Compare commits
10 commits
2a4171aec8
...
cda4173f12
Author | SHA1 | Date | |
---|---|---|---|
Magnus Andersson | cda4173f12 | ||
Magnus Andersson | 01c8936db7 | ||
Magnus Andersson | d5cad0d824 | ||
Magnus Andersson | 4f6d6cf5eb | ||
Magnus Andersson | ca7fe067f7 | ||
Magnus Andersson | 20ec760c8a | ||
Magnus Andersson | 92ada33dbc | ||
Magnus Andersson | 5a43ca0d09 | ||
Magnus Andersson | ca9f31c201 | ||
Magnus Andersson | 4113181fff |
20
README.md
Normal file
20
README.md
Normal file
|
@ -0,0 +1,20 @@
|
|||
# Matrixtest-IaC-Ansible
|
||||
This ansible playbook creates a three node cluster in openstack.
|
||||
|
||||
In this case a microk8s cluster.
|
||||
|
||||
The following tasks is executed by this playbook.
|
||||
- Creates a custom security group with rules to accept traffic between the nodes.
|
||||
- Create an os volume from the debian-12 image.
|
||||
- Create an snap volume to be used as an LVM volume for easy resize and mounted on /lib/snap.
|
||||
- Query all security groups in the project.
|
||||
- Create an network port for each node and use a selection of the queried security groups.
|
||||
- Create an instance with os volume, snap volume and port attached and a custom cloudinit config.
|
||||
|
||||
## Cloudinit config.
|
||||
|
||||
Cloudinit does the following tasks.
|
||||
- Install tools for LVM2,XFS and the Chronyd ntp sevice.
|
||||
- Configure Chronyd to use netnod.se as a source.
|
||||
- Configure a lvol_snap LVM volume and format it with XFS.
|
||||
- Add a mount record of the lvm volume in fstab and verifies it.
|
53
chrony.conf
Normal file
53
chrony.conf
Normal file
|
@ -0,0 +1,53 @@
|
|||
# Use Debian vendor zone.
|
||||
#pool 2.debian.pool.ntp.org iburst
|
||||
# Use ntp from netnod.se
|
||||
pool gbg1.ntp.netnod.se iburst
|
||||
pool gbg2.ntp.netnod.se iburst
|
||||
pool lul1.ntp.netnod.se iburst
|
||||
pool lul2.ntp.netnod.se iburst
|
||||
pool mmo1.ntp.netnod.se iburst
|
||||
pool mmo2.ntp.netnod.se iburst
|
||||
pool sth1.ntp.netnod.se iburst
|
||||
pool sth2.ntp.netnod.se iburst
|
||||
pool sth3.ntp.netnod.se iburst
|
||||
pool sth4.ntp.netnod.se iburst
|
||||
pool svl1.ntp.netnod.se iburst
|
||||
pool svl2.ntp.netnod.se iburst
|
||||
# Use time sources from DHCP.
|
||||
#sourcedir /run/chrony-dhcp
|
||||
|
||||
# Use NTP sources found in /etc/chrony/sources.d.
|
||||
sourcedir /etc/chrony/sources.d
|
||||
|
||||
# This directive specify the location of the file containing ID/key pairs for
|
||||
# NTP authentication.
|
||||
keyfile /etc/chrony/chrony.keys
|
||||
|
||||
# This directive specify the file into which chronyd will store the rate
|
||||
# information.
|
||||
driftfile /var/lib/chrony/chrony.drift
|
||||
|
||||
# Save NTS keys and cookies.
|
||||
ntsdumpdir /var/lib/chrony
|
||||
|
||||
# Uncomment the following line to turn logging on.
|
||||
#log tracking measurements statistics
|
||||
|
||||
# Log files location.
|
||||
logdir /var/log/chrony
|
||||
|
||||
# Stop bad estimates upsetting machine clock.
|
||||
maxupdateskew 100.0
|
||||
|
||||
# This directive enables kernel synchronisation (every 11 minutes) of the
|
||||
# real-time clock. Note that it can't be used along with the 'rtcfile' directive.
|
||||
rtcsync
|
||||
|
||||
# Step the system clock instead of slewing it if the adjustment is larger than
|
||||
# one second, but only in the first three clock updates.
|
||||
makestep 1 3
|
||||
|
||||
# Get TAI-UTC offset and leap seconds from the system tz database.
|
||||
# This directive must be commented out when using time sources serving
|
||||
# leap-smeared time.
|
||||
leapsectz right/UTC
|
5
iac_vars.yaml
Normal file
5
iac_vars.yaml
Normal file
|
@ -0,0 +1,5 @@
|
|||
numnodes: 3
|
||||
kubesecgroups:
|
||||
- allegress
|
||||
- kubenode
|
||||
- ssh-from-jumphost
|
26
kubenodes-user.yaml.j2
Normal file
26
kubenodes-user.yaml.j2
Normal file
|
@ -0,0 +1,26 @@
|
|||
#cloud-config
|
||||
|
||||
packages:
|
||||
- chrony
|
||||
- git
|
||||
- lvm2
|
||||
- xfsprogs
|
||||
write_files:
|
||||
- path: /etc/chrony/chrony.conf
|
||||
permissions: "0644"
|
||||
content: |
|
||||
{{ lookup('ansible.builtin.file', 'chrony.conf') | indent(6, False ) }}
|
||||
owner: root:root
|
||||
|
||||
runcmd:
|
||||
- [ systemctl, enable, chronyd ]
|
||||
- systemctl restart chronyd
|
||||
- mkdir -p /var/snap
|
||||
- vgcreate snapvg /dev/sdb
|
||||
- lvcreate -n lvol_snap -l 100%FREE snapvg
|
||||
- mkfs -t xfs -n ftype=1 /dev/snapvg/lvol_snap
|
||||
- cp -a /etc/fstab /run/fstab.bak
|
||||
- echo "/dev/snapvg/lvol_snap /var/snap xfs defaults 0 0" >> /etc/fstab
|
||||
- systemctl daemon-reload
|
||||
- findmnt --verify || cp -a /run/fstab.bak /etc/fstab
|
||||
- mount /var/snap
|
|
@ -1,13 +1,20 @@
|
|||
---
|
||||
- name: Create kubernetes nodes os volume
|
||||
- name: Create os volume for kubernetes nodes
|
||||
openstack.cloud.volume:
|
||||
state: present
|
||||
size: 30
|
||||
image: debian-12
|
||||
is_bootable: true
|
||||
name: kube{{ item }}-matrix-test-sunet-se-osvol
|
||||
loop: "{{ range(1, numnodes + 1 )|list }}"
|
||||
|
||||
- name: Create snap volume for kubernetes nodes
|
||||
openstack.cloud.volume:
|
||||
state: present
|
||||
name: kube{{ item }}-matrix-test-sunet-se-vol
|
||||
loop: "{{ range(1,4)|list }}"
|
||||
size: 20
|
||||
is_bootable: false
|
||||
name: kube{{ item }}-matrix-test-sunet-se-snapvol
|
||||
loop: "{{ range(1, numnodes + 1 )|list }}"
|
||||
|
||||
- name: OS secgroups
|
||||
openstack.cloud.security_group_info:
|
||||
|
@ -18,8 +25,26 @@
|
|||
name: kube{{ item }}-matrix-test-sunet-se-port
|
||||
network: public
|
||||
security_groups: |-
|
||||
{%- set secgroupallegress=secgroups.security_groups|selectattr('name', 'equalto', 'allegress')| first -%}
|
||||
{% set secgroupkubenode=secgroups.security_groups|selectattr('name', 'equalto', 'kubenode')| first -%}
|
||||
{% set secgroupssh=secgroups.security_groups|selectattr('name', 'equalto', 'ssh-from-jumphost')| first -%}
|
||||
{{ secgroupallegress['id'] }},{{secgroupkubenode['id']}},{{secgroupssh['id'] -}}
|
||||
loop: "{{ range(1,4)|list }}"
|
||||
{%- set secgrlist = [] -%}
|
||||
{%- for sg in kubesecgroups -%}
|
||||
{% set sgdict=secgroups.security_groups|selectattr('name', 'equalto', sg )| first -%}
|
||||
{{- secgrlist.append(sgdict['id']) -}}
|
||||
{%- endfor -%}
|
||||
{{ secgrlist | join(',') }}
|
||||
loop: "{{ range(1, numnodes + 1 )|list }}"
|
||||
|
||||
- name: Launch kubernetes instances
|
||||
openstack.cloud.server:
|
||||
name: "kube{{ item }}.matrix-test.sunet.se"
|
||||
state: present
|
||||
flavor: b2.c4r16
|
||||
key_name: manderssonpub
|
||||
boot_volume: kube{{ item }}-matrix-test-sunet-se-osvol
|
||||
volumes:
|
||||
- "kube{{ item }}-matrix-test-sunet-se-snapvol"
|
||||
nics:
|
||||
- port-name: "kube{{ item }}-matrix-test-sunet-se-port"
|
||||
security_groups: "{{ kubesecgroups | join(',') }}"
|
||||
userdata: |
|
||||
{{ lookup('ansible.builtin.template', 'kubenodes-user.yaml.j2') | indent(4, False ) }}
|
||||
loop: "{{ range(1, numnodes + 1 )|list }}"
|
||||
|
|
Loading…
Reference in a new issue