diff --git a/ansible-runner/build/requirements.yml b/ansible-runner/build/requirements.yml index c64b1762..f1bf67ee 100644 --- a/ansible-runner/build/requirements.yml +++ b/ansible-runner/build/requirements.yml @@ -19,19 +19,19 @@ roles: - name: ricsanfre.fluentbit version: v1.0.4 - name: ricsanfre.minio - version: v1.1.3 + version: v1.1.4 - name: ricsanfre.backup version: v1.1.3 - name: ricsanfre.vault version: v1.0.4 collections: - name: community.general - version: 6.3.0 + version: 8.0.1 - name: kubernetes.core - version: 2.3.2 + version: 2.4.0 - name: community.hashi_vault - version: 4.1.0 + version: 5.0.1 - name: community.sops version: 1.6.0 - name: ansible.posix - version: 1.5.1 + version: 1.5.4 diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 2e29579d..09d5f759 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -2,7 +2,7 @@ # Group all variables. # Remote user name -ansible_user: ricsanfre +ansible_user: marmila # Ansible ssh private key ansible_ssh_private_key_file: ~/.ssh/id_rsa @@ -16,7 +16,7 @@ centralized_san: false ####################### # DNS server dns_server: 10.0.0.1 -dns_domain: picluster.ricsanfre.com +dns_domain: picluster.marmilan.com ############################ # restic backup role variables @@ -32,3 +32,4 @@ restic_backups_dirs: exclude: - pattern: '.cache' - pattern: '.ansible' + diff --git a/ansible/host_vars/gateway.yml b/ansible/host_vars/gateway.yml index 5147bb68..49a7f518 100644 --- a/ansible/host_vars/gateway.yml +++ b/ansible/host_vars/gateway.yml @@ -14,7 +14,7 @@ dnsmasq_dhcp_range: '10.0.0.32,10.0.0.99' dnsmasq_additional_dhcp_hosts: ethernet_switch: desc: "Ethernet Switch" - mac: 94:a6:7e:7c:c7:69 + mac: e0:46:ee:11:69:f3 ip: 10.0.0.2 dnsmasq_additional_dns_hosts: ntp_server: @@ -28,7 +28,7 @@ dnsmasq_additional_dns_hosts: s3_server: desc: "S3 Server" hostname: s3 - ip: 10.0.0.11 + ip: 129.152.28.229 elasticsearch: desc: "Elasticsearch server" hostname: elasticsearch diff --git a/ansible/host_vars/node-hp-1.yml b/ansible/host_vars/node-esp-1.yml similarity index 96% rename from ansible/host_vars/node-hp-1.yml rename to ansible/host_vars/node-esp-1.yml index 5d460752..a13da7d1 100644 --- a/ansible/host_vars/node-hp-1.yml +++ b/ansible/host_vars/node-esp-1.yml @@ -5,6 +5,8 @@ autoinstall: reorder_uefi: false config: - ptable: gpt + serial: KINGSTON_SA400S37480G_50026B7283150896 + wwn: 0x50026b7283150896 path: /dev/sda wipe: superblock-recursive preserve: false @@ -98,3 +100,4 @@ autoinstall: device: format-0 type: mount id: mount-0 + diff --git a/ansible/inventory.yml b/ansible/inventory.yml index 7a064607..c77a52cf 100644 --- a/ansible/inventory.yml +++ b/ansible/inventory.yml @@ -7,7 +7,7 @@ all: hostname: gateway ansible_host: 10.0.0.1 ip: 10.0.0.1 - mac: e4:5f:01:28:36:98 + mac: d8:3a:dd:4a:08:f8 pimaster: hostname: pimaster ansible_host: localhost @@ -16,62 +16,48 @@ all: hosts: s3: hostname: s3 - ansible_host: s3.ricsanfre.com + ansible_host: s3.marmilan.com picluster: hosts: node1: hostname: node1 ansible_host: 10.0.0.11 ip: 10.0.0.11 - mac: dc:a6:32:9c:29:b9 + mac: d8:3a:dd:18:cb:cc node2: hostname: node2 ansible_host: 10.0.0.12 ip: 10.0.0.12 - mac: e4:5f:01:2d:fd:19 + mac: d8:3a:dd:19:00:a3 node3: hostname: node3 ansible_host: 10.0.0.13 ip: 10.0.0.13 - mac: e4:5f:01:2f:49:05 + mac: d8:3a:dd:18:d2:47 node4: hostname: node4 ansible_host: 10.0.0.14 ip: 10.0.0.14 - mac: e4:5f:01:2f:54:82 - node5: - hostname: node5 - ansible_host: 10.0.0.15 - ip: 10.0.0.15 - mac: e4:5f:01:d9:ec:5c - node-hp-1: - hostname: node-hp-1 + mac: d8:3a:dd:19:00:cb + node-esp-1: + hostname: node-esp-1 ansible-host: 10.0.0.20 ip: 10.0.0.20 - mac: 18:60:24:21:1c:d4 - node-hp-2: - hostname: node-hp-2 - ansible-host: 10.0.0.21 - ip: 10.0.0.21 - mac: 10:e7:c6:16:54:10 - node-hp-3: - hostname: node-hp-3 - ansible-host: 10.0.0.22 - ip: 10.0.0.22 - mac: 10:e7:c6:0a:de:8a + mac: 90:1b:0e:b8:90:e8 raspberrypi: hosts: - node[1:5]: + node[1:4]: gateway: x86: hosts: - node-hp-[1:3]: + node-esp-1: k3s_cluster: children: k3s_master: hosts: - node[1:3]: + node[1:2]: k3s_worker: hosts: - node[4:5]: - node-hp-[1:3]: + node[3:4]: + node-esp-1: + diff --git a/ansible/k3s_bootstrap.yml b/ansible/k3s_bootstrap.yml index c458a6e2..47ec3f25 100644 --- a/ansible/k3s_bootstrap.yml +++ b/ansible/k3s_bootstrap.yml @@ -3,6 +3,7 @@ - name: Bootstrap Cluster hosts: node1 gather_facts: false + become: false collections: - kubernetes.core @@ -35,10 +36,10 @@ become: true # Install Helm diff plugin to have a better idempotence check - - name: Intall Helm Plugin - kubernetes.core.helm_plugin: - plugin_path: "https://github.com/databus23/helm-diff" - state: present + # - name: Intall Helm Plugin + # kubernetes.core.helm_plugin: + # plugin_path: "https://github.com/databus23/helm-diff" + # state: present - name: Include vault variables include_vars: "vars/vault.yml" @@ -69,8 +70,12 @@ - "bootstrap/argocd" - name: Install CRDs - ansible.builtin.command: - cmd: kubectl apply --server-side --kustomize /tmp/charts/crds + ansible.builtin.shell: | + set -o pipefail + kubectl kustomize /tmp/charts/crds --enable-helm \ + | kubectl apply --server-side -f - + args: + executable: /bin/bash - name: Update argo-cd helm dependency. ansible.builtin.command: @@ -107,3 +112,4 @@ - name: Install cli utils. include_tasks: tasks/install_cli_utils.yml + diff --git a/ansible/requirements.yml b/ansible/requirements.yml index 4dfc5e5f..f1bf67ee 100644 --- a/ansible/requirements.yml +++ b/ansible/requirements.yml @@ -13,19 +13,25 @@ roles: - name: ricsanfre.iscsi_target version: v1.0.0 - name: ricsanfre.iscsi_initiator - version: v1.1.0 + version: v1.1.1 - name: ricsanfre.k8s_cli version: v1.0.0 - name: ricsanfre.fluentbit version: v1.0.4 - name: ricsanfre.minio - version: v1.1.3 + version: v1.1.4 - name: ricsanfre.backup version: v1.1.3 - name: ricsanfre.vault version: v1.0.4 collections: + - name: community.general + version: 8.0.1 - name: kubernetes.core - version: 2.3.2 + version: 2.4.0 - name: community.hashi_vault - version: 4.0.0 + version: 5.0.1 + - name: community.sops + version: 1.6.0 + - name: ansible.posix + version: 1.5.4 diff --git a/ansible/roles/pxe-server/templates/cloud-init-autoinstall.yml.j2 b/ansible/roles/pxe-server/templates/cloud-init-autoinstall.yml.j2 index 754d82ac..0db0b296 100644 --- a/ansible/roles/pxe-server/templates/cloud-init-autoinstall.yml.j2 +++ b/ansible/roles/pxe-server/templates/cloud-init-autoinstall.yml.j2 @@ -2,7 +2,7 @@ autoinstall: version: 1 keyboard: - layout: es + layout: it ssh: allow-pw: false install-server: true @@ -11,8 +11,8 @@ autoinstall: user-data: # Set TimeZone and Locale - timezone: UTC - locale: es_ES.UTF-8 + timezone: Europe/Rome + locale: en_EN.UTF-8 # Hostname hostname: {{ x86_host }} @@ -21,12 +21,13 @@ autoinstall: manage_etc_hosts: localhost users: - - name: ricsanfre + - name: marmila primary_group: users groups: [adm, admin] shell: /bin/bash sudo: ALL=(ALL) NOPASSWD:ALL lock_passwd: true ssh_authorized_keys: - - ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAusTXKfFoy6p3G4QAHvqoBK+9Vn2+cx2G5AY89WmjMikmeTG9KUseOCIAx22BCrFTNryMZ0oLx4u3M+Ibm1nX76R3Gs4b+gBsgf0TFENzztST++n9/bHYWeMVXddeV9RFbvPnQZv/TfLfPUejIMjFt26JCfhZdw3Ukpx9FKYhFDxr2jG9hXzCY9Ja2IkVwHuBcO4gvWV5xtI1nS/LvMw44Okmlpqos/ETjkd12PLCxZU6GQDslUgGZGuWsvOKbf51sR+cvBppEAG3ujIDySZkVhXqH1SSaGQbxF0pO6N5d4PWus0xsafy5z1AJdTeXZdBXPVvUSNVOUw8lbL+RTWI2Q== ricardo@dol-guldur - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsVSvxBitgaOiqeX4foCfhIe4yZj+OOaWP+wFuoUOBCZMWQ3cW188nSyXhXKfwYK50oo44O6UVEb2GZiU9bLOoy1fjfiGMOnmp3AUVG+e6Vh5aXOeLCEKKxV3I8LjMXr4ack6vtOqOVFBGFSN0ThaRTZwKpoxQ+pEzh+Q4cMJTXBHXYH0eP7WEuQlPIM/hmhGa4kIw/A92Rm0ZlF2H6L2QzxdLV/2LmnLAkt9C+6tH62hepcMCIQFPvHVUqj93hpmNm9MQI4hM7uK5qyH8wGi3nmPuX311km3hkd5O6XT5KNZq9Nk1HTC2GHqYzwha/cAka5pRUfZmWkJrEuV3sNAl ansible@pimaster \ No newline at end of file + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWqOhITGB6+xNLMPb2OaX/OAD8kqEB0WtX0NL6syzGyfwQYXePwLT/TbZRNg0fFE1elZoixejDDGQNPqRhSiTQslXTEqhJQJqZUZs2bsCVCqupQeeNV4x5owAkhingf2j5RnzWB4PL2S6nVLCKgGdzIK9lAMtndnJkcZSApSUy0O/a9+SfxIJsfCB3OXG5uIA2zyVefBVKL4/NkXJmN7UfLJlP+XV85XYpyw+9krbdanJxuYEAE25zRulsfOXYz0IMJ8vQNRYzk5P7C06SwygsVoHFEQcdD5dUKhbSuvNIeo57oLv9iZGeSdLQmEiHRKNjRkwdKbKf/0yohUGa9bqr marmila@node-esp-1 + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDN93wD7peNaqkO3qxbMDYnr8PJg0nUh8Uen60LkocCEZR5JiPIFrmWpJZUP+inMyyWLBGZnYXnyTGqCthhs1GF+pjbZnvo2+V8ka3Jo99G1Wcz042GlPtpufmxZTPDnRAju3ATp24PRRlXun7M12rcj+RxadBxqlsyEMPNMMwbGlQ7wCL9bQfD11j9QIq5sXtKqNIt9Y9YXdrcTGCnhOPNWATJoIG98n2YhgxetMMZuuWCaTqr+jkTuZA4VZ88crGOPuRdKpm/JCsPha0ynQIQS5DnUuc1FV5OcLMZROWHEaBSuT0A2PrzPbeWfw8BRk5KugDNjaT3kZrf5yLycZfzxJu1g+g54DBFeKPzf/pJJRqQiR40Iwt3ZwK0gOAXmyzFkTKfxkg3MHDxmjh17ijAcYVqlFNMPoOabm/N2Kwkqso/B+V/Rmgw4kmGXsgbZklBaqfVR12hQ4LPBnK7pZ/Nwo51VjfYWCKElyCLlWr8379C3XQi8leUn5GARdSg/38= runner@d28e295fc7c4 + diff --git a/ansible/roles/velero-cli/defaults/main.yml b/ansible/roles/velero-cli/defaults/main.yml index 534af7ad..c303d330 100644 --- a/ansible/roles/velero-cli/defaults/main.yml +++ b/ansible/roles/velero-cli/defaults/main.yml @@ -1,5 +1,5 @@ --- -velero_version: v1.11.1 +velero_version: v1.12.0 velero_arch: arm64 velero_namespace: velero diff --git a/ansible/templates/argocd_root_app.yml.j2 b/ansible/templates/argocd_root_app.yml.j2 index f5e57799..56b11b85 100644 --- a/ansible/templates/argocd_root_app.yml.j2 +++ b/ansible/templates/argocd_root_app.yml.j2 @@ -10,7 +10,7 @@ spec: project: default source: path: argocd/bootstrap/root - repoURL: https://github.com/ricsanfre/pi-cluster + repoURL: https://github.com/marmila/pi-cluster targetRevision: master syncPolicy: automated: @@ -23,4 +23,4 @@ spec: maxDuration: 16m factor: 2 syncOptions: - - CreateNamespace=true \ No newline at end of file + - CreateNamespace=true diff --git a/ansible/update.yml b/ansible/update.yml index 8505fae1..e913f228 100644 --- a/ansible/update.yml +++ b/ansible/update.yml @@ -25,7 +25,7 @@ - name: Check if a reboot is needed on all servers stat: path: /var/run/reboot-required - get_md5: false + get_checksum: false # Algorithm to determine checksum of file register: reboot_required_file # Save a result in and we are going to use it as follows to reboot the box diff --git a/ansible/vars/picluster.yml b/ansible/vars/picluster.yml index c945998a..2f353e4d 100644 --- a/ansible/vars/picluster.yml +++ b/ansible/vars/picluster.yml @@ -104,14 +104,14 @@ ionos_api_endpoint: https://api.hosting.ionos.com # issuer email -acme_issuer_email: admin@ricsanfre.com +acme_issuer_email: admin@marmilan.com ########################## # Minio S3 configuration # ########################## # Minio S3 Server -minio_hostname: "s3.ricsanfre.com" +minio_hostname: "s3.marmilan.com" minio_endpoint: "{{ minio_hostname }}:9091" minio_url: "https://{{ minio_hostname }}:9091" @@ -125,7 +125,7 @@ minio_root_user: "minioadmin" minio_root_password: "{{ vault.minio.root.key }}" # Minio site region configuration -minio_site_region: "eu-west-1" +minio_site_region: "eu-milan-1" # Enabling TLS minio_enable_tls: true @@ -230,8 +230,9 @@ restic_environment: # Vault configuration ####################### -vault_hostname: "vault.picluster.ricsanfre.com" +vault_hostname: "vault.picluster.marmilan.com" vault_dns: "{{ vault_hostname }}" +vault_version: 1.15.2 vault_enable_tls: true custom_ca: false vault_init: true diff --git a/ansible/vars/selfsigned-certificates.yml b/ansible/vars/selfsigned-certificates.yml index 742355ce..936e3d46 100644 --- a/ansible/vars/selfsigned-certificates.yml +++ b/ansible/vars/selfsigned-certificates.yml @@ -3,6 +3,6 @@ ssl_key_size: 4096 ssl_certificate_provider: selfsigned key_type: RSA -country_name: ES -email_address: admin@ricsanfre.com -organization_name: Ricsanfre +country_name: IT +email_address: admin@marmilan.com +organization_name: Marmilan diff --git a/ansible/vars/vault.yml b/ansible/vars/vault.yml index 39eea389..e8443786 100644 --- a/ansible/vars/vault.yml +++ b/ansible/vars/vault.yml @@ -1,62 +1,70 @@ ---- -# Encrypted variables - Ansible Vault -vault: - # SAN - san: - iscsi: - node_pass: s1cret0 - password_mutual: 0tr0s1cret0 - # K3s secrets - cluster: - k3s: - token: s1cret0 - # traefik secrets - traefik: - basic_auth: - user: admin - passwd: s1cret0 - # Minio S3 secrets - minio: - root: - user: root - key: supers1cret0 - restic: - user: restic - key: supers1cret0 - longhorn: - user: longhorn - key: supers1cret0 - velero: - user: velero - key: supers1cret0 - loki: - user: loki - key: supers1cret0 - tempo: - user: tempo - key: supers1cret0 - # elastic search - elasticsearch: - es-admin: - user: admin - password: s1cret0 - es-fluentd: - user: fluentd - password: s1cret0 - es-prometheus: - user: prometheus - password: s1cret0 - # Fluentd - fluentd: - shared_key: s1cret0 - # Grafana - grafana: - admin: - user: admin - password: s1cret0 - - # Certmanager - certmanager: - ionos: - public_prefix: your-public-prefix - secret: your-key +$ANSIBLE_VAULT;1.1;AES256 +63623639386666633335343463373361356264356539666436646630386538393064653163663136 +3330396464336530326563653563626333333363653432310a656339663336653466383237336130 +62313766323762393031306430646566306536353761663332383363303665313937343838353863 +3630663237633864310a643963636461623330653731643539663135303031373435363766366164 +36633163363464646531356562646565623034306337356566383962616339666136633830333537 +34393937626265393033636139333434383635326631626635313961383663656535373433356465 +36636434373433323734646439626132313861396136343362356637363031396233353133626539 +62643961616236666161333635633333333530353538326538303464653165353334646638663933 +61386334303566643463356363303261316330633030663333366331323239386434646132613239 +38653733326530326165346538303331383234323433366536363135643165643465616331636465 +30333661373530636262613033616263646666383536393836663165653634616536346664313766 +32326334666434363335353865326665306436373961613463346664306664313461623036656137 +30393562306363626537353562656265383039386234356139336131353136653265353763333535 +32636134626437323735353837343366643962376466306537303433306433663134353436393233 +37376233363361306633386538383430303031616538303236613432633665313263346134363033 +37323230643463306634636461636433633539663961623130616664326264653032353362363138 +39343265613061356162366437316362383561383033343537303332386139656533363963316338 +39356232303834323436353766303363356139363564356639653263393835626438356334663930 +33393063646231306362373238666137363938366163616331376436313838643038376634656332 +36626430623330326439393331633665393331376662336430383963663537313838376565353232 +38313931323466633163306363633031643339666639363661623236633938316233323036333633 +31313535383939323964353266336264376538346539623531346231323565343465633938613231 +31366534373934303463626361393635666335343733376638393231316430613131376437626337 +66373565326663353432333565356339353264316235626364306263376331643466353162323433 +38396662326335366438646462396230633263656465643133646533353562363936356439313733 +33373264613764663936333235666433386232336239633038626238643531653865663361373833 +34656131393031663137626462636331663262613037653863623534363965626130306263306362 +31393534393937336465656235656164636663363339313865643466343836326265626631633533 +39356435323162663361623965383137633765356336373830643365666230353737646564366532 +36343231326432343334376430353631633036646565313563633933613631653736366663613064 +32626561316138643762626533343233643738396163383439343733626132316338653637336538 +32346166393734363536393163633063366137393161383037343463336163613938636466323131 +66353863326536376564323563656335616136363961373662663739626634613262613039336161 +31366434396139356461303336663639643532363439336135323061366631393939323836386430 +31373036383162356631373262363064646562663762363165363730373865636262313364633235 +66303339303033636562626465363432366263363134396131313635306565326565666364383533 +31643461353231376465393036306135643236643731343964343066356238393838343362633862 +64353463366666646239316664396335373364653337366330643661363831363965636236366639 +62313665326430333663653337303234373230313166646262323430306663386561333031646637 +65303139366664326133373930306439383930353139323433343861623462363164333838333661 +39353165396435356264386665343633306231336361653163336236393164643762396264646133 +32643064653763653665353030333837353361336334613038396130653035396531393837393864 +61313831373966353365636266306135613562666631393432323435623666353032383139613538 +39306131366466396637623034613438373664376630633666393161383435323238613861366236 +61356233393764633635353430363933623561663461306364363661306162326237383938653934 +33326136336632623762613964663762633930663233376563346465663634356463373638363065 +62633666343034313566313332373338386364666236653835616665323431353339666330626562 +35356431636436616236316530336435633436353463623762393233386562613237663962646636 +33333031643031643965623035303335383038646539636264633565303730616266316531373735 +32653130613437626463346435356363613362313166636331653332343163303264663334353962 +64656238636664663566373831396266393865643034656133666261356433613133633030363333 +61313337623435336664336635313834623131383731636330633561366133376339616230643566 +38356461313531333334333564313261303234373566323436663336386464383964313339346233 +35346639303331373664386537643336343339636236343965633835313661653864323263653461 +64356431663365356137393765383664383161316265363837333932313361643135656332636638 +62343332626535366538373166663935313665366166306663646365353234393033636434623261 +34346666613561653963633738386531636633663932663437323033383365393863316564346134 +32376539323062633762613433303034623861623830646238316465353337653132353039383930 +37643236653134666133346163363033363965613163613337363064316362323233353439653964 +34306632636438353933333333383536323931316664383137613331643166353833646330313830 +34613735373033363432343234616331646564353966323832313435626461616466613034383836 +66643266623162393662376264626635396631626532303366643635346531363766653063353362 +31313163383934616130663531636536356232633365623835636665653331633966333730663331 +39313865353532663733303335363039353934316336626166633730663034393839333537616538 +37646234346432383531353336653838343836383063353734653831313937393239623136363337 +32653631303133366165356162316137663834626633363539653262646634326334653837353137 +39363865666461363365636137326235366162353832396233373665373564623136613533336565 +34653863663431303438376166386462386565363362626464323530343430343338326564393863 +6435 diff --git a/argocd/bootstrap/argocd/Chart.yaml b/argocd/bootstrap/argocd/Chart.yaml index 2698d922..5dc33101 100644 --- a/argocd/bootstrap/argocd/Chart.yaml +++ b/argocd/bootstrap/argocd/Chart.yaml @@ -3,5 +3,5 @@ name: argocd version: 0.0.0 dependencies: - name: argo-cd - version: 5.46.8 + version: 5.51.2 repository: https://argoproj.github.io/argo-helm diff --git a/argocd/bootstrap/argocd/values.yaml b/argocd/bootstrap/argocd/values.yaml index 59d1bb4a..50ae3066 100644 --- a/argocd/bootstrap/argocd/values.yaml +++ b/argocd/bootstrap/argocd/values.yaml @@ -35,12 +35,12 @@ argo-cd: ingressClassName: nginx # ingress host hosts: - - argocd.picluster.ricsanfre.com + - argocd.picluster.marmilan.com ## TLS Secret Name tls: - secretName: argocd-tls hosts: - - argocd.picluster.ricsanfre.com + - argocd.picluster.marmilan.com ## Default ingress path paths: - / @@ -54,5 +54,5 @@ argo-cd: # * 'letsencrypt-issuer' (valid TLS certificate using IONOS API) # * 'ca-issuer' (CA-signed certificate, not valid) cert-manager.io/cluster-issuer: letsencrypt-issuer - cert-manager.io/common-name: argocd.picluster.ricsanfre.com + cert-manager.io/common-name: argocd.picluster.marmilan.com diff --git a/argocd/bootstrap/crds/external-secrets/kustomization.yaml b/argocd/bootstrap/crds/external-secrets/kustomization.yaml index c6e4e236..fde6c150 100644 --- a/argocd/bootstrap/crds/external-secrets/kustomization.yaml +++ b/argocd/bootstrap/crds/external-secrets/kustomization.yaml @@ -2,6 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: # external-secrets https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets -# helm chart version 0.9.5 +# helm chart version 0.9.9 # external-secrets helm chart to be installed with value installCDRs=false -- https://raw.githubusercontent.com/external-secrets/external-secrets/v0.9.5/deploy/crds/bundle.yaml \ No newline at end of file +- https://raw.githubusercontent.com/external-secrets/external-secrets/v0.9.9/deploy/crds/bundle.yaml diff --git a/argocd/bootstrap/crds/kube-prometheus-stack/kustomization.yaml b/argocd/bootstrap/crds/kube-prometheus-stack/kustomization.yaml index 3dd84986..4066c8ba 100644 --- a/argocd/bootstrap/crds/kube-prometheus-stack/kustomization.yaml +++ b/argocd/bootstrap/crds/kube-prometheus-stack/kustomization.yaml @@ -6,4 +6,4 @@ resources: helmCharts: - name: prometheus-operator-crds repo: https://prometheus-community.github.io/helm-charts - version: "6.0.0" \ No newline at end of file + version: "6.0.0" diff --git a/argocd/bootstrap/root/values.yaml b/argocd/bootstrap/root/values.yaml index 6755ff6d..ce30ad0f 100644 --- a/argocd/bootstrap/root/values.yaml +++ b/argocd/bootstrap/root/values.yaml @@ -1,5 +1,5 @@ gitops: - repo: https://github.com/ricsanfre/pi-cluster + repo: https://github.com/marmila/picluster revision: master # List of application corresponding to different sync waves @@ -103,4 +103,4 @@ apps: - name: kafka namespace: kafka path: argocd/system/kafka - syncWave: 17 \ No newline at end of file + syncWave: 17 diff --git a/argocd/system/cert-manager/Chart.yaml b/argocd/system/cert-manager/Chart.yaml index 4a8dd6d9..73caa3ff 100644 --- a/argocd/system/cert-manager/Chart.yaml +++ b/argocd/system/cert-manager/Chart.yaml @@ -3,12 +3,12 @@ name: certmanager version: 0.0.0 dependencies: - name: cert-manager - version: v1.13.1 + version: v1.13.2 repository: https://charts.jetstack.io - name: trust-manager - version: v0.6.0 + version: v0.7.0 repository: https://charts.jetstack.io - name: cert-manager-webhook-ionos version: 1.0.2 repository: https://fabmade.github.io/cert-manager-webhook-ionos - condition: acme.dns01.ionos.enabled \ No newline at end of file + condition: acme.dns01.ionos.enabled diff --git a/argocd/system/cert-manager/values.yaml b/argocd/system/cert-manager/values.yaml index 57f70bef..92feb122 100644 --- a/argocd/system/cert-manager/values.yaml +++ b/argocd/system/cert-manager/values.yaml @@ -12,7 +12,7 @@ acme: # It creates ClusterIssuer resource `letsencrypt-issuer` ionos: enabled: true - acme_issuer_email: admin@ricsanfre.com + acme_issuer_email: admin@marmilan.com ######################## # cert-manager subchart @@ -26,5 +26,5 @@ cert-manager: # cert-manager-webhook-ionos subchart ##################################### cert-manager-webhook-ionos: - groupName: acme.ricsanfre.com + groupName: acme.marmilan.com diff --git a/argocd/system/external-secrets/Chart.yaml b/argocd/system/external-secrets/Chart.yaml index 10e5b261..77627406 100644 --- a/argocd/system/external-secrets/Chart.yaml +++ b/argocd/system/external-secrets/Chart.yaml @@ -3,5 +3,5 @@ name: external-secrets version: 0.0.0 dependencies: - name: external-secrets - version: 0.9.5 - repository: https://charts.external-secrets.io \ No newline at end of file + version: 0.9.9 + repository: https://charts.external-secrets.io diff --git a/argocd/system/external-secrets/values.yaml b/argocd/system/external-secrets/values.yaml index 19af8315..1dc6c402 100644 --- a/argocd/system/external-secrets/values.yaml +++ b/argocd/system/external-secrets/values.yaml @@ -2,7 +2,7 @@ # Vault secret store vault: # Vault server URL - vaultUrl: "https://vault.picluster.ricsanfre.com:8200" + vaultUrl: "https://vault.picluster.marmilan.com:8200" # Vault CA cert # caBundle needed if vault TLS is signed using a custom CA. diff --git a/argocd/system/kafka/values.yaml b/argocd/system/kafka/values.yaml index 2c6ec0f1..2fe656a5 100644 --- a/argocd/system/kafka/values.yaml +++ b/argocd/system/kafka/values.yaml @@ -57,12 +57,12 @@ kafdrop: ingressClassName: nginx # ingress host hosts: - - kafdrop.picluster.ricsanfre.com + - kafdrop.picluster.marmilan.com ## TLS Secret Name tls: - secretName: kafdrop-tls hosts: - - kafdrop.picluster.ricsanfre.com + - kafdrop.picluster.marmilan.com ## Default ingress path path: / ## Ingress annotations @@ -74,7 +74,7 @@ kafdrop: # * 'letsencrypt-issuer' (valid TLS certificate using IONOS API) # * 'ca-issuer' (CA-signed certificate, not valid) cert-manager.io/cluster-issuer: letsencrypt-issuer - cert-manager.io/common-name: kafdrop.picluster.ricsanfre.com + cert-manager.io/common-name: kafdrop.picluster.marmilan.com # Kafdrop docker images are not multi-arch. Only amd64 image is available affinity: @@ -85,4 +85,4 @@ kafdrop: - key: kubernetes.io/arch operator: In values: - - amd64 \ No newline at end of file + - amd64 diff --git a/argocd/system/linkerd-viz/values.yaml b/argocd/system/linkerd-viz/values.yaml index 89942cb7..242cf4c2 100644 --- a/argocd/system/linkerd-viz/values.yaml +++ b/argocd/system/linkerd-viz/values.yaml @@ -6,7 +6,7 @@ serviceMonitor: # Ingress configuration ingress: - host: linkerd.picluster.ricsanfre.com + host: linkerd.picluster.marmilan.com # configure cert-manager issuer certmanager: # tlsIssuer=letsecrypt to generate valid TLS certficiate using IONOS API diff --git a/argocd/system/logging/Chart.yaml b/argocd/system/logging/Chart.yaml index c426c43a..f8671eb6 100644 --- a/argocd/system/logging/Chart.yaml +++ b/argocd/system/logging/Chart.yaml @@ -3,7 +3,7 @@ name: logging version: 0.0.0 dependencies: - name: eck-operator - version: 2.9.0 + version: 2.10.0 repository: https://helm.elastic.co - name: fluentd version: 0.4.4 @@ -12,8 +12,8 @@ dependencies: version: 0.39.0 repository: https://fluent.github.io/helm-charts - name: loki - version: 5.29.0 + version: 5.36.3 repository: https://grafana.github.io/helm-charts - name: prometheus-elasticsearch-exporter version: 5.3.1 - repository: https://prometheus-community.github.io/helm-charts \ No newline at end of file + repository: https://prometheus-community.github.io/helm-charts diff --git a/argocd/system/logging/values.yaml b/argocd/system/logging/values.yaml index ecf19c95..dfbcf244 100644 --- a/argocd/system/logging/values.yaml +++ b/argocd/system/logging/values.yaml @@ -24,7 +24,7 @@ elasticsearch: # Ingress configuration ingress: - host: elasticsearch.picluster.ricsanfre.com + host: elasticsearch.picluster.marmilan.com # configure cert-manager issuer certmanager: # tlsIssuer=letsecrypt to generate valid TLS certficiate using IONOS API @@ -42,7 +42,7 @@ kibana: # Ingress configuration ingress: - host: kibana.picluster.ricsanfre.com + host: kibana.picluster.marmilan.com # configure cert-manager issuer certmanager: # tlsIssuer=letsecrypt to generate valid TLS certficiate using IONOS API @@ -53,7 +53,7 @@ kibana: external: fluentd: loadBalancerIp: 10.0.0.101 - dns: fluentd.picluster.ricsanfre.com + dns: fluentd.picluster.marmilan.com # Prometheus monitoring serviceMonitor: @@ -522,7 +522,7 @@ fluent-bit: fieldPath: spec.nodeName # Specify TZ - name: TZ - value: "Europe/Madrid" + value: "Europe/Rome" # Fluentbit config config: # Helm chart combines service, inputs, outputs, custom_parsers and filters section diff --git a/argocd/system/longhorn-system/Chart.yaml b/argocd/system/longhorn-system/Chart.yaml index 544cdb75..aba2a5f4 100644 --- a/argocd/system/longhorn-system/Chart.yaml +++ b/argocd/system/longhorn-system/Chart.yaml @@ -3,5 +3,5 @@ name: longhorn version: 0.0.0 dependencies: - name: longhorn - version: 1.5.1 - repository: https://charts.longhorn.io \ No newline at end of file + version: 1.5.3 + repository: https://charts.longhorn.io diff --git a/argocd/system/longhorn-system/values.yaml b/argocd/system/longhorn-system/values.yaml index b0ad416c..6f8de4e3 100644 --- a/argocd/system/longhorn-system/values.yaml +++ b/argocd/system/longhorn-system/values.yaml @@ -1,7 +1,7 @@ # Backup S3 backend URL backup: - minioUrl: "https://s3.ricsanfre.com:9091" + minioUrl: "https://s3.marmilan.com:9091" # Prometheus servicemonitor configuration serviceMonitor: @@ -26,7 +26,7 @@ longhorn: ingressClassName: nginx # ingress host - host: longhorn.picluster.ricsanfre.com + host: longhorn.picluster.marmilan.com ## Set this to true in order to enable TLS on the ingress record tls: true @@ -50,4 +50,4 @@ longhorn: # * 'letsencrypt-issuer' (valid TLS certificate using IONOS API) # * 'ca-issuer' (CA-signed certificate, not valid) cert-manager.io/cluster-issuer: letsencrypt-issuer - cert-manager.io/common-name: longhorn.picluster.ricsanfre.com + cert-manager.io/common-name: longhorn.picluster.marmilan.com diff --git a/argocd/system/minio/values.yaml b/argocd/system/minio/values.yaml index 77b503ae..2246ecb4 100644 --- a/argocd/system/minio/values.yaml +++ b/argocd/system/minio/values.yaml @@ -94,12 +94,12 @@ minio: ingressClassName: nginx # ingress host hosts: - - s3.picluster.ricsanfre.com + - s3.picluster.marmilan.com ## TLS Secret Name tls: - secretName: minio-tls hosts: - - s3.picluster.ricsanfre.com + - s3.picluster.marmilan.com ## Default ingress path path: / ## Ingress annotations @@ -111,7 +111,7 @@ minio: # * 'letsencrypt-issuer' (valid TLS certificate using IONOS API) # * 'ca-issuer' (CA-signed certificate, not valid) cert-manager.io/cluster-issuer: letsencrypt-issuer - cert-manager.io/common-name: s3.picluster.ricsanfre.com + cert-manager.io/common-name: s3.picluster.marmilan.com # console Ingress consoleIngress: @@ -121,12 +121,12 @@ minio: ingressClassName: nginx # ingress host hosts: - - minio.picluster.ricsanfre.com + - minio.picluster.marmilan.com ## TLS Secret Name tls: - secretName: minio-console-tls hosts: - - minio.picluster.ricsanfre.com + - minio.picluster.marmilan.com ## Default ingress path path: / ## Ingress annotations @@ -138,4 +138,4 @@ minio: # * 'letsencrypt-issuer' (valid TLS certificate using IONOS API) # * 'ca-issuer' (CA-signed certificate, not valid) cert-manager.io/cluster-issuer: letsencrypt-issuer - cert-manager.io/common-name: minio.picluster.ricsanfre.com + cert-manager.io/common-name: minio.picluster.marmilan.com diff --git a/argocd/system/monitoring/Chart.yaml b/argocd/system/monitoring/Chart.yaml index ce834701..fa224dcd 100644 --- a/argocd/system/monitoring/Chart.yaml +++ b/argocd/system/monitoring/Chart.yaml @@ -4,4 +4,4 @@ version: 0.0.0 dependencies: - name: kube-prometheus-stack version: 51.6.1 - repository: https://prometheus-community.github.io/helm-charts \ No newline at end of file + repository: https://prometheus-community.github.io/helm-charts diff --git a/argocd/system/monitoring/values.yaml b/argocd/system/monitoring/values.yaml index a74944d1..36cc778b 100644 --- a/argocd/system/monitoring/values.yaml +++ b/argocd/system/monitoring/values.yaml @@ -1,7 +1,7 @@ # Ingress configuration ingress: - host: monitoring.picluster.ricsanfre.com + host: monitoring.picluster.marmilan.com # configure cert-manager issuer certmanager: # tlsIssuer=letsecrypt to generate valid TLS certficiate using IONOS API @@ -72,7 +72,7 @@ kube-prometheus-stack: alertmanager: alertmanagerSpec: # Subpath /alertmanager configuration - externalUrl: http://monitoring.picluster.ricsanfre.com/alertmanager/ + externalUrl: http://monitoring.picluster.marmilan.com/alertmanager/ routePrefix: / # PVC config storage: @@ -94,7 +94,7 @@ kube-prometheus-stack: prometheus: prometheusSpec: # Subpath /prometheus configuration - externalUrl: http://monitoring.picluster.ricsanfre.com/prometheus/ + externalUrl: http://monitoring.picluster.marmilan.com/prometheus/ routePrefix: / # Resources request and limits resources: @@ -144,7 +144,7 @@ kube-prometheus-stack: # Configuring /grafana subpath grafana.ini: server: - domain: monitoring.picluster.ricsanfre.com + domain: monitoring.picluster.marmilan.com root_url: "%(protocol)s://%(domain)s:%(http_port)s/grafana/" # rewrite rules configured in nginx rules # https://grafana.com/tutorials/run-grafana-behind-a-proxy/ diff --git a/argocd/system/nginx/Chart.yaml b/argocd/system/nginx/Chart.yaml index 229faec2..d761b04d 100644 --- a/argocd/system/nginx/Chart.yaml +++ b/argocd/system/nginx/Chart.yaml @@ -3,5 +3,5 @@ name: ingress-nginx version: 0.0.0 dependencies: - name: ingress-nginx - version: 4.8.2 + version: 4.8.3 repository: https://kubernetes.github.io/ingress-nginx diff --git a/argocd/system/traefik/values.yaml b/argocd/system/traefik/values.yaml index 5a5f6223..3ddeccae 100644 --- a/argocd/system/traefik/values.yaml +++ b/argocd/system/traefik/values.yaml @@ -4,7 +4,7 @@ # Creating with specific template ingress: enabled: true - host: traefik.picluster.ricsanfre.com + host: traefik.picluster.marmilan.com # configure cert-manager issuer certmanager: # tlsIssuer=letsecrypt to generate valid TLS certficiate using IONOS API diff --git a/argocd/system/velero/values.yaml b/argocd/system/velero/values.yaml index a514aacb..57de5ed5 100644 --- a/argocd/system/velero/values.yaml +++ b/argocd/system/velero/values.yaml @@ -33,7 +33,7 @@ velero: config: region: eu-west-1 s3ForcePathStyle: true - s3Url: https://s3.ricsanfre.com:9091 + s3Url: https://s3.marmilan.com:9091 # insecureSkipTLSVerify: true # Enable CSI snapshot support features: EnableCSI @@ -59,4 +59,4 @@ velero: # - key: kubernetes.io/arch # operator: In # values: - # - amd64 \ No newline at end of file + # - amd64 diff --git a/metal/rpi/cloud-init/gateway/user-data b/metal/rpi/cloud-init/gateway/user-data index 3c2300f2..23b38c8f 100644 --- a/metal/rpi/cloud-init/gateway/user-data +++ b/metal/rpi/cloud-init/gateway/user-data @@ -1,8 +1,8 @@ #cloud-config # Set TimeZone and Locale -timezone: UTC -locale: es_ES.UTF-8 +timezone: Europe/Rome +locale: en_EN.UTF-8 # Hostname hostname: gateway @@ -12,16 +12,18 @@ manage_etc_hosts: localhost users: # not using default ubuntu user - - name: ricsanfre + - name: marmila primary_group: users groups: [adm, admin] shell: /bin/bash sudo: ALL=(ALL) NOPASSWD:ALL lock_passwd: true ssh_authorized_keys: - - ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAusTXKfFoy6p3G4QAHvqoBK+9Vn2+cx2G5AY89WmjMikmeTG9KUseOCIAx22BCrFTNryMZ0oLx4u3M+Ibm1nX76R3Gs4b+gBsgf0TFENzztST++n9/bHYWeMVXddeV9RFbvPnQZv/TfLfPUejIMjFt26JCfhZdw3Ukpx9FKYhFDxr2jG9hXzCY9Ja2IkVwHuBcO4gvWV5xtI1nS/LvMw44Okmlpqos/ETjkd12PLCxZU6GQDslUgGZGuWsvOKbf51sR+cvBppEAG3ujIDySZkVhXqH1SSaGQbxF0pO6N5d4PWus0xsafy5z1AJdTeXZdBXPVvUSNVOUw8lbL+RTWI2Q== ricardo@dol-guldur - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsVSvxBitgaOiqeX4foCfhIe4yZj+OOaWP+wFuoUOBCZMWQ3cW188nSyXhXKfwYK50oo44O6UVEb2GZiU9bLOoy1fjfiGMOnmp3AUVG+e6Vh5aXOeLCEKKxV3I8LjMXr4ack6vtOqOVFBGFSN0ThaRTZwKpoxQ+pEzh+Q4cMJTXBHXYH0eP7WEuQlPIM/hmhGa4kIw/A92Rm0ZlF2H6L2QzxdLV/2LmnLAkt9C+6tH62hepcMCIQFPvHVUqj93hpmNm9MQI4hM7uK5qyH8wGi3nmPuX311km3hkd5O6XT5KNZq9Nk1HTC2GHqYzwha/cAka5pRUfZmWkJrEuV3sNAl ansible@pimaster + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDN93wD7peNaqkO3qxbMDYnr8PJg0nUh8Uen60LkocCEZR5JiPIFrmWpJZUP+inMyyWLBGZnYXnyTGqCthhs1GF+pjbZnvo2+V8ka3Jo99G1Wcz042GlPtpufmxZTPDnRAju3ATp24PRRlXun7M12rcj+RxadBxqlsyEMPNMMwbGlQ7wCL9bQfD11j9QIq5sXtKqNIt9Y9YXdrcTGCnhOPNWATJoIG98n2YhgxetMMZuuWCaTqr+jkTuZA4VZ88crGOPuRdKpm/JCsPha0ynQIQS5DnUuc1FV5OcLMZROWHEaBSuT0A2PrzPbeWfw8BRk5KugDNjaT3kZrf5yLycZfzxJu1g+g54DBFeKPzf/pJJRqQiR40Iwt3ZwK0gOAXmyzFkTKfxkg3MHDxmjh17ijAcYVqlFNMPoOabm/N2Kwkqso/B+V/Rmgw4kmGXsgbZklBaqfVR12hQ4LPBnK7pZ/Nwo51VjfYWCKElyCLlWr8379C3XQi8leUn5GARdSg/38= runner@d28e295fc7c4 + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCCgohOlmZbD5gcRnjiHuvtftN+6pS/Yd9Uj8q7Hvd3x72kydJwH6NhMkAe2rtPREk5AME08EtbNNEkOf7XoD67pX0maPADwe47RD43+ixuFAXUXiP01Xhb3d1jnb+AGMtnEJLyPuHjYRWXNdMKF2MvphhesUZOiBGs0+zcpNs8tTvuuLHdRbg6ZXxOX1mwiwjk83rFFFigxUbQLWKbf+aZaPoU2RY0ZZBQCZqv2AmZ4rXN+Xep5N6xomkztydvmjGCUB7H3tP2hBEeIrc+LPTOOiXPI8MV4hLljzqP1PFSiiVrBveLjoRNWggCGfAuVlsDqQhCxgyxJpZxffDdJsbX marmila@gateway + ## Reboot to enable Wifi configuration (more details in network-config file) power_state: mode: reboot + diff --git a/metal/rpi/cloud-init/nodes/user-data b/metal/rpi/cloud-init/nodes/user-data index e75f5674..c1e0dc22 100644 --- a/metal/rpi/cloud-init/nodes/user-data +++ b/metal/rpi/cloud-init/nodes/user-data @@ -1,23 +1,42 @@ #cloud-config # Set TimeZone and Locale -timezone: UTC -locale: es_ES.UTF-8 +timezone: Europe/Rome +locale: en_EN.UTF-8 # Hostname -hostname: nodeX +hostname: node1 # cloud-init not managing hosts file. only hostname is added manage_etc_hosts: localhost users: # not using default ubuntu user - - name: ricsanfre + - name: marmila primary_group: users groups: [adm, admin] shell: /bin/bash sudo: ALL=(ALL) NOPASSWD:ALL lock_passwd: true ssh_authorized_keys: - - ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAusTXKfFoy6p3G4QAHvqoBK+9Vn2+cx2G5AY89WmjMikmeTG9KUseOCIAx22BCrFTNryMZ0oLx4u3M+Ibm1nX76R3Gs4b+gBsgf0TFENzztST++n9/bHYWeMVXddeV9RFbvPnQZv/TfLfPUejIMjFt26JCfhZdw3Ukpx9FKYhFDxr2jG9hXzCY9Ja2IkVwHuBcO4gvWV5xtI1nS/LvMw44Okmlpqos/ETjkd12PLCxZU6GQDslUgGZGuWsvOKbf51sR+cvBppEAG3ujIDySZkVhXqH1SSaGQbxF0pO6N5d4PWus0xsafy5z1AJdTeXZdBXPVvUSNVOUw8lbL+RTWI2Q== ricardo@dol-guldur - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsVSvxBitgaOiqeX4foCfhIe4yZj+OOaWP+wFuoUOBCZMWQ3cW188nSyXhXKfwYK50oo44O6UVEb2GZiU9bLOoy1fjfiGMOnmp3AUVG+e6Vh5aXOeLCEKKxV3I8LjMXr4ack6vtOqOVFBGFSN0ThaRTZwKpoxQ+pEzh+Q4cMJTXBHXYH0eP7WEuQlPIM/hmhGa4kIw/A92Rm0ZlF2H6L2QzxdLV/2LmnLAkt9C+6tH62hepcMCIQFPvHVUqj93hpmNm9MQI4hM7uK5qyH8wGi3nmPuX311km3hkd5O6XT5KNZq9Nk1HTC2GHqYzwha/cAka5pRUfZmWkJrEuV3sNAl ansible@pimaster + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDN93wD7peNaqkO3qxbMDYnr8PJg0nUh8Uen60LkocCEZR5JiPIFrmWpJZUP+inMyyWLBGZnYXnyTGqCthhs1GF+pjbZnvo2+V8ka3Jo99G1Wcz042GlPtpufmxZTPDnRAju3ATp24PRRlXun7M12rcj+RxadBxqlsyEMPNMMwbGlQ7wCL9bQfD11j9QIq5sXtKqNIt9Y9YXdrcTGCnhOPNWATJoIG98n2YhgxetMMZuuWCaTqr+jkTuZA4VZ88crGOPuRdKpm/JCsPha0ynQIQS5DnUuc1FV5OcLMZROWHEaBSuT0A2PrzPbeWfw8BRk5KugDNjaT3kZrf5yLycZfzxJu1g+g54DBFeKPzf/pJJRqQiR40Iwt3ZwK0gOAXmyzFkTKfxkg3MHDxmjh17ijAcYVqlFNMPoOabm/N2Kwkqso/B+V/Rmgw4kmGXsgbZklBaqfVR12hQ4LPBnK7pZ/Nwo51VjfYWCKElyCLlWr8379C3XQi8leUn5GARdSg/38= runner@d28e295fc7c4 + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdGZvZwrTvanAlbVNUNJS/Lsx64RrOfEOZXOqBR6fCrkyKRzOk5njt4J/9t+nPCwuJg32p45jW0FLM7CJAYyc//vEeYsqFWzsP03XcuIMBnKNEqzmY78vXTCOgekxmNj+NwHjgRDgPIx0EAjW/cTP5BrVWyOBmrGPD20eorGApobJgXrhVoYMqPTCtEGcyhNHC7r9/zlvRANFXv325b0hS4FZeJH7r3BnwDpqJWR/5hrcJ5f4dAcu/PSftvh6N+9tkQmEvsvbuxdXIS7a3K+/qUIMOAf6gBPcfBxhPofme93U3Z+mnQmi219g3di9Os7taYS5vIcqoPrH22MA+ETR7 marmila@node1 + +bootcmd: + # Create second Linux partition. Leaving 30GB for root partition + # sgdisk /dev/sda -g -e -n=0:30G:0 -t 0:8300 + # First convert MBR partition to GPT (-g option) + # Second moves the GPT backup block to the end of the disk where it belongs (-e option) + # Then creates a new partition starting 10GiB into the disk filling the rest of the disk (-n=0:10G:0 option) + # And labels it as a Linux partition (-t option) + - [cloud-init-per, once, addpartition, sgdisk, /dev/sda, "-g", "-e", "-n=0:30G:0", -t, "0:8300"] + +runcmd: + # reload partition table + - "sudo partprobe /dev/sda" + # configure new partition + - "mkfs.ext4 /dev/sda3" + - "e2label /dev/sda3 DATA" + - "mkdir -p /storage" + - "mount -t ext4 /dev/sda3 /storage" + - "echo LABEL=DATA /storage ext4 defaults 0 0 | sudo tee -a /etc/fstab" diff --git a/metal/x86/build/build-docker-helper-image b/metal/x86/build/build-docker-helper-image new file mode 100644 index 00000000..e69de29b