zailon/olimp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update 13 files

Browse Source 
- /inventories/group_vars/all.yml
- /inventories/group_vars/gateway.yml
- /roles/npm/tasks/main.yml
- /roles/heimdall/tasks/main.yml
- /roles/docker/tasks/main.yml
- /group_vars/all.yml
- /group_vars/gateway_servers.yml
- /roles/proxmox_lxc/handlers/main.yml
- /roles/proxmox_lxc/tasks/main.yml
- /roles/gateway/handlers/main.yml
- /roles/gateway/tasks/main.yml
- /gateway-deploy.yml
- /olimp-deploy.yml
This commit is contained in:
Administrator 2025-10-14 09:15:17 +00:00
parent 0dc36f67e6
commit 299e41fd57
12 changed files with 238 additions and 155 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
gateway-deploy.yml Normal file
View File

@ -0,0 +1,17 @@
---
- name: 🏗️ Create Gateway LXC container
hosts: proxmox_servers
gather_facts: false
vars_files:
- vault.yml
roles:
- role: proxmox_lxc
tags: deploy_lxc
- name: 🚀 Deploy Gateway services
hosts: gateway_servers
vars_files:
- vault.yml
roles:
- role: gateway
tags: gateway_services

43
group_vars/all.yml Normal file
View File

@ -0,0 +1,43 @@
---
# Общие настройки для всех хостов
timezone: Asia/Yekaterinburg
system_locale: ru_RU.UTF-8
proxmox_node: "Olimp"
# Настройки пользователей
admin_user: root
# Список пакетов для установки на всех хостах
base_packages:
- curl
- wget
- gnupg
- ca-certificates
- software-properties-common
- tree
- htop
- nano
- git
- apt-transport-https
- net-tools
- dnsutils
- iputils-ping
- traceroute
# SSH ключи
ssh_public_keys:
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCbvnGZxQEGYuScClONbkbfVn2+Uo1kYYztXqMf9ku1lHkw+7IZa00LOMwv7QGBRvrtBcw+TWqaMst5FZ3R6oWcQc+nkBEYoRXe4f3AuuFAl9C9F6sEYM8fX6mAHIlWQhFyVslazZtVTQwnfRV0rnbtCduCu9liywM3fShFqBVwq7Y4nBjG648Zq+VfCHpbBE9XkZaMDyeOXdtppmLetywnBS33mbXMDgH09PMlRz097xfZLkpFdSi8WtDOtKSBiEHtZ+H0EZ42Cda2xMnqlgVtPxWGUirvv6CvDyTmuMzrjALZoSKhl3iD6Szd1YOJcAw6bv9gbJKxPkZchrB65ZXT ZailonOlimp"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvRBW+2Xpck2tznhWJyls5J/4wUoVYdyFM6JTU7uogK ansible@olimp"
# Настройки контейнеров
containers:
- vmid: 221
hostname: gateway
ip: 192.168.1.221
template_path: "/mnt/pve/vmbackup/template/cache/ubuntu-24.04-standard_24.04-2_amd64.tar.zst"
storage: "vmsystem"
disk_size: 5
cores: 1
memory: 2048
swap: 512

2
inventories/group_vars/gateway.yml → group_vars/gateway_servers.yml
View File

@ -8,7 +8,7 @@ heimdall:
group_id: "1000" group_id: "1000"
timezone: "Asia/Yekaterinburg" timezone: "Asia/Yekaterinburg"
# Настройки NPM (Nginx Proxy Manager) # Настройки NPM
npm: npm:
image: jc21/nginx-proxy-manager:latest image: jc21/nginx-proxy-manager:latest
data_dir: "/opt/npm/data" data_dir: "/opt/npm/data"

26
inventories/group_vars/all.yml
View File

@ -1,26 +0,0 @@
---
# Общие настройки для всех хостов
timezone: Asia/Yekaterinburg
system_locale: ru_RU.UTF-8
proxmox_node: "Olimp"
# Настройки пользователей
admin_user: root
# Список пакетов для установки на всех хостах
base_packages:
- curl
- wget
- gnupg
- ca-certificates
- software-properties-common
- tree
- htop
- nano
- git
- apt-transport-https
- net-tools
- dnsutils
- iputils-ping
- traceroute

47
olimp-deploy.yml
View File

@ -1,35 +1,28 @@
--- ---
- name: Create Gateway LXC container in Proxmox - name: 🏗️ Deploy Olimp Infrastructure
hosts: proxmox hosts: localhost
gather_facts: false gather_facts: false
vars_files: vars_files:
- vault.yml - vault.yml
roles:
- role: proxmox_lxc
tags: deploy_lxc
- name: Base setup for gateway tasks:
hosts: gateway - name: Include gateway deployment
vars_files: include_tasks: gateway-deploy.yml
- vault.yml tags: gateway
roles:
- role: base_setup
tags: base_setup
- name: Install Docker on gateway - name: Display deployment summary
hosts: gateway debug:
roles: msg: |
- role: docker 🎉 Olimp Infrastructure deployed successfully!
tags: deploy_docker
- name: Deploy Heimdall service Gateway Services:
hosts: gateway - Heimdall: http://192.168.1.221:45131
roles: - NPM Admin: http://192.168.1.221:81
- role: heimdall
tags: deploy_heimdall
- name: Deploy NPM service Next steps:
hosts: gateway 1. Configure NPM proxy hosts
roles: 2. Deploy database host (222)
- role: npm 3. Deploy media host (223)
tags: deploy_npm when: >
'deploy_lxc' in ansible_run_tags or
'gateway_services' in ansible_run_tags

32
roles/docker/tasks/main.yml
View File

@ -1,32 +0,0 @@
---
- name: Add Docker GPG key
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
- name: Add Docker repository
apt_repository:
repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu noble stable"
state: present
- name: Install Docker packages
apt:
name:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-compose-plugin
state: present
update_cache: yes
- name: Start and enable Docker service
systemd:
name: docker
state: started
enabled: yes
- name: Add root to docker group
user:
name: root
groups: docker
append: yes

5
roles/gateway/handlers/main.yml Normal file
View File

@ -0,0 +1,5 @@
---
- name: restart docker
systemd:
name: docker
state: restarted

93
roles/gateway/tasks/main.yml Normal file
View File

@ -0,0 +1,93 @@
---
- name: Install system dependencies
apt:
pkg:
- aptitude
- apt-transport-https
- ca-certificates
- curl
- software-properties-common
- python3-pip
- virtualenv
- python3-setuptools
state: latest
update_cache: true
- name: Add Docker GPG apt Key
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
- name: Add Docker Repository
apt_repository:
repo: deb https://download.docker.com/linux/ubuntu noble stable
state: present
- name: Install Docker CE
apt:
name: docker-ce
state: latest
update_cache: true
- name: Install Docker Python module
pip:
name: docker
- name: Configure Docker for LXC compatibility
copy:
content: |
{
"storage-driver": "vfs"
}
dest: /etc/docker/daemon.json
notify: restart docker
- name: Ensure Docker daemon is running
systemd:
name: docker
state: started
enabled: yes
- name: Create directories for services
file:
path: "{{ item.path }}"
state: directory
mode: '0755'
loop:
- { path: "{{ heimdall.config_dir }}" }
- { path: "{{ npm.data_dir }}" }
- { path: "{{ npm.letsencrypt_dir }}" }
- name: Pull Docker images
community.docker.docker_image:
name: "{{ item.image }}"
source: pull
loop:
- { image: "{{ heimdall.image }}" }
- { image: "{{ npm.image }}" }
- name: Deploy Heimdall container
community.docker.docker_container:
name: heimdall
image: "{{ heimdall.image }}"
state: started
restart_policy: unless-stopped
ports:
- "{{ heimdall.port }}"
volumes:
- "{{ heimdall.config_dir }}:/config"
env:
PUID: "{{ heimdall.user_id }}"
PGID: "{{ heimdall.group_id }}"
TZ: "{{ heimdall.timezone }}"
- name: Deploy NPM container
community.docker.docker_container:
name: npm
image: "{{ npm.image }}"
state: started
restart_policy: unless-stopped
ports: "{{ npm.ports }}"
volumes:
- "{{ npm.data_dir }}:/data"
- "{{ npm.letsencrypt_dir }}:/etc/letsencrypt"

21
roles/heimdall/tasks/main.yml
View File

@ -1,21 +0,0 @@
---
- name: Create directory for Heimdall
file:
path: "{{ heimdall.config_dir }}"
state: directory
mode: '0755'
- name: Run Heimdall container
docker_container:
name: heimdall
image: "{{ heimdall.image }}"
state: started
restart_policy: unless-stopped
ports:
- "{{ heimdall.port }}"
volumes:
- "{{ heimdall.config_dir }}:/config"
env:
PUID: "{{ heimdall.user_id }}"
PGID: "{{ heimdall.group_id }}"
TZ: "{{ heimdall.timezone }}"

20
roles/npm/tasks/main.yml
View File

@ -1,20 +0,0 @@
---
- name: Create directories for NPM
file:
path: "{{ item }}"
state: directory
mode: '0755'
loop:
- "{{ npm.data_dir }}"
- "{{ npm.letsencrypt_dir }}"
- name: Run NPM container
docker_container:
name: npm
image: "{{ npm.image }}"
state: started
restart_policy: unless-stopped
ports: "{{ npm.ports }}"
volumes:
- "{{ npm.data_dir }}:/data"
- "{{ npm.letsencrypt_dir }}:/etc/letsencrypt"

0
roles/proxmox_lxc/handlers/main.yml Normal file
View File

77
roles/proxmox_lxc/tasks/main.yml
View File

@ -1,42 +1,73 @@
--- ---
- name: Check if container already exists - name: Check if container already exists
shell: pct list | grep 221 || true shell: pct list | grep "{{ item.vmid }}" || true
register: container_check register: container_check
delegate_to: proxmox delegate_to: proxmox
changed_when: false loop: "{{ containers }}"
loop_control:
label: "{{ item.hostname }}"
- name: Verify template exists at custom path - name: Create temporary SSH keys file on Proxmox
shell: ls -la "/mnt/pve/vmbackup/template/cache/ubuntu-24.04-standard_24.04-2_amd64.tar.zst" copy:
register: template_check content: "{{ ssh_public_keys | join('\n') }}"
dest: "/tmp/ssh_keys_{{ item.vmid }}.txt"
mode: '0644'
delegate_to: proxmox delegate_to: proxmox
changed_when: false loop: "{{ containers }}"
ignore_errors: yes when: "item.vmid not in container_check.results[0].stdout"
loop_control:
label: "{{ item.hostname }}"
- name: Create Gateway LXC container using correct template path - name: Create LXC containers
shell: | shell: |
pct create 221 \ pct create {{ item.vmid }} \
"/mnt/pve/vmbackup/template/cache/ubuntu-24.04-standard_24.04-2_amd64.tar.zst" \ "{{ item.template_path }}" \
--rootfs vmsystem:5 \ --rootfs {{ item.storage }}:{{ item.disk_size }} \
--cores 1 \ --cores {{ item.cores }} \
--memory 2048 \ --memory {{ item.memory }} \
--swap 512 \ --swap {{ item.swap }} \
--hostname gateway \ --hostname {{ item.hostname }} \
--net0 name=eth0,bridge=vmbr0,ip=192.168.1.221/24,gw=192.168.1.1 \ --net0 name=eth0,bridge=vmbr0,ip={{ item.ip }}/24,gw=192.168.1.1 \
--storage vmsystem \ --storage {{ item.storage }} \
--password "{{ proxmox_root_password }}" \ --password "{{ proxmox_root_password }}" \
--unprivileged 1 \ --unprivileged 0 \
--features nesting=1 \
--ssh-public-keys /tmp/ssh_keys_{{ item.vmid }}.txt \
--start 1 --start 1
args: args:
executable: /bin/bash executable: /bin/bash
delegate_to: proxmox delegate_to: proxmox
when: loop: "{{ containers }}"
- "'221' not in container_check.stdout" when: "item.vmid not in container_check.results[0].stdout"
- "template_check.rc == 0" loop_control:
label: "{{ item.hostname }}"
- name: Wait for container SSH port to be available - name: Remove temporary SSH keys files
file:
path: "/tmp/ssh_keys_{{ item.vmid }}.txt"
state: absent
delegate_to: proxmox
loop: "{{ containers }}"
loop_control:
label: "{{ item.hostname }}"
- name: Configure LXC for Docker support
shell: |
pct set {{ item.vmid }} -lxc.apparmor.profile=unconfined
pct set {{ item.vmid }} -lxc.cgroup.devices.allow=a
pct set {{ item.vmid }} -lxc.cap.drop=
delegate_to: proxmox
loop: "{{ containers }}"
loop_control:
label: "{{ item.hostname }}"
- name: Wait for containers to be ready
wait_for: wait_for:
host: 192.168.1.221 host: "{{ item.ip }}"
port: 22 port: 22
timeout: 120 timeout: 120
delay: 10 delay: 10
delegate_to: localhost delegate_to: localhost
loop: "{{ containers }}"
loop_control:
label: "{{ item.hostname }}"