Fixing cubox and base services

ansible-5/inventory.ini

@@ -8,7 +8,7 @@ cubox-m         ansible_ssh_host=192.168.4.15
 [ns]
 ;home          ansible_ssh_host=192.168.4.11
 cubox-i         ansible_ssh_host=192.168.4.12
-;cubox-m         ansible_ssh_host=192.168.4.15
+cubox-m         ansible_ssh_host=192.168.4.15
 
 [gfs]
 ;home            ansible_ssh_host=192.168.4.11

ansible-5/playbooks/bootstrap.yaml

@@ -2,6 +2,7 @@
 - name: bootstrap
   hosts: managed
 #  remote_user: ansible
+#  remote_user: root
   gather_facts: false
 #  become: true
 
@@ -24,6 +25,15 @@
     - name: ping
       ansible.builtin.ping:
 
+    - name: Ensure group "ssh" exists
+      become: true
+      ansible.builtin.group:
+        name: "{{item}}"
+        state: present
+      with_items:
+        - ssh
+        - _ssh
+
     - name: Add the user 'ansible'
       become: true
       ansible.builtin.user:
@@ -35,6 +45,8 @@
 #        uid: "1001"
         groups:
           - sudo
+          - ssh
+          - _ssh
 
     - name: Add the authorized key for 'ansible'
       become: true
@@ -80,6 +92,8 @@
 #        uid: "1000"
         groups:
           - sudo
+          - ssh
+          - _ssh
 
     - name: Add the authorized key for 'richard'
       become: true

ansible-5/roles/common/tasks/main.yml

@@ -11,10 +11,10 @@
 - name: update login screen
   include_tasks: motd.yml
 
-- name: fix usb
+#- name: fix usb
-  include_tasks: fix_usb.yml
+#  include_tasks: fix_usb.yml
-  when: inventory_hostname == "cubox-m"
+#  when: inventory_hostname == "cubox-m"
 
-- name: update fstab
+#- name: update fstab
-  include_tasks: update_fstab.yml
+#  include_tasks: update_fstab.yml
 

ansible-5/roles/glusterfs-server/defaults/main.yaml

@@ -5,7 +5,8 @@
 #
 
 glusterd:
-  version: 9.2-1
+#  version: 9.2-1
+  version: 9.6-ubuntu1~jammy2
   unit: glusterd
   envfile: /etc/sysconfig/glusterd
 

ansible-5/roles/prod.k3s/defaults/main.yml

@@ -41,13 +41,16 @@ helm:
       repo_url: https://cetic.github.io/helm-charts
 
 apps:
+  cert_manager:
+    enabled: true
+
   stash:
     enabled: true
     state: present
     namespace: stashapp
 
   mariadb:
-    enabled: true
+    enabled: false
     namespace: mariadb
     pvc: data-mariadb-0
     state: present
@@ -85,12 +88,12 @@ apps:
     chart_version: 4.5 # https://github.com/nextcloud/helm/releases?page=2
 
   hello_world:
-    enabled: true
+    enabled: false
     namespace: default
     state: absent
 
   funkwhale:
-    enabled: true
+    enabled: false
     namespace: funkwhale
     state: present
 
@@ -106,6 +109,6 @@ apps:
     image:
 
   backstage:
-    enabled: true
+    enabled: false
     namespace: backstage
     state: present

ansible-5/roles/prod.k3s/files/cert-manager/certificate.xai-corp.prod.yaml

@@ -14,15 +14,15 @@ spec:
   dnsNames:
     - xai-corp.net
     - git.xai-corp.net
-    - tunedb.xai-corp.net
+#    - tunedb.xai-corp.net
     - www.xai-corp.net
     - xaibox.xai-corp.net
     - sql.xai-corp.net
-    - cik.xai-corp.net
+#    - cik.xai-corp.net
     - stash.xai-corp.net
     - dkregistry.xai-corp.net
     - funkwhale.xai-corp.net
-    - backstage.xai-corp.net
+#    - backstage.xai-corp.net
   acme:
     config:
       - http01:

ansible-5/roles/prod.k3s/files/stash/pv03.yaml

@@ -0,0 +1,17 @@
+---
+# persistent volume
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: plex-pv-local-03
+  labels:
+    type: local
+spec:
+  storageClassName: manual
+  capacity:
+    storage: 300Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "/opt/data/T2/secure/app"
+

ansible-5/roles/prod.k3s/files/stash/values.yaml

@@ -5,7 +5,7 @@
 
 image:
   repository: stashapp/stash
-  tag: v0.26.2
+  tag: v0.27.2
 
 ingress:
   main:

ansible-5/roles/prod.k3s/tasks/deployments/stash.yaml

@@ -18,7 +18,7 @@
     state: present
     definition: "{{ lookup('file', item) | from_yaml }}"
   loop:
-    - stash/pv02.yaml
+    - stash/pv03.yaml
     - stash/pv-claim.yaml
 #    - stash/pv-media.yaml
 #    - stash/pv-media-claim.yaml

ansible-5/roles/prod.k3s/tasks/main.yml

@@ -2,7 +2,7 @@
 # provisioning services in k3s cluster
 
 # mount gluster
-- include_tasks: gluster.fstab.yml
+#- include_tasks: gluster.fstab.yml
 #
 ## add helm repositories
 #- include_tasks: add_repos.yml
@@ -13,6 +13,7 @@
 
 - name: deploy cert_manager
   include_tasks: cert_manager.yml
+  when: apps.cert_manager.enabled
 
 - name: deploy stash
   include_tasks: deployments/stash.yaml

ansible-5/roles/prod.k3s/templates/dkregistry/pv-auth.yaml

@@ -13,5 +13,5 @@ spec:
   accessModes:
     - ReadWriteOnce
   hostPath:
-    path: "/opt/data/shared/dkregistry/auth"
+    path: "/opt/data/T2/shared/dkregistry/auth"
 

ansible-5/roles/prod.k3s/templates/dkregistry/pv.yaml

@@ -13,5 +13,5 @@ spec:
   accessModes:
     - ReadWriteOnce
   hostPath:
-    path: "/opt/data/shared/dkregistry/data"
+    path: "/opt/data/T2/shared/dkregistry/data"
 

ansible-5/roles/prod.k3s/templates/gitea/pv.yaml

@@ -13,5 +13,5 @@ spec:
   accessModes:
     - ReadWriteOnce
   hostPath:
-    path: "/opt/data/gitea"
+    path: "/opt/data/T2/gitea/gitea"
 

ansible-5/roles/prod.k3s/templates/mariadb/pv.yaml

@@ -13,5 +13,5 @@ spec:
   accessModes:
     - ReadWriteOnce
   hostPath:
-    path: "/opt/data/db/mariadb-10.9"
+    path: "/opt/data/T2/db/db/mariadb-10.9"
 

ansible-5/roles/prod.k3s/templates/postgres/pv.yaml

@@ -13,5 +13,5 @@ spec:
   accessModes:
     - ReadWriteOnce
   hostPath:
-    path: "/opt/data/db/postgres-15.1"
+    path: "/opt/data/T2/db/db/postgres-15.1"