aboutsummaryrefslogtreecommitdiff
path: root/personal_infra/HACKING.md
blob: 23ba8119fa6991c2856f415da91c32cb9161e5d8 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

# Personal infra

This is a collection of files I use setting up my personal infrastructure.
This is a work in progress, as I am redoing a bit how I do configuration management.
The main source is in a private repo, but I put here as much material as I can make public.
Inventory, vaults, etc. remain in the private repo.

## Ansible

### Initial setup

Symlink everything in this directory into your root infrastructure directory.

Create an `inventory` file.

Create `vault_password` with a vault password.

Use `rye sync` to set up Python.

### Usage

Run Ansible commands with `rye run`.

## Ansible/Puppet integration

I prefer using Ansible for orchestration, and Puppet for configuration management.

* `up.py` compiles Puppet catalogs without a Puppet Server.
* `pseudo_resource_exporter.py` simulates exported resources on the catalogs generated by `up.py`.
  You can use this script as a template to implement your own catalog manipulations.
* `playbooks/roles/apply_puppet/` uses `up.py` to apply Puppet to Ansible hosts.
  This script collects facts, adds the Ansible inventory to Hiera (so you can use Ansible inventory data to parameterize Puppet), compiles the catalogs, ships them to Ansible nodes, and executes Puppet.

Except for exported resources, which work differently, this setup has most of the benefits of Puppet Server without having to run a Puppet Server and PuppetDB.

Being able to simulate exported resources without a master lets you use the `nagios_core` module without infrastructure.
With the `nagios_core` module, Puppet code, such as a module which sets up a web server, can define "inline" Puppet monitoring for the managed resources.

## Puppet

For the moment, I'm managing the following distros using this setup.

| Distro          | Puppet version     |
| --------------- | ------------------ |
| Debian 12 (PVE) | Puppet 7.23        |
| EL8             | Puppet 6.26 (EPEL) |
| EL9             | Puppet 7.20 (EPEL) |

I perform catalog compilation on my laptop running EL9.
Although [support across Puppet 5.5-7 is not documented](https://www.puppet.com/docs/puppet/7/platform_lifecycle.html#primary-agent-compatibility), catalogs still seem to be compatible.

## Other stuff

* [Podman](podman.md)
* I run two Kubernetes clusters (production and testing) using [Talos](https://www.talos.dev/)
  * [Base Kustomizations](k8s/base/kustomization.yml), including [a small app to check for Talos and K8S updates](https://github.com/alexpdp7/talos-check)
  * [Ansible Role to provision Talos on Proxmox](playbooks/roles/talos)
  * [A CRUD application](https://github.com/alexpdp7/zqxjkcrud/) to record my weight that [I deploy to K8S](playbooks/roles/zqxjkcrud/tasks/main.yaml)
  * [My blog](../blog)
generated by cgit v1.2.3 (git 2.46.0) at 2026-02-02 06:14:49 +0000