Initial version of ansible roles

README.md

@@ -109,6 +109,67 @@ hepto -iface eth0 -name myfull -info > cluster-info.yaml
 helm install hepto ./helm -f cluster-info.yaml
 ```
 
+## Deploying a cluster on many nodes using Ansible
+
+This repository provides an ansible role for deploying hepto on a node. Start with an
+inventory file listing your nodes, and providing some variables, for instance:
+
+```
+---
+nodes:
+  hosts:
+    # Each host gets an entry
+    riri:
+      # Override the host IP if the node name does not resolve
+      ansible_host: "2a01:dead:beef::1"
+      # Provide an explicit node IP address (-ip)
+      node_ip: "2a01:dead:beef::101/64"
+    fifi:
+      ansible_host: "2a01:dead:beef::2"
+    loulou:
+      ansible_host: "2a01:dead:beef::3"
+      # Default role is node, explicitely set the master role here
+      node_role: master
+  vars:
+    # Copy the static node ip of any stable node (usually the master, but any node
+    # will do)
+    cluster_anchor: "2a01:dead:beef::101"
+    # This must be 64 hex randomly generated
+    cluster_key: "deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef"
+    # You may specify any option for all nodes, here a network gateway
+    node_gw: "fe80::1"
+```
+
+Then run Ansible:
+
+```
+ansible-playbook -i inventory.yaml ansible/deploy.yaml
+```
+
+Or if you wish to use cloud provisioning for deploying the nodes in the first place
+(currently supporting Hetzner only):
+
+```
+---
+all:
+  vars:
+    nodes:
+      riri:
+      fifi:
+      loulou:
+        node_role: master
+    cluster_anchor: loulou
+    cluster_key: "deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef"
+    hcloud_token: YourHCloudToken
+    hcloud_ssh_key: yourkey@host
+```
+
+Then run Ansible:
+
+```
+ansible-playbook -i inventory.yaml ansible/cloud.yaml
+```
+
 ## Development
 
 Hepto is being developped as part of an ongoing effort to provide decent

ansible/cloud.yaml

+---
+- hosts: localhost
+  roles:
+  - hetzner
+- hosts: nodes
+  roles:
+  - hepto

ansible/deploy.yaml

+---
+- hosts: all
+  roles:
+  - hepto

ansible/roles/hepto/defaults/main.yaml

+# Hepto install
+version: 78680
+hepto_url: "https://forge.tedomum.net/acides/hepto/-/jobs/{{ version }}/artifacts/raw/hepto"
+hepto_bin: /usr/local/bin/hepto.{{ version }}
+
+# Hepto general config
+systemd_dir: /etc/systemd/system
+storage_dir: /var/lib
+cluster_name: hepto
+cluster_anchor: "::1"
+node_name: "{{ inventory_hostname }}"
+node_iface: eth0
+node_role: node
+config_file: "/etc/{{ cluster_name }}/{{ node_name }}"
+

ansible/roles/hepto/tasks/main.yaml

+---
+- name: Create required directories
+  file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "/etc/{{ cluster_name }}"
+    - "/usr/local/bin"
+- name: Download hepto binary for amd64
+  get_url:
+    url: "{{ hepto_url }}"
+    dest: "{{ hepto_bin }}"
+    owner: root
+    group: root
+    mode: 755
+- name: Install hepto service file
+  template:
+    src: service.j2
+    dest: "{{ systemd_dir }}/hepto-{{ node_name }}.service"
+- name: Install hepto config file
+  template:
+    src: config.j2
+    dest: "{{ config_file }}"
+- name: Enable hepto service
+  systemd:
+    name: "hepto-{{ node_name }}"
+    daemon_reload: yes
+    state: restarted
+    enabled: yes
+
+

ansible/roles/hepto/templates/config.j2

+HEPTO_CLUSTER={{ cluster_name }}
+HEPTO_KEY={{ cluster_key }}
+HEPTO_IFACE={{ node_iface }}
+HEPTO_ROLE={{ node_role }}
+{% if cluster_anchor in hostvars %}
+HEPTO_ANCHOR={{ hostvars[cluster_anchor]['node_ip'] | ansible.utils.ipaddr('address') }}
+{% else %}
+HEPTO_ANCHOR={{ cluster_anchor }}
+{% endif %}
+{% if node_ip is defined %}
+HEPTO_IP={{ node_ip }}
+{% endif %}
+{% if node_gw is defined %}
+HEPTO_GW={{ node_gw }}
+{% endif %}

ansible/roles/hepto/templates/service.j2

+[Unit]
+Description=hepto node {{ node_name }}
+Documentation=https://acides.org
+Wants=network-online.target
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+EnvironmentFile={{ config_file }}
+Delegate=yes
+LimitNOFILE=infinity
+LimitNPROC=infinity
+LimitCORE=infinity
+TasksMax=infinity
+Type=exec
+ExecStart={{ hepto_bin }} -name {{ node_name }}
\ No newline at end of file

ansible/roles/hetzner/defaults/main.yaml

+server_type: cx11
+server_image: debian-12
+server_location: eu-central
+

ansible/roles/hetzner/tasks/main.yaml

+- name: "Create nodes"
+  hcloud_server:
+    api_token: "{{ hcloud_token }}"
+    name: "node-{{ item.key }}"
+    server_type: "{{ server_type }}"
+    image: "{{ server_image }}"
+    location: "{{ server_location }}"
+    ssh_keys:
+    - "{{ hcloud_ssh_key }}"
+    enable_ipv6: true
+    enable_ipv4: false
+    state: started
+  register: servers
+  with_dict: "{{ nodes }}"
+
+- name: Wait for nodes to be ready
+  ansible.builtin.wait_for:
+    port: 22
+    host: "{{ item.hcloud_server.ipv6 | split('/') | first }}1"
+    delay: 2
+  with_items: "{{  servers.results }}"
+
+# This is required as an intermediary step to compute the node
+# configuration to be added to inventory
+- name: "Prepare node configs"
+  set_fact:
+    name: "{{ item.item.key }}"
+    groups: nodes
+    ansible_host: "{{ item.hcloud_server.ipv6 | ansible.utils.ipaddr('net') | ansible.utils.ipaddr('1') | ansible.utils.ipaddr('address') }}"
+    ansible_user: root
+    node_gw: "fe80::1"
+    node_ip: "{{ item.hcloud_server.ipv6 | ansible.utils.ipaddr('net') | ansible.utils.ipaddr('2') }}"
+    ansible_ssh_extra_args: "-o StrictHostKeyChecking=no"
+  register: configs
+  with_items: "{{ servers.results }}"
+
+- name: "Add nodes to inventory"
+  add_host: "{{ item.ansible_facts | combine(nodes[item.ansible_facts.name]) }}"
+  with_items: "{{ configs.results }}"