From fe18b2fb5283ff46aa8b66d9ffb317e18523be36 Mon Sep 17 00:00:00 2001 From: alex Date: Sun, 19 Feb 2023 02:59:35 +0100 Subject: [PATCH] Add Talos support --- .../playbooks/roles/talos/README.md | 4 + .../playbooks/roles/talos/files/get-ip | 5 + .../playbooks/roles/talos/tasks/main.yaml | 91 +++++++++++++++++++ .../playbooks/roles/talos/tasks/proxmox.yml | 19 ++++ personal_infra/playbooks/site.yaml | 13 ++- personal_infra/pseudo_resource_exporter.py | 10 +- personal_infra/requirements.txt | 16 ++++ 7 files changed, 153 insertions(+), 5 deletions(-) create mode 100644 personal_infra/playbooks/roles/talos/README.md create mode 100644 personal_infra/playbooks/roles/talos/files/get-ip create mode 100644 personal_infra/playbooks/roles/talos/tasks/main.yaml create mode 100644 personal_infra/playbooks/roles/talos/tasks/proxmox.yml diff --git a/personal_infra/playbooks/roles/talos/README.md b/personal_infra/playbooks/roles/talos/README.md new file mode 100644 index 0000000..ec36402 --- /dev/null +++ b/personal_infra/playbooks/roles/talos/README.md @@ -0,0 +1,4 @@ +``` +$ talosctl gen secrets -o talos/secrets.yaml +$ ansible-vault encrypt talos/secrets.yaml +``` diff --git a/personal_infra/playbooks/roles/talos/files/get-ip b/personal_infra/playbooks/roles/talos/files/get-ip new file mode 100644 index 0000000..a96dab6 --- /dev/null +++ b/personal_infra/playbooks/roles/talos/files/get-ip @@ -0,0 +1,5 @@ +#!/bin/bash + +set -ueo pipefail + +grep $(cat /etc/pve/qemu-server/$1.conf | grep net0: | sed 's/^.*virtio=\([0-9A-F:]*\),.*$/\1/' | tr [:upper:] [:lower:]) /var/lib/misc/dnsmasq.leases | cut -d " " -f 3 diff --git a/personal_infra/playbooks/roles/talos/tasks/main.yaml b/personal_infra/playbooks/roles/talos/tasks/main.yaml new file mode 100644 index 0000000..bd294ac --- /dev/null +++ b/personal_infra/playbooks/roles/talos/tasks/main.yaml @@ -0,0 +1,91 @@ +--- +- name: check node ready + k8s_info: + context: admin@{{ talos_host.talos_cluster }} + kind: Node + wait: true + wait_condition: + status: True + type: Ready + delegate_to: 127.0.0.1 + register: nodes + ignore_errors: true + +- name: setup proxmox hosts + import_tasks: proxmox.yml + when: "'k8s_proxmox' in group_names and not 'resources' in nodes or nodes.resources|length == 0" + +- name: generate controlplane patch + copy: + content: | + machine: + install: + disk: {{ talos_host.install_disk }} + network: + hostname: {{ inventory_hostname }} + nameservers: + - {{ hostvars[proxmox.host].network.self_internal_ip }} + interfaces: + - interface: eth0 + addresses: + - {{ network.ip }}/24 + routes: + - network: 0.0.0.0/0 + gateway: {{ hostvars[proxmox.host].network.self_internal_ip }} + dest: "{{ inventory_dir }}/talos/host-{{ inventory_hostname }}.patch" + delegate_to: 127.0.0.1 + when: "not 'resources' in nodes or nodes.resources|length == 0" + +- name: generate controlplane config + shell: + cmd: talosctl gen config -t controlplane -o talos/host-{{ inventory_hostname }}.yaml --with-secrets <(ansible-vault view talos/secrets.yaml) --config-patch-control-plane @talos/host-{{ inventory_hostname }}.patch {{ talos_host.talos_cluster }} {{ talos_clusters[talos_host.talos_cluster].endpoint }} + chdir: "{{ inventory_dir }}" + delegate_to: 127.0.0.1 + when: "not 'resources' in nodes or nodes.resources|length == 0" + +- name: apply config + command: + cmd: talosctl apply-config --insecure --nodes {{ ip.stdout }} --file talos/host-{{ inventory_hostname }}.yaml + chdir: "{{ inventory_dir }}" + delegate_to: 127.0.0.1 + when: "not 'resources' in nodes or nodes.resources|length == 0" + +- name: generate talosconfig + shell: + cmd: talosctl gen config -t talosconfig -o talos/talosconfig-{{ talos_host.talos_cluster }} --with-secrets <(ansible-vault view talos/secrets.yaml) {{ talos_host.talos_cluster }} {{ talos_clusters[talos_host.talos_cluster].endpoint }} + chdir: "{{ inventory_dir }}" + delegate_to: 127.0.0.1 + when: "not 'resources' in nodes or nodes.resources|length == 0" + +- name: bootstrap cluster + command: + cmd: talosctl bootstrap --nodes {{ inventory_hostname }} --talosconfig talos/talosconfig-{{ talos_host.talos_cluster }} -e {{ inventory_hostname }} + chdir: "{{ inventory_dir }}" + delegate_to: 127.0.0.1 + register: bootstrap + until: bootstrap.rc == 0 + retries: 8 + delay: 1 + when: "not 'resources' in nodes or nodes.resources|length == 0" + +- name: get kubeconfig + command: + cmd: talosctl kubeconfig --talosconfig talos/talosconfig-{{ talos_host.talos_cluster }} --nodes {{ inventory_hostname }} -e {{ inventory_hostname }} --force-context-name {{ talos_host.talos_cluster }}@admin + chdir: "{{ inventory_dir }}" + delegate_to: 127.0.0.1 + when: "not 'resources' in nodes or nodes.resources|length == 0" + +- name: wait node ready + k8s_info: + context: admin@{{ talos_host.talos_cluster }} + kind: Node + wait: true + wait_condition: + status: True + type: Ready + delegate_to: 127.0.0.1 + register: nodes + until: nodes.resources|length > 0 + retries: 20 + delay: 1 + when: "not 'resources' in nodes or nodes.resources|length == 0" diff --git a/personal_infra/playbooks/roles/talos/tasks/proxmox.yml b/personal_infra/playbooks/roles/talos/tasks/proxmox.yml new file mode 100644 index 0000000..e42c50f --- /dev/null +++ b/personal_infra/playbooks/roles/talos/tasks/proxmox.yml @@ -0,0 +1,19 @@ +--- +- name: download iso + get_url: + url: https://github.com/siderolabs/talos/releases/download/v1.3.2/talos-amd64.iso + dest: /var/lib/vz/template/iso/ + delegate_to: "{{ proxmox.host }}" + run_once: True +- name: create vm + command: qm create {{ proxmox.id }} --cdrom local:iso/talos-amd64.iso --cores 12 --memory 8192 --name {{ inventory_hostname }} --onboot 1 --start 1 --virtio0 local-zfs:32 --cpu host --net0 virtio,bridge=vmbr0 + delegate_to: "{{ proxmox.host }}" + args: + creates: /etc/pve/qemu-server/{{ proxmox.id }}.conf +- name: get ip + script: get-ip {{ proxmox.id }} + delegate_to: "{{ proxmox.host }}" + register: ip + until: ip.rc == 0 + retries: 10 + delay: 1 diff --git a/personal_infra/playbooks/site.yaml b/personal_infra/playbooks/site.yaml index c6d11b0..63af423 100644 --- a/personal_infra/playbooks/site.yaml +++ b/personal_infra/playbooks/site.yaml @@ -7,7 +7,7 @@ - proxmox_create_lxc - name: complete provision - hosts: all + hosts: all,!k8s tags: puppet roles: - apply_puppet @@ -19,13 +19,20 @@ - join_ipa - name: deploy ragent - hosts: all + hosts: all,!k8s tags: deploy_ragent roles: - deploy_ragent - name: verify root mail - hosts: all + hosts: all,!k8s tags: verify_root_mail roles: - verify_root_mail + +- name: create k8s + hosts: k8s + tags: k8s + gather_facts: false + roles: + - talos diff --git a/personal_infra/pseudo_resource_exporter.py b/personal_infra/pseudo_resource_exporter.py index 793f2b7..9ef498b 100755 --- a/personal_infra/pseudo_resource_exporter.py +++ b/personal_infra/pseudo_resource_exporter.py @@ -1,6 +1,7 @@ #!/usr/bin/env python3 import json import pathlib +import subprocess """ @@ -41,12 +42,17 @@ if nagios_catalog_file.exists(): assert len(nagios_contacts) == 1, f"found multiple nagios contacts {nagios_contacts}" nagios_contact = nagios_contacts[0] -total_hosts_in_inventory = len(list(pathlib.Path("host_vars").glob("*"))) + +ail = subprocess.run(["ansible-inventory", "--list"], check=True, stdout=subprocess.PIPE) +inventory = json.loads(ail.stdout) +total_hosts_in_inventory = len(inventory["_meta"]["hostvars"].keys()) +k8s_hosts_in_inventory = len(inventory["k8s"]["hosts"]) +puppet_hosts_in_inventory = total_hosts_in_inventory - k8s_hosts_in_inventory catalog_files = list(pathlib.Path("build/puppet/build/output/").glob("*/catalog.json")) if nagios_catalog_file.exists(): - assert len(catalog_files) == total_hosts_in_inventory, f"catalogs {catalog_files} quantity different from total hosts in inventory {total_hosts_in_inventory}" + assert len(catalog_files) == puppet_hosts_in_inventory, f"catalogs {catalog_files} quantity different from total hosts in inventory {puppet_hosts_in_inventory}" nagios_resources = [] diff --git a/personal_infra/requirements.txt b/personal_infra/requirements.txt index 769f725..31a69fd 100644 --- a/personal_infra/requirements.txt +++ b/personal_infra/requirements.txt @@ -1,11 +1,27 @@ ansible==7.1.0 ansible-core==2.14.1 +cachetools==5.3.0 +certifi==2022.12.7 cffi==1.15.1 +charset-normalizer==3.0.1 cryptography==38.0.4 +google-auth==2.16.1 +idna==3.4 Jinja2==3.1.2 jmespath==1.0.1 +kubernetes==26.1.0 MarkupSafe==2.1.1 +oauthlib==3.2.2 packaging==22.0 +pyasn1==0.4.8 +pyasn1-modules==0.2.8 pycparser==2.21 +python-dateutil==2.8.2 PyYAML==6.0 +requests==2.28.2 +requests-oauthlib==1.3.1 resolvelib==0.8.1 +rsa==4.9 +six==1.16.0 +urllib3==1.26.14 +websocket-client==1.5.1 -- 2.47.3