From 945ba2d83e42203485ab67416b38a0aa2804a47f Mon Sep 17 00:00:00 2001 From: Gleb Koval Date: Mon, 4 Sep 2023 19:59:57 +0100 Subject: [PATCH 01/12] Joplin proxmox configs --- .github/workflows/infra.yaml | 17 +++-- README.md | 2 +- infra/joplin/0000_proxmox_playbook.yaml | 83 +++++++++++++++++++++++++ inventory/proxmox.yaml | 1 + 4 files changed, 98 insertions(+), 5 deletions(-) create mode 100644 infra/joplin/0000_proxmox_playbook.yaml diff --git a/.github/workflows/infra.yaml b/.github/workflows/infra.yaml index 6b1c861..c9bbde6 100644 --- a/.github/workflows/infra.yaml +++ b/.github/workflows/infra.yaml @@ -4,7 +4,7 @@ on: branches: - main paths: - - infra/**-playbook.yaml + - infra/**playbook.yaml - .github/workflows/infra.yaml push: branches: @@ -35,7 +35,7 @@ jobs: - name: Check playbooks run: | - for file in $(find . -wholename "*/infra/*-playbook.yaml" -type f); do + for file in $(find . -wholename "*/infra/*playbook.yaml" -type f); do ansible-playbook --inventory ./inventory --check "$file" done @@ -44,7 +44,7 @@ jobs: if: env.DEPLOY == 'some' uses: tj-actions/changed-files@v38 with: - files: infra/**/*-playbook.yaml + files: infra/**/*playbook.yaml - name: Get playbooks id: playbooks @@ -53,12 +53,20 @@ jobs: if [[ "${{ env.DEPLOY }}" == "some" ]]; then export TO_RUN="${{ steps.files.outputs.all_changed_files }}" else - export TO_RUN="$(find . -wholename './infra/*-playbook.yaml' -type f)" + export TO_RUN="$(find . -wholename './infra/*playbook.yaml' -type f)" fi export TO_RUN="$( echo -n $TO_RUN | tr ' ' '\n' | sort | tr '\n' ' ' )" # run things in order :) echo "will run playbooks: $TO_RUN" echo "to_run=$TO_RUN" >> "$GITHUB_OUTPUT" + - name: Setup environment + if: env.DEPLOY != 'none' && steps.playbooks.outputs.to_run != '' + run: | + mkdir ~/.ssh + chmod 700 ~/.ssh + echo "${{ secrets.SSH_PRIVATE }}" > ~/.ssh/id_rsa + chmod 600 ~/.ssh/id_rsa + - name: Run playbooks if: env.DEPLOY != 'none' && steps.playbooks.outputs.to_run != '' env: @@ -66,4 +74,5 @@ jobs: PROXMOX_USER: ${{ secrets.PROXMOX_USER }} PROXMOX_TOKEN_ID: ${{ secrets.PROXMOX_TOKEN_ID }} PROXMOX_TOKEN_SECRET: ${{ secrets.PROXMOX_TOKEN_SECRET }} + SSH_PUBLIC: ${{ secrets.SSH_PUBLIC }} run: ansible-playbook --inventory ./inventory ${{ steps.playbooks.outputs.to_run }} diff --git a/README.md b/README.md index 6c43ecb..0397ccc 100644 --- a/README.md +++ b/README.md @@ -7,4 +7,4 @@ This repository contains any automations used in deploying *.koval.net services. All 'managed' infrastructure is deployed and provisioned with [Ansible](https://www.ansible.com/). However, some 'unmanaged' (manually managed) resources also exist - primarily everything required for this repository to work (I don't want to make a dependency loop). -Ansible playbooks are ran in alphanumerical order and are expected idempotent. +Ansible playbooks are ran in alphanumerical order and are expected to be idempotent. diff --git a/infra/joplin/0000_proxmox_playbook.yaml b/infra/joplin/0000_proxmox_playbook.yaml new file mode 100644 index 0000000..407a213 --- /dev/null +++ b/infra/joplin/0000_proxmox_playbook.yaml @@ -0,0 +1,83 @@ +- name: Provision joplin Proxmox VM + hosts: localhost + gather_facts: false + vars: + api_user: "{{ lookup('env', 'PROXMOX_USER') }}" + api_host: "{{ lookup('env', 'PROXMOX_HOST' ) }}" + api_token_id: "{{ lookup('env', 'PROXMOX_TOKEN_ID') }}" + api_token_secret: "{{ lookup('env', 'PROXMOX_TOKEN_SECRET') }}" + vmname: joplin + node: pve + module_defaults: + community.general.proxmox_kvm: + api_user: "{{ api_user }}" + api_host: "{{ api_host }}" + api_token_id: "{{ api_token_id }}" + api_token_secret: "{{ api_token_secret }}" + name: "{{ vmname }}" + node: "{{ node }}" + community.general.proxmox_nic: + api_user: "{{ api_user }}" + api_host: "{{ api_host }}" + api_token_id: "{{ api_token_id }}" + api_token_secret: "{{ api_token_secret }}" + name: "{{ vmname }}" + community.general.proxmox_disk: + api_user: "{{ api_user }}" + api_host: "{{ api_host }}" + api_token_id: "{{ api_token_id }}" + api_token_secret: "{{ api_token_secret }}" + name: "{{ vmname }}" + tasks: + - name: Create VM + community.general.proxmox_kvm: + clone: pve-debian-12 + storage: nvme + - name: Wait for VM to exist + community.general.proxmox_kvm: + state: current + register: vm + retries: 30 + delay: 10 + - name: Add HOME NIC + community.general.proxmox_nic: + interface: net0 + firewall: false + bridge: HOME + - name: Add SRV NIC + community.general.proxmox_nic: + interface: net1 + firewall: false + bridge: SRV + - name: Resize disk + community.general.proxmox_disk: + disk: scsi0 + size: 64G + state: resized + - name: Update VM + community.general.proxmox_kvm: + update: true + ciuser: debian + sshkeys: "{{ lookup('env', 'SSH_PUBLIC') }}" + ipconfig: + ipconfig0: ip=dhcp,ip6=auto + agent: enabled=1 + tags: + - debian-12 + - managed + onboot: true + cores: 2 + memory: 2048 + - name: Retart VM # doesn't start if stopped + when: + - vm.status is defined + - vm.status == "running" + community.general.proxmox_kvm: + state: restarted + timeout: 60 + - name: Start VM # start if stopped + when: + - vm.status is defined + - vm.status != "running" + community.general.proxmox_kvm: + state: started diff --git a/inventory/proxmox.yaml b/inventory/proxmox.yaml index 6b4033d..67cd3de 100644 --- a/inventory/proxmox.yaml +++ b/inventory/proxmox.yaml @@ -8,5 +8,6 @@ proxmox: pve2.mgmt.home.local.koval.net: managed: hosts: + joplin.srv.home.local.koval.net: unmanaged: hosts: -- 2.40.1 From 985b4b5127e95e47039b555a8a8b71185f9a691e Mon Sep 17 00:00:00 2001 From: Gleb Koval Date: Mon, 4 Sep 2023 20:09:33 +0100 Subject: [PATCH 02/12] Fix playbook and CI --- .github/workflows/infra.yaml | 2 +- infra/joplin/0000_proxmox_playbook.yaml | 15 ++++++++------- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/.github/workflows/infra.yaml b/.github/workflows/infra.yaml index c9bbde6..1a54013 100644 --- a/.github/workflows/infra.yaml +++ b/.github/workflows/infra.yaml @@ -36,7 +36,7 @@ jobs: - name: Check playbooks run: | for file in $(find . -wholename "*/infra/*playbook.yaml" -type f); do - ansible-playbook --inventory ./inventory --check "$file" + ansible-playbook --inventory ./inventory --syntax-check "$file" done - name: Get changed playbooks diff --git a/infra/joplin/0000_proxmox_playbook.yaml b/infra/joplin/0000_proxmox_playbook.yaml index 407a213..626bcee 100644 --- a/infra/joplin/0000_proxmox_playbook.yaml +++ b/infra/joplin/0000_proxmox_playbook.yaml @@ -1,11 +1,12 @@ - name: Provision joplin Proxmox VM hosts: localhost - gather_facts: false + # gather_facts: false vars: - api_user: "{{ lookup('env', 'PROXMOX_USER') }}" - api_host: "{{ lookup('env', 'PROXMOX_HOST' ) }}" - api_token_id: "{{ lookup('env', 'PROXMOX_TOKEN_ID') }}" - api_token_secret: "{{ lookup('env', 'PROXMOX_TOKEN_SECRET') }}" + api_user: "{{ lookup('ansible.builtin.env', 'PROXMOX_USER') }}" + api_host: "{{ lookup('ansible.builtin.env', 'PROXMOX_HOST' ) }}" + api_token_id: "{{ lookup('ansible.builtin.env', 'PROXMOX_TOKEN_ID') }}" + api_token_secret: "{{ lookup('ansible.builtin.env', 'PROXMOX_TOKEN_SECRET') }}" + ssh_public: "{{ lookup('ansible.builtin.env', 'SSH_PUBLIC') }}" vmname: joplin node: pve module_defaults: @@ -31,7 +32,7 @@ tasks: - name: Create VM community.general.proxmox_kvm: - clone: pve-debian-12 + clone: "{{ node }}-debian-12" storage: nvme - name: Wait for VM to exist community.general.proxmox_kvm: @@ -58,7 +59,7 @@ community.general.proxmox_kvm: update: true ciuser: debian - sshkeys: "{{ lookup('env', 'SSH_PUBLIC') }}" + sshkeys: "{{ ssh_public }}" ipconfig: ipconfig0: ip=dhcp,ip6=auto agent: enabled=1 -- 2.40.1 From fead86f60be845829f69e63dc5eb22c9c9f9eebe Mon Sep 17 00:00:00 2001 From: Gleb Koval Date: Mon, 4 Sep 2023 20:11:23 +0100 Subject: [PATCH 03/12] deploy? --- .github/workflows/infra.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/infra.yaml b/.github/workflows/infra.yaml index 1a54013..f003e48 100644 --- a/.github/workflows/infra.yaml +++ b/.github/workflows/infra.yaml @@ -11,7 +11,8 @@ on: - main env: - DEPLOY: ${{ github.ref == 'refs/heads/main' && ((startsWith(github.event.head_commit.message, '[deploy-all]') && 'all') || ('some')) || 'none' }} + # DEPLOY: ${{ github.ref == 'refs/heads/main' && ((startsWith(github.event.head_commit.message, '[deploy-all]') && 'all') || ('some')) || 'none' }} + DEPLOY: all jobs: ansible-playbooks: -- 2.40.1 From 5ff100c6a6e52d0221bc2d3889d2415946144340 Mon Sep 17 00:00:00 2001 From: Gleb Koval Date: Mon, 4 Sep 2023 20:14:04 +0100 Subject: [PATCH 04/12] fix github workflow --- .github/workflows/infra.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/infra.yaml b/.github/workflows/infra.yaml index f003e48..ad3ec34 100644 --- a/.github/workflows/infra.yaml +++ b/.github/workflows/infra.yaml @@ -63,8 +63,7 @@ jobs: - name: Setup environment if: env.DEPLOY != 'none' && steps.playbooks.outputs.to_run != '' run: | - mkdir ~/.ssh - chmod 700 ~/.ssh + mkdir -p -m 700 ~/.ssh echo "${{ secrets.SSH_PRIVATE }}" > ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa -- 2.40.1 From 7d169f3459c1d0d4d8c32bea3a78ab1a8f8bbaea Mon Sep 17 00:00:00 2001 From: Gleb Koval Date: Mon, 4 Sep 2023 20:21:23 +0100 Subject: [PATCH 05/12] fix playbook --- infra/joplin/0000_proxmox_playbook.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/infra/joplin/0000_proxmox_playbook.yaml b/infra/joplin/0000_proxmox_playbook.yaml index 626bcee..c84fdd8 100644 --- a/infra/joplin/0000_proxmox_playbook.yaml +++ b/infra/joplin/0000_proxmox_playbook.yaml @@ -40,6 +40,7 @@ register: vm retries: 30 delay: 10 + until: vm.status is defined - name: Add HOME NIC community.general.proxmox_nic: interface: net0 -- 2.40.1 From 228052548c80df364ac94d68b65dad8d2dd91830 Mon Sep 17 00:00:00 2001 From: Gleb Koval Date: Mon, 4 Sep 2023 22:14:10 +0100 Subject: [PATCH 06/12] test some stuff --- infra/joplin/0001_docker_playbook.yaml | 13 +++++++++++++ inventory/proxmox.yaml | 9 +++++++-- 2 files changed, 20 insertions(+), 2 deletions(-) create mode 100644 infra/joplin/0001_docker_playbook.yaml diff --git a/infra/joplin/0001_docker_playbook.yaml b/infra/joplin/0001_docker_playbook.yaml new file mode 100644 index 0000000..31be8eb --- /dev/null +++ b/infra/joplin/0001_docker_playbook.yaml @@ -0,0 +1,13 @@ +- name: Setup Docker + hosts: proxmox:kovalhome:managed:joplin + tasks: + - name: Wait for connection + ansible.builtin.wait_for: + timeout: 300 + - name: Test some stuff + ansible.builtin.shell: | + touch ~/hmm + echo test > ~/test + echo test2 >> ~/test + args: + executable: /bin/bash diff --git a/inventory/proxmox.yaml b/inventory/proxmox.yaml index 67cd3de..5e1f182 100644 --- a/inventory/proxmox.yaml +++ b/inventory/proxmox.yaml @@ -7,7 +7,12 @@ proxmox: pve.mgmt.home.local.koval.net: pve2.mgmt.home.local.koval.net: managed: - hosts: - joplin.srv.home.local.koval.net: + children: + joplin: + hosts: + joplin.srv.home.local.koval.net: + vars: + ansible_user: debian + ansible_ssh_private_key_file: ~/.ssh/id_rsa unmanaged: hosts: -- 2.40.1 From 38def685568672602bf73a6e81a87def255357fd Mon Sep 17 00:00:00 2001 From: Gleb Koval Date: Mon, 4 Sep 2023 22:19:50 +0100 Subject: [PATCH 07/12] maybe fix 0001 --- infra/joplin/0000_proxmox_playbook.yaml | 1 - infra/joplin/0001_docker_playbook.yaml | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/infra/joplin/0000_proxmox_playbook.yaml b/infra/joplin/0000_proxmox_playbook.yaml index c84fdd8..661a6e9 100644 --- a/infra/joplin/0000_proxmox_playbook.yaml +++ b/infra/joplin/0000_proxmox_playbook.yaml @@ -1,6 +1,5 @@ - name: Provision joplin Proxmox VM hosts: localhost - # gather_facts: false vars: api_user: "{{ lookup('ansible.builtin.env', 'PROXMOX_USER') }}" api_host: "{{ lookup('ansible.builtin.env', 'PROXMOX_HOST' ) }}" diff --git a/infra/joplin/0001_docker_playbook.yaml b/infra/joplin/0001_docker_playbook.yaml index 31be8eb..0b1ec8b 100644 --- a/infra/joplin/0001_docker_playbook.yaml +++ b/infra/joplin/0001_docker_playbook.yaml @@ -1,5 +1,5 @@ - name: Setup Docker - hosts: proxmox:kovalhome:managed:joplin + hosts: joplin tasks: - name: Wait for connection ansible.builtin.wait_for: -- 2.40.1 From c8f7be5041f9614ffcf1177a4c4b8cea4e634b21 Mon Sep 17 00:00:00 2001 From: Gleb Koval Date: Mon, 4 Sep 2023 22:20:12 +0100 Subject: [PATCH 08/12] maybe actually fix --- infra/joplin/0001_docker_playbook.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/infra/joplin/0001_docker_playbook.yaml b/infra/joplin/0001_docker_playbook.yaml index 0b1ec8b..368b21f 100644 --- a/infra/joplin/0001_docker_playbook.yaml +++ b/infra/joplin/0001_docker_playbook.yaml @@ -1,5 +1,6 @@ - name: Setup Docker hosts: joplin + roles: [managed] tasks: - name: Wait for connection ansible.builtin.wait_for: -- 2.40.1 From 6c9f52a77233fa8348675e624f8a3663906769b6 Mon Sep 17 00:00:00 2001 From: Gleb Koval Date: Mon, 4 Sep 2023 22:23:12 +0100 Subject: [PATCH 09/12] disable gather_facts --- infra/joplin/0001_docker_playbook.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/infra/joplin/0001_docker_playbook.yaml b/infra/joplin/0001_docker_playbook.yaml index 368b21f..e02df3d 100644 --- a/infra/joplin/0001_docker_playbook.yaml +++ b/infra/joplin/0001_docker_playbook.yaml @@ -1,6 +1,7 @@ - name: Setup Docker hosts: joplin roles: [managed] + gather_facts: false tasks: - name: Wait for connection ansible.builtin.wait_for: -- 2.40.1 From 8f50df502e444cb567967f48a33c8c9b5d2c8de6 Mon Sep 17 00:00:00 2001 From: Gleb Koval Date: Mon, 4 Sep 2023 22:25:09 +0100 Subject: [PATCH 10/12] don't assume roles yet --- infra/joplin/0001_docker_playbook.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/infra/joplin/0001_docker_playbook.yaml b/infra/joplin/0001_docker_playbook.yaml index e02df3d..fb888f9 100644 --- a/infra/joplin/0001_docker_playbook.yaml +++ b/infra/joplin/0001_docker_playbook.yaml @@ -1,6 +1,5 @@ - name: Setup Docker hosts: joplin - roles: [managed] gather_facts: false tasks: - name: Wait for connection -- 2.40.1 From bde783a35c7cce2ba816441a3ab956cf3c359664 Mon Sep 17 00:00:00 2001 From: Gleb Koval Date: Mon, 4 Sep 2023 22:40:07 +0100 Subject: [PATCH 11/12] fix 0001 --- infra/joplin/0001_docker_playbook.yaml | 5 +++++ inventory/proxmox.yaml | 1 + 2 files changed, 6 insertions(+) diff --git a/infra/joplin/0001_docker_playbook.yaml b/infra/joplin/0001_docker_playbook.yaml index fb888f9..a041dd3 100644 --- a/infra/joplin/0001_docker_playbook.yaml +++ b/infra/joplin/0001_docker_playbook.yaml @@ -2,8 +2,13 @@ hosts: joplin gather_facts: false tasks: + - name: Debug + ansible.builtin.debug: + msg: "{{ inventory_hostname }}" - name: Wait for connection ansible.builtin.wait_for: + host: "{{ inventory_hostname }}" + port: 22 timeout: 300 - name: Test some stuff ansible.builtin.shell: | diff --git a/inventory/proxmox.yaml b/inventory/proxmox.yaml index 5e1f182..00ca438 100644 --- a/inventory/proxmox.yaml +++ b/inventory/proxmox.yaml @@ -14,5 +14,6 @@ proxmox: vars: ansible_user: debian ansible_ssh_private_key_file: ~/.ssh/id_rsa + ansible_ssh_common_args: -o StrictHostKeyChecking=accept-new # TODO: Improve this unmanaged: hosts: -- 2.40.1 From 3507b068b9bf9c78fab547c5343068da8520ad30 Mon Sep 17 00:00:00 2001 From: Gleb Koval Date: Mon, 4 Sep 2023 23:21:53 +0100 Subject: [PATCH 12/12] fix 0000 --- infra/joplin/0000_proxmox_playbook.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/infra/joplin/0000_proxmox_playbook.yaml b/infra/joplin/0000_proxmox_playbook.yaml index 661a6e9..dc7e89d 100644 --- a/infra/joplin/0000_proxmox_playbook.yaml +++ b/infra/joplin/0000_proxmox_playbook.yaml @@ -62,6 +62,7 @@ sshkeys: "{{ ssh_public }}" ipconfig: ipconfig0: ip=dhcp,ip6=auto + ipconfig1: ip=dhcp,ip6=auto agent: enabled=1 tags: - debian-12 -- 2.40.1