README.md

@@ -1,20 +0,0 @@
-# Matrixtest-IaC-Ansible
-This ansible playbook creates a three node cluster in openstack.
-
-In this case a microk8s cluster.
-
-The following tasks is executed by this playbook.
-- Creates a custom security group with rules to accept traffic between the nodes.
-- Create an os volume from the debian-12 image.
-- Create an snap volume to be used as an LVM volume for easy resize and mounted on /lib/snap.
-- Query all security groups in the project.
-- Create an network port for each node and use a selection of the queried security groups.
-- Create an instance with os volume, snap volume and port attached and a custom cloudinit config.
-
-## Cloudinit config.
-
-Cloudinit does the following tasks.
-- Install tools for LVM2,XFS and the Chronyd ntp sevice.
-- Configure Chronyd to use netnod.se as a source.
-- Configure a lvol_snap LVM volume and format it with XFS.
-- Add a mount record of the lvm volume in fstab and verifies it.

chrony.conf

@@ -1,53 +0,0 @@
-# Use Debian vendor zone.
-#pool 2.debian.pool.ntp.org iburst
-# Use ntp from netnod.se
-pool gbg1.ntp.netnod.se iburst
-pool gbg2.ntp.netnod.se iburst
-pool lul1.ntp.netnod.se iburst
-pool lul2.ntp.netnod.se iburst
-pool mmo1.ntp.netnod.se iburst
-pool mmo2.ntp.netnod.se iburst
-pool sth1.ntp.netnod.se iburst
-pool sth2.ntp.netnod.se iburst
-pool sth3.ntp.netnod.se iburst
-pool sth4.ntp.netnod.se iburst
-pool svl1.ntp.netnod.se iburst
-pool svl2.ntp.netnod.se iburst
-# Use time sources from DHCP.
-#sourcedir /run/chrony-dhcp
-
-# Use NTP sources found in /etc/chrony/sources.d.
-sourcedir /etc/chrony/sources.d
-
-# This directive specify the location of the file containing ID/key pairs for
-# NTP authentication.
-keyfile /etc/chrony/chrony.keys
-
-# This directive specify the file into which chronyd will store the rate
-# information.
-driftfile /var/lib/chrony/chrony.drift
-
-# Save NTS keys and cookies.
-ntsdumpdir /var/lib/chrony
-
-# Uncomment the following line to turn logging on.
-#log tracking measurements statistics
-
-# Log files location.
-logdir /var/log/chrony
-
-# Stop bad estimates upsetting machine clock.
-maxupdateskew 100.0
-
-# This directive enables kernel synchronisation (every 11 minutes) of the
-# real-time clock. Note that it can't be used along with the 'rtcfile' directive.
-rtcsync
-
-# Step the system clock instead of slewing it if the adjustment is larger than
-# one second, but only in the first three clock updates.
-makestep 1 3
-
-# Get TAI-UTC offset and leap seconds from the system tz database.
-# This directive must be commented out when using time sources serving
-# leap-smeared time.
-leapsectz right/UTC

iac_vars.yaml

@@ -1,5 +0,0 @@
-numnodes: 3
-kubesecgroups:
-  - allegress
-  - kubenode
-  - ssh-from-jumphost

kubenodes-user.yaml.j2

@@ -1,26 +0,0 @@
-#cloud-config
-
-packages:
-  - chrony
-  - git
-  - lvm2
-  - xfsprogs
-write_files:
-  - path: /etc/chrony/chrony.conf
-    permissions: "0644"
-    content: |
-      {{ lookup('ansible.builtin.file', 'chrony.conf') | indent(6, False ) }}
-    owner: root:root
-
-runcmd:
-  - [ systemctl, enable, chronyd ]
-  - systemctl restart chronyd
-  - mkdir -p /var/snap
-  - vgcreate snapvg /dev/sdb
-  - lvcreate -n lvol_snap -l 100%FREE snapvg
-  - mkfs -t xfs -n ftype=1 /dev/snapvg/lvol_snap
-  - cp -a /etc/fstab /run/fstab.bak
-  - echo "/dev/snapvg/lvol_snap  /var/snap    xfs    defaults   0 0" >> /etc/fstab
-  - systemctl daemon-reload
-  - findmnt --verify || cp -a /run/fstab.bak /etc/fstab
-  - mount /var/snap

kubenodes.yaml

@@ -1,20 +1,13 @@
 ---
-- name: Create os volume for kubernetes nodes
+- name: Create kubernetes nodes os volume
   openstack.cloud.volume:
     state: present
     size: 30
     image: debian-12
     is_bootable: true
-    name: kube{{ item }}-matrix-test-sunet-se-osvol
-  loop: "{{ range(1, numnodes + 1 )|list }}"
-
-- name: Create snap volume for kubernetes nodes
-  openstack.cloud.volume:
     state: present
-    size: 20
+    name: kube{{ item }}-matrix-test-sunet-se-vol
-    is_bootable: false
+  loop: "{{ range(1,4)|list }}"
-    name: kube{{ item }}-matrix-test-sunet-se-snapvol
-  loop: "{{ range(1, numnodes + 1 )|list }}"
 
 - name: OS secgroups
   openstack.cloud.security_group_info:
@@ -25,26 +18,8 @@
     name: kube{{ item }}-matrix-test-sunet-se-port
     network: public
     security_groups: |-
-      {%- set secgrlist = [] -%}
+      {%- set secgroupallegress=secgroups.security_groups|selectattr('name', 'equalto', 'allegress')| first -%}
-      {%- for sg in kubesecgroups -%}
+      {% set secgroupkubenode=secgroups.security_groups|selectattr('name', 'equalto', 'kubenode')| first -%}
-      {% set sgdict=secgroups.security_groups|selectattr('name', 'equalto', sg )| first -%}
+      {% set secgroupssh=secgroups.security_groups|selectattr('name', 'equalto', 'ssh-from-jumphost')| first -%}
-      {{- secgrlist.append(sgdict['id']) -}}
+      {{ secgroupallegress['id'] }},{{secgroupkubenode['id']}},{{secgroupssh['id'] -}}
-      {%- endfor -%}
+  loop: "{{ range(1,4)|list }}"
-      {{ secgrlist | join(',') }}
-  loop: "{{ range(1, numnodes + 1 )|list }}"
-
-- name: Launch kubernetes instances
-  openstack.cloud.server:
-    name: "kube{{ item }}.matrix-test.sunet.se"
-    state: present
-    flavor: b2.c4r16
-    key_name: manderssonpub
-    boot_volume: kube{{ item }}-matrix-test-sunet-se-osvol
-    volumes:
-      - "kube{{ item }}-matrix-test-sunet-se-snapvol"
-    nics: 
-      - port-name: "kube{{ item }}-matrix-test-sunet-se-port"
-    security_groups: "{{ kubesecgroups | join(',') }}"
-    userdata: |
-      {{ lookup('ansible.builtin.template', 'kubenodes-user.yaml.j2') | indent(4, False ) }}
-  loop: "{{ range(1, numnodes + 1 )|list }}"

main.yaml

@@ -1,8 +1,6 @@
 ---
 - name: Matrix Kubernetes IaC Deployment
   hosts: localhost
-  vars_files:
-    - iac_vars.yaml
   tasks:
     - name: Setup securitygroups.
       ansible.builtin.include_tasks: