diff --git a/clab.log b/clab.log deleted file mode 100644 index f0f5151..0000000 --- a/clab.log +++ /dev/null @@ -1,151 +0,0 @@ - -2023-11-25T22:03:50.420713495Z stdout F INFO | containerlab | time="2023-11-25T22:03:49Z" level=error msg="failed deploy phase for node \"srl\": Post \"http://%2Fvar%2Frun%2Fdocker.sock/v1.43/containers/create?name=srl\": context deadline exceeded" -2023-11-25T22:03:50.420788295Z stdout F -2023-11-25T22:03:51.628933512Z stdout F INFO | containerlab | time="2023-11-25T22:03:51Z" level=error msg="failed to update node runtime information for node srl: Node: srl. containers not found" -2023-11-25T22:03:51.629011829Z stdout F -2023-11-25T22:03:53.97872517Z stdout F INFO | containerlab | time="2023-11-25T22:03:53Z" level=info msg="Running postdeploy actions for Nokia SR Linux 'srl' node" -2023-11-25T22:03:53.978815183Z stdout F -2023-11-25T22:04:00.808544249Z stdout F INFO | containerlab | time="2023-11-25T22:04:00Z" level=warning msg="Unable to locate /etc/hosts file for srl node srl: Error response from daemon: No such container: srl" -2023-11-25T22:04:00.80863376Z stdout F time="2023-11-25T22:04:00Z" level=warning msg="Unable to populate hosts for node \"srl\": Error response from daemon: No such container: srl" -2023-11-25T22:04:00.808670504Z stdout F time="2023-11-25T22:04:00Z" level=error msg="srl: failed to execute cmd: \"/opt/srlinux/bin/sr_cli -d info from state system app-management application mgmt_server state | grep running\" with error Error response from daemon: No such container: srl" -2023-11-25T22:04:00.808701938Z stdout F -2023-11-25T22:04:00.808729937Z stdout F INFO | containerlab | panic: runtime error: invalid memory address or nil pointer dereference -2023-11-25T22:04:00.808755439Z stdout F [signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x24c323b] -2023-11-25T22:04:00.808776851Z stdout F -2023-11-25T22:04:00.808799942Z stdout F goroutine 68 [running]: -2023-11-25T22:04:00.808822961Z stdout F github.com/srl-labs/containerlab/clab/exec.(*ExecResult).GetReturnCode(...) -2023-11-25T22:04:00.808847792Z stdout F github.com/srl-labs/containerlab/clab/exec/exec.go:140 -2023-11-25T22:04:00.808873193Z stdout F github.com/srl-labs/containerlab/nodes/srl.(*srl).Ready(0xc000b64000, {0x352d1e8?, 0xc0005ceb40?}) -2023-11-25T22:04:00.808896667Z stdout F github.com/srl-labs/containerlab/nodes/srl/srl.go:388 +0x1db -2023-11-25T22:04:00.808919641Z stdout F github.com/srl-labs/containerlab/nodes/srl.(*srl).PostDeploy(0xc000b64000, {0x352d1e8, 0xc0005ceb40}, 0xc000da4320) -2023-11-25T22:04:00.808942725Z stdout F github.com/srl-labs/containerlab/nodes/srl/srl.go:317 +0x3d3 -2023-11-25T22:04:00.808967871Z stdout F github.com/srl-labs/containerlab/cmd.deployFn.func1({0x354fdb0, 0xc000b64000}, 0xc000b66120?) -2023-11-25T22:04:00.808991524Z stdout F github.com/srl-labs/containerlab/cmd/deploy.go:257 +0xdf -2023-11-25T22:04:00.809014233Z stdout F created by github.com/srl-labs/containerlab/cmd.deployFn -2023-11-25T22:04:00.809036975Z stdout F github.com/srl-labs/containerlab/cmd/deploy.go:254 +0x1965 -2023-11-25T22:04:00.809057625Z stdout F -2023-11-25T22:04:00.949400836Z stdout F CRITICAL | clabernetes | failed launching containerlab, err: exit status 2 -2023-11-25T22:04:00.984734741Z stdout F CRITICAL | clabernetes | received signal 'interrupt', canceling context - - - - - - -2023-11-25T19:50:55.714307172Z stdout F INFO | clabernetes | image pull through mode "auto", start image pull through attempt... -2023-11-25T19:50:55.714397331Z stdout F INFO | clabernetes | attempting containerd image pull through... -2023-11-25T19:59:20.245154095Z stdout F INFO | clabernetes | Loaded image: ghcr.io/nokia/srlinux:latest -2023-11-25T19:59:20.245272355Z stdout F -2023-11-25T19:59:22.23484068Z stdout F INFO | containerlab | time="2023-11-25T19:59:22Z" level=info msg="Containerlab v0.48.2 started" -2023-11-25T19:59:22.234881849Z stdout F -2023-11-25T19:59:22.444458147Z stdout F INFO | containerlab | time="2023-11-25T19:59:22Z" level=info msg="Parsing & checking topology file: topo.clab.yaml" -2023-11-25T19:59:22.444492911Z stdout F -2023-11-25T19:59:22.455449236Z stdout F INFO | containerlab | time="2023-11-25T19:59:22Z" level=info msg="Creating docker network: Name=\"clab\", IPv4Subnet=\"172.20.20.0/24\", IPv6Subnet=\"2001:172:20:20::/64\", MTU='ל'" -2023-11-25T19:59:22.455530224Z stdout F -2023-11-25T19:59:23.435162806Z stdout F INFO | containerlab | time="2023-11-25T19:59:23Z" level=warning msg="failed to enable LLDP on docker bridge: open /sys/class/net/br-994c18a1defc/bridge/group_fwd_mask: read-only file system" -2023-11-25T19:59:23.435256921Z stdout F -2023-11-25T19:59:23.480503179Z stdout F INFO | containerlab | time="2023-11-25T19:59:23Z" level=info msg="Creating lab directory: /clabernetes/clab-clabernetes-srl1" -2023-11-25T19:59:23.480640357Z stdout F -2023-11-25T19:59:27.974870293Z stdout F INFO | containerlab | time="2023-11-25T19:59:27Z" level=info msg="Creating container: \"srl1\"" -2023-11-25T19:59:27.974938434Z stdout F -2023-11-25T20:01:27.971503837Z stdout F INFO | containerlab | time="2023-11-25T20:01:27Z" level=error msg="failed deploy phase for node \"srl1\": Post \"http://%2Fvar%2Frun%2Fdocker.sock/v1.43/containers/create?name=srl1\": context deadline exceeded" -2023-11-25T20:01:27.971587737Z stdout F -2023-11-25T20:01:28.430297714Z stdout F INFO | containerlab | time="2023-11-25T20:01:28Z" level=error msg="failed to update node runtime information for node srl1: Node: srl1. containers not found" -2023-11-25T20:01:28.430339171Z stdout F -2023-11-25T20:01:28.602932015Z stdout F INFO | containerlab | time="2023-11-25T20:01:28Z" level=info msg="Running postdeploy actions for Nokia SR Linux 'srl1' node" -2023-11-25T20:01:28.603180654Z stdout F -2023-11-25T20:01:31.06416448Z stdout F INFO | containerlab | time="2023-11-25T20:01:31Z" level=warning msg="Unable to locate /etc/hosts file for srl node srl1: Error response from daemon: No such container: srl1" -2023-11-25T20:01:31.064257016Z stdout F -2023-11-25T20:01:31.064289639Z stdout F INFO | containerlab | time="2023-11-25T20:01:31Z" level=warning msg="Unable to populate hosts for node \"srl1\": Error response from daemon: No such container: srl1" -2023-11-25T20:01:31.06431792Z stdout F -2023-11-25T20:01:31.064352575Z stdout F INFO | containerlab | time="2023-11-25T20:01:31Z" level=error msg="srl1: failed to execute cmd: \"/opt/srlinux/bin/sr_cli -d info from state system app-management application mgmt_server state | grep running\" with error Error response from daemon: No such container: srl1" -2023-11-25T20:01:31.064380338Z stdout F -2023-11-25T20:01:31.064411739Z stdout F INFO | containerlab | panic: runtime error: invalid memory address or nil pointer dereference -2023-11-25T20:01:31.064450815Z stdout F [signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x24c323b] -2023-11-25T20:01:31.064478957Z stdout F -2023-11-25T20:01:31.064507095Z stdout F goroutine 15 [running -2023-11-25T20:01:31.064542774Z stdout F INFO | containerlab | ]: -2023-11-25T20:01:31.064571797Z stdout F -2023-11-25T20:01:31.129363022Z stdout F INFO | containerlab | github.com/srl-labs/containerlab/clab/exec.(*ExecResult).GetReturnCode(...) -2023-11-25T20:01:31.129600761Z stdout F github.com/srl-labs/containerlab/clab/exec/exec.go:140 -2023-11-25T20:01:31.129636192Z stdout F github.com/srl-labs/containerlab/nodes/srl.(*srl).Ready(0xc0002102d0, {0x352d1e8?, 0xc0000c89b0?} -2023-11-25T20:01:31.129719767Z stdout F INFO | containerlab | ) -2023-11-25T20:01:31.12974786Z stdout F github.com/srl-labs/containerlab/nodes/srl/srl.go:388 +0x1db -2023-11-25T20:01:31.129775563Z stdout F github.com/srl-labs/containerlab/nodes/srl.(*srl).PostDeploy(0xc0002102d0, {0x352d1e8, 0xc0000c89b0}, 0xc0000fdb18) -2023-11-25T20:01:31.129802839Z stdout F github.com/srl-labs/containerlab/nodes/srl/srl.go:317 +0x3d3 -2023-11-25T20:01:31.129827404Z stdout F -2023-11-25T20:01:31.143964638Z stdout F INFO | containerlab | github.com/srl-labs/containerlab/cmd.deployFn.func1 -2023-11-25T20:01:31.144046567Z stdout F INFO | containerlab | ({0x354fdb0, 0xc0002102d0}, 0x0?) -2023-11-25T20:01:31.144082174Z stdout F github.com/srl-labs/containerlab/cmd/deploy.go:257 +0xdf -2023-11-25T20:01:31.144110571Z stdout F created by github.com/srl-labs/containerlab/cmd.deployFn -2023-11-25T20:01:31.144136816Z stdout F -2023-11-25T20:01:31.144166728Z stdout F INFO | containerlab | github.com/srl-labs/containerlab/cmd/deploy.go:254 +0x1965 -2023-11-25T20:01:31.144249241Z stdout F -2023-11-25T20:01:31.295197674Z stdout F CRITICAL | clabernetes | failed launching containerlab, err: exit status 2 -2023-11-25T20:01:31.410077704Z stdout F CRITICAL | clabernetes | received signal 'interrupt', canceling context -2023-11-25T20:01:43.449200999Z stdout F INFO | clabernetes | starting clabernetes... -2023-11-25T20:01:43.494512064Z stdout F INFO | clabernetes | mount: /sys/fs/cgroup mounted on /sys/fs/cgroup. - - - - - - - - - - - - -Single node - -al launch... -2023-11-25T21:40:00.112711098Z stdout F INFO | containerlab | time="2023-11-25T21:40:00Z" level=info msg="Containerlab v0.48.2 started" -2023-11-25T21:40:00.112778023Z stdout F -2023-11-25T21:40:00.13724042Z stdout F INFO | containerlab | time="2023-11-25T21:40:00Z" level=info msg="Parsing & checking topology file: topo.clab.yaml" -2023-11-25T21:40:00.137472688Z stdout F -2023-11-25T21:40:00.143557831Z stdout F INFO | containerlab | time="2023-11-25T21:40:00Z" level=info msg="Creating docker network: Name=\"clab\", IPv4Subnet=\"172.20.20.0/24\", IPv6Subnet=\"2001:172:20:20::/64\", MTU='ל'" -2023-11-25T21:40:00.143647911Z stdout F -2023-11-25T21:40:00.492185834Z stdout F INFO | containerlab | time="2023-11-25T21:40:00Z" level=warning msg="failed to enable LLDP on docker bridge: open /sys/class/net/br-376acb86d58c/bridge/group_fwd_mask: read-only file system" -2023-11-25T21:40:00.492282082Z stdout F -2023-11-25T21:40:00.521162645Z stdout F INFO | containerlab | time="2023-11-25T21:40:00Z" level=info msg="Could not read docker config: open /root/.docker/config.json: no such file or directory" -2023-11-25T21:40:00.521365379Z stdout F time="2023-11-25T21:40:00Z" level=info msg="Pulling ghcr.io/nokia/srlinux:latest Docker image" -2023-11-25T21:40:00.521394826Z stdout F -2023-11-25T21:45:35.644747445Z stdout F INFO | containerlab | time="2023-11-25T21:45:35Z" level=info msg="Done pulling ghcr.io/nokia/srlinux:latest" -2023-11-25T21:45:35.64490762Z stdout F -2023-11-25T21:45:35.651853854Z stdout F INFO | containerlab | time="2023-11-25T21:45:35Z" level=info msg="Creating lab directory: /clabernetes/clab-clabernetes-srl" -2023-11-25T21:45:35.651933847Z stdout F -2023-11-25T21:45:38.617156266Z stdout F INFO | containerlab | time="2023-11-25T21:45:38Z" level=info msg="Creating container: \"srl\"" -2023-11-25T21:45:38.617243114Z stdout F -2023-11-25T21:47:38.934919044Z stdout F INFO | containerlab | time="2023-11-25T21:47:38Z" level=error msg="failed deploy phase for node \"srl\": Post \"http://%2Fvar%2Frun%2Fdocker.sock/v1.43/containers/create?name=srl\": context deadline exceeded" -2023-11-25T21:47:38.934992495Z stdout F -2023-11-25T21:47:39.338589008Z stdout F INFO | containerlab | time="2023-11-25T21:47:39Z" level=error msg="failed to update node runtime information for node srl: Node: srl. containers not found" -2023-11-25T21:47:39.338675886Z stdout F -2023-11-25T21:47:39.63536634Z stdout F INFO | containerlab | time="2023-11-25T21:47:39Z" level=info msg="Running postdeploy actions for Nokia SR Linux 'srl' node" -2023-11-25T21:47:39.635471333Z stdout F -2023-11-25T21:47:44.137304767Z stdout F INFO | containerlab | time="2023-11-25T21:47:44Z" level=warning msg="Unable to locate /etc/hosts file for srl node srl: Error response from daemon: No such container: srl" -2023-11-25T21:47:44.137413517Z stdout F time="2023-11-25T21:47:44Z" level=warning msg="Unable to populate hosts for node \"srl\": Error response from daemon: No such container: srl" -2023-11-25T21:47:44.137452575Z stdout F -2023-11-25T21:47:44.14386319Z stdout F INFO | containerlab | time="2023-11-25T21:47:44Z" level=error msg="srl: failed to execute cmd: \"/opt/srlinux/bin/sr_cli -d info from state system app-management application mgmt_server state | grep running\" with error Error response from daemon: No such container: srl" -2023-11-25T21:47:44.143969736Z stdout F -2023-11-25T21:47:44.156895638Z stdout F INFO | containerlab | Error: could not get container for node srl: Node: srl. containers not found -2023-11-25T21:47:44.156991621Z stdout F -2023-11-25T21:47:44.178394285Z stdout F INFO | containerlab | panic: -2023-11-25T21:47:44.197911583Z stdout F INFO | containerlab | runtime error: invalid memory address or nil pointer dereference -2023-11-25T21:47:44.198000328Z stdout F [signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x24c323b] -2023-11-25T21:47:44.198037998Z stdout F -2023-11-25T21:47:44.198076865Z stdout F goroutine 29 [running]: -2023-11-25T21:47:44.198111509Z stdout F -2023-11-25T21:47:44.255419442Z stdout F INFO | containerlab | github.com/srl-labs/containerlab/clab/exec.(*ExecResult).GetReturnCode(...) -2023-11-25T21:47:44.255510381Z stdout F github.com/srl-labs/containerlab/clab/exec/exec.go:140 -2023-11-25T21:47:44.25555086Z stdout F github.com/srl-labs/containerlab/nodes/srl.(*srl).Ready(0xc00050e000, {0x352d1e8?, 0xc000102e10?}) -2023-11-25T21:47:44.255582399Z stdout F github.com/srl-labs/containerlab/nodes/srl/srl.go:388 +0x1db -2023-11-25T21:47:44.255614497Z stdout F github.com/srl-labs/containerlab/nodes/srl.(*srl).PostDeploy(0xc00050e000, {0x352d1e8, 0xc000102e10}, 0xc000e282b8) -2023-11-25T21:47:44.255644277Z stdout F github.com/srl-labs/containerlab/nodes/srl/srl.go:317 +0x3d3 -2023-11-25T21:47:44.255673608Z stdout F github.com/srl-labs/containerlab/cmd.deployFn.func1({0x354fdb0, 0xc00050e000}, 0xc000e1e120?) -2023-11-25T21:47:44.255757486Z stdout F github.com/srl-labs/containerlab/cmd/deploy.go:257 +0xdf -2023-11-25T21:47:44.255783978Z stdout F created by github.com/srl-labs/containerlab/cmd.deployFn -2023-11-25T21:47:44.255809769Z stdout F github.com/srl-labs/containerlab/cmd/deploy.go:254 +0x1965 -2023-11-25T21:47:44.255833123Z stdout F -2023-11-25T21:47:44.504319871Z stdout F CRITICAL | clabernetes | failed launching containerlab, err: exit status 2 -2023-11-25T21:47:44.633490194Z stdout F CRITICAL | clabernetes | received signal 'interrupt', canceling context \ No newline at end of file diff --git a/files/swarm/stack.yml b/files/swarm/stack.yml deleted file mode 100644 index 61d6a50..0000000 --- a/files/swarm/stack.yml +++ /dev/null @@ -1,156 +0,0 @@ -version: '3.13' -# https://github.com/akhil/traefik-docker-swarm-example/blob/master/traefik.yml -# services: -# traefik: -# # Image tag (replace with yours) -# image: traefik:latest -# command: -# - "--log.level=DEBUG" -# - "--accesslog=true" -# - "--api.dashboard=true" -# - "--api.insecure=true" -# - "--entryPoints.web.address=:80" -# - "--entryPoints.websecure.address=:443" -# - "--providers.docker=true" -# - "--providers.docker.watch=true" -# - "--providers.swarm=true" -# - "--providers.docker.network=public" -# - "--providers.docker.endpoint=unix:///var/run/docker.sock" -# - "--providers.docker.exposedByDefault=false" -# - "--providers.file.filename=/etc/traefik/configs/traefik-dynamic-configuration.yml" -# # - "--metrics.prometheus=true" -# # - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0" -# - "--global.checkNewVersion=true" -# - "--global.sendAnonymousUsage=false" -# volumes: -# - /var/run/docker.sock:/var/run/docker.sock -# networks: -# - public -# ports: -# - "80:80" -# - "443:443" -# # For Mattermost -# # - "8443:8443" -# configs: -# - source: traefik-dynamic-configuration -# target: /etc/traefik/configs/traefik-dynamic-configuration.yml -# secrets: -# - wildcard-jingoh-private.crt -# - wildcard-jingoh-private.key -# deploy: -# mode: replicated -# replicas: 1 -# placement: -# constraints: -# - node.role == manager -# update_config: -# delay: 15s -# parallelism: 1 -# monitor: 10s -# failure_action: rollback -# max_failure_ratio: 0.55 -# # Container resources (replace with yours) -# resources: -# limits: -# cpus: '1.55' -# memory: 2G -# reservations: -# cpus: '0.55' -# memory: 1G -# labels: -# - "traefik.enable=true" -# # Traefik URL (replace with yours) -# - "traefik.http.routers.dashboard.rule=Host(`traefikswarm.jingoh.private`)" -# - "traefik.http.routers.dashboard.service=api@internal" -# - "traefik.http.routers.dashboard.entrypoints=websecure" -# - "traefik.http.services.dashboard.loadbalancer.server.port=8080" -# - "traefik.http.routers.dashboard.tls=true" -# - "traefik.http.services.dashboard.loadbalancer.passhostheader=true" -# - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)" -# - "traefik.http.routers.http-catchall.entrypoints=web" -# - "traefik.http.routers.http-catchall.middlewares=redirect-to-https" -# - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" - -# agent: -# image: portainer/agent:latest -# environment: -# # REQUIRED: Should be equal to the service name prefixed by "tasks." when -# # deployed inside an overlay network -# AGENT_CLUSTER_ADDR: tasks.agent -# # AGENT_PORT: 9001 -# # LOG_LEVEL: debug -# volumes: -# - /var/run/docker.sock:/var/run/docker.sock -# - /var/lib/docker/volumes:/var/lib/docker/volumes -# networks: -# - agent_network -# deploy: -# mode: global -# placement: -# constraints: [node.platform.os == linux] - -# portainer: -# image: portainer/portainer-ce:latest -# command: -H tcp://tasks.agent:9001 --tlsskipverify --http-enabled -# volumes: -# - /var/run/docker.sock:/var/run/docker.sock -# - portainer_data:/data -# - /etc/localtime:/etc/localtime -# networks: -# - public -# - agent_network -# deploy: -# mode: replicated -# replicas: 1 -# placement: -# constraints: [node.role == manager] -# labels: -# - "traefik.enable=true" -# - "traefik.http.routers.portainer.rule=Host(`portainer.jingoh.private`)" -# - "traefik.http.routers.portainer.entrypoints=websecure" -# - "traefik.http.routers.portainer.service=portainer" -# - "traefik.http.services.portainer.loadbalancer.server.port=9443" -# - "traefik.http.routers.portainer.tls=true" -# - "traefik.http.services.portainer.loadbalancer.passhostheader=true" -# # Edge -# - "traefik.http.routers.edge.rule=Host(`edge.jingoh.private`)" -# - "traefik.http.routers.edge.entrypoints=websecure" -# - "traefik.http.services.edge.loadbalancer.server.port=8000" -# - "traefik.http.routers.edge.service=edge" -# - "traefik.http.routers.edge.tls=true" -# - "traefik.http.services.edge.loadbalancer.passhostheader=true" - -# whoami: -# image: "traefik/whoami" -# deploy: -# labels: -# - "traefik.enable=true" -# - "traefik.http.routers.whoami.rule=Host(`whoamitest.jingoh.private`)" -# - "traefik.http.routers.whoami.entrypoints=websecure" -# - "traefik.http.services.whoami.loadbalancer.server.port=80" -# - "traefik.http.routers.whoami.tls=true" -# - "traefik.http.services.whoami.loadbalancer.passhostheader=true" -# networks: -# - public - -# networks: -# public: -# external: true -# agent_network: -# external: true -# attachable: true -# volumes: -# portainer_data: - - - -# configs: -# traefik-dynamic-configuration: -# external: true - -# secrets: -# wildcard-jingoh-private.crt: -# external: true - -# wildcard-jingoh-private.key: -# external: true diff --git a/group_vars/all.yml b/group_vars/all.yml index ab68411..546e5ad 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -21,20 +21,20 @@ package_repo: - sshpass -#* FIREWALL +#* FIREWALL firewall_allowed_tcp_ports: - "22" - "80" - "443" - "9100" - #! Kubernetes control plane ports - - "6443" - - "2379" - - "2380" - - "10250" - - "10259" - - "10257" + # #! Kubernetes control plane ports + # - "6443" + # - "2379" + # - "2380" + # - "10250" + # - "10259" + # - "10257" # - "9090" # - "3000" # - "9323" diff --git a/group_vars/controller.yml b/group_vars/controller.yml deleted file mode 100644 index c0e79fa..0000000 --- a/group_vars/controller.yml +++ /dev/null @@ -1,139 +0,0 @@ -# --- - - -# install_docker: true -# install_fail2ban: true - -# package_list: -# - name: python3-pip -# - name: proxychains - - -# ######## -# # USER # -# ######## - -# management_user_list: -# - name: stephane -# shell: '/bin/bash' -# authorized_keys: -# - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClVS1uxDfwS6OusQ4qgcZ6hBc8YRBE8MyXu0sUfGN7S3itjI3W2ixD18v80el8dVQVR12jCY0ueavgoV1cHrfGWkFoLKi+QrA4MuSNUChj0NBbyLTmdwPvne8LRv3ttCbRSJ/6bIEveX8y/7kGn/R1NDFlfE6b5R8ersBUKCQM6YxblAkv/XH8cJlQXhr1nLhVOl/ae+Q/pTCbgioB8qrmGEuMvOLmavcFf7IJbJcSgeiXSOnyIRl2n64X6lbRK+MRZ61pF6vAOXA+Ixyt/fAbO7sjqU0+cEhU5Br5/VcqG4Bc5nhWimtXIHPry3aLV5PtN6K9/i3eA5F6Jpa82JzmUMEbWSBIga02yIw9GjRyAI6ccH/kJGuB6QN5/YwGHpOF2f0FGiEAbUz41mLngN3SsXL1pdV2hT3x56/GIcGe6p/f1cytwVCyOaE7W87B05w5JYb1sSFj6QuGW0rHWfnHT5SY87Mk/H8VgZPaPbm+hSjLIQRAmUYQR+Rub1o9bXE= stephane" -# exclusive: yes -# sudo: -# hosts: ALL -# as: ALL -# commands: ALL -# nopasswd: ALL - -# ################ -# # SSH - CLIENT # -# ################ - -# # ssh_drop_in_name: null -# # #ssh_user: root - -# # ssh: -# # # noqa var-naming -# # Compression: true -# # GSSAPIAuthentication: false -# # # wokeignore:rule=master -# # ControlMaster: auto -# # ControlPath: ~/.ssh/.cm%C -# # Match: -# # - Condition: "final all" -# # GSSAPIAuthentication: true -# # Host: - -# # - Condition: example -# # Hostname: example.com -# # User: somebody -# # ssh_ForwardX11: false - -# ################# -# # SSH - SERVEUR # -# ################# - -# sshd_skip_defaults: true -# sshd_config_file: /etc/ssh/sshd_config - -# sshd_AuthorizedKeysFile: .ssh/authorized_keys -# sshd_AcceptEnv: "LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION LC_ALL" -# sshd_Protocol: 2 -# sshd_LoginGraceTime: 30 -# sshd_SyslogFacility: AUTH -# sshd_LogLevel: VERBOSE -# sshd_PermitRootLogin: 'no' -# sshd_StrictModes: 'yes' -# sshd_IgnoreRhosts: 'yes' -# sshd_HostbasedAuthentication: 'no' -# sshd_PasswordAuthentication: 'no' -# sshd_PermitEmptyPasswords: 'no' -# sshd_ChallengeResponseAuthentication: 'no' -# sshd_GSSAPIAuthentication: 'no' -# sshd_X11DisplayOffset: 10 -# sshd_PrintMotd: 'yes' -# sshd_PrintLastLog: 'yes' -# sshd_TCPKeepAlive: 'yes' -# sshd_Subsystem: "sftp /usr/lib/openssh/sftp-server" -# sshd_UsePAM: 'yes' -# sshd_UseDNS: 'no' -# sshd_KexAlgorithms: "curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256" -# sshd_Ciphers: "chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr" -# sshd_MACs: "hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com" -# sshd_HostKey: -# - /etc/ssh/ssh_host_rsa_key - - -# ####### -# # APT # -# ####### - -# apt_upgrade: true -# apt_repositories: [] -# apt_ppas: [] -# # # nginx ppa repo -# # - repo: ppa:nginx/stable -# # # not needed on ubuntu distribution -# # #codename: trusty -# # apt_packages: -# # - name: python3-pip - - -# ######### -# # ALERT # -# ######### - -# alert_username: jingohalert -# alert_password: jMVmbM2VQ5gEiV -# alert_vault: "Jingoh0947;" -# alert_list_server: -# - '"163.172.84.28"' -# - '"37.187.127.90"' -# alert_server_ssl: gitea.jingoh.fr - -# ########## -# # CHISEL # -# ########## - -# chisel_version: 1.8.1 -# chisel_server_host: 163.172.84.28 -# chisel_server_port: 8080 -# chisel_client_auth_username: user -# chisel_client_auth_password: pass - -# chisel_remove_all: -# - "{{ chisel_service_destination }}" -# - "{{ chisel_config_folder }}" -# - "{{ chisel_download_destination }}" -# - "{{ chisel_install_destination }}" -# - /var/log/chisel - - - -# test_vault: !vault | -# $ANSIBLE_VAULT;1.2;AES256;prod -# 36663965646236326237623936646161653232306263353564666238626564633530363761633164 -# 6166363235383964626463353061343635626431396664660a333231303661343362353162353938 -# 32373332373362656635393365363635313137306532366536323765346464336634653366383961 -# 3965626433316138320a366336393034383065363134623239646230396432356431383935346463 -# 6330 diff --git a/hardening.yml b/hardening.yml index ea7720f..3bd907e 100644 --- a/hardening.yml +++ b/hardening.yml @@ -1,4 +1,4 @@ -- hosts: kubernetes +- hosts: docker_swarm_worker # vars: become: true gather_facts: true @@ -128,46 +128,35 @@ name: sshd.service state: reloaded - # - name: Retrieve private IP address netbird - # ansible.builtin.gather_facts: + - name: Retrieve private IP address netbird + ansible.builtin.gather_facts: - # - name: Set host_interfaces list - # ansible.builtin.set_fact: - # host_interfaces: "{{ host_interfaces + [item]}}" - # vars: - # host_interfaces: [] - # when: ansible_facts[item].ipv4.address is defined - # loop: "{{ ansible_facts.interfaces }}" + - name: Set host_interfaces list + ansible.builtin.set_fact: + host_interfaces: "{{ host_interfaces + [item]}}" + vars: + host_interfaces: [] + when: ansible_facts[item].ipv4.address is defined + loop: "{{ ansible_facts.interfaces }}" - # - name: Set host_private_address - # ansible.builtin.set_fact: - # host_private_address: "{{ ansible_facts[item].ipv4.address }}" - # vars: - # host_private_address: "" - # when: ansible_facts[item].ipv4.address | ansible.utils.ipaddr('100.96.0.0/16') - # loop: "{{ host_interfaces }}" + - name: Set host_private_address + ansible.builtin.set_fact: + host_private_address: "{{ ansible_facts[item].ipv4.address }}" + vars: + host_private_address: "" + when: ansible_facts[item].ipv4.address | ansible.utils.ipaddr('100.96.0.0/16') + loop: "{{ host_interfaces }}" - # - name: Debug host_private_address for ALL hosts - # debug: - # msg: "{{ host_private_address }}" + - name: Debug host_private_address for ALL hosts + debug: + msg: "{{ host_private_address }}" +#! Set up docker socket for monitoring -# apiVersion: v1 -# kind: PersistentVolumeClaim -# metadata: -# name: coroot-prometheus-server -# spec: -# storageClassName: manual -# accessModes: -# - ReadWriteOnce -# resources: -# requests: -# storage: 15Gi - - # - ansible.builtin.import_role: - # name: prometheus.prometheus.node_exporter + - ansible.builtin.import_role: + name: prometheus.prometheus.node_exporter # - ansible.builtin.import_role: # name: prometheus.prometheus.prometheus diff --git a/host_vars/ovh01.yml b/host_vars/ovh01.yml index e2ebfb6..029fd87 100644 --- a/host_vars/ovh01.yml +++ b/host_vars/ovh01.yml @@ -1,7 +1,24 @@ --- +#* SWARM docker_swarm_addr: 100.96.125.190 docker_swarm_interface: wt0 pip_install_packages: - docker - - jsondiff \ No newline at end of file + - jsondiff + +#* FIREWALL + +firewall_allowed_udp_ports: + #! Docker swarm + - "7946" + - "4789" + +firewall_allowed_tcp_ports: + - "22" + - "80" + - "443" + - "9100" + #! Docker swarm + - "2377" + - "7946" \ No newline at end of file diff --git a/host_vars/ovh_master.yml b/host_vars/ovh_master.yml deleted file mode 100644 index 2c3ace6..0000000 --- a/host_vars/ovh_master.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -pip_executable: pip -pip_install_packages: - - kubernetes - -package_list: - - name: python3-pip - # clabernetes - - name: jq - -install_docker: true - - -helm_version: 'v3.13.2' - -management_user_list: - - name: stephane - shell: '/bin/bash' - authorized_keys: - - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClVS1uxDfwS6OusQ4qgcZ6hBc8YRBE8MyXu0sUfGN7S3itjI3W2ixD18v80el8dVQVR12jCY0ueavgoV1cHrfGWkFoLKi+QrA4MuSNUChj0NBbyLTmdwPvne8LRv3ttCbRSJ/6bIEveX8y/7kGn/R1NDFlfE6b5R8ersBUKCQM6YxblAkv/XH8cJlQXhr1nLhVOl/ae+Q/pTCbgioB8qrmGEuMvOLmavcFf7IJbJcSgeiXSOnyIRl2n64X6lbRK+MRZ61pF6vAOXA+Ixyt/fAbO7sjqU0+cEhU5Br5/VcqG4Bc5nhWimtXIHPry3aLV5PtN6K9/i3eA5F6Jpa82JzmUMEbWSBIga02yIw9GjRyAI6ccH/kJGuB6QN5/YwGHpOF2f0FGiEAbUz41mLngN3SsXL1pdV2hT3x56/GIcGe6p/f1cytwVCyOaE7W87B05w5JYb1sSFj6QuGW0rHWfnHT5SY87Mk/H8VgZPaPbm+hSjLIQRAmUYQR+Rub1o9bXE= stephane" - exclusive: yes - sudo: - hosts: ALL - as: ALL - commands: ALL - nopasswd: ALL - -# ########## -# # CHISEL # -# ########## - -# chisel_server: false -# chisel_client_server_url: "{{ chisel_server_host }}:8080" -# chisel_client_remotes: "R:{{ chisel_server_host }}:socks" -# chisel_service_name: chisel-client -# chisel_config_name: chisel-client - -# chisel_conf: -# # chisel enable auth and finder -# - path: "/etc/chisel/{{ chisel_config_name }}.conf" -# regexp: "^AUTH=--auth {{ chisel_client_auth_username }}:{{ chisel_client_auth_password }}" -# state: present -# line: "AUTH=--auth {{ chisel_client_auth_username }}:{{ chisel_client_auth_password }}" -# - path: "/etc/chisel/{{ chisel_config_name }}.conf" -# regexp: "^FINGERPRINT=--fingerprint {{ chisel_client_server_fingerprint }}" -# state: present -# line: "FINGERPRINT=--fingerprint {{ hostvars[groups['server'][0]].chisel_fingerprint[4]|default('') }}" diff --git a/host_vars/scale01.yml b/host_vars/scale01.yml index 67e652e..5bdc996 100644 --- a/host_vars/scale01.yml +++ b/host_vars/scale01.yml @@ -1,6 +1,26 @@ --- +#* SWARM + + docker_swarm_addr: 100.96.212.100 docker_swarm_interface: wt0 pip_install_packages: - - docker \ No newline at end of file + - docker + + +#* FIREWALL + +firewall_allowed_udp_ports: + #! Docker swarm + - "7946" + - "4789" + +firewall_allowed_tcp_ports: + - "22" + - "80" + - "443" + - "9100" + #! Docker swarm + - "2377" + - "7946" \ No newline at end of file diff --git a/host_vars/scaleway.yml b/host_vars/scaleway.yml index 3eed691..607eb96 100644 --- a/host_vars/scaleway.yml +++ b/host_vars/scaleway.yml @@ -1,6 +1,10 @@ # --- +docker_swarm_addr: 100.96.172.77 +docker_swarm_interface: wt0 +pip_install_packages: + - docker # #* NETBIRD # netbird_setup_key: F234BD1F-385B-4BEA-8234-608CCB1062ED @@ -12,6 +16,11 @@ # cert_file: /etc/node_exporter/tls.cert # key_file: /etc/node_exporter/tls.key + +node_exporter_tls_server_config: + cert_file: /etc/node_exporter/tls.cert + key_file: /etc/node_exporter/tls.key + # #* NODE_EXPORTER # # node_exporter_basic_auth_users: diff --git a/hosts b/hosts index 96d7f79..edd2803 100644 --- a/hosts +++ b/hosts @@ -7,17 +7,17 @@ scaleway ansible_host=163.172.84.28 ansible_user=stephane scaleway ansible_host=163.172.84.28 ansible_user=stephane -[control] +[swarm] scale01 ansible_host=163.172.209.36 ansible_user=stephane ovh01 ansible_host=5.135.181.11 ansible_user=stephane [docker_swarm_manager] -manager ansible_host=192.168.121.68 ansible_user=vagrant ansible_ssh_pass=vagrant -#ovh01 ansible_host=5.135.181.11 ansible_user=stephane +#manager ansible_host=192.168.121.68 ansible_user=vagrant ansible_ssh_pass=vagrant +ovh01 ansible_host=5.135.181.11 ansible_user=stephane [docker_swarm_worker] -worker ansible_host=192.168.121.128 ansible_user=vagrant ansible_ssh_pass=vagrant -#scale01 ansible_host=163.172.209.36 ansible_user=stephane +#worker ansible_host=192.168.121.128 ansible_user=vagrant ansible_ssh_pass=vagrant +scale01 ansible_host=163.172.209.36 ansible_user=stephane [vagrant:children] docker_swarm_manager diff --git a/paused.conf b/paused.conf deleted file mode 100644 index db40108..0000000 --- a/paused.conf +++ /dev/null @@ -1,14 +0,0 @@ - -# resume information -resume-index = 69 -seed = 12653686914129623649 -rate = 100 -shard = 1/1 -nocapture = servername - - -adapter-ip = 172.29.219.224 -# TARGET SELECTION (IP, PORTS, EXCLUDES) -ports = 443 -range = 163.172.80.0/24 - diff --git a/roles/requirements.yml b/roles/requirements.yml index 2fb1f8e..70b3e83 100644 --- a/roles/requirements.yml +++ b/roles/requirements.yml @@ -6,6 +6,7 @@ - src: GROG.sudo # DOCKER - src: geerlingguy.docker +- src: prometheus.prometheus.node_exporter # CONTAINERD # - src: geerlingguy.containerd # # KUBERNETES diff --git a/swarm.yml b/swarm.yml index 122fd35..c31cf3e 100644 --- a/swarm.yml +++ b/swarm.yml @@ -64,10 +64,10 @@ - # roles: - # - { role: geerlingguy.pip, tags: pip } - # - { role: geerlingguy.docker, tags: docker } - # - { role: asg1612.dockerswarm, tags: swarm } + roles: + - { role: geerlingguy.pip, tags: pip } + - { role: geerlingguy.docker, tags: docker } + - { role: asg1612.dockerswarm, tags: swarm } tasks: @@ -130,7 +130,7 @@ # state: touch # when: inventory_hostname in groups['docker_swarm_manager'] - - name: Copy using inline content + - name: Copy the stack ansible.builtin.copy: content: "version: '3.13'" dest: /opt/stack.yml diff --git a/topo.clab.yml b/topo.clab.yml deleted file mode 100644 index 2f79856..0000000 --- a/topo.clab.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: clabernetes-srl1 -prefix: "" -topology: - defaults: - ports: - - 60000:21/tcp - - 60001:22/tcp - - 60002:23/tcp - - 60003:80/tcp - - 60000:161/udp - - 60004:443/tcp - - 60005:830/tcp - - 60006:5000/tcp - - 60007:5900/tcp - - 60008:6030/tcp - - 60009:9339/tcp - - 60010:9340/tcp - - 60011:9559/tcp - - 60012:57400/tcp - nodes: - srl1: - kind: nokia_srlinux - startup-config: srl1.cfg - image: ghcr.io/nokia/srlinux - ports: [] - links: - - endpoints: - - srl1:e1-1 - - host:srl1-e1-1 -debug: false \ No newline at end of file