From dc968384b553f8bd03d046c53ae15ab7113ff384 Mon Sep 17 00:00:00 2001
From: richard <r_morgan@sympatico.ca>
Date: Sun, 23 Mar 2025 17:41:42 -0400
Subject: [PATCH] Fixing cubox and base services

---
 ansible-5/inventory.ini                         |  2 +-
 ansible-5/playbooks/bootstrap.yaml              | 14 ++++++++++++++
 ansible-5/roles/common/tasks/main.yml           | 10 +++++-----
 .../roles/glusterfs-server/defaults/main.yaml   |  3 ++-
 ansible-5/roles/prod.k3s/defaults/main.yml      | 11 +++++++----
 .../cert-manager/certificate.xai-corp.prod.yaml |  6 +++---
 ansible-5/roles/prod.k3s/files/stash/pv03.yaml  | 17 +++++++++++++++++
 .../roles/prod.k3s/files/stash/values.yaml      |  2 +-
 .../roles/prod.k3s/tasks/deployments/stash.yaml |  2 +-
 ansible-5/roles/prod.k3s/tasks/main.yml         |  3 ++-
 .../prod.k3s/templates/dkregistry/pv-auth.yaml  |  2 +-
 .../roles/prod.k3s/templates/dkregistry/pv.yaml |  2 +-
 .../roles/prod.k3s/templates/gitea/pv.yaml      |  2 +-
 .../roles/prod.k3s/templates/mariadb/pv.yaml    |  2 +-
 .../roles/prod.k3s/templates/postgres/pv.yaml   |  2 +-
 15 files changed, 58 insertions(+), 22 deletions(-)
 create mode 100644 ansible-5/roles/prod.k3s/files/stash/pv03.yaml

diff --git a/ansible-5/inventory.ini b/ansible-5/inventory.ini
index 6ac112c..79f2b21 100644
--- a/ansible-5/inventory.ini
+++ b/ansible-5/inventory.ini
@@ -8,7 +8,7 @@ cubox-m         ansible_ssh_host=192.168.4.15
 [ns]
 ;home          ansible_ssh_host=192.168.4.11
 cubox-i         ansible_ssh_host=192.168.4.12
-;cubox-m         ansible_ssh_host=192.168.4.15
+cubox-m         ansible_ssh_host=192.168.4.15
 
 [gfs]
 ;home            ansible_ssh_host=192.168.4.11
diff --git a/ansible-5/playbooks/bootstrap.yaml b/ansible-5/playbooks/bootstrap.yaml
index 12c6e47..62d7f1f 100644
--- a/ansible-5/playbooks/bootstrap.yaml
+++ b/ansible-5/playbooks/bootstrap.yaml
@@ -2,6 +2,7 @@
 - name: bootstrap
   hosts: managed
 #  remote_user: ansible
+#  remote_user: root
   gather_facts: false
 #  become: true
 
@@ -24,6 +25,15 @@
     - name: ping
       ansible.builtin.ping:
 
+    - name: Ensure group "ssh" exists
+      become: true
+      ansible.builtin.group:
+        name: "{{item}}"
+        state: present
+      with_items:
+        - ssh
+        - _ssh
+
     - name: Add the user 'ansible'
       become: true
       ansible.builtin.user:
@@ -35,6 +45,8 @@
 #        uid: "1001"
         groups:
           - sudo
+          - ssh
+          - _ssh
 
     - name: Add the authorized key for 'ansible'
       become: true
@@ -80,6 +92,8 @@
 #        uid: "1000"
         groups:
           - sudo
+          - ssh
+          - _ssh
 
     - name: Add the authorized key for 'richard'
       become: true
diff --git a/ansible-5/roles/common/tasks/main.yml b/ansible-5/roles/common/tasks/main.yml
index 2889489..bdef8f7 100644
--- a/ansible-5/roles/common/tasks/main.yml
+++ b/ansible-5/roles/common/tasks/main.yml
@@ -11,10 +11,10 @@
 - name: update login screen
   include_tasks: motd.yml
 
-- name: fix usb
-  include_tasks: fix_usb.yml
-  when: inventory_hostname == "cubox-m"
+#- name: fix usb
+#  include_tasks: fix_usb.yml
+#  when: inventory_hostname == "cubox-m"
 
-- name: update fstab
-  include_tasks: update_fstab.yml
+#- name: update fstab
+#  include_tasks: update_fstab.yml
 
diff --git a/ansible-5/roles/glusterfs-server/defaults/main.yaml b/ansible-5/roles/glusterfs-server/defaults/main.yaml
index a1e8b27..63c1fd2 100644
--- a/ansible-5/roles/glusterfs-server/defaults/main.yaml
+++ b/ansible-5/roles/glusterfs-server/defaults/main.yaml
@@ -5,7 +5,8 @@
 #
 
 glusterd:
-  version: 9.2-1
+#  version: 9.2-1
+  version: 9.6-ubuntu1~jammy2
   unit: glusterd
   envfile: /etc/sysconfig/glusterd
 
diff --git a/ansible-5/roles/prod.k3s/defaults/main.yml b/ansible-5/roles/prod.k3s/defaults/main.yml
index 4625e2c..8d59b1b 100644
--- a/ansible-5/roles/prod.k3s/defaults/main.yml
+++ b/ansible-5/roles/prod.k3s/defaults/main.yml
@@ -41,13 +41,16 @@ helm:
       repo_url: https://cetic.github.io/helm-charts
 
 apps:
+  cert_manager:
+    enabled: true
+
   stash:
     enabled: true
     state: present
     namespace: stashapp
 
   mariadb:
-    enabled: true
+    enabled: false
     namespace: mariadb
     pvc: data-mariadb-0
     state: present
@@ -85,12 +88,12 @@ apps:
     chart_version: 4.5 # https://github.com/nextcloud/helm/releases?page=2
 
   hello_world:
-    enabled: true
+    enabled: false
     namespace: default
     state: absent
 
   funkwhale:
-    enabled: true
+    enabled: false
     namespace: funkwhale
     state: present
 
@@ -106,6 +109,6 @@ apps:
     image:
 
   backstage:
-    enabled: true
+    enabled: false
     namespace: backstage
     state: present
diff --git a/ansible-5/roles/prod.k3s/files/cert-manager/certificate.xai-corp.prod.yaml b/ansible-5/roles/prod.k3s/files/cert-manager/certificate.xai-corp.prod.yaml
index 950258c..bbcced7 100644
--- a/ansible-5/roles/prod.k3s/files/cert-manager/certificate.xai-corp.prod.yaml
+++ b/ansible-5/roles/prod.k3s/files/cert-manager/certificate.xai-corp.prod.yaml
@@ -14,15 +14,15 @@ spec:
   dnsNames:
     - xai-corp.net
     - git.xai-corp.net
-    - tunedb.xai-corp.net
+#    - tunedb.xai-corp.net
     - www.xai-corp.net
     - xaibox.xai-corp.net
     - sql.xai-corp.net
-    - cik.xai-corp.net
+#    - cik.xai-corp.net
     - stash.xai-corp.net
     - dkregistry.xai-corp.net
     - funkwhale.xai-corp.net
-    - backstage.xai-corp.net
+#    - backstage.xai-corp.net
   acme:
     config:
       - http01:
diff --git a/ansible-5/roles/prod.k3s/files/stash/pv03.yaml b/ansible-5/roles/prod.k3s/files/stash/pv03.yaml
new file mode 100644
index 0000000..43bdbbe
--- /dev/null
+++ b/ansible-5/roles/prod.k3s/files/stash/pv03.yaml
@@ -0,0 +1,17 @@
+---
+# persistent volume
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: plex-pv-local-03
+  labels:
+    type: local
+spec:
+  storageClassName: manual
+  capacity:
+    storage: 300Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "/opt/data/T2/secure/app"
+
diff --git a/ansible-5/roles/prod.k3s/files/stash/values.yaml b/ansible-5/roles/prod.k3s/files/stash/values.yaml
index 45e773e..cc38d62 100644
--- a/ansible-5/roles/prod.k3s/files/stash/values.yaml
+++ b/ansible-5/roles/prod.k3s/files/stash/values.yaml
@@ -5,7 +5,7 @@
 
 image:
   repository: stashapp/stash
-  tag: v0.26.2
+  tag: v0.27.2
 
 ingress:
   main:
diff --git a/ansible-5/roles/prod.k3s/tasks/deployments/stash.yaml b/ansible-5/roles/prod.k3s/tasks/deployments/stash.yaml
index 72aff2a..79696f8 100644
--- a/ansible-5/roles/prod.k3s/tasks/deployments/stash.yaml
+++ b/ansible-5/roles/prod.k3s/tasks/deployments/stash.yaml
@@ -18,7 +18,7 @@
     state: present
     definition: "{{ lookup('file', item) | from_yaml }}"
   loop:
-    - stash/pv02.yaml
+    - stash/pv03.yaml
     - stash/pv-claim.yaml
 #    - stash/pv-media.yaml
 #    - stash/pv-media-claim.yaml
diff --git a/ansible-5/roles/prod.k3s/tasks/main.yml b/ansible-5/roles/prod.k3s/tasks/main.yml
index 487f26b..b26909c 100644
--- a/ansible-5/roles/prod.k3s/tasks/main.yml
+++ b/ansible-5/roles/prod.k3s/tasks/main.yml
@@ -2,7 +2,7 @@
 # provisioning services in k3s cluster
 
 # mount gluster
-- include_tasks: gluster.fstab.yml
+#- include_tasks: gluster.fstab.yml
 #
 ## add helm repositories
 #- include_tasks: add_repos.yml
@@ -13,6 +13,7 @@
 
 - name: deploy cert_manager
   include_tasks: cert_manager.yml
+  when: apps.cert_manager.enabled
 
 - name: deploy stash
   include_tasks: deployments/stash.yaml
diff --git a/ansible-5/roles/prod.k3s/templates/dkregistry/pv-auth.yaml b/ansible-5/roles/prod.k3s/templates/dkregistry/pv-auth.yaml
index 834309e..d4bb050 100644
--- a/ansible-5/roles/prod.k3s/templates/dkregistry/pv-auth.yaml
+++ b/ansible-5/roles/prod.k3s/templates/dkregistry/pv-auth.yaml
@@ -13,5 +13,5 @@ spec:
   accessModes:
     - ReadWriteOnce
   hostPath:
-    path: "/opt/data/shared/dkregistry/auth"
+    path: "/opt/data/T2/shared/dkregistry/auth"
 
diff --git a/ansible-5/roles/prod.k3s/templates/dkregistry/pv.yaml b/ansible-5/roles/prod.k3s/templates/dkregistry/pv.yaml
index 2a3380c..0c6ac59 100644
--- a/ansible-5/roles/prod.k3s/templates/dkregistry/pv.yaml
+++ b/ansible-5/roles/prod.k3s/templates/dkregistry/pv.yaml
@@ -13,5 +13,5 @@ spec:
   accessModes:
     - ReadWriteOnce
   hostPath:
-    path: "/opt/data/shared/dkregistry/data"
+    path: "/opt/data/T2/shared/dkregistry/data"
 
diff --git a/ansible-5/roles/prod.k3s/templates/gitea/pv.yaml b/ansible-5/roles/prod.k3s/templates/gitea/pv.yaml
index 46c8384..5c95b19 100644
--- a/ansible-5/roles/prod.k3s/templates/gitea/pv.yaml
+++ b/ansible-5/roles/prod.k3s/templates/gitea/pv.yaml
@@ -13,5 +13,5 @@ spec:
   accessModes:
     - ReadWriteOnce
   hostPath:
-    path: "/opt/data/gitea"
+    path: "/opt/data/T2/gitea/gitea"
 
diff --git a/ansible-5/roles/prod.k3s/templates/mariadb/pv.yaml b/ansible-5/roles/prod.k3s/templates/mariadb/pv.yaml
index a6f37ca..2797632 100644
--- a/ansible-5/roles/prod.k3s/templates/mariadb/pv.yaml
+++ b/ansible-5/roles/prod.k3s/templates/mariadb/pv.yaml
@@ -13,5 +13,5 @@ spec:
   accessModes:
     - ReadWriteOnce
   hostPath:
-    path: "/opt/data/db/mariadb-10.9"
+    path: "/opt/data/T2/db/db/mariadb-10.9"
 
diff --git a/ansible-5/roles/prod.k3s/templates/postgres/pv.yaml b/ansible-5/roles/prod.k3s/templates/postgres/pv.yaml
index 23cf24f..cf40e2b 100644
--- a/ansible-5/roles/prod.k3s/templates/postgres/pv.yaml
+++ b/ansible-5/roles/prod.k3s/templates/postgres/pv.yaml
@@ -13,5 +13,5 @@ spec:
   accessModes:
     - ReadWriteOnce
   hostPath:
-    path: "/opt/data/db/postgres-15.1"
+    path: "/opt/data/T2/db/db/postgres-15.1"