feat: Lab rebuild on separate hardware

.ansible-lint

@@ -11,6 +11,7 @@ skip_list:
   - role-name[path]
   - name[play]
   - yaml[octal-values]
+  - yaml[brackets]
   - yaml[new-line-at-end-of-file]
 
 offline: false

.ansible-lint-ignore

@@ -1,2 +1,8 @@
-roles/gluster/server/tasks/create-volume.yml risky-shell-pipe
+roles/gluster_server/tasks/create-volume-quota.yml risky-shell-pipe
+roles/gluster_server/tasks/main.yml var-naming[no-role-prefix]
+roles/gluster_server/tasks/create-volume.yml var-naming[no-role-prefix]
+roles/gluster_server/tasks/create-volume-quota.yml var-naming[no-role-prefix]
+roles/gluster_client/tasks/main.yml var-naming[no-role-prefix]
+roles/pve_virtual_machines/tasks/main.yml var-naming[no-role-prefix]
+roles/pve_virtual_machines/tasks/vm.yml var-naming[no-role-prefix]
 playbooks/nvidia.yml name[casing]

README.md

@@ -34,44 +34,17 @@ Working with this repository requires installation of several command line tools
 
 ## Environments
 
-- **Lab** - test environment used to develop the roles running locally inside of HyperV on a developer's workstation.
+- **Lab** - test environment used to develop the roles. The environment is defined in the [lab](https://github.com/homecentr/lab) repository using Proxmox nested virtualization. Please refer to this repository on how to (re)create this environment.
 - **Production** - the actual deployment used by the users.
 
-### Create a Lab environment in Hyper-V
-- Make sure you are running Windows 11 because earlier versions do not support nested virtualization which is required
-- Install latest version of Powershell using [this guide](https://learn.microsoft.com/en-us/powershell/scripting/install/installing-powershell-on-windows?view=powershell-7.2)
-- Create VMs using `yarn lab:create` command (must be executed as administrator)
-- Start the VMs and install the Proxmox VMs with following parameters  
-    - Disk: ZFS with RAID0
-    - Country: Czechia
-    - Timezone: Europe/Prague
-    - Password: any, just watch out for english keyboard layout when typing numbers and make sure **all nodes have the same password**
-    - E-mail: stg-pve<X>@lab.<domain>
-    - Hostname: stg-pve<X>.lab.<domain>
-    - IP Address: 10.1.8.1<X>/24
-    - Gateway: 10.1.8.1
-- Create a Proxmox cluster (there's currently no way to automate this)
-- Remove previous SSH keys in case you have re-created the lab using the following command
-```bash
-yarn lab:clear-keys
-```
-- Apply Ansible playbooks which will set up ssh access using the standard admin user using the following command
-```bash
-yarn lab:init
-```
-- Apply the rest of Ansible playbooks using the following command
-```bash
-yarn lab:apply site
-```
-
 ## Applying playbooks
-Simply run the following bash command (requires Linux e.g. in WSL with [Yarn](https://yarnpkg.com/) installed):
+In case you are running the playbooks against freshly installed machines, make sure you first run the initialization using the `yarn lab:init` command.
+
+To apply a playbook simply run the following bash command (requires Linux e.g. in WSL with [Yarn](https://yarnpkg.com/) installed):
 ```
 yarn <env>:apply <playbook>
 ```
 
 for example `yarn lab:apply common.yml`
 
 The script automatically installs dependencies from Ansible Galaxy and runs the playbook.
-
-> Note that the first time applying playbooks on a clean server, you need to use whatever authentication is available (most likely a password based one). During the first run the roles configure the SSH daemon to only allow non-root user with an RSA key and/or hardware device like YubiKey you need to use for subsequent logins.

environments/lab/group_vars/gluster_nodes/mounts.yml

@@ -3,5 +3,6 @@ gluster_tls_certificate_validity_days: 7300
 
 gluster_volume_mounts:
   - k8s-services
+  - k8s-services-db
   - k8s-monitoring
   - k8s-nvr

environments/lab/group_vars/gluster_nodes/volumes.yml

@@ -32,7 +32,7 @@ gluster_volumes:
       - pve3
 
   - name: k8s-services-db
-    mount_path: /mnt/gfs/k8s-services
+    mount_path: /mnt/gfs/k8s-services-db
     replica_sets:
       - storage_bricks:
           - host: pve1

environments/lab/group_vars/pve_nodes/general.yml

@@ -6,6 +6,7 @@ ssh_allow_root_login_trusted_clients:
 
 pve_zfs_max_arc_size_gb: 0.5
 
+# TODO: Move this to a common role !!!
 pve_domain: homecentr.one
 pve_nameservers:
   - 1.1.1.1

environments/lab/host_vars/pve1.yml

@@ -3,24 +3,24 @@ ansible_host: 10.1.8.11
 ansible_hostname: pve1-lab
 fqdn: pve1-lab.homecentr.one
 
+network_interfaces:
+  ens19:
+    method: static
+    address: 192.168.7.11/24
+    auto: true
+
 # UPS
 ups_name: dummy-ups1
 
 # Gluster
-gluster_ip: 192.168.1.11
+gluster_ip: 192.168.7.11
 gluster_hostname: gfs-pve1-lab
 gluster_fqdn: gfs-pve1-lab.homecentr.one
 gluster_mount_host: pve1
 
 # PVE
 pve_pci_passhthrough_enabled: false
 
-pve_network_interfaces:
-  eth1:
-    method: static
-    address: 192.168.1.11/24
-    auto: true
-
 pve_vm_machines:
   - vmid: 101
     name: kube1-lab
@@ -30,11 +30,11 @@ pve_vm_machines:
     shutdown_timeout_seconds: 120
     nic_bridge: vmbr0
     os_storage: local-zfs
-    os_disk_size_gb: 32
+    os_disk_size: 32G
     cpu_count: 1
-    cpu_cores_per_cpu: 4
-    min_memory: 4096
-    max_memory: 4096
+    cpu_cores_per_cpu: 8
+    min_memory: 8192
+    max_memory: 15360
     nic_ipv4_address: 10.1.8.21
     nic_ipv4_subnet: 255.255.255.0
     nic_ipv4_gateway: 10.1.8.1

environments/lab/host_vars/pve2.yml

@@ -3,24 +3,24 @@ ansible_host: 10.1.8.12
 ansible_hostname: pve2-lab
 fqdn: pve2-lab.homecentr.one
 
+network_interfaces:
+  ens19:
+    method: static
+    address: 192.168.7.12/24
+    auto: true
+
 # UPS
 ups_name: dummy-ups1
 
 # Gluster
-gluster_ip: 192.168.1.12
+gluster_ip: 192.168.7.12
 gluster_hostname: gfs-pve2-lab
 gluster_fqdn: gfs-pve2-lab.homecentr.one
 gluster_mount_host: pve2
 
 # PVE
 pve_pci_passhthrough_enabled: false
 
-pve_network_interfaces:
-  eth1:
-    method: static
-    address: 192.168.1.12/24
-    auto: true
-
 pve_vm_machines:
   - vmid: 201
     name: kube2-lab
@@ -30,11 +30,11 @@ pve_vm_machines:
     shutdown_timeout_seconds: 120
     nic_bridge: vmbr0
     os_storage: local-zfs
-    os_disk_size_gb: 32
+    os_disk_size: 32G
     cpu_count: 1
-    cpu_cores_per_cpu: 4
-    min_memory: 4096
-    max_memory: 4096
+    cpu_cores_per_cpu: 8
+    min_memory: 8192
+    max_memory: 15360
     nic_ipv4_address: 10.1.8.22
     nic_ipv4_subnet: 255.255.255.0
     nic_ipv4_gateway: 10.1.8.1

environments/lab/host_vars/pve3.yml

@@ -3,22 +3,22 @@ ansible_host: 10.1.8.13
 ansible_hostname: pve3-lab
 fqdn: pve3-lab.homecentr.one
 
+network_interfaces:
+  ens19:
+    method: static
+    address: 192.168.7.13/24
+    auto: true
+
 # UPS
 ups_name: dummy-ups1
 
 # Gluster
-gluster_ip: 192.168.1.13
+gluster_ip: 192.168.7.13
 gluster_hostname: gfs-pve3-lab
 gluster_fqdn: gfs-pve3-lab.homecentr.one
 gluster_mount_host: pve3
 
 # PVE
-pve_network_interfaces:
-  eth1:
-    method: static
-    address: 192.168.1.13/24
-    auto: true
-
 pve_vm_machines:
   - vmid: 301
     name: kube3-lab
@@ -28,11 +28,11 @@ pve_vm_machines:
     shutdown_timeout_seconds: 120
     nic_bridge: vmbr0
     os_storage: local-zfs
-    os_disk_size_gb: 32
+    os_disk_size: 32G
     cpu_count: 1
-    cpu_cores_per_cpu: 4
-    min_memory: 4096
-    max_memory: 4096
+    cpu_cores_per_cpu: 8
+    min_memory: 8192
+    max_memory: 15360
     nic_ipv4_address: 10.1.8.23
     nic_ipv4_subnet: 255.255.255.0
     nic_ipv4_gateway: 10.1.8.1

environments/lab/hosts.yml

@@ -24,9 +24,6 @@ all:
             pve3:
         gluster_clients:
           hosts:
-            pve1:
-            pve2:
-            pve3:
             kube1:
             kube2:
             kube3:

environments/prod/group_vars/k8s_nodes/argocd.sops.yml

@@ -5,7 +5,7 @@ argocd_sops:
     public_key: ENC[AES256_GCM,data:z2nluQHqqGFwsb1EcyIa34y8rDlYRp7aJmrsZ7ILpmGi8maNJiAPsUTa5Ev8lDsPQbeO/Xh66r0XdjUS0OY=,iv:5vTm0EuaeJqwEgEtOmpIII72/Ik3OJtunYzzi5SxlB0=,tag:gmq7VP7nP+p5Frv2KsYPpA==,type:str]
     private_key: ENC[AES256_GCM,data:d398ZqrSzUbmyNuRt8gdkiHmp8rMM3Jt2AhXRhzEcHmGj+qZMdwJcnVX8H0PySFaaaBNo0885jR3PawAQkDddSBgiVdni51JNCM=,iv:ypBefMkJYmEsN0pGEIgXDzH8Gu4rUWwTRGOJ0VBrQ40=,tag:uvyLZSG8c9HH9k54GhQd9Q==,type:str]
 argocd_github:
-    token: ENC[AES256_GCM,data:xjDmFkzpqgQTwKyFTLm2SD1/P67spkLJ+rHEp3HxN4UjJ8aSaZD4nYj/awV6GDGjnPY5MmtFCQT5jQ8Qmm6hv4FxPq3Topnx57ZrWFydl3qXf8GafVJ+h+Mdj4Ka,iv:PtEZDXqNS6xPmRzAOCuuqjl3SKWLKTBbeDk02flqr3s=,tag:EQUPLi84VlZxtiPWjCS7Yw==,type:str]
+    token: ENC[AES256_GCM,data:c6r2pzVCaRrEptbbwDW4bg4hitnQlBbw7vyq/XqM8Spw3Zo6fRCXuHbmT3qDbbgxRvc9J1TTTFI3pYBROvB2xsNgbxZ2Q+zmSGSqHtXtKf1EMRA41GIBa8a/cnZP,iv:sBxdszp4K2h9owXAfqFafGRSbr7ENUnliFmjwKqpSM4=,tag:atP8xZAZZ7XXVTr9eD9yqw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -21,8 +21,8 @@ sops:
             Vm5WbkVvTU5lY1FtRnRudEpJZmxvOGMK/wHIisN0llv5njFAQMj18Sj0gLFi4jM+
             0Nh+g3hnDB8IUwmvBopFvkPQUGruqT1S/ggzp51Z0AM9q61MfFB25g==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-06-04T20:58:07Z"
-    mac: ENC[AES256_GCM,data:L57xIrpWf8Q4SVro96NgHNb3gquxj48q7n494QtPbwnoWP/PstGF3v3k5zZdRYSPK1I2IDjlIbcdFzpM9w/+m51xleMmfWrqNXqRu4s80Y283hxtf6L+L1dfku3tPpl+FRMpeOl3wBJ1fHZE9Y5inqJ7gBkAbm3/TDkr56lsmEM=,iv:sg9lDvezpkTnp+ovVd3HramhVAbpImMZwJfOQktQ3eo=,tag:KoMrecXPO7NaLjj/F7Reaw==,type:str]
+    lastmodified: "2023-08-22T13:09:59Z"
+    mac: ENC[AES256_GCM,data:77+mwbTt539JR9AXvBHtXj/U5hnHX0FYjdLieOsZM9bEzzn4LS0mDXefRl+lxFTEjLEy9JTTRbHIYd3W0N29FvdXXz1/ML9NN013eBemw4wlHwYh8pTx4HX7seDLCEvWyHKNZjj0ta+P9fcdeST5Pip4MmfvlHDMwVH+d6mi7gU=,iv:B/mG3bOG/McuBfjieey9aMnmIuLKMu6fFUu+I17FnHY=,tag:2ziwL3cH3NTVGn5gwM7exQ==,type:str]
     pgp:
         - created_at: "2023-06-05T09:02:01Z"
           enc: |

environments/prod/host_vars/pve3.yml

@@ -26,8 +26,8 @@ pve_vm_machines:
     cpu_type: "cputype=host,flags=+aes"
     cpu_count: 1
     cpu_cores_per_cpu: 3
-    min_memory: 4096
-    max_memory: 4096
+    min_memory: 8192
+    max_memory: 8192
     nic_ipv4_address: 10.1.2.23
     nic_ipv4_subnet: 255.255.255.0
     nic_ipv4_gateway: 10.1.2.1

environments/prod/hosts.yml

@@ -24,9 +24,6 @@ all:
             pve3:
         gluster_clients:
           hosts:
-            pve1:
-            pve2:
-            pve3:
             kube1:
             kube2:
             kube3:

package.json

@@ -7,9 +7,7 @@
   "private": true,
   "scripts": {
     "lint": "ANSIBLE_CONFIG=\"./ansible.cfg\" ansible-lint",
-    "setup:local": "ansible-galaxy install -r ./requirements.yml && ansible-playbook ./playbooks/_local.yml",
-    "lab:create": "pwsh -ExecutionPolicy RemoteSigned -WorkingDirectory ./tools ./tools/lab-create.ps1",
-    "lab:destroy": "pwsh -ExecutionPolicy RemoteSigned -WorkingDirectory ./tools ./tools/lab-destroy.ps1",
+    "setup:local": "ansible-galaxy install -r ./requirements.yml --force && ansible-playbook ./playbooks/_local.yml",
     "lab:clear-keys": "./tools/clearkeys.sh",
     "lab:init": "ANSIBLE_HOST_KEY_CHECKING=False ./tools/apply.sh lab proxmox -u root -e ansible_user=root --tags init -k",
     "lab:apply": "./tools/apply.sh lab",

playbooks/common.yml

@@ -12,7 +12,7 @@
 
     - name: Create host records for servers
       ansible.builtin.import_role:
-        name: ../../roles/common/hosts
+        name: ../../roles/hosts
       tags:
         - hosts
 

playbooks/gluster.yml

@@ -8,7 +8,7 @@
   tasks:
     - name: Install and configure Gluster servers
       ansible.builtin.import_role:
-        name: ../../roles/gluster/server
+        name: ../../roles/gluster_server
 
 - name: Set up gluster clients
   hosts: gluster_clients
@@ -20,4 +20,4 @@
   tasks:
     - name: Install and configure Gluster clients
       ansible.builtin.import_role:
-        name: ../../roles/gluster/client
+        name: ../../roles/gluster_client

playbooks/kubernetes.yml

@@ -6,12 +6,12 @@
   tasks:
     - name: Install and configure k3s
       ansible.builtin.import_role:
-        name: ../../roles/kubernetes/k3s-cluster
+        name: ../../roles/k3s_cluster
       tags:
         - k3s
 
     - name: Install and configure Argo CD
       ansible.builtin.import_role:
-        name: ../../roles/kubernetes/argo-cd
+        name: ../../roles/argocd
       tags:
         - argocd