initial commit

2024-07-09 15:23:23 -04:00
13 changed files with 55 additions and 67 deletions
--- a/.vault/vault-keys
+++ b/.vault/vault-keys
@ -1,4 +1 @@
-D749E2966193DF63
+55F7FC933CCA4A47F5AA3C802F84305F02B16995
 EE3E0A7A87192BB7
 3C8D0C7EF49AB5A3
 388DD8D74903017E
--- a/ansible.cfg
+++ b/ansible.cfg
@ -1,3 +1,3 @@
 [defaults]
 roles_path = roles:galaxy-roles:git-roles:ansible-roles:~/.ansible/roles
-vault_password_file = .vault/vault-open.sh
+# vault_password_file = .vault/vault-open.sh
--- a/files/manifests/secret-digitalocean-dns.yaml
+++ b/files/manifests/secret-digitalocean-dns.yaml
@ -1,16 +1 @@
-$ANSIBLE_VAULT;1.1;AES256
+dop_v1_cf3fddc6f6c9e008e62c454a3db645038634c253a526a3bbbcf27618789ae587
 32383162626163663734653236646538626464643665323334666363306662363434346133653737
 3766373965626437376630303837663339383664643466300a336463366335636634336437303036
 32626138646662633337663037393538336438643363303962326263656636316336346462643937
 6337363463626265630a663964386638633133613465363436376533346336333066663664363062
 65333864353338656437333762313937376538376634383438643134313266366236393039376131
 35646533353539633436343435316465386534646663316234336263363163343463626632663837
 66633432376136323961336437613465303635303966343530383162653766373736333661386163
 30303233333939626537303631313532373130363866306165343732653064643866393933323230
 31373035653332363961343464613134626464643733313666333861623961373264303462633334
 63653638356666656163343266353133396236313231643664313764663761363634643063323466
 36623266393166316138343239393663393739666266653730323766643566343936386436666164
 30616637656563626634306634336631613564396234613836396537636363643466323762393166
 33623534613462306130356631626265373462343065333132666439623333663135336437323536
 36303131386135333763356565323962666233353263353331653065333435613138343939393530
 633664316538643432303731366233653831
--- a/files/manifests/wildcard-pwa-realitynetwork.yaml
+++ b/files/manifests/wildcard-pwa-realitynetwork.yaml
@ -1,15 +1,15 @@
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: pwa.realitynetwork.store
+  name: l.stg.earthball.xyz
  namespace: default
 spec:
-  secretName: pwa.realitynetwork.store
+  secretName: l.stg.earthball.xyz
  issuerRef:
    name: letsencrypt-prod-wild
    kind: ClusterIssuer
    group: cert-manager.io
-  commonName: "*.pwa.realitynetwork.store"
+  commonName: "*.l.stg.earthball.xyz"
  dnsNames:
-    - ".pwa.realitynetwork.store"
+    - "l.stg.earthball.xyz"
-    - "*.pwa.realitynetwork.store"
+    - "*.l.stg.earthball.xyz"
--- a/group_vars/all/vault.yml
+++ b/group_vars/all/vault.yml
@ -1,7 +1,2 @@
-$ANSIBLE_VAULT;1.1;AES256
+---
-35636534633536663965623866666430613934363036343661343362346534353764326662396365
+support_email: someone@example.com
 3039363533323464353932373436356362353261343836620a616132336266346238336338653434
 35616334333832356134353466623333363235373066396663363839656663326666323164393265
 6338323565323936350a356136353231613765366531366431363864356565653938613963656233
 66613965396531636331353463333436376337363932393033303937383263336637663435373262
 3361356561306233303030313438363637343433356463626536
--- a/group_vars/lx_cad/k8s-vault.yml
+++ b/group_vars/lx_cad/k8s-vault.yml
@ -0,0 +1,10 @@
 ---
 k8s_cluster_token: 18cd2efad6ba0df6cfe1e559ffacb0e2
 k8s_secrets:
  - name: digitalocean-dns
    type: template
    namespace: cert-manager
    secrets:
      - key: access-token
        value: dop_v1_cf3fddc6f6c9e008e62c454a3db645038634c253a526a3bbbcf27618789ae587
--- a/group_vars/rnt_cad/k8s.yml
+++ b/group_vars/rnt_cad/k8s.yml
@ -1,11 +1,20 @@
 ---
-k8s_cluster_name: default
+k8s_cluster_name: lx-cad
-k8s_cluster_url: rnt-cad-cluster-control.realitynetwork.store
+k8s_cluster_url: lx-cad-cluster-control.l.stg.earthball.xyz
 k8s_taint_servers: true
 k8s_acme_email: "{{ support_email }}"
 k8s_disable: 
  - traefik
 k8s_manifests:
  # ingress controller, replaces traefik which is explicitly disabled
  - name: ingress-nginx
    type: url
    source: https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/cloud/deploy.yaml
  # cert-manager, required for letsencrypt
  - name: cert-manager
    type: url
    source: https://github.com/cert-manager/cert-manager/releases/download/v1.15.0/cert-manager.yaml
@ -32,6 +41,6 @@ k8s_manifests:
        secret_key: access-token
  # initiate wildcard cert
-  - name: pwa.realitynetwork.store
+  - name: l.stg.earthball.xyz
    type: file
-    source: wildcard-pwa-realitynetwork.yaml
+    source: wildcard-l-earthball.yaml
--- a/group_vars/rnt_cad/k8s-vault.yml
+++ b/group_vars/rnt_cad/k8s-vault.yml
@ -1,8 +0,0 @@
 $ANSIBLE_VAULT;1.1;AES256
 39633338616237663666373535663038646563353438346363333632616133353661323532623265
 6464306261363038386234396334363136336435656663390a626133313233396664646130386361
 39326232343834663665376534666230303034303362333265356263336361626362393939623961
 6234393862366365360a353461386639633132633437653832383663303136343761333132333738
 33336131323364333063393732643366666563393839303333303663366334613238626537636530
 64323062353134346431373536623162353731623833623832353636643063646463623833613135
 643430356133643436373339643066613165
--- a/host_vars/rnt-cad-cluster-control/firewalld.yml
+++ b/host_vars/rnt-cad-cluster-control/firewalld.yml
@ -2,7 +2,7 @@
 firewalld_add:
  - name: public
    interfaces:
-      - enp9s0
+      - eth0
    services:
      - http
      - https
@ -13,5 +13,5 @@ firewalld_add:
    sources:
      - 10.42.0.0/16
      - 10.43.0.0/16
-      - 142.93.110.163/32
+      - 146.190.250.234/32
-      - 147.182.158.116/32
+      - 138.197.140.188/32
--- a/host_vars/rnt-cad-cluster-worker/firewalld.yml
+++ b/host_vars/rnt-cad-cluster-worker/firewalld.yml
@ -2,7 +2,7 @@
 firewalld_add:
  - name: public
    interfaces:
-      - enp9s0
+      - eth0
    services:
      - http
      - https
@ -11,5 +11,5 @@ firewalld_add:
    sources:
      - 10.42.0.0/16
      - 10.43.0.0/16
-      - 142.93.110.163/32
+      - 146.190.250.234/32
-      - 147.182.150.60/32
+      - 138.197.136.93/32
--- a/host_vars/rnt-daemon/firewalld.yml
+++ b/host_vars/rnt-daemon/firewalld.yml
@ -2,7 +2,7 @@
 firewalld_add:
  - name: public
    interfaces:
-      - ens3
+      - eth0
    services:
      - http
      - https
@ -13,5 +13,5 @@ firewalld_add:
  - name: trusted
    sources:
-      - 147.182.150.60/32
+      - 138.197.140.188/32
-      - 147.182.158.116/32
+      - 138.197.136.93/32
--- a/host_vars/rnt-daemon/nginx.yml
+++ b/host_vars/rnt-daemon/nginx.yml
@ -6,16 +6,16 @@ nginx_proxy_send_timeout: 1200
 nginx_proxy_connection_timeout: 75
 nginx_sites:
-  - name: rnt-console
+  - name: lx-console
-    url: rnt-console.realitynetwork.store
+    url: lx-console.l.stg.earthball.xyz
    upstream: http://localhost:8080
    template: basic-proxy
    ssl: true
-  - name: rnt-daemon
+  - name: lx-daemon
-    url: rnt-daemon.realitynetwork.store
+    url: lx-daemon.l.stg.earthball.xyz
    upstream: http://localhost:9473
    configs:
-      - rewrite ^/deployer(/.*)? https://webapp-deployer.pwa.realitynetwork.store permanent
+      - rewrite ^/deployer(/.*)? https://webapp-deployer.l.stg.earthball.xyz permanent
    template: websocket-proxy
    ssl: true
--- a/16
+++ b/16
@ -1,14 +1,14 @@
 [all]
-rnt-daemon ansible_host=142.93.110.163
+lx-daemon ansible_host=146.190.250.234
-rnt-cad-cluster-control ansible_host=147.182.150.60
+lx-cad-cluster-control ansible_host=138.197.136.93
-rnt-cad-cluster-worker ansible_host=147.182.158.116
+lx-cad-cluster-worker ansible_host=138.197.140.188
 [so]
-rnt-daemon
+lx-daemon
-[rnt_cad]
+[lx_cad]
-rnt-cad-cluster-control k8s_node_type=bootstrap
+lx-cad-cluster-control k8s_node_type=bootstrap
-rnt-cad-cluster-worker k8s_node_type=agent k8s_pod_limit=1024 k8s_external_ip=147.182.158.116
+lx-cad-cluster-worker k8s_node_type=agent k8s_pod_limit=1024 k8s_external_ip=138.197.140.188
 [k8s:children]
-rnt_cad
+lx_cad