Readme

INSTALL.md

@@ -0,0 +1,63 @@
+Snel.com Ansible Playbooks - Installation
+---
+
+## Install requirements on macOS
+```zsh
+brew  install  \
+  ansible \
+  ansible-lint \
+  packer \
+  jq \
+  siderolabs/talos/talosctl \
+  kubernetes-cli \
+  helm \
+  bitwarden-cli \
+  velero
+helm  plugin  install  https://github.com/databus23/helm-diff  
+python3  -m pip  install  --upgrade  --requirement  ./requirements.txt
+ansible-galaxy  install  --force  --role-file  ./requirements.yml
+grep 'OBJC_DISABLE_INITIALIZE_FORK_SAFETY' ~/.zshrc || echo "OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES" >> ~/.zshrc
+source ~/.zshrc
+```
+
+## Install requirements on Linux (non-root)
+```bash
+mkdir -p "${HOME}/bin"
+if [[ "${PATH}" != *"${HOME}/.local/bin"* ]]; then echo 'PATH="${HOME}/.local/bin:${PATH}"' >> ~/.bash_profile; source ~/.bash_profile; fi
+if [[ "${PATH}" != *"${HOME}/bin"* ]]; then echo 'PATH="${HOME}/bin:${PATH}"' >> ~/.bash_profile; source ~/.bash_profile; fi
+curl -L "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" -o "${HOME}/bin/kubectl"
+curl -L "https://github.com/siderolabs/talos/releases/download/latest/talosctl-linux-amd64"  -o "${HOME}/bin/talosctl"
+curl -L "https://get.helm.sh/helm-$(curl -s https://api.github.com/repos/helm/helm/releases/latest | jq -r '.tag_name' )-linux-amd64.tar.gz" | tar -C "${HOME}/bin" -xpzf - linux-amd64/helm --strip-components 1  
+curl -sL "https://vault.bitwarden.com/download/?app=cli&platform=linux" | unzip -o -d "${HOME}/bin" - bw
+chmod +x "${HOME}/bin/"*
+python3 -m pip --version
+
+```
+
+## Clone repo
+```zsh
+mkdir -m750 -p ~/repos
+cd  ~/repos
+git  clone  --recurse-submodules  git@git.snel.com:snelcom-ansible/snel.ansible.git  snel.ansible  
+git  config  pull.rebase  true
+git  config  core.hooksPath  .githooks
+cd  ~/repos/snel.ansible
+python3  -m pip  install  --upgrade  --requirement  ./requirements.txt
+ansible-galaxy  install  --force  --role-file  ./requirements.yml
+```
+
+## Vaultwarden
+### First time login on Vaultwarden:
+```zsh
+bw  config  server  'https://pw.snel.com/'
+bw  login
+```
+
+## Vault password
+- Copy the vault password from the [Vaultwarden Item](https://pw.snel.com/#/vault?itemId=7f1b6fd8-f519-43ef-bc4f-108f9f39b75a&cipherId=261e5eb5-8118-4c7f-84c5-101793ede911)
+```bash
+cd ~/repos/snel.ansible
+mkdir -m700 -p .ansible
+echo -n '__THE_PASSWORD__' > .ansible/vault_pass
+chmod 600 .ansible/vault_pass
+```

README.md

@@ -1,58 +1,38 @@
 Snel.com Ansible Playbooks
 ---
 
-## Clone repo on macOS
+## Preparation
+Make sure you followed the instructions in [INSTALL.md](./INSTALL.md)
+
+## Step 1: Customer order
+Customer orders cluster using the [special order page](https://my.snel.com/cart/kubernetes/)
+
+## Step 2: Create inventory
+In this repo:
+- Create a copy of the inventory file `inventory/cluster_[NAME].yml.tpl`. 
+  - Replace `[NAME]` with the name of the cluster and remove te `.tpl` suffix.
+- Inside this file replace all `[NAME]` and update the IPs
+  - In the package the customer will have one new Cloud VPS Bucket, this IP is used for `control.[NAME].k8s.snel.com`
+  - In the package the customer will have 6 new Talos VPSses.
+    - The first 3 IPs need to be used for the `talos_control_nodes`
+    - The remaining 3 IPs need to be used for the `talos_worker_nodes`
+  - Attach 3 extra IPs to the VPS which will become `c1.[NAME].k8s.snel.com`, the first control node.
+    - Use these IPs in the inventory file as `ingress_ips` 
+    - These will be floating IPs for MetalLB
+
+### Step 3: Execute playbook - VPSses
+Your Vaultwarden vault password will be asked.
 ```zsh
-cd  ~/repos
-git  clone  --recurse-submodules  git@git.snel.com:snelcom-ansible/snel.ansible.git  snel.ansible  
-```
-
-
-## Install on macOS
-```zsh
-brew  install  \
-  ansible \
-  ansible-lint \
-  packer \
-  jq \
-  siderolabs/talos/talosctl \
-  kubernetes-cli \
-  helm \
-  bitwarden-cli \
-  velero
-helm  plugin  install  https://github.com/databus23/helm-diff  
-bw  config  server  'https://pw.snel.com/'
-python3  -m pip  install  --upgrade  --requirement  ./requirements.txt
-ansible-galaxy  install  --force  --role-file  ./requirements.yml
-git  config  core.hooksPath  .githooks
-grep 'OBJC_DISABLE_INITIALIZE_FORK_SAFETY' ~/.zshrc || echo "OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES" >> ~/.zshrc
-source ~/.zshrc
-```
-
-## Install on Linux (non-root)
-```bash
-mkdir -p "${HOME}/bin"
-if [[ "${PATH}" != *"${HOME}/bin"* ]]; then echo 'PATH="${HOME}/bin:${PATH}"' >> ~/.bash_profile; source ~/.bash_profile; fi
-curl -L "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" -o "${HOME}/bin/kubectl"
-curl -L "https://github.com/siderolabs/talos/releases/download/latest/talosctl-linux-amd64"  -o "${HOME}/bin/talosctl"
-curl -L "https://get.helm.sh/helm-$(curl -s https://api.github.com/repos/helm/helm/releases/latest | jq -r '.tag_name' )-linux-amd64.tar.gz" | tar -C "${HOME}/bin" -xpzf - linux-amd64/helm --strip-components 1  
-chmod +x "${HOME}/bin/"*
-```
-
-## Usage
-### First time: Login on Vaultwarden:
-```zsh
-bw  login
-```
-
-### Execute playbook - VPSses
-```zsh
-bw sync
-BW_SESSION=$(bw unlock --raw)  ansible-playbook  site.yml  --limit customer_deovero
+cd  ~/repos/snel.ansible
+git  pull
+bw  sync
+BW_SESSION=$(bw unlock --raw)  ansible-playbook  site.yml  --limit cluster_[NAME]
 ```
 
 ### Execute playbook - (Re)install Talos on Hardware
+Your Vaultwarden vault password will be asked.
 ```zsh
-bw sync
-BW_SESSION=$(bw unlock --raw)  ansible-playbook  ./playbooks/snel.kubernetes-cluster/dci_reinstall_talos.yml  --limit customer_deovero
+cd  ~/repos/snel.ansible
+bw  sync
+BW_SESSION=$(bw unlock --raw)  ansible-playbook  ./playbooks/snel.kubernetes-cluster/dci_reinstall_talos.yml  --limit cluster_[NAME]
 ```

inventory/cluster_[NAME].yml.tpl

@@ -0,0 +1,39 @@
+---
+kubernetes:
+  children:
+    customer_[NAME]:
+      vars:
+        cluster_name: [NAME].k8s.snel.com
+      children:
+        control_lb_nodes:
+          hosts:
+            control.[NAME].k8s.snel.com:
+              ansible_host: 185.62.___.___
+        talos:
+          children:
+            talos_control_nodes:
+              hosts:
+                c1.[NAME].k8s.snel.com:
+                  ansible_host: 185.62.___.___
+                c2.[NAME].k8s.snel.com:
+                  ansible_host: 185.62.___.___
+                c3.[NAME].k8s.snel.com:
+                  ansible_host: 185.62.___.___
+            talos_worker_nodes:
+              hosts:
+                w1.[NAME].k8s.snel.com:
+                  ansible_host: 185.62.___.___
+                w2.[NAME].k8s.snel.com:
+                  ansible_host: 185.62.___.___
+                w3.[NAME].k8s.snel.com:
+                  ansible_host: 185.62.___.___
+            #talos_hardware_nodes:
+            #  hosts:
+            #    hw1.[NAME].k8s.snel.com:
+            talos_first_nodes:
+              hosts:
+                c1.[NAME].k8s.snel.com:
+                  ingress_ips:
+                    - 185.62.___.___  # Rancher + Traefik
+                    # - 185.62.___.___  # extra IP
+                    # - 185.62.___.___  # extra IP

inventory/cluster_deovero.yml

@@ -1,7 +1,7 @@
 ---
 kubernetes:
   children:
-    customer_deovero:
+    cluster_deovero:
       vars:
         cluster_name: deovero.k8s.snel.com
       children:
@@ -75,4 +75,4 @@ kubernetes:
                   ingress_ips:
                     - 185.62.58.184  # Rancher + Traefik
                     - 185.62.57.66
-                    - 185.62.58.66
+                    #- 185.62.58.66

inventory/cluster_pietje.yml

@@ -0,0 +1,39 @@
+---
+kubernetes:
+  children:
+    cluster_pietje:
+      vars:
+        cluster_name: pietje.k8s.snel.com
+      children:
+        control_lb_nodes:
+          hosts:
+            control.pietje.k8s.snel.com:
+              ansible_host: 185.62.58.98
+        talos:
+          children:
+            talos_control_nodes:
+              hosts:
+                c1.pietje.k8s.snel.com:
+                  ansible_host: 185.62.58.123
+                c2.pietje.k8s.snel.com:
+                  ansible_host: 185.62.57.138
+                c3.pietje.k8s.snel.com:
+                  ansible_host: 185.62.57.9
+            talos_worker_nodes:
+              hosts:
+                w1.pietje.k8s.snel.com:
+                  ansible_host: 185.62.56.40
+                w2.pietje.k8s.snel.com:
+                  ansible_host: 185.62.56.141
+                w3.pietje.k8s.snel.com:
+                  ansible_host: 185.62.57.201
+            # talos_hardware_nodes:
+            #   hosts:
+            #     hw1.[NAME].k8s.snel.com:
+            talos_first_nodes:
+              hosts:
+                c1.pietje.k8s.snel.com:
+                  ingress_ips:
+                    - 185.62.58.66  # Rancher + Traefik
+                    # - 185.62.___.___  # extra IP
+                    # - 185.62.___.___  # extra IP

inventory/group_vars/all.yml

@@ -23,12 +23,11 @@ smtp_relay_password: !vault |
   35633337396139646630663734386336613036306532326363386364376462363336
 smtp_relay_auth_method: cram-md5
 ip_whitelist:
-  # Jeroen Telenet
-  - 81.83.244.93
-  # Jeroen Telenet
-  - 83.217.157.124
-  # Jeroen Telenet
-  - 2a02:1810:1514:6800::/60
+  # DeoVero - Jeroen Telenet UDM
+  - 81.83.246.2
+  - 2a02:1810:1507:dd00::/60
+  # DeoVero - Jeroen Telenet Synology
+  - 83.83.245.115
   # Jeroen LAN
   - 192.168.0.0/23
   # jump.snel.com