skylab/skylab-ansible
Archived
2
0
Fork 0
Code Pull Requests Releases Activity

Compare commits

base: skylab:1b941a11a2a6fa882cdd5d10f92aa4122eff3eba
Branches Tags
skylab:devel
...
compare: skylab:devel
Branches Tags
skylab:devel

11 Commits
1b941a11a2 ... devel

Author SHA1 Message Date
Ethan Paul
4a516eee15 Stop assuming rockylinux has firewalld installed by default 2023-05-19 16:39:52 -04:00
Ethan Paul
15a1411f1a Add project resource assignments 2023-05-07 16:16:03 -04:00
Ethan Paul
868ab721dd Add scipio project 2023-05-07 16:06:53 -04:00
Ethan Paul
9776e9a316 Add skylab project definition 2023-05-07 16:04:25 -04:00
Ethan Paul
28f1f80d6f Remove pdb.enp.one 2023-05-07 15:49:14 -04:00
Ethan Paul
0f9479731a Update domains to use pointer vars instead of repeat values 2023-05-07 15:48:29 -04:00
Ethan Paul
3df0115191 Add CDN config for space 2023-05-07 15:43:39 -04:00
Ethan Paul
fcb25b79ce Add CDN space 2023-05-07 14:59:17 -04:00
Ethan Paul
e591db8581 Add auth subdomain 2023-05-04 16:23:59 -04:00
Ethan Paul
e4fd90c013 Restructure en1 main inventory group 2023-05-02 22:44:27 -04:00
Ethan Paul
219b03b4ee Add notify subdomain for scipio app 2023-05-02 22:44:26 -04:00
10 changed files with 293 additions and 188 deletions
Expand all files Collapse all files

166
inventory/en1.old.yaml Normal file
View File

@@ -0,0 +1,166 @@
---
workstation:
hosts:
voyager:
skylab_description: Personal Workstation
skylab_hostname: voyager.skylab.enp.one
skylab_targets: [workstation]
en1:
vars:
skylab_location: Newton MA
skylab_dashboard: info.en1.local
# gross hack for now, will be refactored later
_skylab_adguard_nat_rule: 9
hosts:
core:
ansible_host: 10.42.101.1
ansible_port: 4242
ansible_network_os: edgeos
skylab_description: EN1 Core Router
iridium:
ansible_host: 10.42.101.200
skylab_description: Local Monitor Node
skylab_hostname: iridium.skylab.enp.one
skylab_targets: [network]
skylab_networking:
enp4s0:
firewall: internal
dhcp: false
gateway: 10.42.101.1/24
dns:
- 10.42.101.1
addresses:
- 10.42.101.200/24
children:
cluster:
vars:
skylab_targets: [cluster, datastore]
skylab_compose_version: 3.8
skylab_compose_dir: "{{ skylab_state_dir }}/compose"
hosts:
pegasus: # jupiter
ansible_host: 10.42.101.100
skylab_hostname: pegasus.skylab.enp.one
skylab_legacy_names:
- jupiter.net.enp.one
- jupiter.svr.local
skylab_description: Arbiter Node
skylab_cluster:
address:
access: 10.42.101.10/24
internal: 192.168.42.10/24
interface:
access: bond0
internal: bond0.99
skylab_datastore_device: sdb
skylab_networking:
eno1:
bond: bond0
eno2:
bond: bond0
bond0:
device: bond
firewall: internal
gateway: 10.42.101.1/24
dns:
- 10.42.101.1
addresses:
- 10.42.101.100/24
- 192.168.255.255/32
dhcp: false
bond0.99:
device: vlan
firewall: trusted
addresses:
- 192.168.42.10/24
dhcp: false
saturn: # remus
ansible_host: 10.42.101.110
skylab_hostname: saturn.skylab.enp.one
skylab_legacy_names:
- remus.net.enp.one
- remus.svr.local
skylab_description: Operational Node
skylab_cluster:
address:
access: 10.42.101.11/24
internal: 192.168.42.20/24
interface:
access: bond0
internal: bond0.99
skylab_networking:
eno1:
bond: bond0
eno2:
bond: bond0
bond0:
device: bond
firewall: internal
dhcp: false
gateway: 10.42.101.1/24
addresses:
- 10.42.101.110/24
- 192.168.255.255/32
dns:
- 10.42.101.1
bond0.99:
device: vlan
firewall: trusted
dhcp: false
addresses:
- 192.168.42.20/24
orion: # romulus
ansible_host: 10.42.101.120
skylab_hostname: orion.skylab.enp.one
skylab_legacy_names:
- romulus.net.enp.one
- romulus.svr.local
skylab_description: Operational Node
skylab_cluster:
address:
access: 10.42.101.12/24
internal: 192.168.42.30/24
interface:
access: bond0
internal: bond0.99
skylab_datastore_device: sdb
skylab_networking:
eno1:
bond: bond0
eno2:
bond: bond0
bond0:
device: bond
firewall: internal
gateway: 10.42.101.1/24
dns:
- 10.42.101.1
addresses:
- 10.42.101.120/24
- 192.168.255.255/32
dhcp: false
bond0.99:
device: vlan
firewall: trusted
addresses:
- 192.168.42.30/24
dhcp: false
en2:
vars:
skylab_location: DigitalOcean TOR1
hosts:
hubble:
ansible_host: en2a.enp.one
skylab_hostname: hubble.en2.enp.one
skylab_description: Cloud Web Server
skylab_targets: [cloud]

210
inventory/en1.yaml
View File

@@ -1,175 +1,51 @@
---
all:
children:
en1: {}
vars:
skylab_pip_version: 19.3.1
ansible_user: ansible
ansible_ssh_common_args: "-o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes"
workstation:
hosts:
voyager:
skylab_description: Personal Workstation
skylab_hostname: voyager.skylab.enp.one
skylab_targets: [workstation]
en1:
vars:
skylab_location: Newton MA
skylab_dashboard: info.en1.local
# gross hack for now, will be refactored later
_skylab_adguard_nat_rule: 9
hosts:
core:
ansible_host: 10.42.101.1
ansible_port: 4242
ansible_network_os: edgeos
skylab_description: EN1 Core Router
iridium:
ansible_host: 10.42.101.200
skylab_description: Local Monitor Node
skylab_hostname: iridium.skylab.enp.one
skylab_targets: [network]
skylab_networking:
enp4s0:
firewall: internal
dhcp: false
gateway: 10.42.101.1/24
dns:
- 10.42.101.1
addresses:
- 10.42.101.200/24
skylab_location: Cambridge
children:
domain:
children:
cluster:
vars:
skylab_targets: [cluster, datastore]
skylab_compose_version: 3.8
skylab_compose_dir: "{{ skylab_state_dir }}/compose"
cluster:
hosts:
canaveral:
ansible_host: 10.42.101.10
skylab_description: Compute and Storage Node
baikonur:
ansible_host: 10.42.101.11
skylab_description: Compute and Storage Node
vandenberg:
ansible_host: 10.42.101.12
skylab_description: Compute and Storage Node
andoya:
ansible_host: 10.42.101.13
skylab_description: Auxilary Compute Node
jiuquan:
ansible_host: 10.42.101.14
skylab_description: Auxilary Compute Node
datastore:
hosts:
canaveral:
skylab_datastore_block: /dev/sda
baikonur:
skylab_datastore_block: /dev/sda
vandenberg:
skylab_datastore_block: /dev/sda
hosts:
3d-printer: {}
mediastore: {}
backstore: {}
local:
hosts:
pegasus: # jupiter
ansible_host: 10.42.101.100
skylab_hostname: pegasus.skylab.enp.one
skylab_legacy_names:
- jupiter.net.enp.one
- jupiter.svr.local
skylab_description: Arbiter Node
skylab_cluster:
address:
access: 10.42.101.10/24
internal: 192.168.42.10/24
interface:
access: bond0
internal: bond0.99
skylab_datastore_device: sdb
skylab_networking:
eno1:
bond: bond0
eno2:
bond: bond0
bond0:
device: bond
firewall: internal
gateway: 10.42.101.1/24
dns:
- 10.42.101.1
addresses:
- 10.42.101.100/24
- 192.168.255.255/32
dhcp: false
bond0.99:
device: vlan
firewall: trusted
addresses:
- 192.168.42.10/24
dhcp: false
saturn: # remus
ansible_host: 10.42.101.110
skylab_hostname: saturn.skylab.enp.one
skylab_legacy_names:
- remus.net.enp.one
- remus.svr.local
skylab_description: Operational Node
skylab_cluster:
address:
access: 10.42.101.11/24
internal: 192.168.42.20/24
interface:
access: bond0
internal: bond0.99
skylab_networking:
eno1:
bond: bond0
eno2:
bond: bond0
bond0:
device: bond
firewall: internal
dhcp: false
gateway: 10.42.101.1/24
addresses:
- 10.42.101.110/24
- 192.168.255.255/32
dns:
- 10.42.101.1
bond0.99:
device: vlan
firewall: trusted
dhcp: false
addresses:
- 192.168.42.20/24
orion: # romulus
ansible_host: 10.42.101.120
skylab_hostname: orion.skylab.enp.one
skylab_legacy_names:
- romulus.net.enp.one
- romulus.svr.local
skylab_description: Operational Node
skylab_cluster:
address:
access: 10.42.101.12/24
internal: 192.168.42.30/24
interface:
access: bond0
internal: bond0.99
skylab_datastore_device: sdb
skylab_networking:
eno1:
bond: bond0
eno2:
bond: bond0
bond0:
device: bond
firewall: internal
gateway: 10.42.101.1/24
dns:
- 10.42.101.1
addresses:
- 10.42.101.120/24
- 192.168.255.255/32
dhcp: false
bond0.99:
device: vlan
firewall: trusted
addresses:
- 192.168.42.30/24
dhcp: false
en2:
vars:
skylab_location: DigitalOcean TOR1
hosts:
hubble:
ansible_host: en2a.enp.one
skylab_hostname: hubble.en2.enp.one
skylab_description: Cloud Web Server
skylab_targets: [cloud]
core: {}
switch-1: {}
switch-2: {}
wap-1: {}
wap-2: {}
wap-3: {}
printer: {}

4
inventory/group_vars/all.yaml
View File

@@ -1,4 +1,8 @@
---
ansible_user: ansible
ansible_port: 4242
skylab_state_dir: /var/lib/skylab
skylab_ansible_venv: "{{ skylab_state_dir }}/ansible-runtime"

12
skylab/infra/playbooks/bootstrap.yml
View File

@@ -168,6 +168,18 @@
setype: ssh_port_t
state: present
- name: Install Firewalld
become: true
ansible.builtin.dnf:
name: firewalld
state: present
- name: Enable Firewalld
become: true
ansible.builtin.service:
name: firewalld
enabled: true
- name: Grant SSHD firewall access to the mgmt port
become: true
ansible.posix.firewalld:

26
skylab/infra/playbooks/terraform/domain.enp.tf
View File

@@ -17,7 +17,7 @@ resource "digitalocean_record" "enp_en1" {
domain = digitalocean_domain.enp.id
type = "A"
name = "en1"
value = "24.2.156.189"
value = digitalocean_record.enp.value
ttl = 3600
}
@@ -28,7 +28,7 @@ resource "digitalocean_record" "enp_vcs" {
domain = digitalocean_domain.enp.id
type = "CNAME"
name = "vcs"
value = "en1.enp.one."
value = "${digitalocean_record.enp_en1.fqdn}."
ttl = 10600
}
@@ -36,7 +36,7 @@ resource "digitalocean_record" "enp_ssv" {
domain = digitalocean_domain.enp.id
type = "CNAME"
name = "ssv"
value = "en1.enp.one."
value = "${digitalocean_record.enp_en1.fqdn}."
ttl = 10600
}
@@ -44,7 +44,7 @@ resource "digitalocean_record" "enp_pms" {
domain = digitalocean_domain.enp.id
type = "CNAME"
name = "pms"
value = "en1.enp.one."
value = "${digitalocean_record.enp_en1.fqdn}."
ttl = 10600
}
@@ -52,7 +52,7 @@ resource "digitalocean_record" "enp_cdn" {
domain = digitalocean_domain.enp.id
type = "CNAME"
name = "cdn"
value = "en2-cdn.nyc3.cdn.digitaloceanspaces.com."
value = "${digitalocean_cdn.enp.endpoint}."
ttl = 3600
}
@@ -60,7 +60,7 @@ resource "digitalocean_record" "enp_vpn" {
domain = digitalocean_domain.enp.id
type = "CNAME"
name = "vpn"
value = "en1.enp.one."
value = "${digitalocean_record.enp_en1.fqdn}."
ttl = 10600
}
@@ -68,7 +68,7 @@ resource "digitalocean_record" "enp_www" {
domain = digitalocean_domain.enp.id
type = "CNAME"
name = "www"
value = "en1.enp.one."
value = "${digitalocean_record.enp_en1.fqdn}."
ttl = 10600
}
@@ -76,7 +76,7 @@ resource "digitalocean_record" "enp_sso" {
domain = digitalocean_domain.enp.id
type = "CNAME"
name = "sso"
value = "en1.enp.one."
value = "${digitalocean_record.enp_en1.fqdn}."
ttl = 10600
}
@@ -84,15 +84,7 @@ resource "digitalocean_record" "enp_img" {
domain = digitalocean_domain.enp.id
type = "CNAME"
name = "img"
value = "en1.enp.one."
ttl = 10600
}
resource "digitalocean_record" "enp_pdb" {
domain = digitalocean_domain.enp.id
type = "CNAME"
name = "pdb"
value = "en1.enp.one."
value = "${digitalocean_record.enp_en1.fqdn}."
ttl = 10600
}

2
skylab/infra/playbooks/terraform/domain.enpaul.tf
View File

@@ -9,7 +9,7 @@ resource "digitalocean_record" "enpaul" {
domain = digitalocean_domain.enpaul.id
type = "A"
name = "@"
value = "24.2.156.189"
value = digitalocean_record.enp.value
ttl = 3600
}

13
skylab/infra/playbooks/terraform/domain.scipiocapital.tf
View File

@@ -8,7 +8,7 @@ resource "digitalocean_record" "scipiocapital" {
domain = digitalocean_domain.scipiocapital.id
type = "A"
name = "@"
value = "24.2.156.189"
value = digitalocean_record.enp.value
ttl = 3600
}
@@ -16,7 +16,7 @@ resource "digitalocean_record" "scipiocapital_app" {
domain = digitalocean_domain.scipiocapital.id
type = "CNAME"
name = "app"
value = "en1.enp.one."
value = "${digitalocean_record.enp_en1.fqdn}."
ttl = 43200
}
@@ -24,7 +24,7 @@ resource "digitalocean_record" "scipiocapital_notify" {
domain = digitalocean_domain.scipiocapital.id
type = "CNAME"
name = "notify"
value = "en1.enp.one."
value = "${digitalocean_record.enp_en1.fqdn}."
ttl = 43200
}
@@ -36,6 +36,13 @@ resource "digitalocean_record" "scipiocapital_docs" {
ttl = 43200
}
resource "digitalocean_record" "scipiocapital_auth" {
domain = digitalocean_domain.scipiocapital.id
type = "CNAME"
name = "auth"
value = "${digitalocean_record.enp_en1.fqdn}."
ttl = 43200
}
# ==========================================================================
# Standard DO configuration for all managed domains, includes

13
skylab/infra/playbooks/terraform/project.scipio.tf Normal file
View File

@@ -0,0 +1,13 @@
resource "digitalocean_project" "scipio" {
name = "Scipio Capital"
description = "Eventual home of Scipio Capital systems"
purpose = "Service or API"
environment = "Production"
}
resource "digitalocean_project_resources" "scipio" {
project = digitalocean_project.scipio.id
resources = [
digitalocean_domain.scipiocapital.urn,
]
}

17
skylab/infra/playbooks/terraform/project.skylab.tf Normal file
View File

@@ -0,0 +1,17 @@
resource "digitalocean_project" "skylab" {
name = "SkyLab"
description = "SkyLab resources, with emphasis on Sky"
purpose = "Operational / Developer tooling"
environment = "Development"
is_default = true
}
resource "digitalocean_project_resources" "skylab" {
project = digitalocean_project.skylab.id
resources = [
digitalocean_domain.allaroundhere.urn,
digitalocean_domain.enpaul.urn,
digitalocean_domain.enp.urn,
digitalocean_spaces_bucket.enp_cdn.urn
]
}

18
skylab/infra/playbooks/terraform/spaces.cdn.tf Normal file
View File

@@ -0,0 +1,18 @@
resource "digitalocean_spaces_bucket" "enp_cdn" {
name = "en2-cdn"
region = "nyc3"
acl = "public-read"
force_destroy = false
}
resource "digitalocean_certificate" "enp_cdn" {
name = "CDN"
type = "lets_encrypt"
domains = ["cdn.enp.one", "enp.one"]
}
resource "digitalocean_cdn" "enp" {
origin = digitalocean_spaces_bucket.enp_cdn.bucket_domain_name
custom_domain = "cdn.enp.one"
certificate_name = digitalocean_certificate.enp_cdn.name
}