iamthefij
/
orchestration-tests
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
129 Commits 11 Branches 0 Tags 2 MiB
Commit Graph

129 Commits

Author SHA1 Message Date
IamTheFij fd4ec07965 Update Consul ACL backend 2022-07-27 13:39:19 -07:00
IamTheFij ce2d2bb6cd WIP: Begin config to bootstrap ACLs 
Following guide here: https://learn.hashicorp.com/tutorials/consul/vault-consul-secrets?in=consul/vault-secure

Unsure of how this will actually authenticate though.
 2022-07-27 13:13:22 -07:00
IamTheFij 25ec582eaf Update Nomad and Vault ACLs 
Now nomad is read only and tokens can be retrieved from Vault
 2022-07-27 13:13:11 -07:00
IamTheFij 92a30e6709 Reduce memory for blocky sidecar 2022-07-27 11:22:02 -07:00
IamTheFij fb934f3b2f Hide blocky API from non-traefik route 2022-07-27 11:21:11 -07:00
IamTheFij fe11b03a43 Get letsencrypt certs working with Traefik 2022-07-27 11:12:08 -07:00
IamTheFij 85fccea867 Fix consul value bootstrap and hide secrets in log 2022-07-27 11:11:03 -07:00
IamTheFij d70dce8ab5 Add basic auth to traefik 2022-07-26 21:48:16 -07:00
IamTheFij 963a863e2d Make anonymous nomad read only 2022-07-26 20:20:43 -07:00
IamTheFij 3033c581f3 Add userpass login to Vault 2022-07-26 20:09:52 -07:00
IamTheFij b4bb0f866e Make metrics more readable 2022-07-25 21:45:01 -07:00
IamTheFij 4508993068 Reduce task memory 2022-07-25 16:37:51 -07:00
IamTheFij 4ea7947b1a Fix mysql 2022-07-25 16:29:43 -07:00
IamTheFij 465c2d9c29 WIP: Update oneoff backups 2022-07-25 16:29:35 -07:00
IamTheFij ee45e92534 Fix consul backup 2022-07-25 16:29:06 -07:00
IamTheFij 3ec1d008e8 Move traefik connect intents to core 2022-07-25 15:54:23 -07:00
IamTheFij 04bdef01b8 Allow bypass of healthcheck 2022-07-25 15:52:47 -07:00
IamTheFij 157005ae7b Get mysql root from vault 2022-07-25 15:52:47 -07:00
IamTheFij 4a06f31f49 Tweak memory requirements for tasks 2022-07-25 15:52:47 -07:00
IamTheFij 9d4cd68648 Add test consul backup 2022-07-25 15:52:47 -07:00
IamTheFij 18807de608 Clean up Grafana and Loki bootstraps 2022-07-25 15:52:47 -07:00
IamTheFij de82205147 Remove packer stuff 2022-07-25 15:49:07 -07:00
IamTheFij 96263d1e99 Update lockfile 2022-07-25 15:40:54 -07:00
IamTheFij 9bb8b39fed Add new playbook and make target for bootstrapping values to Consul and Vault 2022-07-25 15:40:22 -07:00
IamTheFij 888b1236f1 Update playbook, move acls and comment for fixes 
There are some items that I found are broken on first run and made some changes
 2022-07-25 11:48:03 -07:00
IamTheFij a0aba7f2f0 Make acls module stand alone 2022-07-25 11:48:03 -07:00
IamTheFij fed875f852 Shorten pip installs 2022-07-25 11:48:03 -07:00
IamTheFij 068da0d539 Add vault kv creation 2022-07-25 11:14:51 -07:00
IamTheFij 464cdf7010 Add loki, promtail, and syslog-ng 2022-07-25 10:46:16 -07:00
IamTheFij 391ad8dee6 Add sticky disk to service template 2022-07-25 10:44:37 -07:00
IamTheFij d386a839c4 Promethus: Use env for consul address rather than variable 2022-07-25 10:38:48 -07:00
IamTheFij af4324db6f Move core services to new tf file 
Precursor to moving to a module so it can be applied separately
 2022-07-25 10:37:32 -07:00
IamTheFij a7e276c637 WIP: Write a consul backup job 2022-07-21 20:24:50 -07:00
IamTheFij 842e656342 Add consul bootstrap and move vault to an example 2022-07-21 20:16:10 -07:00
IamTheFij 47a74b6166 Fix consul address in levant 2022-07-21 20:11:21 -07:00
IamTheFij 16813e8cb7 Deploy Nomad, Consul, and Vault using apt repo 2022-07-21 19:04:44 -07:00
IamTheFij 60dd856666 Use vault for backups jobs 2022-07-21 19:03:40 -07:00
IamTheFij 24d66bdef3 Add detect-secrets (there are a lot of false positives right now) 2022-07-21 19:01:39 -07:00
IamTheFij 1b88593f88 Major grafana refactor to include automatic loading of provisioning files 2022-07-21 15:54:05 -07:00
IamTheFij 5126f5f4d4 Go back to a single ingress node to simplify Traefik TLS 
The open source version of Traefik doesn't natively support HA. Running
multiple instances means that the TLS certificates will have to be
managed outside of Traefik and distributed to running jobs via Vault and
Nomad. This is doable, but I've decided to reduce the scope for now to
simplify things and go to a single Ingress node so that Traefik cert
management can be used.
 2022-07-21 15:50:13 -07:00
IamTheFij c58056d594 More nextcloud config using Vault 2022-07-08 16:26:26 -07:00
IamTheFij 02b448e363 Create levant tf module 
Also a template service Nomad job that can be used for some straighforward services
 2022-07-08 16:24:03 -07:00
IamTheFij 11f5c10f83 Ignore ansible_collections 2022-06-28 12:11:55 -07:00
IamTheFij b2b409a1fe Add example secrets 2022-06-28 12:11:24 -07:00
IamTheFij 65ce1b55f0 Fix secrets access from nomad tasks 
Probably can be cleaned up and updated to follow least access
 2022-06-28 12:11:07 -07:00
IamTheFij c0215bf153 Improve vault bootstrap and nomad connection 2022-06-28 12:10:18 -07:00
IamTheFij bf1ac31cdf Bootstrap vault secrets 2022-06-28 12:09:57 -07:00
IamTheFij 41343a6d2c Small improvement to consul kv role 2022-06-28 12:08:23 -07:00
IamTheFij ce09177479 Add missing role requirements file 
This uses updated fork of ansible-consul
 2022-06-23 20:13:17 -07:00
IamTheFij 13e9eac407 Deploy traefik one at a time with autorevert 2022-06-23 20:12:30 -07:00