ansible refactor. only need to add email for nas features

.taskfiles/ansible.yml

@@ -41,35 +41,35 @@ tasks:
     desc: Prepare storage node for k8s cluster
     dir: provision/ansible
     cmds:
-      - "ansible-playbook -i {{.ANSIBLE_INVENTORY_DIR}}/hosts.yml {{.ANSIBLE_PLAYBOOK_DIR}}/nas/nas-install.yml"
+      - "ansible-playbook -i {{.ANSIBLE_INVENTORY_DIR}}/hosts.yml {{.ANSIBLE_PLAYBOOK_DIR}}/nas/install.yml"
     silent: true
 
   playbook:ubuntu-prepare:
     desc: Prepare all the k8s nodes for running k3s
     dir: provision/ansible
     cmds:
-      - "ansible-playbook -i {{.ANSIBLE_INVENTORY_DIR}}/hosts.yml {{.ANSIBLE_PLAYBOOK_DIR}}/ubuntu/ubuntu-prepare.yml"
+      - "ansible-playbook -i {{.ANSIBLE_INVENTORY_DIR}}/hosts.yml {{.ANSIBLE_PLAYBOOK_DIR}}/ubuntu/prepare.yml"
     silent: true
 
   playbook:ubuntu-upgrade:
     desc: Upgrade all the k8s nodes operating system
     dir: provision/ansible
     cmds:
-      - "ansible-playbook -i {{.ANSIBLE_INVENTORY_DIR}}/hosts.yml {{.ANSIBLE_PLAYBOOK_DIR}}/ubuntu/ubuntu-upgrade.yml"
+      - "ansible-playbook -i {{.ANSIBLE_INVENTORY_DIR}}/hosts.yml {{.ANSIBLE_PLAYBOOK_DIR}}/ubuntu/upgrade.yml"
     silent: true
 
   playbook:k3s-install:
     desc: Install Kubernetes on the nodes
     dir: provision/ansible
     cmds:
-      - "ansible-playbook -i {{.ANSIBLE_INVENTORY_DIR}}/hosts.yml {{.ANSIBLE_PLAYBOOK_DIR}}/kubernetes/k3s-install.yml"
+      - "ansible-playbook -i {{.ANSIBLE_INVENTORY_DIR}}/hosts.yml {{.ANSIBLE_PLAYBOOK_DIR}}/k3s/install.yml"
     silent: true
 
   playbook:k3s-nuke:
     desc: Install Kubernetes on the nodes
     dir: provision/ansible
     cmds:
-      - "ansible-playbook -i {{.ANSIBLE_INVENTORY_DIR}}/hosts.yml {{.ANSIBLE_PLAYBOOK_DIR}}/kubernetes/k3s-nuke.yml"
+      - "ansible-playbook -i {{.ANSIBLE_INVENTORY_DIR}}/hosts.yml {{.ANSIBLE_PLAYBOOK_DIR}}/k3s/nuke.yml"
 
   adhoc:ping:
     desc: Ping all the hosts

provision/ansible/inventory/group_vars/kubernetes/k3s.yml → provision/ansible/inventory/group_vars/all/k3s.yml

@@ -18,7 +18,7 @@ k3s_become_for_all: true
 k3s_debug: false
 
 # Enabled embedded etcd
-k3s_etcd_datastore: true
+k3s_etcd_datastore: false
 
 # Enable for single or even number of masters
 k3s_use_unsupported_config: true

provision/ansible/inventory/group_vars/kubernetes/kube-vip.yaml → provision/ansible/inventory/group_vars/all/kube-vip.yml

@@ -8,4 +8,4 @@ kubevip_address: 10.10.2.5
 
 kubevip_bgp_as_number: 64555
 
-kubevip_bgp_peer_as_number: 64555
+kubevip_bgp_peer_as_number: 64560

provision/ansible/inventory/group_vars/kubernetes/ubuntu.yml → provision/ansible/inventory/group_vars/all/ubuntu.yml

@@ -5,7 +5,11 @@ timezone: "America/New_York"
 # Add cloudflare ntp server
 ntp_servers:
   primary:
-    - time.cloudflare.com
+    - "time.cloudflare.com"
+  falback:
+    - "0.us.pool.ntp.org"
+    - "1.us.pool.ntp.org"
+    - "2.us.pool.ntp.org"
 
 # Additional ssh public keys to add to the nodes
 ssh_authorized_keys:

provision/ansible/inventory/group_vars/master/k3s.yml → provision/ansible/inventory/group_vars/master-nodes/k3s.yml

@@ -23,9 +23,9 @@ k3s_server:
   disable-cloud-controller: true
   write-kubeconfig-mode: "644"
   # Network CIDR to use for pod IPs
-  cluster-cidr: "172.21.0.0/16"
+  cluster-cidr: "172.20.0.0/16"
   # Network CIDR to use for service IPs
-  service-cidr: "172.23.0.0/16"
+  service-cidr: "172.22.0.0/16"
   kubelet-arg:
     - "feature-gates=GracefulNodeShutdown=true"
     - "feature-gates=MixedProtocolLBService=true"
@@ -38,4 +38,7 @@ k3s_server:
   kube-scheduler-arg:
     - "address=0.0.0.0"
     - "bind-address=0.0.0.0"
-  etcd-expose-metrics: true
+  etcd-expose-metrics: false
+  # Required for HAProxy health-checks
+  kube-apiserver-arg:
+    - "anonymous-auth=true"

provision/ansible/inventory/group_vars/storage-nodes/ubuntu.yml

@@ -0,0 +1,15 @@
+---
+apt_install_packages:
+  - dmraid
+  - git
+  - gnupg2
+  - ipmitool
+  - lm-sensors
+  - msmtp
+  - msmtp-mta
+  - rclone
+  - tmux
+  - tree
+  - uidmap
+  - zfs-zed
+  - zfsutils-linux

provision/ansible/inventory/host_vars/k8s-0/samba.yml

@@ -0,0 +1,8 @@
+---
+samba_users:
+  - name: j_r0dd
+    password: "{{ j_r0dd_passwd }}"
+  - name: waleska
+    password: "{{ waleska_passwd }}"
+  - name: nathan
+    password: "{{ nathan_passwd }}"

provision/ansible/inventory/host_vars/k8s-0.sops.yml → provision/ansible/inventory/host_vars/k8s-0/secret.sops.yml

@@ -1,20 +1,17 @@
 kind: Secret
 ansible_become_pass: ENC[AES256_GCM,data:OJjZPSTKOdQ=,iv:wfS9gLM87lM5TMbDscoMrcvB8YP+YvQNcFIuetGqL6w=,tag:0d0+YonGAA5E8D5vyiv/jw==,type:str]
 email: ENC[AES256_GCM,data:WkwKqWEJ/1msoZzQiB6er5M=,iv:9t4fHoJl0MZuJ1UlPTPCeQ9J6BL/GSS1P/axVQs3TYI=,tag:M1OgxBWQsbG0IvtMbojOBQ==,type:str]
-user0: ENC[AES256_GCM,data:NGB9yJI4,iv:920JkN4nchfFNGsfIv8339A+YS06EgEi8fn6SyDKRms=,tag:+XohtIo/Hob4LCxnLy27Yg==,type:str]
-user0_passwd: ENC[AES256_GCM,data:4sOPGtBikxM=,iv:inxx3fhWhO5aRccWQhRyVscwT272CvaKf8Ku3y08ESc=,tag:AU1yhGIW+geKKvt9FSDnCQ==,type:str]
-user1: ENC[AES256_GCM,data:3gZWTRzFHQ==,iv:laIIxMuwl/VbTL3KhXnsvIvkj+OfKXPwSqdHiuTOdNk=,tag:11iJ0xjrP0OuIjVJrVRNkw==,type:str]
-user1_passwd: ENC[AES256_GCM,data:Cu6DYOisuPs=,iv:m5OELzG6q4BuJXy4bvTH4JVd86nx5cAURZTcFRHxvgQ=,tag:cpRb3MdzGEmdPc67Tf6UJg==,type:str]
-user2: ENC[AES256_GCM,data:8S86d+Wv,iv:5/FeJknpnEmsFIKeCRzX8ajmlt1WpuzicF/FE+nAwbo=,tag:wmV/b+mjy1QNYvjYD/Eg7A==,type:str]
-user2_passwd: ENC[AES256_GCM,data:RMdCCQ+3iaBCng7R,iv:34uhfPoQpUOjAID/e1Qkz3Lw5pAJIcDiCiSKKgNXbc4=,tag:Zi22WjCf1T0BKb2Wr6JUCw==,type:str]
+j_r0dd_passwd: ENC[AES256_GCM,data:lI0KqJQ/AOU=,iv:iMcHdaA311lzpWWrZ7RR1oFXDGwp0i7ducEndwO0+90=,tag:7XRTwo6tU4HXPq0UW9OaLg==,type:str]
+waleska_passwd: ENC[AES256_GCM,data:x5PaBi3fF/Q=,iv:Xkx/nqRA3VX5pAdD3CbFwMo0fm0EPxvk4HbFDadU/XQ=,tag:OQQDP7ggFHTJ6vIKVPl2FA==,type:str]
+nathan_passwd: ENC[AES256_GCM,data:+WR8T1yZXbQGai7i,iv:MwzwU3HHBNYUjTpis4XMqCihEWNT23drZVXMc2XFF38=,tag:BHQA+eng3ZGVlgMqICbiJQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2021-10-01T13:25:27Z"
-    mac: ENC[AES256_GCM,data:ldf2N08qILQVnckMPSbL5SXLD97Fq9NRWgHmbG+rYnBCdb/Wm1lnUF8vXwiT/JkVSUFcvgzCkmGINGzEddup7+uoX0Ib2VpDe1J99rGtXMk5XS00YIkm+iWoivjf3SoXbf5svu+oBYj+rXbeaLbCxQpHUt5BEEMgH/uJEAeK0Qc=,iv:ORXMXLQ1lw4SLQGf6vfHdCUULjZRfz/4uaYUmIFX5P4=,tag:O7uz8qRgjJm/MCeCfDCjZg==,type:str]
+    lastmodified: "2021-10-05T14:38:42Z"
+    mac: ENC[AES256_GCM,data:SO66Afc0rGYEneLbErvo4T4afZJCzFHQVuFJw2j4cAam9xE41uDceOYx/wMVO849sFGXS7hFwjjUnD9rr+ESfb93Tq9HCGcvXkXS4+cj+CrsWLVzYJYZwmxcUxKRu16JE8+9i0Tw33RhZirklkvqlmzx8jvKBzTwdJ/uG8SGxHc=,iv:c4UAFOPy/fhvg+kpZQzW8QP17fN01qJ/WGRlhMZmAyQ=,tag:6lf++xEtZhoptUHhqbDEhA==,type:str]
     pgp:
         - created_at: "2021-09-28T18:44:30Z"
           enc: |

provision/ansible/inventory/host_vars/k8s-0/ubuntu.yml

@@ -0,0 +1,25 @@
+---
+apt_install_packages:
+  - avahi-daemon
+  - samba
+  - samba-vfs-modules
+  - zsh
+
+managed_groups:
+  - name: home_users
+    gid: 1042
+
+managed_users:
+  - name: j_r0dd
+    password: "{{ j_r0dd_passwd }}"
+    uid: 2000
+    shell: /bin/zsh
+    group: home_users
+  - name: waleska
+    password: "{{ waleska_passwd }}"
+    uid: 2001
+    group: home_users
+  - name: nathan
+    password: "{{ nathan_passwd }}"
+    uid: 2002
+    group: home_users

provision/ansible/inventory/host_vars/k8s-0/zfs.yml

@@ -0,0 +1,151 @@
+---
+zfs_manage_filesystem_permissions: true
+zfs_enable_performance_tuning: true
+zfs_create_pools: true
+zfs_create_filesystems: true
+
+# Use systemd timers instead of cron for scrubs
+zfs_enable_systemd_timer: true
+# systemd timer settings
+zfs_scrub_pools:
+  # Run every month on the 1st and 15th at 1am
+  on_calendar: "*-*-1,15 01:00:00"
+  accuracy: 1h
+
+zfs_pools:
+  - name: deadpool
+    action: create
+    atime: on
+    compression: lz4
+    devices:
+      - "ata-WDC_WD8004FRYZ-01VAEB0_VGKMJNWG"
+      - "ata-WDC_WD4000F9YZ-09N20L1_WD-WCC5D2SUA7ZL"
+      - "ata-WDC_WD4000F9YZ-09N20L1_WD-WCC5D3CC14CK"
+      - "ata-WDC_WD8004FRYZ-01VAEB0_VGHPA2YG"
+      - "ata-WDC_WD4000F9YZ-09N20L1_WD-WMC5D0D9LS0V"
+      - "ata-WDC_WD4000F9YZ-09N20L1_WD-WCC5D2SUA7XF"
+      - "ata-HGST_HUH721008ALE604_7SHP1UKW"
+      - "ata-WDC_WD8004FRYZ-01VAEB0_VGHHKTBK"
+      - "ata-WDC_WD8004FRYZ-01VAEB0_VGKN370G"
+      - "ata-WDC_WD4000F9YZ-09N20L1_WD-WMC5D0D6800V"
+    type: raidz2
+    state: present
+  - name: k8s
+    action: create
+    atime: on
+    compression: lz4
+    devices:
+      - "ata-CT250MX500SSD4_2008E28E25B9"
+    type: basic
+    state: present
+
+zfs_filesystems:
+  - name: backups
+    pool: deadpool
+    state: present
+    owner: root
+    group: home_users
+    mode: 775
+    mountpoint: /deadpool/backups
+
+  - name: containous
+    pool: deadpool
+    state: present
+    owner: root
+    group: root
+    mode: 775
+    mountpoint: /deadpool/containous
+  - name: containous/datastore
+    pool: deadpool
+    state: present
+    owner: root
+    group: root
+    mode: 775
+    mountpoint: /deadpool/containous/datastore
+
+  - name: media
+    pool: deadpool
+    state: present
+    owner: root
+    group: home_users
+    mode: 775
+    mountpoint: /deadpool/media
+  - name: media/audiobooks
+    pool: deadpool
+    state: present
+    owner: root
+    group: home_users
+    mode: 775
+    mountpoint: /deadpool/media/audiobooks
+  - name: media/downloads
+    pool: deadpool
+    state: present
+    owner: root
+    group: home_users
+    mode: 775
+    mountpoint: /deadpool/media/downloads
+  - name: media/music
+    pool: deadpool
+    state: present
+    owner: root
+    group: home_users
+    mode: 775
+    mountpoint: /deadpool/media/music
+  - name: media/pictures
+    pool: deadpool
+    state: present
+    owner: root
+    group: home_users
+    mode: 775
+    mountpoint: /deadpool/media/pictures
+  - name: media/videos
+    pool: deadpool
+    state: present
+    owner: root
+    group: home_users
+    mode: 775
+    mountpoint: /deadpool/media/videos
+
+  - name: timemachine
+    pool: deadpool
+    state: present
+    owner: root
+    group: home_users
+    mode: 770
+    mountpoint: /deadpool/timemachine
+  - name: timemachine/j_r0dd
+    pool: deadpool
+    state: present
+    owner: j_r0dd
+    group: home_users
+    mode: 700
+    mountpoint: /deadpool/timemachine/j_r0dd
+  - name: timemachine/waleska
+    pool: deadpool
+    state: present
+    owner: waleska
+    group: home_users
+    mode: 700
+    mountpoint: /deadpool/timemachine/waleska
+  - name: timemachine/nathan
+    pool: deadpool
+    state: present
+    owner: nathan
+    group: home_users
+    mode: 700
+    mountpoint: /deadpool/timemachine/nathan
+
+  - name: containous
+    pool: k8s
+    state: present
+    owner: root
+    group: root
+    mode: 775
+    mountpoint: /k8s/containous
+  - name: containous/datastore
+    pool: k8s
+    state: present
+    owner: root
+    group: root
+    mode: 775
+    mountpoint: /k8s/containous/datastore

provision/ansible/inventory/hosts.yml

@@ -1,13 +1,13 @@
 ---
-kubernetes:
+all:
   children:
-    master:
+    master-nodes:
       hosts:
         k8s-0:
           ansible_host: 10.10.0.43
-      vars:
-        ansible_user: ubuntu
-
-    nas:
+          ansible_user: ubuntu
+    worker-nodes:
+      hosts:
+    storage-nodes:
       hosts:
         k8s-0: