iamthefij
/
orchestration-tests
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
205 Commits 11 Branches 0 Tags 2 MiB
Commit Graph

199 Commits

Author SHA1 Message Date
IamTheFij 89e14dbf56 Use newer cadvisor 2022-08-30 15:11:52 -07:00
IamTheFij 2a54b5454d Use updated ansible-nomad role 
Has better support for multi-arch installs and fixes cni
 2022-08-30 15:10:16 -07:00
IamTheFij 520986d30c Add pi4 host 2022-08-30 15:09:48 -07:00
IamTheFij 9aad3d1594 Rename nomad anon policy file 2022-08-23 10:31:29 -07:00
IamTheFij 39107538e9 WIP: Allow specifying https endpoints and fetching nomad token 2022-08-23 09:57:57 -07:00
IamTheFij 1c38aa212e Add mysql database storage to Grafana 2022-07-29 13:02:22 -07:00
IamTheFij 0d61ebc877 Add Nomad dashboard to grafana 2022-07-29 13:01:59 -07:00
IamTheFij 846ea18a16 Don't deploy Nextcloud 2022-07-29 13:01:40 -07:00
IamTheFij 6d31c4e6d6 Stop duplicate nomad scraping 
Already getting it from Client service
 2022-07-29 13:01:22 -07:00
IamTheFij 9d57175584 Increase promtail memory 2022-07-28 16:37:19 -07:00
IamTheFij 3c0c74797d Make traefik a service rather than a system job 
Sets it up to support auto_revert and auto_promote
 2022-07-28 15:11:59 -07:00
IamTheFij 4b6c388ed9 Traefik wildcard certs 2022-07-28 15:11:24 -07:00
IamTheFij 6ccc5a6bcf Remove variable for consul_address for traefik 
Now getting from Noamd environment
 2022-07-28 15:10:39 -07:00
IamTheFij 48d5704b72 Make lldap backup daily 2022-07-28 15:05:00 -07:00
IamTheFij 62f59b3929 conditional dns lookups for router assigned domains 2022-07-27 22:04:46 -07:00
IamTheFij c074df4bc7 Working backup and restore 2022-07-27 22:04:22 -07:00
IamTheFij d175166045 Make traefik disk ephemeral and sticky 2022-07-27 17:30:35 -07:00
IamTheFij c8493b1fc5 Bump Traefik mem limit 
We don't like this crashing
 2022-07-27 17:26:13 -07:00
IamTheFij a3f59145bd Skip dump of lldap db 2022-07-27 17:25:41 -07:00
IamTheFij 9a315eb2f7 Add lldap backup and templatize backup job 
Now oneoff and system jobs are all using the same template
 2022-07-27 17:02:29 -07:00
IamTheFij 6e074c55aa Increase prometheus memory limit 2022-07-27 16:11:56 -07:00
IamTheFij ecaee6f8be Add lldap 2022-07-27 15:57:28 -07:00
IamTheFij 4213b322c1 Remove set hostname because that's now done in bootstrap 2022-07-27 15:57:12 -07:00
IamTheFij 1dd131ba9a Extend ttl for nomad tokens 2022-07-27 15:56:40 -07:00
IamTheFij bc040b4668 Add ddclient 2022-07-27 14:45:08 -07:00
IamTheFij 9664802fb6 Clean up services template whitespace 2022-07-27 14:41:42 -07:00
IamTheFij 547cd96e4c Add vault stanza to levant services 2022-07-27 14:41:13 -07:00
IamTheFij e39fbc41a7 Add further todos for Nomad Vault 2022-07-27 13:40:21 -07:00
IamTheFij 25ec582eaf Update Nomad and Vault ACLs 
Now nomad is read only and tokens can be retrieved from Vault
 2022-07-27 13:13:11 -07:00
IamTheFij 92a30e6709 Reduce memory for blocky sidecar 2022-07-27 11:22:02 -07:00
IamTheFij fb934f3b2f Hide blocky API from non-traefik route 2022-07-27 11:21:11 -07:00
IamTheFij fe11b03a43 Get letsencrypt certs working with Traefik 2022-07-27 11:12:08 -07:00
IamTheFij 85fccea867 Fix consul value bootstrap and hide secrets in log 2022-07-27 11:11:03 -07:00
IamTheFij d70dce8ab5 Add basic auth to traefik 2022-07-26 21:48:16 -07:00
IamTheFij 963a863e2d Make anonymous nomad read only 2022-07-26 20:20:43 -07:00
IamTheFij 3033c581f3 Add userpass login to Vault 2022-07-26 20:09:52 -07:00
IamTheFij b4bb0f866e Make metrics more readable 2022-07-25 21:45:01 -07:00
IamTheFij 4508993068 Reduce task memory 2022-07-25 16:37:51 -07:00
IamTheFij 4ea7947b1a Fix mysql 2022-07-25 16:29:43 -07:00
IamTheFij 465c2d9c29 WIP: Update oneoff backups 2022-07-25 16:29:35 -07:00
IamTheFij ee45e92534 Fix consul backup 2022-07-25 16:29:06 -07:00
IamTheFij 3ec1d008e8 Move traefik connect intents to core 2022-07-25 15:54:23 -07:00
IamTheFij 04bdef01b8 Allow bypass of healthcheck 2022-07-25 15:52:47 -07:00
IamTheFij 157005ae7b Get mysql root from vault 2022-07-25 15:52:47 -07:00
IamTheFij 4a06f31f49 Tweak memory requirements for tasks 2022-07-25 15:52:47 -07:00
IamTheFij 9d4cd68648 Add test consul backup 2022-07-25 15:52:47 -07:00
IamTheFij 18807de608 Clean up Grafana and Loki bootstraps 2022-07-25 15:52:47 -07:00
IamTheFij de82205147 Remove packer stuff 2022-07-25 15:49:07 -07:00
IamTheFij 96263d1e99 Update lockfile 2022-07-25 15:40:54 -07:00
IamTheFij 9bb8b39fed Add new playbook and make target for bootstrapping values to Consul and Vault 2022-07-25 15:40:22 -07:00
IamTheFij 888b1236f1 Update playbook, move acls and comment for fixes 
There are some items that I found are broken on first run and made some changes
 2022-07-25 11:48:03 -07:00
IamTheFij a0aba7f2f0 Make acls module stand alone 2022-07-25 11:48:03 -07:00
IamTheFij fed875f852 Shorten pip installs 2022-07-25 11:48:03 -07:00
IamTheFij 068da0d539 Add vault kv creation 2022-07-25 11:14:51 -07:00
IamTheFij 464cdf7010 Add loki, promtail, and syslog-ng 2022-07-25 10:46:16 -07:00
IamTheFij 391ad8dee6 Add sticky disk to service template 2022-07-25 10:44:37 -07:00
IamTheFij d386a839c4 Promethus: Use env for consul address rather than variable 2022-07-25 10:38:48 -07:00
IamTheFij af4324db6f Move core services to new tf file 
Precursor to moving to a module so it can be applied separately
 2022-07-25 10:37:32 -07:00
IamTheFij a7e276c637 WIP: Write a consul backup job 2022-07-21 20:24:50 -07:00
IamTheFij 842e656342 Add consul bootstrap and move vault to an example 2022-07-21 20:16:10 -07:00
IamTheFij 47a74b6166 Fix consul address in levant 2022-07-21 20:11:21 -07:00
IamTheFij 16813e8cb7 Deploy Nomad, Consul, and Vault using apt repo 2022-07-21 19:04:44 -07:00
IamTheFij 60dd856666 Use vault for backups jobs 2022-07-21 19:03:40 -07:00
IamTheFij 1b88593f88 Major grafana refactor to include automatic loading of provisioning files 2022-07-21 15:54:05 -07:00
IamTheFij 5126f5f4d4 Go back to a single ingress node to simplify Traefik TLS 
The open source version of Traefik doesn't natively support HA. Running
multiple instances means that the TLS certificates will have to be
managed outside of Traefik and distributed to running jobs via Vault and
Nomad. This is doable, but I've decided to reduce the scope for now to
simplify things and go to a single Ingress node so that Traefik cert
management can be used.
 2022-07-21 15:50:13 -07:00
IamTheFij c58056d594 More nextcloud config using Vault 2022-07-08 16:26:26 -07:00
IamTheFij 02b448e363 Create levant tf module 
Also a template service Nomad job that can be used for some straighforward services
 2022-07-08 16:24:03 -07:00
IamTheFij 11f5c10f83 Ignore ansible_collections 2022-06-28 12:11:55 -07:00
IamTheFij b2b409a1fe Add example secrets 2022-06-28 12:11:24 -07:00
IamTheFij 65ce1b55f0 Fix secrets access from nomad tasks 
Probably can be cleaned up and updated to follow least access
 2022-06-28 12:11:07 -07:00
IamTheFij c0215bf153 Improve vault bootstrap and nomad connection 2022-06-28 12:10:18 -07:00
IamTheFij bf1ac31cdf Bootstrap vault secrets 2022-06-28 12:09:57 -07:00
IamTheFij 41343a6d2c Small improvement to consul kv role 2022-06-28 12:08:23 -07:00
IamTheFij ce09177479 Add missing role requirements file 
This uses updated fork of ansible-consul
 2022-06-23 20:13:17 -07:00
IamTheFij 13e9eac407 Deploy traefik one at a time with autorevert 2022-06-23 20:12:30 -07:00
IamTheFij d40d585358 Install consul dns forwarding 2022-06-23 20:12:09 -07:00
IamTheFij 0bfdddf3ee Install consul from repo 2022-06-23 20:11:48 -07:00
IamTheFij 617d4ae676 Make blocky config a bit more stable by removing templating based on whami 2022-06-23 20:11:28 -07:00
IamTheFij 3d6b405ab6 Fix blocky upstream tcp for quad9 2022-06-23 20:11:09 -07:00
IamTheFij 2f4d90abdc Auto revert broken blocky 
Also enable traefik
 2022-06-23 20:10:36 -07:00
IamTheFij ffdfdeadfb Add Consul lookup for ads dns allowlist 2022-06-23 13:36:06 -07:00
IamTheFij fc2db88276 Add some more upstream dns options 
Should pick one later
 2022-06-23 13:34:08 -07:00
IamTheFij eb066f5d98 Increase priority of Traefik 2022-06-23 09:51:42 -07:00
IamTheFij e5b61d5307 Update Nomad 2022-06-23 09:51:21 -07:00
IamTheFij 6b14507ca6 Generate blocky host mapping from Consul kv 2022-06-23 09:51:09 -07:00
IamTheFij 5d2301c791 Update blocky one instance at a time 
Avoids dns going down with all instances updating at once
 2022-06-23 09:50:23 -07:00
IamTheFij d7fa57864f Deploy backup jobs to all hosts and dynamically determine jobs per node 2022-06-23 09:49:57 -07:00
IamTheFij 9ab300c225 Remove csi deployment 2022-06-23 09:49:03 -07:00
IamTheFij 520d7c56b9 Move databases to a single module 2022-06-23 09:48:01 -07:00
IamTheFij a02f1a2317 Make traefik a system service 
For this to work, will need to put TLS certs in Vault
 2022-06-17 15:20:43 -07:00
IamTheFij ce18650e1f Add base hostname to consul in Playbook 2022-06-17 15:19:43 -07:00
IamTheFij 16b9440e12 WIP: Add democratic-csi storage plugin 2022-06-17 15:19:19 -07:00
IamTheFij 252c9b4111 Make nextcloud backup a non-sidecar task 
Avoids restarting whole group when if it fails
 2022-06-17 15:16:45 -07:00
IamTheFij 8cd2abc6b8 Remove some unecessary traefik configs from tasks 2022-06-17 15:15:37 -07:00
IamTheFij 049364df23 Make order of host configs match playbook order 2022-06-17 15:14:55 -07:00
IamTheFij c41babe346 Use new host name in terraform consul address 2022-05-24 20:11:57 -07:00
IamTheFij 6cd7bae240 Use new token variable name after bootstrap 2022-05-24 20:11:41 -07:00
IamTheFij de4c96b104 Add autopilot 2022-05-24 20:11:18 -07:00
IamTheFij f50cb98d30 Add docker install 2022-05-24 20:11:07 -07:00
IamTheFij 1995434140 Auto initialize vault 2022-05-24 20:10:47 -07:00