Refactoring.

ebfbf89b · Ing. Klára Moravcová · d6e6f131 · ebfbf89b · ebfbf89b · ebfbf89b
Verified Commit ebfbf89b authored 1 year ago by Ing. Klára Moravcová
--- a/README.md
+++ b/README.md
+Prerequisites:
+terraform
+
+pip requirments.txt
+
+ansible-galaxy install -r requirements.yml
+
+1. group project (quotas?)
+1. create openstack application credentials
+1. git clone kubernetes-infra-example
+1. application credential -> group_vars
+1. terraform - main - values
+1. source application credentials
+1. terraform apply
+1. ansible/ group_vars (all possible group vars are in kubespray project)
+1. application credential -> group_vars -> all -> openstack
+2. Install Kubernetes - ansible-playbook -i ~/kubernetes-example/ansible/ansible_inventory --user=ubuntu --become --become-user=root play.yml
\ No newline at end of file
--- a/ansible/01-playbook/ansible.cfg
+++ b/ansible/01-playbook/ansible.cfg
+[ssh_connection]
+pipelining=True
+ansible_ssh_args = -o ControlMaster=auto -o ControlPersist=30m -o ConnectionAttempts=100 -o UserKnownHostsFile=/dev/null
+#control_path = ~/.ssh/ansible-%%r@%%h:%%p
+[defaults]
+# https://github.com/ansible/ansible/issues/56930 (to ignore group names with - and .)
+force_valid_group_names = ignore
+
+host_key_checking=False
+gathering = smart
+fact_caching = jsonfile
+fact_caching_connection = /tmp
+fact_caching_timeout = 86400
+stdout_callback = default
+display_skipped_hosts = no
+library = ./library
+callbacks_enabled = profile_tasks,ara_default
+roles_path = roles:$VIRTUAL_ENV/usr/local/share/kubespray/roles:$VIRTUAL_ENV/usr/local/share/ansible/roles:/usr/share/kubespray/roles
+deprecation_warnings=False
+inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo, .creds, .gpg
+[inventory]
+ignore_patterns = artifacts, credentials
--- a/ansible/01-playbook/play.yml
+++ b/ansible/01-playbook/play.yml
+- name: Install Kubernetes
+  ansible.builtin.import_playbook: kubernetes_sigs.kubespray.cluster
+
+- hosts: bastion
+  roles:
+    - { role: haproxy }
\ No newline at end of file
--- a/ansible/01-playbook/requirements.yml
+++ b/ansible/01-playbook/requirements.yml
+collections:
+- name: https://github.com/kubernetes-sigs/kubespray
+  type: git
+  version: v2.23.1
\ No newline at end of file
--- a/ansible/01-playbook/roles/haproxy/handlers/main.yaml
+++ b/ansible/01-playbook/roles/haproxy/handlers/main.yaml
+---
+- name: restart haproxy
+  service: name=haproxy state=restarted
\ No newline at end of file
--- a/ansible/01-playbook/roles/haproxy/tasks/main.yaml
+++ b/ansible/01-playbook/roles/haproxy/tasks/main.yaml
+---
+- name: Ensure HAProxy is installed.
+  package: name=haproxy state=present
+
+- name: Ensure HAProxy is enabled (so init script will start it on Debian).
+  lineinfile:
+    dest: /etc/default/haproxy
+    regexp: "^ENABLED.+$"
+    line: "ENABLED=1"
+    state: present
+  when: ansible_os_family == 'Debian'
+
+- name: Get HAProxy version.
+  command: haproxy -v
+  register: haproxy_version_result
+  changed_when: false
+  check_mode: false
+
+- name: Set HAProxy version.
+  set_fact:
+    haproxy_version: '{{ haproxy_version_result.stdout_lines[0] | regex_replace("^HA-?Proxy version (\d+(\.\d+)*).*$", "\1") }}'
+
+- name: Copy HAProxy configuration in place.
+  template:
+    src: haproxy.cfg.j2
+    dest: /etc/haproxy/haproxy.cfg
+    mode: 0644
+    validate: haproxy -f %s -c -q
+  notify: restart haproxy
+
+- name: Ensure HAProxy is started and enabled on boot.
+  service: name=haproxy state=started enabled=yes
\ No newline at end of file
--- a/ansible/01-playbook/roles/haproxy/templates/haproxy.cfg.j2
+++ b/ansible/01-playbook/roles/haproxy/templates/haproxy.cfg.j2
+#---------------------------------------------------------------------
+# Example configuration for a possible web application.  See the
+# full configuration options online.
+#
+#   https://www.haproxy.org/download/1.8/doc/configuration.txt
+#
+#---------------------------------------------------------------------
+
+#---------------------------------------------------------------------
+# Global settings
+#---------------------------------------------------------------------
+global
+    # to have these messages end up in /var/log/haproxy.log you will
+    # need to:
+    #
+    # 1) configure syslog to accept network log events.  This is done
+    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
+    #    /etc/sysconfig/syslog
+    #
+    # 2) configure local2 events to go to the /var/log/haproxy.log
+    #   file. A line like the following can be added to
+    #   /etc/sysconfig/syslog
+    #
+    #    local2.*                       /var/log/haproxy.log
+    #
+    log         127.0.0.1 local2
+
+    chroot      /var/lib/haproxy
+    pidfile     /var/run/haproxy.pid
+    maxconn     4000
+    user        haproxy
+    group       haproxy
+    daemon
+
+    # turn on stats unix socket
+    stats socket /var/lib/haproxy/stats
+
+    # utilize system-wide crypto-policies
+    ssl-default-bind-ciphers PROFILE=SYSTEM
+    ssl-default-server-ciphers PROFILE=SYSTEM
+
+#---------------------------------------------------------------------
+# common defaults that all the 'listen' and 'backend' sections will
+# use if not designated in their block
+#---------------------------------------------------------------------
+defaults
+    mode                    http
+    log                     global
+    option                  httplog
+    option                  dontlognull
+    option http-server-close
+    option forwardfor       except 127.0.0.0/8
+    option                  redispatch
+    retries                 3
+    timeout http-request    10s
+    timeout queue           1m
+    timeout connect         10s
+    timeout client          1m
+    timeout server          1m
+    timeout http-keep-alive 10s
+    timeout check           10s
+    maxconn                 3000
+
+listen kubernetes-apiserver-https
+  bind 0.0.0.0:8383
+  mode tcp
+  option log-health-checks
+  timeout client 3h
+  timeout server 3h
+{% for host in groups['kube_control_plane'] %}
+  server {{ host }} {{ hostvars[host].ansible_host }}:6443 check
+{% endfor %}
+  balance roundrobin
+
--- a/ansible/ansible_inventory
+++ b/ansible/ansible_inventory
-
--- a/ansible/group_vars/all/all.yml
+++ b/ansible/group_vars/all/all.yml
 ---
+## External LB example config
+## apiserver_loadbalancer_domain_name: "elb.some.domain"
+#loadbalancer_apiserver:
+#  address: 10.10.10.196
+#  port: 8383
+
 ## Internal loadbalancers for apiservers
 loadbalancer_apiserver_localhost: false
 # valid options are "nginx" or "haproxy"

--- a/ansible/group_vars/all/openstack.yml
+++ b/ansible/group_vars/all/openstack.yml
 ## Values for the external OpenStack Cloud Controller
 external_openstack_lbaas_enabled: true
+# external_openstack_lbaas_floating_subnet_id: "Neutron subnet ID to get floating IP from"
 # external_openstack_lbaas_method: ROUND_ROBIN
 external_openstack_lbaas_provider: amphora

 ## Application credentials to authenticate against Keystone API
 ## Those settings will take precedence over username and password that might be set your environment
 ## All of them are required
-external_openstack_application_credential_name: <MUST-BE-FILLED>
-external_openstack_application_credential_id: <MUST-BE-FILLED>
-external_openstack_application_credential_secret: <MUST-BE-FILLED>
+external_openstack_application_credential_name: <FILL_APPLICATION_CREDENTIALS>
+external_openstack_application_credential_id: <FILL_APPLICATION_CREDENTIALS>
+external_openstack_application_credential_secret: <FILL_APPLICATION_CREDENTIALS>

 ## The tag of the external OpenStack Cloud Controller image
 external_openstack_cloud_controller_image_tag: "latest"
@@ -17,4 +18,4 @@ external_openstack_cloud_controller_image_tag: "latest"
 ## Make sure to source in the openstack credentials
 cinder_csi_enabled: true
 cinder_csi_controller_replicas: 1
-cinder_application_credential_name: <MUST-BE-FILLED>
\ No newline at end of file
+cinder_application_credential_name: <FILL_APPLICATION_CREDENTIALS>
--- a/terraform/ansible_inventory
+++ b/terraform/ansible_inventory
-
--- a/terraform/main.tf
+++ b/terraform/main.tf
 module "kubernetes_infra" {

-#  source = "./../../kubernetes-infra"
-  source = "git::https://gitlab.ics.muni.cz/cloud/terraform/modules/kubernetes-infra.git?ref=1.0.0"
+  #  source = "./../../kubernetes-infra"
+    source = "git::https://gitlab.ics.muni.cz/cloud/terraform/modules/kubernetes-infra.git?ref=2.0.0"

  # Example of variable override
-  ssh_public_key = "~/.ssh/klaris-tp.pub"
+  ssh_public_key = "~/.ssh/id_rsa.pub"

-  infra_name               = "g1-tf-test"
+  infra_name = "infra-name"

  control_nodes_count       = 3
  control_nodes_volume_size = 30
  control_nodes_flavor      = "hpc.8core-16ram"

-  worker_nodes_count       = 1
-  worker_nodes_volume_size = 30
-  worker_nodes_flavor      = "standard.large"
-
+  worker_nodes = [
+    {
+      name        = "wg-blue"
+      flavor      = "standard.small"
+      volume_size = 30
+      count       = 2
+    },
+    {
+      name        = "wg-red"
+      flavor      = "standard.small"
+      volume_size = 30
+      count       = 3
+    }
+  ]
  # If you are using this modul for install kubespray
  kube_vip             = "10.20.0.5"
  kube_fip             = false