Compare commits

...

10 commits

6 changed files with 139 additions and 8 deletions

20
README.md Normal file
View file

@ -0,0 +1,20 @@
# Matrixtest-IaC-Ansible
This ansible playbook creates a three node cluster in openstack.
In this case a microk8s cluster.
The following tasks is executed by this playbook.
- Creates a custom security group with rules to accept traffic between the nodes.
- Create an os volume from the debian-12 image.
- Create an snap volume to be used as an LVM volume for easy resize and mounted on /lib/snap.
- Query all security groups in the project.
- Create an network port for each node and use a selection of the queried security groups.
- Create an instance with os volume, snap volume and port attached and a custom cloudinit config.
## Cloudinit config.
Cloudinit does the following tasks.
- Install tools for LVM2,XFS and the Chronyd ntp sevice.
- Configure Chronyd to use netnod.se as a source.
- Configure a lvol_snap LVM volume and format it with XFS.
- Add a mount record of the lvm volume in fstab and verifies it.

53
chrony.conf Normal file
View file

@ -0,0 +1,53 @@
# Use Debian vendor zone.
#pool 2.debian.pool.ntp.org iburst
# Use ntp from netnod.se
pool gbg1.ntp.netnod.se iburst
pool gbg2.ntp.netnod.se iburst
pool lul1.ntp.netnod.se iburst
pool lul2.ntp.netnod.se iburst
pool mmo1.ntp.netnod.se iburst
pool mmo2.ntp.netnod.se iburst
pool sth1.ntp.netnod.se iburst
pool sth2.ntp.netnod.se iburst
pool sth3.ntp.netnod.se iburst
pool sth4.ntp.netnod.se iburst
pool svl1.ntp.netnod.se iburst
pool svl2.ntp.netnod.se iburst
# Use time sources from DHCP.
#sourcedir /run/chrony-dhcp
# Use NTP sources found in /etc/chrony/sources.d.
sourcedir /etc/chrony/sources.d
# This directive specify the location of the file containing ID/key pairs for
# NTP authentication.
keyfile /etc/chrony/chrony.keys
# This directive specify the file into which chronyd will store the rate
# information.
driftfile /var/lib/chrony/chrony.drift
# Save NTS keys and cookies.
ntsdumpdir /var/lib/chrony
# Uncomment the following line to turn logging on.
#log tracking measurements statistics
# Log files location.
logdir /var/log/chrony
# Stop bad estimates upsetting machine clock.
maxupdateskew 100.0
# This directive enables kernel synchronisation (every 11 minutes) of the
# real-time clock. Note that it can't be used along with the 'rtcfile' directive.
rtcsync
# Step the system clock instead of slewing it if the adjustment is larger than
# one second, but only in the first three clock updates.
makestep 1 3
# Get TAI-UTC offset and leap seconds from the system tz database.
# This directive must be commented out when using time sources serving
# leap-smeared time.
leapsectz right/UTC

5
iac_vars.yaml Normal file
View file

@ -0,0 +1,5 @@
numnodes: 3
kubesecgroups:
- allegress
- kubenode
- ssh-from-jumphost

26
kubenodes-user.yaml.j2 Normal file
View file

@ -0,0 +1,26 @@
#cloud-config
packages:
- chrony
- git
- lvm2
- xfsprogs
write_files:
- path: /etc/chrony/chrony.conf
permissions: "0644"
content: |
{{ lookup('ansible.builtin.file', 'chrony.conf') | indent(6, False ) }}
owner: root:root
runcmd:
- [ systemctl, enable, chronyd ]
- systemctl restart chronyd
- mkdir -p /var/snap
- vgcreate snapvg /dev/sdb
- lvcreate -n lvol_snap -l 100%FREE snapvg
- mkfs -t xfs -n ftype=1 /dev/snapvg/lvol_snap
- cp -a /etc/fstab /run/fstab.bak
- echo "/dev/snapvg/lvol_snap /var/snap xfs defaults 0 0" >> /etc/fstab
- systemctl daemon-reload
- findmnt --verify || cp -a /run/fstab.bak /etc/fstab
- mount /var/snap

View file

@ -1,13 +1,20 @@
--- ---
- name: Create kubernetes nodes os volume - name: Create os volume for kubernetes nodes
openstack.cloud.volume: openstack.cloud.volume:
state: present state: present
size: 30 size: 30
image: debian-12 image: debian-12
is_bootable: true is_bootable: true
name: kube{{ item }}-matrix-test-sunet-se-osvol
loop: "{{ range(1, numnodes + 1 )|list }}"
- name: Create snap volume for kubernetes nodes
openstack.cloud.volume:
state: present state: present
name: kube{{ item }}-matrix-test-sunet-se-vol size: 20
loop: "{{ range(1,4)|list }}" is_bootable: false
name: kube{{ item }}-matrix-test-sunet-se-snapvol
loop: "{{ range(1, numnodes + 1 )|list }}"
- name: OS secgroups - name: OS secgroups
openstack.cloud.security_group_info: openstack.cloud.security_group_info:
@ -18,8 +25,26 @@
name: kube{{ item }}-matrix-test-sunet-se-port name: kube{{ item }}-matrix-test-sunet-se-port
network: public network: public
security_groups: |- security_groups: |-
{%- set secgroupallegress=secgroups.security_groups|selectattr('name', 'equalto', 'allegress')| first -%} {%- set secgrlist = [] -%}
{% set secgroupkubenode=secgroups.security_groups|selectattr('name', 'equalto', 'kubenode')| first -%} {%- for sg in kubesecgroups -%}
{% set secgroupssh=secgroups.security_groups|selectattr('name', 'equalto', 'ssh-from-jumphost')| first -%} {% set sgdict=secgroups.security_groups|selectattr('name', 'equalto', sg )| first -%}
{{ secgroupallegress['id'] }},{{secgroupkubenode['id']}},{{secgroupssh['id'] -}} {{- secgrlist.append(sgdict['id']) -}}
loop: "{{ range(1,4)|list }}" {%- endfor -%}
{{ secgrlist | join(',') }}
loop: "{{ range(1, numnodes + 1 )|list }}"
- name: Launch kubernetes instances
openstack.cloud.server:
name: "kube{{ item }}.matrix-test.sunet.se"
state: present
flavor: b2.c4r16
key_name: manderssonpub
boot_volume: kube{{ item }}-matrix-test-sunet-se-osvol
volumes:
- "kube{{ item }}-matrix-test-sunet-se-snapvol"
nics:
- port-name: "kube{{ item }}-matrix-test-sunet-se-port"
security_groups: "{{ kubesecgroups | join(',') }}"
userdata: |
{{ lookup('ansible.builtin.template', 'kubenodes-user.yaml.j2') | indent(4, False ) }}
loop: "{{ range(1, numnodes + 1 )|list }}"

View file

@ -1,6 +1,8 @@
--- ---
- name: Matrix Kubernetes IaC Deployment - name: Matrix Kubernetes IaC Deployment
hosts: localhost hosts: localhost
vars_files:
- iac_vars.yaml
tasks: tasks:
- name: Setup securitygroups. - name: Setup securitygroups.
ansible.builtin.include_tasks: ansible.builtin.include_tasks: