learning ansible stuff

Author: robalb

.gitignore

@@ -0,0 +1,2 @@
+kubectl
+old/

ansible/inventory.yml

@@ -0,0 +1,17 @@
+virtualmachines:
+  hosts:
+    hetzner_vps_INITIAL:
+      ansible_host: 5.75.186.193
+      ansible_user: root
+    hetzner_vps:
+      ansible_host: 5.75.186.193
+      ansible_user: al
+      ansible_port: 6477
+
+# virtualmachines:
+#   hosts:
+#     hetzner_vps:
+#       ansible_host: 5.75.186.193
+#   vars:
+#     ansible_port: 6477
+#     ansible_user: al

ansible/setup/bootstrap.yml

@@ -0,0 +1,17 @@
+- name: change the initial SSH access
+  hosts: hetzner_vps_INITIAL
+  gather_facts: false
+  remote_user: root
+  vars:
+    vps_host: "{{ hostvars['hetzner_vps'].ansible_host }}"
+    vps_port: "{{ hostvars['hetzner_vps'].ansible_port }}"
+    vps_user: "{{ hostvars['hetzner_vps'].ansible_user }}"
+
+  tasks:
+  - name: Check ansible user
+    command: echo {{ vps_user }}@{{ vps_host }} -p {{ vps_port }} OK
+    delegate_to: localhost
+    connection: local
+    changed_when: false
+    failed_when: "'OK' not in check_ansible_user.stdout"
+    register: "check_ansible_user"

ansible/setup/setup.yml

@@ -1,3 +1,81 @@
-## infrastructure
+## Infrastructure
 
-infrastructure-as-code lab, hosting my personal projects
+Infrastructure-as-code lab, hosting my personal projects
+
+## getting started
+
+Insall ansible
+
+```bash
+python3 -m pip install --user ansible
+```
+
+Configure the machine ip in `inventory.yml`. You must set it both in 
+`virtualmachines` and `virtualmachines_INITIAL`, which is the initial way
+ssh access is configured, that the first ansible playbook will change
+
+Test that the INITIAL machines are accessible
+
+```bash
+ansible virtualmachines_INITIAL -m ping -i inventory.yml
+```
+
+### Roadmap
+
+#### provisioning
+
+The ubuntu machine provisioning will be handled manually. I don't need fancy stuff
+
+#### machine
+
+write ansible files to configure the host ubuntu machine.
+
+Initial step (INITIAL host,port=22,user=root): add ansible user, change ssh port
+
+all other steps (host, port=xxxx,user=ansible)
+- remove root login
+- add "al" user, define keys, docker group
+- install docker
+- install database
+
+
+#### References
+
+https://docs.ansible.com/ansible/latest/getting_started/index.html
+
+
+
+
+### Old roadmap
+
+#### k8s files
+
+define all the k8s infrastructure in a reproducible way:
+
+- introspection services, grafana, loki, prometheus.
+- analytics
+- database web management (to find, something like phpmyadmin but serious)
+- argocd
+- secrets management
+- secrets management integrated into argo (i put a link to a tutorial in telegram)
+
+
+The idea is that all the personal projects will be managed via argo, secrets and databases will be configured manually from the respective admin panels.
+
+The rest of the stuff on the cluster, such as the admin interfaces, argo, grafana etch will be defined in this repository.
+Ideally, the charts and manifests in this repo should be managed via terraform.
+
+#### machine
+
+write ansible files to configure the host ubuntu machine.
+
+- define ssh users and keys
+- install mariadb
+- install k3s
+
+the idea is that mariadb (an other future databases) will be installed outside of k3s, but on the same machine, listening on the loopback interface. The access will be provided via a Service in the namespace external-services
+
+
+#### provisioning
+
+The ubuntu machine provisioning will be handled manually. I don't need fancy stuff