-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsite.yml
112 lines (102 loc) · 2.84 KB
/
site.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
---
# create the install media on the local machine
- hosts: all
gather_facts: false
roles:
- make_install_media
# unlock any machines that have rebooted
- hosts: luks_encrypted_machines
gather_facts: false
roles:
- role: add_to_known_hosts
add_to_known_hosts__skip_if_connect_fails: true
- role: add_to_known_hosts
add_to_known_hosts__ssh_port: 23
add_to_known_hosts__skip_if_connect_fails: true
- unlock_luks
# Make sure that all of the machines have admin accounts set up and
# automatic security patches enabled.
- hosts: all:!kvm_guests
gather_facts: false
become: true
roles:
- add_to_known_hosts
- core_setup
- network_setup
tasks:
- name: Add names of machines in visible subnets to /etc/hosts
include_role:
role: add_subnet_to_hosts_file
vars:
subnet: "{{ subnet_iter }}"
loop: "{{ visible_subnets }}"
loop_control:
loop_var: subnet_iter
# Make sure that all of the machines have admin accounts set up and
# automatic security patches enabled.
- hosts: luks_encrypted_machines
become: true
roles:
- update_luks_config
# setup infiniband, wireguard, kvm, and ipmi on boletus hosts
- hosts: boletus
become: true
roles:
- infiniband_setup
- ipmi_setup
- wireguard
- kvm_host
- load_balancer
- wg_ams1_bos1
# Set up morchella as a NAT and PXE boot server
- hosts: morchella
become: true
roles:
- router
- dhcp_server
- pxe_boot_server
#- ipmi_viewer
tasks: # TODO: should be replaced with roles
- name: additional packages
apt:
name: "{{ item }}"
state: present
loop:
- socat # needed for current IPMI UDP tunneling
- psmisc # for killall, used by IPMI tunneling script
- ipmitool # useful utility, should go in a role
# Make sure the virtual machines have admin accounts set up and
# automatic security patches enabled.
- hosts: kvm_guests
gather_facts: false
become: true
roles:
- add_to_known_hosts
- kvm_guest
- core_setup
- network_setup
tasks:
- name: Add names of machines in visible subnets to /etc/hosts
include_role:
role: add_subnet_to_hosts_file
vars:
subnet: "{{ subnet_iter }}"
loop: "{{ visible_subnets }}"
loop_control:
loop_var: subnet_iter
- hosts: kubecontrollers
become: true
roles:
- kubernetes_controller
- hosts: kubeworkers
become: true
roles:
- kubernetes_worker
- hosts: kubecontrollers
become: true
roles:
- apply_kubernetes_manifests
- hosts: vnc_servers
become: true
roles:
- vnc_server