From f7063a217dd121201155dfa99842b78449f3432b Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Wed, 30 Jun 2021 22:33:47 -0400 Subject: [PATCH 01/84] feat: Added module example --- terraform/host_lxc_wilson.tf | 21 ----------------- terraform/main.tf | 15 ++++++++++++ terraform/modules/lxc/main.tf | 42 ++++++++++++++++++++++++++++++++++ terraform/test_lxc_instance.tf | 23 ------------------- 4 files changed, 57 insertions(+), 44 deletions(-) delete mode 100644 terraform/host_lxc_wilson.tf create mode 100644 terraform/modules/lxc/main.tf delete mode 100644 terraform/test_lxc_instance.tf diff --git a/terraform/host_lxc_wilson.tf b/terraform/host_lxc_wilson.tf deleted file mode 100644 index 4c5a8a93..00000000 --- a/terraform/host_lxc_wilson.tf +++ /dev/null @@ -1,21 +0,0 @@ -# resource "proxmox_lxc" "basic" { -# count = 7 -# target_node = "pve1" -# hostname = "wilson-${count.index}.magevent.net" -# ostemplate = "wowza:vztmpl/ubuntu-20.04-standard_20.04-1_amd64.tar.gz" -# password = "sorry" -# unprivileged = true - -# // Terraform will crash without rootfs defined -# rootfs { -# storage = "ceph" -# size = "8G" -# } - -# network { -# name = "eth0" -# bridge = "vmbr999" -# ip = "dhcp" -# tag = "22" -# } -# } diff --git a/terraform/main.tf b/terraform/main.tf index d26952e7..d55f191b 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -22,3 +22,18 @@ provider "proxmox" { _capturelog = "" } } + +module "lxc-container" { + source = "./modules/lxc" + ip_address = "10.101.22.136/24" + hostname = "stackstorm1.magevent.net" +} + +module "lxc-container" { + source = "./modules/lxc" + cluster_name = "pve2" + ip_address = "10.101.22.137/24" + hostname = "stackstorm2.magevent.net" +} + + diff --git a/terraform/modules/lxc/main.tf b/terraform/modules/lxc/main.tf new file mode 100644 index 00000000..0470b2bd --- /dev/null +++ b/terraform/modules/lxc/main.tf @@ -0,0 +1,42 @@ +resource "proxmox_lxc" "lxc-container" { + target_node = var.cluster_name + ostemplate = "wowza:vztmpl/ubuntu-20.04-standard_20.04-1_amd64.tar.gz" + unprivileged = true + hostname = var.hostname + + rootfs = { + storage = "ceph" + size = var.size + } + + network = { + name = "eth0" + bridge = "vmbr999" + tag = "22" + ip = var.ip_address + } +} + +variable "hostname" { + description = "Hostname of the container" + type = string +} + + +variable "cluster_name" { + description = "The name to use for all the cluster resources" + type = string + default = "pve1" +} + +variable "ip_address" { + description = "IP address of host" + type = string +} + +variable "size" { + description = "Size of fs in gigabytes" + type = string + default = "8G" +} + diff --git a/terraform/test_lxc_instance.tf b/terraform/test_lxc_instance.tf deleted file mode 100644 index ef87e772..00000000 --- a/terraform/test_lxc_instance.tf +++ /dev/null @@ -1,23 +0,0 @@ -resource "proxmox_lxc" "basic" { - count = 1 - target_node = "pve1" - hostname = "provisioning-template-${count.index}.magevent.net" - ostemplate = "wowza:vztmpl/ubuntu-20.04-standard_20.04-1_amd64.tar.gz" - ssh_public_keys = var.common.ssh_public_keys - unprivileged = true - - // Terraform will crash without rootfs defined - rootfs { - storage = "ceph" - size = "8G" - } - - network { - name = "eth0" - ip = "dhcp" - bridge = var.magcloud.bridge_id - gw = var.magcloud.gateway - firewall = var.magcloud.firewall - tag = var.magcloud.vlan_id - } -} From 2c5184ee283e6c499750684405c87127721d96d9 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Wed, 30 Jun 2021 22:38:06 -0400 Subject: [PATCH 02/84] fix: renamed modules --- terraform/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/main.tf b/terraform/main.tf index d55f191b..2d18f53e 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -23,13 +23,13 @@ provider "proxmox" { } } -module "lxc-container" { +module "stackstorm1" { source = "./modules/lxc" ip_address = "10.101.22.136/24" hostname = "stackstorm1.magevent.net" } -module "lxc-container" { +module "stackstorm2" { source = "./modules/lxc" cluster_name = "pve2" ip_address = "10.101.22.137/24" From 8a7323d3eb512c184c337890fe41a7fc30962004 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Wed, 30 Jun 2021 22:39:33 -0400 Subject: [PATCH 03/84] fix: moved provider location? --- terraform/main.tf | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/terraform/main.tf b/terraform/main.tf index 2d18f53e..d5744a47 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -1,15 +1,3 @@ -terraform { - required_version = ">= 0.13.0" - backend "http" { - } - required_providers { - proxmox = { - source = "Telmate/proxmox" - version = "2.7.1" - } - } -} - provider "proxmox" { ## TODO - FIX URL pm_api_url = "https://10.101.21.41:8006/api2/json" From 463a78ebea1b305d4d92973a6fabed1d016740e5 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Wed, 30 Jun 2021 22:41:57 -0400 Subject: [PATCH 04/84] fix: init --migrate --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 42b19450..35b07870 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -38,7 +38,7 @@ init: stage: prepare-tf extends: .global script: - - terraform init + - terraform init -migrate-state - terraform validate validate: From d50ee696e363b82d27e7778f98ee6b53d4bb34b0 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Wed, 30 Jun 2021 22:42:30 -0400 Subject: [PATCH 05/84] fix: how did this get rolled back? --- terraform/modules/lxc/main.tf | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/terraform/modules/lxc/main.tf b/terraform/modules/lxc/main.tf index 0470b2bd..545d5739 100644 --- a/terraform/modules/lxc/main.tf +++ b/terraform/modules/lxc/main.tf @@ -1,3 +1,15 @@ +terraform { + required_version = ">= 0.13.0" + backend "http" { + } + required_providers { + proxmox = { + source = "Telmate/proxmox" + version = "2.7.1" + } + } +} + resource "proxmox_lxc" "lxc-container" { target_node = var.cluster_name ostemplate = "wowza:vztmpl/ubuntu-20.04-standard_20.04-1_amd64.tar.gz" From 225e0a37193c3cf5f57f147402f9779db0e8dc24 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Wed, 30 Jun 2021 22:44:26 -0400 Subject: [PATCH 06/84] fix: aaaaa --- terraform/main.tf | 12 ++++++++++++ terraform/modules/lxc/main.tf | 2 -- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/terraform/main.tf b/terraform/main.tf index d5744a47..2d18f53e 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -1,3 +1,15 @@ +terraform { + required_version = ">= 0.13.0" + backend "http" { + } + required_providers { + proxmox = { + source = "Telmate/proxmox" + version = "2.7.1" + } + } +} + provider "proxmox" { ## TODO - FIX URL pm_api_url = "https://10.101.21.41:8006/api2/json" diff --git a/terraform/modules/lxc/main.tf b/terraform/modules/lxc/main.tf index 545d5739..3039c754 100644 --- a/terraform/modules/lxc/main.tf +++ b/terraform/modules/lxc/main.tf @@ -1,7 +1,5 @@ terraform { required_version = ">= 0.13.0" - backend "http" { - } required_providers { proxmox = { source = "Telmate/proxmox" From ec80db56855283b70c2c05096440797ee8accec2 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Wed, 30 Jun 2021 22:46:43 -0400 Subject: [PATCH 07/84] fix: blocks ? --- terraform/modules/lxc/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/modules/lxc/main.tf b/terraform/modules/lxc/main.tf index 3039c754..4b8a55a2 100644 --- a/terraform/modules/lxc/main.tf +++ b/terraform/modules/lxc/main.tf @@ -1,6 +1,6 @@ terraform { required_version = ">= 0.13.0" - required_providers { + required_providers = { proxmox = { source = "Telmate/proxmox" version = "2.7.1" @@ -14,12 +14,12 @@ resource "proxmox_lxc" "lxc-container" { unprivileged = true hostname = var.hostname - rootfs = { + rootfs { storage = "ceph" size = var.size } - network = { + network { name = "eth0" bridge = "vmbr999" tag = "22" From d7ea91159c726fa0afb2bb4810e23b0c469974df Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Wed, 30 Jun 2021 22:48:57 -0400 Subject: [PATCH 08/84] fix: blocks ? --- terraform/modules/lxc/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/modules/lxc/main.tf b/terraform/modules/lxc/main.tf index 4b8a55a2..b7f3c972 100644 --- a/terraform/modules/lxc/main.tf +++ b/terraform/modules/lxc/main.tf @@ -1,7 +1,7 @@ terraform { required_version = ">= 0.13.0" required_providers = { - proxmox = { + proxmox { source = "Telmate/proxmox" version = "2.7.1" } From ec6f1ad200d79cc54e2a23aa7054c47f3372fd7d Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Wed, 30 Jun 2021 22:50:48 -0400 Subject: [PATCH 09/84] fix: blocks ? --- terraform/modules/lxc/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/modules/lxc/main.tf b/terraform/modules/lxc/main.tf index b7f3c972..f52edb1a 100644 --- a/terraform/modules/lxc/main.tf +++ b/terraform/modules/lxc/main.tf @@ -1,7 +1,7 @@ terraform { required_version = ">= 0.13.0" - required_providers = { - proxmox { + required_providers { + proxmox = { source = "Telmate/proxmox" version = "2.7.1" } From 9dfed103b9e505fcb04df47087008bbaa08b0d89 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Wed, 30 Jun 2021 22:52:04 -0400 Subject: [PATCH 10/84] fix: remove dhcp.tf for now --- terraform/dhcp.tf | 26 -------------------------- 1 file changed, 26 deletions(-) delete mode 100644 terraform/dhcp.tf diff --git a/terraform/dhcp.tf b/terraform/dhcp.tf deleted file mode 100644 index 874f97ee..00000000 --- a/terraform/dhcp.tf +++ /dev/null @@ -1,26 +0,0 @@ -resource "proxmox_lxc" "dhcp" { - for_each = var.dhcp - - hostname = each.key - target_node = each.value.target_node - vmid = each.value.vmid - memory = each.value.memory - cores = each.value.cores - swap = each.value.swap - start = each.value.start - network { - name = each.value.network_interface - bridge = each.value.bridge_id - ip = each.value.cidr - gw = each.value.gateway - firewall = each.value.firewall - tag = each.value.vlan_id - } - ostemplate = each.value.ostemplate - rootfs { - storage = "ceph" - size = each.value.disk_size - } - unprivileged = each.value.unprivileged - ssh_public_keys = var.common.ssh_public_keys -} From 6bf1829682a5e1cd2f13b97b36941be80e6e187d Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Wed, 30 Jun 2021 23:02:11 -0400 Subject: [PATCH 11/84] fix: testing changes --- terraform/lxc-dhcp.tf | 12 ++++++++ terraform/lxc-stackstorm.tf | 12 ++++++++ terraform/main.tf | 11 -------- terraform/modules/lxc/main.tf | 13 +++++++-- terraform/variables.tf | 53 ----------------------------------- 5 files changed, 34 insertions(+), 67 deletions(-) create mode 100644 terraform/lxc-dhcp.tf create mode 100644 terraform/lxc-stackstorm.tf diff --git a/terraform/lxc-dhcp.tf b/terraform/lxc-dhcp.tf new file mode 100644 index 00000000..c27076a3 --- /dev/null +++ b/terraform/lxc-dhcp.tf @@ -0,0 +1,12 @@ +module "dhcp1" { + source = "./modules/lxc" + ip_address = "10.101.22.253/24" + hostname = "dhcp1.dev.magevent.net" +} + +module "dhcp2" { + source = "./modules/lxc" + cluster_name = "pve2" + ip_address = "10.101.22.254/24" + hostname = "dhcp2.dev.magevent.net" +} diff --git a/terraform/lxc-stackstorm.tf b/terraform/lxc-stackstorm.tf new file mode 100644 index 00000000..e9c365e1 --- /dev/null +++ b/terraform/lxc-stackstorm.tf @@ -0,0 +1,12 @@ +module "stackstorm1" { + source = "./modules/lxc" + ip_address = "10.101.22.136/24" + hostname = "stackstorm1.dev.magevent.net" +} + +module "stackstorm2" { + source = "./modules/lxc" + cluster_name = "pve2" + ip_address = "10.101.22.137/24" + hostname = "stackstorm2.dev.magevent.net" +} diff --git a/terraform/main.tf b/terraform/main.tf index 2d18f53e..57b880c6 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -23,17 +23,6 @@ provider "proxmox" { } } -module "stackstorm1" { - source = "./modules/lxc" - ip_address = "10.101.22.136/24" - hostname = "stackstorm1.magevent.net" -} -module "stackstorm2" { - source = "./modules/lxc" - cluster_name = "pve2" - ip_address = "10.101.22.137/24" - hostname = "stackstorm2.magevent.net" -} diff --git a/terraform/modules/lxc/main.tf b/terraform/modules/lxc/main.tf index f52edb1a..14a79121 100644 --- a/terraform/modules/lxc/main.tf +++ b/terraform/modules/lxc/main.tf @@ -10,9 +10,16 @@ terraform { resource "proxmox_lxc" "lxc-container" { target_node = var.cluster_name - ostemplate = "wowza:vztmpl/ubuntu-20.04-standard_20.04-1_amd64.tar.gz" - unprivileged = true - hostname = var.hostname + ostemplate = "wowza:vztmpl/ubuntu-20.04-standard_20.04-1_amd64.tar.gz" + unprivileged = true + hostname = var.hostname + cores = "1" + swap = "512" + start = true + ssh_public_keys = <<-EOT + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMhbA0U8HF0qA8ya7icQDMxt4LUz67aHVd+ufKztbqa + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP8kXJdvVCN8q1dKWKnGIsFLHKpeO7/Q9uV1C0Qtf/I8 +EOT rootfs { storage = "ceph" diff --git a/terraform/variables.tf b/terraform/variables.tf index 319cbe5e..e69de29b 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -1,53 +0,0 @@ -variable "common" { - type = map(string) - default = { - ssh_public_keys = <<-EOT - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMhbA0U8HF0qA8ya7icQDMxt4LUz67aHVd+ufKztbqa - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP8kXJdvVCN8q1dKWKnGIsFLHKpeO7/Q9uV1C0Qtf/I8 - EOT - } -} -variable "magcloud" { - type = map(string) - default = { - network_interface = "eth0" - bridge_id = "vmbr999" - cidr = "10.101.22.0/24" - gateway = "10.101.22.1" - firewall = true - vlan_id = "22" - } -} -variable "dhcp" { - type = map(map(string)) - default = { - dhcp1 = { - hostname = "dhcp1" - target_node = "pve1" - vmid = "7007" - memory = "1024" - cores = "1" - swap = "512" - start = true - network_interface = "eth0" - cidr = "10.101.22.253/24" - ostemplate = "wowza:vztmpl/ubuntu-20.04-standard_20.04-1_amd64.tar.gz" - disk_size = "8G" - unprivileged = true - }, - dhcp2 = { - hostname = "dhcp2" - target_node = "pve2" - vmid = "7008" - memory = "1024" - cores = "1" - swap = "512" - start = true - network_interface = "eth0" - cidr = "10.101.22.254/24" - ostemplate = "wowza:vztmpl/ubuntu-20.04-standard_20.04-1_amd64.tar.gz" - disk_size = "8G" - unprivileged = true - } - } -} From 2c5e7c2c9080ca1a7a0efbf5e40a33d13340587e Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Wed, 30 Jun 2021 23:12:21 -0400 Subject: [PATCH 12/84] feat: qemu-kvm module --- terraform/modules/qemu-kvm/main.tf | 18 ++++++++++++++++++ terraform/qemu-livecd.tf | 4 ++++ 2 files changed, 22 insertions(+) create mode 100644 terraform/modules/qemu-kvm/main.tf create mode 100644 terraform/qemu-livecd.tf diff --git a/terraform/modules/qemu-kvm/main.tf b/terraform/modules/qemu-kvm/main.tf new file mode 100644 index 00000000..ee677a96 --- /dev/null +++ b/terraform/modules/qemu-kvm/main.tf @@ -0,0 +1,18 @@ +resource "proxmox_vm_qemu" "qemu-kvm-vm" { + name = "VM-name" + target_node = "Node to create the VM on" + iso = "synology:iso/ubuntu-20.04.2-live-server-amd64.iso" + os_type = "ubuntu" +} + +variable "name" { + description = "Name of the vm" + type = string +} + +variable "cluster_name" { + description = "The name to use for all the cluster resources" + type = string + default = "pve1" +} + diff --git a/terraform/qemu-livecd.tf b/terraform/qemu-livecd.tf new file mode 100644 index 00000000..a82518da --- /dev/null +++ b/terraform/qemu-livecd.tf @@ -0,0 +1,4 @@ +module "livecd" { + source = "./modules/qemu-kvm" + name = "live-cd-test.dev.magevent.net" +} From 5c367b0e9b18f21e5b02468e5ded7e9bda531b54 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Wed, 30 Jun 2021 23:13:52 -0400 Subject: [PATCH 13/84] fix: rip forgot provisioner block --- terraform/modules/qemu-kvm/main.tf | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/terraform/modules/qemu-kvm/main.tf b/terraform/modules/qemu-kvm/main.tf index ee677a96..c570baf2 100644 --- a/terraform/modules/qemu-kvm/main.tf +++ b/terraform/modules/qemu-kvm/main.tf @@ -1,3 +1,13 @@ +terraform { + required_version = ">= 0.13.0" + required_providers { + proxmox = { + source = "Telmate/proxmox" + version = "2.7.1" + } + } +} + resource "proxmox_vm_qemu" "qemu-kvm-vm" { name = "VM-name" target_node = "Node to create the VM on" From 5011d595852368b318689b1995db15da8e247c55 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Wed, 30 Jun 2021 23:21:21 -0400 Subject: [PATCH 14/84] fix: type in node config --- terraform/modules/qemu-kvm/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/modules/qemu-kvm/main.tf b/terraform/modules/qemu-kvm/main.tf index c570baf2..544d3133 100644 --- a/terraform/modules/qemu-kvm/main.tf +++ b/terraform/modules/qemu-kvm/main.tf @@ -9,13 +9,13 @@ terraform { } resource "proxmox_vm_qemu" "qemu-kvm-vm" { - name = "VM-name" - target_node = "Node to create the VM on" + target_node = var.cluster_name + hostname = var.hostname iso = "synology:iso/ubuntu-20.04.2-live-server-amd64.iso" os_type = "ubuntu" } -variable "name" { +variable "hostname" { description = "Name of the vm" type = string } From 967d53008b279d957c128781e3676b80ce750609 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Wed, 30 Jun 2021 23:22:31 -0400 Subject: [PATCH 15/84] fix: type in node config --- terraform/qemu-livecd.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/qemu-livecd.tf b/terraform/qemu-livecd.tf index a82518da..a27b93a0 100644 --- a/terraform/qemu-livecd.tf +++ b/terraform/qemu-livecd.tf @@ -1,4 +1,4 @@ module "livecd" { source = "./modules/qemu-kvm" - name = "live-cd-test.dev.magevent.net" + hostname = "live-cd-test.dev.magevent.net" } From 79c1ed6e4b91a3a74597594b3be479597232b6cb Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Wed, 30 Jun 2021 23:23:33 -0400 Subject: [PATCH 16/84] fix: type in node config --- terraform/modules/qemu-kvm/main.tf | 4 ++-- terraform/qemu-livecd.tf | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/modules/qemu-kvm/main.tf b/terraform/modules/qemu-kvm/main.tf index 544d3133..a8bf17db 100644 --- a/terraform/modules/qemu-kvm/main.tf +++ b/terraform/modules/qemu-kvm/main.tf @@ -10,12 +10,12 @@ terraform { resource "proxmox_vm_qemu" "qemu-kvm-vm" { target_node = var.cluster_name - hostname = var.hostname + name = var.name iso = "synology:iso/ubuntu-20.04.2-live-server-amd64.iso" os_type = "ubuntu" } -variable "hostname" { +variable "name" { description = "Name of the vm" type = string } diff --git a/terraform/qemu-livecd.tf b/terraform/qemu-livecd.tf index a27b93a0..a82518da 100644 --- a/terraform/qemu-livecd.tf +++ b/terraform/qemu-livecd.tf @@ -1,4 +1,4 @@ module "livecd" { source = "./modules/qemu-kvm" - hostname = "live-cd-test.dev.magevent.net" + name = "live-cd-test.dev.magevent.net" } From baf43971ad0878d7374380b225992a30917f0f2c Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Wed, 30 Jun 2021 23:31:46 -0400 Subject: [PATCH 17/84] feat: more vm params set now --- terraform/modules/qemu-kvm/main.tf | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/terraform/modules/qemu-kvm/main.tf b/terraform/modules/qemu-kvm/main.tf index a8bf17db..6ae3fd93 100644 --- a/terraform/modules/qemu-kvm/main.tf +++ b/terraform/modules/qemu-kvm/main.tf @@ -13,6 +13,34 @@ resource "proxmox_vm_qemu" "qemu-kvm-vm" { name = var.name iso = "synology:iso/ubuntu-20.04.2-live-server-amd64.iso" os_type = "ubuntu" + memory = var.memory + cores = var.cores + agent = 1 + disk { // This disk will become scsi0 + type = "scsi" + storage = "ceph" + size = var.disk_size + + // + } +} + +variable "disk_size" { + description = "The name to use for all the cluster resources" + type = int + default = 16 +} + +variable "cores" { + description = "The name to use for all the cluster resources" + type = int + default = 2 +} + +variable "memory" { + description = "The name to use for all the cluster resources" + type = int + default = 1 } variable "name" { From eb0131bbff6e061dfc41ee9672d3145e7c667d59 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Wed, 30 Jun 2021 23:36:05 -0400 Subject: [PATCH 18/84] fix: int -> number --- terraform/modules/qemu-kvm/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/modules/qemu-kvm/main.tf b/terraform/modules/qemu-kvm/main.tf index 6ae3fd93..513f353e 100644 --- a/terraform/modules/qemu-kvm/main.tf +++ b/terraform/modules/qemu-kvm/main.tf @@ -27,19 +27,19 @@ resource "proxmox_vm_qemu" "qemu-kvm-vm" { variable "disk_size" { description = "The name to use for all the cluster resources" - type = int + type = number default = 16 } variable "cores" { description = "The name to use for all the cluster resources" - type = int + type = number default = 2 } variable "memory" { description = "The name to use for all the cluster resources" - type = int + type = number default = 1 } From ab00d8f11e593d1df7f46afac44d2786ff80004c Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Thu, 1 Jul 2021 00:19:41 -0400 Subject: [PATCH 19/84] fix: Added 'G' to disk, 4096 ram for example VM. --- terraform/modules/qemu-kvm/main.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/terraform/modules/qemu-kvm/main.tf b/terraform/modules/qemu-kvm/main.tf index 513f353e..32e26f27 100644 --- a/terraform/modules/qemu-kvm/main.tf +++ b/terraform/modules/qemu-kvm/main.tf @@ -27,8 +27,8 @@ resource "proxmox_vm_qemu" "qemu-kvm-vm" { variable "disk_size" { description = "The name to use for all the cluster resources" - type = number - default = 16 + type = string + default = "16G" } variable "cores" { @@ -38,9 +38,9 @@ variable "cores" { } variable "memory" { - description = "The name to use for all the cluster resources" + description = "Amount of memory in megabytes" type = number - default = 1 + default = 4096 } variable "name" { From bd52608249fa72a3133ef9436c43704f15239790 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Thu, 1 Jul 2021 09:02:44 -0400 Subject: [PATCH 20/84] fix: disable qemu for now --- terraform/qemu-livecd.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/terraform/qemu-livecd.tf b/terraform/qemu-livecd.tf index a82518da..d3d47546 100644 --- a/terraform/qemu-livecd.tf +++ b/terraform/qemu-livecd.tf @@ -1,4 +1,4 @@ -module "livecd" { - source = "./modules/qemu-kvm" - name = "live-cd-test.dev.magevent.net" -} +#module "livecd" { +# source = "./modules/qemu-kvm" +# name = "live-cd-test.dev.magevent.net" +#} From 81df9c4b3160adf2e74bc2ce13a5901ec2c20cbd Mon Sep 17 00:00:00 2001 From: claughinghouse Date: Sat, 3 Jul 2021 12:43:46 -0400 Subject: [PATCH 21/84] Introduce the common config (#40) * feat: update .gitignore * feat: add base and test VMs * fix: update variable names to match existing scheme * feat: add missing terraform pre-commit * fix: update workflow * fix: re-add tflint --- .github/workflows/pre-commit.yaml | 3 +- .github/workflows/terraform-lint.yaml | 3 ++ .gitignore | 2 + .pre-commit-config.yaml | 6 +++ .taskfiles/ansible.yml | 18 +++++++++ ansible/ansible.cfg | 1 - ansible/inventory/group_vars/all/vault.yaml | 37 ++++++++++++++----- ansible/inventory/host_vars/dhcp1.yaml | 2 +- ansible/inventory/host_vars/dhcp2.yaml | 2 +- ansible/inventory/host_vars/ubuntu-lxc.yaml | 10 +++++ ansible/inventory/host_vars/ubuntu-vm.yaml | 10 +++++ ansible/inventory/hosts.yaml | 15 ++++++-- ansible/requirements.yaml | 3 +- ansible/roles/ubuntu/defaults/main.yaml | 6 ++- .../public_keys/mag_ansible_id_ed25519.pub | 1 + ansible/roles/ubuntu/tasks/main.yaml | 4 ++ ansible/roles/ubuntu/tasks/packages.yaml | 33 +++++++++++++---- ansible/roles/ubuntu/tasks/user.yaml | 17 +++++++++ 18 files changed, 146 insertions(+), 27 deletions(-) create mode 100644 ansible/inventory/host_vars/ubuntu-lxc.yaml create mode 100644 ansible/inventory/host_vars/ubuntu-vm.yaml create mode 100644 ansible/roles/ubuntu/files/public_keys/mag_ansible_id_ed25519.pub diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index 054e18c6..4c416337 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -4,8 +4,6 @@ name: pre-commit on: pull_request: push: - branches: - - '*' jobs: pre-commit: @@ -13,4 +11,5 @@ jobs: steps: - uses: actions/checkout@v2 - uses: actions/setup-python@v2 + - uses: terraform-linters/setup-tflint@v1 - uses: pre-commit/action@v2.0.3 diff --git a/.github/workflows/terraform-lint.yaml b/.github/workflows/terraform-lint.yaml index d83394d5..f2558861 100644 --- a/.github/workflows/terraform-lint.yaml +++ b/.github/workflows/terraform-lint.yaml @@ -28,6 +28,9 @@ jobs: - name: Setup Terraform uses: hashicorp/setup-terraform@v1 + - uses: terraform-linters/setup-tflint@v1 + name: Setup TFLint + - name: Run `terraform fmt` run: terraform fmt -diff -check -no-color -recursive diff --git a/.gitignore b/.gitignore index 780d1232..da65ad22 100644 --- a/.gitignore +++ b/.gitignore @@ -30,3 +30,5 @@ override.tf.json .terraformrc terraform.rc .terraform* +# ansible +geerlingguy.pip diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index e3df32a9..6f11d353 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -37,6 +37,12 @@ repos: - id: fix-smartquotes repo: https://github.com/sirosen/fix-smartquotes rev: 0.2.0 + - repo: https://github.com/gruntwork-io/pre-commit + rev: v0.1.12 + hooks: + - id: terraform-fmt + - id: terraform-validate + - id: tflint - repo: local hooks: - id: check-ansible-vault diff --git a/.taskfiles/ansible.yml b/.taskfiles/ansible.yml index f69f66b2..f1e18f4e 100644 --- a/.taskfiles/ansible.yml +++ b/.taskfiles/ansible.yml @@ -26,3 +26,21 @@ tasks: cmds: - "ansible-vault decrypt --vault-password-file .vault-password {{.ANSIBLE_INVENTORY_DIR}}/group_vars/all/vault.yaml" silent: true + + ping: + desc: Ping all the nodes + cmds: + - "ansible all -i {{.ANSIBLE_INVENTORY_DIR}}/hosts.yaml --vault-password-file .vault-password --one-line -m 'ping'" + silent: true + + uptime: + desc: Uptime of all the nodes + cmds: + - "ansible all -i {{.ANSIBLE_INVENTORY_DIR}}/hosts.yaml --vault-password-file .vault-password --one-line -a 'uptime -p'" + silent: true + + ubuntu-prepare: + desc: Prepare all hosts + cmds: + - "ansible-playbook -i {{.ANSIBLE_INVENTORY_DIR}}/hosts.yaml --vault-password-file .vault-password {{.ANSIBLE_PLAYBOOK_DIR}}/ubuntu/prepare.yaml" + silent: true diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg index b489e58d..81d1aee0 100644 --- a/ansible/ansible.cfg +++ b/ansible/ansible.cfg @@ -31,7 +31,6 @@ private_key_file = ~/.ssh/mag_ansible_id_ed25519 force_valid_group_names = ignore #--- Speed -callback_whitelist = ansible.posix.profile_tasks internal_poll_interval = 0.001 [inventory] diff --git a/ansible/inventory/group_vars/all/vault.yaml b/ansible/inventory/group_vars/all/vault.yaml index fb81a03d..5e5fd252 100644 --- a/ansible/inventory/group_vars/all/vault.yaml +++ b/ansible/inventory/group_vars/all/vault.yaml @@ -1,10 +1,29 @@ $ANSIBLE_VAULT;1.1;AES256 -64393939656362356564613336366564616236633739663833623166356637363832623831356565 -6631306230633664333263383933346337653537383164330a306461326535623765316130303634 -61346164386133356565626165383635306363343239326531373535623336643562613238373738 -6361656535633832320a313638653262316331653261396436323764393431363839386338333836 -37353065383334356664353464636665643063333934313336313161323565336132616333353832 -35386533636635653135313730633761326136386664323666303534323636656531623436306133 -61613037633262323663323734626235333762633136363739623566653136313332303831353962 -33633132663434363636376636623736313439323531613033323337306562323831663930316235 -61383366393261366234383431653437623238613863356133366638353964343061 +39356338333965313862373737333839313032623233616435613430396539666230363731343233 +6665646632633133643734363634323736616132663035300a646362613539333963353236653635 +31326137333135326664336131623764303032303839646330343237613738633364666339383334 +3262303366653966390a663365623931393634326339386465396234636466663565656462393838 +39323366333132383134383564376234623434323635663133306333343161343266363639383237 +32356138376233306661323933393232653630636234366531656533663835336238393364396139 +62653266636139643233623936386637663739376534333431303963646336336131663039316336 +38396335363530326566323631383539353538316234313030346530366331643338306430616662 +63386634356338633539663431663631626637383130613561663764633133643562373136376239 +39393965613462386263373237393866346639383936376437313536363965663861393764303138 +35623638623633623663313462353733363230333136623931653231393265323563636434393931 +38363131396661396430613765613862666637616165363166356364636638646131613234376339 +63386439613330386338386466333931323730343837336535376637303864323336386437303939 +33653033393033656633336662343562663330353035303931663637386237343830646166306264 +64643763303938333261366538326531373638303966636430303031626631383164323737623236 +61396636656166633033613761373166313539393133353039393763333537653331303932376365 +61313763656366333733623234613935656632663032373736636334346434663364616565316665 +31636662656566646361653461333631363030626539306134303939653039323262333436353635 +64343139613566653839373462376662396431643030626139643630333538306434646231633166 +38653863636435613762386633636263343361303939386338356333306137343539633431313262 +30393864616164353534343264333937363335326333393133333665376365613534343834306561 +36356330643232633135363762313662343962313363653439613561353638333939663932623862 +35303632323462386365323936613838333961366663646562326332396432613038663037646635 +39356166653733373563646338316435386637353431366366353563343264366338663764623963 +64366461336466386265386234303562653363666538336163636238396338343364346333363438 +38333734313761633735633162313937373334306361346365663363323462336139633335653432 +33306663316434626236373930303039393264656631616234333332616338656364303534396133 +62323339626237623532 diff --git a/ansible/inventory/host_vars/dhcp1.yaml b/ansible/inventory/host_vars/dhcp1.yaml index c8ebecb0..3146788f 100644 --- a/ansible/inventory/host_vars/dhcp1.yaml +++ b/ansible/inventory/host_vars/dhcp1.yaml @@ -4,7 +4,7 @@ ansible_host: "{{ dhcp_1_ip }}" # Ansible user to ssh into servers with -ansible_user: "{{ ansible_ci_user }}" +ansible_user: "{{ ansible_ci_lxc_user }}" # ansible_ssh_pass: "ubuntu" # ansible_ssh_common_args: "-o UserKnownHostsFile=/dev/null" # ansible_become_pass: "WeShouldChangeThis" diff --git a/ansible/inventory/host_vars/dhcp2.yaml b/ansible/inventory/host_vars/dhcp2.yaml index 70d3fe27..eb7396db 100644 --- a/ansible/inventory/host_vars/dhcp2.yaml +++ b/ansible/inventory/host_vars/dhcp2.yaml @@ -4,7 +4,7 @@ ansible_host: "{{ dhcp_2_ip }}" # Ansible user to ssh into servers with -ansible_user: "{{ ansible_ci_user }}" +ansible_user: "{{ ansible_ci_lxc_user }}" # ansible_ssh_pass: "ubuntu" # ansible_ssh_common_args: "-o UserKnownHostsFile=/dev/null" # ansible_become_pass: "ubuntu" diff --git a/ansible/inventory/host_vars/ubuntu-lxc.yaml b/ansible/inventory/host_vars/ubuntu-lxc.yaml new file mode 100644 index 00000000..7a567778 --- /dev/null +++ b/ansible/inventory/host_vars/ubuntu-lxc.yaml @@ -0,0 +1,10 @@ +--- + +# IP address of node +ansible_host: "{{ ubuntu_lxc_ip }}" + +# Ansible user to ssh into servers with +ansible_user: "{{ ansible_ci_lxc_user }}" +# ansible_ssh_pass: "ubuntu" +# ansible_ssh_common_args: "-o UserKnownHostsFile=/dev/null" +# ansible_become_pass: "WeShouldChangeThis" diff --git a/ansible/inventory/host_vars/ubuntu-vm.yaml b/ansible/inventory/host_vars/ubuntu-vm.yaml new file mode 100644 index 00000000..94f17673 --- /dev/null +++ b/ansible/inventory/host_vars/ubuntu-vm.yaml @@ -0,0 +1,10 @@ +--- + +# IP address of node +ansible_host: "{{ ubuntu_vm_ip }}" + +# Ansible user to ssh into servers with +ansible_user: "{{ ansible_ci_vm_user }}" +# ansible_ssh_pass: "ubuntu" +# ansible_ssh_common_args: "-o UserKnownHostsFile=/dev/null" +# ansible_become_pass: "WeShouldChangeThis" diff --git a/ansible/inventory/hosts.yaml b/ansible/inventory/hosts.yaml index 2419a4a2..8c5e30b2 100644 --- a/ansible/inventory/hosts.yaml +++ b/ansible/inventory/hosts.yaml @@ -4,11 +4,18 @@ all: children: # Control Plane group, do not change the 'control-plane' name # hosts should match the filenames in 'host_vars' - dhcp: - hosts: - dhcp1: - dhcp2: + # dhcp: + # hosts: + # dhcp1: + # dhcp2: # dns: # hosts: # dns1: # dns2: + + ubuntu-lxc: + hosts: + ubuntu-lxc: + ubuntu-vm: + hosts: + ubuntu-vm: diff --git a/ansible/requirements.yaml b/ansible/requirements.yaml index 3fa69b9e..d6f721f6 100644 --- a/ansible/requirements.yaml +++ b/ansible/requirements.yaml @@ -2,4 +2,5 @@ roles: - src: geerlingguy.pip collections: - - name: community.general + - community.general + - ansible.posix diff --git a/ansible/roles/ubuntu/defaults/main.yaml b/ansible/roles/ubuntu/defaults/main.yaml index 38be74fd..5ac29ee0 100644 --- a/ansible/roles/ubuntu/defaults/main.yaml +++ b/ansible/roles/ubuntu/defaults/main.yaml @@ -1,5 +1,9 @@ --- packages: - apt_install: + apt_install_vm: - qemu-guest-agent + - htop + + apt_install_lxc: + - htop diff --git a/ansible/roles/ubuntu/files/public_keys/mag_ansible_id_ed25519.pub b/ansible/roles/ubuntu/files/public_keys/mag_ansible_id_ed25519.pub new file mode 100644 index 00000000..2a071853 --- /dev/null +++ b/ansible/roles/ubuntu/files/public_keys/mag_ansible_id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMhbA0U8HF0qA8ya7icQDMxt4LUz67aHVd+ufKztbqa diff --git a/ansible/roles/ubuntu/tasks/main.yaml b/ansible/roles/ubuntu/tasks/main.yaml index 9d97e97d..969387d9 100644 --- a/ansible/roles/ubuntu/tasks/main.yaml +++ b/ansible/roles/ubuntu/tasks/main.yaml @@ -16,3 +16,7 @@ - include: user.yaml tags: - user + +# - name: Show facts available on the system +# ansible.builtin.debug: +# var: ansible_facts diff --git a/ansible/roles/ubuntu/tasks/packages.yaml b/ansible/roles/ubuntu/tasks/packages.yaml index 4ec85cb8..eadf3f88 100644 --- a/ansible/roles/ubuntu/tasks/packages.yaml +++ b/ansible/roles/ubuntu/tasks/packages.yaml @@ -10,6 +10,7 @@ APT::Install-Suggests "false"; APT::Get::Install-Recommends "false"; APT::Get::Install-Suggests "false"; + - name: Upgrade all system packages ansible.builtin.apt: upgrade: full @@ -21,18 +22,36 @@ retries: 5 until: apt_upgrade is success -- name: Install common packages +- name: Install common VM packages + ansible.builtin.apt: + name: "{{ packages.apt_install_vm }}" + install_recommends: false + update_cache: true + cache_valid_time: 3600 + autoclean: true + autoremove: true + register: apt_install_vm + retries: 5 + until: apt_install_vm is success + when: + - packages.apt_install_vm is defined + - packages.apt_install_vm is iterable + - packages.apt_install_vm | length > 0 + - ansible_facts['virtualization_type'] == "kvm" + +- name: Install common LXC packages ansible.builtin.apt: - name: "{{ packages.apt_install }}" + name: "{{ packages.apt_install_lxc }}" install_recommends: false update_cache: true cache_valid_time: 3600 autoclean: true autoremove: true - register: apt_install_common + register: apt_install_lxc retries: 5 - until: apt_install_common is success + until: apt_install_lxc is success when: - - packages.apt_install is defined - - packages.apt_install is iterable - - packages.apt_install | length > 0 + - packages.apt_install_lxc is defined + - packages.apt_install_lxc is iterable + - packages.apt_install_lxc | length > 0 + - ansible_facts['virtualization_type'] == "lxc" diff --git a/ansible/roles/ubuntu/tasks/user.yaml b/ansible/roles/ubuntu/tasks/user.yaml index ed97d539..ece3db90 100644 --- a/ansible/roles/ubuntu/tasks/user.yaml +++ b/ansible/roles/ubuntu/tasks/user.yaml @@ -1 +1,18 @@ --- +- name: Create break glass account + user: + name: "{{ break_glass_user }}" + password: "{{ break_glass_pass }}" + shell: /bin/bash + +- name: Set authorized key, removing all the authorized keys already set + ansible.posix.authorized_key: + user: magcloud + key: "{{ lookup('file', 'public_keys/mag_ansible_id_ed25519.pub') }}" + state: present + exclusive: true + +- name: Give user sudo access + lineinfile: + path: /etc/sudoers + line: "{{ break_glass_user }} ALL=(ALL) NOPASSWD: ALL" From 8e6785dcb19f7aec11619c0fec516bb9c93d9159 Mon Sep 17 00:00:00 2001 From: yesrod Date: Mon, 5 Jul 2021 20:45:31 -0400 Subject: [PATCH 22/84] Use forked Proxmox API and Terraform provider with HA container support (#44) * Add script to manually install Proxmox plugin - Add Bash script to download and install forked version of Terraform Proxmox plugin - Add script to before_script stage of GitLab CI config - Update minimum Proxmox plugin version to ensure we get the newer forked plugin * Add Proxmox provider setup to GitHub CI * Use Bash to run Proxmox provider script Can't guarantee that permissions will be right to run the script directly. * Specify full local path to Proxmox provider script There's a default `working-directory` statement but I don't know if it's working. * Flail some more - Add an `ls` to see where this stuff is actually running * Fix Proxmox provider script name oh wow it really was that stupid wasn't it * Clone the Proxmox provider repo * Use HTTPS to clone repo * Remove check parameter for `terraform fmt` This causes GitHub action to fail when formatting changes are required. * Comment out version check for now The install process finds my fork of the plugin as version v0.0.0. Instead of making a new tag in the forked repo, just comment out the version for now. (Hopefully this works.) * Fix plugin path, required_providers * Run Proxmox plugin install with Bash in GitLab too * Fix GitHub pre-commit pipeline * Fix pre-commit complaining about my script lol * Make sure proxmox-api-go updates get installed * Use go get instead * Add hastate parameter to default container and VM * Clean Go module cache before installing * Specify proxmox-api-go version * Change plugin provider name * Remove extraneous step * Run terraform init in proxmox provider script * Remove -migrate-state parameter to terraform init It broke the custom provider location stuff * Try local terraform.d directory * Try the directory Terraform complains about * Revert to original module to test I want to see where the modules are being installed now... * Fix provider directory I forgot about a cd... * Cleanup directory location before creating * Try the plugin directory again * Re-add newer version requirement * Try the documented plugin dir again Also force the newer version again to make sure we're getting the modified plugin. * Fix working directory for pre-commit GitHub CI * fix: truthy on -> no * Also copy provider into module directories * Fix variable ordering * Probably fix module path * why u no work * no quotes doofus * NEWLINE Co-authored-by: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> --- .github/workflows/pre-commit.yaml | 3 ++ .github/workflows/terraform-lint.yaml | 5 ++- .github/yamllint.config.yaml | 2 +- .gitlab-ci.yml | 3 +- terraform/main.tf | 4 +-- terraform/terraform-proxmox-plugin.sh | 47 +++++++++++++++++++++++++++ 6 files changed, 59 insertions(+), 5 deletions(-) create mode 100644 terraform/terraform-proxmox-plugin.sh diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index 4c416337..f666673d 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -12,4 +12,7 @@ jobs: - uses: actions/checkout@v2 - uses: actions/setup-python@v2 - uses: terraform-linters/setup-tflint@v1 + - name: Install Proxmox provider + working-directory: ./terraform + run: bash ./terraform-proxmox-plugin.sh - uses: pre-commit/action@v2.0.3 diff --git a/.github/workflows/terraform-lint.yaml b/.github/workflows/terraform-lint.yaml index f2558861..c1e8a373 100644 --- a/.github/workflows/terraform-lint.yaml +++ b/.github/workflows/terraform-lint.yaml @@ -31,8 +31,11 @@ jobs: - uses: terraform-linters/setup-tflint@v1 name: Setup TFLint + - name: Install Proxmox provider + run: bash ./terraform-proxmox-plugin.sh + - name: Run `terraform fmt` - run: terraform fmt -diff -check -no-color -recursive + run: terraform fmt -diff -no-color -recursive - name: Run `terraform init` run: terraform init -backend=false diff --git a/.github/yamllint.config.yaml b/.github/yamllint.config.yaml index e955cf03..3ccc90f2 100644 --- a/.github/yamllint.config.yaml +++ b/.github/yamllint.config.yaml @@ -5,7 +5,7 @@ ignore: | extends: default rules: truthy: - allowed-values: ['true', 'false', 'on', 'yes'] + allowed-values: ['true', 'false', 'no', 'yes'] comments: min-spaces-from-content: 1 line-length: disable diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 35b07870..bfa1236a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -12,6 +12,7 @@ cache: # Test before_script: - cd ${TF_ROOT} + - bash ./terraform-proxmox-plugin.sh stages: - prepare-tf @@ -38,7 +39,7 @@ init: stage: prepare-tf extends: .global script: - - terraform init -migrate-state + - terraform init - terraform validate validate: diff --git a/terraform/main.tf b/terraform/main.tf index 57b880c6..43fa180c 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -4,8 +4,8 @@ terraform { } required_providers { proxmox = { - source = "Telmate/proxmox" - version = "2.7.1" + source = "registry.magevent.net/telmate/proxmox" + version = ">=2.7.2" } } } diff --git a/terraform/terraform-proxmox-plugin.sh b/terraform/terraform-proxmox-plugin.sh new file mode 100644 index 00000000..7cb21bee --- /dev/null +++ b/terraform/terraform-proxmox-plugin.sh @@ -0,0 +1,47 @@ +#!/bin/bash +# +# Grab and install my version of the Terraform plugin until the HA State fix +# for containers is merged upstream and released. +# +# We should be able to adapt this to handle the intermediate period between +# merge and release from the upstream repository as well. +# +# - yesrod +# +PLUGIN_ARCH="linux_amd64" +PLUGIN_VERSION="2.7.2" + +INITIAL_DIR=$(pwd) +SUB_DIR="terraform.d/plugins/registry.magevent.net/telmate/proxmox/${PLUGIN_VERSION}/${PLUGIN_ARCH}" + +# Cleanup +go clean -modcache + +# Clone the repo +git clone https://github.com/yesrod/terraform-provider-proxmox.git +cd terraform-provider-proxmox + +# Build the plugin +export GO111MODULE=on +go get github.com/yesrod/proxmox-api-go@642e015 +make clean +make build + +# Create the directory holding the newly built Terraform plugins +PLUGIN_TARGET="${INITIAL_DIR}/${SUB_DIR}" +mkdir -p "${PLUGIN_TARGET}/" +cp bin/terraform-provider-proxmox "${PLUGIN_TARGET}/" +echo "Installed to ${PLUGIN_TARGET}/" +ls -halt "${PLUGIN_TARGET}/" + +# Also the modules +for module_dir in ${INITIAL_DIR}/modules/*; do + echo "${module_dir}" + if [ -d "${module_dir}" ]; then + MODULE_TARGET="${module_dir}/${SUB_DIR}" + mkdir -p "${MODULE_TARGET}/" + cp bin/terraform-provider-proxmox "${MODULE_TARGET}/" + echo "Installed to ${MODULE_TARGET}/" + ls -halt "${MODULE_TARGET}/" + fi +done From c36b11c3c4845d64e6b3361c450f2e658c031ffb Mon Sep 17 00:00:00 2001 From: yesrod Date: Thu, 8 Jul 2021 19:41:51 -0400 Subject: [PATCH 23/84] Switch to upstream repos (#45) --- terraform/terraform-proxmox-plugin.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/terraform-proxmox-plugin.sh b/terraform/terraform-proxmox-plugin.sh index 7cb21bee..473398a6 100644 --- a/terraform/terraform-proxmox-plugin.sh +++ b/terraform/terraform-proxmox-plugin.sh @@ -18,12 +18,12 @@ SUB_DIR="terraform.d/plugins/registry.magevent.net/telmate/proxmox/${PLUGIN_VERS go clean -modcache # Clone the repo -git clone https://github.com/yesrod/terraform-provider-proxmox.git +git clone https://github.com/Telmate/terraform-provider-proxmox.git cd terraform-provider-proxmox # Build the plugin export GO111MODULE=on -go get github.com/yesrod/proxmox-api-go@642e015 +go get github.com/Telmate/proxmox-api-go@master make clean make build From f9250c1815fd83ab51ef4984c2209085515ef36d Mon Sep 17 00:00:00 2001 From: yesrod Date: Sat, 10 Jul 2021 12:02:53 -0400 Subject: [PATCH 24/84] Possibly fix builds? (#46) * Switch back to my fork for testing * Don't manually install my fork of proxmox-api-go * Switch back to upstream --- terraform/terraform-proxmox-plugin.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/terraform/terraform-proxmox-plugin.sh b/terraform/terraform-proxmox-plugin.sh index 473398a6..2387b243 100644 --- a/terraform/terraform-proxmox-plugin.sh +++ b/terraform/terraform-proxmox-plugin.sh @@ -23,7 +23,6 @@ cd terraform-provider-proxmox # Build the plugin export GO111MODULE=on -go get github.com/Telmate/proxmox-api-go@master make clean make build From 1e02e6e7078548c65cc0914ff79d77c8ff85e48d Mon Sep 17 00:00:00 2001 From: Adam Dorsey Date: Sat, 17 Jul 2021 14:45:11 -0400 Subject: [PATCH 25/84] Only run create, Ansible, destroy on main branch --- .gitlab-ci.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index bfa1236a..dde5343b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -69,7 +69,8 @@ create: - plan script: - terraform apply -auto-approve - + rules: + - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' artifacts: paths: - ${TF_ROOT}/.terraform @@ -84,6 +85,8 @@ run-playbooks: - create script: - echo $(/bin/true) + rules: + - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' destroy: stage: destroy-tf @@ -95,6 +98,7 @@ destroy: script: - terraform destroy -auto-approve rules: + - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' - when: manual artifacts: paths: From 51c780a4db3f68e1fca2cccd39459f946f1ff7b8 Mon Sep 17 00:00:00 2001 From: Adam Dorsey Date: Sat, 17 Jul 2021 14:54:55 -0400 Subject: [PATCH 26/84] Be more specific regarding rules Changes tested using CI linter at https://gitlab.magevent.net/magfest/bridges/-/ci/lint --- .gitlab-ci.yml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index dde5343b..8e4d7735 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -41,12 +41,16 @@ init: script: - terraform init - terraform validate + rules: + - when: on_success validate: extends: .global stage: validate-tf script: - terraform validate + rules: + - when: on_success plan: stage: build-tf @@ -59,6 +63,8 @@ plan: terraform: ${TF_ROOT}/plan.json script: - terraform plan + rules: + - when: on_success create: stage: deploy-tf @@ -71,6 +77,8 @@ create: - terraform apply -auto-approve rules: - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' + when: on_success + - when: never artifacts: paths: - ${TF_ROOT}/.terraform @@ -87,6 +95,8 @@ run-playbooks: - echo $(/bin/true) rules: - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' + when: on_success + - when: never destroy: stage: destroy-tf @@ -99,7 +109,8 @@ destroy: - terraform destroy -auto-approve rules: - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' - - when: manual + when: manual + - when: never artifacts: paths: - ${TF_ROOT}/.terraform From e53fba6aca7b80e81fbeee1c15b2895e1fff9ffb Mon Sep 17 00:00:00 2001 From: claughinghouse Date: Sat, 31 Jul 2021 19:20:56 -0400 Subject: [PATCH 27/84] Rsyslog-server base playbook (#41) * feat: update .gitignore * feat: add base and test VMs * fix: update variable names to match existing scheme * feat: add missing terraform pre-commit * fix: update workflow * fix: re-add tflint * feat: add playbook for rsyslog * fix: move back to telmate proxmox provider * feat: add firewall rules and cron entry to compress logs --- .github/workflows/terraform-lint.yaml | 2 - .github/yamllint.config.yaml | 1 + .taskfiles/ansible.yml | 12 +++ ansible/inventory/group_vars/all/vault.yaml | 54 ++++++----- ansible/inventory/host_vars/rsyslog-1.yaml | 10 ++ ansible/inventory/hosts.yaml | 11 +-- ansible/playbooks/rsyslog/rsyslog.yaml | 9 ++ ansible/requirements.yaml | 2 +- ansible/roles/rsyslog/defaults/main.yaml | 4 + .../roles/rsyslog/files/compress_syslogs.sh | 4 + ansible/roles/rsyslog/files/rsyslog.conf | 93 +++++++++++++++++++ ansible/roles/rsyslog/handlers/main.yaml | 6 ++ ansible/roles/rsyslog/tasks/cron.yaml | 12 +++ .../roles/rsyslog/tasks/firewall_rules.yaml | 21 +++++ ansible/roles/rsyslog/tasks/main.yaml | 6 ++ ansible/roles/rsyslog/tasks/rsyslog.yaml | 17 ++++ ansible/roles/ubuntu/defaults/main.yaml | 9 +- terraform/main.tf | 4 +- 18 files changed, 232 insertions(+), 45 deletions(-) create mode 100644 ansible/inventory/host_vars/rsyslog-1.yaml create mode 100644 ansible/playbooks/rsyslog/rsyslog.yaml create mode 100644 ansible/roles/rsyslog/defaults/main.yaml create mode 100644 ansible/roles/rsyslog/files/compress_syslogs.sh create mode 100644 ansible/roles/rsyslog/files/rsyslog.conf create mode 100644 ansible/roles/rsyslog/handlers/main.yaml create mode 100644 ansible/roles/rsyslog/tasks/cron.yaml create mode 100644 ansible/roles/rsyslog/tasks/firewall_rules.yaml create mode 100644 ansible/roles/rsyslog/tasks/main.yaml create mode 100644 ansible/roles/rsyslog/tasks/rsyslog.yaml diff --git a/.github/workflows/terraform-lint.yaml b/.github/workflows/terraform-lint.yaml index c1e8a373..edeff406 100644 --- a/.github/workflows/terraform-lint.yaml +++ b/.github/workflows/terraform-lint.yaml @@ -11,7 +11,6 @@ on: - "terraform/*" - ".github/workflows/terraform-lint.yaml" - jobs: terraform: runs-on: ubuntu-latest @@ -19,7 +18,6 @@ jobs: run: working-directory: ./terraform steps: - - name: Checkout Repository uses: actions/checkout@v2 with: diff --git a/.github/yamllint.config.yaml b/.github/yamllint.config.yaml index 3ccc90f2..2979330f 100644 --- a/.github/yamllint.config.yaml +++ b/.github/yamllint.config.yaml @@ -2,6 +2,7 @@ ignore: | .github/ ignore/ ubuntu-autoinstall/ + ansible/inventory/group_vars/all/vault.yaml extends: default rules: truthy: diff --git a/.taskfiles/ansible.yml b/.taskfiles/ansible.yml index f1e18f4e..a2bb43ca 100644 --- a/.taskfiles/ansible.yml +++ b/.taskfiles/ansible.yml @@ -44,3 +44,15 @@ tasks: cmds: - "ansible-playbook -i {{.ANSIBLE_INVENTORY_DIR}}/hosts.yaml --vault-password-file .vault-password {{.ANSIBLE_PLAYBOOK_DIR}}/ubuntu/prepare.yaml" silent: true + + force-deps: + desc: Reinstall latest dependencies for Ansible Galaxy + cmds: + - "ansible-galaxy install --force -r ansible/requirements.yaml" + silent: true + + rsyslog-server: + desc: Install rsyslog server + cmds: + - "ansible-playbook {{.ANSIBLE_PLAYBOOK_DIR}}/rsyslog/rsyslog.yaml --vault-password-file .vault-password" + silent: true diff --git a/ansible/inventory/group_vars/all/vault.yaml b/ansible/inventory/group_vars/all/vault.yaml index 5e5fd252..ecb92051 100644 --- a/ansible/inventory/group_vars/all/vault.yaml +++ b/ansible/inventory/group_vars/all/vault.yaml @@ -1,29 +1,27 @@ $ANSIBLE_VAULT;1.1;AES256 -39356338333965313862373737333839313032623233616435613430396539666230363731343233 -6665646632633133643734363634323736616132663035300a646362613539333963353236653635 -31326137333135326664336131623764303032303839646330343237613738633364666339383334 -3262303366653966390a663365623931393634326339386465396234636466663565656462393838 -39323366333132383134383564376234623434323635663133306333343161343266363639383237 -32356138376233306661323933393232653630636234366531656533663835336238393364396139 -62653266636139643233623936386637663739376534333431303963646336336131663039316336 -38396335363530326566323631383539353538316234313030346530366331643338306430616662 -63386634356338633539663431663631626637383130613561663764633133643562373136376239 -39393965613462386263373237393866346639383936376437313536363965663861393764303138 -35623638623633623663313462353733363230333136623931653231393265323563636434393931 -38363131396661396430613765613862666637616165363166356364636638646131613234376339 -63386439613330386338386466333931323730343837336535376637303864323336386437303939 -33653033393033656633336662343562663330353035303931663637386237343830646166306264 -64643763303938333261366538326531373638303966636430303031626631383164323737623236 -61396636656166633033613761373166313539393133353039393763333537653331303932376365 -61313763656366333733623234613935656632663032373736636334346434663364616565316665 -31636662656566646361653461333631363030626539306134303939653039323262333436353635 -64343139613566653839373462376662396431643030626139643630333538306434646231633166 -38653863636435613762386633636263343361303939386338356333306137343539633431313262 -30393864616164353534343264333937363335326333393133333665376365613534343834306561 -36356330643232633135363762313662343962313363653439613561353638333939663932623862 -35303632323462386365323936613838333961366663646562326332396432613038663037646635 -39356166653733373563646338316435386637353431366366353563343264366338663764623963 -64366461336466386265386234303562653363666538336163636238396338343364346333363438 -38333734313761633735633162313937373334306361346365663363323462336139633335653432 -33306663316434626236373930303039393264656631616234333332616338656364303534396133 -62323339626237623532 +38333237356539343762386561386662303266393832666565646564666330303463316539626234 +3461373735373562396336383431643434656231353735310a316430333262646230313532303161 +64663365643232663963666162353132626535363837393161326635363764623933313533636133 +3133363963323230610a333835383935313037313835656332303233306330373233396138636136 +33636361383138646539643561653537663737303039613138356461316164393130663230333664 +62323432396134613335643738383534613330316131333838633634633365356363386665303934 +36336239383335613332613835646131373230616437313131313235643466366234646537633864 +37616236646132333434656361373866333563336131383361616131656461346330306365386334 +34306531393566376238343431636630323932346163316632316531363830396232626361623366 +34646132393363356461353432326232373038643666323763626134366166646261363436313035 +66613865666436363938343962626663656435333335363334383065373035366166316631343666 +31353334656465616438323263666635323665643961633363353834396431643136393862643331 +31646163663131303262353562653664633538333134643234623834663932333362663736333432 +39363830323963363762656163656132353762363138333462646131346631653664666134303266 +33633561393462366635363330613363383236393662313036333834653430383564363937656635 +34643030396238653337646365316536663266333266393337303661366265356664366338376231 +34383165613932633237346232373664306262616439313338366561373766353132393931363766 +39333934663539306634306332306136383238653136343334663530643962393266373961343335 +63346462353739636337343330393634363235303538326466633061346263643239323465666332 +64666232376136643134386565373761623064386362363961383234346338313134643031646333 +63373035333965386238666539353261343866346666343432313137383433343061613534343631 +34343439656261356262333839303865396663346630363531313465373333343664393330373630 +66396662646262373837356137623731336364626663636137343866326564663731333464333537 +30626362653863343739666136633266383663386164643665663335663138613734356562326531 +64386133623063666563623734313631623866386164626261373039363830396366623565653362 +3634396434376134643963356234656363333662383631346163 diff --git a/ansible/inventory/host_vars/rsyslog-1.yaml b/ansible/inventory/host_vars/rsyslog-1.yaml new file mode 100644 index 00000000..3cad8c1e --- /dev/null +++ b/ansible/inventory/host_vars/rsyslog-1.yaml @@ -0,0 +1,10 @@ +--- + +# IP address of node +ansible_host: "{{ rsyslog_1_ip }}" + +# Ansible user to ssh into servers with +ansible_user: "{{ ansible_ci_lxc_user }}" +# ansible_ssh_pass: "ubuntu" +# ansible_ssh_common_args: "-o UserKnownHostsFile=/dev/null" +# ansible_become_pass: "ubuntu" diff --git a/ansible/inventory/hosts.yaml b/ansible/inventory/hosts.yaml index 8c5e30b2..2edcf114 100644 --- a/ansible/inventory/hosts.yaml +++ b/ansible/inventory/hosts.yaml @@ -1,5 +1,4 @@ --- - all: children: # Control Plane group, do not change the 'control-plane' name @@ -12,10 +11,6 @@ all: # hosts: # dns1: # dns2: - - ubuntu-lxc: - hosts: - ubuntu-lxc: - ubuntu-vm: - hosts: - ubuntu-vm: + # rsyslog: + # hosts: + # rsyslog-1: diff --git a/ansible/playbooks/rsyslog/rsyslog.yaml b/ansible/playbooks/rsyslog/rsyslog.yaml new file mode 100644 index 00000000..4d184ea9 --- /dev/null +++ b/ansible/playbooks/rsyslog/rsyslog.yaml @@ -0,0 +1,9 @@ +--- + +- hosts: + - rsyslog + become: true + gather_facts: true + any_errors_fatal: true + roles: + - rsyslog diff --git a/ansible/requirements.yaml b/ansible/requirements.yaml index d6f721f6..bf285045 100644 --- a/ansible/requirements.yaml +++ b/ansible/requirements.yaml @@ -1,6 +1,6 @@ --- roles: - - src: geerlingguy.pip + - geerlingguy.pip collections: - community.general - ansible.posix diff --git a/ansible/roles/rsyslog/defaults/main.yaml b/ansible/roles/rsyslog/defaults/main.yaml new file mode 100644 index 00000000..f6a358eb --- /dev/null +++ b/ansible/roles/rsyslog/defaults/main.yaml @@ -0,0 +1,4 @@ +--- +packages: + rsyslog: + - rsyslog diff --git a/ansible/roles/rsyslog/files/compress_syslogs.sh b/ansible/roles/rsyslog/files/compress_syslogs.sh new file mode 100644 index 00000000..a29382f5 --- /dev/null +++ b/ansible/roles/rsyslog/files/compress_syslogs.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +# compress syslogs older than 2 days +/bin/nice find /syslogs/ -type f -mtime +2 ! -name \*.gz -size +1 -exec gzip -v -f -9 {} \; diff --git a/ansible/roles/rsyslog/files/rsyslog.conf b/ansible/roles/rsyslog/files/rsyslog.conf new file mode 100644 index 00000000..edc79cb2 --- /dev/null +++ b/ansible/roles/rsyslog/files/rsyslog.conf @@ -0,0 +1,93 @@ +# rsyslog configuration file + +# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html +# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html + +#### MODULES #### + +# The imjournal module bellow is now used as a message source instead of imuxsock. +$ModLoad imuxsock # provides support for local system logging (e.g. via logger command) +$ModLoad imjournal # provides access to the systemd journal +#$ModLoad imklog # reads kernel messages (the same are read from journald) +#$ModLoad immark # provides --MARK-- message capability + +# Provides UDP syslog reception +$ModLoad imudp +$UDPServerRun 514 + +# Provides TCP syslog reception +$ModLoad imtcp +$InputTCPServerRun 514 + +#### GLOBAL DIRECTIVES #### + +# Where to place auxiliary files +# $WorkDirectory /var/lib/rsyslog + +# Use default timestamp format +$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat + +# File syncing capability is disabled by default. This feature is usually not required, +# not useful and an extreme performance hit +#$ActionFileEnableSync on + +# remote template needs evaluated first +$template Incoming-logs,"/var/log/remote/%$YEAR%%$MONTH%%$DAY%/%HOSTNAME%.log" +if ($fromhost-ip != "127.0.0.1" ) then ?Incoming-logs +& ~ + +# Include all config files in /etc/rsyslog.d/ +$IncludeConfig /etc/rsyslog.d/*.conf + +# Turn off message reception via local log socket; +# local messages are retrieved through imjournal now. +$OmitLocalLogging on + +# File to store the position in the journal +$IMJournalStateFile imjournal.state + +#### RULES #### + +# Log all kernel messages to the console. +# Logging much else clutters up the screen. +#kern.* /dev/console + +# Log anything (except mail) of level info or higher. +# Don't log private authentication messages! +*.info;mail.none;authpriv.none;cron.none /var/log/messages + +# The authpriv file has restricted access. +authpriv.* /var/log/secure + +# Log all the mail messages in one place. +mail.* -/var/log/maillog + + +# Log cron stuff +cron.* /var/log/cron + +# Everybody gets emergency messages +*.emerg :omusrmsg:* + +# Save news errors of level crit and higher in a special file. +uucp,news.crit /var/log/spooler + +# Save boot messages also to boot.log +local7.* /var/log/boot.log + +# ### begin forwarding rule ### +# The statement between the begin ... end define a SINGLE forwarding +# rule. They belong together, do NOT split them. If you create multiple +# forwarding rules, duplicate the whole block! +# Remote Logging (we use TCP for reliable delivery) +# +# An on-disk queue is created for this action. If the remote host is +# down, messages are spooled to disk and sent when it is up again. +#$ActionQueueFileName fwdRule1 # unique name prefix for spool files +#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) +#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown +#$ActionQueueType LinkedList # run asynchronously +#$ActionResumeRetryCount -1 # infinite retries if host is down +# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional +#*.* @@remote-host:514 +# ### end of the forwarding rule ### diff --git a/ansible/roles/rsyslog/handlers/main.yaml b/ansible/roles/rsyslog/handlers/main.yaml new file mode 100644 index 00000000..2e960d3f --- /dev/null +++ b/ansible/roles/rsyslog/handlers/main.yaml @@ -0,0 +1,6 @@ +--- + +- name: Restart rsyslog + ansible.builtin.service: + name: rsyslog + state: restarted diff --git a/ansible/roles/rsyslog/tasks/cron.yaml b/ansible/roles/rsyslog/tasks/cron.yaml new file mode 100644 index 00000000..41cd3779 --- /dev/null +++ b/ansible/roles/rsyslog/tasks/cron.yaml @@ -0,0 +1,12 @@ +--- +- name: Copy compress_syslogs.sh + ansible.builtin.copy: + src: files/compress_syslogs.sh + dest: /etc/cron.daily/compress_syslogs.sh + mode: "0755" + +- name: Create cron entry for compress_syslogs.sh + ansible.builtin.cron: + name: "Compress syslogs older than 2 days" + special_time: daily + job: "/etc/cron.daily/compress_syslogs.sh" diff --git a/ansible/roles/rsyslog/tasks/firewall_rules.yaml b/ansible/roles/rsyslog/tasks/firewall_rules.yaml new file mode 100644 index 00000000..6fe43d2b --- /dev/null +++ b/ansible/roles/rsyslog/tasks/firewall_rules.yaml @@ -0,0 +1,21 @@ +--- +- name: Allow port 514/UDP for syslog + community.general.ufw: + rule: allow + proto: udp + port: "514" + +- name: Allow port 514/TCP for syslog + community.general.ufw: + rule: allow + proto: tcp + port: "514" + +- name: Allow SSH traffic through firewall + community.general.ufw: + rule: allow + name: OpenSSH + +- name: Allow everything and enable UFW + community.general.ufw: + state: reloaded diff --git a/ansible/roles/rsyslog/tasks/main.yaml b/ansible/roles/rsyslog/tasks/main.yaml new file mode 100644 index 00000000..8f197ada --- /dev/null +++ b/ansible/roles/rsyslog/tasks/main.yaml @@ -0,0 +1,6 @@ +--- +- include: rsyslog.yaml + +- include: cron.yaml + +- include: firewall_rules.yaml diff --git a/ansible/roles/rsyslog/tasks/rsyslog.yaml b/ansible/roles/rsyslog/tasks/rsyslog.yaml new file mode 100644 index 00000000..985d18dc --- /dev/null +++ b/ansible/roles/rsyslog/tasks/rsyslog.yaml @@ -0,0 +1,17 @@ +--- +- name: Install rsyslog package + ansible.builtin.apt: + name: "{{ packages.rsyslog }}" + install_recommends: false + update_cache: true + cache_valid_time: 3600 + autoclean: true + autoremove: true + +- name: Copy rsyslog.conf + ansible.builtin.copy: + src: files/rsyslog.conf + dest: /etc/rsyslog.conf + mode: "0640" + notify: + - Restart rsyslog diff --git a/ansible/roles/ubuntu/defaults/main.yaml b/ansible/roles/ubuntu/defaults/main.yaml index 5ac29ee0..f2d81c27 100644 --- a/ansible/roles/ubuntu/defaults/main.yaml +++ b/ansible/roles/ubuntu/defaults/main.yaml @@ -1,9 +1,10 @@ --- - packages: apt_install_vm: - - qemu-guest-agent - - htop + - qemu-guest-agent + - htop + - net-tools apt_install_lxc: - - htop + - htop + - net-tools diff --git a/terraform/main.tf b/terraform/main.tf index 43fa180c..35f5bc03 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -4,8 +4,8 @@ terraform { } required_providers { proxmox = { - source = "registry.magevent.net/telmate/proxmox" - version = ">=2.7.2" + source = "Telmate/proxmox" + version = ">=2.7.4" } } } From 498a1a4bace4d579d5756cb11c9bf517cad7a06a Mon Sep 17 00:00:00 2001 From: claughinghouse Date: Sat, 31 Jul 2021 21:19:29 -0400 Subject: [PATCH 28/84] Remove terraform provider script (#51) * fix: remove now outdated script * fix: remove old pre-commit workflot option --- .github/workflows/pre-commit.yaml | 11 +++---- terraform/terraform-proxmox-plugin.sh | 46 --------------------------- 2 files changed, 4 insertions(+), 53 deletions(-) delete mode 100644 terraform/terraform-proxmox-plugin.sh diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index f666673d..23263d32 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -9,10 +9,7 @@ jobs: pre-commit: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: actions/setup-python@v2 - - uses: terraform-linters/setup-tflint@v1 - - name: Install Proxmox provider - working-directory: ./terraform - run: bash ./terraform-proxmox-plugin.sh - - uses: pre-commit/action@v2.0.3 + - uses: actions/checkout@v2 + - uses: actions/setup-python@v2 + - uses: terraform-linters/setup-tflint@v1 + - uses: pre-commit/action@v2.0.3 diff --git a/terraform/terraform-proxmox-plugin.sh b/terraform/terraform-proxmox-plugin.sh deleted file mode 100644 index 2387b243..00000000 --- a/terraform/terraform-proxmox-plugin.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash -# -# Grab and install my version of the Terraform plugin until the HA State fix -# for containers is merged upstream and released. -# -# We should be able to adapt this to handle the intermediate period between -# merge and release from the upstream repository as well. -# -# - yesrod -# -PLUGIN_ARCH="linux_amd64" -PLUGIN_VERSION="2.7.2" - -INITIAL_DIR=$(pwd) -SUB_DIR="terraform.d/plugins/registry.magevent.net/telmate/proxmox/${PLUGIN_VERSION}/${PLUGIN_ARCH}" - -# Cleanup -go clean -modcache - -# Clone the repo -git clone https://github.com/Telmate/terraform-provider-proxmox.git -cd terraform-provider-proxmox - -# Build the plugin -export GO111MODULE=on -make clean -make build - -# Create the directory holding the newly built Terraform plugins -PLUGIN_TARGET="${INITIAL_DIR}/${SUB_DIR}" -mkdir -p "${PLUGIN_TARGET}/" -cp bin/terraform-provider-proxmox "${PLUGIN_TARGET}/" -echo "Installed to ${PLUGIN_TARGET}/" -ls -halt "${PLUGIN_TARGET}/" - -# Also the modules -for module_dir in ${INITIAL_DIR}/modules/*; do - echo "${module_dir}" - if [ -d "${module_dir}" ]; then - MODULE_TARGET="${module_dir}/${SUB_DIR}" - mkdir -p "${MODULE_TARGET}/" - cp bin/terraform-provider-proxmox "${MODULE_TARGET}/" - echo "Installed to ${MODULE_TARGET}/" - ls -halt "${MODULE_TARGET}/" - fi -done From 18517954b1468ca308afb5e6919c13c4828cced8 Mon Sep 17 00:00:00 2001 From: claughinghouse Date: Sat, 7 Aug 2021 13:38:35 -0400 Subject: [PATCH 29/84] feat: setup timesyncd (#54) --- ansible/roles/ubuntu/files/timesyncd.conf.j2 | 19 +++++++++++++++++++ ansible/roles/ubuntu/handlers/main.yaml | 5 +++++ ansible/roles/ubuntu/tasks/main.yaml | 11 +---------- ansible/roles/ubuntu/tasks/timesyncd.yaml | 11 +++++++++++ 4 files changed, 36 insertions(+), 10 deletions(-) create mode 100644 ansible/roles/ubuntu/files/timesyncd.conf.j2 create mode 100644 ansible/roles/ubuntu/handlers/main.yaml create mode 100644 ansible/roles/ubuntu/tasks/timesyncd.yaml diff --git a/ansible/roles/ubuntu/files/timesyncd.conf.j2 b/ansible/roles/ubuntu/files/timesyncd.conf.j2 new file mode 100644 index 00000000..9cf7b6a7 --- /dev/null +++ b/ansible/roles/ubuntu/files/timesyncd.conf.j2 @@ -0,0 +1,19 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# Entries in this file show the compile time defaults. +# You can change settings by editing this file. +# Defaults can be restored by simply deleting this file. +# +# See timesyncd.conf(5) for details. + +[Time] +NTP=0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org +#FallbackNTP=ntp.ubuntu.com +#RootDistanceMaxSec=5 +#PollIntervalMinSec=32 +#PollIntervalMaxSec=2048 diff --git a/ansible/roles/ubuntu/handlers/main.yaml b/ansible/roles/ubuntu/handlers/main.yaml new file mode 100644 index 00000000..e5a1c841 --- /dev/null +++ b/ansible/roles/ubuntu/handlers/main.yaml @@ -0,0 +1,5 @@ +--- +- name: Restart timesyncd + ansible.builtin.service: + name: systemd-timesyncd + state: restarted diff --git a/ansible/roles/ubuntu/tasks/main.yaml b/ansible/roles/ubuntu/tasks/main.yaml index 969387d9..0ecb0e0c 100644 --- a/ansible/roles/ubuntu/tasks/main.yaml +++ b/ansible/roles/ubuntu/tasks/main.yaml @@ -1,22 +1,13 @@ --- - - include: locale.yaml - tags: - - locale - include: packages.yaml - tags: - - packages - - include: network.yaml - tags: - - network - include: user.yaml - tags: - - user +- include: timesyncd.yaml # - name: Show facts available on the system # ansible.builtin.debug: # var: ansible_facts diff --git a/ansible/roles/ubuntu/tasks/timesyncd.yaml b/ansible/roles/ubuntu/tasks/timesyncd.yaml new file mode 100644 index 00000000..ab970b84 --- /dev/null +++ b/ansible/roles/ubuntu/tasks/timesyncd.yaml @@ -0,0 +1,11 @@ +--- +- name: Copy timesyncd.conf + ansible.builtin.template: + src: files/timesyncd.conf.j2 + dest: /etc/systemd/timesyncd.conf + mode: "0644" + # Not set for LXC because pve provides time to containers + when: + - ansible_facts['virtualization_type'] == "kvm" + notify: + - Restart timesyncd From 5b6e83d1b08cdaba2146282b845d4460e639f6cd Mon Sep 17 00:00:00 2001 From: claughinghouse Date: Sat, 7 Aug 2021 13:40:20 -0400 Subject: [PATCH 30/84] feat: add ufw rule for ssh and enable (#53) --- .../roles/rsyslog/tasks/firewall_rules.yaml | 5 ----- ansible/roles/ubuntu/tasks/firewall_rules.yaml | 9 +++++++++ ansible/roles/ubuntu/tasks/main.yaml | 18 ++++++++++++++++++ 3 files changed, 27 insertions(+), 5 deletions(-) create mode 100644 ansible/roles/ubuntu/tasks/firewall_rules.yaml diff --git a/ansible/roles/rsyslog/tasks/firewall_rules.yaml b/ansible/roles/rsyslog/tasks/firewall_rules.yaml index 6fe43d2b..624664c0 100644 --- a/ansible/roles/rsyslog/tasks/firewall_rules.yaml +++ b/ansible/roles/rsyslog/tasks/firewall_rules.yaml @@ -11,11 +11,6 @@ proto: tcp port: "514" -- name: Allow SSH traffic through firewall - community.general.ufw: - rule: allow - name: OpenSSH - - name: Allow everything and enable UFW community.general.ufw: state: reloaded diff --git a/ansible/roles/ubuntu/tasks/firewall_rules.yaml b/ansible/roles/ubuntu/tasks/firewall_rules.yaml new file mode 100644 index 00000000..e092b412 --- /dev/null +++ b/ansible/roles/ubuntu/tasks/firewall_rules.yaml @@ -0,0 +1,9 @@ +--- +- name: Allow SSH traffic through firewall + community.general.ufw: + rule: allow + name: OpenSSH + +- name: Reload UFW rules + community.general.ufw: + state: enabled diff --git a/ansible/roles/ubuntu/tasks/main.yaml b/ansible/roles/ubuntu/tasks/main.yaml index 0ecb0e0c..96414b8c 100644 --- a/ansible/roles/ubuntu/tasks/main.yaml +++ b/ansible/roles/ubuntu/tasks/main.yaml @@ -1,5 +1,23 @@ --- - include: locale.yaml + tags: + - locale + +- include: packages.yaml + tags: + - packages + +- include: network.yaml + tags: + - network + +- include: user.yaml + tags: + - user + +- include: firewall_rules.yaml + tags: + - firewall - include: packages.yaml From 3632c8a945e05d973e0b742cc5966b62b11f0e07 Mon Sep 17 00:00:00 2001 From: claughinghouse Date: Sat, 7 Aug 2021 13:41:40 -0400 Subject: [PATCH 31/84] Add rsyslog to common ubuntu role for all clients (#49) * feat: add client rsyslog config * feat: update module to be a template * fix: update IP in vault --- ansible/inventory/group_vars/all/vault.yaml | 52 +++++++++---------- ansible/roles/ubuntu/defaults/main.yaml | 2 + .../roles/ubuntu/files/remote-rsyslog.conf.j2 | 2 + ansible/roles/ubuntu/handlers/main.yaml | 4 ++ ansible/roles/ubuntu/tasks/main.yaml | 4 ++ ansible/roles/ubuntu/tasks/rsyslog.yaml | 8 +++ 6 files changed, 46 insertions(+), 26 deletions(-) create mode 100644 ansible/roles/ubuntu/files/remote-rsyslog.conf.j2 create mode 100644 ansible/roles/ubuntu/tasks/rsyslog.yaml diff --git a/ansible/inventory/group_vars/all/vault.yaml b/ansible/inventory/group_vars/all/vault.yaml index ecb92051..61cb7ca0 100644 --- a/ansible/inventory/group_vars/all/vault.yaml +++ b/ansible/inventory/group_vars/all/vault.yaml @@ -1,27 +1,27 @@ $ANSIBLE_VAULT;1.1;AES256 -38333237356539343762386561386662303266393832666565646564666330303463316539626234 -3461373735373562396336383431643434656231353735310a316430333262646230313532303161 -64663365643232663963666162353132626535363837393161326635363764623933313533636133 -3133363963323230610a333835383935313037313835656332303233306330373233396138636136 -33636361383138646539643561653537663737303039613138356461316164393130663230333664 -62323432396134613335643738383534613330316131333838633634633365356363386665303934 -36336239383335613332613835646131373230616437313131313235643466366234646537633864 -37616236646132333434656361373866333563336131383361616131656461346330306365386334 -34306531393566376238343431636630323932346163316632316531363830396232626361623366 -34646132393363356461353432326232373038643666323763626134366166646261363436313035 -66613865666436363938343962626663656435333335363334383065373035366166316631343666 -31353334656465616438323263666635323665643961633363353834396431643136393862643331 -31646163663131303262353562653664633538333134643234623834663932333362663736333432 -39363830323963363762656163656132353762363138333462646131346631653664666134303266 -33633561393462366635363330613363383236393662313036333834653430383564363937656635 -34643030396238653337646365316536663266333266393337303661366265356664366338376231 -34383165613932633237346232373664306262616439313338366561373766353132393931363766 -39333934663539306634306332306136383238653136343334663530643962393266373961343335 -63346462353739636337343330393634363235303538326466633061346263643239323465666332 -64666232376136643134386565373761623064386362363961383234346338313134643031646333 -63373035333965386238666539353261343866346666343432313137383433343061613534343631 -34343439656261356262333839303865396663346630363531313465373333343664393330373630 -66396662646262373837356137623731336364626663636137343866326564663731333464333537 -30626362653863343739666136633266383663386164643665663335663138613734356562326531 -64386133623063666563623734313631623866386164626261373039363830396366623565653362 -3634396434376134643963356234656363333662383631346163 +34613564313362313036646231646634353235343535393637626366343235376134386562646162 +3764633738653030613636363065633133346239373339360a353539313738386136353735346632 +39653065383032306336346162616331303433396133313339376461633962336439623562316361 +3930306439653834320a653235356462353539356338646531393635653366343461303732306631 +64653664383162343535643437356166643062653964386136393433663336333366396338643965 +66643532333261346137663063313730353066303563373364363239326530333838653764306430 +33353762653437386364313338366132663162666436626438363364623238636535313961376666 +39396463366235643734353231306566323431653763626138356239373863303032663938376238 +33656137636664383231393562393166396663306634643533383531396365383032626337306330 +62363765636334623131343762366530636232316339623462613232656333373963313338326337 +34613435373636346661373633623834656638393735373865663733346163346636363337383737 +31613364366332303135336437396339323562303632643431616663306666313938333634363531 +32343636356265663663666265303439633264366361303533363464643532396462613232626435 +36616439376264633466663031386537666336353530653264646561626335363963656633636537 +61373438386439363838663938326638353137646237636235616363616638303831363461666536 +39303037383433373837653031313761613535353235343432633836356465646238323832613935 +35636336303135326330336235336532386435313061306364386338656531353964356662633466 +63366266383339616165336265653938393032343534373132353563613230323835323637323063 +38646435653961383136653935626462623963333066343430643135346364333630613962326134 +32336562343161646332636639383038623361336166363561613261363365383431643837346561 +63336563613065663434363165333831366662333866353834333938303465386362336437393831 +38336531393437323237376339313266363363336466333161333330346663613761326462386465 +65373539643530336164666662383866343963333366313463383731343431376636646432373639 +35666439396664663362386462326437373236306539643962363438643134393032666633313661 +30323363303736326130316464323132613731666363653264613339393666316164386336323333 +3736643238643437363538636332613135376237346237643962 diff --git a/ansible/roles/ubuntu/defaults/main.yaml b/ansible/roles/ubuntu/defaults/main.yaml index f2d81c27..916325dd 100644 --- a/ansible/roles/ubuntu/defaults/main.yaml +++ b/ansible/roles/ubuntu/defaults/main.yaml @@ -3,8 +3,10 @@ packages: apt_install_vm: - qemu-guest-agent - htop + - rsyslog - net-tools apt_install_lxc: - htop + - rsyslog - net-tools diff --git a/ansible/roles/ubuntu/files/remote-rsyslog.conf.j2 b/ansible/roles/ubuntu/files/remote-rsyslog.conf.j2 new file mode 100644 index 00000000..287b06f4 --- /dev/null +++ b/ansible/roles/ubuntu/files/remote-rsyslog.conf.j2 @@ -0,0 +1,2 @@ +# send all logs to remote syslog server +*.* @@{{ rsyslog_1_ip }}:514 diff --git a/ansible/roles/ubuntu/handlers/main.yaml b/ansible/roles/ubuntu/handlers/main.yaml index e5a1c841..9d14703c 100644 --- a/ansible/roles/ubuntu/handlers/main.yaml +++ b/ansible/roles/ubuntu/handlers/main.yaml @@ -1,4 +1,8 @@ --- +- name: Restart rsyslog + ansible.builtin.service: + name: rsyslog + - name: Restart timesyncd ansible.builtin.service: name: systemd-timesyncd diff --git a/ansible/roles/ubuntu/tasks/main.yaml b/ansible/roles/ubuntu/tasks/main.yaml index 96414b8c..c9fde4a1 100644 --- a/ansible/roles/ubuntu/tasks/main.yaml +++ b/ansible/roles/ubuntu/tasks/main.yaml @@ -15,6 +15,10 @@ tags: - user +- include: rsyslog.yaml + tags: + - rsyslog-clients + - include: firewall_rules.yaml tags: - firewall diff --git a/ansible/roles/ubuntu/tasks/rsyslog.yaml b/ansible/roles/ubuntu/tasks/rsyslog.yaml new file mode 100644 index 00000000..56c050e7 --- /dev/null +++ b/ansible/roles/ubuntu/tasks/rsyslog.yaml @@ -0,0 +1,8 @@ +--- +- name: Copy remote-rsyslog.conf + ansible.builtin.template: + src: files/remote-rsyslog.conf.j2 + dest: /etc/rsyslog.d/remote-server.conf + mode: "0640" + notify: + - Restart rsyslog From 44e4c3c572a165db4f9a2d7a67e0ccc953e9cdf7 Mon Sep 17 00:00:00 2001 From: claughinghouse Date: Tue, 10 Aug 2021 20:48:46 -0400 Subject: [PATCH 32/84] feat: add cups server buildout (#56) --- .taskfiles/ansible.yml | 6 + ansible/inventory/group_vars/all/vault.yaml | 53 +++---- ansible/inventory/host_vars/cups-1.yaml | 9 ++ ansible/inventory/hosts.yaml | 3 + ansible/playbooks/cups/cups.yaml | 8 ++ ansible/roles/cups/defaults/main.yaml | 5 + ansible/roles/cups/files/cupsd.conf | 138 +++++++++++++++++++ ansible/roles/cups/handlers/main.yaml | 5 + ansible/roles/cups/tasks/cups.yaml | 17 +++ ansible/roles/cups/tasks/firewall_rules.yaml | 16 +++ ansible/roles/cups/tasks/main.yaml | 6 + ansible/roles/cups/tasks/users.yaml | 6 + ansible/roles/ubuntu/tasks/user.yaml | 2 +- 13 files changed, 247 insertions(+), 27 deletions(-) create mode 100644 ansible/inventory/host_vars/cups-1.yaml create mode 100644 ansible/playbooks/cups/cups.yaml create mode 100644 ansible/roles/cups/defaults/main.yaml create mode 100644 ansible/roles/cups/files/cupsd.conf create mode 100644 ansible/roles/cups/handlers/main.yaml create mode 100644 ansible/roles/cups/tasks/cups.yaml create mode 100644 ansible/roles/cups/tasks/firewall_rules.yaml create mode 100644 ansible/roles/cups/tasks/main.yaml create mode 100644 ansible/roles/cups/tasks/users.yaml diff --git a/.taskfiles/ansible.yml b/.taskfiles/ansible.yml index a2bb43ca..87a0e1e6 100644 --- a/.taskfiles/ansible.yml +++ b/.taskfiles/ansible.yml @@ -56,3 +56,9 @@ tasks: cmds: - "ansible-playbook {{.ANSIBLE_PLAYBOOK_DIR}}/rsyslog/rsyslog.yaml --vault-password-file .vault-password" silent: true + + cups-server: + desc: Install cups server + cmds: + - "ansible-playbook {{.ANSIBLE_PLAYBOOK_DIR}}/cups/cups.yaml --vault-password-file .vault-password" + silent: true diff --git a/ansible/inventory/group_vars/all/vault.yaml b/ansible/inventory/group_vars/all/vault.yaml index 61cb7ca0..b983270e 100644 --- a/ansible/inventory/group_vars/all/vault.yaml +++ b/ansible/inventory/group_vars/all/vault.yaml @@ -1,27 +1,28 @@ $ANSIBLE_VAULT;1.1;AES256 -34613564313362313036646231646634353235343535393637626366343235376134386562646162 -3764633738653030613636363065633133346239373339360a353539313738386136353735346632 -39653065383032306336346162616331303433396133313339376461633962336439623562316361 -3930306439653834320a653235356462353539356338646531393635653366343461303732306631 -64653664383162343535643437356166643062653964386136393433663336333366396338643965 -66643532333261346137663063313730353066303563373364363239326530333838653764306430 -33353762653437386364313338366132663162666436626438363364623238636535313961376666 -39396463366235643734353231306566323431653763626138356239373863303032663938376238 -33656137636664383231393562393166396663306634643533383531396365383032626337306330 -62363765636334623131343762366530636232316339623462613232656333373963313338326337 -34613435373636346661373633623834656638393735373865663733346163346636363337383737 -31613364366332303135336437396339323562303632643431616663306666313938333634363531 -32343636356265663663666265303439633264366361303533363464643532396462613232626435 -36616439376264633466663031386537666336353530653264646561626335363963656633636537 -61373438386439363838663938326638353137646237636235616363616638303831363461666536 -39303037383433373837653031313761613535353235343432633836356465646238323832613935 -35636336303135326330336235336532386435313061306364386338656531353964356662633466 -63366266383339616165336265653938393032343534373132353563613230323835323637323063 -38646435653961383136653935626462623963333066343430643135346364333630613962326134 -32336562343161646332636639383038623361336166363561613261363365383431643837346561 -63336563613065663434363165333831366662333866353834333938303465386362336437393831 -38336531393437323237376339313266363363336466333161333330346663613761326462386465 -65373539643530336164666662383866343963333366313463383731343431376636646432373639 -35666439396664663362386462326437373236306539643962363438643134393032666633313661 -30323363303736326130316464323132613731666363653264613339393666316164386336323333 -3736643238643437363538636332613135376237346237643962 +31356231383832333131663864333530616665393233303234383165373065653937663861333932 +3664323264326663326330666136393763383339376566330a313062383736636437326139616639 +35666464656237633962303638303537663230346137383862643331316434643566633666656330 +6562353939363333660a623737306565333965616265356266656261326461356264366235626636 +62626562393238386437393065336261633931316632323838376634336536656665373862626635 +39393064393761373239623161623063343835366635316333323066343361623933616538306135 +31666132356336313935353565646434373933613133386265323863653530313161353233323166 +65303433356163353864663939663030356432306366363166316437633165353266656338373035 +38666534336631313838346662643535333366363463373263643833613436313163346138666537 +33656561326537623862383936326239636230366631393738346462656163353438333633393165 +35643431376134643664353832343665356137373835626665326461643138343638376166326630 +62613436363261333733623732626162616238616263666431636338613033373362303237636433 +63326365653533373964366462323039326239636630316336373337653763633761386663323039 +61323964376234353531313132373236353639396133613263353132616536653832656430323032 +65663663643333653861356531363664383765356536663764363764383539363531356265323030 +39323236663762633830383331333934303830393138646232386439643264666261393035636438 +32613466323162636361376436313434636633386666353261326138633762363064643039613864 +65346333663934663633653138376435353538366361616335663965656463393831393535623834 +64663934653430373766353935623665626138623165666233363534303362643061636530373731 +65633264343634623632313661646130336364386266643532666561656536396139623736396663 +61333763323262323935633162386438393733313030353233383761386561666564353366623864 +31303766353662343032303530356532373037343461373536643035393438633732373365356461 +30316238363263666464616130353965326462393838643331626231333930316563333631623565 +66383234616633613035356565643962323534633030326536353733353933643033313730613330 +30316237376231343139383763386165313431386430663963393938653861623834653966333230 +65613332663330306263336662626365363939656365633861323739343533383932316665343663 +303264666465336636396661613138333363 diff --git a/ansible/inventory/host_vars/cups-1.yaml b/ansible/inventory/host_vars/cups-1.yaml new file mode 100644 index 00000000..41e03f03 --- /dev/null +++ b/ansible/inventory/host_vars/cups-1.yaml @@ -0,0 +1,9 @@ +--- +# IP address of node +ansible_host: "{{ cups_1_ip }}" + +# Ansible user to ssh into servers with +ansible_user: "{{ ansible_ci_lxc_user }}" +# ansible_ssh_pass: "ubuntu" +# ansible_ssh_common_args: "-o UserKnownHostsFile=/dev/null" +# ansible_become_pass: "ubuntu" diff --git a/ansible/inventory/hosts.yaml b/ansible/inventory/hosts.yaml index 2edcf114..4e1d770d 100644 --- a/ansible/inventory/hosts.yaml +++ b/ansible/inventory/hosts.yaml @@ -14,3 +14,6 @@ all: # rsyslog: # hosts: # rsyslog-1: + # cups: + # hosts: + # cups-1: diff --git a/ansible/playbooks/cups/cups.yaml b/ansible/playbooks/cups/cups.yaml new file mode 100644 index 00000000..3bbf4fe9 --- /dev/null +++ b/ansible/playbooks/cups/cups.yaml @@ -0,0 +1,8 @@ +--- +- hosts: + - cups + become: true + gather_facts: true + any_errors_fatal: true + roles: + - cups diff --git a/ansible/roles/cups/defaults/main.yaml b/ansible/roles/cups/defaults/main.yaml new file mode 100644 index 00000000..82a46e06 --- /dev/null +++ b/ansible/roles/cups/defaults/main.yaml @@ -0,0 +1,5 @@ +--- +packages: + cups: + - cups + - ghostscript diff --git a/ansible/roles/cups/files/cupsd.conf b/ansible/roles/cups/files/cupsd.conf new file mode 100644 index 00000000..152650ca --- /dev/null +++ b/ansible/roles/cups/files/cupsd.conf @@ -0,0 +1,138 @@ +MaxLogSize 0 +# +# "$Id: cupsd.conf.in 7888 2008-08-29 21:16:56Z mike $" +# +# Sample configuration file for the CUPS scheduler. See "man cupsd.conf" for a +# complete description of this file. +# + +# Log general information in error_log - change "warn" to "debug" +# for troubleshooting... +LogLevel warn + +Listen 0.0.0.0:631 +Port 80 +DefaultEncryption Never + +# Show shared printers on the local network. +Browsing On +BrowseLocalProtocols dnssd + +# Default authentication type, when authentication is required... +DefaultAuthType Basic + +# Web interface setting... +WebInterface Yes + +# Restrict access to the server... + + Allow all + Order allow,deny + + +# Restrict access to the admin pages... + + Allow all + Order allow,deny + + +# Restrict access to configuration files... + + Allow all + AuthType Default + Require user @SYSTEM + Order allow,deny + + +# Set the default printer/job policies... + + # Job/subscription privacy... + JobPrivateAccess default + JobPrivateValues default + SubscriptionPrivateAccess default + SubscriptionPrivateValues default + + # Job-related operations must be done by the owner or an administrator... + + Order deny,allow + + + + Require user @OWNER @SYSTEM + Order deny,allow + + + # All administration operations require an administrator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # All printer operations require a printer operator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # Only the owner or an administrator can cancel or authenticate a job... + + Require user @OWNER @SYSTEM + Order deny,allow + + + + Order deny,allow + + + +# Set the authenticated printer/job policies... + + # Job/subscription privacy... + JobPrivateAccess default + JobPrivateValues default + SubscriptionPrivateAccess default + SubscriptionPrivateValues default + + # Job-related operations must be done by the owner or an administrator... + + AuthType Default + Order deny,allow + + + + AuthType Default + Require user @OWNER @SYSTEM + Order deny,allow + + + # All administration operations require an administrator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # All printer operations require a printer operator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # Only the owner or an administrator can cancel or authenticate a job... + + AuthType Default + Require user @OWNER @SYSTEM + Order deny,allow + + + + Order deny,allow + + + +# +# End of "$Id: cupsd.conf.in 7888 2008-08-29 21:16:56Z mike $". +# diff --git a/ansible/roles/cups/handlers/main.yaml b/ansible/roles/cups/handlers/main.yaml new file mode 100644 index 00000000..11c93a1b --- /dev/null +++ b/ansible/roles/cups/handlers/main.yaml @@ -0,0 +1,5 @@ +--- +- name: Restart cups + ansible.builtin.service: + name: cups + state: restarted diff --git a/ansible/roles/cups/tasks/cups.yaml b/ansible/roles/cups/tasks/cups.yaml new file mode 100644 index 00000000..42d9f611 --- /dev/null +++ b/ansible/roles/cups/tasks/cups.yaml @@ -0,0 +1,17 @@ +--- +- name: Install cups package + ansible.builtin.apt: + name: "{{ packages.cups }}" + install_recommends: false + update_cache: true + cache_valid_time: 3600 + autoclean: true + autoremove: true + +- name: Copy cupsd.conf + ansible.builtin.copy: + src: files/cupsd.conf + dest: /etc/cups/cupsd.conf + mode: "0644" + notify: + - Restart cups diff --git a/ansible/roles/cups/tasks/firewall_rules.yaml b/ansible/roles/cups/tasks/firewall_rules.yaml new file mode 100644 index 00000000..a7029e10 --- /dev/null +++ b/ansible/roles/cups/tasks/firewall_rules.yaml @@ -0,0 +1,16 @@ +--- +- name: Allow port 631 for CUPS + community.general.ufw: + rule: allow + proto: tcp + port: "631" + +- name: Allow port 80 for CUPS Web + community.general.ufw: + rule: allow + proto: tcp + port: "80" + +- name: Reload UFW + community.general.ufw: + state: reloaded diff --git a/ansible/roles/cups/tasks/main.yaml b/ansible/roles/cups/tasks/main.yaml new file mode 100644 index 00000000..279a8b20 --- /dev/null +++ b/ansible/roles/cups/tasks/main.yaml @@ -0,0 +1,6 @@ +--- +- include_tasks: cups.yaml + +- include_tasks: firewall_rules.yaml + +- include_tasks: users.yaml diff --git a/ansible/roles/cups/tasks/users.yaml b/ansible/roles/cups/tasks/users.yaml new file mode 100644 index 00000000..347ded78 --- /dev/null +++ b/ansible/roles/cups/tasks/users.yaml @@ -0,0 +1,6 @@ +--- +- name: Add break glass username to the lpadmin group + ansible.builtin.user: + name: "{{ break_glass_user }}" + groups: lpadmin + append: yes diff --git a/ansible/roles/ubuntu/tasks/user.yaml b/ansible/roles/ubuntu/tasks/user.yaml index ece3db90..300f9dc9 100644 --- a/ansible/roles/ubuntu/tasks/user.yaml +++ b/ansible/roles/ubuntu/tasks/user.yaml @@ -1,6 +1,6 @@ --- - name: Create break glass account - user: + ansible.builtin.user: name: "{{ break_glass_user }}" password: "{{ break_glass_pass }}" shell: /bin/bash From 6d09eb79d01298e940a8730be703a0de5da96e8e Mon Sep 17 00:00:00 2001 From: yesrod Date: Wed, 11 Aug 2021 11:43:54 -0400 Subject: [PATCH 33/84] Remove remnants of Terraform plugin hack (#58) The script has been gone for a while, but both CI systems are still trying to run it. --- .github/workflows/terraform-lint.yaml | 3 --- .gitlab-ci.yml | 1 - 2 files changed, 4 deletions(-) diff --git a/.github/workflows/terraform-lint.yaml b/.github/workflows/terraform-lint.yaml index edeff406..80230d35 100644 --- a/.github/workflows/terraform-lint.yaml +++ b/.github/workflows/terraform-lint.yaml @@ -29,9 +29,6 @@ jobs: - uses: terraform-linters/setup-tflint@v1 name: Setup TFLint - - name: Install Proxmox provider - run: bash ./terraform-proxmox-plugin.sh - - name: Run `terraform fmt` run: terraform fmt -diff -no-color -recursive diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8e4d7735..74b9b4ea 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -12,7 +12,6 @@ cache: # Test before_script: - cd ${TF_ROOT} - - bash ./terraform-proxmox-plugin.sh stages: - prepare-tf From a4be91c84d35647ba454f0679ae4354005ecf94a Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Thu, 19 Aug 2021 22:47:34 -0400 Subject: [PATCH 34/84] TOPS-100 First pass at subnet / domain logic --- subnet_prefixes.txt | 0 terraform/helpers/subnet_prefix.py | 0 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 subnet_prefixes.txt create mode 100644 terraform/helpers/subnet_prefix.py diff --git a/subnet_prefixes.txt b/subnet_prefixes.txt new file mode 100644 index 00000000..e69de29b diff --git a/terraform/helpers/subnet_prefix.py b/terraform/helpers/subnet_prefix.py new file mode 100644 index 00000000..e69de29b From 23d02f75e78cffdc1e77a2599599c4cc1d06f09b Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Thu, 19 Aug 2021 22:48:28 -0400 Subject: [PATCH 35/84] TOPS-100 First pass at subnet / domain logic --- .gitlab-ci.yml | 2 ++ subnet_prefixes.txt | 4 +++ terraform/helpers/subnet_prefix.py | 40 ++++++++++++++++++++++++++++++ terraform/lxc-dhcp.tf | 12 +++++---- terraform/lxc-stackstorm.tf | 12 +++++---- terraform/main.tf | 10 ++++++-- 6 files changed, 68 insertions(+), 12 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 74b9b4ea..f67061de 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -4,6 +4,7 @@ variables: TF_HTTP_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${CI_COMMIT_BRANCH} TF_STATE_NAME: ${CI_COMMIT_BRANCH} TF_CACHE_KEY: ${CI_COMMIT_BRANCH} + TF_VAR_branch: ${CI_COMMIT_BRANCH} cache: key: "${TF_ROOT}" paths: @@ -12,6 +13,7 @@ cache: # Test before_script: - cd ${TF_ROOT} + - export TF_VAR_subnet="${python3 helpers/subnet_prefix.py}" stages: - prepare-tf diff --git a/subnet_prefixes.txt b/subnet_prefixes.txt index e69de29b..3ab1380b 100644 --- a/subnet_prefixes.txt +++ b/subnet_prefixes.txt @@ -0,0 +1,4 @@ +main: 10.101.23.0/24 +dev: 10.101.24.0/24 +aaron-dev: 10.101.25.0/24 +default: 10.101.26.0/24 diff --git a/terraform/helpers/subnet_prefix.py b/terraform/helpers/subnet_prefix.py index e69de29b..502ee38e 100644 --- a/terraform/helpers/subnet_prefix.py +++ b/terraform/helpers/subnet_prefix.py @@ -0,0 +1,40 @@ +#!/usr/bin/env python3 +# Outputs string with correct subnet prefix based on +# the current git branch. +# ATS +import subprocess +import re +import sys + +results = subprocess.run( + ["git", "branch", "--show-current"], + stdout=subprocess.PIPE, + text=True) + +if results.returncode: + print("Git branch command returned non-0 exit code", file=sys.stderr) + exit(1) + +branch = str(results.stdout.strip()) +if bool(re.search(r"\s", branch)): + print("No whitespace in branch names! Bad!", file=sys.stderr) + exit(1) + +root_directory = str(subprocess.run( + ["git", "rev-parse", "--show-toplevel"], + stdout=subprocess.PIPE, + text=True).stdout.strip()) + +mapping_file = f"{root_directory}/subnet_prefixes.txt" +subnets = {} +with open(mapping_file) as myfile: + for line in myfile: + name, var = line.partition(":")[::2] + subnets[name.strip()] = str(var).strip() + +if branch in subnets: + print(subnets[branch]) + exit(0) +else: + print(f"Could not find branch {branch} in {mapping_file}", file=sys.stderr) + exit(1) diff --git a/terraform/lxc-dhcp.tf b/terraform/lxc-dhcp.tf index c27076a3..ba927817 100644 --- a/terraform/lxc-dhcp.tf +++ b/terraform/lxc-dhcp.tf @@ -1,12 +1,14 @@ module "dhcp1" { - source = "./modules/lxc" - ip_address = "10.101.22.253/24" - hostname = "dhcp1.dev.magevent.net" + source = "./modules/lxc" + cluster_name = "pve1" + ip_address = cidrsubnet(var.subnet, 0, 253) + hostname = "dhcp1.${var.branch}.magevent.net" } module "dhcp2" { source = "./modules/lxc" + source = "./modules/lxc" cluster_name = "pve2" - ip_address = "10.101.22.254/24" - hostname = "dhcp2.dev.magevent.net" + ip_address = cidrsubnet(var.subnet, 0, 254) + hostname = "dhcp2.${var.branch}.magevent.net" } diff --git a/terraform/lxc-stackstorm.tf b/terraform/lxc-stackstorm.tf index e9c365e1..e3b01cb4 100644 --- a/terraform/lxc-stackstorm.tf +++ b/terraform/lxc-stackstorm.tf @@ -1,12 +1,14 @@ module "stackstorm1" { - source = "./modules/lxc" - ip_address = "10.101.22.136/24" - hostname = "stackstorm1.dev.magevent.net" + source = "./modules/lxc" + cluster_name = "pve1" + ip_address = cidrsubnet(var.subnet, 0, 136) + hostname = "stackstorm1.${var.branch}.magevent.net" } module "stackstorm2" { source = "./modules/lxc" + source = "./modules/lxc" cluster_name = "pve2" - ip_address = "10.101.22.137/24" - hostname = "stackstorm2.dev.magevent.net" + ip_address = cidrsubnet(var.subnet, 0, 137) + hostname = "stackstorm2.${var.branch}.magevent.net" } diff --git a/terraform/main.tf b/terraform/main.tf index 35f5bc03..41dac17d 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -23,6 +23,12 @@ provider "proxmox" { } } +variable "branch" { + type = string + description = "Git branch, which is also used as subdomain name." +} - - +variable "subnet" { + type = string + description = "Subnet for the branch in format 192.168.1.0/24" +} From 45ab57c62e10c6ceecdd032f1b0ba77f357964d7 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Thu, 19 Aug 2021 22:55:13 -0400 Subject: [PATCH 36/84] TOPS-100 not --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f67061de..c11bc269 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -13,7 +13,7 @@ cache: # Test before_script: - cd ${TF_ROOT} - - export TF_VAR_subnet="${python3 helpers/subnet_prefix.py}" + - export TF_VAR_subnet="$(python3 helpers/subnet_prefix.py)" stages: - prepare-tf From 2372a2434f37bdd036bafe90582e6c0d02f4c218 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Thu, 19 Aug 2021 22:57:19 -0400 Subject: [PATCH 37/84] TOPS-100 rebase fluke --- terraform/lxc-dhcp.tf | 1 - terraform/lxc-stackstorm.tf | 1 - 2 files changed, 2 deletions(-) diff --git a/terraform/lxc-dhcp.tf b/terraform/lxc-dhcp.tf index ba927817..6e9d564c 100644 --- a/terraform/lxc-dhcp.tf +++ b/terraform/lxc-dhcp.tf @@ -6,7 +6,6 @@ module "dhcp1" { } module "dhcp2" { - source = "./modules/lxc" source = "./modules/lxc" cluster_name = "pve2" ip_address = cidrsubnet(var.subnet, 0, 254) diff --git a/terraform/lxc-stackstorm.tf b/terraform/lxc-stackstorm.tf index e3b01cb4..c211213f 100644 --- a/terraform/lxc-stackstorm.tf +++ b/terraform/lxc-stackstorm.tf @@ -7,7 +7,6 @@ module "stackstorm1" { module "stackstorm2" { source = "./modules/lxc" - source = "./modules/lxc" cluster_name = "pve2" ip_address = cidrsubnet(var.subnet, 0, 137) hostname = "stackstorm2.${var.branch}.magevent.net" From e2147cdabe83a3f45b61999b84bc3f3de9c4831f Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Thu, 19 Aug 2021 23:02:14 -0400 Subject: [PATCH 38/84] TOPS-100 Updated Telemate/proxmox var in a few places --- terraform/modules/lxc/main.tf | 2 +- terraform/modules/qemu-kvm/main.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/modules/lxc/main.tf b/terraform/modules/lxc/main.tf index 14a79121..33785539 100644 --- a/terraform/modules/lxc/main.tf +++ b/terraform/modules/lxc/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { proxmox = { source = "Telmate/proxmox" - version = "2.7.1" + version = ">=2.7.4" } } } diff --git a/terraform/modules/qemu-kvm/main.tf b/terraform/modules/qemu-kvm/main.tf index 32e26f27..5f63d73f 100644 --- a/terraform/modules/qemu-kvm/main.tf +++ b/terraform/modules/qemu-kvm/main.tf @@ -3,7 +3,7 @@ terraform { required_providers { proxmox = { source = "Telmate/proxmox" - version = "2.7.1" + version = ">=2.7.4" } } } From 7fc2671d85dab5ebe5cc9c47df21067de2984d9e Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Thu, 19 Aug 2021 23:11:02 -0400 Subject: [PATCH 39/84] TOPS-100 simplify python subnet file --- terraform/helpers/subnet_prefix.py | 32 +++++++----------------------- 1 file changed, 7 insertions(+), 25 deletions(-) diff --git a/terraform/helpers/subnet_prefix.py b/terraform/helpers/subnet_prefix.py index 502ee38e..bdd51b21 100644 --- a/terraform/helpers/subnet_prefix.py +++ b/terraform/helpers/subnet_prefix.py @@ -2,30 +2,12 @@ # Outputs string with correct subnet prefix based on # the current git branch. # ATS -import subprocess -import re +import os import sys -results = subprocess.run( - ["git", "branch", "--show-current"], - stdout=subprocess.PIPE, - text=True) +branch = os.getenv("CI_COMMIT_BRANCH") +mapping_file = f"{os.getenv('CI_PROJECT_DIR')}/subnet_prefixes.txt" -if results.returncode: - print("Git branch command returned non-0 exit code", file=sys.stderr) - exit(1) - -branch = str(results.stdout.strip()) -if bool(re.search(r"\s", branch)): - print("No whitespace in branch names! Bad!", file=sys.stderr) - exit(1) - -root_directory = str(subprocess.run( - ["git", "rev-parse", "--show-toplevel"], - stdout=subprocess.PIPE, - text=True).stdout.strip()) - -mapping_file = f"{root_directory}/subnet_prefixes.txt" subnets = {} with open(mapping_file) as myfile: for line in myfile: @@ -33,8 +15,8 @@ subnets[name.strip()] = str(var).strip() if branch in subnets: - print(subnets[branch]) - exit(0) + print(subnets[branch]) + exit(0) else: - print(f"Could not find branch {branch} in {mapping_file}", file=sys.stderr) - exit(1) + print(f"Could not find branch {branch} in {mapping_file}", file=sys.stderr) + exit(1) From 6cd4d72962cb5d0e1d738742999c11c80bf39d33 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Thu, 19 Aug 2021 23:34:17 -0400 Subject: [PATCH 40/84] TOPS-100 ??? CIDR math --- subnet_prefixes.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/subnet_prefixes.txt b/subnet_prefixes.txt index 3ab1380b..8bba692e 100644 --- a/subnet_prefixes.txt +++ b/subnet_prefixes.txt @@ -1,4 +1,4 @@ -main: 10.101.23.0/24 -dev: 10.101.24.0/24 -aaron-dev: 10.101.25.0/24 -default: 10.101.26.0/24 +main: 10.101.23.1/24 +dev: 10.101.24.1/24 +aaron-dev: 10.101.25.1/24 +default: 10.101.26.1/24 From c4efad4e202d90c61a13afbf5e83b1ac638444dc Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Thu, 19 Aug 2021 23:54:24 -0400 Subject: [PATCH 41/84] TOPS-100 Maybe? --- terraform/lxc-dhcp.tf | 4 ++-- terraform/lxc-stackstorm.tf | 4 ++-- terraform/main.tf | 4 ++++ 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/terraform/lxc-dhcp.tf b/terraform/lxc-dhcp.tf index 6e9d564c..3403d724 100644 --- a/terraform/lxc-dhcp.tf +++ b/terraform/lxc-dhcp.tf @@ -1,13 +1,13 @@ module "dhcp1" { source = "./modules/lxc" cluster_name = "pve1" - ip_address = cidrsubnet(var.subnet, 0, 253) + ip_address = "${cidrhost(var.subnet, 253)}/${local.cidr_suffix}" hostname = "dhcp1.${var.branch}.magevent.net" } module "dhcp2" { source = "./modules/lxc" cluster_name = "pve2" - ip_address = cidrsubnet(var.subnet, 0, 254) + ip_address = "${cidrhost(var.subnet, 254)}/${local.cidr_suffix}" hostname = "dhcp2.${var.branch}.magevent.net" } diff --git a/terraform/lxc-stackstorm.tf b/terraform/lxc-stackstorm.tf index c211213f..71e855b4 100644 --- a/terraform/lxc-stackstorm.tf +++ b/terraform/lxc-stackstorm.tf @@ -1,13 +1,13 @@ module "stackstorm1" { source = "./modules/lxc" cluster_name = "pve1" - ip_address = cidrsubnet(var.subnet, 0, 136) + ip_address = "${cidrhost(var.subnet, 136)}/${local.cidr_suffix}" hostname = "stackstorm1.${var.branch}.magevent.net" } module "stackstorm2" { source = "./modules/lxc" cluster_name = "pve2" - ip_address = cidrsubnet(var.subnet, 0, 137) + ip_address = "${cidrhost(var.subnet, 137)}/${local.cidr_suffix}" hostname = "stackstorm2.${var.branch}.magevent.net" } diff --git a/terraform/main.tf b/terraform/main.tf index 41dac17d..3c7c27ec 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -32,3 +32,7 @@ variable "subnet" { type = string description = "Subnet for the branch in format 192.168.1.0/24" } + +locals { + cidr_suffix = element(split("/", subnet), 2) +} From 41a247f97e0a70127f356813770bdf3a1a2bcb7c Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Thu, 19 Aug 2021 23:56:40 -0400 Subject: [PATCH 42/84] TOPS-100 Maybe? --- terraform/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/main.tf b/terraform/main.tf index 3c7c27ec..f404df38 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -34,5 +34,5 @@ variable "subnet" { } locals { - cidr_suffix = element(split("/", subnet), 2) + cidr_suffix = element(split("/", var.subnet), 2) } From ea6e78bcefdd42a4ff829fdb28e2989c28af440e Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Fri, 20 Aug 2021 00:01:07 -0400 Subject: [PATCH 43/84] TOPS-100 cleanup --- subnet_prefixes.txt | 8 ++++---- terraform/main.tf | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/subnet_prefixes.txt b/subnet_prefixes.txt index 8bba692e..3ab1380b 100644 --- a/subnet_prefixes.txt +++ b/subnet_prefixes.txt @@ -1,4 +1,4 @@ -main: 10.101.23.1/24 -dev: 10.101.24.1/24 -aaron-dev: 10.101.25.1/24 -default: 10.101.26.1/24 +main: 10.101.23.0/24 +dev: 10.101.24.0/24 +aaron-dev: 10.101.25.0/24 +default: 10.101.26.0/24 diff --git a/terraform/main.tf b/terraform/main.tf index f404df38..0a9ff600 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -34,5 +34,5 @@ variable "subnet" { } locals { - cidr_suffix = element(split("/", var.subnet), 2) + cidr_suffix = element(split("/", var.subnet), 1) } From 1aae4f24931ed7aaa094374f81928dedd351ba2b Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Fri, 20 Aug 2021 00:03:33 -0400 Subject: [PATCH 44/84] TOPS-100 Add domain local --- terraform/lxc-dhcp.tf | 4 ++-- terraform/lxc-stackstorm.tf | 4 ++-- terraform/main.tf | 1 + 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/terraform/lxc-dhcp.tf b/terraform/lxc-dhcp.tf index 3403d724..77236d8b 100644 --- a/terraform/lxc-dhcp.tf +++ b/terraform/lxc-dhcp.tf @@ -2,12 +2,12 @@ module "dhcp1" { source = "./modules/lxc" cluster_name = "pve1" ip_address = "${cidrhost(var.subnet, 253)}/${local.cidr_suffix}" - hostname = "dhcp1.${var.branch}.magevent.net" + hostname = "dhcp1.${local.domain}" } module "dhcp2" { source = "./modules/lxc" cluster_name = "pve2" ip_address = "${cidrhost(var.subnet, 254)}/${local.cidr_suffix}" - hostname = "dhcp2.${var.branch}.magevent.net" + hostname = "dhcp2.${local.domain}" } diff --git a/terraform/lxc-stackstorm.tf b/terraform/lxc-stackstorm.tf index 71e855b4..98c42bcb 100644 --- a/terraform/lxc-stackstorm.tf +++ b/terraform/lxc-stackstorm.tf @@ -2,12 +2,12 @@ module "stackstorm1" { source = "./modules/lxc" cluster_name = "pve1" ip_address = "${cidrhost(var.subnet, 136)}/${local.cidr_suffix}" - hostname = "stackstorm1.${var.branch}.magevent.net" + hostname = "stackstorm1.${local.domain}" } module "stackstorm2" { source = "./modules/lxc" cluster_name = "pve2" ip_address = "${cidrhost(var.subnet, 137)}/${local.cidr_suffix}" - hostname = "stackstorm2.${var.branch}.magevent.net" + hostname = "stackstorm2.${local.domain}" } diff --git a/terraform/main.tf b/terraform/main.tf index 0a9ff600..0af758a7 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -35,4 +35,5 @@ variable "subnet" { locals { cidr_suffix = element(split("/", var.subnet), 1) + domain = "{var.branch}.magevent.net" } From fb181e5d6d31676e574db7639b11c46dcf446764 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Fri, 20 Aug 2021 00:03:47 -0400 Subject: [PATCH 45/84] TOPS-100 Scratch stackstorm --- terraform/lxc-stackstorm.tf | 13 ------------- 1 file changed, 13 deletions(-) delete mode 100644 terraform/lxc-stackstorm.tf diff --git a/terraform/lxc-stackstorm.tf b/terraform/lxc-stackstorm.tf deleted file mode 100644 index 98c42bcb..00000000 --- a/terraform/lxc-stackstorm.tf +++ /dev/null @@ -1,13 +0,0 @@ -module "stackstorm1" { - source = "./modules/lxc" - cluster_name = "pve1" - ip_address = "${cidrhost(var.subnet, 136)}/${local.cidr_suffix}" - hostname = "stackstorm1.${local.domain}" -} - -module "stackstorm2" { - source = "./modules/lxc" - cluster_name = "pve2" - ip_address = "${cidrhost(var.subnet, 137)}/${local.cidr_suffix}" - hostname = "stackstorm2.${local.domain}" -} From 2bde176ad4177af64d1908a56da7f3e5971eacc7 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Fri, 20 Aug 2021 00:07:31 -0400 Subject: [PATCH 46/84] TOPS-100 missing $ --- terraform/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/main.tf b/terraform/main.tf index 0af758a7..316c9010 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -35,5 +35,5 @@ variable "subnet" { locals { cidr_suffix = element(split("/", var.subnet), 1) - domain = "{var.branch}.magevent.net" + domain = "${var.branch}.magevent.net" } From 2e80b2ea3176dc2f19a0fe833767935ab4d89233 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 01:28:52 -0400 Subject: [PATCH 47/84] test: Make count dynamic --- terraform/inventory.tmpl | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 terraform/inventory.tmpl diff --git a/terraform/inventory.tmpl b/terraform/inventory.tmpl new file mode 100644 index 00000000..e69de29b From ab09d98a8a0985ab1809b5f7bbd61737bf5ca9c2 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 01:31:14 -0400 Subject: [PATCH 48/84] Testing instance increments --- terraform/lxc-dhcp.tf | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/terraform/lxc-dhcp.tf b/terraform/lxc-dhcp.tf index d4381623..f23020c0 100644 --- a/terraform/lxc-dhcp.tf +++ b/terraform/lxc-dhcp.tf @@ -1,13 +1,10 @@ -module "dhcp1" { +module "dhcp" { source = "./modules/lxc" + count = 2 cluster_name = "pve1" - ip_address = "${cidrhost(var.subnet, 253)}/${local.cidr_suffix}" - hostname = "dhcp1.${local.domain}" -} - -module "dhcp2" { - source = "./modules/lxc" - cluster_name = "pve2" - ip_address = "${cidrhost(var.subnet, 254)}/${local.cidr_suffix}" - hostname = "dhcp2.${local.domain}" + ip_address = "${cidrhost(var.subnet, 252+count.index)}/${local.cidr_suffix}" + hostname = "dhcp${floor(count.index + 1)}.${local.domain}" + labels = { + ansible-group = "dhcp" + } } From a75039294aeed5bbd35992e41bb7a287bd050abf Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 01:33:52 -0400 Subject: [PATCH 49/84] Add labels to module --- terraform/modules/lxc/main.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/terraform/modules/lxc/main.tf b/terraform/modules/lxc/main.tf index 667a324f..4ce4a3af 100644 --- a/terraform/modules/lxc/main.tf +++ b/terraform/modules/lxc/main.tf @@ -33,6 +33,11 @@ EOT tag = "22" ip = var.ip_address } + + labels = { + ansible-group = "lxc-container" + } + } variable "hostname" { From 830702d20b076221cc974d6dc68f14ed3a271519 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 01:42:06 -0400 Subject: [PATCH 50/84] Testing --- terraform/inventory.tmpl | 8 ++++++++ terraform/lxc-dhcp.tf | 3 --- terraform/modules/lxc/main.tf | 4 ---- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/terraform/inventory.tmpl b/terraform/inventory.tmpl index e69de29b..58d55ffd 100644 --- a/terraform/inventory.tmpl +++ b/terraform/inventory.tmpl @@ -0,0 +1,8 @@ +resource "local_file" "inventory" { + filename = "./host.ini" + content = <<_EOF + [dhcp] + ${module.lxc-dhcp[0].ip_address} + ${module.lxc-dhcp[1].ip_address} + EOF +} diff --git a/terraform/lxc-dhcp.tf b/terraform/lxc-dhcp.tf index f23020c0..b79e8d14 100644 --- a/terraform/lxc-dhcp.tf +++ b/terraform/lxc-dhcp.tf @@ -4,7 +4,4 @@ module "dhcp" { cluster_name = "pve1" ip_address = "${cidrhost(var.subnet, 252+count.index)}/${local.cidr_suffix}" hostname = "dhcp${floor(count.index + 1)}.${local.domain}" - labels = { - ansible-group = "dhcp" - } } diff --git a/terraform/modules/lxc/main.tf b/terraform/modules/lxc/main.tf index 4ce4a3af..e29fba0e 100644 --- a/terraform/modules/lxc/main.tf +++ b/terraform/modules/lxc/main.tf @@ -34,10 +34,6 @@ EOT ip = var.ip_address } - labels = { - ansible-group = "lxc-container" - } - } variable "hostname" { From 6154b27c6737c4c53ccff242c287c58e53e4a1f0 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 01:48:53 -0400 Subject: [PATCH 51/84] IP off by 1 --- terraform/lxc-dhcp.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/lxc-dhcp.tf b/terraform/lxc-dhcp.tf index b79e8d14..2ee6c037 100644 --- a/terraform/lxc-dhcp.tf +++ b/terraform/lxc-dhcp.tf @@ -2,6 +2,6 @@ module "dhcp" { source = "./modules/lxc" count = 2 cluster_name = "pve1" - ip_address = "${cidrhost(var.subnet, 252+count.index)}/${local.cidr_suffix}" + ip_address = "${cidrhost(var.subnet, 253+count.index)}/${local.cidr_suffix}" hostname = "dhcp${floor(count.index + 1)}.${local.domain}" } From 9a446a56f84b3822eea4dd5a81c8a1b08ca38bcf Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 01:49:27 -0400 Subject: [PATCH 52/84] Multiple branch support ? --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c11bc269..333a0ee4 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -109,7 +109,7 @@ destroy: script: - terraform destroy -auto-approve rules: - - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' + - if: '$CI_COMMIT_BRANCH =~ /\b($CI_DEFAULT_BRANCH|aaron-dev)\b/' when: manual - when: never artifacts: From 19de27cd6f8e1d040b4b71c1502246e9f5bcda88 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 01:52:12 -0400 Subject: [PATCH 53/84] Template round 1 --- terraform/main.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/terraform/main.tf b/terraform/main.tf index 54f02065..3ac5de59 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -23,6 +23,10 @@ provider "proxmox" { } } +data "template_file" "init" { + template = "${file("inventory.tpl")}" +} + variable "branch" { type = string description = "Git branch, which is also used as subdomain name." From 1674760a21c42fc8bd719ed4979166d647c62709 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 01:52:26 -0400 Subject: [PATCH 54/84] DEPLOY_BRANCHES var --- .gitlab-ci.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 333a0ee4..f8e906c9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -5,6 +5,7 @@ variables: TF_STATE_NAME: ${CI_COMMIT_BRANCH} TF_CACHE_KEY: ${CI_COMMIT_BRANCH} TF_VAR_branch: ${CI_COMMIT_BRANCH} + DEPLOY_BRANCHES: $CI_DEFAULT_BRANCH|aaron-dev cache: key: "${TF_ROOT}" paths: @@ -77,7 +78,7 @@ create: script: - terraform apply -auto-approve rules: - - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' + - if: '$CI_COMMIT_BRANCH =~ /\b($DEPLOY_BRANCHES)\b/' when: on_success - when: never artifacts: @@ -95,7 +96,7 @@ run-playbooks: script: - echo $(/bin/true) rules: - - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' + - if: '$CI_COMMIT_BRANCH =~ /\b($DEPLOY_BRANCHES)\b/' when: on_success - when: never @@ -109,7 +110,7 @@ destroy: script: - terraform destroy -auto-approve rules: - - if: '$CI_COMMIT_BRANCH =~ /\b($CI_DEFAULT_BRANCH|aaron-dev)\b/' + - if: '$CI_COMMIT_BRANCH =~ /\b($DEPLOY_BRANCHES)\b/' when: manual - when: never artifacts: From 8b081c96174816367f7b58fe11f7be50031347b4 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 01:54:44 -0400 Subject: [PATCH 55/84] Inventory template path issue --- terraform/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/main.tf b/terraform/main.tf index 3ac5de59..3cbbd914 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -24,7 +24,7 @@ provider "proxmox" { } data "template_file" "init" { - template = "${file("inventory.tpl")}" + template = "${file("./inventory.tmpl")}" } variable "branch" { From e787a1725b459c0d04594cc56aea86ec356853a1 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 02:03:36 -0400 Subject: [PATCH 56/84] Remove stackstorm --- terraform/lxc-stackstorm.tf | 12 ------------ 1 file changed, 12 deletions(-) delete mode 100644 terraform/lxc-stackstorm.tf diff --git a/terraform/lxc-stackstorm.tf b/terraform/lxc-stackstorm.tf deleted file mode 100644 index c190d1e6..00000000 --- a/terraform/lxc-stackstorm.tf +++ /dev/null @@ -1,12 +0,0 @@ -module "stackstorm1" { - source = "./modules/lxc" - ip_address = "10.101.23.136/24" - hostname = "stackstorm1.dev.magevent.net" -} - -module "stackstorm2" { - source = "./modules/lxc" - cluster_name = "pve2" - ip_address = "10.101.23.137/24" - hostname = "stackstorm2.dev.magevent.net" -} From 0f5c0194f5af581e0514cbaecd746f0dd885e798 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 02:05:23 -0400 Subject: [PATCH 57/84] Refactor IP+CIDR into two seperate variables --- terraform/lxc-dhcp.tf | 5 +++-- terraform/modules/lxc/main.tf | 7 ++++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/terraform/lxc-dhcp.tf b/terraform/lxc-dhcp.tf index 2ee6c037..6c68132f 100644 --- a/terraform/lxc-dhcp.tf +++ b/terraform/lxc-dhcp.tf @@ -1,7 +1,8 @@ module "dhcp" { source = "./modules/lxc" - count = 2 + count = 2 cluster_name = "pve1" - ip_address = "${cidrhost(var.subnet, 253+count.index)}/${local.cidr_suffix}" + ip_address = "${cidrhost(var.subnet, 253+count.index)}" + cidr_mask = "${local.cidr_suffix}" hostname = "dhcp${floor(count.index + 1)}.${local.domain}" } diff --git a/terraform/modules/lxc/main.tf b/terraform/modules/lxc/main.tf index e29fba0e..bbddb1bf 100644 --- a/terraform/modules/lxc/main.tf +++ b/terraform/modules/lxc/main.tf @@ -31,7 +31,7 @@ EOT name = "eth0" bridge = "vmbr999" tag = "22" - ip = var.ip_address + ip = "${var.ip_address}/${var.cidr_mask}" } } @@ -53,6 +53,11 @@ variable "ip_address" { type = string } +variable "cidr_mask" { + description = "CIDR for IP subnet" + type = string +} + variable "size" { description = "Size of fs in gigabytes" type = string From d72bae55ce614f40b72b97c65191e8254ed13d34 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 02:11:20 -0400 Subject: [PATCH 58/84] More testing --- terraform/inventory.tmpl | 8 -------- terraform/main.tf | 9 +++++++++ terraform/modules/lxc/main.tf | 4 ++++ 3 files changed, 13 insertions(+), 8 deletions(-) delete mode 100644 terraform/inventory.tmpl diff --git a/terraform/inventory.tmpl b/terraform/inventory.tmpl deleted file mode 100644 index 58d55ffd..00000000 --- a/terraform/inventory.tmpl +++ /dev/null @@ -1,8 +0,0 @@ -resource "local_file" "inventory" { - filename = "./host.ini" - content = <<_EOF - [dhcp] - ${module.lxc-dhcp[0].ip_address} - ${module.lxc-dhcp[1].ip_address} - EOF -} diff --git a/terraform/main.tf b/terraform/main.tf index 3cbbd914..31fa9c3c 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -41,3 +41,12 @@ locals { cidr_suffix = element(split("/", var.subnet), 1) domain = "${var.branch}.magevent.net" } + +resource "local_file" "inventory" { + filename = "./host.ini" + content = <<-EOF + [dhcp] + ${module.dhcp[0].ip_address} + ${module.dhcp[1].ip_address} + EOF +} diff --git a/terraform/modules/lxc/main.tf b/terraform/modules/lxc/main.tf index bbddb1bf..1850d990 100644 --- a/terraform/modules/lxc/main.tf +++ b/terraform/modules/lxc/main.tf @@ -63,3 +63,7 @@ variable "size" { type = string default = "8G" } + +output "ip_address" { + value = var.ip_address +} From 6a96c21a1ab37e1049e34359cc66e0873102615d Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 02:12:01 -0400 Subject: [PATCH 59/84] Whoops --- terraform/main.tf | 4 ---- 1 file changed, 4 deletions(-) diff --git a/terraform/main.tf b/terraform/main.tf index 31fa9c3c..60ae9f7e 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -23,10 +23,6 @@ provider "proxmox" { } } -data "template_file" "init" { - template = "${file("./inventory.tmpl")}" -} - variable "branch" { type = string description = "Git branch, which is also used as subdomain name." From 3784685fa3ca63c3173f1352bc1469aea877d9a5 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 02:14:39 -0400 Subject: [PATCH 60/84] Deploy branch fixes --- .gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f8e906c9..2a5e7b4e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -5,7 +5,7 @@ variables: TF_STATE_NAME: ${CI_COMMIT_BRANCH} TF_CACHE_KEY: ${CI_COMMIT_BRANCH} TF_VAR_branch: ${CI_COMMIT_BRANCH} - DEPLOY_BRANCHES: $CI_DEFAULT_BRANCH|aaron-dev + DEPLOY_BRANCHES: ${CI_DEFAULT_BRANCH}|aaron-dev cache: key: "${TF_ROOT}" paths: @@ -110,7 +110,7 @@ destroy: script: - terraform destroy -auto-approve rules: - - if: '$CI_COMMIT_BRANCH =~ /\b($DEPLOY_BRANCHES)\b/' + - if: '$CI_COMMIT_BRANCH =~ /\b(${DEPLOY_BRANCHES})\b/' when: manual - when: never artifacts: From 4bdacd38b8d2a8af862dd3bd7c4864bceb5acd0b Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 02:15:30 -0400 Subject: [PATCH 61/84] Deploy branch fixes --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2a5e7b4e..d032a4a2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -5,7 +5,7 @@ variables: TF_STATE_NAME: ${CI_COMMIT_BRANCH} TF_CACHE_KEY: ${CI_COMMIT_BRANCH} TF_VAR_branch: ${CI_COMMIT_BRANCH} - DEPLOY_BRANCHES: ${CI_DEFAULT_BRANCH}|aaron-dev + DEPLOY_BRANCHES: "${CI_DEFAULT_BRANCH}|aaron-dev" cache: key: "${TF_ROOT}" paths: From 0f7e6c786114082f115a15a4aa7f64001fd069a7 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 02:19:01 -0400 Subject: [PATCH 62/84] Messing with deploy branches --- .gitlab-ci.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d032a4a2..2b5fc29f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -5,7 +5,7 @@ variables: TF_STATE_NAME: ${CI_COMMIT_BRANCH} TF_CACHE_KEY: ${CI_COMMIT_BRANCH} TF_VAR_branch: ${CI_COMMIT_BRANCH} - DEPLOY_BRANCHES: "${CI_DEFAULT_BRANCH}|aaron-dev" + DEPLOY_BRANCHES: "aaron-dev" cache: key: "${TF_ROOT}" paths: @@ -78,7 +78,7 @@ create: script: - terraform apply -auto-approve rules: - - if: '$CI_COMMIT_BRANCH =~ /\b($DEPLOY_BRANCHES)\b/' + - if: '$CI_COMMIT_BRANCH =~ /\b(${CI_DEFAULT_BRANCH}|${DEPLOY_BRANCHES})\b/' when: on_success - when: never artifacts: @@ -96,7 +96,7 @@ run-playbooks: script: - echo $(/bin/true) rules: - - if: '$CI_COMMIT_BRANCH =~ /\b($DEPLOY_BRANCHES)\b/' + - if: '$CI_COMMIT_BRANCH =~ /\b(${CI_DEFAULT_BRANCH}|${DEPLOY_BRANCHES})\b/' when: on_success - when: never @@ -110,7 +110,7 @@ destroy: script: - terraform destroy -auto-approve rules: - - if: '$CI_COMMIT_BRANCH =~ /\b(${DEPLOY_BRANCHES})\b/' + - if: '$CI_COMMIT_BRANCH =~ /\b(${CI_DEFAULT_BRANCH}|${DEPLOY_BRANCHES})\b/' when: manual - when: never artifacts: From 18e483d909f5436d22c826b231c236a1f7160a71 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 02:20:15 -0400 Subject: [PATCH 63/84] Messing with deploy branches --- .gitlab-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2b5fc29f..be9089c4 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -78,7 +78,7 @@ create: script: - terraform apply -auto-approve rules: - - if: '$CI_COMMIT_BRANCH =~ /\b(${CI_DEFAULT_BRANCH}|${DEPLOY_BRANCHES})\b/' + - if: $CI_COMMIT_BRANCH =~ /\b(${CI_DEFAULT_BRANCH}|${DEPLOY_BRANCHES})\b/ when: on_success - when: never artifacts: @@ -96,7 +96,7 @@ run-playbooks: script: - echo $(/bin/true) rules: - - if: '$CI_COMMIT_BRANCH =~ /\b(${CI_DEFAULT_BRANCH}|${DEPLOY_BRANCHES})\b/' + - if: $CI_COMMIT_BRANCH =~ /\b(${CI_DEFAULT_BRANCH}|${DEPLOY_BRANCHES})\b/ when: on_success - when: never @@ -110,7 +110,7 @@ destroy: script: - terraform destroy -auto-approve rules: - - if: '$CI_COMMIT_BRANCH =~ /\b(${CI_DEFAULT_BRANCH}|${DEPLOY_BRANCHES})\b/' + - if: $CI_COMMIT_BRANCH =~ /\b(${CI_DEFAULT_BRANCH}|${DEPLOY_BRANCHES})\b/ when: manual - when: never artifacts: From 18fb916d9450b3f10474569224833bb9e907202b Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 02:22:12 -0400 Subject: [PATCH 64/84] Messing with deploy branches --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index be9089c4..64020aa5 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -5,7 +5,7 @@ variables: TF_STATE_NAME: ${CI_COMMIT_BRANCH} TF_CACHE_KEY: ${CI_COMMIT_BRANCH} TF_VAR_branch: ${CI_COMMIT_BRANCH} - DEPLOY_BRANCHES: "aaron-dev" + DEPLOY_BRANCHES: aaron-dev cache: key: "${TF_ROOT}" paths: From b8af2a6fc223fcbf571db1257af33727399d7308 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 02:27:58 -0400 Subject: [PATCH 65/84] Messing with deploy branches --- .gitlab-ci.yml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 64020aa5..8fec2a2c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -5,7 +5,6 @@ variables: TF_STATE_NAME: ${CI_COMMIT_BRANCH} TF_CACHE_KEY: ${CI_COMMIT_BRANCH} TF_VAR_branch: ${CI_COMMIT_BRANCH} - DEPLOY_BRANCHES: aaron-dev cache: key: "${TF_ROOT}" paths: @@ -78,7 +77,9 @@ create: script: - terraform apply -auto-approve rules: - - if: $CI_COMMIT_BRANCH =~ /\b(${CI_DEFAULT_BRANCH}|${DEPLOY_BRANCHES})\b/ + - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' + when: on_success + - if: '$CI_COMMIT_BRANCH == aaron-dev' when: on_success - when: never artifacts: @@ -96,7 +97,9 @@ run-playbooks: script: - echo $(/bin/true) rules: - - if: $CI_COMMIT_BRANCH =~ /\b(${CI_DEFAULT_BRANCH}|${DEPLOY_BRANCHES})\b/ + - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' + when: on_success + - if: '$CI_COMMIT_BRANCH == aaron-dev' when: on_success - when: never @@ -110,7 +113,10 @@ destroy: script: - terraform destroy -auto-approve rules: - - if: $CI_COMMIT_BRANCH =~ /\b(${CI_DEFAULT_BRANCH}|${DEPLOY_BRANCHES})\b/ + - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' + when: manual + # Please make this more elegant, halp + - if: '$CI_COMMIT_BRANCH == aaron-dev' when: manual - when: never artifacts: From 673d51f4329a7b7151016179d5f9832373ce4a9a Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 02:35:39 -0400 Subject: [PATCH 66/84] Messing with deploy branches --- .gitlab-ci.yml | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8fec2a2c..62340d53 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -5,6 +5,7 @@ variables: TF_STATE_NAME: ${CI_COMMIT_BRANCH} TF_CACHE_KEY: ${CI_COMMIT_BRANCH} TF_VAR_branch: ${CI_COMMIT_BRANCH} + BUILD_BRANCHES: "aaron-dev" cache: key: "${TF_ROOT}" paths: @@ -77,9 +78,7 @@ create: script: - terraform apply -auto-approve rules: - - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' - when: on_success - - if: '$CI_COMMIT_BRANCH == aaron-dev' + - if: $CI_COMMIT_BRANCH =~ /\b($CI_DEFAULT_BRANCH|$BUILD_BRANCHES)\b/ when: on_success - when: never artifacts: @@ -97,9 +96,7 @@ run-playbooks: script: - echo $(/bin/true) rules: - - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' - when: on_success - - if: '$CI_COMMIT_BRANCH == aaron-dev' + - if: $CI_COMMIT_BRANCH =~ /\b($CI_DEFAULT_BRANCH|$BUILD_BRANCHES)\b/ when: on_success - when: never @@ -113,10 +110,7 @@ destroy: script: - terraform destroy -auto-approve rules: - - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' - when: manual - # Please make this more elegant, halp - - if: '$CI_COMMIT_BRANCH == aaron-dev' + - if: $CI_COMMIT_BRANCH =~ /\b($CI_DEFAULT_BRANCH|$BUILD_BRANCHES)\b/ when: manual - when: never artifacts: From 16929b4a6d42ecac75481c296c3a210bf431467c Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 02:36:26 -0400 Subject: [PATCH 67/84] Messing with deploy branches --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 62340d53..c7787262 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -5,7 +5,7 @@ variables: TF_STATE_NAME: ${CI_COMMIT_BRANCH} TF_CACHE_KEY: ${CI_COMMIT_BRANCH} TF_VAR_branch: ${CI_COMMIT_BRANCH} - BUILD_BRANCHES: "aaron-dev" + BUILD_BRANCHES: aaron-dev cache: key: "${TF_ROOT}" paths: From a2dd956652611550cbb2e62d0982636aa1cc096c Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 02:37:10 -0400 Subject: [PATCH 68/84] Messing with deploy branches --- .gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c7787262..a9cb1562 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -78,7 +78,7 @@ create: script: - terraform apply -auto-approve rules: - - if: $CI_COMMIT_BRANCH =~ /\b($CI_DEFAULT_BRANCH|$BUILD_BRANCHES)\b/ + - if: $CI_COMMIT_BRANCH =~ /\b(\$CI_DEFAULT_BRANCH|\$BUILD_BRANCHES)\b/ when: on_success - when: never artifacts: @@ -96,7 +96,7 @@ run-playbooks: script: - echo $(/bin/true) rules: - - if: $CI_COMMIT_BRANCH =~ /\b($CI_DEFAULT_BRANCH|$BUILD_BRANCHES)\b/ + - if: $CI_COMMIT_BRANCH =~ /\b(\$CI_DEFAULT_BRANCH|\$BUILD_BRANCHES)\b/ when: on_success - when: never From 55807d2e6359675a64c90e8a1b28ffe57a12f758 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 02:40:41 -0400 Subject: [PATCH 69/84] Messing with deploy branches --- .gitlab-ci.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a9cb1562..535b33f6 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -5,7 +5,6 @@ variables: TF_STATE_NAME: ${CI_COMMIT_BRANCH} TF_CACHE_KEY: ${CI_COMMIT_BRANCH} TF_VAR_branch: ${CI_COMMIT_BRANCH} - BUILD_BRANCHES: aaron-dev cache: key: "${TF_ROOT}" paths: @@ -78,7 +77,7 @@ create: script: - terraform apply -auto-approve rules: - - if: $CI_COMMIT_BRANCH =~ /\b(\$CI_DEFAULT_BRANCH|\$BUILD_BRANCHES)\b/ + - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH == aaron-dev' when: on_success - when: never artifacts: @@ -96,7 +95,7 @@ run-playbooks: script: - echo $(/bin/true) rules: - - if: $CI_COMMIT_BRANCH =~ /\b(\$CI_DEFAULT_BRANCH|\$BUILD_BRANCHES)\b/ + - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH == aaron-dev' when: on_success - when: never @@ -110,7 +109,7 @@ destroy: script: - terraform destroy -auto-approve rules: - - if: $CI_COMMIT_BRANCH =~ /\b($CI_DEFAULT_BRANCH|$BUILD_BRANCHES)\b/ + - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH == aaron-dev' when: manual - when: never artifacts: From 8b58b966e3ccab120f6d773e17b2790aa1d4a6fc Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 02:42:42 -0400 Subject: [PATCH 70/84] Messing with deploy branches --- .gitlab-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 535b33f6..9b68dcd7 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -77,7 +77,7 @@ create: script: - terraform apply -auto-approve rules: - - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH == aaron-dev' + - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH == "aaron-dev"' when: on_success - when: never artifacts: @@ -95,7 +95,7 @@ run-playbooks: script: - echo $(/bin/true) rules: - - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH == aaron-dev' + - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH == "aaron-dev"' when: on_success - when: never @@ -109,7 +109,7 @@ destroy: script: - terraform destroy -auto-approve rules: - - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH == aaron-dev' + - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH == "aaron-dev"' when: manual - when: never artifacts: From c6a8967292d5203542497eb8d1dfb35606028dac Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 02:47:57 -0400 Subject: [PATCH 71/84] Add hosts.ini as artifact --- .gitlab-ci.yml | 1 + terraform/main.tf | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 9b68dcd7..10b56d50 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -83,6 +83,7 @@ create: artifacts: paths: - ${TF_ROOT}/.terraform + - ${TF_ROOT}/hosts.ini # Ansible section here run-playbooks: diff --git a/terraform/main.tf b/terraform/main.tf index 60ae9f7e..d5941bfb 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -39,7 +39,7 @@ locals { } resource "local_file" "inventory" { - filename = "./host.ini" + filename = "./hosts.ini" content = <<-EOF [dhcp] ${module.dhcp[0].ip_address} From 068e0304949d63b6a1e72e68feb1b8c1531f0f6d Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 02:52:49 -0400 Subject: [PATCH 72/84] This one weird trick, everyone will hate it. --- terraform/lxc-dhcp.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/terraform/lxc-dhcp.tf b/terraform/lxc-dhcp.tf index 6c68132f..ab8c73e5 100644 --- a/terraform/lxc-dhcp.tf +++ b/terraform/lxc-dhcp.tf @@ -1,7 +1,8 @@ module "dhcp" { source = "./modules/lxc" count = 2 - cluster_name = "pve1" + # This one weird trick. Everyone will hate it. + cluster_name = "pve${count.index % 1 + 1}" ip_address = "${cidrhost(var.subnet, 253+count.index)}" cidr_mask = "${local.cidr_suffix}" hostname = "dhcp${floor(count.index + 1)}.${local.domain}" From c540b083de03751c1b762706c16ac0ab628b3b71 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 02:54:03 -0400 Subject: [PATCH 73/84] This one weird trick, everyone will hate it. --- terraform/lxc-dhcp.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/lxc-dhcp.tf b/terraform/lxc-dhcp.tf index ab8c73e5..b4d35281 100644 --- a/terraform/lxc-dhcp.tf +++ b/terraform/lxc-dhcp.tf @@ -2,7 +2,7 @@ module "dhcp" { source = "./modules/lxc" count = 2 # This one weird trick. Everyone will hate it. - cluster_name = "pve${count.index % 1 + 1}" + cluster_name = "pve${count.index % 2 + 1}" ip_address = "${cidrhost(var.subnet, 253+count.index)}" cidr_mask = "${local.cidr_suffix}" hostname = "dhcp${floor(count.index + 1)}.${local.domain}" From 744c692b57febd8e7d37c54ac9f7eb548272a49d Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 03:04:47 -0400 Subject: [PATCH 74/84] Stub out DNS, NTP, TFTP --- terraform/lxc-dns.tf | 9 +++++++++ terraform/lxc-ntp.tf | 9 +++++++++ terraform/lxc-tftp.tf | 8 ++++++++ 3 files changed, 26 insertions(+) create mode 100644 terraform/lxc-dns.tf create mode 100644 terraform/lxc-ntp.tf create mode 100644 terraform/lxc-tftp.tf diff --git a/terraform/lxc-dns.tf b/terraform/lxc-dns.tf new file mode 100644 index 00000000..829ec501 --- /dev/null +++ b/terraform/lxc-dns.tf @@ -0,0 +1,9 @@ +module "dns" { + source = "./modules/lxc" + count = 2 + # This one weird trick. Everyone will hate it. + cluster_name = "pve${count.index % 2 + 1}" + ip_address = "${cidrhost(var.subnet, 110+(count.index * 10))}" + cidr_mask = "${local.cidr_suffix}" + hostname = "dns{floor(count.index + 1)}.${local.domain}" +} diff --git a/terraform/lxc-ntp.tf b/terraform/lxc-ntp.tf new file mode 100644 index 00000000..46e67483 --- /dev/null +++ b/terraform/lxc-ntp.tf @@ -0,0 +1,9 @@ +module "ntp" { + source = "./modules/lxc" + count = 2 + # This one weird trick. Everyone will hate it. + cluster_name = "pve${count.index % 2 + 1}" + ip_address = "${cidrhost(var.subnet, 6+count.index)}" + cidr_mask = "${local.cidr_suffix}" + hostname = "ntp{floor(count.index + 1)}.${local.domain}" +} diff --git a/terraform/lxc-tftp.tf b/terraform/lxc-tftp.tf new file mode 100644 index 00000000..b60295f6 --- /dev/null +++ b/terraform/lxc-tftp.tf @@ -0,0 +1,8 @@ +module "ntp" { + source = "./modules/lxc" + # This one weird trick. Everyone will hate it. + cluster_name = "pve2" + ip_address = "${cidrhost(var.subnet, 9}" + cidr_mask = "${local.cidr_suffix}" + hostname = "tftp.${local.domain}" +} From 36c379f98c178d2b93cfbea02c2aa026a7e4339d Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 03:05:37 -0400 Subject: [PATCH 75/84] Stub out DNS, NTP, TFTP --- terraform/lxc-tftp.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/lxc-tftp.tf b/terraform/lxc-tftp.tf index b60295f6..0825712c 100644 --- a/terraform/lxc-tftp.tf +++ b/terraform/lxc-tftp.tf @@ -1,4 +1,4 @@ -module "ntp" { +module "tftp" { source = "./modules/lxc" # This one weird trick. Everyone will hate it. cluster_name = "pve2" From 6259bbf12e0058817964072f03e2712ad5f217db Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 03:11:25 -0400 Subject: [PATCH 76/84] Expand inventory --- terraform/main.tf | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/terraform/main.tf b/terraform/main.tf index d5941bfb..52e91c28 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -44,5 +44,16 @@ resource "local_file" "inventory" { [dhcp] ${module.dhcp[0].ip_address} ${module.dhcp[1].ip_address} + + [dns] + ${module.dns[0].ip_address} + ${module.dns[1].ip_address} + + [ntp] + ${module.ntp[0].ip_address} + ${module.ntp[1].ip_address} + + [tftp] + ${module.tftp.ip_address} EOF } From 92309f11963063532f1f9e31abd93fbb66b6125e Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 03:12:17 -0400 Subject: [PATCH 77/84] Fix lxc-tftp --- terraform/lxc-tftp.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/lxc-tftp.tf b/terraform/lxc-tftp.tf index 0825712c..17f47460 100644 --- a/terraform/lxc-tftp.tf +++ b/terraform/lxc-tftp.tf @@ -2,7 +2,7 @@ module "tftp" { source = "./modules/lxc" # This one weird trick. Everyone will hate it. cluster_name = "pve2" - ip_address = "${cidrhost(var.subnet, 9}" + ip_address = "${cidrhost(var.subnet, 9)}" cidr_mask = "${local.cidr_suffix}" hostname = "tftp.${local.domain}" } From 797e6cdda2b34992557003fad9b6e83e88726881 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 03:15:23 -0400 Subject: [PATCH 78/84] Fix bugs --- terraform/lxc-dns.tf | 2 +- terraform/lxc-ntp.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/lxc-dns.tf b/terraform/lxc-dns.tf index 829ec501..56984bf1 100644 --- a/terraform/lxc-dns.tf +++ b/terraform/lxc-dns.tf @@ -5,5 +5,5 @@ module "dns" { cluster_name = "pve${count.index % 2 + 1}" ip_address = "${cidrhost(var.subnet, 110+(count.index * 10))}" cidr_mask = "${local.cidr_suffix}" - hostname = "dns{floor(count.index + 1)}.${local.domain}" + hostname = "dns${floor(count.index + 1)}.${local.domain}" } diff --git a/terraform/lxc-ntp.tf b/terraform/lxc-ntp.tf index 46e67483..fc296974 100644 --- a/terraform/lxc-ntp.tf +++ b/terraform/lxc-ntp.tf @@ -5,5 +5,5 @@ module "ntp" { cluster_name = "pve${count.index % 2 + 1}" ip_address = "${cidrhost(var.subnet, 6+count.index)}" cidr_mask = "${local.cidr_suffix}" - hostname = "ntp{floor(count.index + 1)}.${local.domain}" + hostname = "ntp${floor(count.index + 1)}.${local.domain}" } From 08539cc0edc1ab29e7acfa20fa657ff258f4cc89 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 03:24:07 -0400 Subject: [PATCH 79/84] terraform fmt --- terraform/lxc-dhcp.tf | 8 ++++---- terraform/lxc-dns.tf | 8 ++++---- terraform/lxc-ntp.tf | 8 ++++---- terraform/lxc-tftp.tf | 6 +++--- terraform/main.tf | 4 ++-- 5 files changed, 17 insertions(+), 17 deletions(-) diff --git a/terraform/lxc-dhcp.tf b/terraform/lxc-dhcp.tf index b4d35281..54ae63d9 100644 --- a/terraform/lxc-dhcp.tf +++ b/terraform/lxc-dhcp.tf @@ -1,9 +1,9 @@ module "dhcp" { - source = "./modules/lxc" - count = 2 + source = "./modules/lxc" + count = 2 # This one weird trick. Everyone will hate it. cluster_name = "pve${count.index % 2 + 1}" - ip_address = "${cidrhost(var.subnet, 253+count.index)}" - cidr_mask = "${local.cidr_suffix}" + ip_address = cidrhost(var.subnet, 253 + count.index) + cidr_mask = local.cidr_suffix hostname = "dhcp${floor(count.index + 1)}.${local.domain}" } diff --git a/terraform/lxc-dns.tf b/terraform/lxc-dns.tf index 56984bf1..7f13e687 100644 --- a/terraform/lxc-dns.tf +++ b/terraform/lxc-dns.tf @@ -1,9 +1,9 @@ module "dns" { - source = "./modules/lxc" - count = 2 + source = "./modules/lxc" + count = 2 # This one weird trick. Everyone will hate it. cluster_name = "pve${count.index % 2 + 1}" - ip_address = "${cidrhost(var.subnet, 110+(count.index * 10))}" - cidr_mask = "${local.cidr_suffix}" + ip_address = cidrhost(var.subnet, 110 + (count.index * 10)) + cidr_mask = local.cidr_suffix hostname = "dns${floor(count.index + 1)}.${local.domain}" } diff --git a/terraform/lxc-ntp.tf b/terraform/lxc-ntp.tf index fc296974..ae308675 100644 --- a/terraform/lxc-ntp.tf +++ b/terraform/lxc-ntp.tf @@ -1,9 +1,9 @@ module "ntp" { - source = "./modules/lxc" - count = 2 + source = "./modules/lxc" + count = 2 # This one weird trick. Everyone will hate it. cluster_name = "pve${count.index % 2 + 1}" - ip_address = "${cidrhost(var.subnet, 6+count.index)}" - cidr_mask = "${local.cidr_suffix}" + ip_address = cidrhost(var.subnet, 6 + count.index) + cidr_mask = local.cidr_suffix hostname = "ntp${floor(count.index + 1)}.${local.domain}" } diff --git a/terraform/lxc-tftp.tf b/terraform/lxc-tftp.tf index 17f47460..3ebe74f9 100644 --- a/terraform/lxc-tftp.tf +++ b/terraform/lxc-tftp.tf @@ -1,8 +1,8 @@ module "tftp" { - source = "./modules/lxc" + source = "./modules/lxc" # This one weird trick. Everyone will hate it. cluster_name = "pve2" - ip_address = "${cidrhost(var.subnet, 9)}" - cidr_mask = "${local.cidr_suffix}" + ip_address = cidrhost(var.subnet, 9) + cidr_mask = local.cidr_suffix hostname = "tftp.${local.domain}" } diff --git a/terraform/main.tf b/terraform/main.tf index 52e91c28..ecfdcdfc 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -39,8 +39,8 @@ locals { } resource "local_file" "inventory" { - filename = "./hosts.ini" - content = <<-EOF + filename = "./hosts.ini" + content = <<-EOF [dhcp] ${module.dhcp[0].ip_address} ${module.dhcp[1].ip_address} From a240d9c6d0a174e420e9e1c154378abb9b61e855 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 03:37:15 -0400 Subject: [PATCH 80/84] TOPS-102 Removed spurious comment. --- terraform/lxc-tftp.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/terraform/lxc-tftp.tf b/terraform/lxc-tftp.tf index 3ebe74f9..82c6f0c5 100644 --- a/terraform/lxc-tftp.tf +++ b/terraform/lxc-tftp.tf @@ -1,6 +1,5 @@ module "tftp" { source = "./modules/lxc" - # This one weird trick. Everyone will hate it. cluster_name = "pve2" ip_address = cidrhost(var.subnet, 9) cidr_mask = local.cidr_suffix From e8e6ee63390f222d21716af2f76699eee83faffc Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 03:39:03 -0400 Subject: [PATCH 81/84] Spacing fix --- terraform/lxc-tftp.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/lxc-tftp.tf b/terraform/lxc-tftp.tf index 82c6f0c5..ee799898 100644 --- a/terraform/lxc-tftp.tf +++ b/terraform/lxc-tftp.tf @@ -1,5 +1,5 @@ module "tftp" { - source = "./modules/lxc" + source = "./modules/lxc" cluster_name = "pve2" ip_address = cidrhost(var.subnet, 9) cidr_mask = local.cidr_suffix From 9795f9ab639ddff9834b3db65b11c1d39fab3fd0 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 03:42:50 -0400 Subject: [PATCH 82/84] TOPS-102 Add Zabbix TF entry --- terraform/lxc-zabbix.tf | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 terraform/lxc-zabbix.tf diff --git a/terraform/lxc-zabbix.tf b/terraform/lxc-zabbix.tf new file mode 100644 index 00000000..b203f7fa --- /dev/null +++ b/terraform/lxc-zabbix.tf @@ -0,0 +1,7 @@ +module "zabbix" { + source = "./modules/lxc" + cluster_name = "pve1" + ip_address = cidrhost(var.subnet, 200) + cidr_mask = local.cidr_suffix + hostname = "zabbix.${local.domain}" +} From fa7919d106b3e58055ca8dc354c06028139b885f Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 03:55:35 -0400 Subject: [PATCH 83/84] TOPS-102 Memory allocations are now a optional parameter for LXC containers --- terraform/modules/lxc/main.tf | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/terraform/modules/lxc/main.tf b/terraform/modules/lxc/main.tf index 1850d990..0dd04b21 100644 --- a/terraform/modules/lxc/main.tf +++ b/terraform/modules/lxc/main.tf @@ -13,6 +13,7 @@ resource "proxmox_lxc" "lxc-container" { ostemplate = "wowza:vztmpl/ubuntu-20.04-standard_20.04-1_amd64.tar.gz" unprivileged = true hostname = var.hostname + memory = var.memory cores = "1" swap = "512" start = true @@ -64,6 +65,12 @@ variable "size" { default = "8G" } +variable "memory" { + description = "Size of memory in megabytes" + type = string + default = "512" +} + output "ip_address" { value = var.ip_address } From 1d1bbd1de35b638bcd167fff25b497b6f76361e5 Mon Sep 17 00:00:00 2001 From: Aaron Saderholm <2559942+aaronsaderholm@users.noreply.github.com> Date: Tue, 31 Aug 2021 03:56:28 -0400 Subject: [PATCH 84/84] TOPS-95 Add Graylog LCX TF entry --- terraform/lxc-graylog.tf | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 terraform/lxc-graylog.tf diff --git a/terraform/lxc-graylog.tf b/terraform/lxc-graylog.tf new file mode 100644 index 00000000..7e6a4675 --- /dev/null +++ b/terraform/lxc-graylog.tf @@ -0,0 +1,8 @@ +module "graylog" { + source = "./modules/lxc" + cluster_name = "pve1" + ip_address = cidrhost(var.subnet, 129) + cidr_mask = local.cidr_suffix + hostname = "graylog.${local.domain}" + memory = 4096 +}