test-arm, backup scripts

env/test-arm/group_vars/all/consul.yml

@@ -0,0 +1,38 @@
+# Consul
+consul_group_name: cluster      # ansible group used by consul
+consul_datadir: /var/consul
+
+# Node role
+consul_node_role: client
+consul_ui: false
+consul_server: false
+consul_log_files_count: 2
+consul_client_addr: 0.0.0.0
+consul_bind_address: 0.0.0.0
+consul_addresses:
+  http: 0.0.0.0
+
+# Listen only on LAN
+#consul_advertise_address_wan: "{{ internal_ip }}"
+#consul_advertise_address: "{{ internal_ip }}"
+
+# Listen on WAN
+consul_advertise_address_wan: "{{ v4_main_ip | default(ansible_ssh_host)}}"
+consul_advertise_address: "{{ v4_main_ip | default(ansible_ssh_host)}}"
+
+# DNSmasq
+consul_dnsmasq_enable: true
+consul_dnsmasq_listen_addresses:
+- 172.17.0.1
+- 127.0.0.1
+
+# Features
+consul_connect_enabled: true
+consul_ports_grpc: 8502
+
+
+# Hardening
+#consul_acl_enable: true
+#consul_default_policy: allow  # deny
+#consul_token_persistence: true
+#consul_acl_master_token_display: true

env/test-arm/group_vars/all/docker.yml

@@ -0,0 +1,19 @@
+docker_daemon_options:
+  debug: false
+  experimental: true
+
+  # !!! Don't stop running containers during updates !!!
+  # in some cases a default FIFO log size (64K) is not enought so increase 
+  # the size there /proc/sys/fs/pipe-max-size
+  live-restore: true
+
+  # default log driver will be loki
+#  log-driver: "loki"
+#  log-opts:
+#    loki-url: "https://localhost:3100/loki/api/v1/push"
+#    loki-batch-size: "100"
+#    max-file: "3"
+#    max-size: "10m"
+
+  # Enable prometheus metrics endpoint
+  metrics-addr: "127.0.0.1:9323"

env/test-arm/group_vars/all/node_exporter.yml

@@ -0,0 +1,20 @@
+---
+node_exporter_web_telemetry_path: /metrics
+node_exporter_textfile_dir: /tmp/metrics
+
+node_exporter_disabled_collectors:
+- infiniband
+- bonding
+- mdadm
+- nfsd
+- powersupplyclass
+- rapl
+- zfs
+- xfs
+
+node_exporter_enabled_collectors:
+- systemd
+- processes
+- textfile:
+    directory: "{{ node_exporter_textfile_dir }}"
+

env/test-arm/group_vars/all/nomad.yml

@@ -0,0 +1,80 @@
+# Nomad
+nomad_manage_group: true
+nomad_group: nomad              # unix user for nomad
+nomad_group_name: cluster       # ansible group used by nomad
+nomad_config_dir: /etc/nomad    # I don't like default /etc/nomad.d path
+nomad_use_consul: false         # Consul is not needed for establishing the cluster
+nomad_consul_address: "localhost:8500"
+nomad_acl_enabled: true
+nomad_bind_address: 0.0.0.0
+
+nomad_raft_protocol: 3
+
+# In case you want to use internal network ip for nomad communication 
+# It is a good idea in a single DC cluster)
+#nomad_advertise_address: "{{ internal_ip }}"
+nomad_advertise_address: "{{ v4_main_ip | default(ansible_ssh_host)}}"
+
+# It's good idea to reserve a few resources to system
+# if you plan to schedule applications on master node, 
+# reserved resources is highly recomended
+nomad_reserved:
+  cpu: 500
+  memory: 256
+  disk: 5000
+  reserved_ports: "22,4646,8500-8600"
+
+
+# Prometheus metrics
+nomad_telemetry: true
+nomad_telemetry_publish_allocation_metrics: true
+nomad_telemetry_publish_node_metrics: true
+nomad_telemetry_prometheus_metrics: true
+
+# datadog monitoring
+#nomad_telemetry_datadog_address: "localhost:8125"
+
+
+# in production cluster it should be encrypted in vault
+nomad_encrypt: 3pa39lgTF/jt1OZZckld5P/5FCkm0pJXI5J4V9LY9eo=
+
+# enable raw exec to be able manage all services directly
+# enable local volumes to be able mount hosts directory to container
+nomad_options:
+  driver.raw_exec.enable: "1"
+  docker.volumes.enabled: "1"
+
+  # clean wasted images after 1h
+  docker.cleanup.image.delay: "1h"
+
+
+  # Required by host_path CSI plugin
+  docker.privileged.enabled: "true"
+
+
+
+nomad_plugins:
+  docker:
+    # If you have systemd for example in container this is required
+    # privileged:
+    #   enabled: true
+    cleanup:
+      image: true
+      container: true
+    config:
+      # If you uses private docker registry
+      auth:
+        config: "/root/.docker/config.json"
+
+      volumes:
+        enabled: true
+
+      # configure labels added to docker containers
+      extra_labels:
+        - job_name
+        - task_group_name
+        - task_name
+        - namespace
+        - node_name
+
+

env/test-arm/group_vars/all/restic.yml

@@ -0,0 +1,29 @@
+---
+restic_log_dir: /var/log/restic
+restic_create_cron: true
+metrics_dir: "{{ node_exporter_textfile_dir }}"
+restic_repos:
+  remote:
+    location: "s3:s3.eu-central-1.amazonaws.com/restic-theztd-backup/{{ ansible_hostname }}"
+    password: "{{ vault_restic_password }}"
+    aws_access_key: "{{ vault_aws_restic_key }}"
+    aws_secret_access_key: "{{ vault_aws_restic_secret }}" 
+
+restic_backups:
+  home:
+    name: home
+    repo: remote
+    src: /home
+    scheduled: true
+    schedule_oncalendar: '*-*-* 06..19:40:00'
+  docker_volumes:
+    name: docker_volumes
+    repo: remote
+    src: /var/lib/docker/volumes
+    tags:
+    - docker_volume
+    scheduled: true
+    schedule_oncalendar: '*-*-* 06..19:50:00'
+    keep_hourly: 12
+    keep_daily: 20
+

env/test-arm/group_vars/all/sshd.yml

@@ -0,0 +1,6 @@
+---
+sshd_ports:
+- 65022
+- 22
+
+sshd_client_alive_interval: 3600

env/test-arm/group_vars/all/vars.yml

@@ -0,0 +1,16 @@
+---
+admin_email: [email protected]
+
+resolv:
+  search: fejk.net
+  nameservers:
+  - 1.1.1.1
+  - 8.8.8.8
+
+root_keys:
+- keys/marek
+- keys/github
+
+s3cmd_conf:
+  bucket_location: eu-central-1
+

env/test-arm/group_vars/all/vault.yml

@@ -0,0 +1,19 @@
+$ANSIBLE_VAULT;1.1;AES256
+65396430346134336530386663363363643663623938613630383863363036663734336661626534
+3264646461653531346466303939366432386537356133330a636131613630393630373937323036
+32303039626635383830323632653564646363363535306332636633363932333966383632646364
+3965316566326632330a326164643835306638366432393232366434626531633634343732306237
+65646561366636306532623266646332643334303731366437313765396565333663636161653937
+61373937663464346665353932383839356331383066393138663131363637636363343231333433
+35656363353839323663363934303837393738333039336361643631356131666432313064356535
+66633330336530643632343331303663633636663565306563626330626561346435363961363734
+39306132366165613664316466623261326433666364363336366563306463613936303632383035
+64303861323862323362326330633963333231633761663862656537386238303663363562626233
+63303662373134326663613331323365383234373164633637336138316565383164633932323736
+32303230373761366461633535613263613032303436336563626330656436313337636335376165
+66333566323130303232366661363336356631623861336636386464613364393135386434306234
+39376663646635323537306137363963633136303663323837633463653434376239396237386364
+32363433623538356334356263623535613731383038646239626232613033326464303031643931
+32356563626566393334323162373761633936353964633462646661393232633934323634356636
+36383637623632393034303265366338353733313062366433373965373463373337356666303965
+3933336534333065356239653139616465326539613665326333

env/test-arm/group_vars/all/vault_consul.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+30613137383636633131376366656165303363333961326666323363336636626133363739396163
+3639333762636265303439623463393465363663303237330a313163366537646461363365346164
+33366239636266386364623062643237303965363636653232653437616534356331343631356638
+6366363736353431650a313764346336346435626462303935373635343161633035376139313064
+39366533663036343433373239393634656637353939386538633062376437666264333134363030
+30663933366232653938616665353162336331383264613739306633626564333939373836393133
+35376664663231376439313635663835313032623036613863666534303665383330306262316532
+61303937643933313966

env/test-arm/group_vars/all/vault_docker_config.yml

@@ -0,0 +1,14 @@
+$ANSIBLE_VAULT;1.1;AES256
+35333734616533393565663161653865626230303961303262323835626462366630376230383466
+3732366436663061633166376461366163636436653936370a336536633734383534346234353665
+35656565663466626465313534626461373264393133316431646461616435393865353063663337
+3536346437646430610a613531363937663334323134346138346161333762613932363634326265
+35363739313038656562636338363935323364343230376332313630386661356463386436663964
+30313532303739666238376164313138346532313261346637633963653732663539663036626534
+33353935626666633936346431663130383130326466323031623031633730653566636164346339
+39636438366637343433613261663964326265333338353431613232663561303461663266373261
+31313932313933663931363630323637636130396639303464386239666337613662646562663866
+31366430616531303530653138623535353466343666663431393962346636393362303364633439
+63643835333435363539646334373537393032393031383338653132623933393461663933303936
+63623262653261326436343333333062323934653937653362383330333161303937363836313332
+39313961343037313265333364366361323365343831393762333834636465343730

env/test-arm/group_vars/all/vault_node_exporter.yml

@@ -0,0 +1,13 @@
+$ANSIBLE_VAULT;1.1;AES256
+36323638326232623266376634666435353366306632653437396132653762313765316234333163
+3964366565303034356666353239666530333636303835360a333139656432373932393464343861
+32373533653634643463613930396132633736616465303138376264653839633832393435613532
+6334313732303763360a643365623562303533363332376238626239386334313734336234343461
+35313939356465376332336263346361316632356536663161323932636562303261376666373135
+39626539303238623231666233393234313831356465613131613832303133303161383237643138
+32366139373939336438633835343962373966303530616562663562383163313264386664376365
+64393837336531393965656635643262373536303234353239393138303265646534626666623237
+62623366303861353732653862373939616230653965653565306666393766356665353739643161
+61313865303162636436633733363938663730353732313134326336623165343233343230303261
+38303362366333346233666166656261336234653338353566373335666634313331383263373933
+36323462313935656638

env/test-arm/group_vars/all/vault_restic.yml

@@ -0,0 +1,13 @@
+$ANSIBLE_VAULT;1.1;AES256
+62346561353465613833653232323265653830393232396237366665326566396633383162613937
+3362366136366336643438383537303435663436356164390a613966323661383637303063386366
+62343962306566396634353138613532333039383962373631643566316131666563626631366433
+3231636462363865340a353335303633343739316435313335346335316636386335386463396466
+38653064643463373962663262663363623634623763616434623535353930313763353030356435
+37666636636238386566313265616533633563313331666265623562616263363538653735393962
+35376166353963633562323961353461313866353664306534386337343834363230396633386432
+39386334613832653935333064333163616433333965613665663533613432656361333536393433
+31396135633631643132343138626362633132316561626637316430303837333637663533663533
+63626162613563303531306465666562613732316533396431383031633238393935653838383539
+36353834383938353831363765633434623165363537353530653236363734653666336665643234
+65396432353464343964

env/test-arm/group_vars/masters/consul.yml

@@ -0,0 +1,5 @@
+---
+consul_node_role: masters
+consul_server: true
+consul_ui: true
+consul_node_role: bootstrap

env/test-arm/group_vars/masters/nomad.yml

@@ -0,0 +1,7 @@
+nomad_node_role: both
+consul_node_role: server
+
+nomad_meta:
+  role: master
+  region: globe
+  env: dc1

env/test-arm/group_vars/masters/nomad_init_secrets.yml

@@ -0,0 +1,22 @@
+---
+# 
+# EXAMPLE
+#
+
+#nomad_init_secrets:
+#- name: klic1
+#  content: |
+#    namespace = "system"
+#    path = "hokus/pokus"
+#    items {
+#      klic1 = "hodnota1"
+#    }
+#
+#- name: klic2
+#  content: |
+#    namespace = "default"
+#    path = "testik/karel/123"
+#    items {
+#      name = "Karlik"
+#      age = 33
+#    }

env/test-arm/group_vars/masters/vault_nomad_init_secrets.yml

@@ -0,0 +1,72 @@
+$ANSIBLE_VAULT;1.1;AES256
+63383932343133306665663833393339633366613934663032666534663461353632303030626263
+3037623632653932316231356662663233363261363065620a353030663431376136323831373662
+34636364363935326632353435356538623861653230653439646232303165333337626139386336
+6636306633633765660a653034643361323261353735306462616261646535366461323664343066
+37386634303564646162303965613139373436336236613362356464623630613832636365336433
+66623932343331353832343334313461323966333634306234336262636464373135366339333631
+37386561643532303862373665663365303537616666613261313561373263373835656638613165
+30353464363532366466356566383939303565383335366363336566666566333735326436356633
+36393535656336366365306466663966656139376538626366643334613563633632366361656163
+62613439383034366230373130363766363230383630623466326630613862623032303437306162
+62633339313565653964373462666235353861653931343033383736343935396437646264303031
+66613137663635383338643133663635643535663239393837666433343131643063393266386265
+37383138653164643666343366313666343463653464366537386166626435643131346138373435
+64333134373462653235356435633562363935386534653832323165396131613361303864386339
+62386265666534333734373461643165376262393564383832313562613163616233303335613737
+39613639376538396637373432363238343064363961663438323163643234646533396630396464
+32343630663166323464393138366232646666663139316137653030626161343932343434313562
+32373961646433316361396164623639383036656365366165616563313737353531393063393764
+39373766626530353634626161326234396634643365396134306563656234656562633835636462
+34373232333661383666323530366262393534353263353062343663336566633633383138336234
+35393064623533636365386565323338643737663432656232616234643933623161633233303863
+35333838613535313064316666393230666661323236626137326632376439626636336537383039
+33623362646635646337616538653763383866316338343636363766313666303862393638326534
+31613766323737653138316236336630373539333535653930336233313730313735333864306334
+62323732333766386233626236626134393865616336366331323961313461663732623833643436
+30373730656131396431396238386337636563616462643333313438643838336466333362366262
+34393331353134646636613764343262366231396234616430653137323837336463343237323666
+31396533313332323033366361376465303837643261353061613765396665386133303437653666
+64386464363061306436396664396138336534643933323230343231393238616266636463663438
+32623461333665366565356661643464353937626563326165333836393439303363346630663662
+66386235656438623635636164663364336166343938333136383166316337613066656336636263
+65396434333637643330323530303434363638303733386664633431386165363633643839653066
+64636563316337396563646135663635653664323837613030333933646331386538666337343961
+62656662336461636463313161653364323738313962623435626431386364306537343838666661
+37386631636365303932626133616536313332656636396363646337396132363834326433623735
+66363837333662333030363831613534666231353964613565383538353034656539626265323662
+37623363336239353838633065653936393633313835616663393966333733313435323964363839
+65316239666333353133626366646662373839633835663961333032373333343864643561326232
+62323735386531623961306134306130643436303730353530383338326332383666613736316232
+65633031326563313562653461373734653234613033326363663735613564373461636432333237
+63306265653862386131393863383339633134633834316434646539333563656166346533303638
+37366663656261626231373864376339653964636338353162353539623262376134326330663137
+34353438393562393532303965396266303262623735613134313362386531343036313039623233
+37366161376132616563633932303563373764313233313532303866316165306135663138366439
+31333662373030643236663338316237386561356231366165353231336161376130393261376538
+31653432333933323166363739626436313030336164343232656666313432636134343331616133
+66313766636232643237633462666164373365353731376336363936653736666364623663336566
+34636363626561353231646132373738333338376130646536336535626639346534633535633464
+38613765613139363439643932633032313138613432343939643735643831616236653736626361
+39393839623434356562623638393662343038636237326661656639356236383430333564396630
+35363536613034393062653137396266653335376430393938343634383630363461313766636237
+38316534336463386133653730653165336137306536393131613665623539346164636534316463
+37346164306336656466376533613932626364343832386165386231333938333030633165373236
+39326635653737623163316237613033316563323436353531613662623765656636653065396330
+33356364316562396265303339383130326138653132633964386262306437383535383136346264
+66623466373236666134303937386230626565623836353232633765373932393839363434643662
+66373834373331393435323066666432313234393332636165393433333137306235356633323537
+32383336386130623366646433386233376235616462613930643431373534366261653465343630
+63663061376338326663356136356634666439636134303537363431396662666634326337373861
+30313561383033356363383166383565636533383432383064616264346134343461393536333031
+63643832363064626464656566323065313532663333373235623834303064323537636539643934
+61363536616364346338663631336137393661613461343862373663326363356236333931616430
+61333266356432396238323462353030663434653962393239653362343132343561323964313536
+62313065646239363230663633666265356332663535623131613164386330633231656563653437
+36393434376435303665653030616439633163613634373265653235666434623064653761613330
+31333930363630353137363063653838353764633836333033636462353032346430633538616532
+37656238643865343337646436653435393730613537666138376332383331356634643934636338
+30356130343731363262343937343665306537663864346164396234316233366539396663373938
+38313765346633616332393064643665626664363837393136366265653766313233656230643737
+39346130663232363662346662363637653037306337326462636662363066346639346539353261
+303562376362353266393533363163393838