feat: deploy NAS on oberon
This commit is contained in:
parent
d1cc5ff299
commit
625bda7fda
@ -1,3 +1,20 @@
|
|||||||
NAS_nomad_folder:
|
NAS_nomad_folder:
|
||||||
- name: openldap
|
- name: openldap
|
||||||
owner: 1001
|
owner: 1001
|
||||||
|
|
||||||
|
nas_bind_source:
|
||||||
|
- /data/data1/nomad
|
||||||
|
- /data/data1/music
|
||||||
|
- /data/data1/download
|
||||||
|
# - /data/data2/serie
|
||||||
|
# - /data/data3/film
|
||||||
|
- /data/data1/photo
|
||||||
|
- /data/data1/homes
|
||||||
|
- /data/data1/ebook
|
||||||
|
|
||||||
|
|
||||||
|
nas_bind_target: "/exports"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
vsftpd_config:
|
vsftpd_config:
|
||||||
local_root: "/var/local/volume1"
|
local_root: "{{ nfs_bind_target }}"
|
||||||
seccomp_sandbox: False
|
seccomp_sandbox: False
|
||||||
|
@ -1,22 +1,15 @@
|
|||||||
nfs_cluster_list: "{% for server in groups['all']%}{{ hostvars[server]['ansible_default_ipv4']['address'] }}(rw,no_root_squash,async,insecure_locks,sec=sys) {%endfor%}"
|
nfs_cluster_list: "{% for server in groups['all']%} {{hostvars[server]['ansible_' + hostvars[server]['nfs_iface']|default('')].ipv4.address|default(hostvars[server]['ansible_default_ipv4']['address'],true)}}(rw,no_root_squash,async,insecure_locks,sec=sys) {%endfor%}"
|
||||||
nfs_consul_service: true
|
nfs_consul_service: true
|
||||||
nfs_bind_target: "/exports"
|
nfs_bind_target: "/exports"
|
||||||
nfs_bind_source:
|
|
||||||
- /var/local/volume1/nomad
|
|
||||||
- /var/local/volume1/music
|
|
||||||
- /var/local/volume1/media
|
|
||||||
- /var/local/volume1/photo
|
|
||||||
- /var/local/volume1/homes
|
|
||||||
- /var/local/volume1/ebook
|
|
||||||
|
|
||||||
|
|
||||||
nfs_exports:
|
nfs_exports:
|
||||||
- "{{nfs_bind_target }} *(fsid=0,insecure,no_subtree_check)"
|
- "{{ nas_bind_target }} *(fsid=0,insecure,no_subtree_check)"
|
||||||
- "{{ nfs_bind_target }}/nomad {{nfs_cluster_list}}"
|
- "{{ nas_bind_target }}/nomad {{nfs_cluster_list}}"
|
||||||
- "{{ nfs_bind_target }}/music {{nfs_cluster_list}}"
|
- "{{ nas_bind_target }}/download {{nfs_cluster_list}}"
|
||||||
- "{{ nfs_bind_target }}/media {{nfs_cluster_list}}"
|
- "{{ nas_bind_target }}/music {{nfs_cluster_list}}"
|
||||||
- "{{ nfs_bind_target }}/photo {{nfs_cluster_list}}"
|
# - "{{ nas_bind_target }}/film {{nfs_cluster_list}}"
|
||||||
- "{{ nfs_bind_target }}/homes {{nfs_cluster_list}}"
|
# - "{{ nas_bind_target }}/serie {{nfs_cluster_list}}"
|
||||||
- "{{ nfs_bind_target }}/ebook {{nfs_cluster_list}}"
|
- "{{ nas_bind_target }}/photo {{nfs_cluster_list}}"
|
||||||
|
- "{{ nas_bind_target }}/homes {{nfs_cluster_list}}"
|
||||||
|
- "{{ nas_bind_target }}/ebook {{nfs_cluster_list}}"
|
||||||
|
@ -1,21 +1,21 @@
|
|||||||
samba_passdb_backend: tdbsam
|
samba_passdb_backend: tdbsam
|
||||||
samba_shares_root: /exports
|
samba_shares_root: /exports
|
||||||
samba_shares:
|
samba_shares:
|
||||||
- name: media
|
# - name: media
|
||||||
comment: "media"
|
# comment: "media"
|
||||||
write_list: @NAS_media
|
# write_list: "@NAS_media"
|
||||||
browseable: true
|
# browseable: true
|
||||||
- name: ebook
|
- name: ebook
|
||||||
comment: "ebook"
|
comment: "ebook"
|
||||||
write_list: @NAS_ebook
|
write_list: "@NAS_ebook"
|
||||||
browseable: true
|
browseable: true
|
||||||
- name: music
|
- name: music
|
||||||
comment: "music"
|
comment: "music"
|
||||||
write_list: @NAS_music
|
write_list: "@NAS_music"
|
||||||
browseable: true
|
browseable: true
|
||||||
- name: photo
|
- name: photo
|
||||||
comment: "photo"
|
comment: "photo"
|
||||||
write_list: @NAS_photo
|
write_list: "@NAS_photo"
|
||||||
browseable: true
|
browseable: true
|
||||||
|
|
||||||
samba_load_homes: True
|
samba_load_homes: True
|
||||||
|
@ -4,7 +4,7 @@ ansible_python_interpreter: "/usr/bin/python3"
|
|||||||
default_interface: "enp2s0"
|
default_interface: "enp2s0"
|
||||||
consul_iface: "{{ default_interface}}"
|
consul_iface: "{{ default_interface}}"
|
||||||
vault_iface: "{{ default_interface}}"
|
vault_iface: "{{ default_interface}}"
|
||||||
|
nfs_iface: "{{ default_interface}}"
|
||||||
wireguard_address: "10.0.0.7/24"
|
wireguard_address: "10.0.0.7/24"
|
||||||
wireguard_byhost_allowed_ips:
|
wireguard_byhost_allowed_ips:
|
||||||
merlin: 10.0.0.7,192.168.1.42,192.168.1.0/24
|
merlin: 10.0.0.7,192.168.1.42,192.168.1.0/24
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
#ansible_host: 10.0.0.1
|
ansible_host: 10.0.0.1
|
||||||
ansible_host: 135.181.150.203
|
#ansible_host: 135.181.150.203
|
||||||
default_interface: "eth0"
|
default_interface: "eth0"
|
||||||
wireguard_address: "10.0.0.1/24"
|
wireguard_address: "10.0.0.1/24"
|
||||||
wireguard_endpoint: "135.181.150.203"
|
wireguard_endpoint: "135.181.150.203"
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
ansible_host: 10.0.0.4
|
ansible_host: 10.0.0.4
|
||||||
#ansible_host: 65.21.2.14
|
#ansible_host: 65.21.2.14
|
||||||
default_interface: "ens3"
|
default_interface: "ens3"
|
||||||
|
nfs_iface: "wg0"
|
||||||
wireguard_address: "10.0.0.4/24"
|
wireguard_address: "10.0.0.4/24"
|
||||||
wireguard_endpoint: "65.21.2.14"
|
wireguard_endpoint: "65.21.2.14"
|
||||||
wireguard_persistent_keepalive: "20"
|
wireguard_persistent_keepalive: "20"
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
default_interface: "enp2s0"
|
default_interface: "enp2s0"
|
||||||
consul_iface: "{{ default_interface}}"
|
consul_iface: "{{ default_interface}}"
|
||||||
vault_iface: "{{ default_interface}}"
|
vault_iface: "{{ default_interface}}"
|
||||||
|
nfs_iface: "{{ default_interface}}"
|
||||||
wireguard_address: "10.0.0.2/24"
|
wireguard_address: "10.0.0.2/24"
|
||||||
wireguard_byhost_allowed_ips:
|
wireguard_byhost_allowed_ips:
|
||||||
merlin: 10.0.0.2,192.168.1.40
|
merlin: 10.0.0.2,192.168.1.40
|
||||||
|
@ -10,21 +10,21 @@
|
|||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ item }}"
|
path: "{{ item }}"
|
||||||
state: directory
|
state: directory
|
||||||
loop: "{{ nfs_bind_source }}"
|
loop: "{{ nas_bind_source }}"
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
- name: Bind NFS export
|
- name: Bind NAS export
|
||||||
ansible.posix.mount:
|
ansible.posix.mount:
|
||||||
path: "{{ nfs_bind_target }}/{{ item.split('/')[-1] }}"
|
path: "{{ nas_bind_target }}/{{ item.split('/')[-1] }}"
|
||||||
src: "{{ item }}"
|
src: "{{ item }}"
|
||||||
opts: bind
|
opts: bind
|
||||||
fstype: none
|
fstype: none
|
||||||
state: mounted
|
state: mounted
|
||||||
loop: "{{ nfs_bind_source }}"
|
loop: "{{ nas_bind_source }}"
|
||||||
become: true
|
become: true
|
||||||
- name: create nomad folder
|
- name: create nomad folder
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: "{{ nfs_bind_target}}/nomad/{{item.name}}"
|
path: "{{ nas_bind_target }}/nomad/{{ item.name }}"
|
||||||
owner: "{{ item.owner }}"
|
owner: "{{ item.owner }}"
|
||||||
state: directory
|
state: directory
|
||||||
loop: "{{ NAS_nomad_folder }}"
|
loop: "{{ NAS_nomad_folder }}"
|
||||||
|
@ -37,7 +37,6 @@ NAS
|
|||||||
cluster
|
cluster
|
||||||
|
|
||||||
[VPS]
|
[VPS]
|
||||||
corwin
|
|
||||||
merlin
|
merlin
|
||||||
|
|
||||||
[region:children]
|
[region:children]
|
||||||
@ -46,10 +45,10 @@ VPS
|
|||||||
production
|
production
|
||||||
|
|
||||||
[production]
|
[production]
|
||||||
corwin
|
|
||||||
oscar
|
oscar
|
||||||
merlin
|
merlin
|
||||||
gerard
|
gerard
|
||||||
bleys
|
bleys
|
||||||
|
oberon
|
||||||
|
|
||||||
[staging]
|
[staging]
|
||||||
|
Loading…
Reference in New Issue
Block a user