Merge pull request #4 from jhuesser/generalize

Generalize to a working setup

Author: kencx

ansible/inventory/group_vars/client.yml

@@ -6,16 +6,16 @@ nomad_vault_addr: "https://{{ server_ip }}:8200"
 nomad_common_name: "client.global.nomad"
 nomad_ip_sans: "127.0.0.1, {{ client_ip }}"
 
-nfs_share_mounts:
-  - src: "10.10.10.102:/home/debian/apps/prod-apps"
-    path: "/mnt/storage"
-    opts: "defaults,bg,intr,_netdev,retry=3"
-    state: mounted
-  - src: "10.10.10.102:/home/debian/syncthing/sync/books"
-    path: "/mnt/books"
-    opts: "defaults,bg,intr,_netdev,retry=3"
-    state: mounted
-  - src: "10.10.10.102:/home/debian/syncthing/sync/paper"
-    path: "/mnt/paper"
-    opts: "defaults,bg,intr,_netdev,retry=3"
-    state: mounted
+#nfs_share_mounts:
+#  - src: "10.10.10.102:/home/debian/apps/prod-apps"
+#    path: "/mnt/storage"
+#    opts: "defaults,bg,intr,_netdev,retry=3"
+#    state: mounted
+#  - src: "10.10.10.102:/home/debian/syncthing/sync/books"
+#    path: "/mnt/books"
+#    opts: "defaults,bg,intr,_netdev,retry=3"
+#    state: mounted
+#  - src: "10.10.10.102:/home/debian/syncthing/sync/paper"
+#    path: "/mnt/paper"
+#    opts: "defaults,bg,intr,_netdev,retry=3"
+#    state: mounted

ansible/inventory/group_vars/prod.yml

@@ -1,7 +1,6 @@
 ---
-# server_ip: "{{ hostvars[groups['prod'] | difference(groups['client']) | first]['ansible_default_ipv4']['address'] }}"
-server_ip: "10.10.10.110"
-client_ip: "10.10.10.111"
+server_ip: "{{ hostvars[groups['prod'] | difference(groups['client']) | first]['ansible_default_ipv4']['address'] }}"
+client_ip: "{{ hostvars[groups['prod'] | difference(groups['server']) | first]['ansible_default_ipv4']['address'] }}"
 ansible_user: "debian"
 
 # ssl

ansible/main.yml

@@ -19,6 +19,22 @@
     - role: nomad
 
   tasks:
+    - name: Verify services are running
+      ansible.builtin.systemd:
+        name: "{{ item }}"
+        state: started
+      loop:
+        - consul-template
+
+    - name: Wait for consul-template to become active
+      ansible.builtin.command: systemctl is-active consul-template
+      register: consul_template_status
+      retries: 50
+      delay: 3
+      until: consul_template_status.stdout == "active"
+      changed_when: false
+
+
     - name: Goss smoke test
       import_role:
         name: kencx.ansible_collection.goss

ansible/playbooks/common.yml

@@ -43,5 +43,5 @@
     - name: Goss validation
       role: kencx.ansible_collection.goss
       vars:
-        goss_dir: "./goss"
+        goss_dir: "{{ playbook_dir }}/../goss"
         goss_file: "base.yml"

ansible/roles/nomad/templates/nomad.service.j2

@@ -14,7 +14,7 @@ User=nomad
 Group=nomad
 {% endif %}
 
-ExecReload=/bin/kill -HUP $MAINPID
+ExecReload=/bin/systemctl restart nomad.service
 {% if nomad_server %}
 {% if nomad_vault_integration %}
 Type=forking

ansible/roles/vault/tasks/init.yml

@@ -77,6 +77,23 @@
     - vault_init_json is defined
     - vault_init_json.root_token is defined
 
+- name: Wait for Vault to be initialized, unsealed and have a leader (if HA)
+  command: vault status -format=json
+  register: vault_status_raw
+  retries: 20
+  delay: 3
+  until: >
+    vault_status_raw.rc == 0 and
+    (vault_status_raw.stdout | from_json).initialized and
+    not (vault_status_raw.stdout | from_json).sealed and
+    (
+      not ((vault_status_raw.stdout | from_json).ha_enabled)
+      or
+      (((vault_status_raw.stdout | from_json).leader_address | default('')) != '')
+    )
+  changed_when: false
+  failed_when: vault_status_raw.rc != 0
+
 - name: Login with root token
   shell:
     cmd: vault login --format json {{ vault_root_token }}
@@ -127,6 +144,8 @@
       vault_token: "{{ vault_root_token }}"
       vault_address: "https://{{ ansible_default_ipv4.address }}:8200"
       vault_ca_cert_file: "{{ vault_terraform_cert_dir }}/vault-ca.crt"
+      admin_password: "{{ vault_admin_password }}"
+      kvuser_password: "{{ vault_kvuser_password }}"
   delegate_to: localhost
 
 - name: Provision Vault secrets with Terraform provider

ansible/roles/vault/templates/vault.hcl.j2

@@ -1,3 +1,4 @@
+disable_mlock = false
 storage "raft" {
   path    = "{{ vault_data_dir }}"
   node_id = "{{ ansible_hostname }}"

bin/import-cloud-image

@@ -3,7 +3,7 @@
 set -e
 
 help() {
-    echo "Usage: $0 [--debug|--force] [URL] [FILENAME]"
+    echo "Usage: $0 [--debug|--force] [URL] [FILENAME] [VMID] [NET_BRIDGE] [DATASTORE]"
     exit 1
 }
 
@@ -29,7 +29,7 @@ IMG_DIR="/var/lib/vz/images"
 FILENAME="$2"
 IMG_PATH="$IMG_DIR/$FILENAME"
 
-VMID=9001
+VMID=$3
 TEMPLATE_NAME=${FILENAME%.*}
 DESCRIPTION="$(
     cat <<EOF
@@ -45,9 +45,9 @@ EOF
 MEMORY=512
 CORES=1
 SOCKETS=1
-NET_BRIDGE="vmbr1"
+NET_BRIDGE=$4
 DISK_SIZE="4G"
-DISK_STORE="volumes"
+DISK_STORE=$5
 
 install -m 0755 -d "$IMG_DIR"
 if [[ -e $IMG_PATH ]]; then

docs/src/getting_started.md

@@ -38,27 +38,35 @@ import a cloud image and turn it into a new template.
 >    - cloud-init installed
 >    - qemu-guest-agent installed
 
-1. (Optional) Run the `bin/import-cloud-image` [script](./images/cloud_image.html#script) to import a new cloud image:
+1. (Optional) Run the `bin/import-cloud-image` [script](./images/cloud_image.html#script) on your proxmox node to import a new cloud image:
 
 ```bash
-$ import-cloud-image [URL]
+$ import-cloud-image [URL] [FILENAME] [VMID] [NET_BRIDGE] [DATASTORE]
+# Eg: import-cloud-image https://cdimage.debian.org/images/cloud/bookworm/latest/debian-12-generic-amd64.qcow2 debian12cloud 9000 vmbr0 lvm_local
 ```
 
-2. Navigate to `packer/base-clone`
+2. Navigate to `packer/base-clone` on your control node
 
 >**Tip**: Use the `bin/generate-vars` script to quickly generate variable files
 >in `packer` and `terraform` subdirectories.
 
 3. Populate the necessary variables in `auto.pkrvars.hcl`:
 
 ```hcl
-proxmox_url      = "https://<PVE_IP>:8006/api2/json"
-proxmox_username = "<user>@pam"
-proxmox_password = "<password>"
+proxmox_url          = "https://<PVE_IP>:8006/api2/json"
+proxmox_username     = "<user>@pam"
+proxmox_password     = "<password>"
+proxmox_node         = "node_name" # Visible in the GUI sidebar
+proxmox_storage_pool = "<pool_name> # Eg. local_lvm
+proxmox_bridge       = "<bridge_name>" # Eg. vmbr0
+
 
 clone_vm = "<cloud-image-name>"
 vm_name  = "<new-template-name>"
-vm_id    = 5000
+vm_id    = 5000 # ID of the template created by packer
+
+ip_address = "<ip_address>"
+gateway = "<gateway_address>"
 
 ssh_username = "debian"
 ssh_public_key_path = "/path/to/public/key"
@@ -88,6 +96,7 @@ provider to provision virtual machines from our Packer templates.
 ```hcl
 proxmox_ip        = "https://<PVE_IP>:8006/api2/json"
 proxmox_api_token = "<API_TOKEN>"
+target_node       = "<proxmox_node_name>" # name of the proxmox cluster node to deploy the VM on
 
 template_id = 5000
 ip_gateway  = "10.10.10.1"
@@ -117,7 +126,6 @@ clients = [
 ]
 
 ssh_user             = "debian"
-ssh_private_key_file = "/path/to/ssh/private/key"
 ssh_public_key_file  = "/path/to/ssh/public/key"
 ```
 
@@ -169,6 +177,8 @@ $ ansible-inventory --graph --vars
 >**Note**: The `nfs_share_mounts` variable in `inventory/group_vars/client.yml`
 >should be modified or removed if not required
 
+>**Note**: Check `ansible/roles/common/defaults/main.yml`to customize additional settings, like timezone
+
 4. Run the playbook:
 
 ```bash

packer/base-clone/main.pkr.hcl

@@ -31,7 +31,7 @@ source "proxmox-clone" "base" {
 
   qemu_agent              = true
   cloud_init              = true
-  cloud_init_storage_pool = "volumes"
+  cloud_init_storage_pool = var.proxmox_storage_pool
 
   vm_id                = var.vm_id
   vm_name              = local.vm_name
@@ -44,7 +44,7 @@ source "proxmox-clone" "base" {
   scsi_controller = "virtio-scsi-pci"
 
   network_adapters {
-    bridge = "vmbr1"
+    bridge = var.proxmox_bridge
     model  = "virtio"
   }