commit marco conf

ansible-runner/build/requirements.yml

@@ -19,19 +19,19 @@ roles:
   - name: ricsanfre.fluentbit
     version: v1.0.4
   - name: ricsanfre.minio
-    version: v1.1.3
+    version: v1.1.4
   - name: ricsanfre.backup
     version: v1.1.3
   - name: ricsanfre.vault
     version: v1.0.4
 collections:
   - name: community.general
-    version: 6.3.0
+    version: 8.0.1
   - name: kubernetes.core
-    version: 2.3.2
+    version: 2.4.0
   - name: community.hashi_vault
-    version: 4.1.0
+    version: 5.0.1
   - name: community.sops
     version: 1.6.0
   - name: ansible.posix
-    version: 1.5.1
+    version: 1.5.4

ansible/group_vars/all.yml

@@ -2,7 +2,7 @@
 # Group all variables.
 
 # Remote user name
-ansible_user: ricsanfre
+ansible_user: marmila
 
 # Ansible ssh private key
 ansible_ssh_private_key_file: ~/.ssh/id_rsa
@@ -16,7 +16,7 @@ centralized_san: false
 #######################
 # DNS server
 dns_server: 10.0.0.1
-dns_domain: picluster.ricsanfre.com
+dns_domain: picluster.marmilan.com
 
 ############################
 # restic backup role variables
@@ -32,3 +32,4 @@ restic_backups_dirs:
     exclude:
       - pattern: '.cache'
       - pattern: '.ansible'
+

ansible/host_vars/gateway.yml

@@ -14,7 +14,7 @@ dnsmasq_dhcp_range: '10.0.0.32,10.0.0.99'
 dnsmasq_additional_dhcp_hosts:
   ethernet_switch:
     desc: "Ethernet Switch"
-    mac: 94:a6:7e:7c:c7:69
+    mac: e0:46:ee:11:69:f3
     ip: 10.0.0.2
 dnsmasq_additional_dns_hosts:
   ntp_server:
@@ -28,7 +28,7 @@ dnsmasq_additional_dns_hosts:
   s3_server:
     desc: "S3 Server"
     hostname: s3
-    ip: 10.0.0.11
+    ip: 129.152.28.229
   elasticsearch:
     desc: "Elasticsearch server"
     hostname: elasticsearch

ansible/host_vars/node-hp-1.yml → ansible/host_vars/node-esp-1.yml

@@ -5,6 +5,8 @@ autoinstall:
       reorder_uefi: false
     config:
       - ptable: gpt
+        serial: KINGSTON_SA400S37480G_50026B7283150896
+        wwn: 0x50026b7283150896
         path: /dev/sda
         wipe: superblock-recursive
         preserve: false
@@ -98,3 +100,4 @@ autoinstall:
         device: format-0
         type: mount
         id: mount-0
+

ansible/inventory.yml

@@ -7,7 +7,7 @@ all:
           hostname: gateway
           ansible_host: 10.0.0.1
           ip: 10.0.0.1
-          mac: e4:5f:01:28:36:98
+          mac: d8:3a:dd:4a:08:f8
         pimaster:
           hostname: pimaster
           ansible_host: localhost
@@ -16,62 +16,48 @@ all:
       hosts:
         s3:
           hostname: s3
-          ansible_host: s3.ricsanfre.com
+          ansible_host: s3.marmilan.com
     picluster:
       hosts:
         node1:
           hostname: node1
           ansible_host: 10.0.0.11
           ip: 10.0.0.11
-          mac: dc:a6:32:9c:29:b9
+          mac: d8:3a:dd:18:cb:cc
         node2:
           hostname: node2
           ansible_host: 10.0.0.12
           ip: 10.0.0.12
-          mac: e4:5f:01:2d:fd:19
+          mac: d8:3a:dd:19:00:a3
         node3:
           hostname: node3
           ansible_host: 10.0.0.13
           ip: 10.0.0.13
-          mac: e4:5f:01:2f:49:05
+          mac: d8:3a:dd:18:d2:47
         node4:
           hostname: node4
           ansible_host: 10.0.0.14
           ip: 10.0.0.14
-          mac: e4:5f:01:2f:54:82
-        node5:
-          hostname: node5
-          ansible_host: 10.0.0.15
-          ip: 10.0.0.15
-          mac: e4:5f:01:d9:ec:5c
-        node-hp-1:
-          hostname: node-hp-1
+          mac: d8:3a:dd:19:00:cb
+        node-esp-1:
+          hostname: node-esp-1
           ansible-host: 10.0.0.20
           ip: 10.0.0.20
-          mac: 18:60:24:21:1c:d4
-        node-hp-2:
-          hostname: node-hp-2
-          ansible-host: 10.0.0.21
-          ip: 10.0.0.21
-          mac: 10:e7:c6:16:54:10
-        node-hp-3:
-          hostname: node-hp-3
-          ansible-host: 10.0.0.22
-          ip: 10.0.0.22
-          mac: 10:e7:c6:0a:de:8a
+          mac: 90:1b:0e:b8:90:e8
     raspberrypi:
       hosts:
-        node[1:5]:
+        node[1:4]:
         gateway:
     x86:
       hosts:
-        node-hp-[1:3]:
+        node-esp-1:
     k3s_cluster:
       children:
         k3s_master:
           hosts:
-            node[1:3]:
+            node[1:2]:
         k3s_worker:
           hosts:
-            node[4:5]:
-            node-hp-[1:3]:
+            node[3:4]:
+            node-esp-1:
+

ansible/k3s_bootstrap.yml

@@ -3,6 +3,7 @@
 - name: Bootstrap Cluster
   hosts: node1
   gather_facts: false
+  become: false
 
   collections:
     - kubernetes.core
@@ -35,10 +36,10 @@
       become: true
 
     # Install Helm diff plugin to have a better idempotence check
-    - name: Intall Helm Plugin
-      kubernetes.core.helm_plugin:
-        plugin_path: "https://github.com/databus23/helm-diff"
-        state: present
+    # - name: Intall Helm Plugin
+    #   kubernetes.core.helm_plugin:
+    #     plugin_path: "https://github.com/databus23/helm-diff"
+    #     state: present
 
     - name: Include vault variables
       include_vars: "vars/vault.yml"
@@ -69,8 +70,12 @@
         - "bootstrap/argocd"
 
     - name: Install CRDs
-      ansible.builtin.command:
-        cmd: kubectl apply --server-side --kustomize  /tmp/charts/crds
+      ansible.builtin.shell: |
+        set -o pipefail
+        kubectl kustomize /tmp/charts/crds --enable-helm \
+        | kubectl apply --server-side -f -
+      args:
+        executable: /bin/bash
 
     - name: Update argo-cd helm dependency.
       ansible.builtin.command:
@@ -107,3 +112,4 @@
 
     - name: Install cli utils.
       include_tasks: tasks/install_cli_utils.yml
+

ansible/requirements.yml

@@ -13,19 +13,25 @@ roles:
   - name: ricsanfre.iscsi_target
     version: v1.0.0
   - name: ricsanfre.iscsi_initiator
-    version: v1.1.0
+    version: v1.1.1
   - name: ricsanfre.k8s_cli
     version: v1.0.0
   - name: ricsanfre.fluentbit
     version: v1.0.4
   - name: ricsanfre.minio
-    version: v1.1.3
+    version: v1.1.4
   - name: ricsanfre.backup
     version: v1.1.3
   - name: ricsanfre.vault
     version: v1.0.4
 collections:
+  - name: community.general
+    version: 8.0.1
   - name: kubernetes.core
-    version: 2.3.2
+    version: 2.4.0
   - name: community.hashi_vault
-    version: 4.0.0
+    version: 5.0.1
+  - name: community.sops
+    version: 1.6.0
+  - name: ansible.posix
+    version: 1.5.4

ansible/roles/pxe-server/templates/cloud-init-autoinstall.yml.j2

@@ -2,7 +2,7 @@
 autoinstall:
   version: 1
   keyboard:
-    layout: es
+    layout: it
   ssh:
     allow-pw: false
     install-server: true
@@ -11,8 +11,8 @@ autoinstall:
 
   user-data:
     # Set TimeZone and Locale
-    timezone: UTC
-    locale: es_ES.UTF-8
+    timezone: Europe/Rome
+    locale: en_EN.UTF-8
 
     # Hostname
     hostname: {{ x86_host }}
@@ -21,12 +21,13 @@ autoinstall:
     manage_etc_hosts: localhost
 
     users:
-      - name: ricsanfre
+      - name: marmila
         primary_group: users
         groups: [adm, admin]
         shell: /bin/bash
         sudo: ALL=(ALL) NOPASSWD:ALL
         lock_passwd: true
         ssh_authorized_keys:
-          - ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAusTXKfFoy6p3G4QAHvqoBK+9Vn2+cx2G5AY89WmjMikmeTG9KUseOCIAx22BCrFTNryMZ0oLx4u3M+Ibm1nX76R3Gs4b+gBsgf0TFENzztST++n9/bHYWeMVXddeV9RFbvPnQZv/TfLfPUejIMjFt26JCfhZdw3Ukpx9FKYhFDxr2jG9hXzCY9Ja2IkVwHuBcO4gvWV5xtI1nS/LvMw44Okmlpqos/ETjkd12PLCxZU6GQDslUgGZGuWsvOKbf51sR+cvBppEAG3ujIDySZkVhXqH1SSaGQbxF0pO6N5d4PWus0xsafy5z1AJdTeXZdBXPVvUSNVOUw8lbL+RTWI2Q== ricardo@dol-guldur
-          - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsVSvxBitgaOiqeX4foCfhIe4yZj+OOaWP+wFuoUOBCZMWQ3cW188nSyXhXKfwYK50oo44O6UVEb2GZiU9bLOoy1fjfiGMOnmp3AUVG+e6Vh5aXOeLCEKKxV3I8LjMXr4ack6vtOqOVFBGFSN0ThaRTZwKpoxQ+pEzh+Q4cMJTXBHXYH0eP7WEuQlPIM/hmhGa4kIw/A92Rm0ZlF2H6L2QzxdLV/2LmnLAkt9C+6tH62hepcMCIQFPvHVUqj93hpmNm9MQI4hM7uK5qyH8wGi3nmPuX311km3hkd5O6XT5KNZq9Nk1HTC2GHqYzwha/cAka5pRUfZmWkJrEuV3sNAl ansible@pimaster
+          - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWqOhITGB6+xNLMPb2OaX/OAD8kqEB0WtX0NL6syzGyfwQYXePwLT/TbZRNg0fFE1elZoixejDDGQNPqRhSiTQslXTEqhJQJqZUZs2bsCVCqupQeeNV4x5owAkhingf2j5RnzWB4PL2S6nVLCKgGdzIK9lAMtndnJkcZSApSUy0O/a9+SfxIJsfCB3OXG5uIA2zyVefBVKL4/NkXJmN7UfLJlP+XV85XYpyw+9krbdanJxuYEAE25zRulsfOXYz0IMJ8vQNRYzk5P7C06SwygsVoHFEQcdD5dUKhbSuvNIeo57oLv9iZGeSdLQmEiHRKNjRkwdKbKf/0yohUGa9bqr marmila@node-esp-1
+          - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDN93wD7peNaqkO3qxbMDYnr8PJg0nUh8Uen60LkocCEZR5JiPIFrmWpJZUP+inMyyWLBGZnYXnyTGqCthhs1GF+pjbZnvo2+V8ka3Jo99G1Wcz042GlPtpufmxZTPDnRAju3ATp24PRRlXun7M12rcj+RxadBxqlsyEMPNMMwbGlQ7wCL9bQfD11j9QIq5sXtKqNIt9Y9YXdrcTGCnhOPNWATJoIG98n2YhgxetMMZuuWCaTqr+jkTuZA4VZ88crGOPuRdKpm/JCsPha0ynQIQS5DnUuc1FV5OcLMZROWHEaBSuT0A2PrzPbeWfw8BRk5KugDNjaT3kZrf5yLycZfzxJu1g+g54DBFeKPzf/pJJRqQiR40Iwt3ZwK0gOAXmyzFkTKfxkg3MHDxmjh17ijAcYVqlFNMPoOabm/N2Kwkqso/B+V/Rmgw4kmGXsgbZklBaqfVR12hQ4LPBnK7pZ/Nwo51VjfYWCKElyCLlWr8379C3XQi8leUn5GARdSg/38= runner@d28e295fc7c4
+

ansible/roles/velero-cli/defaults/main.yml

@@ -1,5 +1,5 @@
 ---
-velero_version: v1.11.1
+velero_version: v1.12.0
 velero_arch: arm64
 
 velero_namespace: velero

ansible/templates/argocd_root_app.yml.j2

@@ -10,7 +10,7 @@ spec:
   project: default
   source:
     path: argocd/bootstrap/root
-    repoURL: https://github.com/ricsanfre/pi-cluster
+    repoURL: https://github.com/marmila/pi-cluster
     targetRevision: master
   syncPolicy:
     automated:
@@ -23,4 +23,4 @@ spec:
         maxDuration: 16m
         factor: 2
     syncOptions:
-    - CreateNamespace=true
+    - CreateNamespace=true

ansible/update.yml

@@ -25,7 +25,7 @@
     - name: Check if a reboot is needed on all servers
       stat:
         path: /var/run/reboot-required
-        get_md5: false
+        get_checksum: false
         # Algorithm to determine checksum of file
       register: reboot_required_file
       # Save a result in and we are going to use it as follows to reboot the box

ansible/vars/picluster.yml

@@ -104,14 +104,14 @@ ionos_api_endpoint: https://api.hosting.ionos.com
 
 
 # issuer email
-acme_issuer_email: admin@ricsanfre.com
+acme_issuer_email: admin@marmilan.com
 
 ##########################
 # Minio S3 configuration #
 ##########################
 
 # Minio S3 Server
-minio_hostname: "s3.ricsanfre.com"
+minio_hostname: "s3.marmilan.com"
 minio_endpoint: "{{ minio_hostname }}:9091"
 minio_url: "https://{{ minio_hostname }}:9091"
 
@@ -125,7 +125,7 @@ minio_root_user: "minioadmin"
 minio_root_password: "{{ vault.minio.root.key }}"
 
 # Minio site region configuration
-minio_site_region: "eu-west-1"
+minio_site_region: "eu-milan-1"
 
 # Enabling TLS
 minio_enable_tls: true
@@ -230,8 +230,9 @@ restic_environment:
 # Vault configuration
 #######################
 
-vault_hostname: "vault.picluster.ricsanfre.com"
+vault_hostname: "vault.picluster.marmilan.com"
 vault_dns: "{{ vault_hostname }}"
+vault_version: 1.15.2
 vault_enable_tls: true
 custom_ca: false
 vault_init: true

ansible/vars/selfsigned-certificates.yml

@@ -3,6 +3,6 @@
 ssl_key_size: 4096
 ssl_certificate_provider: selfsigned
 key_type: RSA
-country_name: ES
-email_address: admin@ricsanfre.com
-organization_name: Ricsanfre
+country_name: IT
+email_address: admin@marmilan.com
+organization_name: Marmilan