Mercurial > code > home > repos > infra
changeset 288:3af02e24eaf9
minor
| author | drewp@bigasterisk.com |
|---|---|
| date | Sun, 21 Apr 2024 17:01:13 -0700 |
| parents | c094d23b7943 |
| children | 65e28d2e0cd8 |
| files | .vscode/settings.json apt.py dns.py dns_check.py home.py k8s_lookup/Dockerfile k8s_lookup/deploy.yaml k8s_lookup/skaffold.yaml kube.py multikube.py multikube_wipe.py net.py packages.py pi-setup/on_pi_setup.sh pi-setup/tasks.py sync.py system.py tasks.py templates/hosts.j2 users.py wireguard_pubkey.py |
| diffstat | 21 files changed, 87 insertions(+), 135 deletions(-) [+] |
line wrap: on
line diff
--- a/.vscode/settings.json Sun Apr 21 14:03:04 2024 -0700 +++ b/.vscode/settings.json Sun Apr 21 17:01:13 2024 -0700 @@ -2,8 +2,8 @@ "python.linting.pylintEnabled": false, "python.linting.flake8Enabled": true, "python.linting.enabled": true, - "python.analysis.extraPaths": ["${workspaceFolder}/__pypackages__/3.10/lib"], - "python.autoComplete.extraPaths": ["${workspaceFolder}/__pypackages__/3.10/lib"], + "python.analysis.extraPaths": ["${workspaceFolder}/__pypackages__/3.11/lib"], + "python.autoComplete.extraPaths": ["${workspaceFolder}/__pypackages__/3.11/lib"], "python.formatting.provider": "yapf", "files.watcherExclude": { "_darcs_old/**": true
--- a/apt.py Sun Apr 21 14:03:04 2024 -0700 +++ b/apt.py Sun Apr 21 17:01:13 2024 -0700 @@ -1,6 +1,7 @@ import io from pathlib import Path import shlex +from typing import cast from pyinfra import host from pyinfra.facts.files import FindFiles from pyinfra.facts.server import Arch, LinuxDistribution @@ -60,7 +61,7 @@ dir / 'steam-stable.list', dir / 'raspi.list', ]): - found = map(Path, host.get_fact(FindFiles, dir, quote_path=True)) + found = map(Path, cast(str, host.get_fact(FindFiles, dir, quote_path=True))) if set(found) - set(known): raise SystemExit(f"new files in {host.name} /etc/apt/sources.list.d/ - please remove") for f in known: @@ -90,7 +91,7 @@ def flatpak_sources(): apt.packages(update=True, cache_time=86400, packages=['flatpak']) - server.shell('flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo') + server.shell(commands='flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo') def correct_dns():
--- a/dns.py Sun Apr 21 14:03:04 2024 -0700 +++ b/dns.py Sun Apr 21 17:01:13 2024 -0700 @@ -1,6 +1,8 @@ from io import StringIO import subprocess +from typing import cast +import pyinfra from pyinfra import host from pyinfra.operations import files, systemd, server from pyinfra.facts.server import Arch, LinuxDistribution @@ -52,10 +54,6 @@ systemd.service(service='systemd-resolved.service', running=True, restarted=True) -pi_serial_hostname = [ -] - - def rpi_net_boot(): files.directory(path='/opt/dnsmasq/tftp') for pi_serial, _ in pi_serial_hostname: @@ -94,6 +92,7 @@ elif host.name == 'ditto': rpi_iscsi_volumes() # move out of this file- it's not dns elif host.name == 'pipe': +# move out of this file- it's not dns rpi_net_boot() files.directory(path='/opt/dnsmasq') dnsmasq_instance('10.2',
--- a/dns_check.py Sun Apr 21 14:03:04 2024 -0700 +++ b/dns_check.py Sun Apr 21 17:01:13 2024 -0700 @@ -1,5 +1,4 @@ # run key dns lookups everywhere -import tempfile from pyinfra import host from pyinfra.operations import server
--- a/home.py Sun Apr 21 14:03:04 2024 -0700 +++ b/home.py Sun Apr 21 17:01:13 2024 -0700 @@ -9,7 +9,7 @@ ]: # maybe bring sync.py in here too - server.shell(['chsh -s /bin/zsh drewp']) + server.shell(commands=['chsh -s /bin/zsh drewp']) files.link(path='/home/drewp/.aptitude/config', target='../own/config/aptitude-config', force=True) files.link(path='/home/drewp/.config/blender', target='../own/config/blender', force=True) files.link(path='/home/drewp/.emacs.d', target='own/config/emacs-d', force=True) @@ -21,11 +21,6 @@ files.link(path='/home/drewp/bin', target='own/config/bin/', force=True) files.link(path='/home/drewp/blenderkit_data', target='own/gfx-lib/blenderkit_data/', force=True) - - - -# chsh --shell /bin/zsh - #drwx------ 3 drewp drewp 4096 Jul 31 15:07 .config/syncthing #npm.rc? # run on bang: pnpm server --background start
--- a/k8s_lookup/Dockerfile Sun Apr 21 14:03:04 2024 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,4 +0,0 @@ -FROM ubuntu:jammy-20220428 -RUN echo 2022-06-20 && apt-get update -RUN DEBIAN_FRONTEND=noninteractive apt-get install -y udns-utils oping curl -CMD ["sleep", "1d"]
--- a/k8s_lookup/deploy.yaml Sun Apr 21 14:03:04 2024 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,23 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: k8s-lookup -spec: - selector: - matchLabels: - name: k8s-lookup - template: - metadata: - labels: - name: k8s-lookup - spec: - tolerations: - # this toleration is to have the daemonset runnable on master nodes - # remove it if your masters can't run pods - - key: node-role.kubernetes.io/master - operator: Exists - effect: NoSchedule - containers: - - name: k8s-lookup - image: bang5:5000/k8s_lookup_image - terminationGracePeriodSeconds: 1
--- a/k8s_lookup/skaffold.yaml Sun Apr 21 14:03:04 2024 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,16 +0,0 @@ -apiVersion: skaffold/v2beta27 -kind: Config -metadata: - name: k8s-lookup -build: - platforms: [amd64] - # tagPolicy: - # dateTime: - # format: "2006-01-02_15-04-05" - # timezone: "Local" - artifacts: - - image: bang5:5000/k8s_lookup_image -deploy: - kubectl: - manifests: - - deploy.yaml
--- a/kube.py Sun Apr 21 14:03:04 2024 -0700 +++ b/kube.py Sun Apr 21 17:01:13 2024 -0700 @@ -166,20 +166,21 @@ group='drewp', mode='640') server.shell( - f"kubectl config set-cluster default --server=https://{server_ip}:6443 --kubeconfig=/etc/rancher/k3s/k3s.yaml") + commands=f"kubectl config set-cluster default --server=https://{server_ip}:6443 --kubeconfig=/etc/rancher/k3s/k3s.yaml" + ) -make_cluster(server_ip="10.5.0.7", - server_node='ditto', - nodes=[ - 'bang', - 'slash', - 'dash', - 'ws-printer', - # 'gn-music', - 'li-drums', - ], - admin_from=['bang', 'slash', 'dash', 'ditto'], - k3s_version='v1.29.1+k3s1') +make_cluster( + server_ip="10.5.0.7", + server_node='ditto', + nodes=[ + 'bang', + 'slash', + 'dash', + 'ws-printer', + # 'gn-music', + 'li-drums', + ], + k3s_version='v1.29.1+k3s1') # consider https://github.com/derailed/k9s/releases/download/v0.32.4/k9s_Linux_amd64.tar.gz
--- a/multikube.py Sun Apr 21 14:03:04 2024 -0700 +++ b/multikube.py Sun Apr 21 17:01:13 2024 -0700 @@ -1,14 +1,17 @@ # leave kube.py running single-host and try again -import os - from pyinfra import host -from pyinfra.facts.files import FindInFile -from pyinfra.facts.server import Arch, LinuxDistribution +from pyinfra.facts.server import Arch from pyinfra.operations import files, server, systemd -is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux'] +from multikube_config import ( + admin_from, + k3s_version, + nodes, + server_ip, + server_node, + skaffold_version, +) -from multikube_config import server_node, server_ip, nodes, admin_from, k3s_version, skaffold_version def install_k3s(): tail = 'k3s' if host.get_fact(Arch) == 'x86_64' else 'k3s-armhf' @@ -22,17 +25,17 @@ #force=True, # to get a new version ) + def install_k3sup(): - files.download( - src='https://github.com/alexellis/k3sup/releases/download/0.12.0/k3sup', - dest='/usr/local/bin/k3sup', - mode='755' - ) + files.download(src='https://github.com/alexellis/k3sup/releases/download/0.12.0/k3sup', + dest='/usr/local/bin/k3sup', + mode='755') # then do like: # root@slash:/home/drewp# ./k3sup install --ip 10.2.0.84 --k3s-extra-args '--no-deploy traefik' --ssh-key /root/.ssh/id_ecdsa # root@slash:/home/drewp# ./k3sup join --ip 10.2.0.23 --server-ip 10.2.0.84 --ssh-key /root/.ssh/id_ecdsa # but it doesn't seem to make networking go any better + def install_skaffold(): files.download(src=f'https://storage.googleapis.com/skaffold/releases/{skaffold_version}/skaffold-linux-amd64', dest='/usr/local/bin/skaffold', @@ -55,7 +58,7 @@ def host_prep(): server.sysctl(key='net.ipv4.ip_forward', value="1", persist=True) server.sysctl(key='net.ipv6.conf.all.forwarding', value="1", persist=True) - server.sysctl(key='net.ipv6.conf.all.disable_ipv6' , value='1',persist=True) + server.sysctl(key='net.ipv6.conf.all.disable_ipv6', value='1', persist=True) server.sysctl(key='fs.inotify.max_user_instances', value='8192', persist=True) server.sysctl(key='fs.inotify.max_user_watches', value='524288', persist=True) @@ -82,7 +85,7 @@ dest='/etc/k3s_config.yaml', server_ip=server_ip, token=token, - wg_ip=host.host_data['mk_addr'],#wireguard_address'], + wg_ip=host.host_data['mk_addr'], #wireguard_address'], ) files.template( @@ -93,8 +96,8 @@ systemd.service(service=service_name(), daemon_reload=True, enabled=True, restarted=True) if host.name == server_node: - files.get(src='/var/lib/rancher/k3s/server/node-token', dest='/tmp/k3s-token') - files.get(src='/etc/rancher/k3s/k3s.yaml', dest='/tmp/k3s-yaml') + files.get(src='/var/lib/rancher/k3s/server/node-token', dest='/tmp/k3s-token') + files.get(src='/etc/rancher/k3s/k3s.yaml', dest='/tmp/k3s-yaml') if host.name in nodes + [server_node]: @@ -120,4 +123,5 @@ files.put(src='/tmp/k3s-yaml', dest='/etc/rancher/k3s/k3s.yaml') files.file(path='/etc/rancher/k3s/k3s.yaml', user='root', group='drewp', mode='640') - server.shell(f"kubectl config set-cluster default --server=https://{server_ip}:6443 --kubeconfig=/etc/rancher/k3s/k3s.yaml") + server.shell( + commands=f"kubectl config set-cluster default --server=https://{server_ip}:6443 --kubeconfig=/etc/rancher/k3s/k3s.yaml")
--- a/multikube_wipe.py Sun Apr 21 14:03:04 2024 -0700 +++ b/multikube_wipe.py Sun Apr 21 17:01:13 2024 -0700 @@ -6,6 +6,6 @@ if host.name in nodes + [server_node]: files.put(dest='/usr/local/bin/k3s-killall.sh', src='files/kube/k3s-killall.sh', mode='a+rx') files.put(dest='/usr/local/bin/k3s-uninstall.sh', src='files/kube/k3s-uninstall.sh', mode='a+rx') - server.shell(['k3s-uninstall.sh']) + server.shell(commands=['k3s-uninstall.sh']) for n in ['k3s-agent.service', 'k3s-agent.service.env', 'k3s-node.service']: files.file(path=f'/etc/systemd/system/{n}', present=False) \ No newline at end of file
--- a/net.py Sun Apr 21 14:03:04 2024 -0700 +++ b/net.py Sun Apr 21 17:01:13 2024 -0700 @@ -104,8 +104,3 @@ # # TODO this breaks wireguard wg on garage, i think. workaround: # if host.name == 'garage': # server.shell('ip -4 address add 10.5.0.14/24 dev wg0') -else: - pass # don't break working networking! - -if is_pi and host.name != 'pipe': - pass \ No newline at end of file
--- a/packages.py Sun Apr 21 14:03:04 2024 -0700 +++ b/packages.py Sun Apr 21 17:01:13 2024 -0700 @@ -14,8 +14,8 @@ local = f"{home}/.local/kitty" dl = f'/tmp/kitty-{vers}-x86_64.txz' files.download(src=f"https://github.com/kovidgoyal/kitty/releases/download/v{vers}/kitty-{vers}-x86_64.txz", dest=dl) - files.directory(local) - server.shell([ + files.directory(path=local) + server.shell(commands=[ f"mkdir -p {local}", # https://github.com/Fizzadar/pyinfra/issues/777 f"aunpack --extract-to={local} {dl}", ]) @@ -25,7 +25,7 @@ def nodejs(): apt.packages(packages=['libnode72'], present=False, force=True) apt.packages(packages=['nodejs'], latest=True) - server.shell([ + server.shell(commands=[ "rm -f /usr/local/bin/pnp{m,x}", "corepack enable", # https://github.com/pnpm/pnpm/releases @@ -37,24 +37,17 @@ def podman(): # frigate build wants to mount a single file from the host, which needs podman 4.5.1 # https://github.com/containers/podman/issues/12123#issuecomment-1620439593 - - - server.shell('apt --fix-broken install') + server.shell(commands='apt --fix-broken install') apt.deb(src="http://ftp.osuosl.org/pub/ubuntu/pool/main/g/gpgme1.0/libgpgme11t64_1.18.0-4.1ubuntu4_amd64.deb") - server.shell('apt --fix-broken install') + server.shell(commands='apt --fix-broken install') apt.deb(src="http://ftp.osuosl.org/pub/ubuntu/pool/universe/c/conmon/conmon_2.1.10+ds1-1build2_amd64.deb") apt.deb(src="http://ftp.osuosl.org/pub/ubuntu/pool/universe/libp/libpod/podman_4.9.3+ds1-1build2_amd64.deb") - - - # https://ftp.osuosl.org/pub/ubuntu/pool/main/g/gpgme1.0/libgpgme11_1.18.0-3ubuntu2_amd64.deb - # apt.deb(src="https://ftp.osuosl.org/pub/ubuntu/pool/main/g/gpgme1.0/libgpgme11t64_1.18.0-4.1ubuntu4_amd64.deb") - # apt.deb(src="https://ftp.osuosl.org/pub/ubuntu/pool/universe/libp/libpod/podman_4.9.3+ds1-1build2_amd64.deb") apt.packages(packages=['libsubid4', 'buildah', 'podman-docker'], latest=True) def pdm(): # https://github.com/pdm-project/pdm/blob/main/CHANGELOG.md - server.shell(["pip install --break-system-packages 'pdm==2.12.4'"]) + server.shell(commands=["pip install --break-system-packages 'pdm==2.12.4'"]) def proper_locate():
--- a/pi-setup/on_pi_setup.sh Sun Apr 21 14:03:04 2024 -0700 +++ b/pi-setup/on_pi_setup.sh Sun Apr 21 17:01:13 2024 -0700 @@ -11,6 +11,10 @@ echo ${HEADER} set hostname hostnamectl set-hostname ${HOSTNAME} perl -pi -e 's/raspberrypi/'${HOSTNAME}'/' /etc/hosts + +# This setup will make a pi get dhcp at boot time, but then nothing will renew +# that unless we set NM to also use dhcp. +nmcli device modify eth0 ipv4.method auto echo ${HEADER} allow root@ditto echo "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIh/S0cInbrzh7bM9faZrp9Zc0ndn3aKHFjNngLvhVNolH/nDMu8swmvgvFtlKPv3mlxMjkaDrNpcaGbi0zlpE4= root@ditto" >> /root/.ssh/authorized_keys
--- a/pi-setup/tasks.py Sun Apr 21 14:03:04 2024 -0700 +++ b/pi-setup/tasks.py Sun Apr 21 17:01:13 2024 -0700 @@ -17,4 +17,6 @@ @task def iscsi(ctx, hostname): - ctx.run(cmd + f'pdm run -p .. setup_pi.py --iscsi {hostname}', pty=True) \ No newline at end of file + ctx.run(cmd + f'pdm run -p .. setup_pi.py --iscsi {hostname}', pty=True) + +
--- a/sync.py Sun Apr 21 14:03:04 2024 -0700 +++ b/sync.py Sun Apr 21 17:01:13 2024 -0700 @@ -18,22 +18,21 @@ tmpdir = Path('/tmp/syncthing_install') dl_name = f'syncthing-{os}-{arch}-{version}' url = f'https://github.com/syncthing/syncthing/releases/download/{version}/{dl_name}.tar.gz' - files.directory(tmpdir) - files.download(url, str(tmpdir / f'{dl_name}.tgz')) # bugreport - server.shell([f'cd {tmpdir}; aunpack {dl_name}.tgz']) + files.directory(path=tmpdir) + files.download(src=url, dest=str(tmpdir / f'{dl_name}.tgz')) # bugreport + server.shell(commands=[f'cd {tmpdir}; aunpack {dl_name}.tgz']) systemd.service(service=f'syncthing@{user}', running=False) user_svc_template = '/lib/systemd/system/syncthing@.service' - server.shell([ + server.shell(commands=[ f'cp -a {tmpdir}/{dl_name}/{s} {d}' for s, d in [ ('syncthing', '/usr/bin'), - #('etc/linux-systemd/user/syncthing.service', ''), # unused ('etc/linux-systemd/system/syncthing@.service', user_svc_template), ('etc/linux-systemd/system/syncthing-resume.service', '/etc/systemd/system/syncthing-resume.service'), ] ]) - files.link(f'/etc/systemd/system/multi-user.target.wants/syncthing@{user}.service', user_svc_template) + files.link(path=f'/etc/systemd/system/multi-user.target.wants/syncthing@{user}.service', target=user_svc_template) systemd.service(service=f'syncthing@{user}', enabled=True, restarted=True, daemon_reload=True) @@ -50,6 +49,6 @@ install_syncthing(user, version) # something above has broken devnull #bugreport -server.shell(['chmod a+w /dev/null']) +server.shell(commands=['chmod a+w /dev/null']) # also consider https://github.com/Martchus/syncthingtray tray status viewer on dtops
--- a/system.py Sun Apr 21 14:03:04 2024 -0700 +++ b/system.py Sun Apr 21 17:01:13 2024 -0700 @@ -5,7 +5,6 @@ from pyinfra.operations import apt, files, server, systemd is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux'] - TZ = 'America/Los_Angeles' @@ -33,26 +32,42 @@ def no_sleep(): server.shell(commands=['systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target']) + def nfs_server(): + # remove when we're on longhorn apt.packages(packages=['nfs-kernel-server']) files.template(src='templates/bang_exports.j2', dest='/etc/exports') + def smaller_journals(): files.line(name='shorter systemctl log window, for disk space', path='/etc/systemd/journald.conf', line='MaxFileSec', replace="MaxFileSec=7day") + def web_forward(): for port in [80, 443]: - files.template(src="templates/webforward.service.j2", dest=f"/etc/systemd/system/web_forward_{port}.service", serv_host='bang', port=port, name='web', fam='tcp') - systemd.service(service=f'web_forward_{port}', enabled=True, restarted=True) + svc = f'web_forward_{port}' + files.template(src="templates/webforward.service.j2", + dest=f"/etc/systemd/system/{svc}.service", + serv_host='bang', + port=port, + name='web', + fam='tcp') + systemd.service(service=svc, enabled=True, restarted=True) def minecraft_forward(): port = 25765 for fam in ['tcp', 'udp']: - files.template(src="templates/webforward.service.j2", dest=f"/etc/systemd/system/mc_smp_{fam}_forward_{port}.service", serv_host='ditto', port=port, name='mc_smp', fam=fam) - systemd.service(service=f'mc_smp_{fam}_forward_{port}', enabled=True, restarted=True) + svc = f'mc_smp_{fam}_forward_{port}' + files.template(src="templates/webforward.service.j2", + dest=f"/etc/systemd/system/{svc}.service", + serv_host='ditto', + port=port, + name='mc_smp', + fam=fam) + systemd.service(service=svc, enabled=True, restarted=True) server.hostname(hostname=host.name) timezone() @@ -64,9 +79,6 @@ if is_pi and host.name != 'pipe': pi_tmpfs() - # this now lives on pipe in /opt/dnsmasq/tftp/f63f14b6/config.txt - #files.template(src='templates/boot_config.txt.j2', dest='/boot/config.txt') - if host.name in ['bang', 'pipe', 'ditto']: no_sleep() @@ -82,4 +94,3 @@ # k3s crictl rmi --prune # snap list --all | while read snapname ver rev trk pub notes; do if [[ $notes = *disabled* ]]; then snap remove "$snapname" --revision="$rev"; fi; done # podman system reset - \ No newline at end of file
--- a/tasks.py Sun Apr 21 14:03:04 2024 -0700 +++ b/tasks.py Sun Apr 21 17:01:13 2024 -0700 @@ -54,7 +54,7 @@ @task def dns_k8s_check(ctx): - ctx.run('env/bin/python dns_k8s_check.py', pty=True) + ctx.run('pdm run python dns_k8s_check.py', pty=True) @task @@ -68,11 +68,6 @@ @task -def kube_bang(ctx): - _run(ctx, 'kube.py --limit bang') - - -@task def sync(ctx): _run(ctx, 'sync.py') @@ -88,11 +83,6 @@ @task -def pipe(ctx): - ctx.run(cmd + 'inventory.py pipe.py --limit pipe', pty=True) - - -@task def multikube(ctx): # danger- wipes previous k3s from multikube_config import server_node, nodes ctx.run(cmd + 'inventory.py multikube_wipe.py', pty=True)
--- a/templates/hosts.j2 Sun Apr 21 14:03:04 2024 -0700 +++ b/templates/hosts.j2 Sun Apr 21 17:01:13 2024 -0700 @@ -17,7 +17,7 @@ 10.5.0.5 dash {% endif %} -{% if host.name in ['prime'] %} +{% if host.name == 'prime' %} # for wireguard setup: 127.0.0.1 public.bigasterisk.com {% endif %}
--- a/users.py Sun Apr 21 14:03:04 2024 -0700 +++ b/users.py Sun Apr 21 17:01:13 2024 -0700 @@ -96,6 +96,7 @@ server.group(group='prometheus', gid=1010) server.user(user='prometheus', uid=1010) +# delete when garage is diskless if host.name == 'garage': server.group(group='fuse') server.user(user='pi',
--- a/wireguard_pubkey.py Sun Apr 21 14:03:04 2024 -0700 +++ b/wireguard_pubkey.py Sun Apr 21 17:01:13 2024 -0700 @@ -13,6 +13,7 @@ 'pillow': 'gi54uHkV3WQWvU7b90oZV9ss69kqyeDerkaRk1dYziU=', 'ws-printer': 'v3c4gNXtBCRSYn4r2ZwrQouJQ0bfGGz3K7oKcuS3FFk=', 'li-drums': 'UNfh0qWqBLzYpDMZ3+3K3giAnDth0QWtLPocW8+NxAo=', + 'li-drums': 'CkFzBGjSJLHnR7FeWzandx2F03x5tncaqpCuiNcIoCc=', 'gn-music': 'XKkjSfdvROkLe0zxp9wal+ObTWqh/o7kJTXL8O9AOSQ=', }