diff --git a/docker-compose/munin/docker-compose.yml.j2 b/docker-compose/munin/docker-compose.yml.j2 index 99e29a77..70130b81 100644 --- a/docker-compose/munin/docker-compose.yml.j2 +++ b/docker-compose/munin/docker-compose.yml.j2 @@ -21,9 +21,7 @@ services: acng2.grote.lan:acng2.grote.lan ansible2.grote.lan:ansible2.grote.lan pve5.grote.lan:pve5.grote.lan - k3s-nfs2.grote.lan:k3s-nfs2.grote.lan dokuwiki2.grote.lan:dokuwiki2.grote.lan - k3s1.grote.lan:k3s1.grote.lan gitea.grote.lan:gitea.grote.lan docker10.grote.lan:docker10.grote.lan dnsmasq.grote.lan:dnsmasq.grote.lan' diff --git a/group_vars/k3s.yml b/group_vars/k3s.yml deleted file mode 100644 index 904aa147..00000000 --- a/group_vars/k3s.yml +++ /dev/null @@ -1,104 +0,0 @@ ---- - ### mgrote.restic - restic_folders_to_backup: "/ /var" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files - - ### pandemonium1986.ansible-role-k9s - k9s_version: "v0.27.3" - - ### mrlesmithjr.ansible-manage-lvm - #lvm_groups: - # - vgname: vg_gitea_data - # disks: - # - /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1 - # create: true - # lvnames: - # - lvname: lv_gitea_data - # size: +100%FREE - # create: true - # filesystem: xfs - # mount: true - # mntp: /var/lib/gitea - #manage_lvm: true - #pvresize_to_max: true - - ### oefenweb.ufw - ufw_rules: -# - rule: allow -# to_port: 22 -# protocol: tcp -# comment: 'ssh' -# from_ip: 0.0.0.0/0 -# - rule: allow -# to_port: 4949 -# protocol: tcp -# comment: 'munin' -# from_ip: 192.168.2.0/24 -# # https://rancher.com/docs/k3s/latest/en/installation/installation-requirements/ -# - rule: allow -# to_port: 6443 -# protocol: tcp -# comment: 'k8s-api-server' -# from_ip: 192.168.2.0/24 -# - rule: allow -# to_port: 2379 -# protocol: tcp -# comment: 'k8s-embedded-etcd' -# from_ip: 192.168.2.0/24 -# - rule: allow -# to_port: 2380 -# protocol: tcp -# comment: 'k8s-embedded-etcd' -# from_ip: 192.168.2.0/24 -# - rule: allow -# to_port: 10250 -# protocol: tcp -# comment: 'k8s-kubelet-metrics' -# from_ip: 192.168.2.0/24 - - rule: allow - comment: 'k3s - alles offen' - from_ip: 0.0.0.0/0 - - ### xanmanning.k3s - k3s_state: installed - k3s_airgap: false - k3s_config_file: /etc/rancher/k3s/config.yaml - k3s_build_cluster: true - k3s_install_dir: /usr/local/bin - k3s_etcd_datastore: true - k3s_become: true - k3s_use_experimental: true - k3s_server: - # siehe https://docs.k3s.io/reference/server-config - # cli parameter OHNE -- am anfang - write-kubeconfig-mode: '644' - cluster-cidr: "10.42.0.0/16" - service-cidr: "10.43.0.0/16" - disable: - - traefik - - local-storage # disables local-path-provisioner - - disable-helm-controller # https://fluxcd.io/flux/cheatsheets/troubleshooting/ - - ### mgrote.fluxcd - flux_repo_url: - flux_repo_host: git.mgrote.net - flux_repo_host_port: 2222 - flux_repo_branch: master - flux_repo_url_complete: ssh://gitea@git.mgrote.net:2222/mg/k3s-fluxcd.git - flux_install_host: k3s1.grote.lan - flux_homedir: /home/flux - flux_path_ssh_dir: /home/flux/.ssh - flux_user_group: flux - flux_user: flux - flux_download_url: https://github.com/fluxcd/flux2/releases/download/v0.35.0/flux_0.35.0_linux_amd64.tar.gz - flux_path_bin: /usr/local/sbin - flux_path_ssh_id_file: id_rsa - flux_ssh_key_format: ed25519 - kubeconfig: /etc/rancher/k3s/k3s.yaml - flux_sync_interval: 1m - - ### mgrote.apt_manage_packages - apt_packages_extra: - - nfs-common # für nfs-subdir-external-provisioner - - ### githubixxansible.cilium - cilium_chart_version: "1.12.3" diff --git a/host_vars/k3s-nfs2.grote.lan.yaml b/host_vars/k3s-nfs2.grote.lan.yaml deleted file mode 100644 index 3e040a23..00000000 --- a/host_vars/k3s-nfs2.grote.lan.yaml +++ /dev/null @@ -1,60 +0,0 @@ ---- - ### geerlingguy.nfs - nfs_exports: - - /srv/nfs 192.168.2.42(rw,no_subtree_check,no_root_squash) #k3s1 - nfs_port: 33333 - - - ### mgrote.munin-node - munin_node_plugins: - - name: timesync - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status - - name: systemd_status - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status - - name: systemd_mem - src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem - config: | - [systemd_mem] - env.all_services true - - name: fail2ban - src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban - config: | - [fail2ban] - env.client /usr/bin/fail2ban-client - env.config_dir /etc/fail2ban - user root - - name: nfsd4 - src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/nsfd4 - - name: nfsd - src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/nfsd - munin_node_disabled_plugins: - - name: lvm_ - ### mgrote.restic - restic_folders_to_backup: "/ /srv/nfs" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben - - - ### oefenweb.ufw - ufw_rules: - - rule: allow - to_port: 22 - protocol: tcp - comment: 'ssh' - from_ip: 0.0.0.0/0 - - rule: allow - to_port: 4949 - protocol: tcp - comment: 'munin' - from_ip: 192.168.2.144/24 - # k3s1 - - rule: allow - from_ip: 192.168.2.42 - comment: 'nfs' - to_port: 2049 - - rule: allow - from_ip: 192.168.2.42 - comment: 'nfs' - to_port: 111 - - rule: allow - from_ip: 192.168.2.42 - comment: 'nfs' - to_port: "{{ nfs_port }}" diff --git a/host_vars/k3s1.grote.lan.yml b/host_vars/k3s1.grote.lan.yml deleted file mode 100644 index 1adced1d..00000000 --- a/host_vars/k3s1.grote.lan.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - ### xanmanning.k3s - k3s_control_node: true diff --git a/host_vars/pve5.grote.lan.yml b/host_vars/pve5.grote.lan.yml index 8764bca8..55d230ec 100644 --- a/host_vars/pve5.grote.lan.yml +++ b/host_vars/pve5.grote.lan.yml @@ -42,7 +42,7 @@ - dataset: rpool/data state: present - dataset: rpool/data/k3s - state: present + state: absent # noch löschen # hdd_data_raidz - dataset: hdd_data_raidz state: present @@ -169,15 +169,11 @@ recursive: 'no' snapshots: true template: '3tage' - - path: rpool/data/k3s - recursive: 'no' - snapshots: true - template: '14tage' ### mgrote.cv4pve-autosnap cv4pve_api_user: root@pam!cv4pve-autosnap cv4pve_api_token: "{{ lookup('keepass', 'cv4pve_api_token', 'password') }}" - cv4pve_vmid: all,-106,-112,-115 + cv4pve_vmid: all,-106,-115 cv4pve_keep_snapshots: 5 cv4pve_dl_link: "https://github.com/Corsinvest/cv4pve-autosnap/releases/download/v1.14.7/cv4pve-autosnap-linux-x64.zip" @@ -249,11 +245,6 @@ mp_nr: 1 mp_path_host: /rpool/data/acng mp_path_guest: /var/cache/apt-cacher-ng - ### k3s-nfs2 - - vmid: 112 - mp_nr: 1 - mp_path_host: /rpool/data/k3s - mp_path_guest: /srv/nfs ### mgrote.munin-node munin_node_plugins: diff --git a/inventory b/inventory index 3d2f3ab5..80ab3b0b 100644 --- a/inventory +++ b/inventory @@ -18,12 +18,6 @@ all: docker: hosts: docker10.grote.lan: - k3s: - hosts: - k3s1.grote.lan: - nfs: - hosts: - k3s-nfs2.grote.lan: vmtest: hosts: vm-test-2204.grote.lan: @@ -48,8 +42,6 @@ all: gitea.grote.lan: dnsmasq.grote.lan: docker10.grote.lan: - k3s1.grote.lan: - k3s-nfs2.grote.lan: test: hosts: vm-test-2204.grote.lan: diff --git a/playbooks/3_service/k3s.yml b/playbooks/3_service/k3s.yml deleted file mode 100644 index 80cd7795..00000000 --- a/playbooks/3_service/k3s.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- hosts: k3s - roles: - - { role: PyratLabs.k3s, tags: "k3s" } - - { role: mgrote.k8s_autocompletion, tags: "autocomp" } - - { role: pandemonium1986.ansible-role-k9s, tags: "k9s", become: true } - - { role: mgrote.fluxcd, tags: "flux", become: true } - - { role: mgrote.k8s_misc, tags: "misc", become: true } - - { role: mgrote.sealed-secrets, tags: "sealed-secrets", become: true } - - { role: geerlingguy.helm, tags: "helm", become: true } diff --git a/playbooks/3_service/nfs.yml b/playbooks/3_service/nfs.yml deleted file mode 100644 index e4839948..00000000 --- a/playbooks/3_service/nfs.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- hosts: nfs - roles: - - { role: geerlingguy.nfs_server, tags: "nfs", become: true }