diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index bafe0fc3c4174bf49dce03d925372d69c8604ff9..7812d68461be39a904ee8dc43270fd3a9a2f730c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -8,7 +8,6 @@ ansible-lint: # This probably happens due to gitlab-runner mounting the git repo into the container - chmod o-w . # Fix syntax-check rule (https://github.com/ansible-community/ansible-lint/issues/1350#issuecomment-778764110) - - sed "s/,hcloud_inventory.py//" -i ansible.cfg - sed "/^vault_identity_list/d" -i ansible.cfg - sed "/misc\/vaults\/vault_/d" -i playbooks/*.yml # Fix load-failure: Failed to load or parse file diff --git a/README.md b/README.md index 15712809a5cfb98b6975633ad482af8eeec41fd8..e8337d16f35e50c7c35e090164489195d30d310c 100644 --- a/README.md +++ b/README.md @@ -40,13 +40,6 @@ locally signed with `--lsign-key`. This is necessary for running any of the `reencrypt-vault-default-key`, `reencrypt-vault-super-key `or `fetch-borg-keys` tasks. -#### Note about Ansible dynamic inventories - -We use a dynamic inventory script in order to automatically get information for -all servers directly from hcloud. You don't really have to do anything to make -this work but you should keep in mind to NOT add hcloud servers to `hosts`! -They'll be available automatically. - #### Note about packer We use packer to build snapshots on hcloud to use as server base images. diff --git a/ansible.cfg b/ansible.cfg index 0a2431a60014a1bddfc56db7bd160b9bc7a9d347..36c2fffdcc02fa8bb999e17b1bd228e62ccb3187 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,5 +1,5 @@ [defaults] -inventory = hosts,hcloud_inventory.py +inventory = hosts library = library remote_tmp = $HOME/.ansible/tmp remote_user = root diff --git a/docs/monitoring.md b/docs/monitoring.md index 847ef0c3db2e567a2386b7a390ad5519020a4f06..d04baa4b1eb27b1dcfc998eb32365c94e27a530c 100644 --- a/docs/monitoring.md +++ b/docs/monitoring.md @@ -5,7 +5,6 @@ To access our monitoring system, go to https://monitoring.archlinux and log in v ## Adding a new host to monitoring -* Add $host to node_exporters in `hosts` * Rollout exporter on host: `ansible-playbook playbooks/host.yml -t prometheus_exporters` * Rollout changes on monitoring host: `ansible-playbook playbooks/monitoring.archlinux.org.yml -t prometheus` diff --git a/hcloud_inventory.py b/hcloud_inventory.py deleted file mode 100755 index bb25705ed6fc31959602850d19d5734dd9de7098..0000000000000000000000000000000000000000 --- a/hcloud_inventory.py +++ /dev/null @@ -1,43 +0,0 @@ -#!/usr/bin/env python -# -# Dynamic inventory script for getting infrastructure information from hcloud - -import argparse -import json -import sys - -from hcloud import Client - -from misc.get_key import load_vault - - -def parse_args(): - parser = argparse.ArgumentParser(description="Hcloud dynamic inventory script") - group = parser.add_mutually_exclusive_group(required=True) - group.add_argument('--list', action='store_true') - group.add_argument('--host') - return parser.parse_args() - - -def get_host_details(server): - return {'ansible_host': server.public_net.ipv4.ip, - 'ansible_port': 22, - 'ansible_user': "root"} - - -def main(): - args = parse_args() - loaded = load_vault('misc/vaults/vault_hcloud.yml') - client = Client(token=loaded["hcloud_api_key_readonly"]) - servers = client.servers.get_all() - - hostvars = {server.name: get_host_details(server) for server in servers} - if args.list: - hosts = [server.name for server in servers] - json.dump({'hcloud': hosts, '_meta': {'hostvars': hostvars}}, sys.stdout) - else: - json.dump(hostvars[args.host], sys.stdout) - - -if __name__ == '__main__': - main() diff --git a/hosts b/hosts index d2ca9238963e169f40f9c5845d4daf7d8a1844a1..e68a9a7ff4b0e126163b47194497f4c585599f76 100644 --- a/hosts +++ b/hosts @@ -100,90 +100,43 @@ patchwork.archlinux.org [prometheus] monitoring.archlinux.org -[node_exporters] -archlinux.org -aur.archlinux.org -monitoring.archlinux.org -gitlab.archlinux.org -reproducible.archlinux.org -runner2.archlinux.org -secure-runner1.archlinux.org -phrik.archlinux.org -quassel.archlinux.org -state.archlinux.org -mirror.pkgbuild.com -homedir.archlinux.org -mail.archlinux.org -matrix.archlinux.org -accounts.archlinux.org -bbs.archlinux.org -build.archlinux.org -bugs.archlinux.org -gemini.archlinux.org -repro1.pkgbuild.com -wiki.archlinux.org -patchwork.archlinux.org -security.archlinux.org -redirect.archlinux.org +[kape_servers] asia.mirror.pkgbuild.com america.mirror.pkgbuild.com europe.mirror.pkgbuild.com repro2.pkgbuild.com runner1.archlinux.org -md.archlinux.org -man.archlinux.org -dashboards.archlinux.org -lists.archlinux.org -gluebuddy.archlinux.org -debuginfod.archlinux.org -[wireguard] +[dedicated_servers] +gemini.archlinux.org +build.archlinux.org +runner1.archlinux.org +runner2.archlinux.org +secure-runner1.archlinux.org + +[hcloud] +accounts.archlinux.org archlinux.org aur.archlinux.org -monitoring.archlinux.org +bbs.archlinux.org +bugs.archlinux.org +dashboards.archlinux.org +debuginfod.archlinux.org gitlab.archlinux.org -reproducible.archlinux.org -runner2.archlinux.org -secure-runner1.archlinux.org -phrik.archlinux.org -quassel.archlinux.org -state.archlinux.org -mirror.pkgbuild.com +gluebuddy.archlinux.org homedir.archlinux.org +lists.archlinux.org mail.archlinux.org +man.archlinux.org matrix.archlinux.org -accounts.archlinux.org -bbs.archlinux.org -build.archlinux.org -bugs.archlinux.org -gemini.archlinux.org -repro1.pkgbuild.com -wiki.archlinux.org +md.archlinux.org +mirror.pkgbuild.com +monitoring.archlinux.org patchwork.archlinux.org -security.archlinux.org +phrik.archlinux.org +quassel.archlinux.org redirect.archlinux.org -asia.mirror.pkgbuild.com -america.mirror.pkgbuild.com -europe.mirror.pkgbuild.com -repro2.pkgbuild.com -runner1.archlinux.org -md.archlinux.org -man.archlinux.org -dashboards.archlinux.org -lists.archlinux.org -gluebuddy.archlinux.org -debuginfod.archlinux.org - -[kape_servers] -asia.mirror.pkgbuild.com -america.mirror.pkgbuild.com -europe.mirror.pkgbuild.com -repro2.pkgbuild.com -runner1.archlinux.org - -[dedicated_servers] -gemini.archlinux.org -build.archlinux.org -runner1.archlinux.org -runner2.archlinux.org -secure-runner1.archlinux.org +reproducible.archlinux.org +security.archlinux.org +state.archlinux.org +wiki.archlinux.org diff --git a/roles/prometheus/templates/prometheus.yml.j2 b/roles/prometheus/templates/prometheus.yml.j2 index 0e3138012a2c681ff174348f91142f38600b35f3..96a38e31851fa6eebfef451b0b1485bc7641adb3 100644 --- a/roles/prometheus/templates/prometheus.yml.j2 +++ b/roles/prometheus/templates/prometheus.yml.j2 @@ -52,7 +52,7 @@ scrape_configs: - job_name: 'node_exporter' static_configs: - {% for host in groups['node_exporters'] %} + {% for host in groups['all'] %} - targets: ['{{ host }}:{{ prometheus_exporter_port }}'] labels: instance: "{{ host }}" @@ -60,7 +60,7 @@ scrape_configs: - job_name: 'promtail' static_configs: - {% for host in groups['node_exporters'] %} + {% for host in groups['all'] %} - targets: ['{{ hostvars[host]['wireguard_address'] }}:9080'] labels: instance: "{{ host }}" diff --git a/roles/wireguard/templates/wg0.netdev.j2 b/roles/wireguard/templates/wg0.netdev.j2 index a2247f8e833f62c5c09e95674bbbbb619cb6c1bd..87efe2148ac24d50cb56b61487fc36827e9cf0ae 100644 --- a/roles/wireguard/templates/wg0.netdev.j2 +++ b/roles/wireguard/templates/wg0.netdev.j2 @@ -6,7 +6,7 @@ Kind=wireguard ListenPort=51820 PrivateKey={{ vault_wireguard_private_key }} -{% for host in groups['wireguard'] if host != inventory_hostname %} +{% for host in groups['all'] if host != inventory_hostname %} [WireGuardPeer] PublicKey={{ hostvars[host]['wireguard_public_key'] }} AllowedIPs={{ hostvars[host]['wireguard_address'] }}/32