Page MenuHomePhorge
Files F117748874

No OneTemporary
Actions

Authored By
Unknown
Size
6 KB
Referenced Files
None
Subscribers
None

View Options

diff --git a/deployments/ansible/roles/kolab-node/tasks/main.yaml b/deployments/ansible/roles/kolab-node/tasks/main.yaml
index 40cc69f..e68a9fa 100644
--- a/deployments/ansible/roles/kolab-node/tasks/main.yaml
+++ b/deployments/ansible/roles/kolab-node/tasks/main.yaml
@@ -1,201 +1,201 @@
---
- name: Set facts for later
ansible.builtin.set_fact:
primary_ip: "{{ hostvars[groups['infrastructure_nodes'][0]].ansible_host }}"
secondary_ip: "{{ hostvars[groups['infrastructure_nodes'][1]].ansible_host }}"
worker1_ip: "{{ hostvars[groups['worker_nodes'][0]].ansible_host }}"
worker2_ip: "{{ hostvars[groups['worker_nodes'][1]].ansible_host }}"
ip: "{{ ansible_host }}"
is_infrastructure: "{{ true if ('infrastructure_nodes' in group_names) else false }}"
is_primary: "{{ true if ('hypervisor_primary_group' in group_names) else false }}"
- name: Assert that this is a kolab vm system, otherwise fail
ansible.builtin.command: grep KOLABBOOTSTRAP /etc/profile.d/sh.local
- name: ssh authorized keys
ansible.builtin.template:
src: files/authorized_keys.j2
dest: /root/.ssh/authorized_keys
owner: root
group: root
mode: '0600'
# - name: Set hostname
# ansible.builtin.hostname:
# name: "{{ hostname }}"
# Much faster than the above
- name: Set hostname
ansible.builtin.command: hostnamectl set-hostname {{ inventory_hostname }}
- name: Stop and disable firewalld
ansible.builtin.command: systemctl disable --now firewalld
ignore_errors: true
- name: Prepare infrastructure
when: is_infrastructure
block:
# - name: Install list of required packages
# ansible.builtin.dnf:
# allowerasing: true
# name:
# - haproxy
# - keepalived
# - gem
# - mariadb-server-galera
# state: installed
# Much faster than the above
- name: Install list of required packages
ansible.builtin.command: dnf -y install haproxy keepalived gem mariadb-server-galera
- name: Setup haproxy & keepalived
block:
# - name: Install haproxyctl
# gem:
# name: haproxyctl
# version: 1.0
# state: present
# Much faster than the above
- name: Install haproxyctl
ansible.builtin.command: gem install haproxyctl
- name: Keepalived config
ansible.builtin.template:
src: files/keepalived.conf.j2
dest: /etc/keepalived/keepalived.conf
owner: root
group: root
mode: '0644'
vars:
state: "{{ 'MASTER' if is_primary else 'BACKUP' }}"
priority: "{{ '200' if is_primary else '100' }}"
- name: Haproxy config
ansible.builtin.template:
src: files/haproxy.cfg.j2
dest: /etc/haproxy/haproxy.cfg
owner: root
group: root
mode: '0644'
validate: /usr/sbin/haproxy -c -f %s
# - name: Start keepalived
# service:
# name: keepalived
# state: started
# enabled: True
# Much faster than the above
- name: Start keepalived
ansible.builtin.command: systemctl enable --now keepalived
# So we can start haproxy listening on the virtual ip,
# even if the ip is not currently available because of keepalived (only one of the systems has it)
- name: Enable ip_nonlocal_bind for haproxy
ansible.posix.sysctl:
name: net.ipv4.ip_nonlocal_bind
value: '1'
state: present
# - name: Start haproxy
# service:
# name: haproxy
# state: started
# enabled: True
# Much faster than the above
- name: Start haproxy
ansible.builtin.command: systemctl enable --now haproxy
- name: Restart haproxy in case of config change
ansible.builtin.command: systemctl restart haproxy
- name: Setup mariadb galera
ansible.builtin.include_tasks: setup_mariadb_galera.yaml
- name: Ensure mariadb is available on haproxy
command: haproxyctl show health | grep galera | grep BACKEND | grep UP | grep 2
changed_when: false
- name: Retrieve existing k3s token, or generate a new one
# Run once and set fact for all nodes
run_once: true
block:
- ansible.builtin.slurp:
src: /var/lib/rancher/k3s/server/agent-token
register: k3s_token_status
- ansible.builtin.set_fact:
k3s_token: "{{ k3s_token_status.content | b64decode | trim }}"
rescue:
- ansible.builtin.set_fact:
# Make sure we don't end up with e.g. quotes in the token (because we'll end up with problems in the shell command that passes the token)
- k3s_token: "{{ lookup('community.general.random_string', length=12, override_special='!#%&()*+,-./:;<=>?@[]^_{|}~') }}"
+ k3s_token: "{{ lookup('community.general.random_string', length=12, special=false, override_special='!#%&()*+,-.\\/:;<=>?@[]^_{|}~') }}"
always:
- name: k3s token
ansible.builtin.debug:
msg: "{{ k3s_token }}"
- name: Install k3s server with mariadb backend
when: is_infrastructure and k3s_mariadb_backend
ansible.builtin.include_tasks: install-k3s.yaml
vars:
k3s_service_name: "k3s"
- name: Install k3s server with sqlite backend (only on primary server node, no cluster)
when: is_infrastructure and not k3s_mariadb_backend and is_primary
ansible.builtin.include_tasks: install-k3s.yaml
vars:
k3s_service_name: "k3s"
- name: Install k3s agent
when: not is_infrastructure
block:
- name: Disable swap
command: swapoff -a
- name: Disable swap
ansible.posix.mount:
name: "swap"
fstype: swap
state: absent
- name: "Install k3s agent"
ansible.builtin.include_tasks: install-k3s.yaml
vars:
k3s_service_name: "k3s-agent"
- name: Prepare storage
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: '0755'
loop:
- /data/imap/spool/
- /data/imap/lib/
- /data/postfix/spool/
- /data/postfix/lib/
- /data/amavis/spool
- /data/amavis/spamassassinLib
- /data/amavis/clamavLib
- /data/minio/data
- /data/prometheus/data
- /data/pushgateway/data
- /data/ldap/data
- /data/logs/data
- name: local registry
when: local_registry
ansible.builtin.include_tasks: local_registry.yaml
# # TODO
# * Replicated imap
# * Replicated minio
# * 2 postfix instances
# * Balance all pods over nodes (1 per node at least)
# * Attach a dedicated /data disk to vm
# * Make sure all data is under /data so nodes become ephemeral
# ** Mariadb storage
# ** k3s persistent volumes
# ** Replacing a node should be a matter of provisioning and attaching the existing disks.
# * Playbook for replacing a node

File Metadata

Mime Type
text/x-diff
Expires
Sat, Apr 4, 1:15 AM (1 w, 6 d ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
18821875
Default Alt Text
(6 KB)

Event Timeline