From 625bda7fda390cc94cf9983666828e6f9fcd69b7 Mon Sep 17 00:00:00 2001 From: vincent Date: Tue, 20 Feb 2024 19:31:36 +0100 Subject: [PATCH] feat: deploy NAS on oberon --- ansible/group_vars/NAS/NAS | 17 +++++++++++++++++ ansible/group_vars/NAS/ftp | 2 +- ansible/group_vars/NAS/nfs | 27 ++++++++++----------------- ansible/group_vars/NAS/samba | 14 +++++++------- ansible/host_vars/bleys | 2 +- ansible/host_vars/corwin | 4 ++-- ansible/host_vars/merlin | 1 + ansible/host_vars/oscar | 2 +- ansible/playbooks/nas.yml | 14 +++++++------- ansible/production | 3 +-- 10 files changed, 48 insertions(+), 38 deletions(-) diff --git a/ansible/group_vars/NAS/NAS b/ansible/group_vars/NAS/NAS index 89aead7..0c0eb5a 100644 --- a/ansible/group_vars/NAS/NAS +++ b/ansible/group_vars/NAS/NAS @@ -1,3 +1,20 @@ NAS_nomad_folder: - name: openldap owner: 1001 + +nas_bind_source: + - /data/data1/nomad + - /data/data1/music + - /data/data1/download +# - /data/data2/serie +# - /data/data3/film + - /data/data1/photo + - /data/data1/homes + - /data/data1/ebook + + +nas_bind_target: "/exports" + + + + diff --git a/ansible/group_vars/NAS/ftp b/ansible/group_vars/NAS/ftp index a14b808..317c254 100644 --- a/ansible/group_vars/NAS/ftp +++ b/ansible/group_vars/NAS/ftp @@ -1,3 +1,3 @@ vsftpd_config: - local_root: "/var/local/volume1" + local_root: "{{ nfs_bind_target }}" seccomp_sandbox: False diff --git a/ansible/group_vars/NAS/nfs b/ansible/group_vars/NAS/nfs index 126d378..4dc0725 100644 --- a/ansible/group_vars/NAS/nfs +++ b/ansible/group_vars/NAS/nfs @@ -1,22 +1,15 @@ -nfs_cluster_list: "{% for server in groups['all']%}{{ hostvars[server]['ansible_default_ipv4']['address'] }}(rw,no_root_squash,async,insecure_locks,sec=sys) {%endfor%}" +nfs_cluster_list: "{% for server in groups['all']%} {{hostvars[server]['ansible_' + hostvars[server]['nfs_iface']|default('')].ipv4.address|default(hostvars[server]['ansible_default_ipv4']['address'],true)}}(rw,no_root_squash,async,insecure_locks,sec=sys) {%endfor%}" nfs_consul_service: true nfs_bind_target: "/exports" -nfs_bind_source: - - /var/local/volume1/nomad - - /var/local/volume1/music - - /var/local/volume1/media - - /var/local/volume1/photo - - /var/local/volume1/homes - - /var/local/volume1/ebook nfs_exports: - - "{{nfs_bind_target }} *(fsid=0,insecure,no_subtree_check)" - - "{{ nfs_bind_target }}/nomad {{nfs_cluster_list}}" - - "{{ nfs_bind_target }}/music {{nfs_cluster_list}}" - - "{{ nfs_bind_target }}/media {{nfs_cluster_list}}" - - "{{ nfs_bind_target }}/photo {{nfs_cluster_list}}" - - "{{ nfs_bind_target }}/homes {{nfs_cluster_list}}" - - "{{ nfs_bind_target }}/ebook {{nfs_cluster_list}}" - - + - "{{ nas_bind_target }} *(fsid=0,insecure,no_subtree_check)" + - "{{ nas_bind_target }}/nomad {{nfs_cluster_list}}" + - "{{ nas_bind_target }}/download {{nfs_cluster_list}}" + - "{{ nas_bind_target }}/music {{nfs_cluster_list}}" +# - "{{ nas_bind_target }}/film {{nfs_cluster_list}}" +# - "{{ nas_bind_target }}/serie {{nfs_cluster_list}}" + - "{{ nas_bind_target }}/photo {{nfs_cluster_list}}" + - "{{ nas_bind_target }}/homes {{nfs_cluster_list}}" + - "{{ nas_bind_target }}/ebook {{nfs_cluster_list}}" diff --git a/ansible/group_vars/NAS/samba b/ansible/group_vars/NAS/samba index 4325cd9..21eb5f7 100644 --- a/ansible/group_vars/NAS/samba +++ b/ansible/group_vars/NAS/samba @@ -1,21 +1,21 @@ samba_passdb_backend: tdbsam samba_shares_root: /exports samba_shares: - - name: media - comment: "media" - write_list: @NAS_media - browseable: true +# - name: media +# comment: "media" +# write_list: "@NAS_media" +# browseable: true - name: ebook comment: "ebook" - write_list: @NAS_ebook + write_list: "@NAS_ebook" browseable: true - name: music comment: "music" - write_list: @NAS_music + write_list: "@NAS_music" browseable: true - name: photo comment: "photo" - write_list: @NAS_photo + write_list: "@NAS_photo" browseable: true samba_load_homes: True diff --git a/ansible/host_vars/bleys b/ansible/host_vars/bleys index 9797dc0..be0cc7f 100644 --- a/ansible/host_vars/bleys +++ b/ansible/host_vars/bleys @@ -4,7 +4,7 @@ ansible_python_interpreter: "/usr/bin/python3" default_interface: "enp2s0" consul_iface: "{{ default_interface}}" vault_iface: "{{ default_interface}}" - +nfs_iface: "{{ default_interface}}" wireguard_address: "10.0.0.7/24" wireguard_byhost_allowed_ips: merlin: 10.0.0.7,192.168.1.42,192.168.1.0/24 diff --git a/ansible/host_vars/corwin b/ansible/host_vars/corwin index f8a7be6..9fef35e 100644 --- a/ansible/host_vars/corwin +++ b/ansible/host_vars/corwin @@ -1,6 +1,6 @@ --- -#ansible_host: 10.0.0.1 -ansible_host: 135.181.150.203 +ansible_host: 10.0.0.1 +#ansible_host: 135.181.150.203 default_interface: "eth0" wireguard_address: "10.0.0.1/24" wireguard_endpoint: "135.181.150.203" diff --git a/ansible/host_vars/merlin b/ansible/host_vars/merlin index 7bbf51f..151b5d6 100644 --- a/ansible/host_vars/merlin +++ b/ansible/host_vars/merlin @@ -2,6 +2,7 @@ ansible_host: 10.0.0.4 #ansible_host: 65.21.2.14 default_interface: "ens3" +nfs_iface: "wg0" wireguard_address: "10.0.0.4/24" wireguard_endpoint: "65.21.2.14" wireguard_persistent_keepalive: "20" diff --git a/ansible/host_vars/oscar b/ansible/host_vars/oscar index ad96283..9d49aeb 100644 --- a/ansible/host_vars/oscar +++ b/ansible/host_vars/oscar @@ -2,7 +2,7 @@ default_interface: "enp2s0" consul_iface: "{{ default_interface}}" vault_iface: "{{ default_interface}}" - +nfs_iface: "{{ default_interface}}" wireguard_address: "10.0.0.2/24" wireguard_byhost_allowed_ips: merlin: 10.0.0.2,192.168.1.40 diff --git a/ansible/playbooks/nas.yml b/ansible/playbooks/nas.yml index 3b5691c..883eb44 100644 --- a/ansible/playbooks/nas.yml +++ b/ansible/playbooks/nas.yml @@ -10,22 +10,22 @@ ansible.builtin.file: path: "{{ item }}" state: directory - loop: "{{ nfs_bind_source }}" + loop: "{{ nas_bind_source }}" become: true - - name: Bind NFS export + - name: Bind NAS export ansible.posix.mount: - path: "{{ nfs_bind_target }}/{{ item.split('/')[-1] }}" + path: "{{ nas_bind_target }}/{{ item.split('/')[-1] }}" src: "{{ item }}" opts: bind fstype: none state: mounted - loop: "{{ nfs_bind_source }}" + loop: "{{ nas_bind_source }}" become: true - name: create nomad folder - file: - path: "{{ nfs_bind_target}}/nomad/{{item.name}}" - owner: "{{item.owner}}" + ansible.builtin.file: + path: "{{ nas_bind_target }}/nomad/{{ item.name }}" + owner: "{{ item.owner }}" state: directory loop: "{{ NAS_nomad_folder }}" become: true diff --git a/ansible/production b/ansible/production index 06b04bd..b761b05 100644 --- a/ansible/production +++ b/ansible/production @@ -37,7 +37,6 @@ NAS cluster [VPS] -corwin merlin [region:children] @@ -46,10 +45,10 @@ VPS production [production] -corwin oscar merlin gerard bleys +oberon [staging]