diff options
18 files changed, 129 insertions, 89 deletions
diff --git a/fdio.infra.ansible/nomad.yaml b/fdio.infra.ansible/nomad.yaml index 5a8c4ca4bc..8dbdac54fe 100644 --- a/fdio.infra.ansible/nomad.yaml +++ b/fdio.infra.ansible/nomad.yaml @@ -22,9 +22,9 @@ tags: nomad - role: consul tags: consul - - role: prometheus_exporter - tags: prometheus_exporter - - role: jenkins_job_health_exporter - tags: jenkins_job_health_exporter - - role: cleanup - tags: cleanup +# - role: prometheus_exporter +# tags: prometheus_exporter +# - role: jenkins_job_health_exporter +# tags: jenkins_job_health_exporter +# - role: cleanup +# tags: cleanup diff --git a/fdio.infra.ansible/roles/baremetal/handlers/main.yaml b/fdio.infra.ansible/roles/baremetal/handlers/main.yaml index d8dabeb222..6e8734eaa9 100644 --- a/fdio.infra.ansible/roles/baremetal/handlers/main.yaml +++ b/fdio.infra.ansible/roles/baremetal/handlers/main.yaml @@ -14,13 +14,13 @@ - cimc-handlers - name: Reboot server - reboot: + ansible.builtin.reboot: reboot_timeout: 3600 tags: - reboot-server - name: Wait for server to restart - wait_for: + ansible.builtin.wait_for: host: "{{ inventory_hostname }}" search_regex: OpenSSH port: 22 diff --git a/fdio.infra.ansible/roles/consul/defaults/main.yaml b/fdio.infra.ansible/roles/consul/defaults/main.yaml index 13bba8b144..503857de92 100644 --- a/fdio.infra.ansible/roles/consul/defaults/main.yaml +++ b/fdio.infra.ansible/roles/consul/defaults/main.yaml @@ -24,7 +24,7 @@ consul_architecture_map: 32-bit: "386" 64-bit: "amd64" consul_architecture: "{{ consul_architecture_map[ansible_architecture] }}" -consul_version: "1.9.5" +consul_version: "1.12.2" consul_pkg: "consul_{{ consul_version }}_linux_{{ consul_architecture }}.zip" consul_zip_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/{{ consul_pkg }}" consul_force_update: false diff --git a/fdio.infra.ansible/roles/consul/handlers/main.yaml b/fdio.infra.ansible/roles/consul/handlers/main.yaml index d0e0c598a9..a88ae45d27 100644 --- a/fdio.infra.ansible/roles/consul/handlers/main.yaml +++ b/fdio.infra.ansible/roles/consul/handlers/main.yaml @@ -2,14 +2,14 @@ # file roles/consul/handlers/main.yaml - name: Restart Nomad - systemd: + ansible.builtin.systemd: daemon_reload: true enabled: true name: "nomad" state: "{{ nomad_restart_handler_state }}" - name: Restart Consul - systemd: + ansible.builtin.systemd: daemon_reload: true enabled: true name: "consul" diff --git a/fdio.infra.ansible/roles/consul/meta/main.yaml b/fdio.infra.ansible/roles/consul/meta/main.yaml index c848f67c7b..bc6d6a1c57 100644 --- a/fdio.infra.ansible/roles/consul/meta/main.yaml +++ b/fdio.infra.ansible/roles/consul/meta/main.yaml @@ -1,11 +1,6 @@ --- # file: roles/consul/meta/main.yaml -# desc: Install consul from stable branch and configure service. -# inst: Consul -# conf: ? -# info: 1.0 - added role - dependencies: [] galaxy_info: role_name: consul @@ -18,5 +13,6 @@ galaxy_info: - name: Ubuntu versions: - focal + - jammy galaxy_tags: - consul diff --git a/fdio.infra.ansible/roles/consul/tasks/main.yaml b/fdio.infra.ansible/roles/consul/tasks/main.yaml index 4e229714b7..1d6bcc0b0b 100644 --- a/fdio.infra.ansible/roles/consul/tasks/main.yaml +++ b/fdio.infra.ansible/roles/consul/tasks/main.yaml @@ -1,14 +1,22 @@ --- # file: roles/consul/tasks/main.yaml -- name: Install Dependencies +- name: Inst - Update Repositories Cache + apt: + update_cache: true + when: + - ansible_os_family == 'Debian' + tags: + - consul-inst-package + +- name: Inst - Dependencies apt: name: "{{ packages | flatten(levels=1) }}" state: "present" cache_valid_time: 3600 install_recommends: false when: - - ansible_distribution|lower == 'ubuntu' + - ansible_os_family == 'Debian' tags: - consul-inst-dependencies @@ -155,7 +163,7 @@ name: "systemd-resolved" state: "{{ systemd_resolved_state }}" when: - - nomad_service_mgr == "systemd" + - consul_service_mgr == "systemd" tags: - consul-conf @@ -170,8 +178,9 @@ - "Restart Consul" - "Restart Nomad" when: - - nomad_service_mgr == "systemd" + - consul_service_mgr == "systemd" tags: - consul-conf -- meta: flush_handlers +- name: Meta - Flush handlers + meta: flush_handlers diff --git a/fdio.infra.ansible/roles/docker/defaults/main.yaml b/fdio.infra.ansible/roles/docker/defaults/main.yaml index a8f4e6289d..e493d1c9b5 100644 --- a/fdio.infra.ansible/roles/docker/defaults/main.yaml +++ b/fdio.infra.ansible/roles/docker/defaults/main.yaml @@ -10,10 +10,11 @@ docker_package_state: latest docker_service_state: started docker_service_enabled: true docker_restart_handler_state: restarted +docker_service_mgr: "" # Used only for Debian/Ubuntu. docker_apt_release_channel: "stable" -docker_apt_repository: "deb https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" +docker_apt_repository: "deb https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable" docker_apt_repository_state: present docker_apt_ignore_key_error: true docker_apt_gpg_key: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg" @@ -25,10 +26,6 @@ docker_yum_repo_enable_edge: "0" docker_yum_repo_enable_test: "0" docker_yum_gpg_key: https://download.docker.com/linux/centos/gpg -# A list of users who will be added to the docker group. -docker_users: - - "{{ ansible_user }}" - # Proxy settings. docker_daemon_environment_http: - "HTTP_PROXY={{ proxy_env.http_proxy }}" diff --git a/fdio.infra.ansible/roles/docker/handlers/main.yaml b/fdio.infra.ansible/roles/docker/handlers/main.yaml index 572b789d48..53eb8528f6 100644 --- a/fdio.infra.ansible/roles/docker/handlers/main.yaml +++ b/fdio.infra.ansible/roles/docker/handlers/main.yaml @@ -2,7 +2,7 @@ # file roles/docker/handlers/main.yaml - name: Restart Docker - service: + ansible.builtin.service: name: "docker" state: "{{ docker_restart_handler_state }}" tags: diff --git a/fdio.infra.ansible/roles/docker/meta/main.yaml b/fdio.infra.ansible/roles/docker/meta/main.yaml index e191fd43b6..ac6c0a9980 100644 --- a/fdio.infra.ansible/roles/docker/meta/main.yaml +++ b/fdio.infra.ansible/roles/docker/meta/main.yaml @@ -1,4 +1,19 @@ --- -# file: roles/docker/meta/main.yaml +# file: meta/main.yaml dependencies: [] + +galaxy_info: + role_name: docker + author: fd.io + description: Docker-CE for Linux. + company: none + license: "license (Apache)" + min_ansible_version: 2.9 + platforms: + - name: Ubuntu + versions: + - focal + - jammy + galaxy_tags: + - docker diff --git a/fdio.infra.ansible/roles/docker/tasks/ubuntu_focal.yaml b/fdio.infra.ansible/roles/docker/tasks/focal.yaml index 236cec6322..27fee6285c 100644 --- a/fdio.infra.ansible/roles/docker/tasks/ubuntu_focal.yaml +++ b/fdio.infra.ansible/roles/docker/tasks/focal.yaml @@ -2,7 +2,7 @@ # file: roles/docker/tasks/ubuntu_focal.yaml - name: Inst - Dependencies - apt: + ansible.builtin.apt: name: - "apt-transport-https" - "ca-certificates" @@ -15,14 +15,14 @@ - docker-inst-dependencies - name: Conf - Add APT Key - apt_key: + ansible.builtin.apt_key: url: "{{ docker_apt_gpg_key }}" state: "{{ docker_apt_gpg_key_state }}" tags: - docker-conf-apt - name: Conf - Install APT Repository - apt_repository: + ansible.builtin.apt_repository: repo: "{{ docker_apt_repository }}" state: "{{ docker_apt_repository_state }}" update_cache: true diff --git a/fdio.infra.ansible/roles/docker/tasks/ubuntu_jammy.yaml b/fdio.infra.ansible/roles/docker/tasks/jammy.yaml index 51f60ee348..8ec7a01ee1 100644 --- a/fdio.infra.ansible/roles/docker/tasks/ubuntu_jammy.yaml +++ b/fdio.infra.ansible/roles/docker/tasks/jammy.yaml @@ -2,7 +2,7 @@ # file: roles/docker/tasks/ubuntu_jammy.yaml - name: Inst - Dependencies - apt: + ansible.builtin.apt: name: - "apt-transport-https" - "ca-certificates" @@ -15,14 +15,14 @@ - docker-inst-dependencies - name: Conf - Add APT Key - apt_key: + ansible.builtin.apt_key: url: "{{ docker_apt_gpg_key }}" state: "{{ docker_apt_gpg_key_state }}" tags: - docker-conf-apt - name: Conf - Install APT Repository - apt_repository: + ansible.builtin.apt_repository: repo: "{{ docker_apt_repository }}" state: "{{ docker_apt_repository_state }}" update_cache: true diff --git a/fdio.infra.ansible/roles/docker/tasks/main.yaml b/fdio.infra.ansible/roles/docker/tasks/main.yaml index 27b9d250da..e07b29e363 100644 --- a/fdio.infra.ansible/roles/docker/tasks/main.yaml +++ b/fdio.infra.ansible/roles/docker/tasks/main.yaml @@ -1,12 +1,12 @@ --- # file: roles/docker/tasks/main.yaml -- include_tasks: "{{ ansible_distribution|lower }}_{{ ansible_distribution_release }}.yaml" +- include_tasks: "{{ ansible_distribution_release }}.yaml" tags: - docker-inst-dependencies - name: Inst - Docker - package: + ansible.builtin.package: name: - "{{ docker_package }}" - "{{ docker_package }}-cli" @@ -15,22 +15,27 @@ - docker-inst-package - name: Conf - Docker Service - service: + ansible.builtin.service: name: docker state: "{{ docker_service_state }}" enabled: "{{ docker_service_enabled }}" + when: + - docker_service_mgr == "systemd" tags: - docker-conf-service - name: Conf - Docker Service Directory - file: + ansible.builtin.file: path: "/etc/systemd/system/docker.service.d" state: "directory" + mode: "0755" + when: + - docker_service_mgr == "systemd" tags: - docker-conf-service - name: Conf - Docker Daemon - template: + ansible.builtin.template: src: "templates/daemon.json.j2" dest: "/etc/docker/daemon.json" owner: "root" @@ -39,12 +44,13 @@ notify: - "Restart Docker" when: > - docker_daemon is defined + docker_daemon is defined and + docker_service_mgr == "systemd" tags: - docker-conf-daemon - name: Conf - Docker HTTP Proxy - template: + ansible.builtin.template: src: "templates/docker.service.proxy.http" dest: "/etc/systemd/system/docker.service.d/http-proxy.conf" owner: "root" @@ -54,12 +60,13 @@ - "Restart Docker" when: > proxy_env is defined and - proxy_env.http_proxy is defined + proxy_env.http_proxy is defined and + docker_service_mgr == "systemd" tags: - docker-conf-service - name: Conf - Docker HTTPS Proxy - template: + ansible.builtin.template: src: "templates/docker.service.proxy.https" dest: "/etc/systemd/system/docker.service.d/https-proxy.conf" owner: "root" @@ -69,16 +76,10 @@ - "Restart Docker" when: > proxy_env is defined and - proxy_env.https_proxy is defined + proxy_env.https_proxy is defined and + docker_service_mgr == "systemd" tags: - docker-conf-service -- name: Conf - Users to Docker Group - user: - name: "{{ ansible_user }}" - groups: "docker" - append: true - tags: - - docker-conf-user - -- meta: flush_handlers +- name: Meta - Flush handlers + ansible.builtin.meta: flush_handlers diff --git a/fdio.infra.ansible/roles/nomad/defaults/main.yaml b/fdio.infra.ansible/roles/nomad/defaults/main.yaml index f58ac0961d..b4741f8d43 100644 --- a/fdio.infra.ansible/roles/nomad/defaults/main.yaml +++ b/fdio.infra.ansible/roles/nomad/defaults/main.yaml @@ -16,7 +16,7 @@ packages_by_arch: - [] # Package -nomad_version: "{{ lookup('env','NOMAD_VERSION') | default('1.0.4', true) }}" +nomad_version: "{{ lookup('env','NOMAD_VERSION') | default('1.3.1', true) }}" nomad_architecture_map: amd64: "amd64" x86_64: "amd64" @@ -63,7 +63,7 @@ nomad_log_level: "INFO" nomad_syslog_enable: true nomad_iface: "{{ lookup('env','NOMAD_IFACE') | default(ansible_default_ipv4.interface, true) }}" nomad_node_name: "{{ inventory_hostname }}" -nomad_node_role: "{{ lookup('env','NOMAD_NODE_ROLE') | default('client', true) }}" +nomad_node_role: "{{ lookup('env','NOMAD_NODE_ROLE') | default('server', true) }}" nomad_leave_on_terminate: true nomad_leave_on_interrupt: false nomad_disable_update_check: true @@ -172,9 +172,11 @@ nomad_docker_dmsetup: true # TLS nomad_tls_enable: true -nomad_ca_file: "{{ nomad_ssl_dir }}/ca.pem" +nomad_ca_file: "{{ nomad_ssl_dir }}/nomad-ca.pem" nomad_cert_file: "{{ nomad_ssl_dir }}/nomad.pem" nomad_key_file: "{{ nomad_ssl_dir }}/nomad-key.pem" +nomad_cli_cert_file: "{{ nomad_ssl_dir }}/nomad-cli.pem" +nomad_cli_key_file: "{{ nomad_ssl_dir }}/nomad-cli-key.pem" nomad_http: false nomad_rpc: false nomad_rpc_upgrade_mode: false diff --git a/fdio.infra.ansible/roles/nomad/handlers/main.yaml b/fdio.infra.ansible/roles/nomad/handlers/main.yaml index 8ef4d80353..6263f3dda1 100644 --- a/fdio.infra.ansible/roles/nomad/handlers/main.yaml +++ b/fdio.infra.ansible/roles/nomad/handlers/main.yaml @@ -2,7 +2,7 @@ # file roles/nomad/handlers/main.yaml - name: Restart Nomad - systemd: + ansible.builtin.systemd: daemon_reload: true enabled: true name: "nomad" diff --git a/fdio.infra.ansible/roles/nomad/meta/main.yaml b/fdio.infra.ansible/roles/nomad/meta/main.yaml index 4f467ceee3..f7b25fe8eb 100644 --- a/fdio.infra.ansible/roles/nomad/meta/main.yaml +++ b/fdio.infra.ansible/roles/nomad/meta/main.yaml @@ -1,11 +1,6 @@ --- # file: roles/nomad/meta/main.yaml -# desc: Install nomad from repo and configure service. -# inst: Nomad -# conf: ? -# info: 1.0 - added role - dependencies: [docker] galaxy_info: @@ -19,5 +14,6 @@ galaxy_info: - name: Ubuntu versions: - focal + - jammy galaxy_tags: - nomad diff --git a/fdio.infra.ansible/roles/nomad/tasks/main.yaml b/fdio.infra.ansible/roles/nomad/tasks/main.yaml index 8d58c8bb0e..480c4da0be 100644 --- a/fdio.infra.ansible/roles/nomad/tasks/main.yaml +++ b/fdio.infra.ansible/roles/nomad/tasks/main.yaml @@ -1,26 +1,34 @@ --- -# file: roles/nomad/tasks/main.yaml +# file: tasks/main.yaml -- name: Install Dependencies - apt: +- name: Inst - Update Repositories Cache + ansible.builtin.apt: + update_cache: true + when: + - ansible_os_family == 'Debian' + tags: + - nomad-inst-package + +- name: Inst - Dependencies + ansible.builtin.apt: name: "{{ packages | flatten(levels=1) }}" state: "present" cache_valid_time: 3600 install_recommends: false when: - - ansible_distribution|lower == 'ubuntu' + - ansible_os_family == 'Debian' tags: - nomad-inst-dependencies - name: Conf - Add Nomad Group - group: + ansible.builtin.group: name: "{{ nomad_group }}" state: "{{ nomad_user_state }}" tags: - nomad-conf-user - name: Conf - Add Nomad user - user: + ansible.builtin.user: name: "{{ nomad_user }}" group: "{{ nomad_group }}" state: "{{ nomad_group_state }}" @@ -29,14 +37,14 @@ - nomad-conf-user - name: Inst - Download Nomad - get_url: + ansible.builtin.get_url: url: "{{ nomad_zip_url }}" dest: "{{ nomad_inst_dir }}/{{ nomad_pkg }}" tags: - nomad-inst-package - name: Inst - Clean Nomad - file: + ansible.builtin.file: path: "{{ nomad_inst_dir }}/nomad" state: "absent" when: @@ -45,7 +53,7 @@ - nomad-inst-package - name: Inst - Unarchive Nomad - unarchive: + ansible.builtin.unarchive: src: "{{ nomad_inst_dir }}/{{ nomad_pkg }}" dest: "{{ nomad_inst_dir }}/" remote_src: true @@ -53,7 +61,7 @@ - nomad-inst-package - name: Inst - Nomad - copy: + ansible.builtin.copy: src: "{{ nomad_inst_dir }}/nomad" dest: "{{ nomad_bin_dir }}" owner: "{{ nomad_user }}" @@ -65,25 +73,27 @@ - nomad-inst-package - name: Conf - Create Directories "{{ nomad_data_dir }}" - file: + ansible.builtin.file: dest: "{{ nomad_data_dir }}" state: directory owner: "{{ nomad_user }}" group: "{{ nomad_group }}" + mode: 0755 tags: - nomad-conf - name: Conf - Create Directories "{{ nomad_ssl_dir }}" - file: + ansible.builtin.file: dest: "{{ nomad_ssl_dir }}" state: directory owner: "{{ nomad_user }}" group: "{{ nomad_group }}" + mode: 0755 tags: - nomad-conf - name: Conf - Create Config Directory - file: + ansible.builtin.file: dest: "{{ nomad_config_dir }}" state: directory owner: "{{ nomad_user }}" @@ -93,7 +103,7 @@ - nomad-conf - name: Conf - Base Configuration - template: + ansible.builtin.template: src: base.hcl.j2 dest: "{{ nomad_config_dir }}/base.hcl" owner: "{{ nomad_user }}" @@ -103,7 +113,7 @@ - nomad-conf - name: Conf - Server Configuration - template: + ansible.builtin.template: src: server.hcl.j2 dest: "{{ nomad_config_dir }}/server.hcl" owner: "{{ nomad_user }}" @@ -115,7 +125,7 @@ - nomad-conf - name: Conf - Client Configuration - template: + ansible.builtin.template: src: client.hcl.j2 dest: "{{ nomad_config_dir }}/client.hcl" owner: "{{ nomad_user }}" @@ -127,7 +137,7 @@ - nomad-conf - name: Conf - TLS Configuration - template: + ansible.builtin.template: src: tls.hcl.j2 dest: "{{ nomad_config_dir }}/tls.hcl" owner: "{{ nomad_user }}" @@ -137,7 +147,7 @@ - nomad-conf - name: Conf - Telemetry Configuration - template: + ansible.builtin.template: src: telemetry.hcl.j2 dest: "{{ nomad_config_dir }}/telemetry.hcl" owner: "{{ nomad_user }}" @@ -147,7 +157,7 @@ - nomad-conf - name: Conf - Consul Configuration - template: + ansible.builtin.template: src: consul.hcl.j2 dest: "{{ nomad_config_dir }}/consul.hcl" owner: "{{ nomad_user }}" @@ -157,7 +167,7 @@ - nomad-conf - name: Conf - Copy Certificates And Keys - copy: + ansible.builtin.copy: content: "{{ item.src }}" dest: "{{ item.dest }}" owner: "{{ nomad_user }}" @@ -166,12 +176,25 @@ no_log: true loop: "{{ nomad_certificates | flatten(levels=1) }}" when: - - nomad_certificates + - nomad_certificates is defined + tags: + - nomad-conf + +- name: Conf - Nomad CLI Environment Variables + ansible.builtin.lineinfile: + path: "/etc/profile.d/nomad.sh" + line: "{{ item }}" + create: true + loop: + - "export NOMAD_ADDR=https://nomad.service.consul:4646" + - "export NOMAD_CACERT={{ nomad_ca_file }}" + - "export NOMAD_CLIENT_CERT={{ nomad_cli_cert_file }}" + - "export NOMAD_CLIENT_KEY={{ nomad_cli_key_file }}" tags: - nomad-conf - name: Conf - System.d Script - template: + ansible.builtin.template: src: "nomad_systemd.service.j2" dest: "/lib/systemd/system/nomad.service" owner: "root" @@ -184,4 +207,5 @@ tags: - nomad-conf -- meta: flush_handlers +- name: Meta - Flush handlers + ansible.builtin.meta: flush_handlers diff --git a/fdio.infra.ansible/roles/user_add/handlers/main.yaml b/fdio.infra.ansible/roles/user_add/handlers/main.yaml index 960f573b48..5f1f71a332 100644 --- a/fdio.infra.ansible/roles/user_add/handlers/main.yaml +++ b/fdio.infra.ansible/roles/user_add/handlers/main.yaml @@ -2,6 +2,6 @@ # file: roles/user_add/handlers/main.yaml - name: Restart SSHd - service: + ansible.builtin.service: name: sshd state: restarted diff --git a/fdio.infra.ansible/roles/user_add/tasks/main.yaml b/fdio.infra.ansible/roles/user_add/tasks/main.yaml index 24be30dc6e..329c6abd07 100644 --- a/fdio.infra.ansible/roles/user_add/tasks/main.yaml +++ b/fdio.infra.ansible/roles/user_add/tasks/main.yaml @@ -2,7 +2,7 @@ # file: roles/user_add/tasks/main.yaml - name: Conf - Add User - user: + ansible.builtin.user: append: "{{ item.append | default(omit) }}" createhome: "{{ 'yes' if users_create_homedirs else 'no' }}" generate_ssh_key: "{{ item.generate_ssh_key | default(omit) }}" @@ -16,7 +16,7 @@ - user-add-conf - name: Conf - SSH keys - authorized_key: + ansible.builtin.authorized_key: user: "{{ item.0.username }}" key: "{{ item.1 }}" with_subelements: @@ -27,7 +27,7 @@ - user-add-conf - name: Conf - Disable Password Login - lineinfile: + ansible.builtin.lineinfile: dest: "/etc/ssh/sshd_config" regexp: "^PasswordAuthentication yes" line: "PasswordAuthentication no" |