Page MenuHomePhorge
Files F117748881

No OneTemporary
Actions

Authored By
Unknown
Size
9 KB
Referenced Files
None
Subscribers
None

View Options

diff --git a/deployments/ansible/roles/kolab-node/tasks/main.yaml b/deployments/ansible/roles/kolab-node/tasks/main.yaml
index e68a9fa..af18fbc 100644
--- a/deployments/ansible/roles/kolab-node/tasks/main.yaml
+++ b/deployments/ansible/roles/kolab-node/tasks/main.yaml
@@ -1,201 +1,202 @@
---
- name: Set facts for later
ansible.builtin.set_fact:
primary_ip: "{{ hostvars[groups['infrastructure_nodes'][0]].ansible_host }}"
secondary_ip: "{{ hostvars[groups['infrastructure_nodes'][1]].ansible_host }}"
worker1_ip: "{{ hostvars[groups['worker_nodes'][0]].ansible_host }}"
worker2_ip: "{{ hostvars[groups['worker_nodes'][1]].ansible_host }}"
ip: "{{ ansible_host }}"
is_infrastructure: "{{ true if ('infrastructure_nodes' in group_names) else false }}"
is_primary: "{{ true if ('hypervisor_primary_group' in group_names) else false }}"
- name: Assert that this is a kolab vm system, otherwise fail
ansible.builtin.command: grep KOLABBOOTSTRAP /etc/profile.d/sh.local
- name: ssh authorized keys
ansible.builtin.template:
src: files/authorized_keys.j2
dest: /root/.ssh/authorized_keys
owner: root
group: root
mode: '0600'
# - name: Set hostname
# ansible.builtin.hostname:
# name: "{{ hostname }}"
# Much faster than the above
- name: Set hostname
ansible.builtin.command: hostnamectl set-hostname {{ inventory_hostname }}
- name: Stop and disable firewalld
ansible.builtin.command: systemctl disable --now firewalld
ignore_errors: true
+ failed_when: false
- name: Prepare infrastructure
when: is_infrastructure
block:
# - name: Install list of required packages
# ansible.builtin.dnf:
# allowerasing: true
# name:
# - haproxy
# - keepalived
# - gem
# - mariadb-server-galera
# state: installed
# Much faster than the above
- name: Install list of required packages
ansible.builtin.command: dnf -y install haproxy keepalived gem mariadb-server-galera
- name: Setup haproxy & keepalived
block:
# - name: Install haproxyctl
# gem:
# name: haproxyctl
# version: 1.0
# state: present
# Much faster than the above
- name: Install haproxyctl
ansible.builtin.command: gem install haproxyctl
- name: Keepalived config
ansible.builtin.template:
src: files/keepalived.conf.j2
dest: /etc/keepalived/keepalived.conf
owner: root
group: root
mode: '0644'
vars:
state: "{{ 'MASTER' if is_primary else 'BACKUP' }}"
priority: "{{ '200' if is_primary else '100' }}"
- name: Haproxy config
ansible.builtin.template:
src: files/haproxy.cfg.j2
dest: /etc/haproxy/haproxy.cfg
owner: root
group: root
mode: '0644'
validate: /usr/sbin/haproxy -c -f %s
# - name: Start keepalived
# service:
# name: keepalived
# state: started
# enabled: True
# Much faster than the above
- name: Start keepalived
ansible.builtin.command: systemctl enable --now keepalived
# So we can start haproxy listening on the virtual ip,
# even if the ip is not currently available because of keepalived (only one of the systems has it)
- name: Enable ip_nonlocal_bind for haproxy
ansible.posix.sysctl:
name: net.ipv4.ip_nonlocal_bind
value: '1'
state: present
# - name: Start haproxy
# service:
# name: haproxy
# state: started
# enabled: True
# Much faster than the above
- name: Start haproxy
ansible.builtin.command: systemctl enable --now haproxy
- name: Restart haproxy in case of config change
ansible.builtin.command: systemctl restart haproxy
- name: Setup mariadb galera
ansible.builtin.include_tasks: setup_mariadb_galera.yaml
- name: Ensure mariadb is available on haproxy
command: haproxyctl show health | grep galera | grep BACKEND | grep UP | grep 2
changed_when: false
- name: Retrieve existing k3s token, or generate a new one
# Run once and set fact for all nodes
run_once: true
block:
- ansible.builtin.slurp:
src: /var/lib/rancher/k3s/server/agent-token
register: k3s_token_status
- ansible.builtin.set_fact:
k3s_token: "{{ k3s_token_status.content | b64decode | trim }}"
rescue:
- ansible.builtin.set_fact:
# Make sure we don't end up with e.g. quotes in the token (because we'll end up with problems in the shell command that passes the token)
k3s_token: "{{ lookup('community.general.random_string', length=12, special=false, override_special='!#%&()*+,-.\\/:;<=>?@[]^_{|}~') }}"
always:
- name: k3s token
ansible.builtin.debug:
msg: "{{ k3s_token }}"
- name: Install k3s server with mariadb backend
when: is_infrastructure and k3s_mariadb_backend
ansible.builtin.include_tasks: install-k3s.yaml
vars:
k3s_service_name: "k3s"
- name: Install k3s server with sqlite backend (only on primary server node, no cluster)
when: is_infrastructure and not k3s_mariadb_backend and is_primary
ansible.builtin.include_tasks: install-k3s.yaml
vars:
k3s_service_name: "k3s"
- name: Install k3s agent
when: not is_infrastructure
block:
- name: Disable swap
command: swapoff -a
- name: Disable swap
ansible.posix.mount:
name: "swap"
fstype: swap
state: absent
- name: "Install k3s agent"
ansible.builtin.include_tasks: install-k3s.yaml
vars:
k3s_service_name: "k3s-agent"
- name: Prepare storage
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: '0755'
loop:
- /data/imap/spool/
- /data/imap/lib/
- /data/postfix/spool/
- /data/postfix/lib/
- /data/amavis/spool
- /data/amavis/spamassassinLib
- /data/amavis/clamavLib
- /data/minio/data
- /data/prometheus/data
- /data/pushgateway/data
- /data/ldap/data
- /data/logs/data
- name: local registry
when: local_registry
ansible.builtin.include_tasks: local_registry.yaml
# # TODO
# * Replicated imap
# * Replicated minio
# * 2 postfix instances
# * Balance all pods over nodes (1 per node at least)
# * Attach a dedicated /data disk to vm
# * Make sure all data is under /data so nodes become ephemeral
# ** Mariadb storage
# ** k3s persistent volumes
# ** Replacing a node should be a matter of provisioning and attaching the existing disks.
# * Playbook for replacing a node
diff --git a/deployments/ansible/roles/kolab-single-node/tasks/main.yaml b/deployments/ansible/roles/kolab-single-node/tasks/main.yaml
index 8f25d6d..3d38518 100644
--- a/deployments/ansible/roles/kolab-single-node/tasks/main.yaml
+++ b/deployments/ansible/roles/kolab-single-node/tasks/main.yaml
@@ -1,71 +1,72 @@
---
- name: Assert that this is a kolab vm system, otherwise fail
ansible.builtin.command: grep KOLABBOOTSTRAP /etc/profile.d/sh.local
# - name: Set hostname
# ansible.builtin.hostname:
# name: "{{ hostname }}"
# Much faster than the above
- name: Set hostname
ansible.builtin.command: hostnamectl set-hostname {{ inventory_hostname }}
- name: Stop and disable firewalld
ansible.builtin.command: systemctl disable --now firewalld
ignore_errors: true
+ failed_when: false
- name: Disable swap
command: swapoff -a
- name: Disable swap
ansible.posix.mount:
name: "swap"
fstype: swap
state: absent
- name: Check k3s status
command: systemctl is-active k3s
ignore_errors: true
register: k3s_status
changed_when: False
- name: Check if file exists
ansible.builtin.stat:
path: /usr/local/bin/k3s
register: file_check
- name: Install k3s
ansible.builtin.shell: 'curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="server" sh -s - --disable traefik,servicelb --write-kubeconfig-mode=644'
when: not file_check.stat.exists
- name: Install k3s (offline)
ansible.builtin.shell: 'cat install.sh | INSTALL_K3S_SKIP_DOWNLOAD=true INSTALL_K3S_EXEC="server" sh -s - --disable traefik,servicelb --write-kubeconfig-mode=644'
when: file_check.stat.exists
- name: Ensure k3s is running
command: systemctl start k3s
- name: local registry
when: local_registry
block:
- name: Prepare local registry k3s
ansible.builtin.command: dnf -y install podman
- name: Start local registry
ansible.builtin.command: podman container run -dt -p 5001:5000 --name registry docker.io/library/registry:2
# Will fail if already running
ignore_errors: true
- name: registries.conf
ansible.builtin.template:
src: files/registries.conf.j2
dest: /etc/rancher/k3s/registries.yaml
owner: root
group: root
mode: '0644'
register: registries_status
- name: Restart k3s
ansible.builtin.command: systemctl restart k3s
when: registries_status.changed

File Metadata

Mime Type
text/x-diff
Expires
Sat, Apr 4, 1:15 AM (1 w, 6 d ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
18821877
Default Alt Text
(9 KB)

Event Timeline