feat: deploy NAS on oberon

2024-02-20 19:31:36 +01:00 · 2024-02-20 19:31:36 +01:00 · 625bda7fda
commit 625bda7fda
parent d1cc5ff299
10 changed files with 48 additions and 38 deletions
--- a/ansible/group_vars/NAS/NAS
+++ b/ansible/group_vars/NAS/NAS
@ -1,3 +1,20 @@
 NAS_nomad_folder:
  - name: openldap
    owner: 1001
+
+nas_bind_source:
+    - /data/data1/nomad
+    - /data/data1/music
+    - /data/data1/download
+#    - /data/data2/serie
+#    - /data/data3/film
+    - /data/data1/photo
+    - /data/data1/homes
+    - /data/data1/ebook
+
+
+nas_bind_target: "/exports"
+
+
+
+
--- a/ansible/group_vars/NAS/ftp
+++ b/ansible/group_vars/NAS/ftp
@ -1,3 +1,3 @@
 vsftpd_config:
-    local_root: "/var/local/volume1"
+    local_root: "{{ nfs_bind_target }}"
    seccomp_sandbox: False
--- a/ansible/group_vars/NAS/nfs
+++ b/ansible/group_vars/NAS/nfs
@ -1,22 +1,15 @@
-nfs_cluster_list: "{% for server in groups['all']%}{{ hostvars[server]['ansible_default_ipv4']['address'] }}(rw,no_root_squash,async,insecure_locks,sec=sys)  {%endfor%}"
+nfs_cluster_list: "{% for server in groups['all']%} {{hostvars[server]['ansible_' + hostvars[server]['nfs_iface']|default('')].ipv4.address|default(hostvars[server]['ansible_default_ipv4']['address'],true)}}(rw,no_root_squash,async,insecure_locks,sec=sys)  {%endfor%}"
 nfs_consul_service: true
 nfs_bind_target: "/exports"
-nfs_bind_source:
-    - /var/local/volume1/nomad
-    - /var/local/volume1/music
-    - /var/local/volume1/media
-    - /var/local/volume1/photo
-    - /var/local/volume1/homes
-    - /var/local/volume1/ebook


 nfs_exports:
-    - "{{nfs_bind_target }} *(fsid=0,insecure,no_subtree_check)" 
-    - "{{ nfs_bind_target }}/nomad {{nfs_cluster_list}}"
-    - "{{ nfs_bind_target }}/music {{nfs_cluster_list}}"
-    - "{{ nfs_bind_target }}/media {{nfs_cluster_list}}"
-    - "{{ nfs_bind_target }}/photo {{nfs_cluster_list}}"
-    - "{{ nfs_bind_target }}/homes {{nfs_cluster_list}}"
-    - "{{ nfs_bind_target }}/ebook {{nfs_cluster_list}}"
-
-
+    - "{{ nas_bind_target }} *(fsid=0,insecure,no_subtree_check)" 
+    - "{{ nas_bind_target }}/nomad {{nfs_cluster_list}}"
+    - "{{ nas_bind_target }}/download {{nfs_cluster_list}}"
+    - "{{ nas_bind_target }}/music {{nfs_cluster_list}}"
+#    - "{{ nas_bind_target }}/film {{nfs_cluster_list}}"
+#    - "{{ nas_bind_target }}/serie {{nfs_cluster_list}}"
+    - "{{ nas_bind_target }}/photo {{nfs_cluster_list}}"
+    - "{{ nas_bind_target }}/homes {{nfs_cluster_list}}"
+    - "{{ nas_bind_target }}/ebook {{nfs_cluster_list}}"
--- a/ansible/group_vars/NAS/samba
+++ b/ansible/group_vars/NAS/samba
@ -1,21 +1,21 @@
 samba_passdb_backend: tdbsam
 samba_shares_root: /exports
 samba_shares:
-  - name: media
-    comment: "media"
-    write_list: @NAS_media
-    browseable: true
+#  - name: media
+#    comment: "media"
+#    write_list: "@NAS_media"
+#    browseable: true
  - name: ebook
    comment: "ebook"
-    write_list: @NAS_ebook
+    write_list: "@NAS_ebook"
    browseable: true
  - name: music
    comment: "music"
-    write_list: @NAS_music
+    write_list: "@NAS_music"
    browseable: true
  - name: photo
    comment: "photo"
-    write_list: @NAS_photo
+    write_list: "@NAS_photo"
    browseable: true

 samba_load_homes: True
--- a/ansible/host_vars/bleys
+++ b/ansible/host_vars/bleys
@ -4,7 +4,7 @@ ansible_python_interpreter: "/usr/bin/python3"
 default_interface: "enp2s0"
 consul_iface: "{{ default_interface}}"
 vault_iface:  "{{ default_interface}}"
-
+nfs_iface:  "{{ default_interface}}"
 wireguard_address: "10.0.0.7/24"
 wireguard_byhost_allowed_ips:
  merlin: 10.0.0.7,192.168.1.42,192.168.1.0/24
--- a/ansible/host_vars/corwin
+++ b/ansible/host_vars/corwin
@ -1,6 +1,6 @@
 ---
-#ansible_host: 10.0.0.1
-ansible_host: 135.181.150.203
+ansible_host: 10.0.0.1
+#ansible_host: 135.181.150.203
 default_interface: "eth0"
 wireguard_address: "10.0.0.1/24"
 wireguard_endpoint: "135.181.150.203"
--- a/ansible/host_vars/merlin
+++ b/ansible/host_vars/merlin
@ -2,6 +2,7 @@
 ansible_host: 10.0.0.4
 #ansible_host: 65.21.2.14
 default_interface: "ens3"
+nfs_iface: "wg0"
 wireguard_address: "10.0.0.4/24"
 wireguard_endpoint: "65.21.2.14"
 wireguard_persistent_keepalive: "20"
--- a/ansible/host_vars/oscar
+++ b/ansible/host_vars/oscar
@ -2,7 +2,7 @@
 default_interface: "enp2s0"
 consul_iface: "{{ default_interface}}"
 vault_iface: "{{ default_interface}}"
-
+nfs_iface:  "{{ default_interface}}"
 wireguard_address: "10.0.0.2/24"
 wireguard_byhost_allowed_ips:
  merlin: 10.0.0.2,192.168.1.40
--- a/ansible/playbooks/nas.yml
+++ b/ansible/playbooks/nas.yml
@ -10,21 +10,21 @@
      ansible.builtin.file:
        path: "{{ item }}"
        state: directory
-      loop: "{{ nfs_bind_source }}"
+      loop: "{{ nas_bind_source }}"
      become: true
        
-    - name: Bind NFS export
+    - name: Bind NAS export
      ansible.posix.mount:
-        path: "{{ nfs_bind_target }}/{{ item.split('/')[-1] }}"
+        path: "{{ nas_bind_target }}/{{ item.split('/')[-1] }}"
        src: "{{ item }}"
        opts: bind
        fstype: none
        state: mounted
-      loop: "{{ nfs_bind_source }}"
+      loop: "{{ nas_bind_source }}"
      become: true
    - name: create nomad folder
-      file:
-        path: "{{ nfs_bind_target}}/nomad/{{item.name}}"
+      ansible.builtin.file:
+        path: "{{ nas_bind_target }}/nomad/{{ item.name }}"
        owner: "{{ item.owner }}"
        state: directory
      loop: "{{ NAS_nomad_folder }}"
--- a/ansible/production
+++ b/ansible/production
@ -37,7 +37,6 @@ NAS
 cluster

 [VPS]
-corwin
 merlin

 [region:children]
@ -46,10 +45,10 @@ VPS
 production

 [production]
-corwin
 oscar
 merlin
 gerard
 bleys
+oberon

 [staging]