the-nine-worlds/ansible-edda
the-nine-worlds/ansible-edda
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Updates to baldur playbook for backup testing

Browse Source
This commit is contained in:
Wojciech Kozlowski 2023-09-16 08:55:21 +02:00
parent e93beef2bc
commit 83fd247504
5 changed files with 92 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
README.md
View File

@ -125,11 +125,17 @@ not being accessed/modified during this process. It is easy to access `yggdrasil
1. Create a VM on `yggdrasil` and install the same OS that is running on `yggdrasil`.
- Install the OS on a zvol on `rpool`.
- If the same VM is to be used for testing, a GUI is helpful.
- Prepare a zvol on `hpool` of size that's larger than what `yggdrasil` estimates for
`rpool/var/lib/yggdrasil/data` and mount at `/var/lib/the-nine-worlds/data`.
`rpool/var/lib/the-nine-worlds/data` and mount at `/var/lib/the-nine-worlds/data`.
- Create non-root user `wojtek` with `sudo` privileges.
2. Configure SSH to use `yggdrasil` as a jump server.
3. Service testing can then be done directly from the VM. To achieve that `/etc/hosts` needs to be
3. Set `refreserv=0` on the zvols to make snapshots take less space.
- `zfs set refreserv=0 tank/home/ahrens`
4. Use ZFS for snapshots/roolback of the zvols.
- `zfs snapshot tank/home/ahrens@friday`
- `zfs rollback tank/home/ahrens@friday`
5. Service testing can then be done directly from the VM. To achieve that `/etc/hosts` needs to be
set to directly point at the right proxy server, e.g., `10.66.3.8`, not `localhost`.
### Test
@ -161,6 +167,11 @@ not being accessed/modified during this process. It is easy to access `yggdrasil
7. Modify `/etc/hosts` in the VM to point at `baldur` for all relevant domains.
8. Test each service manually one by one. Use the Flagfox add-on to verify that you are indeed
connecting to `baldur`.
- Some containers fail to start up if the database takes too long to come online. In that case
restart the container.
- Some containers fail to start up if they cannot make DNS queries. Note that `192.168.0.0/16` is
blocked by firewall rules. If `/etc/the-nine-worlds/resolv.conf` points at a DNS resolved at
such an address all DNS queries will fail. Simply update `resolv.conf` to e.g. `1.1.1.1`.
9. Stop all the pod services with:
```sh
ansible-playbook --vault-id @vault-keyring-client.py -i inventory/baldur_production playbooks/services_stop.yml

4
inventory/baldur_production
View File

@ -17,6 +17,6 @@ baldur
# Network.
# --------------------------------------------------------------------------------------------------
# Hosts remote to the home LAN.
[remote]
# Hosts physically located within the home LAN.
[home]
baldur

4
inventory/baldur_testing
View File

@ -19,6 +19,6 @@ baldur
# Network.
# --------------------------------------------------------------------------------------------------
# Hosts remote to the home LAN.
[remote]
# Hosts physically located within the home LAN.
[home]
baldur

24
inventory/host_vars/baldur/vars.yml
View File

@ -28,32 +28,40 @@ services_resolv_host: "baldur"
services_host_services:
lrproxy:
address: "{{ vpn_bridge_prefix }}.2"
inet_address: "{{ vpn_bridge_inet_prefix }}.2"
inet6_address: "{{ vpn_bridge_inet6_prefix }}::2"
restic: true
database:
address: "{{ vpn_bridge_prefix }}.3"
inet_address: "{{ vpn_bridge_inet_prefix }}.3"
inet6_address: "{{ vpn_bridge_inet6_prefix }}::3"
restic: true
cloud:
address: "{{ vpn_bridge_prefix }}.4"
inet_address: "{{ vpn_bridge_inet_prefix }}.4"
inet6_address: "{{ vpn_bridge_inet6_prefix }}::4"
restic: true
restic_exclude:
- "external"
git:
address: "{{ vpn_bridge_prefix }}.5"
inet_address: "{{ vpn_bridge_inet_prefix }}.5"
inet6_address: "{{ vpn_bridge_inet6_prefix }}::5"
tcp: ["{{ services.git.ssh_port }}"]
restic: true
notes:
address: "{{ vpn_bridge_prefix }}.6"
inet_address: "{{ vpn_bridge_inet_prefix }}.6"
inet6_address: "{{ vpn_bridge_inet6_prefix }}::6"
restic: true
music:
address: "{{ vpn_bridge_prefix }}.7"
inet_address: "{{ vpn_bridge_inet_prefix }}.7"
inet6_address: "{{ vpn_bridge_inet6_prefix }}::7"
collection_path: "{{ music_user_data_collection_directory }}"
archive_path: "{{ music_user_data_archive_directory }}"
restic: true
rproxy:
address: "{{ vpn_bridge_prefix }}.8"
inet_address: "{{ vpn_bridge_inet_prefix }}.8"
inet6_address: "{{ vpn_bridge_inet6_prefix }}::8"
tcp: [80, 443]
restic: true
www:
address: "{{ vpn_bridge_prefix }}.9"
inet_address: "{{ vpn_bridge_inet_prefix }}.9"
inet6_address: "{{ vpn_bridge_inet6_prefix }}::9"
restic: false

60
playbooks/baldur.yml
View File

@ -19,6 +19,10 @@
- name: "baldur"
hosts: "baldur"
vars_files:
- "vars/services/volumes.yml"
- "vars/services/deploy/versions.yml"
roles:
# ----------------------------------------------------------------------------------------------
# system
@ -55,6 +59,9 @@
system_base_user_become_user: "{{ system_base_ssh_user }}"
- role: "system/directories"
tags: "system:directories"
vars:
system_directories_create_etc: true
system_directories_create_var: true
# ----------------------------------------------------------------------------------------------
# backups
@ -111,11 +118,56 @@
- "services:setup:user"
- "services:setup:user:{{ services_service_name }}"
- "services:{{ services_service_name }}:setup:user"
vars:
services_service_volumes: "{{ services_volumes[services_service_name] }}"
loop: "{{ services_host_services | dict2items | map(attribute='key') }}"
loop_control:
loop_var: "services_service_name"
tags: "always"
- name: "deploy rproxy"
ansible.builtin.include_role:
name: "services/deploy/rproxy"
apply:
tags:
- "services:rproxy"
- "services:deploy"
- "services:deploy:rproxy"
- "services:rproxy:deploy"
vars:
services_service_name: "rproxy"
services_deploy_rproxy_nginx_stream_config: "files/services/deploy/stream.conf"
services_deploy_rproxy_nginx_subdomain_config_files:
- "files/services/deploy/rproxy/nginx-conf.d/http-default.conf"
- "files/services/deploy/rproxy/nginx-conf.d/wojciechkozlowski.eu.conf"
- "files/services/deploy/rproxy/nginx-conf.d/www.wojciechkozlowski.eu.conf"
services_service_deploy_versions: "{{ services_deploy_versions.rproxy }}"
when: "'rproxy' in services_host_services"
tags: "always"
- name: "deploy lrproxy"
ansible.builtin.include_role:
name: "services/deploy/rproxy"
apply:
tags:
- "services:lrproxy"
- "services:deploy"
- "services:deploy:lrproxy"
- "services:lrproxy:deploy"
vars:
services_service_name: "lrproxy"
services_deploy_rproxy_nginx_stream_config: "files/services/deploy/stream.conf"
services_deploy_rproxy_nginx_subdomain_config_files:
- "files/services/deploy/lrproxy/nginx-conf.d/archive.music.thenineworlds.net.conf"
- "files/services/deploy/lrproxy/nginx-conf.d/cloud.wojciechkozlowski.eu.conf"
- "files/services/deploy/lrproxy/nginx-conf.d/database.thenineworlds.net.conf"
- "files/services/deploy/lrproxy/nginx-conf.d/git.thenineworlds.net.conf"
- "files/services/deploy/lrproxy/nginx-conf.d/music.thenineworlds.net.conf"
- "files/services/deploy/lrproxy/nginx-conf.d/notes.thenineworlds.net.conf"
services_service_deploy_versions: "{{ services_deploy_versions.lrproxy }}"
when: "'lrproxy' in services_host_services"
tags: "always"
- name: "deploy"
ansible.builtin.include_role:
name: "services/deploy/{{ services_service_name }}"
@ -125,7 +177,13 @@
- "services:deploy"
- "services:deploy:{{ services_service_name }}"
- "services:{{ services_service_name }}:deploy"
loop: "{{ services_host_services | dict2items | map(attribute='key') }}"
vars:
services_service_deploy_versions: "{{ services_deploy_versions[services_service_name] }}"
loop: "{{
services_host_services | dict2items |
rejectattr('key', '==', 'rproxy') |
rejectattr('key', '==', 'lrproxy') |
map(attribute='key') }}"
loop_control:
loop_var: "services_service_name"
tags: "always"