diff --git a/ansible/bootstrap.sh b/ansible/bootstrap.sh index 127e5df40f1a5591448ece0103cf5d42bdd13344..67f34a583e1368f4e10d7ef8a23194f40e4e9eee 100755 --- a/ansible/bootstrap.sh +++ b/ansible/bootstrap.sh @@ -1,11 +1,14 @@ #!/usr/bin/env bash +# This script creates a Python env, enters it and installs +# ansible and requirements from the requirements.galaxy.yaml + [[ ! -d .venv ]] && python3 -m venv .venv source .venv/bin/activate pip3 install ansible ansible-lint -ansible-galaxy install --force -r requirements.galaxy.yaml +ansible-galaxy install "$1" -r requirements.galaxy.yaml # to stay in our comfy virtualenv exec "${SHELL:bash}" diff --git a/ansible/harbor/base.yaml b/ansible/main/base.yaml similarity index 87% rename from ansible/harbor/base.yaml rename to ansible/main/base.yaml index fb9c42cf8b21fe3fdc7281320156fb6e3dddf363..7838e45022242c6c2a540fad8695818b2c8f0391 100644 --- a/ansible/harbor/base.yaml +++ b/ansible/main/base.yaml @@ -4,10 +4,8 @@ roles: - role: kszk-k8s.base tags: ["base"] - - role: kszk-k8s.iptables - tags: ["iptables"] + - role: kszk.iptables vars_files: - - "../vars/base.yaml" - "vars/harbor.yaml" - "vars/secret.yaml" tasks: diff --git a/ansible/harbor/tasks/docker.yaml b/ansible/main/tasks/docker.yaml similarity index 100% rename from ansible/harbor/tasks/docker.yaml rename to ansible/main/tasks/docker.yaml diff --git a/ansible/harbor/tasks/harbor.yaml b/ansible/main/tasks/harbor.yaml similarity index 93% rename from ansible/harbor/tasks/harbor.yaml rename to ansible/main/tasks/harbor.yaml index 2d5e3d67bd114e27c24fcac3f76b15a687bf64d1..70a294ad7e72ed13799572b2e5df0c4d22ec40a8 100644 --- a/ansible/harbor/tasks/harbor.yaml +++ b/ansible/main/tasks/harbor.yaml @@ -22,7 +22,7 @@ src: home/user/harbor/harbor.yml.j2 dest: /home/{{ user }}/harbor/harbor.yml -- name: Setup harbor +- name: Setup harbor (You might need to restart the docker service manually!) become: yes shell: "/home/{{ user }}/harbor/install.sh" diff --git a/ansible/harbor/tasks/nginx.yaml b/ansible/main/tasks/nginx.yaml similarity index 100% rename from ansible/harbor/tasks/nginx.yaml rename to ansible/main/tasks/nginx.yaml diff --git a/ansible/harbor/templates/etc/iptables/rules.v4.j2 b/ansible/main/templates/etc/iptables/rules.v4.j2 similarity index 100% rename from ansible/harbor/templates/etc/iptables/rules.v4.j2 rename to ansible/main/templates/etc/iptables/rules.v4.j2 diff --git a/ansible/harbor/templates/etc/iptables/rules.v6.j2 b/ansible/main/templates/etc/iptables/rules.v6.j2 similarity index 100% rename from ansible/harbor/templates/etc/iptables/rules.v6.j2 rename to ansible/main/templates/etc/iptables/rules.v6.j2 diff --git a/ansible/harbor/templates/etc/nginx/nginx.conf.j2 b/ansible/main/templates/etc/nginx/nginx.conf.j2 similarity index 100% rename from ansible/harbor/templates/etc/nginx/nginx.conf.j2 rename to ansible/main/templates/etc/nginx/nginx.conf.j2 diff --git a/ansible/harbor/templates/etc/nginx/sites-enabled/http.j2 b/ansible/main/templates/etc/nginx/sites-enabled/http.j2 similarity index 100% rename from ansible/harbor/templates/etc/nginx/sites-enabled/http.j2 rename to ansible/main/templates/etc/nginx/sites-enabled/http.j2 diff --git a/ansible/harbor/templates/etc/nginx/sites-enabled/letsencrypt.j2 b/ansible/main/templates/etc/nginx/sites-enabled/letsencrypt.j2 similarity index 100% rename from ansible/harbor/templates/etc/nginx/sites-enabled/letsencrypt.j2 rename to ansible/main/templates/etc/nginx/sites-enabled/letsencrypt.j2 diff --git a/ansible/harbor/templates/etc/systemd/system/harbor-docker-compose.service b/ansible/main/templates/etc/systemd/system/harbor-docker-compose.service similarity index 100% rename from ansible/harbor/templates/etc/systemd/system/harbor-docker-compose.service rename to ansible/main/templates/etc/systemd/system/harbor-docker-compose.service diff --git a/ansible/harbor/templates/home/user/harbor/harbor.yml.j2 b/ansible/main/templates/home/user/harbor/harbor.yml.j2 similarity index 99% rename from ansible/harbor/templates/home/user/harbor/harbor.yml.j2 rename to ansible/main/templates/home/user/harbor/harbor.yml.j2 index 7f395ea1b219baf022836d54cdce65269fc9ee50..162499d130ee96c902a8ec8abf8a840a724def77 100644 --- a/ansible/harbor/templates/home/user/harbor/harbor.yml.j2 +++ b/ansible/main/templates/home/user/harbor/harbor.yml.j2 @@ -197,10 +197,6 @@ proxy: - core - jobservice - trivy -# metric: -# enabled: false -# port: 9090 -# path: /metrics # Trace related config # only can enable one trace provider(jaeger or otel) at the same time, diff --git a/ansible/harbor/vars/harbor.yaml b/ansible/main/vars/harbor.yaml similarity index 59% rename from ansible/harbor/vars/harbor.yaml rename to ansible/main/vars/harbor.yaml index 1cc35511117587f941279c5ebb89fd7e1d5f36d4..f9cb797b554ecd2d120be23a3fdbeb8e6b70c8e4 100644 --- a/ansible/harbor/vars/harbor.yaml +++ b/ansible/main/vars/harbor.yaml @@ -1,14 +1,10 @@ +# KSZK Base role +motd_playbook_url: https://git.sch.bme.hu/kszk/sysadmin/kubernetes/cluster-setup + hostname: harbor motd_text: "Harbor" user: harbor -harbor_hostname: harbor.sch.bme.hu - -acme_email: laszlo.rafael@kszk.bme.hu -sites: - - name: harbor.sch.bme.hu - proxy_to: http://localhost:8080 - users: - name: rlacko sudo: yes @@ -18,6 +14,14 @@ users: sudo: yes passwordless_sudo: yes +ssh: + port: 10022 + permitRootLogin: "no" + pubkeyAuthentication: "yes" + passwordAuthentication: "no" + allow: + users: "rlacko" + netplan: network: version: 2 @@ -30,3 +34,17 @@ netplan: set-name: wan0 dhcp4: true +# IPTables base role + +## Use own iptables files +iptables_rules_v4_file: etc/iptables/rules.v4.j2 +iptables_rules_v6_file: etc/iptables/rules.v6.j2 + +# Playbook vars + +harbor_hostname: harbor.sch.bme.hu +acme_email: laszlo.rafael@kszk.bme.hu +sites: + - name: harbor.sch.bme.hu + proxy_to: http://localhost:8080 + diff --git a/ansible/harbor/vars/secret.yaml.example b/ansible/main/vars/secret.yaml.example similarity index 100% rename from ansible/harbor/vars/secret.yaml.example rename to ansible/main/vars/secret.yaml.example diff --git a/ansible/requirements.galaxy.yaml b/ansible/requirements.galaxy.yaml index 6998d1240b5ea373c3ac3566676350892f26b866..c4dda09a72666ff37c208d3c278cacdb90dc9706 100644 --- a/ansible/requirements.galaxy.yaml +++ b/ansible/requirements.galaxy.yaml @@ -9,7 +9,7 @@ roles: scm: git version: master name: kszk-k8s.base - - src: git@git.sch.bme.hu:kszk/sysadmin/kubernetes/iptables-role.git + - src: git@git.sch.bme.hu:kszk/ansible/roles/iptables.git scm: git version: master - name: kszk-k8s.iptables + name: kszk.iptables diff --git a/ansible/vars/base.yaml b/ansible/vars/base.yaml deleted file mode 100644 index 54e46c58893f9157533bd0c247fc13b2a9e96992..0000000000000000000000000000000000000000 --- a/ansible/vars/base.yaml +++ /dev/null @@ -1,15 +0,0 @@ -motd_playbook_url: https://git.sch.bme.hu/kszk/sysadmin/kubernetes/cluster-setup -motd_text: Harbor - -users: - - name: rlacko - sudo: yes - passwordless_sudo: yes - ssh_key: https://git.sch.bme.hu/rlacko.keys -ssh: - port: 10022 - permitRootLogin: "no" - pubkeyAuthentication: "yes" - passwordAuthentication: "no" - allow: - users: "rlacko"