init

2026-02-19 11:34:13 +00:00
commit f243f440c3
191 changed files with 6183 additions and 0 deletions
--- a/makefiles/00_create_and_setup_lxc_container_with_packer.mk
+++ b/makefiles/00_create_and_setup_lxc_container_with_packer.mk
@@ -0,0 +1,28 @@
+SHELL := /bin/bash
+.ONESHELL:
+.SHELLFLAGS := -eu -o pipefail -c
+
+MAKEFILE_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
+ANSIBLE_DIR   := $(abspath $(MAKEFILE_DIR)/../ansible)
+TERRAFORM_DIR := $(abspath $(MAKEFILE_DIR)/../terraform/stacks/proxmox/lxc)
+
+.PHONY: all \
+	download_lxc_template create_lxc_container install_packer
+
+all: install_packer
+
+download_lxc_template:
+	cd "$(ANSIBLE_DIR)"
+	ansible-playbook playbooks/proxmox/lxc/download_template.yml -i inventory.ini
+
+create_lxc_container: download_lxc_template
+	cd "$(TERRAFORM_DIR)"
+	terraform init
+	terraform plan  -var-file="terraform.tfvars"
+	terraform apply -auto-approve -var-file="terraform.tfvars"
+
+install_packer: create_lxc_container
+	cd "$(ANSIBLE_DIR)"
+	ansible-playbook playbooks/packer/install.yml -i inventory.ini
+
+# make -f 00_create_and_setup_lxc_container_with_packer.mk
--- a/makefiles/01_create_vm_golden_template.mk
+++ b/makefiles/01_create_vm_golden_template.mk
@@ -0,0 +1,34 @@
+SHELL := /bin/bash
+.ONESHELL:
+.SHELLFLAGS := -eu -o pipefail -c
+
+MAKEFILE_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
+ANSIBLE_DIR   := $(abspath $(MAKEFILE_DIR)/../ansible)
+
+.PHONY: all \
+	download_vm_iso push_packer_dir run_packer shutdown_lxc_container
+
+all: shutdown_lxc_container
+
+download_vm_iso:
+	cd "$(ANSIBLE_DIR)"
+	ansible-playbook playbooks/proxmox/vm/download_iso.yml -i inventory.ini
+
+push_packer_dir: download_vm_iso
+	cd "$(ANSIBLE_DIR)" && \
+	ansible-playbook playbooks/node/push_dir.yml -i inventory.ini \
+	  -l "dev-kyiv01-lxc-packer-main-01" \
+	  -e "resource_dir=/workspaces/infrastructure/packer/proxmox/debian13 target_dir=/opt/packer/proxmox/"
+
+
+run_packer: push_packer_dir
+	cd "$(ANSIBLE_DIR)"
+	ansible-playbook playbooks/packer/run.yml -i inventory.ini
+
+shutdown_lxc_container: run_packer
+	cd "$(ANSIBLE_DIR)" && \
+	ansible-playbook playbooks/node/execute_command.yml -i inventory.ini \
+	  -l "dev-kyiv01-psy-proxmox-main-01" \
+  	  -e '{"command":"pct shutdown 200"}'
+
+# make -f 01_create_vm_golden_template.mk
--- a/makefiles/02_create_vms.mk
+++ b/makefiles/02_create_vms.mk
@@ -0,0 +1,24 @@
+SHELL := /bin/bash
+.ONESHELL:
+.SHELLFLAGS := -eu -o pipefail -c
+
+MAKEFILE_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
+ANSIBLE_DIR   := $(abspath $(MAKEFILE_DIR)/../ansible)
+TERRAFORM_DIR := $(abspath $(MAKEFILE_DIR)/../terraform/stacks/proxmox/vm)
+
+.PHONY: all \
+	enable_snippets create_vms  
+
+all: create_vms
+
+enable_snippets:
+	cd "$(ANSIBLE_DIR)"
+	ansible-playbook "playbooks/proxmox/enable_snippets.yml" -i "inventory.ini"
+
+create_vms: enable_snippets
+	cd "$(TERRAFORM_DIR)"
+	terraform init
+	terraform plan  -var-file="terraform.tfvars"
+	terraform apply -auto-approve -var-file="terraform.tfvars"
+
+# make -f 02_create_vms.mk
--- a/makefiles/03_harden_nodes.mk
+++ b/makefiles/03_harden_nodes.mk
@@ -0,0 +1,31 @@
+SHELL := /bin/bash
+.ONESHELL:
+.SHELLFLAGS := -eu -o pipefail -c
+
+MAKEFILE_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
+ANSIBLE_DIR   := $(abspath $(MAKEFILE_DIR)/../ansible)
+
+.PHONY: all \
+	remove_node_user harden_nodes harden_ceph_nodes 
+
+all: harden_ceph_nodes
+
+remove_node_user:
+	cd "$(ANSIBLE_DIR)" && \
+	ansible-playbook playbooks/node/remove_user.yml -i inventory.p22.ini \
+	  -l "p22_nodes" \
+  	  -e '{"remove_user":"packer"}'
+
+harden_nodes: remove_node_user
+	cd "$(ANSIBLE_DIR)" && \
+	ansible-playbook playbooks/harden/harden_node.yml -i inventory.before_p25105.ini \
+	  -l "before_p25105_nodes" \
+  	  -e '{"ssh_port":25105}'
+
+harden_ceph_nodes: harden_nodes
+	cd "$(ANSIBLE_DIR)" && \
+	ansible-playbook playbooks/harden/harden_node.yml -i inventory.ceph.ini \
+	  -l "ceph_nodes" \
+  	  -e '{"ssh_port":22}'
+
+# make -f 03_harden_vms.mk
--- a/makefiles/04_setup_dns.mk
+++ b/makefiles/04_setup_dns.mk
@@ -0,0 +1,29 @@
+SHELL := /bin/bash
+.ONESHELL:
+.SHELLFLAGS := -eu -o pipefail -c
+
+MAKEFILE_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
+ANSIBLE_DIR   := $(abspath $(MAKEFILE_DIR)/../ansible)
+TERRAFORM_DIR := $(abspath $(MAKEFILE_DIR)/../terraform/stacks/powerdns)
+
+.PHONY: all \
+	install_powerdns setup_dns_zone_and_records setup_systemd_resolved_config
+
+all: setup_systemd_resolved_config
+
+install_powerdns:
+	cd "$(ANSIBLE_DIR)"
+	ansible-playbook playbooks/dns/install_powerdns.yml -i inventory.ini
+
+setup_dns_zone_and_records: install_powerdns
+	cd "$(TERRAFORM_DIR)"
+	terraform init
+	terraform plan  -var-file="terraform.tfvars"
+	terraform apply -auto-approve -var-file="terraform.tfvars"
+
+setup_systemd_resolved_config: setup_dns_zone_and_records
+	cd "$(ANSIBLE_DIR)"
+	ansible-playbook playbooks/dns/setup_systemd_resolved_config.yml -i inventory.ini
+
+# make -f 04_setup_dns.mk
+
--- a/makefiles/05_setup_ntp.mk
+++ b/makefiles/05_setup_ntp.mk
@@ -0,0 +1,26 @@
+SHELL := /bin/bash
+.ONESHELL:
+.SHELLFLAGS := -eu -o pipefail -c
+
+MAKEFILE_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
+ANSIBLE_DIR   := $(abspath $(MAKEFILE_DIR)/../ansible)
+
+.PHONY: all \
+	setup_edge_ntp_node setup_core_ntp_node setup_client_ntp_node
+
+all: setup_client_ntp_node
+
+setup_edge_ntp_node:
+	cd "$(ANSIBLE_DIR)"
+	ansible-playbook playbooks/ntp/chrony/00_setup_edge_ntp_node.yml -i inventory.ini
+
+setup_core_ntp_node: setup_edge_ntp_node
+	cd "$(ANSIBLE_DIR)"
+	ansible-playbook playbooks/ntp/chrony/01_setup_core_ntp_node.yml -i inventory.ini
+
+setup_client_ntp_node: setup_core_ntp_node
+	cd "$(ANSIBLE_DIR)"
+	ansible-playbook playbooks/ntp/chrony/02_setup_client_ntp_node.yml -i inventory.ini
+
+# make -f 05_setup_ntp.mk
+
--- a/makefiles/06_setup_ceph.mk
+++ b/makefiles/06_setup_ceph.mk
@@ -0,0 +1,31 @@
+SHELL := /bin/bash
+.ONESHELL:
+.SHELLFLAGS := -eu -o pipefail -c
+
+MAKEFILE_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
+ANSIBLE_DIR   := $(abspath $(MAKEFILE_DIR)/../ansible)
+
+.PHONY: all \
+	install_ceph bootstrap_ceph share_ceph_pubkey setup_cluster
+
+all: setup_cluster
+
+install_ceph:
+	cd "$(ANSIBLE_DIR)"
+	ansible-playbook playbooks/ceph/00_install.yml -i inventory.ini
+
+bootstrap_ceph: install_ceph
+	cd "$(ANSIBLE_DIR)"
+	ansible-playbook playbooks/ceph/01_bootstrap.yml -i inventory.ini
+
+share_ceph_pubkey: bootstrap_ceph
+	cd "$(ANSIBLE_DIR)"
+	ansible-playbook playbooks/ceph/02_share_pubkey.yml -i inventory.ini
+
+setup_cluster: share_ceph_pubkey
+	cd "$(ANSIBLE_DIR)"
+	ansible-playbook playbooks/ceph/03_setup_cluster.yml -i inventory.ini
+
+
+# make -f 06_setup_ceph.mk
+
--- a/makefiles/07_setup_k8s.mk
+++ b/makefiles/07_setup_k8s.mk
@@ -0,0 +1,40 @@
+SHELL := /bin/bash
+.ONESHELL:
+.SHELLFLAGS := -eu -o pipefail -c
+
+MAKEFILE_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
+ANSIBLE_DIR   := $(abspath $(MAKEFILE_DIR)/../ansible)
+
+.PHONY: all \
+	install_k8s_worker
+
+all: install_k8s_worker
+
+# install_k8s_master:
+# 	cd "$(ANSIBLE_DIR)"
+# 	ansible-playbook playbooks/k8s/install/k8s_master.yml -i inventory.ini
+
+install_k8s_worker:
+	cd "$(ANSIBLE_DIR)"
+	ansible-playbook playbooks/k8s/install/k8s_worker.yml -i inventory.ini
+
+# 1) ssh adminuser@localhost -p 10525 -i ./dev-kyiv01-vm-default-main-01
+# 2) cat /root/.kube/config # copy config to dev containers and change cluster block
+# - cluster:
+#       insecure-skip-tls-verify: true
+#       server: https://localhost:10563
+# 3) terraform apply -target=module.metallb_helm --auto-approve
+# 4) terraform apply -target=module.crunchy_operator --auto-approve
+# 5) terraform apply --auto-approve
+# 6) get gitlab credentials
+# kubectl -n postgres-operator get secret hippo-pguser-gitlab -o jsonpath='{.data.user}' | base64 -d; echo
+# kubectl -n postgres-operator get secret hippo-pguser-gitlab -o jsonpath='{.data.password}' | base64 -d; echo
+# kubectl -n postgres-operator get secret hippo-pguser-gitlab -o jsonpath='{.data.dbname}' | base64 -d; echo
+# kubectl -n postgres-operator get secret hippo-pguser-gitlab -o jsonpath='{.data.host}' | base64 -d; echo
+# kubectl -n postgres-operator get secret hippo-pguser-gitlab -o jsonpath='{.data.port}' | base64 -d; echo
+# 7) get valkey password
+# kubectl -n valkey get secret valkey-users -o jsonpath='{.data.default}' | base64 -d; echo
+
+
+# make -f 07_setup_k8s.mk
+
--- a/makefiles/bootstrap.mk
+++ b/makefiles/bootstrap.mk
@@ -0,0 +1,24 @@
+SHELL := /bin/bash
+.DEFAULT_GOAL := all
+
+MAKEFILE_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
+ANSIBLE_DIR   := $(abspath $(MAKEFILE_DIR)/../ansible)
+
+.PHONY: refresh_known_hosts all
+
+refresh_known_hosts:
+	cd "$(ANSIBLE_DIR)" && \
+	ansible-playbook playbooks/node/remove_file.yml \
+	  -i "localhost," -c local \
+	  -e "file_path=/root/.ssh/known_hosts"
+
+all: refresh_known_hosts
+# 	$(MAKE) -f 00_create_and_setup_lxc_container_with_packer.mk
+# 	$(MAKE) -f 01_create_vm_golden_template.mk
+	$(MAKE) -f 02_create_vms.mk
+	$(MAKE) -f 03_harden_nodes.mk
+	$(MAKE) -f 04_setup_dns.mk
+	$(MAKE) -f 05_setup_ntp.mk
+	$(MAKE) -f 06_setup_ceph.mk
+
+# make -f bootstrap.mk