Merge branch 'main' into ansible

notes
Progress.
2023-02-02 19:14:50 -08:00 · 2023-02-02 19:09:46 -08:00 · 2023-01-29 01:00:16 -08:00
5 changed files with 148 additions and 0 deletions
--- a/ansible/notes.txt
+++ b/ansible/notes.txt
@ -0,0 +1,40 @@
+ansible: controls remote computers via ssh using playbooks
+terraform: vm provisioning on various platforms, eg proxmox
+
+* use ansible to set up terraform on a host
+* use ansible to tell terraform to set up VMs?
+
+
+=== wsl ansible prep ===
+
+sudo apt install ansible
+
+
+
+=== proxmox ansible prep ===
+
+make ansible configure cloud image remotely:
+	https://ronamosa.io/docs/engineer/LAB/proxmox-cloudinit/
+	https://forum.proxmox.com/threads/regenerate-cloud-init-image-using-ansible.89964/
+
+make ansible install python remotely:
+	https://blog.knoldus.com/how-to-install-python-in-target-host-using-ansible/
+
+something to secure secrets:
+	https://docs.ansible.com/ansible/2.8/user_guide/vault.html
+
+use gvisor as the container kernel:
+	https://gvisor.dev/docs/user_guide/install/
+
+
+-- auth --
+create user called "ansible" using pam auth
+add an api token
+	ansible@pam!ansible_pve_token
+	cb1b5fac-035c-4cc0-a6c7-7a442e943686
+
+-- install ansible requirements --
+apt install -y python3-pip python3-dev build-essential libguestfs-tools
+pip3 install virtualenv
+
+not sure if needed: pip3 install proxmoxer requests
--- a/ansible/proxmox/clone-cloud-image.yml
+++ b/ansible/proxmox/clone-cloud-image.yml
@ -0,0 +1,18 @@
+---
+  - name: Clone VM
+    community.general.proxmox_kvm:
+      api_user: root@pam
+      api_password: "{{ lookup('keepass', 'pveroot', 'password') }}"
+      api_host: pve
+      clone: ubuntu-jammy-template
+      name: ubuntu-jammy-vm
+      node: pve
+      storage: local-lvm
+      format: raw
+      timeout: 500
+      net:
+        net0: "virtio,bridge=vmbr0"
+      #ipconfig:
+      #  ipconfig0: "ip=192.168.56.201/24"
+      #ciuser: user
+      #cipassword: hallowelt
--- a/ansible/proxmox/create-cloud-image.yml
+++ b/ansible/proxmox/create-cloud-image.yml
@ -0,0 +1,58 @@
+---
+#proxmox module documentation: https://docs.ansible.com/ansible/latest/collections/community/general/proxmox_kvm_module.html
+  - name: Download Ubuntu cloud image
+    get_url:
+      #url: https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img
+      url: https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64-disk-kvm.img #slightly smaller
+      dest: /home/ansible/jammy-server-cloudimg-amd64-disk-kvm.img
+
+  - name: Create empty VM using Cloud-Init
+    community.general.proxmox_kvm:
+      node: pve
+      api_user: root@pam
+      api_password: "{{ lookup('keepass', 'pveroot', 'password') }}"
+      api_host: pve
+      name: ubuntu-jammy-template
+      scsihw: virtio-scsi-pci
+      scsi:
+       scsi0: 'local-lvm:1,format=raw'
+      ide:
+        ide2: 'local:cloudinit,format=qcow2'
+      bootdisk: scsi0
+      ciuser: user
+      cipassword: hallowelt
+      net:
+        net0: 'virtio,bridge=vmbr0'
+      ipconfig:
+        ipconfig0: 'ip=192.168.56.230/24'
+      proxmox_default_behavior: compatibility
+
+  - name: import init disk
+    ansible.builtin.command:
+      cmd: "qm importdisk 299 /home/ansible/jammy-server-cloudimg-amd64-disk-kvm.img local-lvm"
+      creates: "/dev/mapper/pve-vm--299--disk--1"
+
+
+  - name: attache base image disk
+    ansible.builtin.lineinfile:
+      path: /etc/pve/local/qemu-server/299.conf
+      regexp: '^scsi0:.*'
+      line: 'scsi0: local-lvm:vm-299-disk-1'
+
+  - name: make vm to template
+    community.general.proxmox_kvm:
+      node: pve
+      api_user: root@pam
+      api_password: "{{ lookup('keepass', 'pveroot', 'password') }}"
+      api_host: pve
+      vmid: 299
+      name: ubuntu-jammy-template
+      scsihw: virtio-scsi-pci
+      ide:
+        ide2: 'local:cloudinit,format=qcow2'
+      bootdisk: scsi0
+      ciuser: user
+      cipassword: hallowelt
+      proxmox_default_behavior: compatibility
+      template: yes
+      update: yes
--- a/~journal/20230128
+++ b/~journal/20230128
@ -0,0 +1,13 @@
+maybe kubernetes won't have any permission issues because it has a CSI driver that supports SMB shares directly
+
+* create vm for k3s.taudris.com
+* get it running at all: ca-taudris-com
+* get persistence working with samba CSI thingy: transmission
+* get haproxy and a gui working?
+	possible to automate cert renewal?
+* get nextcloud working
+* get the rest working
+* migrate
+* tear down vm for apps.taudris.com
+
+* how to secure k8s (or whichever flavor of it)?
--- a/~journal/20230128.txt
+++ b/~journal/20230128.txt
@ -0,0 +1,19 @@
+root@72be92618e35:/var/www/html# php -f /var/www/html/cron.php
+Console has to be executed with the user that owns the file config/config.php
+Current user id: 0
+Owner id of config.php: 1002
+root@72be92618e35:/var/www/html# 
+
+
+
+root@72be92618e35:/var/www/html# cat /var/spool/cron/crontabs/www-data
+*/5 * * * * php -f /var/www/html/cron.php
+root@72be92618e35:/var/www/html# 
+
+
+
+the whole reason to run the container as a different user is to gain access to the file share
+nextcloud has the ability to use file shares as external storage
+but nextcloud has more data than what would go on the external storage, and that data also needs to be backed up
+
+looks impossible to modify the cron job to run as a different user without customizing the container :(
Author	SHA1	Message	Date
taudris	8a0d5e0b05	Merge branch 'main' into ansible	2023-02-02 19:14:50 -08:00
taudris	28e164e638	notes	2023-02-02 19:09:46 -08:00
taudris	af4121d43b	Progress.	2023-01-29 01:00:16 -08:00