sgratias/semaphore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

push swarm et MEP

Browse Source
This commit is contained in:
sgratias
2024-07-14 16:11:48 +02:00
parent a26efe12e5
commit a5d394f7d1
14 changed files with 90 additions and 591 deletions
Download Patch File Download Diff File Expand all files Collapse all files

151
clab.log
View File

@@ -1,151 +0,0 @@
2023-11-25T22:03:50.420713495Z stdout F INFO | containerlab | time="2023-11-25T22:03:49Z" level=error msg="failed deploy phase for node \"srl\": Post \"http://%2Fvar%2Frun%2Fdocker.sock/v1.43/containers/create?name=srl\": context deadline exceeded"
2023-11-25T22:03:50.420788295Z stdout F
2023-11-25T22:03:51.628933512Z stdout F INFO | containerlab | time="2023-11-25T22:03:51Z" level=error msg="failed to update node runtime information for node srl: Node: srl. containers not found"
2023-11-25T22:03:51.629011829Z stdout F
2023-11-25T22:03:53.97872517Z stdout F INFO | containerlab | time="2023-11-25T22:03:53Z" level=info msg="Running postdeploy actions for Nokia SR Linux 'srl' node"
2023-11-25T22:03:53.978815183Z stdout F
2023-11-25T22:04:00.808544249Z stdout F INFO | containerlab | time="2023-11-25T22:04:00Z" level=warning msg="Unable to locate /etc/hosts file for srl node srl: Error response from daemon: No such container: srl"
2023-11-25T22:04:00.80863376Z stdout F time="2023-11-25T22:04:00Z" level=warning msg="Unable to populate hosts for node \"srl\": Error response from daemon: No such container: srl"
2023-11-25T22:04:00.808670504Z stdout F time="2023-11-25T22:04:00Z" level=error msg="srl: failed to execute cmd: \"/opt/srlinux/bin/sr_cli -d info from state system app-management application mgmt_server state | grep running\" with error Error response from daemon: No such container: srl"
2023-11-25T22:04:00.808701938Z stdout F
2023-11-25T22:04:00.808729937Z stdout F INFO | containerlab | panic: runtime error: invalid memory address or nil pointer dereference
2023-11-25T22:04:00.808755439Z stdout F [signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x24c323b]
2023-11-25T22:04:00.808776851Z stdout F
2023-11-25T22:04:00.808799942Z stdout F goroutine 68 [running]:
2023-11-25T22:04:00.808822961Z stdout F github.com/srl-labs/containerlab/clab/exec.(*ExecResult).GetReturnCode(...)
2023-11-25T22:04:00.808847792Z stdout F github.com/srl-labs/containerlab/clab/exec/exec.go:140
2023-11-25T22:04:00.808873193Z stdout F github.com/srl-labs/containerlab/nodes/srl.(*srl).Ready(0xc000b64000, {0x352d1e8?, 0xc0005ceb40?})
2023-11-25T22:04:00.808896667Z stdout F github.com/srl-labs/containerlab/nodes/srl/srl.go:388 +0x1db
2023-11-25T22:04:00.808919641Z stdout F github.com/srl-labs/containerlab/nodes/srl.(*srl).PostDeploy(0xc000b64000, {0x352d1e8, 0xc0005ceb40}, 0xc000da4320)
2023-11-25T22:04:00.808942725Z stdout F github.com/srl-labs/containerlab/nodes/srl/srl.go:317 +0x3d3
2023-11-25T22:04:00.808967871Z stdout F github.com/srl-labs/containerlab/cmd.deployFn.func1({0x354fdb0, 0xc000b64000}, 0xc000b66120?)
2023-11-25T22:04:00.808991524Z stdout F github.com/srl-labs/containerlab/cmd/deploy.go:257 +0xdf
2023-11-25T22:04:00.809014233Z stdout F created by github.com/srl-labs/containerlab/cmd.deployFn
2023-11-25T22:04:00.809036975Z stdout F github.com/srl-labs/containerlab/cmd/deploy.go:254 +0x1965
2023-11-25T22:04:00.809057625Z stdout F
2023-11-25T22:04:00.949400836Z stdout F CRITICAL | clabernetes | failed launching containerlab, err: exit status 2
2023-11-25T22:04:00.984734741Z stdout F CRITICAL | clabernetes | received signal 'interrupt', canceling context
2023-11-25T19:50:55.714307172Z stdout F INFO | clabernetes | image pull through mode "auto", start image pull through attempt...
2023-11-25T19:50:55.714397331Z stdout F INFO | clabernetes | attempting containerd image pull through...
2023-11-25T19:59:20.245154095Z stdout F INFO | clabernetes | Loaded image: ghcr.io/nokia/srlinux:latest
2023-11-25T19:59:20.245272355Z stdout F
2023-11-25T19:59:22.23484068Z stdout F INFO | containerlab | time="2023-11-25T19:59:22Z" level=info msg="Containerlab v0.48.2 started"
2023-11-25T19:59:22.234881849Z stdout F
2023-11-25T19:59:22.444458147Z stdout F INFO | containerlab | time="2023-11-25T19:59:22Z" level=info msg="Parsing & checking topology file: topo.clab.yaml"
2023-11-25T19:59:22.444492911Z stdout F
2023-11-25T19:59:22.455449236Z stdout F INFO | containerlab | time="2023-11-25T19:59:22Z" level=info msg="Creating docker network: Name=\"clab\", IPv4Subnet=\"172.20.20.0/24\", IPv6Subnet=\"2001:172:20:20::/64\", MTU='ל'"
2023-11-25T19:59:22.455530224Z stdout F
2023-11-25T19:59:23.435162806Z stdout F INFO | containerlab | time="2023-11-25T19:59:23Z" level=warning msg="failed to enable LLDP on docker bridge: open /sys/class/net/br-994c18a1defc/bridge/group_fwd_mask: read-only file system"
2023-11-25T19:59:23.435256921Z stdout F
2023-11-25T19:59:23.480503179Z stdout F INFO | containerlab | time="2023-11-25T19:59:23Z" level=info msg="Creating lab directory: /clabernetes/clab-clabernetes-srl1"
2023-11-25T19:59:23.480640357Z stdout F
2023-11-25T19:59:27.974870293Z stdout F INFO | containerlab | time="2023-11-25T19:59:27Z" level=info msg="Creating container: \"srl1\""
2023-11-25T19:59:27.974938434Z stdout F
2023-11-25T20:01:27.971503837Z stdout F INFO | containerlab | time="2023-11-25T20:01:27Z" level=error msg="failed deploy phase for node \"srl1\": Post \"http://%2Fvar%2Frun%2Fdocker.sock/v1.43/containers/create?name=srl1\": context deadline exceeded"
2023-11-25T20:01:27.971587737Z stdout F
2023-11-25T20:01:28.430297714Z stdout F INFO | containerlab | time="2023-11-25T20:01:28Z" level=error msg="failed to update node runtime information for node srl1: Node: srl1. containers not found"
2023-11-25T20:01:28.430339171Z stdout F
2023-11-25T20:01:28.602932015Z stdout F INFO | containerlab | time="2023-11-25T20:01:28Z" level=info msg="Running postdeploy actions for Nokia SR Linux 'srl1' node"
2023-11-25T20:01:28.603180654Z stdout F
2023-11-25T20:01:31.06416448Z stdout F INFO | containerlab | time="2023-11-25T20:01:31Z" level=warning msg="Unable to locate /etc/hosts file for srl node srl1: Error response from daemon: No such container: srl1"
2023-11-25T20:01:31.064257016Z stdout F
2023-11-25T20:01:31.064289639Z stdout F INFO | containerlab | time="2023-11-25T20:01:31Z" level=warning msg="Unable to populate hosts for node \"srl1\": Error response from daemon: No such container: srl1"
2023-11-25T20:01:31.06431792Z stdout F
2023-11-25T20:01:31.064352575Z stdout F INFO | containerlab | time="2023-11-25T20:01:31Z" level=error msg="srl1: failed to execute cmd: \"/opt/srlinux/bin/sr_cli -d info from state system app-management application mgmt_server state | grep running\" with error Error response from daemon: No such container: srl1"
2023-11-25T20:01:31.064380338Z stdout F
2023-11-25T20:01:31.064411739Z stdout F INFO | containerlab | panic: runtime error: invalid memory address or nil pointer dereference
2023-11-25T20:01:31.064450815Z stdout F [signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x24c323b]
2023-11-25T20:01:31.064478957Z stdout F
2023-11-25T20:01:31.064507095Z stdout F goroutine 15 [running
2023-11-25T20:01:31.064542774Z stdout F INFO | containerlab | ]:
2023-11-25T20:01:31.064571797Z stdout F
2023-11-25T20:01:31.129363022Z stdout F INFO | containerlab | github.com/srl-labs/containerlab/clab/exec.(*ExecResult).GetReturnCode(...)
2023-11-25T20:01:31.129600761Z stdout F github.com/srl-labs/containerlab/clab/exec/exec.go:140
2023-11-25T20:01:31.129636192Z stdout F github.com/srl-labs/containerlab/nodes/srl.(*srl).Ready(0xc0002102d0, {0x352d1e8?, 0xc0000c89b0?}
2023-11-25T20:01:31.129719767Z stdout F INFO | containerlab | )
2023-11-25T20:01:31.12974786Z stdout F github.com/srl-labs/containerlab/nodes/srl/srl.go:388 +0x1db
2023-11-25T20:01:31.129775563Z stdout F github.com/srl-labs/containerlab/nodes/srl.(*srl).PostDeploy(0xc0002102d0, {0x352d1e8, 0xc0000c89b0}, 0xc0000fdb18)
2023-11-25T20:01:31.129802839Z stdout F github.com/srl-labs/containerlab/nodes/srl/srl.go:317 +0x3d3
2023-11-25T20:01:31.129827404Z stdout F
2023-11-25T20:01:31.143964638Z stdout F INFO | containerlab | github.com/srl-labs/containerlab/cmd.deployFn.func1
2023-11-25T20:01:31.144046567Z stdout F INFO | containerlab | ({0x354fdb0, 0xc0002102d0}, 0x0?)
2023-11-25T20:01:31.144082174Z stdout F github.com/srl-labs/containerlab/cmd/deploy.go:257 +0xdf
2023-11-25T20:01:31.144110571Z stdout F created by github.com/srl-labs/containerlab/cmd.deployFn
2023-11-25T20:01:31.144136816Z stdout F
2023-11-25T20:01:31.144166728Z stdout F INFO | containerlab | github.com/srl-labs/containerlab/cmd/deploy.go:254 +0x1965
2023-11-25T20:01:31.144249241Z stdout F
2023-11-25T20:01:31.295197674Z stdout F CRITICAL | clabernetes | failed launching containerlab, err: exit status 2
2023-11-25T20:01:31.410077704Z stdout F CRITICAL | clabernetes | received signal 'interrupt', canceling context
2023-11-25T20:01:43.449200999Z stdout F INFO | clabernetes | starting clabernetes...
2023-11-25T20:01:43.494512064Z stdout F INFO | clabernetes | mount: /sys/fs/cgroup mounted on /sys/fs/cgroup.
Single node
al launch...
2023-11-25T21:40:00.112711098Z stdout F INFO | containerlab | time="2023-11-25T21:40:00Z" level=info msg="Containerlab v0.48.2 started"
2023-11-25T21:40:00.112778023Z stdout F
2023-11-25T21:40:00.13724042Z stdout F INFO | containerlab | time="2023-11-25T21:40:00Z" level=info msg="Parsing & checking topology file: topo.clab.yaml"
2023-11-25T21:40:00.137472688Z stdout F
2023-11-25T21:40:00.143557831Z stdout F INFO | containerlab | time="2023-11-25T21:40:00Z" level=info msg="Creating docker network: Name=\"clab\", IPv4Subnet=\"172.20.20.0/24\", IPv6Subnet=\"2001:172:20:20::/64\", MTU='ל'"
2023-11-25T21:40:00.143647911Z stdout F
2023-11-25T21:40:00.492185834Z stdout F INFO | containerlab | time="2023-11-25T21:40:00Z" level=warning msg="failed to enable LLDP on docker bridge: open /sys/class/net/br-376acb86d58c/bridge/group_fwd_mask: read-only file system"
2023-11-25T21:40:00.492282082Z stdout F
2023-11-25T21:40:00.521162645Z stdout F INFO | containerlab | time="2023-11-25T21:40:00Z" level=info msg="Could not read docker config: open /root/.docker/config.json: no such file or directory"
2023-11-25T21:40:00.521365379Z stdout F time="2023-11-25T21:40:00Z" level=info msg="Pulling ghcr.io/nokia/srlinux:latest Docker image"
2023-11-25T21:40:00.521394826Z stdout F
2023-11-25T21:45:35.644747445Z stdout F INFO | containerlab | time="2023-11-25T21:45:35Z" level=info msg="Done pulling ghcr.io/nokia/srlinux:latest"
2023-11-25T21:45:35.64490762Z stdout F
2023-11-25T21:45:35.651853854Z stdout F INFO | containerlab | time="2023-11-25T21:45:35Z" level=info msg="Creating lab directory: /clabernetes/clab-clabernetes-srl"
2023-11-25T21:45:35.651933847Z stdout F
2023-11-25T21:45:38.617156266Z stdout F INFO | containerlab | time="2023-11-25T21:45:38Z" level=info msg="Creating container: \"srl\""
2023-11-25T21:45:38.617243114Z stdout F
2023-11-25T21:47:38.934919044Z stdout F INFO | containerlab | time="2023-11-25T21:47:38Z" level=error msg="failed deploy phase for node \"srl\": Post \"http://%2Fvar%2Frun%2Fdocker.sock/v1.43/containers/create?name=srl\": context deadline exceeded"
2023-11-25T21:47:38.934992495Z stdout F
2023-11-25T21:47:39.338589008Z stdout F INFO | containerlab | time="2023-11-25T21:47:39Z" level=error msg="failed to update node runtime information for node srl: Node: srl. containers not found"
2023-11-25T21:47:39.338675886Z stdout F
2023-11-25T21:47:39.63536634Z stdout F INFO | containerlab | time="2023-11-25T21:47:39Z" level=info msg="Running postdeploy actions for Nokia SR Linux 'srl' node"
2023-11-25T21:47:39.635471333Z stdout F
2023-11-25T21:47:44.137304767Z stdout F INFO | containerlab | time="2023-11-25T21:47:44Z" level=warning msg="Unable to locate /etc/hosts file for srl node srl: Error response from daemon: No such container: srl"
2023-11-25T21:47:44.137413517Z stdout F time="2023-11-25T21:47:44Z" level=warning msg="Unable to populate hosts for node \"srl\": Error response from daemon: No such container: srl"
2023-11-25T21:47:44.137452575Z stdout F
2023-11-25T21:47:44.14386319Z stdout F INFO | containerlab | time="2023-11-25T21:47:44Z" level=error msg="srl: failed to execute cmd: \"/opt/srlinux/bin/sr_cli -d info from state system app-management application mgmt_server state | grep running\" with error Error response from daemon: No such container: srl"
2023-11-25T21:47:44.143969736Z stdout F
2023-11-25T21:47:44.156895638Z stdout F INFO | containerlab | Error: could not get container for node srl: Node: srl. containers not found
2023-11-25T21:47:44.156991621Z stdout F
2023-11-25T21:47:44.178394285Z stdout F INFO | containerlab | panic:
2023-11-25T21:47:44.197911583Z stdout F INFO | containerlab | runtime error: invalid memory address or nil pointer dereference
2023-11-25T21:47:44.198000328Z stdout F [signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x24c323b]
2023-11-25T21:47:44.198037998Z stdout F
2023-11-25T21:47:44.198076865Z stdout F goroutine 29 [running]:
2023-11-25T21:47:44.198111509Z stdout F
2023-11-25T21:47:44.255419442Z stdout F INFO | containerlab | github.com/srl-labs/containerlab/clab/exec.(*ExecResult).GetReturnCode(...)
2023-11-25T21:47:44.255510381Z stdout F github.com/srl-labs/containerlab/clab/exec/exec.go:140
2023-11-25T21:47:44.25555086Z stdout F github.com/srl-labs/containerlab/nodes/srl.(*srl).Ready(0xc00050e000, {0x352d1e8?, 0xc000102e10?})
2023-11-25T21:47:44.255582399Z stdout F github.com/srl-labs/containerlab/nodes/srl/srl.go:388 +0x1db
2023-11-25T21:47:44.255614497Z stdout F github.com/srl-labs/containerlab/nodes/srl.(*srl).PostDeploy(0xc00050e000, {0x352d1e8, 0xc000102e10}, 0xc000e282b8)
2023-11-25T21:47:44.255644277Z stdout F github.com/srl-labs/containerlab/nodes/srl/srl.go:317 +0x3d3
2023-11-25T21:47:44.255673608Z stdout F github.com/srl-labs/containerlab/cmd.deployFn.func1({0x354fdb0, 0xc00050e000}, 0xc000e1e120?)
2023-11-25T21:47:44.255757486Z stdout F github.com/srl-labs/containerlab/cmd/deploy.go:257 +0xdf
2023-11-25T21:47:44.255783978Z stdout F created by github.com/srl-labs/containerlab/cmd.deployFn
2023-11-25T21:47:44.255809769Z stdout F github.com/srl-labs/containerlab/cmd/deploy.go:254 +0x1965
2023-11-25T21:47:44.255833123Z stdout F
2023-11-25T21:47:44.504319871Z stdout F CRITICAL | clabernetes | failed launching containerlab, err: exit status 2
2023-11-25T21:47:44.633490194Z stdout F CRITICAL | clabernetes | received signal 'interrupt', canceling context

156
files/swarm/stack.yml
View File

@@ -1,156 +0,0 @@
version: '3.13'
# https://github.com/akhil/traefik-docker-swarm-example/blob/master/traefik.yml
# services:
# traefik:
# # Image tag (replace with yours)
# image: traefik:latest
# command:
# - "--log.level=DEBUG"
# - "--accesslog=true"
# - "--api.dashboard=true"
# - "--api.insecure=true"
# - "--entryPoints.web.address=:80"
# - "--entryPoints.websecure.address=:443"
# - "--providers.docker=true"
# - "--providers.docker.watch=true"
# - "--providers.swarm=true"
# - "--providers.docker.network=public"
# - "--providers.docker.endpoint=unix:///var/run/docker.sock"
# - "--providers.docker.exposedByDefault=false"
# - "--providers.file.filename=/etc/traefik/configs/traefik-dynamic-configuration.yml"
# # - "--metrics.prometheus=true"
# # - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0"
# - "--global.checkNewVersion=true"
# - "--global.sendAnonymousUsage=false"
# volumes:
# - /var/run/docker.sock:/var/run/docker.sock
# networks:
# - public
# ports:
# - "80:80"
# - "443:443"
# # For Mattermost
# # - "8443:8443"
# configs:
# - source: traefik-dynamic-configuration
# target: /etc/traefik/configs/traefik-dynamic-configuration.yml
# secrets:
# - wildcard-jingoh-private.crt
# - wildcard-jingoh-private.key
# deploy:
# mode: replicated
# replicas: 1
# placement:
# constraints:
# - node.role == manager
# update_config:
# delay: 15s
# parallelism: 1
# monitor: 10s
# failure_action: rollback
# max_failure_ratio: 0.55
# # Container resources (replace with yours)
# resources:
# limits:
# cpus: '1.55'
# memory: 2G
# reservations:
# cpus: '0.55'
# memory: 1G
# labels:
# - "traefik.enable=true"
# # Traefik URL (replace with yours)
# - "traefik.http.routers.dashboard.rule=Host(`traefikswarm.jingoh.private`)"
# - "traefik.http.routers.dashboard.service=api@internal"
# - "traefik.http.routers.dashboard.entrypoints=websecure"
# - "traefik.http.services.dashboard.loadbalancer.server.port=8080"
# - "traefik.http.routers.dashboard.tls=true"
# - "traefik.http.services.dashboard.loadbalancer.passhostheader=true"
# - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
# - "traefik.http.routers.http-catchall.entrypoints=web"
# - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
# - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
# agent:
# image: portainer/agent:latest
# environment:
# # REQUIRED: Should be equal to the service name prefixed by "tasks." when
# # deployed inside an overlay network
# AGENT_CLUSTER_ADDR: tasks.agent
# # AGENT_PORT: 9001
# # LOG_LEVEL: debug
# volumes:
# - /var/run/docker.sock:/var/run/docker.sock
# - /var/lib/docker/volumes:/var/lib/docker/volumes
# networks:
# - agent_network
# deploy:
# mode: global
# placement:
# constraints: [node.platform.os == linux]
# portainer:
# image: portainer/portainer-ce:latest
# command: -H tcp://tasks.agent:9001 --tlsskipverify --http-enabled
# volumes:
# - /var/run/docker.sock:/var/run/docker.sock
# - portainer_data:/data
# - /etc/localtime:/etc/localtime
# networks:
# - public
# - agent_network
# deploy:
# mode: replicated
# replicas: 1
# placement:
# constraints: [node.role == manager]
# labels:
# - "traefik.enable=true"
# - "traefik.http.routers.portainer.rule=Host(`portainer.jingoh.private`)"
# - "traefik.http.routers.portainer.entrypoints=websecure"
# - "traefik.http.routers.portainer.service=portainer"
# - "traefik.http.services.portainer.loadbalancer.server.port=9443"
# - "traefik.http.routers.portainer.tls=true"
# - "traefik.http.services.portainer.loadbalancer.passhostheader=true"
# # Edge
# - "traefik.http.routers.edge.rule=Host(`edge.jingoh.private`)"
# - "traefik.http.routers.edge.entrypoints=websecure"
# - "traefik.http.services.edge.loadbalancer.server.port=8000"
# - "traefik.http.routers.edge.service=edge"
# - "traefik.http.routers.edge.tls=true"
# - "traefik.http.services.edge.loadbalancer.passhostheader=true"
# whoami:
# image: "traefik/whoami"
# deploy:
# labels:
# - "traefik.enable=true"
# - "traefik.http.routers.whoami.rule=Host(`whoamitest.jingoh.private`)"
# - "traefik.http.routers.whoami.entrypoints=websecure"
# - "traefik.http.services.whoami.loadbalancer.server.port=80"
# - "traefik.http.routers.whoami.tls=true"
# - "traefik.http.services.whoami.loadbalancer.passhostheader=true"
# networks:
# - public
# networks:
# public:
# external: true
# agent_network:
# external: true
# attachable: true
# volumes:
# portainer_data:
# configs:
# traefik-dynamic-configuration:
# external: true
# secrets:
# wildcard-jingoh-private.crt:
# external: true
# wildcard-jingoh-private.key:
# external: true

16
group_vars/all.yml
View File

@@ -21,20 +21,20 @@ package_repo:
- sshpass
#* FIREWALL
#* FIREWALL
firewall_allowed_tcp_ports:
- "22"
- "80"
- "443"
- "9100"
#! Kubernetes control plane ports
- "6443"
- "2379"
- "2380"
- "10250"
- "10259"
- "10257"
# #! Kubernetes control plane ports
# - "6443"
# - "2379"
# - "2380"
# - "10250"
# - "10259"
# - "10257"
# - "9090"
# - "3000"
# - "9323"

139
group_vars/controller.yml
View File

@@ -1,139 +0,0 @@
# ---
# install_docker: true
# install_fail2ban: true
# package_list:
# - name: python3-pip
# - name: proxychains
# ########
# # USER #
# ########
# management_user_list:
# - name: stephane
# shell: '/bin/bash'
# authorized_keys:
# - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClVS1uxDfwS6OusQ4qgcZ6hBc8YRBE8MyXu0sUfGN7S3itjI3W2ixD18v80el8dVQVR12jCY0ueavgoV1cHrfGWkFoLKi+QrA4MuSNUChj0NBbyLTmdwPvne8LRv3ttCbRSJ/6bIEveX8y/7kGn/R1NDFlfE6b5R8ersBUKCQM6YxblAkv/XH8cJlQXhr1nLhVOl/ae+Q/pTCbgioB8qrmGEuMvOLmavcFf7IJbJcSgeiXSOnyIRl2n64X6lbRK+MRZ61pF6vAOXA+Ixyt/fAbO7sjqU0+cEhU5Br5/VcqG4Bc5nhWimtXIHPry3aLV5PtN6K9/i3eA5F6Jpa82JzmUMEbWSBIga02yIw9GjRyAI6ccH/kJGuB6QN5/YwGHpOF2f0FGiEAbUz41mLngN3SsXL1pdV2hT3x56/GIcGe6p/f1cytwVCyOaE7W87B05w5JYb1sSFj6QuGW0rHWfnHT5SY87Mk/H8VgZPaPbm+hSjLIQRAmUYQR+Rub1o9bXE= stephane"
# exclusive: yes
# sudo:
# hosts: ALL
# as: ALL
# commands: ALL
# nopasswd: ALL
# ################
# # SSH - CLIENT #
# ################
# # ssh_drop_in_name: null
# # #ssh_user: root
# # ssh:
# # # noqa var-naming
# # Compression: true
# # GSSAPIAuthentication: false
# # # wokeignore:rule=master
# # ControlMaster: auto
# # ControlPath: ~/.ssh/.cm%C
# # Match:
# # - Condition: "final all"
# # GSSAPIAuthentication: true
# # Host:
# # - Condition: example
# # Hostname: example.com
# # User: somebody
# # ssh_ForwardX11: false
# #################
# # SSH - SERVEUR #
# #################
# sshd_skip_defaults: true
# sshd_config_file: /etc/ssh/sshd_config
# sshd_AuthorizedKeysFile: .ssh/authorized_keys
# sshd_AcceptEnv: "LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION LC_ALL"
# sshd_Protocol: 2
# sshd_LoginGraceTime: 30
# sshd_SyslogFacility: AUTH
# sshd_LogLevel: VERBOSE
# sshd_PermitRootLogin: 'no'
# sshd_StrictModes: 'yes'
# sshd_IgnoreRhosts: 'yes'
# sshd_HostbasedAuthentication: 'no'
# sshd_PasswordAuthentication: 'no'
# sshd_PermitEmptyPasswords: 'no'
# sshd_ChallengeResponseAuthentication: 'no'
# sshd_GSSAPIAuthentication: 'no'
# sshd_X11DisplayOffset: 10
# sshd_PrintMotd: 'yes'
# sshd_PrintLastLog: 'yes'
# sshd_TCPKeepAlive: 'yes'
# sshd_Subsystem: "sftp /usr/lib/openssh/sftp-server"
# sshd_UsePAM: 'yes'
# sshd_UseDNS: 'no'
# sshd_KexAlgorithms: "curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256"
# sshd_Ciphers: "chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr"
# sshd_MACs: "hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com"
# sshd_HostKey:
# - /etc/ssh/ssh_host_rsa_key
# #######
# # APT #
# #######
# apt_upgrade: true
# apt_repositories: []
# apt_ppas: []
# # # nginx ppa repo
# # - repo: ppa:nginx/stable
# # # not needed on ubuntu distribution
# # #codename: trusty
# # apt_packages:
# # - name: python3-pip
# #########
# # ALERT #
# #########
# alert_username: jingohalert
# alert_password: jMVmbM2VQ5gEiV
# alert_vault: "Jingoh0947;"
# alert_list_server:
# - '"163.172.84.28"'
# - '"37.187.127.90"'
# alert_server_ssl: gitea.jingoh.fr
# ##########
# # CHISEL #
# ##########
# chisel_version: 1.8.1
# chisel_server_host: 163.172.84.28
# chisel_server_port: 8080
# chisel_client_auth_username: user
# chisel_client_auth_password: pass
# chisel_remove_all:
# - "{{ chisel_service_destination }}"
# - "{{ chisel_config_folder }}"
# - "{{ chisel_download_destination }}"
# - "{{ chisel_install_destination }}"
# - /var/log/chisel
# test_vault: !vault |
# $ANSIBLE_VAULT;1.2;AES256;prod
# 36663965646236326237623936646161653232306263353564666238626564633530363761633164
# 6166363235383964626463353061343635626431396664660a333231303661343362353162353938
# 32373332373362656635393365363635313137306532366536323765346464336634653366383961
# 3965626433316138320a366336393034383065363134623239646230396432356431383935346463
# 6330

57
hardening.yml
View File

@@ -1,4 +1,4 @@
- hosts: kubernetes
- hosts: docker_swarm_worker
# vars:
become: true
gather_facts: true
@@ -128,46 +128,35 @@
name: sshd.service
state: reloaded
# - name: Retrieve private IP address netbird
# ansible.builtin.gather_facts:
- name: Retrieve private IP address netbird
ansible.builtin.gather_facts:
# - name: Set host_interfaces list
# ansible.builtin.set_fact:
# host_interfaces: "{{ host_interfaces + [item]}}"
# vars:
# host_interfaces: []
# when: ansible_facts[item].ipv4.address is defined
# loop: "{{ ansible_facts.interfaces }}"
- name: Set host_interfaces list
ansible.builtin.set_fact:
host_interfaces: "{{ host_interfaces + [item]}}"
vars:
host_interfaces: []
when: ansible_facts[item].ipv4.address is defined
loop: "{{ ansible_facts.interfaces }}"
# - name: Set host_private_address
# ansible.builtin.set_fact:
# host_private_address: "{{ ansible_facts[item].ipv4.address }}"
# vars:
# host_private_address: ""
# when: ansible_facts[item].ipv4.address | ansible.utils.ipaddr('100.96.0.0/16')
# loop: "{{ host_interfaces }}"
- name: Set host_private_address
ansible.builtin.set_fact:
host_private_address: "{{ ansible_facts[item].ipv4.address }}"
vars:
host_private_address: ""
when: ansible_facts[item].ipv4.address | ansible.utils.ipaddr('100.96.0.0/16')
loop: "{{ host_interfaces }}"
# - name: Debug host_private_address for ALL hosts
# debug:
# msg: "{{ host_private_address }}"
- name: Debug host_private_address for ALL hosts
debug:
msg: "{{ host_private_address }}"
#! Set up docker socket for monitoring
# apiVersion: v1
# kind: PersistentVolumeClaim
# metadata:
# name: coroot-prometheus-server
# spec:
# storageClassName: manual
# accessModes:
# - ReadWriteOnce
# resources:
# requests:
# storage: 15Gi
# - ansible.builtin.import_role:
# name: prometheus.prometheus.node_exporter
- ansible.builtin.import_role:
name: prometheus.prometheus.node_exporter
# - ansible.builtin.import_role:
# name: prometheus.prometheus.prometheus

19
host_vars/ovh01.yml
View File

@@ -1,7 +1,24 @@
---
#* SWARM
docker_swarm_addr: 100.96.125.190
docker_swarm_interface: wt0
pip_install_packages:
- docker
- jsondiff
- jsondiff
#* FIREWALL
firewall_allowed_udp_ports:
#! Docker swarm
- "7946"
- "4789"
firewall_allowed_tcp_ports:
- "22"
- "80"
- "443"
- "9100"
#! Docker swarm
- "2377"
- "7946"

47
host_vars/ovh_master.yml
View File

@@ -1,47 +0,0 @@
---
pip_executable: pip
pip_install_packages:
- kubernetes
package_list:
- name: python3-pip
# clabernetes
- name: jq
install_docker: true
helm_version: 'v3.13.2'
management_user_list:
- name: stephane
shell: '/bin/bash'
authorized_keys:
- key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClVS1uxDfwS6OusQ4qgcZ6hBc8YRBE8MyXu0sUfGN7S3itjI3W2ixD18v80el8dVQVR12jCY0ueavgoV1cHrfGWkFoLKi+QrA4MuSNUChj0NBbyLTmdwPvne8LRv3ttCbRSJ/6bIEveX8y/7kGn/R1NDFlfE6b5R8ersBUKCQM6YxblAkv/XH8cJlQXhr1nLhVOl/ae+Q/pTCbgioB8qrmGEuMvOLmavcFf7IJbJcSgeiXSOnyIRl2n64X6lbRK+MRZ61pF6vAOXA+Ixyt/fAbO7sjqU0+cEhU5Br5/VcqG4Bc5nhWimtXIHPry3aLV5PtN6K9/i3eA5F6Jpa82JzmUMEbWSBIga02yIw9GjRyAI6ccH/kJGuB6QN5/YwGHpOF2f0FGiEAbUz41mLngN3SsXL1pdV2hT3x56/GIcGe6p/f1cytwVCyOaE7W87B05w5JYb1sSFj6QuGW0rHWfnHT5SY87Mk/H8VgZPaPbm+hSjLIQRAmUYQR+Rub1o9bXE= stephane"
exclusive: yes
sudo:
hosts: ALL
as: ALL
commands: ALL
nopasswd: ALL
# ##########
# # CHISEL #
# ##########
# chisel_server: false
# chisel_client_server_url: "{{ chisel_server_host }}:8080"
# chisel_client_remotes: "R:{{ chisel_server_host }}:socks"
# chisel_service_name: chisel-client
# chisel_config_name: chisel-client
# chisel_conf:
# # chisel enable auth and finder
# - path: "/etc/chisel/{{ chisel_config_name }}.conf"
# regexp: "^AUTH=--auth {{ chisel_client_auth_username }}:{{ chisel_client_auth_password }}"
# state: present
# line: "AUTH=--auth {{ chisel_client_auth_username }}:{{ chisel_client_auth_password }}"
# - path: "/etc/chisel/{{ chisel_config_name }}.conf"
# regexp: "^FINGERPRINT=--fingerprint {{ chisel_client_server_fingerprint }}"
# state: present
# line: "FINGERPRINT=--fingerprint {{ hostvars[groups['server'][0]].chisel_fingerprint[4]|default('') }}"

22
host_vars/scale01.yml
View File

@@ -1,6 +1,26 @@
---
#* SWARM
docker_swarm_addr: 100.96.212.100
docker_swarm_interface: wt0
pip_install_packages:
- docker
- docker
#* FIREWALL
firewall_allowed_udp_ports:
#! Docker swarm
- "7946"
- "4789"
firewall_allowed_tcp_ports:
- "22"
- "80"
- "443"
- "9100"
#! Docker swarm
- "2377"
- "7946"

9
host_vars/scaleway.yml
View File

@@ -1,6 +1,10 @@
# ---
docker_swarm_addr: 100.96.172.77
docker_swarm_interface: wt0
pip_install_packages:
- docker
# #* NETBIRD
# netbird_setup_key: F234BD1F-385B-4BEA-8234-608CCB1062ED
@@ -12,6 +16,11 @@
# cert_file: /etc/node_exporter/tls.cert
# key_file: /etc/node_exporter/tls.key
node_exporter_tls_server_config:
cert_file: /etc/node_exporter/tls.cert
key_file: /etc/node_exporter/tls.key
# #* NODE_EXPORTER
# # node_exporter_basic_auth_users:

10
hosts
View File

@@ -7,17 +7,17 @@ scaleway ansible_host=163.172.84.28 ansible_user=stephane
scaleway ansible_host=163.172.84.28 ansible_user=stephane
[control]
[swarm]
scale01 ansible_host=163.172.209.36 ansible_user=stephane
ovh01 ansible_host=5.135.181.11 ansible_user=stephane
[docker_swarm_manager]
manager ansible_host=192.168.121.68 ansible_user=vagrant ansible_ssh_pass=vagrant
#ovh01 ansible_host=5.135.181.11 ansible_user=stephane
#manager ansible_host=192.168.121.68 ansible_user=vagrant ansible_ssh_pass=vagrant
ovh01 ansible_host=5.135.181.11 ansible_user=stephane
[docker_swarm_worker]
worker ansible_host=192.168.121.128 ansible_user=vagrant ansible_ssh_pass=vagrant
#scale01 ansible_host=163.172.209.36 ansible_user=stephane
#worker ansible_host=192.168.121.128 ansible_user=vagrant ansible_ssh_pass=vagrant
scale01 ansible_host=163.172.209.36 ansible_user=stephane
[vagrant:children]
docker_swarm_manager

14
paused.conf
View File

@@ -1,14 +0,0 @@
# resume information
resume-index = 69
seed = 12653686914129623649
rate = 100
shard = 1/1
nocapture = servername
adapter-ip = 172.29.219.224
# TARGET SELECTION (IP, PORTS, EXCLUDES)
ports = 443
range = 163.172.80.0/24

1
roles/requirements.yml
View File

@@ -6,6 +6,7 @@
- src: GROG.sudo
# DOCKER
- src: geerlingguy.docker
- src: prometheus.prometheus.node_exporter
# CONTAINERD
# - src: geerlingguy.containerd
# # KUBERNETES

10
swarm.yml
View File

@@ -64,10 +64,10 @@
# roles:
# - { role: geerlingguy.pip, tags: pip }
# - { role: geerlingguy.docker, tags: docker }
# - { role: asg1612.dockerswarm, tags: swarm }
roles:
- { role: geerlingguy.pip, tags: pip }
- { role: geerlingguy.docker, tags: docker }
- { role: asg1612.dockerswarm, tags: swarm }
tasks:
@@ -130,7 +130,7 @@
# state: touch
# when: inventory_hostname in groups['docker_swarm_manager']
- name: Copy using inline content
- name: Copy the stack
ansible.builtin.copy:
content: "version: '3.13'"
dest: /opt/stack.yml

30
topo.clab.yml
View File

@@ -1,30 +0,0 @@
name: clabernetes-srl1
prefix: ""
topology:
defaults:
ports:
- 60000:21/tcp
- 60001:22/tcp
- 60002:23/tcp
- 60003:80/tcp
- 60000:161/udp
- 60004:443/tcp
- 60005:830/tcp
- 60006:5000/tcp
- 60007:5900/tcp
- 60008:6030/tcp
- 60009:9339/tcp
- 60010:9340/tcp
- 60011:9559/tcp
- 60012:57400/tcp
nodes:
srl1:
kind: nokia_srlinux
startup-config: srl1.cfg
image: ghcr.io/nokia/srlinux
ports: []
links:
- endpoints:
- srl1:e1-1
- host:srl1-e1-1
debug: false