT)" ANSIBLE_VERBOSITY=$(verbose) diff --git a/README.md b/README.md index b86f151..71dcabb 100644 --- a/README.md +++ b/README.md @@ -44,12 +44,20 @@ the yaml file containing the token might be part of your public repo, it is a ansible vauld, properly encrypted and the key stays local on your work machine. +The token is then being used as an environment variable setup in the Makefile. + ### To use -- `make deploy`: deploy a new shell VPS and configure it - if it already exists, only configure +- `make`: create a new VPS and configure it + +- `make create`: create a new VPS and auxillary services + +- `make deploy`: configure the VPS - `make clean`: remove the shell VPC. Do not do this with the production instance! -To make the output more verbose, add `-v[vvv]` to the target, e.g.: `make depoy-vvvv` +To make the output more verbose, add `verbose=N` to the target, e.g.: +`make depoy verbose=2` where N is the verbosity level (0-4) + +If you want to execute only a subset of a playbook, remove the `active` tag from it. diff --git a/cleanup.yaml b/cleanup.yaml index 2521df8..e39e601 100644 --- a/cleanup.yaml +++ b/cleanup.yaml @@ -1,5 +1,6 @@ --- - name: Remove BSDNIX Servers + tags: active hosts: vps connection: local gather_facts: False diff --git a/create.yaml b/create.yaml index 5be3d3a..88eec7f 100644 --- a/create.yaml +++ b/create.yaml @@ -1,11 +1,12 @@ - name: Create the home volume + tags: active hosts: localhost connection: local - # FIXME: create volume role roles: - storage - name: Create BSDNIX Servers + tags: active hosts: vps connection: local gather_facts: False @@ -15,8 +16,8 @@ # during testing the ip addresses change all the time, so tune the # known_hosts file accordingly after setup -# FIXME: doesn't work correctly yet - name: Add/cleanup public keys of all vps' to known_hosts file + tags: active hosts: localhost connection: local gather_facts: false @@ -24,12 +25,5 @@ ssh_known_hosts_file: "{{ lookup('env','HOME') + '/.ssh/known_hosts' }}" ssh_known_hosts: "{{ groups['running'] }}" tasks: - - known_hosts: - path: "{{ ssh_known_hosts_file }}" - name: "{{ item }}" - key: "{{ lookup('pipe','ssh-keyscan -T 10 ' + item + ',' + lookup('dig',item)) }}" - state: present + - shell: "ssh-keygen -f '/home/scip/.ssh/known_hosts' -R {{ item }}" loop: "{{ ssh_known_hosts | map('extract', hostvars, ['ipv6']) | list }}" - become: no - - diff --git a/deploy.yaml b/deploy.yaml index b4eac8d..2fbfd22 100644 --- a/deploy.yaml +++ b/deploy.yaml @@ -1,5 +1,6 @@ --- - name: Configure BSDNIX Servers + tags: active hosts: running gather_facts: true user: root diff --git a/group_vars/all/all.yaml b/group_vars/all/all.yaml index 7aa4d2c..32b479c 100644 --- a/group_vars/all/all.yaml +++ b/group_vars/all/all.yaml @@ -24,8 +24,12 @@ jails: octet: 2 storage: - home: + volume: size: 10 name: zhcloud # zfs pool name - mount: /home device: da1 + mounts: + - mount: /home + name: /home + - mount: /var/cron/tabs + name: /crontabs diff --git a/roles/install/tasks/main.yaml b/roles/install/tasks/main.yaml index 62e201f..caa755d 100644 --- a/roles/install/tasks/main.yaml +++ b/roles/install/tasks/main.yaml @@ -9,11 +9,11 @@ state: present ssh_keys: "{{ ssh_keys }}" # FIXME: https://github.com/ansible-collections/hetzner.hcloud/issues/585 - #volumes: "{{ storage.home.name }}" + #volumes: "{{ storage.volume.name }}" register: server - name: Attach the home volume hetzner.hcloud.volume: - name: "{{ storage.home.name }}" + name: "{{ storage.volume.name }}" server: "{{ hostname }}" state: present diff --git a/roles/remove/tasks/main.yaml b/roles/remove/tasks/main.yaml index a3a74c4..320a0ca 100644 --- a/roles/remove/tasks/main.yaml +++ b/roles/remove/tasks/main.yaml @@ -1,7 +1,7 @@ --- - name: Remove volume hetzner.hcloud.volume: - name: "{{ storage.home.name }}" + name: "{{ storage.volume.name }}" state: absent - name: Remove server diff --git a/roles/server/tasks/main.yaml b/roles/server/tasks/main.yaml index 1d25d2c..04db006 100644 --- a/roles/server/tasks/main.yaml +++ b/roles/server/tasks/main.yaml @@ -4,13 +4,20 @@ state: present name: "{{ packages }}" -# FIXME: remove the symlink in the release snapshot +# FIXME: remove the symlink in the next release snapshot - name: Remove old home sym link shell: | rm /home touch /tmp/.ansible.home args: creates: "/tmp/.ansible.home" + +- name: Remove original cron tab dir + shell: | + rm -rf /var/cron/tabs + touch /tmp/.ansible.crontabs + args: + creates: "/tmp/.ansible.crontabs" - name: Setup home volume partition shell: | @@ -20,17 +27,20 @@ creates: "/tmp/.ansible.gpt" - name: Setup home fs type - shell: "gpart add -t freebsd-zfs -l {{ storage.home.name }} -a 1M {{ storage.home.device }}" + shell: | + gpart add -t freebsd-zfs -l {{ storage.volume.name }} -a 1M {{ storage.volume.device }} + touch /tmp/.ansible.add args: - creates: "/dev/da1p1" + creates: "/tmp/.ansible.add" - - name: Create zpool using home volume - shell: "zpool create -f {{ storage.home.name }} {{ storage.home.device }}" + shell: "zpool create -f {{ storage.volume.name }} {{ storage.volume.device }}" args: - creates: "/{{ storage.home.name }}" + creates: "/{{ storage.volume.name }}" - name: Create zfs home dataset - shell: "zfs create -o mountpoint={{ storage.home.mount }} {{ storage.home.name }}/home" + loop: "{{ storage.mounts }}" + shell: "zfs create -o mountpoint={{ item.mount }} {{ storage.volume.name }}{{ item.name }}" args: - creates: "/home" + creates: "{{ item.mount }}" + diff --git a/roles/storage/tasks/main.yaml b/roles/storage/tasks/main.yaml index ec9e150..f609221 100644 --- a/roles/storage/tasks/main.yaml +++ b/roles/storage/tasks/main.yaml @@ -1,7 +1,7 @@ --- - name: Create the home volume hetzner.hcloud.volume: - name: "{{ storage.home.name }}" + name: "{{ storage.volume.name }}" location: "{{ location }}" - size: "{{ storage.home.size }}" + size: "{{ storage.volume.size }}" state: present