This commit is contained in:
vincent
parent
bcddfe7dd3
commit
53eaf5254d
@ -7,3 +7,4 @@ MD009:
|
|||||||
MD013: false
|
MD013: false
|
||||||
MD033: false
|
MD033: false
|
||||||
MD024: false
|
MD024: false
|
||||||
|
MD041: false
|
||||||
|
|||||||
@ -8,16 +8,15 @@ this Homelab is build over Hashicorp software:
|
|||||||
- Consul
|
- Consul
|
||||||
- Vault
|
- Vault
|
||||||
|
|
||||||
## Rebuild
|
## Rebuild
|
||||||
|
|
||||||
to rebuild from scratch ansible need a vault server up and unseal
|
to rebuild from scratch ansible need a vault server up and unseal
|
||||||
you can rebuild a standalone vault server with a consul database snaphot with
|
you can rebuild a standalone vault server with a consul database snaphot with
|
||||||
|
|
||||||
```
|
```sh
|
||||||
make vault-dev FILE=./yourconsulsnaphot.snap
|
make vault-dev FILE=./yourconsulsnaphot.snap
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Architecture
|
## Architecture
|
||||||
|
|
||||||
```mermaid
|
```mermaid
|
||||||
|
|||||||
@ -6,15 +6,13 @@ Accepted
|
|||||||
|
|
||||||
## Context
|
## Context
|
||||||
|
|
||||||
we need to create a virtual cluster to do test without impact on production
|
we need to create a virtual cluster to do test without impact on production.
|
||||||
diferent way:
|
|
||||||
|
|
||||||
### Virtualisation or Container
|
### Virtualisation or Container
|
||||||
|
|
||||||
Virtualisation provide better isolation but must ressource are needed.
|
Virtualisation provide better isolation but must ressource are needed.
|
||||||
Container able to create more item without consum as resource than virtual machine.
|
Container able to create more item without consum as resource than virtual machine.
|
||||||
|
|
||||||
|
|
||||||
### Creation Wrapper
|
### Creation Wrapper
|
||||||
|
|
||||||
Vagrant is good top manage virtual machine but not a lot of LXC box availlable, Vagant van be use with other configuration manager than ansible.
|
Vagrant is good top manage virtual machine but not a lot of LXC box availlable, Vagant van be use with other configuration manager than ansible.
|
||||||
@ -29,4 +27,3 @@ Molecule wrapper will be use because all our configuration is already provide b
|
|||||||
## Consequences
|
## Consequences
|
||||||
|
|
||||||
Need to create dev env other an LXD server.
|
Need to create dev env other an LXD server.
|
||||||
|
|
||||||
|
|||||||
@ -23,7 +23,7 @@ Pihole container in nomad cluster is set as primary DNS as add blocker secondary
|
|||||||
|
|
||||||
DNS locate on NAS manage domain *ducamps.win* on local network pihole forward each request on *ducamps.win* to this DNS.
|
DNS locate on NAS manage domain *ducamps.win* on local network pihole forward each request on *ducamps.win* to this DNS.
|
||||||
|
|
||||||
Each DNS forward *service.consul* request to the consul cluster. On Pihole a template configure each consul server.
|
Each DNS forward *service.consul* request to the consul cluster. On Pihole a template configure each consul server.
|
||||||
|
|
||||||
On diskstation every request as forward to one consul node this point is to improve we because we have a possibility of outtage. du to synology DNSServer limitation we only put a forward on port 53 so we need on the target consul node to redirect port 53 to 8300 by iptables rules.
|
On diskstation every request as forward to one consul node this point is to improve we because we have a possibility of outtage. du to synology DNSServer limitation we only put a forward on port 53 so we need on the target consul node to redirect port 53 to 8300 by iptables rules.
|
||||||
|
|
||||||
|
|||||||
@ -1,12 +1,9 @@
|
|||||||
# Add a new job
|
# Add a new job
|
||||||
|
|
||||||
|
|
||||||
## Create Nomad job
|
## Create Nomad job
|
||||||
|
|
||||||
|
|
||||||
## Add secret to vault
|
## Add secret to vault
|
||||||
|
|
||||||
|
|
||||||
## Add a new policy to Vault terraform
|
## Add a new policy to Vault terraform
|
||||||
|
|
||||||
## Add Database creation in ansible variable (if neeeded)
|
## Add Database creation in ansible variable (if neeeded)
|
||||||
|
|||||||
@ -1,13 +1,13 @@
|
|||||||
# How to Bootstrap dev env
|
# How to Bootstrap dev env
|
||||||
|
|
||||||
## prerequisite
|
## prerequisite
|
||||||
|
|
||||||
dev environment is manage by molecule job who launch container via LXD you need following software to launch it:
|
dev environment is manage by molecule job who launch container via LXD you need following software to launch it:
|
||||||
|
|
||||||
- LXD server up on your local machine
|
- LXD server up on your local machine
|
||||||
- molecule install ``` pip install molecule```
|
- molecule install ```pip install molecule```
|
||||||
- molecule-LXD plugins ```pip install molecule-lxd```
|
- molecule-LXD plugins ```pip install molecule-lxd```
|
||||||
|
|
||||||
|
|
||||||
## provissionning
|
## provissionning
|
||||||
|
|
||||||
you can launch ```make create-dev``` on root project
|
you can launch ```make create-dev``` on root project
|
||||||
@ -20,6 +20,4 @@ molecule will create 3 container on different distribution
|
|||||||
|
|
||||||
To bootstrap the container (base account, sudo configuration) role [ansible_bootstrap](https://git.ducamps.win/ansible-roles/ansible_bootstrap) will be apply
|
To bootstrap the container (base account, sudo configuration) role [ansible_bootstrap](https://git.ducamps.win/ansible-roles/ansible_bootstrap) will be apply
|
||||||
|
|
||||||
|
|
||||||
Converge step call playbook [site.yml](https://git.ducamps.win/vincent/homelab/src/commit/c5ff235b9768d91b240ec97e7ff8e2ad5a9602ca/ansible/site.yml) to provission the cluster
|
Converge step call playbook [site.yml](https://git.ducamps.win/vincent/homelab/src/commit/c5ff235b9768d91b240ec97e7ff8e2ad5a9602ca/ansible/site.yml) to provission the cluster
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user