Commit 97effbe4 authored by Eric Pellegrini's avatar Eric Pellegrini

updated variables file for jupyterhub and kubernetes deployments

parent 60fc3c54
---
#############################################
# openstack
#############################################
os_admin_auth:
auth_url: http://oscloud.ill.fr:5000/v3
username: visa-admin
password: nesh6EiG
project_name: "VISA Development"
project_domain_name: default
user_domain_name: default
project_id: ba1076db7c4e4cd89b3230ac0c131862
os_flavors:
- name: jupyterhub
auth: "{{ os_admin_auth }}"
auth_type: password
ram: 131072
vcpus: 8
disk: 40
os_keypairs:
- name: intra-cluster
auth: "{{ os_admin_auth }}"
auth_type: password
size: 2048
type: rsa
identity_file: "~/.ssh/openstack/intra-cluster"
create: True
- name: extra-cluster
auth: "{{ os_admin_auth }}"
auth_type: password
size: 2048
type: rsa
identity_file: "~/.ssh/openstack/extra-cluster"
create: True
os_vms_commons:
keypair: "{{ os_keypairs[1]['name'] }}"
network: visa_dev
availability_zone: nova
security_groups: ["default","in5-secgrp"]
auth: "{{ os_admin_auth }}"
auth_type: password
flavor: "{{ os_flavors[0]['name'] }}"
image: base-ill
auto_ip: True
delete_fip: True
config_drive: True
identity_file: "{{ os_keypairs[1]['identity_file'] }}"
vm_admin: ubuntu
os_vms:
- name: jhub-srv-1
inventory_groups:
- jhub_servers
- cluster
- name: jhub-haproxy
inventory_groups:
- mysql_server
- haproxy_server
- cluster
#############################################
# ansible controller
#############################################
ansible_controller:
identity_files:
- private: "{{ os_keypairs[1]['identity_file'] }}"
host:
- 192.168.14.*
#############################################
# users
#############################################
cluster_users_commons:
passwordless_sudo: True
identity_files:
- identity_file: "{{ os_keypairs[0]['identity_file'] }}"
add_private: True
add_public: True
host:
- 192.168.14.*
- identity_file: "{{ os_keypairs[1]['identity_file'] }}"
add_private: False
add_public: True
cluster_users:
vm_admin:
name: ubuntu
group: ubuntu
new: False
jupyterhub_admin:
name: jhub-admin
group: admin
groups:
- sudo
password: "{{ vault_jhub_admin_password }}"
home: /localhome/jhub-admin
shell: /bin/bash
append: True
create_home: True
new: True
#############################################
# ntp
#############################################
ntp:
servers:
- ntp1.ill.fr
- ntp2.ill.fr
#############################################
# mysql
#############################################
mysql:
localhost: False
bind_server: jhub-haproxy
databases:
- jupyterhub_db
users:
- name: jupyterhub_db_user
password: "{{ vault_mysql_user }}"
priv: "jupyterhub_db.*:ALL"
host: "192.168.14.%"
#############################################
# load_balancer
#############################################
load_balancer:
proxy_server: jhub-haproxy
pem_file: /etc/ssl/certs/jupyterhub-dev.ill.fr.pem
#############################################
# ssd
#############################################
sssd:
local_homes:
- user: "{{ cluster_users.vm_admin.name }}"
home: "/localhome/{{ cluster_users.vm_admin.name }}"
#############################################
# jupyterhub
#############################################
jupyterhub:
cookie_secret: "{{ vault_cookie_secret }}"
proxy_authentication_token: "{{ vault_proxy_authentication_token }}"
proxy_server: jupyterhub-dev.ill.fr
admin_users:
- caunt
- hall
- pellegrini
- perrin
- pinet
- turner
keycloak:
url: "https://logindev.ill.fr"
admin: "pellegrini"
password: "{{ vault_keycloak_admin_password }}"
realm_name: "ILL"
description: "VISA jupyterhub"
port: 8080
mysql:
bind_server: "{{ mysql['bind_server'] }}"
database: "{{ mysql['databases'][0] }}"
user: "{{ mysql['users'][0]['name'] }}"
password: "{{ mysql['users'][0]['password'] }}"
......@@ -26,24 +26,23 @@ os_projects:
domain: "{{ os_domains[0]['name'] }}"
os_users:
users:
- name: jhub-user
auth: "{{ os_admin_auth }}"
auth_type: password
user_auth:
auth_url: http://cloudsrv1.ill.fr:5000/v3
username: jhub-user
password: "{{ vault_os_jhub_user_password }}"
project_name: "{{ os_projects[0]['name'] }}"
project_domain_name: "{{ os_projects[0]['domain'] }}"
user_domain_name: "{{ os_domains[0]['name'] }}"
roles:
- user: jhub-user
auth: "{{ os_admin_auth }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
role: admin
- name: jhub-user
auth: "{{ os_admin_auth }}"
auth_type: password
user_auth:
auth_url: http://cloudsrv1.ill.fr:5000/v3
username: jhub-user
password: "{{ vault_os_jhub_user_password }}"
project_name: "{{ os_projects[0]['name'] }}"
project_domain_name: "{{ os_projects[0]['domain'] }}"
user_domain_name: "{{ os_domains[0]['name'] }}"
os_roles:
- user: jhub-user
auth: "{{ os_admin_auth }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
role: admin
os_flavors:
- name: jhub-small
......@@ -54,126 +53,125 @@ os_flavors:
disk: 40
os_networks:
networks:
- name: provider
regex: 192.168.13.*
auth: "{{ os_admin_auth }}"
auth_type: password
external: True
shared: True
state: present
subnets:
- name: provider
auth: "{{ os_admin_auth }}"
auth_type: password
network: provider
cidr: 192.168.13.0/24
gateway_ip: 192.168.13.254
allocation_pool_start: 192.168.13.200
allocation_pool_end: 192.168.13.239
dns_nameservers:
- 195.83.126.2
- 195.83.126.11
security_groups:
- name: jhub-secgroup
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group_rules:
- direction: ingress
remote_ip_prefix: 0.0.0.0/0
ethertype: IPv4
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: jhub-secgroup
- direction: egress
remote_ip_prefix: 0.0.0.0/0
ethertype: IPv4
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: jhub-secgroup
- protocol: icmp
remote_ip_prefix: 0.0.0.0/0
ethertype: IPv4
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: jhub-secgroup
- protocol: tcp
remote_ip_prefix: 0.0.0.0/0
ethertype: IPv4
port_range_min: 22
port_range_max: 22
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: jhub-secgroup
- protocol: tcp
remote_ip_prefix: 0.0.0.0/0
ethertype: IPv4
port_range_min: 80
port_range_max: 80
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: jhub-secgroup
- protocol: tcp
remote_ip_prefix: 0.0.0.0/0
ethertype: IPv4
port_range_min: 8000
port_range_max: 8000
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: jhub-secgroup
- protocol: tcp
remote_ip_prefix: 0.0.0.0/0
ethertype: IPv4
port_range_min: 8001
port_range_max: 8001
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: jhub-secgroup
- protocol: tcp
remote_ip_prefix: 0.0.0.0/0
ethertype: IPv4
port_range_min: 8080
port_range_max: 8080
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: jhub-secgroup
- protocol: tcp
remote_ip_prefix: 0.0.0.0/0
ethertype: IPv4
port_range_min: 443
port_range_max: 443
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: jhub-secgroup
- protocol: udp
ethertype: IPv4
remote_ip_prefix: 0.0.0.0/0
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: jhub-secgroup
- name: provider
regex: 192.168.13.*
auth: "{{ os_admin_auth }}"
auth_type: password
external: True
shared: True
state: present
os_subnets:
- name: provider
auth: "{{ os_admin_auth }}"
auth_type: password
network: provider
cidr: 192.168.13.0/24
gateway_ip: 192.168.13.254
allocation_pool_start: 192.168.13.200
allocation_pool_end: 192.168.13.239
dns_nameservers:
- 195.83.126.2
- 195.83.126.11
os_security_groups:
- name: jhub-secgroup
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
os_security_group_rules:
- direction: ingress
remote_ip_prefix: 0.0.0.0/0
ethertype: IPv4
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: jhub-secgroup
- direction: egress
remote_ip_prefix: 0.0.0.0/0
ethertype: IPv4
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: jhub-secgroup
- protocol: icmp
remote_ip_prefix: 0.0.0.0/0
ethertype: IPv4
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: jhub-secgroup
- protocol: tcp
remote_ip_prefix: 0.0.0.0/0
ethertype: IPv4
port_range_min: 22
port_range_max: 22
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: jhub-secgroup
- protocol: tcp
remote_ip_prefix: 0.0.0.0/0
ethertype: IPv4
port_range_min: 80
port_range_max: 80
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: jhub-secgroup
- protocol: tcp
remote_ip_prefix: 0.0.0.0/0
ethertype: IPv4
port_range_min: 8000
port_range_max: 8000
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: jhub-secgroup
- protocol: tcp
remote_ip_prefix: 0.0.0.0/0
ethertype: IPv4
port_range_min: 8001
port_range_max: 8001
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: jhub-secgroup
- protocol: tcp
remote_ip_prefix: 0.0.0.0/0
ethertype: IPv4
port_range_min: 8080
port_range_max: 8080
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: jhub-secgroup
- protocol: tcp
remote_ip_prefix: 0.0.0.0/0
ethertype: IPv4
port_range_min: 443
port_range_max: 443
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: jhub-secgroup
- protocol: udp
ethertype: IPv4
remote_ip_prefix: 0.0.0.0/0
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: jhub-secgroup
os_keypairs:
- name: intra-cluster
......@@ -323,7 +321,7 @@ jupyterhub:
proxy_authentication_token: "{{ vault_proxy_authentication_token }}"
proxy_server: "{{ load_balancer['proxy_server'] }}"
proxy_server: jupyterhub-dev
admin_users:
- caunt
......
......@@ -29,8 +29,13 @@ os_users:
- name: k8s-user
auth: "{{ os_admin_auth }}"
auth_type: password
password: "{{ vault_os_k8s_user_password }}"
domain: "{{ os_domains[0]['name'] }}"
user_auth:
auth_url: http://cloudsrv1.ill.fr:5000/v3
username: k8s-user
password: "{{ vault_os_k8s_user_password }}"
project_name: "{{ os_projects[0]['name'] }}"
project_domain_name: "{{ os_projects[0]['domain'] }}"
user_domain_name: "{{ os_domains[0]['name'] }}"
roles:
- user: k8s-user
......@@ -39,17 +44,9 @@ os_users:
project: "{{ os_projects[0]['name'] }}"
role: admin
os_user_auth:
auth_url: http://cloudsrv1.ill.fr:5000/v3
username: "{{ os_users['users'][0]['name'] }}"
password: "{{ os_users['users'][0]['password'] }}"
project_name: "{{ os_projects[0]['name'] }}"
project_domain_name: "{{ os_projects[0]['domain'] }}"
user_domain_name: "{{ os_users['users'][0]['domain'] }}"
os_flavors:
- name: k8s-small
auth: "{{ os_user_auth }}"
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
ram: 4096
vcpus: 2
......@@ -78,19 +75,9 @@ os_networks:
- 195.83.126.2
- 195.83.126.11
#routers:
#- name: k8s-router
# auth: "{{ os_user_auth }}"
# auth_type: password
# project: "{{ os_projects[0]['name'] }}"
# network: provider
# interfaces:
# - net: k8s-network
# subnet: k8s-subnet
security_groups:
- name: k8s-secgroup
auth: "{{ os_user_auth }}"
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
......@@ -98,7 +85,7 @@ os_networks:
- direction: ingress
remote_ip_prefix: 0.0.0.0/0
ethertype: IPv4
auth: "{{ os_user_auth }}"
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: k8s-secgroup
......@@ -106,7 +93,7 @@ os_networks:
- direction: egress
remote_ip_prefix: 0.0.0.0/0
ethertype: IPv4
auth: "{{ os_user_auth }}"
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: k8s-secgroup
......@@ -114,7 +101,7 @@ os_networks:
- protocol: icmp
remote_ip_prefix: 0.0.0.0/0
ethertype: IPv4
auth: "{{ os_user_auth }}"
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: k8s-secgroup
......@@ -124,7 +111,7 @@ os_networks:
ethertype: IPv4
port_range_min: 22
port_range_max: 22
auth: "{{ os_user_auth }}"
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: k8s-secgroup
......@@ -134,7 +121,7 @@ os_networks:
ethertype: IPv4
port_range_min: 80
port_range_max: 80
auth: "{{ os_user_auth }}"
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: k8s-secgroup
......@@ -144,7 +131,7 @@ os_networks:
ethertype: IPv4
port_range_min: 8080
port_range_max: 8080
auth: "{{ os_user_auth }}"
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: k8s-secgroup
......@@ -154,7 +141,7 @@ os_networks:
ethertype: IPv4
port_range_min: 443
port_range_max: 443
auth: "{{ os_user_auth }}"
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: k8s-secgroup
......@@ -162,32 +149,34 @@ os_networks:
- protocol: udp
ethertype: IPv4
remote_ip_prefix: 0.0.0.0/0
auth: "{{ os_user_auth }}"
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
project: "{{ os_projects[0]['name'] }}"
security_group: k8s-secgroup
os_keypairs:
- name: intra-cluster
auth: "{{ os_user_auth }}"
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
size: 2048
type: rsa
identity_file: "~/.ssh/openstack/intra-cluster"
create: True
- name: extra-cluster
auth: "{{ os_user_auth }}"
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
size: 2048
type: rsa
identity_file: "~/.ssh/openstack/extra-cluster"
create: True
os_vms_commons:
keypair: "{{ os_keypairs[1]['name'] }}"
network: "{{ os_networks['networks'][0]['name'] }}"
availability_zone: nova
security_groups: "{{ os_networks['security_groups'] | map(attribute='name') | list }}"
auth: "{{ os_user_auth }}"
auth: "{{ os_users['users'][0]['user_auth'] }}"
auth_type: password
flavor: "{{ os_flavors[0]['name'] }}"
image: ubuntu-bionic
......@@ -260,6 +249,7 @@ cluster_users:
name: k8s-admin
group: admin
groups:
- docker
- sudo
password: "{{ vault_k8s_admin_password }}"
home: /localhome/k8s-admin
......
---
# play me with: ansible-playbook -i inventories/hosts.yml --ask-vault-pass -e "@passwords.yml"
- name: configure openstack cluster
import_playbook: "{{ playbook_dir | dirname }}/plays/configure_os_cluster.yml"
import_playbook: "{{ playbook_dir | dirname }}/plays/configure_cluster.yml"
- name: configure ansible controller
import_playbook: "{{ playbook_dir | dirname }}/plays/ansible_controller.yml"
......
......@@ -7,7 +7,7 @@
import_playbook: "{{ playbook_dir | dirname }}/plays/os_dynamic_inventories.yml"
- name: configure openstack cluster
import_playbook: "{{ playbook_dir | dirname }}/plays/configure_os_cluster.yml"
import_playbook: "{{ playbook_dir | dirname }}/plays/configure_cluster.yml"
- name: configure ansible controller
import_playbook: "{{ playbook_dir | dirname }}/plays/ansible_controller.yml"
......
......@@ -7,14 +7,11 @@
import_playbook: "{{ playbook_dir | dirname }}/plays/os_dynamic_inventories.yml"
- name: configure openstack cluster
import_playbook: "{{ playbook_dir | dirname }}/plays/configure_os_cluster.yml"
import_playbook: "{{ playbook_dir | dirname }}/plays/configure_cluster.yml"
- name: configure ansible controller
import_playbook: "{{ playbook_dir | dirname }}/plays/ansible_controller.yml"
- name: configure cluster users
import_playbook: "{{ playbook_dir | dirname }}/plays/cluster_users.yml"
- name: setup ntp for all nodes
import_playbook: "{{ playbook_dir | dirname }}/plays/ntp.yml"
......@@ -30,6 +27,9 @@
- name: install and configure kubernetes over the cluster
import_playbook: "{{ playbook_dir | dirname }}/plays/kubernetes.yml"
- name: configure cluster users
import_playbook: "{{ playbook_dir | dirname }}/plays/cluster_users.yml"
- name: configure master node(s)
import_playbook: "{{ playbook_dir | dirname }}/plays/k8s_master.yml"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment