Adding node6 and moving services

ricsanfre · Feb 2, 2024 · 44c2752 · 44c2752
1 parent 4d34ff4
commit 44c2752
Show file tree

Hide file tree

Showing 9 changed files with 37 additions and 16 deletions.
diff --git a/ansible/external_services.yml b/ansible/external_services.yml
@@ -136,7 +136,7 @@
 ## Install Hashicorp Vault Server
 
 - name: Install Vault Server
-  hosts: gateway
+  hosts: vault
   gather_facts: true
   tags: [vault]
   become: true
@@ -223,7 +223,7 @@
 
 ## Load all credentials into Hashicorp Vault Server
 - name: Load Vault Credentials
-  hosts: gateway
+  hosts: vault
   gather_facts: true
   tags: [vault, credentials]
   become: false

diff --git a/ansible/host_vars/gateway.yml b/ansible/host_vars/gateway.yml
@@ -28,7 +28,7 @@ dnsmasq_additional_dns_hosts:
   s3_server:
     desc: "S3 Server"
     hostname: s3
-    ip: 10.0.0.11
+    ip: 10.0.0.100
   elasticsearch:
     desc: "Elasticsearch server"
     hostname: elasticsearch
@@ -52,7 +52,7 @@ dnsmasq_additional_dns_hosts:
   vault_server:
     desc: "Vault server"
     hostname: vault
-    ip: 10.0.0.1
+    ip: 10.0.0.11
 dnsmasq_enable_tftp: true
 dnsmasq_tftp_root: /srv/tftp
 dnsmasq_additional_conf: |-
@@ -78,10 +78,8 @@ ntp_allow_hosts: [10.0.0.0/24]
 #########################
 
 # tcp 9100 Prometheus (fluent-bit)
-# tcp 8200, 8201 Vault server
 # udp 69, TFTP server
-# TCP 6443 load balancer K3S API
-in_tcp_port: '{ ssh, https, http, iscsi-target, 9100, 8200, 8201, 6443 }'
+in_tcp_port: '{ ssh, https, http, iscsi-target, 9100 }'
 in_udp_port: '{ snmp, domain, ntp, bootps, 69 }'
 # tcp 9091 minio server
 forward_tcp_port: '{ http, https, ssh, 9091 }'
@@ -141,8 +139,10 @@ nft_forward_host_rules:
     - iifname $wan_interface oifname $lan_interface ip daddr $lan_network tcp dport ssh ct state new accept
   230 http from wan:
     - iifname $wan_interface oifname $lan_interface ip daddr $lan_network tcp dport {http, https} ct state new accept
+  240 haproxy from wan:
+    - iifname $wan_interface oifname $lan_interface ip daddr 10.0.0.11 tcp dport 6443 ct state new accept
   250 port-forwarding from wan:
-    - iifname $wan_interface oifname $lan_interface ip daddr 10.0.0.11 tcp dport 8080 ct state new accept
+    - iifname $wan_interface oifname $lan_interface ip daddr 10.0.0.12 tcp dport 8080 ct state new accept
 # NAT Post-routing
 nft_nat_host_postrouting_rules:
   005 masquerade lan to wan:

diff --git a/ansible/inventory.yml b/ansible/inventory.yml
@@ -44,6 +44,11 @@ all:
           ansible_host: 10.0.0.15
           ip: 10.0.0.15
           mac: e4:5f:01:d9:ec:5c
+        node6:
+          hostname: node6
+          ansible_host: 10.0.0.16
+          ip: 10.0.0.16
+          mac: d8:3a:dd:0d:be:c8
         node-hp-1:
           hostname: node-hp-1
           ansible-host: 10.0.0.20
@@ -61,7 +66,7 @@ all:
           mac: 10:e7:c6:0a:de:8a
     raspberrypi:
       hosts:
-        node[1:5]:
+        node[1:6]:
         gateway:
     x86:
       hosts:
@@ -70,8 +75,18 @@ all:
       children:
         k3s_master:
           hosts:
-            node[1:3]:
+            node[2:4]:
         k3s_worker:
           hosts:
-            node[4:5]:
+            node[5:6]:
             node-hp-[1:3]:
+    bootstrap:
+      hosts:
+        node2:
+    vault:
+      hosts:
+        node1:
+    haproxy:
+      hosts:
+        node1:
+
diff --git a/ansible/k3s_bootstrap.yml b/ansible/k3s_bootstrap.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Bootstrap Cluster
-  hosts: node1
+  hosts: bootstrap
   gather_facts: false
   become: false
 

diff --git a/ansible/k3s_install.yml b/ansible/k3s_install.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Install load balancer
-  hosts: gateway
+  hosts: haproxy
   gather_facts: true
   tags: [install]
   become: true

diff --git a/ansible/reset_external_services.yml b/ansible/reset_external_services.yml
@@ -28,7 +28,7 @@
         daemon_reload: true
 
 - name: Clean Vault Installation
-  hosts: gateway
+  hosts: vault
   become: true
   gather_facts: false
   tags: [vault]

diff --git a/ansible/tasks/vault_kubernetes_auth_method_config.yml b/ansible/tasks/vault_kubernetes_auth_method_config.yml
@@ -18,7 +18,7 @@
   become: false
   register: vault_login
   changed_when: false
-  delegate_to: gateway
+  delegate_to: node1
 
 - name: Get vault token
   set_fact:

diff --git a/ansible/vars/picluster.yml b/ansible/vars/picluster.yml
@@ -9,7 +9,7 @@
 k3s_version: v1.28.2+k3s1
 
 # k3s master node VIP (loadbalancer)
-k3s_api_vip: 10.0.0.1
+k3s_api_vip: 10.0.0.11
 
 # k3s shared token
 k3s_token: "{{ vault.cluster.k3s.token }}"

diff --git a/metal/rpi/Makefile b/metal/rpi/Makefile
@@ -59,3 +59,9 @@ prepare-node5:
 	sudo mount ${USB}1 ${SYSTEM_BOOT_MOUNT}
 	sed 's/nodeX/node5/g' cloud-init/nodes/${USER_DATA_NODES} | sudo tee ${SYSTEM_BOOT_MOUNT}/user-data
 	sudo umount ${SYSTEM_BOOT_MOUNT}
+
+.PHONY: prepare-node6
+prepare-node6:
+	sudo mount ${USB}1 ${SYSTEM_BOOT_MOUNT}
+	sed 's/nodeX/node6/g' cloud-init/nodes/${USER_DATA_NODES} | sudo tee ${SYSTEM_BOOT_MOUNT}/user-data
+	sudo umount ${SYSTEM_BOOT_MOUNT}