Skip to content

Provisioning

The hardware in the cluster is fully provisioned and managed using Ansible. Specifically the provisioning and updating procedures of all cluster nodes are automated using two separate playbooks.

Inventory

Inside this file all hosts for the cluster and their connection details are defined.

# --- type
[raspberry]
zigbeeproxy.iske.cloud ansible_user=pi

[synology]
ryloth.iske.cloud ansible_user=pascaliske

# --- shared
[docker]
zigbeeproxy.iske.cloud

Playbooks

provision.yml

TL;DR — ansible/playbooks/provision.yml 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
---
# --- all
- name: Provision all hosts (except synology based)
  hosts: all,!synology
  roles:
    - role: common
      tags:
        - common
    - role: tailscale
      tags:
        - tailscale

# --- groups
- name: Provision Raspberry Pis
  hosts: raspberry
  roles:
    - role: log2ram
      tags:
        - log2ram

- name: Provision Docker hosts
  hosts: docker
  roles:
    - role: docker
      tags:
        - docker

For a initial and complete provisioning of all nodes the following command can be used:

$ task cluster:provision

To only run specific parts of the playbook the --tags flag can be appended to the command:

$ task cluster:provision -- --tags <tag1>[,<tag2>]

The following tags are available for usage with --tags:

  • masters
  • workers
  • common
  • journal
  • log2ram
  • logrotate
  • tailscale
  • k3s
  • minio

update.yml

TL;DR — ansible/playbooks/update.yml 
1

The update playbook allows me to simply update / patch all nodes:

$ task cluster:update

To only run specific parts of the playbook the --tags flag can be appended to the command:

$ task cluster:update -- --tags <tag1>[,<tag2>]

The following tags are available for usage with --tags:

  • masters
  • workers

cleanup.yml

TL;DR — ansible/playbooks/cleanup.yml 
1

Sometimes, logrotate and log2ram can't keep up with the log files. For this rare cases I have an cleanup playbook which allows me to cleanup the /var/log folders of all cluster nodes to prevent an overflow of the available disk space:

$ task cluster:cleanup

To only run specific parts of the playbook the --tags flag can be appended to the command:

$ task cluster:cleanup -- --tags <tag1>[,<tag2>]

The following tags are available for usage with --tags:

  • masters
  • workers
  • logs

Limit

All playbooks can be executed on a limited set of hosts using the --limit flag:

$ task cluster:<provision|update|cleanup> -- --limit <host1>[,<host2>]

Any hosts from the inventory can be used with this flag.

Vault

Some values needed for the above playbooks are stored as an encrypted secrets file using Ansible Vault.

To encrypt or decrypt I use the following commands:

$ task vault:encrypt

$ task vault:decrypt