diff --git a/gateway-deploy.yml b/gateway-deploy.yml new file mode 100644 index 0000000..94cffa0 --- /dev/null +++ b/gateway-deploy.yml @@ -0,0 +1,17 @@ +--- +- name: 🏗️ Create Gateway LXC container + hosts: proxmox_servers + gather_facts: false + vars_files: + - vault.yml + roles: + - role: proxmox_lxc + tags: deploy_lxc + +- name: 🚀 Deploy Gateway services + hosts: gateway_servers + vars_files: + - vault.yml + roles: + - role: gateway + tags: gateway_services \ No newline at end of file diff --git a/group_vars/all.yml b/group_vars/all.yml new file mode 100644 index 0000000..685e717 --- /dev/null +++ b/group_vars/all.yml @@ -0,0 +1,43 @@ +--- +# Общие настройки для всех хостов +timezone: Asia/Yekaterinburg +system_locale: ru_RU.UTF-8 + +proxmox_node: "Olimp" + +# Настройки пользователей +admin_user: root + +# Список пакетов для установки на всех хостах +base_packages: + - curl + - wget + - gnupg + - ca-certificates + - software-properties-common + - tree + - htop + - nano + - git + - apt-transport-https + - net-tools + - dnsutils + - iputils-ping + - traceroute + +# SSH ключи +ssh_public_keys: + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCbvnGZxQEGYuScClONbkbfVn2+Uo1kYYztXqMf9ku1lHkw+7IZa00LOMwv7QGBRvrtBcw+TWqaMst5FZ3R6oWcQc+nkBEYoRXe4f3AuuFAl9C9F6sEYM8fX6mAHIlWQhFyVslazZtVTQwnfRV0rnbtCduCu9liywM3fShFqBVwq7Y4nBjG648Zq+VfCHpbBE9XkZaMDyeOXdtppmLetywnBS33mbXMDgH09PMlRz097xfZLkpFdSi8WtDOtKSBiEHtZ+H0EZ42Cda2xMnqlgVtPxWGUirvv6CvDyTmuMzrjALZoSKhl3iD6Szd1YOJcAw6bv9gbJKxPkZchrB65ZXT ZailonOlimp" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvRBW+2Xpck2tznhWJyls5J/4wUoVYdyFM6JTU7uogK ansible@olimp" + +# Настройки контейнеров +containers: + - vmid: 221 + hostname: gateway + ip: 192.168.1.221 + template_path: "/mnt/pve/vmbackup/template/cache/ubuntu-24.04-standard_24.04-2_amd64.tar.zst" + storage: "vmsystem" + disk_size: 5 + cores: 1 + memory: 2048 + swap: 512 \ No newline at end of file diff --git a/inventories/group_vars/gateway.yml b/group_vars/gateway_servers.yml similarity index 81% rename from inventories/group_vars/gateway.yml rename to group_vars/gateway_servers.yml index c3e0bee..0a2717a 100644 --- a/inventories/group_vars/gateway.yml +++ b/group_vars/gateway_servers.yml @@ -8,12 +8,12 @@ heimdall: group_id: "1000" timezone: "Asia/Yekaterinburg" -# Настройки NPM (Nginx Proxy Manager) +# Настройки NPM npm: image: jc21/nginx-proxy-manager:latest data_dir: "/opt/npm/data" letsencrypt_dir: "/opt/npm/letsencrypt" ports: - "80:80" - - "443:443" + - "443:443" - "81:81" \ No newline at end of file diff --git a/inventories/group_vars/all.yml b/inventories/group_vars/all.yml deleted file mode 100644 index 95ae4e4..0000000 --- a/inventories/group_vars/all.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Общие настройки для всех хостов -timezone: Asia/Yekaterinburg -system_locale: ru_RU.UTF-8 - -proxmox_node: "Olimp" - -# Настройки пользователей -admin_user: root - -# Список пакетов для установки на всех хостах -base_packages: - - curl - - wget - - gnupg - - ca-certificates - - software-properties-common - - tree - - htop - - nano - - git - - apt-transport-https - - net-tools - - dnsutils - - iputils-ping - - traceroute \ No newline at end of file diff --git a/olimp-deploy.yml b/olimp-deploy.yml index 366ec32..bc08c7d 100644 --- a/olimp-deploy.yml +++ b/olimp-deploy.yml @@ -1,35 +1,28 @@ --- -- name: Create Gateway LXC container in Proxmox - hosts: proxmox +- name: 🏗️ Deploy Olimp Infrastructure + hosts: localhost gather_facts: false vars_files: - vault.yml - roles: - - role: proxmox_lxc - tags: deploy_lxc + + tasks: + - name: Include gateway deployment + include_tasks: gateway-deploy.yml + tags: gateway -- name: Base setup for gateway - hosts: gateway - vars_files: - - vault.yml - roles: - - role: base_setup - tags: base_setup - -- name: Install Docker on gateway - hosts: gateway - roles: - - role: docker - tags: deploy_docker - -- name: Deploy Heimdall service - hosts: gateway - roles: - - role: heimdall - tags: deploy_heimdall - -- name: Deploy NPM service - hosts: gateway - roles: - - role: npm - tags: deploy_npm \ No newline at end of file + - name: Display deployment summary + debug: + msg: | + 🎉 Olimp Infrastructure deployed successfully! + + Gateway Services: + - Heimdall: http://192.168.1.221:45131 + - NPM Admin: http://192.168.1.221:81 + + Next steps: + 1. Configure NPM proxy hosts + 2. Deploy database host (222) + 3. Deploy media host (223) + when: > + 'deploy_lxc' in ansible_run_tags or + 'gateway_services' in ansible_run_tags \ No newline at end of file diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml deleted file mode 100644 index d1ac40c..0000000 --- a/roles/docker/tasks/main.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- name: Add Docker GPG key - apt_key: - url: https://download.docker.com/linux/ubuntu/gpg - state: present - -- name: Add Docker repository - apt_repository: - repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu noble stable" - state: present - -- name: Install Docker packages - apt: - name: - - docker-ce - - docker-ce-cli - - containerd.io - - docker-compose-plugin - state: present - update_cache: yes - -- name: Start and enable Docker service - systemd: - name: docker - state: started - enabled: yes - -- name: Add root to docker group - user: - name: root - groups: docker - append: yes \ No newline at end of file diff --git a/roles/gateway/handlers/main.yml b/roles/gateway/handlers/main.yml new file mode 100644 index 0000000..07fb442 --- /dev/null +++ b/roles/gateway/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart docker + systemd: + name: docker + state: restarted \ No newline at end of file diff --git a/roles/gateway/tasks/main.yml b/roles/gateway/tasks/main.yml new file mode 100644 index 0000000..53bf023 --- /dev/null +++ b/roles/gateway/tasks/main.yml @@ -0,0 +1,93 @@ +--- +- name: Install system dependencies + apt: + pkg: + - aptitude + - apt-transport-https + - ca-certificates + - curl + - software-properties-common + - python3-pip + - virtualenv + - python3-setuptools + state: latest + update_cache: true + +- name: Add Docker GPG apt Key + apt_key: + url: https://download.docker.com/linux/ubuntu/gpg + state: present + +- name: Add Docker Repository + apt_repository: + repo: deb https://download.docker.com/linux/ubuntu noble stable + state: present + +- name: Install Docker CE + apt: + name: docker-ce + state: latest + update_cache: true + +- name: Install Docker Python module + pip: + name: docker + +- name: Configure Docker for LXC compatibility + copy: + content: | + { + "storage-driver": "vfs" + } + dest: /etc/docker/daemon.json + notify: restart docker + +- name: Ensure Docker daemon is running + systemd: + name: docker + state: started + enabled: yes + +- name: Create directories for services + file: + path: "{{ item.path }}" + state: directory + mode: '0755' + loop: + - { path: "{{ heimdall.config_dir }}" } + - { path: "{{ npm.data_dir }}" } + - { path: "{{ npm.letsencrypt_dir }}" } + +- name: Pull Docker images + community.docker.docker_image: + name: "{{ item.image }}" + source: pull + loop: + - { image: "{{ heimdall.image }}" } + - { image: "{{ npm.image }}" } + +- name: Deploy Heimdall container + community.docker.docker_container: + name: heimdall + image: "{{ heimdall.image }}" + state: started + restart_policy: unless-stopped + ports: + - "{{ heimdall.port }}" + volumes: + - "{{ heimdall.config_dir }}:/config" + env: + PUID: "{{ heimdall.user_id }}" + PGID: "{{ heimdall.group_id }}" + TZ: "{{ heimdall.timezone }}" + +- name: Deploy NPM container + community.docker.docker_container: + name: npm + image: "{{ npm.image }}" + state: started + restart_policy: unless-stopped + ports: "{{ npm.ports }}" + volumes: + - "{{ npm.data_dir }}:/data" + - "{{ npm.letsencrypt_dir }}:/etc/letsencrypt" \ No newline at end of file diff --git a/roles/heimdall/tasks/main.yml b/roles/heimdall/tasks/main.yml deleted file mode 100644 index 34531cc..0000000 --- a/roles/heimdall/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: Create directory for Heimdall - file: - path: "{{ heimdall.config_dir }}" - state: directory - mode: '0755' - -- name: Run Heimdall container - docker_container: - name: heimdall - image: "{{ heimdall.image }}" - state: started - restart_policy: unless-stopped - ports: - - "{{ heimdall.port }}" - volumes: - - "{{ heimdall.config_dir }}:/config" - env: - PUID: "{{ heimdall.user_id }}" - PGID: "{{ heimdall.group_id }}" - TZ: "{{ heimdall.timezone }}" \ No newline at end of file diff --git a/roles/npm/tasks/main.yml b/roles/npm/tasks/main.yml deleted file mode 100644 index 5b9bda5..0000000 --- a/roles/npm/tasks/main.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- name: Create directories for NPM - file: - path: "{{ item }}" - state: directory - mode: '0755' - loop: - - "{{ npm.data_dir }}" - - "{{ npm.letsencrypt_dir }}" - -- name: Run NPM container - docker_container: - name: npm - image: "{{ npm.image }}" - state: started - restart_policy: unless-stopped - ports: "{{ npm.ports }}" - volumes: - - "{{ npm.data_dir }}:/data" - - "{{ npm.letsencrypt_dir }}:/etc/letsencrypt" \ No newline at end of file diff --git a/roles/proxmox_lxc/handlers/main.yml b/roles/proxmox_lxc/handlers/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/proxmox_lxc/tasks/main.yml b/roles/proxmox_lxc/tasks/main.yml index 53b22b9..602c8bc 100644 --- a/roles/proxmox_lxc/tasks/main.yml +++ b/roles/proxmox_lxc/tasks/main.yml @@ -1,42 +1,73 @@ --- - name: Check if container already exists - shell: pct list | grep 221 || true + shell: pct list | grep "{{ item.vmid }}" || true register: container_check delegate_to: proxmox - changed_when: false + loop: "{{ containers }}" + loop_control: + label: "{{ item.hostname }}" -- name: Verify template exists at custom path - shell: ls -la "/mnt/pve/vmbackup/template/cache/ubuntu-24.04-standard_24.04-2_amd64.tar.zst" - register: template_check +- name: Create temporary SSH keys file on Proxmox + copy: + content: "{{ ssh_public_keys | join('\n') }}" + dest: "/tmp/ssh_keys_{{ item.vmid }}.txt" + mode: '0644' delegate_to: proxmox - changed_when: false - ignore_errors: yes + loop: "{{ containers }}" + when: "item.vmid not in container_check.results[0].stdout" + loop_control: + label: "{{ item.hostname }}" -- name: Create Gateway LXC container using correct template path +- name: Create LXC containers shell: | - pct create 221 \ - "/mnt/pve/vmbackup/template/cache/ubuntu-24.04-standard_24.04-2_amd64.tar.zst" \ - --rootfs vmsystem:5 \ - --cores 1 \ - --memory 2048 \ - --swap 512 \ - --hostname gateway \ - --net0 name=eth0,bridge=vmbr0,ip=192.168.1.221/24,gw=192.168.1.1 \ - --storage vmsystem \ + pct create {{ item.vmid }} \ + "{{ item.template_path }}" \ + --rootfs {{ item.storage }}:{{ item.disk_size }} \ + --cores {{ item.cores }} \ + --memory {{ item.memory }} \ + --swap {{ item.swap }} \ + --hostname {{ item.hostname }} \ + --net0 name=eth0,bridge=vmbr0,ip={{ item.ip }}/24,gw=192.168.1.1 \ + --storage {{ item.storage }} \ --password "{{ proxmox_root_password }}" \ - --unprivileged 1 \ + --unprivileged 0 \ + --features nesting=1 \ + --ssh-public-keys /tmp/ssh_keys_{{ item.vmid }}.txt \ --start 1 args: executable: /bin/bash delegate_to: proxmox - when: - - "'221' not in container_check.stdout" - - "template_check.rc == 0" + loop: "{{ containers }}" + when: "item.vmid not in container_check.results[0].stdout" + loop_control: + label: "{{ item.hostname }}" -- name: Wait for container SSH port to be available +- name: Remove temporary SSH keys files + file: + path: "/tmp/ssh_keys_{{ item.vmid }}.txt" + state: absent + delegate_to: proxmox + loop: "{{ containers }}" + loop_control: + label: "{{ item.hostname }}" + +- name: Configure LXC for Docker support + shell: | + pct set {{ item.vmid }} -lxc.apparmor.profile=unconfined + pct set {{ item.vmid }} -lxc.cgroup.devices.allow=a + pct set {{ item.vmid }} -lxc.cap.drop= + delegate_to: proxmox + loop: "{{ containers }}" + loop_control: + label: "{{ item.hostname }}" + +- name: Wait for containers to be ready wait_for: - host: 192.168.1.221 + host: "{{ item.ip }}" port: 22 timeout: 120 delay: 10 - delegate_to: localhost \ No newline at end of file + delegate_to: localhost + loop: "{{ containers }}" + loop_control: + label: "{{ item.hostname }}" \ No newline at end of file