From a1bff472e79b612f2634b5d5d70aaf3be2d0db35 Mon Sep 17 00:00:00 2001
From: Mohamed Emine IBRAHIM <emine@felcloud.io>
Date: Wed, 25 May 2022 21:54:07 +0200
Subject: [PATCH] Initial commit

---
 .gitignore              |  3 +++
 billing.sh              |  5 +++++
 group_vars/all          | 19 +++++++++++++++++++
 group_vars/k8scontrol   | 18 ++++++++++++++++++
 host_vars/prd-k8sctl-00 | 10 ++++++++++
 host_vars/prd-k8sctl-01 | 10 ++++++++++
 host_vars/prd-k8sctl-02 | 10 ++++++++++
 infra/billing.json      | 20 ++++++++++++++++++++
 infra/kubernetes.json   | 21 +++++++++++++++++++++
 infra/openstack.json    | 39 +++++++++++++++++++++++++++++++++++++++
 inventory               | 37 +++++++++++++++++++++++++++++++++++++
 kubernetes.sh           |  5 +++++
 openstack.sh            |  5 +++++
 13 files changed, 202 insertions(+)
 create mode 100644 .gitignore
 create mode 100755 billing.sh
 create mode 100644 group_vars/all
 create mode 100644 group_vars/k8scontrol
 create mode 100644 host_vars/prd-k8sctl-00
 create mode 100644 host_vars/prd-k8sctl-01
 create mode 100644 host_vars/prd-k8sctl-02
 create mode 100644 infra/billing.json
 create mode 100644 infra/kubernetes.json
 create mode 100644 infra/openstack.json
 create mode 100644 inventory
 create mode 100755 kubernetes.sh
 create mode 100755 openstack.sh

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..aebd7ba
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+*.pyc
+venv/
+pulumi_passphrase
diff --git a/billing.sh b/billing.sh
new file mode 100755
index 0000000..6964c5f
--- /dev/null
+++ b/billing.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+export OS_CLOUD="felcloud_cli"
+export PULUMI_STACK="staging"
+export PULUMI_SUB_STACK="billing"
+export PULUMI_CONFIG_PASSPHRASE_FILE="$PWD/env.d/$PULUMI_STACK/pulumi_passphrase"
diff --git a/group_vars/all b/group_vars/all
new file mode 100644
index 0000000..6df8323
--- /dev/null
+++ b/group_vars/all
@@ -0,0 +1,19 @@
+---
+
+env: staging
+application: "{{ lookup('env', 'PULUMI_SUB_STACK') }}"
+bastion_group_name: "{{ application }}_bastion"
+
+# DNS resolve
+preferred_dns: "8.8.8.8"
+fallback_dns: "4.4.4.4"
+
+# infrastructure
+infrastructure_file_path: "{{ inventory_dir }}/infra/{{ application }}.json"
+
+# proxy
+proxy_user: "felcloud"
+proxy_passwd: "ijo7mgHEWjytM"
+proxy_hostname: "{{ groups[bastion_group_name] | first }}"
+proxy_ip: "{{ hostvars[proxy_hostname].ansible_host }}"
+proxy_port: 3128
diff --git a/group_vars/k8scontrol b/group_vars/k8scontrol
new file mode 100644
index 0000000..a0154ce
--- /dev/null
+++ b/group_vars/k8scontrol
@@ -0,0 +1,18 @@
+---
+
+haproxy_local_config_path: "reverse-proxy/haproxy.cfg"
+haproxy_list_tls:
+  - wildcard.felcloud.io
+haproxy_nbproc: 1
+public_vip_address:
+  - "{{ vip_k8s.all_fixed_ips | first }}"
+haproxy_first_tls: "/etc/haproxy/tls/wildcard.felcloud.io.pem"
+default_backend: "kubernetes"
+haproxy:
+  backends:
+  - name: kubernetes
+    frontend: "k8s.felcloud.io"
+    servers:
+    - "server {{ groups['k8scontrol'][0] }} {{ hostvars[groups['k8scontrol'][0]]['ansible_host'] }}:6443"
+    - "server {{ groups['k8scontrol'][1] }} {{ hostvars[groups['k8scontrol'][1]]['ansible_host'] }}:6443"
+    - "server {{ groups['k8scontrol'][2] }} {{ hostvars[groups['k8scontrol'][2]]['ansible_host'] }}:6443"
diff --git a/host_vars/prd-k8sctl-00 b/host_vars/prd-k8sctl-00
new file mode 100644
index 0000000..27c8fdd
--- /dev/null
+++ b/host_vars/prd-k8sctl-00
@@ -0,0 +1,10 @@
+---
+
+vrrp_instances:
+  - name: "vip_k8s"
+    state: "MASTER"
+    interface: "ens3"
+    id: 53
+    passwd: "yZnCOEa74TMgs"
+    vip: "{{ vip_k8s.all_fixed_ips | first }}/{{ vip_network_cidr.split('/')[1] }}"
+    priority: 200
diff --git a/host_vars/prd-k8sctl-01 b/host_vars/prd-k8sctl-01
new file mode 100644
index 0000000..d4d8026
--- /dev/null
+++ b/host_vars/prd-k8sctl-01
@@ -0,0 +1,10 @@
+---
+
+vrrp_instances:
+  - name: "vip_k8s"
+    state: "BACKUP"
+    interface: "ens3"
+    id: 53
+    passwd: "yZnCOEa74TMgs"
+    vip: "{{ vip_k8s.all_fixed_ips | first }}/{{ vip_network_cidr.split('/')[1] }}" 
+    priority: 150
diff --git a/host_vars/prd-k8sctl-02 b/host_vars/prd-k8sctl-02
new file mode 100644
index 0000000..80bfe16
--- /dev/null
+++ b/host_vars/prd-k8sctl-02
@@ -0,0 +1,10 @@
+---
+
+vrrp_instances:
+  - name: "vip_k8s"
+    state: "BACKUP"
+    interface: "ens3"
+    id: 53
+    passwd: "yZnCOEa74TMgs"
+    vip: "{{ vip_k8s.all_fixed_ips | first }}/{{ vip_network_cidr.split('/')[1] }}"
+    priority: 150
diff --git a/infra/billing.json b/infra/billing.json
new file mode 100644
index 0000000..c238cb7
--- /dev/null
+++ b/infra/billing.json
@@ -0,0 +1,20 @@
+{ 
+  "application_name": "billing",
+  "INTERNET_Network_ID": "e8d04c1f-0b49-4e87-a1f3-bea618782c90",
+  "router": [
+	{"router_name": "billing_router", "router_external_gateway": "e8d04c1f-0b49-4e87-a1f3-bea618782c90", "linked_subnets": [{"router_interface_name": "billing_admin_interface", "subnet_name": "admin_billing_subnet"}] }
+  ],
+  "network": [
+        {"name": "admin_billing", "bastion_access": "yes", "subnet": {"name":"admin_billing_subnet", "ip_version": 4, "cidr": "172.50.0.0/16", "dns_servers": ["8.8.8.8"], "linked_router": [{"router_name": "billing_router"}]}}
+  ],
+  "instance": [
+        {"name": "prd-bildat-00", "az": "UK_London", "flavor": "Atto.L", "inventory_group": "bildat","network": [{"name": "admin_billing"}]},
+        {"name": "prd-bildat-01", "az": "FR_Roubaix", "flavor": "Atto.L", "inventory_group": "bildat","network": [{"name": "admin_billing"}]},
+        {"name": "prd-bildat-02", "az": "UK_London", "flavor": "Atto.L", "inventory_group": "bildat","network": [{"name": "admin_billing"}]},
+        {"name": "prd-bilweb-00", "az": "UK_London", "flavor": "Atto.S", "inventory_group": "bilweb","network": [{"name": "admin_billing"}]},
+        {"name": "prd-bilweb-01", "az": "FR_Roubaix", "flavor": "Atto.S", "inventory_group": "bilweb","network": [{"name": "admin_billing"}]},
+        {"name": "prd-bilbas-00", "az": "UK_London", "flavor": "Atto.S", "inventory_group": "billing_bastion","fip": [{"floatingip": "fip_bil_bas", "pool": "INTERNET", "bastion_access": "yes"}], "network": [{"name": "admin_billing"}]}
+  ],
+  "volume": [
+  ]
+}
diff --git a/infra/kubernetes.json b/infra/kubernetes.json
new file mode 100644
index 0000000..d86e1e9
--- /dev/null
+++ b/infra/kubernetes.json
@@ -0,0 +1,21 @@
+{ 
+  "application_name": "kubernetes",
+  "INTERNET_Network_ID": "e8d04c1f-0b49-4e87-a1f3-bea618782c90",
+  "router": [
+	{"router_name": "k8s_router", "router_external_gateway": "e8d04c1f-0b49-4e87-a1f3-bea618782c90", "linked_subnets": [{"router_interface_name": "k8s_admin_interface", "subnet_name": "k8s_admin_subnet"}] }
+  ],
+  "network": [
+        {"name": "kubernetes", "bastion_access": "yes", "subnet": {"name":"k8s_admin_subnet", "ip_version": 4, "cidr": "172.129.0.0/16", "dns_servers": ["8.8.8.8"], "linked_router": [{"router_name": "k8s_router"}]}, "port": [{"name": "vip_k8s", "fip_pool": "INTERNET"}]}
+  ],
+  "instance": [
+        {"name": "prd-k8sctl-00", "az": "UK_London", "flavor": "Atto.M", "inventory_group": "k8scontrol", "network": [{"name": "kubernetes", "allowed_address_pairs": ["vip_k8s"] }]},
+        {"name": "prd-k8sctl-01", "az": "FR_Roubaix", "flavor": "Atto.M", "inventory_group": "k8scontrol", "network": [{"name": "kubernetes", "allowed_address_pairs": ["vip_k8s"] }]},
+        {"name": "prd-k8sctl-02", "az": "UK_London", "flavor": "Atto.M", "inventory_group": "k8scontrol", "network": [{"name": "kubernetes", "allowed_address_pairs": ["vip_k8s"] }]},
+        {"name": "prd-k8swrk-00", "az": "UK_London", "flavor": "Atto.L", "inventory_group": "k8sworker", "network": [{"name": "kubernetes"}]},
+        {"name": "prd-k8swrk-01", "az": "FR_Roubaix", "flavor": "Atto.L", "inventory_group": "k8sworker", "network": [{"name": "kubernetes"}]},
+        {"name": "prd-k8swrk-02", "az": "UK_London", "flavor": "Atto.L", "inventory_group": "k8sworker", "network": [{"name": "kubernetes"}]},
+        {"name": "prd-k8sbas-00", "az": "UK_London", "flavor": "Atto.S", "inventory_group": "kubernetes_bastion","fip": [{"floatingip": "fip_k8sbas", "pool": "INTERNET", "bastion_access": "yes"}], "network": [{"name": "kubernetes"}]}
+  ],
+  "volume": [
+  ]
+}
diff --git a/infra/openstack.json b/infra/openstack.json
new file mode 100644
index 0000000..d4795cb
--- /dev/null
+++ b/infra/openstack.json
@@ -0,0 +1,39 @@
+{ 
+  "application_name": "openstack",
+  "INTERNET_Network_ID": "e8d04c1f-0b49-4e87-a1f3-bea618782c90",
+  "router": [
+        {"router_name": "openstack_router", "router_external_gateway": "e8d04c1f-0b49-4e87-a1f3-bea618782c90", "linked_subnets": [{"router_interface_name": "openstack_admin_interface", "subnet_name": "admin_subnet"}]}
+  ],
+  "network": [
+        {"name": "admin_openstack", "bastion_access": "yes", "subnet": {"name":"admin_subnet", "ip_version": 4, "cidr": "172.30.0.0/16", "dns_servers": ["8.8.8.8"], "linked_router": [{"router_name": "openstack_router"}]}},
+        {"name": "public", "subnet": {"name":"public_subnet", "ip_version": 4, "cidr": "172.31.0.0/16"}},
+        {"name": "storage", "subnet": {"name":"storage_subnet", "ip_version": 4, "cidr": "172.32.0.0/16"}},
+        {"name": "storage_replication", "subnet": {"name":"storep_subnet", "ip_version": 4, "cidr": "172.33.0.0/16"}}
+  ],
+  "instance": [
+        {"name": "prd-ctl-00", "az": "FR_Roubaix", "flavor": "Atto.L", "inventory_group": "ctl","network": [{"name": "admin_openstack"}, {"name": "storage"}]},
+        {"name": "prd-ctl-01", "az": "FR_Roubaix", "flavor": "Atto.L", "inventory_group": "ctl","network": [{"name": "admin_openstack"}, {"name": "storage"}]},
+        {"name": "prd-ctl-02", "az": "UK_London", "flavor": "Atto.L", "inventory_group": "ctl","network": [{"name": "admin_openstack"}, {"name": "storage"}]},
+        {"name": "prd-dep-00", "az": "FR_Roubaix", "flavor": "Atto.S", "inventory_group": "openstack_bastion","fip": [{"floatingip": "fip_deploy", "pool": "INTERNET", "bastion_access": "yes"}], "network": [{"name": "admin_openstack"}, {"name": "storage"}]},
+        {"name": "prd-sto-00", "az": "FR_Roubaix", "flavor": "Atto.S", "inventory_group": "osds","network": [{"name": "admin_openstack"}, {"name": "storage"}, {"name": "storage_replication"}], "volume": ["osd00", "osd01"]},
+        {"name": "prd-sto-01", "az": "FR_Roubaix", "flavor": "Atto.S", "inventory_group": "osds","network": [{"name": "admin_openstack"}, {"name": "storage"}, {"name": "storage_replication"}], "volume": ["osd02", "osd03"]},
+        {"name": "prd-sto-02", "az": "FR_Roubaix", "flavor": "Atto.S", "inventory_group": "osds","network": [{"name": "admin_openstack"}, {"name": "storage"}, {"name": "storage_replication"}], "volume": ["osd04", "osd05"]},
+        {"name": "prd-sto-03", "az": "UK_London", "flavor": "Atto.S", "inventory_group": "osds","network": [{"name": "admin_openstack"}, {"name": "storage"}, {"name": "storage_replication"}], "volume": ["osd06", "osd07"]},
+        {"name": "prd-sto-04", "az": "UK_London", "flavor": "Atto.S", "inventory_group": "osds","network": [{"name": "admin_openstack"}, {"name": "storage"}, {"name": "storage_replication"}], "volume": ["osd08", "osd09"]},
+        {"name": "prd-sto-05", "az": "UK_London", "flavor": "Atto.S", "inventory_group": "osds","network": [{"name": "admin_openstack"}, {"name": "storage"}, {"name": "storage_replication"}], "volume": ["osd10", "osd11"]}
+  ],
+  "volume": [
+	  {"name": "osd00", "description": "Ceph OSD", "size": 50, "availability_zone": "FR_Roubaix", "volume_type": "HDD SATA"},
+	  {"name": "osd01", "description": "Ceph OSD", "size": 50, "availability_zone": "FR_Roubaix", "volume_type": "HDD SATA"},
+	  {"name": "osd02", "description": "Ceph OSD", "size": 50, "availability_zone": "FR_Roubaix", "volume_type": "HDD SATA"},
+	  {"name": "osd03", "description": "Ceph OSD", "size": 50, "availability_zone": "FR_Roubaix", "volume_type": "HDD SATA"},
+	  {"name": "osd04", "description": "Ceph OSD", "size": 50, "availability_zone": "FR_Roubaix", "volume_type": "HDD SATA"},
+	  {"name": "osd05", "description": "Ceph OSD", "size": 50, "availability_zone": "FR_Roubaix", "volume_type": "HDD SATA"},
+	  {"name": "osd06", "description": "Ceph OSD", "size": 50, "availability_zone": "UK_London", "volume_type": "HDD SATA"},
+	  {"name": "osd07", "description": "Ceph OSD", "size": 50, "availability_zone": "UK_London", "volume_type": "HDD SATA"},
+	  {"name": "osd08", "description": "Ceph OSD", "size": 50, "availability_zone": "UK_London", "volume_type": "HDD SATA"},
+	  {"name": "osd09", "description": "Ceph OSD", "size": 50, "availability_zone": "UK_London", "volume_type": "HDD SATA"},
+	  {"name": "osd10", "description": "Ceph OSD", "size": 50, "availability_zone": "UK_London", "volume_type": "HDD SATA"},
+	  {"name": "osd11", "description": "Ceph OSD", "size": 50, "availability_zone": "UK_London", "volume_type": "HDD SATA"}
+  ]
+}
diff --git a/inventory b/inventory
new file mode 100644
index 0000000..a4894c1
--- /dev/null
+++ b/inventory
@@ -0,0 +1,37 @@
+#---- start billing inventory ----
+[bildat]
+prd-bildat-00 ansible_host=172.50.0.238 ansible_user=ubuntu
+prd-bildat-01 ansible_host=172.50.0.27 ansible_user=ubuntu
+prd-bildat-02 ansible_host=172.50.1.162 ansible_user=ubuntu
+
+[bilweb]
+prd-bilweb-00 ansible_host=172.50.2.220 ansible_user=ubuntu
+prd-bilweb-01 ansible_host=172.50.3.195 ansible_user=ubuntu
+
+[billing_bastion]
+prd-bilbas-00 ansible_host=172.50.2.44 ansible_user=ubuntu
+
+[billing:children]
+billing_bastion
+bilweb
+bildat
+#---- end billing inventory ----
+#---- start kubernetes inventory ----
+[k8scontrol]
+prd-k8sctl-00 ansible_host=172.129.3.103 ansible_user=ubuntu
+prd-k8sctl-01 ansible_host=172.129.3.56 ansible_user=ubuntu
+prd-k8sctl-02 ansible_host=172.129.0.60 ansible_user=ubuntu
+
+[k8sworker]
+prd-k8swrk-00 ansible_host=172.129.1.110 ansible_user=ubuntu
+prd-k8swrk-01 ansible_host=172.129.2.189 ansible_user=ubuntu
+prd-k8swrk-02 ansible_host=172.129.3.134 ansible_user=ubuntu
+
+[kubernetes_bastion]
+prd-k8sbas-00 ansible_host=172.129.0.95 ansible_user=ubuntu
+
+[kubernetes:children]
+kubernetes_bastion
+k8sworker
+k8scontrol
+#---- end kubernetes inventory ----
diff --git a/kubernetes.sh b/kubernetes.sh
new file mode 100755
index 0000000..ba5db16
--- /dev/null
+++ b/kubernetes.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+export OS_CLOUD="felcloud_cli"
+export PULUMI_STACK="staging"
+export PULUMI_SUB_STACK="kubernetes"
+export PULUMI_CONFIG_PASSPHRASE_FILE="$PWD/env.d/$PULUMI_STACK/pulumi_passphrase"
diff --git a/openstack.sh b/openstack.sh
new file mode 100755
index 0000000..9aec9a9
--- /dev/null
+++ b/openstack.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+export OS_CLOUD="felcloud_cli"
+export PULUMI_STACK="staging"
+export PULUMI_SUB_STACK="openstack"
+export PULUMI_CONFIG_PASSPHRASE_FILE="$PWD/env.d/$PULUMI_STACK/pulumi_passphrase"