Commit Graph

442 Commits

Author SHA1 Message Date
1c02e69225 Move core services to new tf file
Precursor to moving to a module so it can be applied separately
2022-07-25 10:37:32 -07:00
2a77067bdc WIP: Write a consul backup job 2022-07-21 20:24:50 -07:00
5b88413604 Add consul bootstrap and move vault to an example 2022-07-21 20:16:10 -07:00
5165045ee9 Fix consul address in levant 2022-07-21 20:11:21 -07:00
5583b2d38e Deploy Nomad, Consul, and Vault using apt repo 2022-07-21 19:04:44 -07:00
f460f890da Use vault for backups jobs 2022-07-21 19:03:40 -07:00
29946a4df6 Major grafana refactor to include automatic loading of provisioning files 2022-07-21 15:54:05 -07:00
bde0b84d70 Go back to a single ingress node to simplify Traefik TLS
The open source version of Traefik doesn't natively support HA. Running
multiple instances means that the TLS certificates will have to be
managed outside of Traefik and distributed to running jobs via Vault and
Nomad. This is doable, but I've decided to reduce the scope for now to
simplify things and go to a single Ingress node so that Traefik cert
management can be used.
2022-07-21 15:50:13 -07:00
52c7e3d326 More nextcloud config using Vault 2022-07-08 16:26:26 -07:00
726b634092 Create levant tf module
Also a template service Nomad job that can be used for some straighforward services
2022-07-08 16:24:03 -07:00
54f98e740f Ignore ansible_collections 2022-06-28 12:11:55 -07:00
b9736aba83 Add example secrets 2022-06-28 12:11:24 -07:00
50dafc6b3e Fix secrets access from nomad tasks
Probably can be cleaned up and updated to follow least access
2022-06-28 12:11:07 -07:00
723b5fab78 Improve vault bootstrap and nomad connection 2022-06-28 12:10:18 -07:00
1dad4d22a1 Bootstrap vault secrets 2022-06-28 12:09:57 -07:00
ff4e473a89 Small improvement to consul kv role 2022-06-28 12:08:23 -07:00
8434c22fd2 Add missing role requirements file
This uses updated fork of ansible-consul
2022-06-23 20:13:17 -07:00
46ee046f6c Deploy traefik one at a time with autorevert 2022-06-23 20:12:30 -07:00
609944df8e Install consul dns forwarding 2022-06-23 20:12:09 -07:00
ab58652932 Install consul from repo 2022-06-23 20:11:48 -07:00
b8b74e900b Make blocky config a bit more stable by removing templating based on whami 2022-06-23 20:11:28 -07:00
7760d3387e Fix blocky upstream tcp for quad9 2022-06-23 20:11:09 -07:00
0ea91e7ffc Auto revert broken blocky
Also enable traefik
2022-06-23 20:10:36 -07:00
eb129be95e Add Consul lookup for ads dns allowlist 2022-06-23 13:36:06 -07:00
2f28748579 Add some more upstream dns options
Should pick one later
2022-06-23 13:34:08 -07:00
710e901ab6 Increase priority of Traefik 2022-06-23 09:51:42 -07:00
67631eb1a0 Update Nomad 2022-06-23 09:51:21 -07:00
dfa95ee454 Generate blocky host mapping from Consul kv 2022-06-23 09:51:09 -07:00
ca6e766a40 Update blocky one instance at a time
Avoids dns going down with all instances updating at once
2022-06-23 09:50:23 -07:00
d022fe9bc4 Deploy backup jobs to all hosts and dynamically determine jobs per node 2022-06-23 09:49:57 -07:00
325a27a4ec Remove csi deployment 2022-06-23 09:49:03 -07:00
37c4ab4c25 Move databases to a single module 2022-06-23 09:48:01 -07:00
37c6fd4735 Make traefik a system service
For this to work, will need to put TLS certs in Vault
2022-06-17 15:20:43 -07:00
b6a9c80748 Add base hostname to consul in Playbook 2022-06-17 15:19:43 -07:00
2f65105592 WIP: Add democratic-csi storage plugin 2022-06-17 15:19:19 -07:00
18dbc89b2a Make nextcloud backup a non-sidecar task
Avoids restarting whole group when if it fails
2022-06-17 15:16:45 -07:00
3cf69503ea Remove some unecessary traefik configs from tasks 2022-06-17 15:15:37 -07:00
1f111bcd04 Make order of host configs match playbook order 2022-06-17 15:14:55 -07:00
e518288308 Use new host name in terraform consul address 2022-05-24 20:11:57 -07:00
40e3562195 Use new token variable name after bootstrap 2022-05-24 20:11:41 -07:00
f544a54631 Add autopilot 2022-05-24 20:11:18 -07:00
e57fcfcfdb Add docker install 2022-05-24 20:11:07 -07:00
423c8f23c5 Auto initialize vault 2022-05-24 20:10:47 -07:00
2f95257325 Wait until mysql is deployed before continuing
Otherwise dependent jobs will fail and take up time restarting
2022-05-24 20:10:26 -07:00
c09af9936a Remove unused playbook 2022-05-24 20:09:45 -07:00
321d60dc1f Switch to a 3 node cluster for better resiliance 2022-05-24 20:09:22 -07:00
a07f37ff1b Fix venv detection for ansible cluster target
This fixes the installation of the consul python library
2022-05-24 20:07:52 -07:00
faef7f3734 Make redis optional for blocky to help with resliliance to a single host failing 2022-05-19 16:54:16 -07:00
8a606cbe05 Dynamically add dns routes to traefik instances to blocky 2022-05-19 16:53:56 -07:00
d39c82762e Add dedicated backup module and jobs
Possible alternative to backups deployed with each job
2022-05-18 14:23:46 -07:00