Add README.md

README.md

@@ -0,0 +1,20 @@
+# Matrixtest-IaC-Ansible
+This ansible playbook creates a three node cluster in openstack.
+
+In this case a microk8s cluster.
+
+The following tasks is executed by this playbook.
+- Creates a custom security group with rules to accept traffic between the nodes.
+- Create an os volume from the debian-12 image.
+- Create an snap volume to be used as an LVM volume for easy resize and mounted on /lib/snap.
+- Query all security groups in the project.
+- Create an network port for each node and use a selection of the queried security groups.
+- Create an instance with os volume, snap volume and port attached and a custom cloudinit config.
+
+## Cloudinit config.
+
+Cloudinit does the following tasks.
+- Install tools for LVM2,XFS and the Chronyd ntp sevice.
+- Configure Chronyd to use netnod.se as a source.
+- Configure a lvol_snap LVM volume and format it with XFS.
+- Add a mount record of the lvm volume in fstab and verifies it.

chrony.conf

@@ -0,0 +1,53 @@
+# Use Debian vendor zone.
+#pool 2.debian.pool.ntp.org iburst
+# Use ntp from netnod.se
+pool gbg1.ntp.netnod.se iburst
+pool gbg2.ntp.netnod.se iburst
+pool lul1.ntp.netnod.se iburst
+pool lul2.ntp.netnod.se iburst
+pool mmo1.ntp.netnod.se iburst
+pool mmo2.ntp.netnod.se iburst
+pool sth1.ntp.netnod.se iburst
+pool sth2.ntp.netnod.se iburst
+pool sth3.ntp.netnod.se iburst
+pool sth4.ntp.netnod.se iburst
+pool svl1.ntp.netnod.se iburst
+pool svl2.ntp.netnod.se iburst
+# Use time sources from DHCP.
+#sourcedir /run/chrony-dhcp
+
+# Use NTP sources found in /etc/chrony/sources.d.
+sourcedir /etc/chrony/sources.d
+
+# This directive specify the location of the file containing ID/key pairs for
+# NTP authentication.
+keyfile /etc/chrony/chrony.keys
+
+# This directive specify the file into which chronyd will store the rate
+# information.
+driftfile /var/lib/chrony/chrony.drift
+
+# Save NTS keys and cookies.
+ntsdumpdir /var/lib/chrony
+
+# Uncomment the following line to turn logging on.
+#log tracking measurements statistics
+
+# Log files location.
+logdir /var/log/chrony
+
+# Stop bad estimates upsetting machine clock.
+maxupdateskew 100.0
+
+# This directive enables kernel synchronisation (every 11 minutes) of the
+# real-time clock. Note that it can't be used along with the 'rtcfile' directive.
+rtcsync
+
+# Step the system clock instead of slewing it if the adjustment is larger than
+# one second, but only in the first three clock updates.
+makestep 1 3
+
+# Get TAI-UTC offset and leap seconds from the system tz database.
+# This directive must be commented out when using time sources serving
+# leap-smeared time.
+leapsectz right/UTC

iac_vars.yaml

@@ -0,0 +1,5 @@
+numnodes: 3
+kubesecgroups:
+  - allegress
+  - kubenode
+  - ssh-from-jumphost

kubenodes-user.yaml.j2

@@ -0,0 +1,26 @@
+#cloud-config
+
+packages:
+  - chrony
+  - git
+  - lvm2
+  - xfsprogs
+write_files:
+  - path: /etc/chrony/chrony.conf
+    permissions: "0644"
+    content: |
+      {{ lookup('ansible.builtin.file', 'chrony.conf') | indent(6, False ) }}
+    owner: root:root
+
+runcmd:
+  - [ systemctl, enable, chronyd ]
+  - systemctl restart chronyd
+  - mkdir -p /var/snap
+  - vgcreate snapvg /dev/sdb
+  - lvcreate -n lvol_snap -l 100%FREE snapvg
+  - mkfs -t xfs -n ftype=1 /dev/snapvg/lvol_snap
+  - cp -a /etc/fstab /run/fstab.bak
+  - echo "/dev/snapvg/lvol_snap  /var/snap    xfs    defaults   0 0" >> /etc/fstab
+  - systemctl daemon-reload
+  - findmnt --verify || cp -a /run/fstab.bak /etc/fstab
+  - mount /var/snap

kubenodes.yaml

@@ -1,13 +1,20 @@
 ---
-- name: Create kubernetes nodes os volume
+- name: Create os volume for kubernetes nodes
   openstack.cloud.volume:
     state: present
     size: 30
     image: debian-12
     is_bootable: true
+    name: kube{{ item }}-matrix-test-sunet-se-osvol
+  loop: "{{ range(1, numnodes + 1 )|list }}"
+
+- name: Create snap volume for kubernetes nodes
+  openstack.cloud.volume:
     state: present
-    name: kube{{ item }}-matrix-test-sunet-se-vol
+    size: 20
-  loop: "{{ range(1,4)|list }}"
+    is_bootable: false
+    name: kube{{ item }}-matrix-test-sunet-se-snapvol
+  loop: "{{ range(1, numnodes + 1 )|list }}"
 
 - name: OS secgroups
   openstack.cloud.security_group_info:
@@ -18,8 +25,26 @@
     name: kube{{ item }}-matrix-test-sunet-se-port
     network: public
     security_groups: |-
-      {%- set secgroupallegress=secgroups.security_groups|selectattr('name', 'equalto', 'allegress')| first -%}
+      {%- set secgrlist = [] -%}
-      {% set secgroupkubenode=secgroups.security_groups|selectattr('name', 'equalto', 'kubenode')| first -%}
+      {%- for sg in kubesecgroups -%}
-      {% set secgroupssh=secgroups.security_groups|selectattr('name', 'equalto', 'ssh-from-jumphost')| first -%}
+      {% set sgdict=secgroups.security_groups|selectattr('name', 'equalto', sg )| first -%}
-      {{ secgroupallegress['id'] }},{{secgroupkubenode['id']}},{{secgroupssh['id'] -}}
+      {{- secgrlist.append(sgdict['id']) -}}
-  loop: "{{ range(1,4)|list }}"
+      {%- endfor -%}
+      {{ secgrlist | join(',') }}
+  loop: "{{ range(1, numnodes + 1 )|list }}"
+
+- name: Launch kubernetes instances
+  openstack.cloud.server:
+    name: "kube{{ item }}.matrix-test.sunet.se"
+    state: present
+    flavor: b2.c4r16
+    key_name: manderssonpub
+    boot_volume: kube{{ item }}-matrix-test-sunet-se-osvol
+    volumes:
+      - "kube{{ item }}-matrix-test-sunet-se-snapvol"
+    nics: 
+      - port-name: "kube{{ item }}-matrix-test-sunet-se-port"
+    security_groups: "{{ kubesecgroups | join(',') }}"
+    userdata: |
+      {{ lookup('ansible.builtin.template', 'kubenodes-user.yaml.j2') | indent(4, False ) }}
+  loop: "{{ range(1, numnodes + 1 )|list }}"

main.yaml

@@ -1,6 +1,8 @@
 ---
 - name: Matrix Kubernetes IaC Deployment
   hosts: localhost
+  vars_files:
+    - iac_vars.yaml
   tasks:
     - name: Setup securitygroups.
       ansible.builtin.include_tasks: