gitea/ceph-rollout
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updated image of vaultwarden from 1.30.1 to 1.32.7

Browse Source
This commit is contained in:
a.pivkin 2025-02-06 12:00:27 +03:00
parent 39d0a2b494
commit 13cef9ed78
7 changed files with 93 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
basics.yaml
View File

@ -3,34 +3,36 @@
name: "{{ inventory_hostname }}"
use: systemd
- name: set up DNS
lineinfile:
path: /etc/resolv.conf
search_string: 'nameserver 10.50.4.8'
line: "nameserver {{ DNS_address }}"
- name: set root password
ansible.builtin.user:
name: root
password: "{{ root_pass | password_hash('sha512')}}"
- name: download asc and cephadm for ceph
get_url:
url: "{{ item.url }}"
- name: set date and time manually to be able to interact with repo=
command: "{{ item }}"
loop:
- date -s "{{ now(utc=true,fmt='%Y-%m-%d %H:%M:%S') }}"
- hwclock --systohc
- import_role:
name: ansible-netplan
- name: update repos sources|sshd_config|repo_key
ansible.builtin.copy:
src: "{{ item.name }}"
dest: "{{ item.dest }}"
loop:
- { url: "https://nexus.test.repo.int.nt-com.ru/repository/keys/ceph/release.asc", dest: "/tmp" }
- {name: ceph.list,dest: /etc/apt/sources.list.d/ceph.list}
- {name: sshd_config,dest: /etc/ssh/sshd_config}
- {name: ceph.gpg,dest: /usr/share/keyrings/ceph.gpg}
- name: Delete previously install ceph.gpg
file:
path: /usr/share/keyrings/ceph.gpg
state: absent
- name: import downloaded asc
shell:
chdir: /tmp
cmd: echo y | gpg -o /usr/share/keyrings/ceph.gpg --dearmor release.asc;
- name: Add ceph repo
apt_repository:
filename: ceph
repo: "deb [signed-by=/usr/share/keyrings/ceph.gpg] {{ ceph_repo }} {{ ansible_distribution_release }} main"
state: present
- name: Templating sources lists
ansible.builtin.template:
src: "{{ item.name }}"
dest: "{{ item.dest }}"
loop:
- { name: sources.list.j2,dest: /etc/apt/sources.list }
- { name: ceph.list.j2,dest: /etc/apt/sources.list.d/ceph.list }
- name: install packages
apt:
@ -43,14 +45,18 @@
- mc
- linux-tools-common
- linux-tools-`uname -r`
- ipmitool
state: present
update_cache: yes
- name: Setup ntp client
template:
src: chrony.yaml.j2
dest: /etc/chrony/chrony.conf
notify:
- ceph-rollout:restart_chrony
- name: setup ipmi
import_role:
name: ansible-ipmitool
- name: Templating cluster settings files
template:
@ -64,30 +70,10 @@
run_once: true
delegate_to: "{{ ansible_play_hosts[0] }}"
- name: Templating sshd config to enable password and root
template:
src: "{{ item.name }}"
dest: "{{ item.dest }}"
trim_blocks: true
lstrip_blocks: true
- name: restart_services
ansible.builtin.systemd:
state: restarted
name: "{{ item }}"
loop:
- { name: "sshd_config.j2", dest: "/etc/ssh/sshd_config"}
notify:
- ceph-rollout:restart_sshd
- name: set root password
user:
name: root
password: "{{ '12345' | password_hash('sha512') }}"
# UNCOMMENT ONLY IN CASE OF NO ACCESS TO REPOS AND CANNOT DOWNLOAD CEPHADM
# - name: copy onto target host
# copy:
# src: "cephadm"
# dest: "/root/cephadm"
# mode: '0777'
# delegate_to: "{{ ansible_play_hosts[0] }}"
- name: Flush restart handlers
meta: flush_handlers
- sshd
- chronyd

BIN
files/ceph.gpg Normal file
View File

Binary file not shown.

BIN
files/cephadm
View File

Binary file not shown.

31
pre-deploy.yml
View File

@ -4,22 +4,25 @@
become: true
gather_facts: true
diff: true
vars_files:
- pass.yaml #encrypted pass for root
vars:
ceph_repo: "http://nexus.test.repo.int.nt-com.ru/repository/ceph-squid/"
image_registry: "harbor.test.registry.int.nt-com.ru/proxy-quay"
prometheus_tag: "v3.0.0"
node_exporter_tag: "v1.8.2"
ceph_repo: "http://repo.infra.mts/debian-squid"
ubuntu_repo: "http://repo.infra.mts/ubuntu/"
image_registry: "harbor.infra.mts/ceph"
prometheus_tag: "v3.1.0"
node_exporter_tag: "v1.5.0"
grafana_tag: "9.4.12"
alertmanager_tag: "v0.27.0"
ntp_server: "ntp.int.nt-com.ru"
first_mon_ip: "10.50.8.97"
# ntp_server: "ntp.int.nt-com.ru"
first_mon_ip: "10.190.32.78"
# cluster_network: "10.63.0.0/24"
public_network: "10.50.8.0/24"
CEPH_RELEASE: '19.2.0'
initial_dashboard_user: 'admin'
initial_dashboard_password: 'qweqwe'
allow_fqdn_hostname: 'true'
DNS_address: "10.50.8.51"
# DNS_address: "10.50.8.51"
tasks:
- name: basic setups
import_tasks:
@ -41,17 +44,3 @@
--apply-spec /root/cluster_spec.yml --config /root/initial-ceph.conf --allow-fqdn-hostname"
when:
- cluster_network is defined
handlers:
- name: ceph-rollout:restart_chrony
ansible.builtin.systemd_service:
state: restarted
name: chronyd
# listen: "restart chronyd service"
- name: ceph-rollout:restart_sshd
ansible.builtin.systemd_service:
state: restarted
name: sshd
# listen: "restart sshd service"

1
templates/ceph.list.j2 Normal file
View File

@ -0,0 +1 @@
deb [signed-by=/usr/share/keyrings/ceph.gpg] "{{ ceph_repo }}" jammy main

7
templates/chrony.yaml.j2
View File

@ -17,11 +17,8 @@ confdir /etc/chrony/conf.d
# About using servers from the NTP Pool Project in general see (LP: #104525).
# Approved by Ubuntu Technical Board on 2011-02-08.
# See http://www.pool.ntp.org/join.html for more information.
server {{ ntp_server }} iburst prefer
#pool ntp.ubuntu.com iburst maxsources 4
#pool 0.ubuntu.pool.ntp.org iburst maxsources 1
#pool 1.ubuntu.pool.ntp.org iburst maxsources 1
#pool 2.ubuntu.pool.ntp.org iburst maxsources 2
server {{ ntp_server }} iburst
# Use time sources from DHCP.
sourcedir /run/chrony-dhcp

42
templates/sources.list.j2 Normal file
View File

@ -0,0 +1,42 @@
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb "{{ ubuntu_repo }}" jammy main restricted
# deb-src "{{ ubuntu_repo }}" jammy main restricted
## Major bug fix updates produced after the final release of the
## distribution.
deb "{{ ubuntu_repo }}" jammy-updates main restricted
# deb-src "{{ ubuntu_repo }}" jammy-updates main restricted
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb "{{ ubuntu_repo }}" jammy universe
# deb-src "{{ ubuntu_repo }}" jammy universe
deb "{{ ubuntu_repo }}" jammy-updates universe
# deb-src "{{ ubuntu_repo }}" jammy-updates universe
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb "{{ ubuntu_repo }}" jammy multiverse
# deb-src "{{ ubuntu_repo }}" jammy multiverse
deb "{{ ubuntu_repo }}" jammy-updates multiverse
# deb-src "{{ ubuntu_repo }}" jammy-updates multiverse
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb "{{ ubuntu_repo }}" jammy-backports main restricted universe multiverse
# deb-src "{{ ubuntu_repo }}" jammy-backports main restricted universe multiverse
#deb http://security.ubuntu.com/ubuntu/ jammy-security main restricted
# deb-src http://security.ubuntu.com/ubuntu/ jammy-security main restricted
#deb http://security.ubuntu.com/ubuntu/ jammy-security universe
# deb-src http://security.ubuntu.com/ubuntu/ jammy-security universe
#deb http://security.ubuntu.com/ubuntu/ jammy-security multiverse
# deb-src http://security.ubuntu.com/ubuntu/ jammy-security multiverse