scip/bsdnix
1
0
Fork 0
Code Issues Pull Requests Activity

updated README, added tags, fixed knownhosts, added cron mount

Browse Source
This commit is contained in:
Thomas von Dein 2024-11-17 16:34:32 +01:00
parent c0f1f9051e
commit 9057c75b1f
10 changed files with 55 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
Makefile
View File

@ -1,16 +1,19 @@
.PHONY: all deploy check clean create debug .PHONY: all deploy check clean create debug
TOKEN = $(shell ansible-vault decrypt --vault-password-file \ TOKEN = $(shell ansible-vault decrypt --vault-password-file \
~/.config/ansible/hcloud.secret --output - group_vars/all/vars.yaml | cut -d' ' -f2) ~/.config/ansible/hcloud.secret --output - \
group_vars/all/vars.yaml | cut -d' ' -f2)
SNAPSHOT = $(shell hcloud image list -t snapshot -o yaml | \ SNAPSHOT = $(shell hcloud image list -t snapshot -o yaml | \
yq '. | map(select(.description == "FreeBSD-14.1-RELEASE-hcloud-init")) | .[].id') yq '. | map(select(.description == "FreeBSD-14.1-RELEASE-hcloud-init")) | .[].id')
CREATE_COMMAND = ansible-playbook create.yaml -i inventory OPTIONS = -i inventory -t active
DEPLOY_COMMAND = ansible-playbook deploy.yaml -i inventory CREATE_COMMAND = ansible-playbook create.yaml $(OPTIONS)
CLEAN_COMMAND = ansible-playbook cleanup.yaml -i inventory DEPLOY_COMMAND = ansible-playbook deploy.yaml $(OPTIONS)
HOSTS_COMMAND = ansible-playbook knownhosts.yaml -i inventory CLEAN_COMMAND = ansible-playbook cleanup.yaml $(OPTIONS)
DEBUG_COMMAND = ansible-playbook debug.yaml -i inventory HOSTS_COMMAND = ansible-playbook knownhosts.yaml $(OPTIONS)
DEBUG_COMMAND = ansible-playbook debug.yaml $(OPTIONS)
ENV = HCLOUD_TOKEN="$(TOKEN)" SNAPSHOT="$(SNAPSHOT)" ANSIBLE_VERBOSITY=$(verbose) ENV = HCLOUD_TOKEN="$(TOKEN)" SNAPSHOT="$(SNAPSHOT)" ANSIBLE_VERBOSITY=$(verbose)

14
README.md
View File

@ -44,12 +44,20 @@ the yaml file containing the token might be part of your public repo,
it is a ansible vauld, properly encrypted and the key stays local on it is a ansible vauld, properly encrypted and the key stays local on
your work machine. your work machine.
The token is then being used as an environment variable setup in the Makefile.
### To use ### To use
- `make deploy`: deploy a new shell VPS and configure it - `make`: create a new VPS and configure it
if it already exists, only configure
- `make create`: create a new VPS and auxillary services
- `make deploy`: configure the VPS
- `make clean`: remove the shell VPC. Do not do this with the production instance! - `make clean`: remove the shell VPC. Do not do this with the production instance!
To make the output more verbose, add `-v[vvv]` to the target, e.g.: `make depoy-vvvv` To make the output more verbose, add `verbose=N` to the target, e.g.:
`make depoy verbose=2` where N is the verbosity level (0-4)
If you want to execute only a subset of a playbook, remove the `active` tag from it.

1
cleanup.yaml
View File

@ -1,5 +1,6 @@
--- ---
- name: Remove BSDNIX Servers - name: Remove BSDNIX Servers
tags: active
hosts: vps hosts: vps
connection: local connection: local
gather_facts: False gather_facts: False

14
create.yaml
View File

@ -1,11 +1,12 @@
- name: Create the home volume - name: Create the home volume
tags: active
hosts: localhost hosts: localhost
connection: local connection: local
# FIXME: create volume role
roles: roles:
- storage - storage
- name: Create BSDNIX Servers - name: Create BSDNIX Servers
tags: active
hosts: vps hosts: vps
connection: local connection: local
gather_facts: False gather_facts: False
@ -15,8 +16,8 @@
# during testing the ip addresses change all the time, so tune the # during testing the ip addresses change all the time, so tune the
# known_hosts file accordingly after setup # known_hosts file accordingly after setup
# FIXME: doesn't work correctly yet
- name: Add/cleanup public keys of all vps' to known_hosts file - name: Add/cleanup public keys of all vps' to known_hosts file
tags: active
hosts: localhost hosts: localhost
connection: local connection: local
gather_facts: false gather_facts: false
@ -24,12 +25,5 @@
ssh_known_hosts_file: "{{ lookup('env','HOME') + '/.ssh/known_hosts' }}" ssh_known_hosts_file: "{{ lookup('env','HOME') + '/.ssh/known_hosts' }}"
ssh_known_hosts: "{{ groups['running'] }}" ssh_known_hosts: "{{ groups['running'] }}"
tasks: tasks:
- known_hosts: - shell: "ssh-keygen -f '/home/scip/.ssh/known_hosts' -R {{ item }}"
path: "{{ ssh_known_hosts_file }}"
name: "{{ item }}"
key: "{{ lookup('pipe','ssh-keyscan -T 10 ' + item + ',' + lookup('dig',item)) }}"
state: present
loop: "{{ ssh_known_hosts | map('extract', hostvars, ['ipv6']) | list }}" loop: "{{ ssh_known_hosts | map('extract', hostvars, ['ipv6']) | list }}"
become: no

1
deploy.yaml
View File

@ -1,5 +1,6 @@
--- ---
- name: Configure BSDNIX Servers - name: Configure BSDNIX Servers
tags: active
hosts: running hosts: running
gather_facts: true gather_facts: true
user: root user: root

8
group_vars/all/all.yaml
View File

@ -24,8 +24,12 @@ jails:
octet: 2 octet: 2
storage: storage:
home: volume:
size: 10 size: 10
name: zhcloud # zfs pool name name: zhcloud # zfs pool name
mount: /home
device: da1 device: da1
mounts:
- mount: /home
name: /home
- mount: /var/cron/tabs
name: /crontabs

4
roles/install/tasks/main.yaml
View File

@ -9,11 +9,11 @@
state: present state: present
ssh_keys: "{{ ssh_keys }}" ssh_keys: "{{ ssh_keys }}"
# FIXME: https://github.com/ansible-collections/hetzner.hcloud/issues/585 # FIXME: https://github.com/ansible-collections/hetzner.hcloud/issues/585
#volumes: "{{ storage.home.name }}" #volumes: "{{ storage.volume.name }}"
register: server register: server
- name: Attach the home volume - name: Attach the home volume
hetzner.hcloud.volume: hetzner.hcloud.volume:
name: "{{ storage.home.name }}" name: "{{ storage.volume.name }}"
server: "{{ hostname }}" server: "{{ hostname }}"
state: present state: present

2
roles/remove/tasks/main.yaml
View File

@ -1,7 +1,7 @@
--- ---
- name: Remove volume - name: Remove volume
hetzner.hcloud.volume: hetzner.hcloud.volume:
name: "{{ storage.home.name }}" name: "{{ storage.volume.name }}"
state: absent state: absent
- name: Remove server - name: Remove server

26
roles/server/tasks/main.yaml
View File

@ -4,13 +4,20 @@
state: present state: present
name: "{{ packages }}" name: "{{ packages }}"
# FIXME: remove the symlink in the release snapshot # FIXME: remove the symlink in the next release snapshot
- name: Remove old home sym link - name: Remove old home sym link
shell: | shell: |
rm /home rm /home
touch /tmp/.ansible.home touch /tmp/.ansible.home
args: args:
creates: "/tmp/.ansible.home" creates: "/tmp/.ansible.home"
- name: Remove original cron tab dir
shell: |
rm -rf /var/cron/tabs
touch /tmp/.ansible.crontabs
args:
creates: "/tmp/.ansible.crontabs"
- name: Setup home volume partition - name: Setup home volume partition
shell: | shell: |
@ -20,17 +27,20 @@
creates: "/tmp/.ansible.gpt" creates: "/tmp/.ansible.gpt"
- name: Setup home fs type - name: Setup home fs type
shell: "gpart add -t freebsd-zfs -l {{ storage.home.name }} -a 1M {{ storage.home.device }}" shell: |
gpart add -t freebsd-zfs -l {{ storage.volume.name }} -a 1M {{ storage.volume.device }}
touch /tmp/.ansible.add
args: args:
creates: "/dev/da1p1" creates: "/tmp/.ansible.add"
- name: Create zpool using home volume - name: Create zpool using home volume
shell: "zpool create -f {{ storage.home.name }} {{ storage.home.device }}" shell: "zpool create -f {{ storage.volume.name }} {{ storage.volume.device }}"
args: args:
creates: "/{{ storage.home.name }}" creates: "/{{ storage.volume.name }}"
- name: Create zfs home dataset - name: Create zfs home dataset
shell: "zfs create -o mountpoint={{ storage.home.mount }} {{ storage.home.name }}/home" loop: "{{ storage.mounts }}"
shell: "zfs create -o mountpoint={{ item.mount }} {{ storage.volume.name }}{{ item.name }}"
args: args:
creates: "/home" creates: "{{ item.mount }}"

4
roles/storage/tasks/main.yaml
View File

@ -1,7 +1,7 @@
--- ---
- name: Create the home volume - name: Create the home volume
hetzner.hcloud.volume: hetzner.hcloud.volume:
name: "{{ storage.home.name }}" name: "{{ storage.volume.name }}"
location: "{{ location }}" location: "{{ location }}"
size: "{{ storage.home.size }}" size: "{{ storage.volume.size }}"
state: present state: present