cd ~/work/infras/os1
. openrc
openstack --os-cloud admin project create teoxane --description Teoxane
openstack --os-cloud admin quota set --ram 524288 teoxane
openstack --os-cloud admin quota set --cores 200 teoxane
openstack --os-cloud admin quota set --instances 20 teoxane
openstack --os-cloud admin quota set --secgroups 20 teoxane
openstack --os-cloud admin quota set --volumes 20 teoxane
openstack --os-cloud admin quota set --gigabytes 1500 teoxane
openstack --os-cloud admin user create remi --description "Rémi Sandevoir" --password <password> --email remi@pkgdata.com --project teoxane
openstack --os-cloud admin role add member --project teoxane --user remi
openstack --os-cloud teoxane keypair create --public-key ~/.ssh/id_ed25519_remi.pub --type ssh remi
openstack --os-cloud teoxane network create private-network1 --mtu 1350
openstack --os-cloud teoxane subnet create private-subnet1 --network private-network1 --subnet-range 192.168.100.0/24 --gateway 192.168.100.1 --dns-nameserver 1.1.1.1 --dns-nameserver 8.8.8.8
openstack --os-cloud teoxane router add subnet router1 private-subnet1
openstack --os-cloud teoxane security group rule create default --remote-ip 0.0.0.0/0 --protocol icmp --description "ICMP input from ALL" --ingress
openstack --os-cloud teoxane security group rule create default --remote-ip 163.172.110.29/32 --protocol tcp --dst-port 22 --description "SSH input from on002.pkgdata.net" --ingress
openstack --os-cloud teoxane security group rule create default --remote-ip 192.168.100.0/24 --protocol tcp --dst-port 22 --description "SSH input from private-network1" --ingress
openstack --os-cloud teoxane security group create --description '[PUBLIC] HAProxy from all' public-haproxy
openstack --os-cloud teoxane security group rule delete $(openstack --os-cloud teoxane security group rule list public-haproxy --egress --column ID --format value | xargs)
openstack --os-cloud teoxane security group rule create public-haproxy --remote-ip 0.0.0.0/0 --protocol tcp --dst-port 80 --description "HTTP input from all" --ingress
openstack --os-cloud teoxane security group rule create public-haproxy --remote-ip 0.0.0.0/0 --protocol tcp --dst-port 443 --description "HTTPS input from all" --ingress
openstack --os-cloud teoxane security group rule create public-haproxy --remote-ip 0.0.0.0/0 --protocol tcp --dst-port 8081 --description "Stats input from all" --ingress
openstack --os-cloud teoxane security group create --description '[PUBLIC] SSH from all' public-ssh
openstack --os-cloud teoxane security group rule delete $(openstack --os-cloud teoxane security group rule list public-ssh --egress --column ID --format value | xargs)
openstack --os-cloud teoxane security group rule create public-ssh --remote-ip 163.172.110.29/32 --protocol tcp --dst-port 22 --description "SSH input from on002.pkgdata.net" --ingress
openstack --os-cloud teoxane security group rule create public-ssh --remote-ip 0.0.0.0/0 --protocol tcp --dst-port 2222 --description "SSH input for prod (stunnel) from all" --ingress
openstack --os-cloud teoxane security group rule create public-ssh --remote-ip 0.0.0.0/0 --protocol tcp --dst-port 2223 --description "SSH input for dev (stunnel) from all" --ingress
openstack --os-cloud teoxane server create os201 --availability-zone Finland --flavor cpu1-ram2-disk20 --image debian-11-genericcloud-arm64_2022-11-21 --network private-network1 --security-group default --security-group public-haproxy --security-group public-ssh --key-name remi --user-data /home/pkgdata/work/infras/os1/user_data.txt
Créer et associer une IP floating sur os201 :
openstack --os-cloud admin floating ip create --project teoxane public-network1 --floating-ip-address 168.119.18.171 --port $(openstack --os-cloud teoxane port list --server os201 --column ID --format value) --description "IP publique 1 Teoxane"
openstack --os-cloud teoxane security group create --description '[PRIVATE] HTTP from proxy' private-http
openstack --os-cloud teoxane security group rule delete $(openstack --os-cloud teoxane security group rule list private-http --egress --column ID --format value | xargs)
openstack --os-cloud teoxane security group rule create private-http --remote-group public-haproxy --protocol tcp --dst-port 80 --description "HTTP input from private" --ingress
openstack --os-cloud teoxane security group rule create private-http --remote-group public-haproxy --protocol tcp --dst-port 81 --description "HTTP (81) input from private" --ingress
openstack --os-cloud teoxane security group create --description '[PRIVATE] SSH from proxy' private-ssh
openstack --os-cloud teoxane security group rule delete $(openstack --os-cloud teoxane security group rule list private-ssh --egress --column ID --format value | xargs)
openstack --os-cloud teoxane security group rule create private-ssh --remote-group public-haproxy --protocol tcp --dst-port 22 --description "SSH input from Proxy" --ingress
openstack --os-cloud teoxane security group create --description '[PRIVATE] RSYNC from proxy' private-rsync
openstack --os-cloud teoxane security group rule delete $(openstack --os-cloud teoxane security group rule list private-rsync --egress --column ID --format value | xargs)
openstack --os-cloud teoxane security group rule create private-rsync --remote-group private-http --protocol tcp --dst-port 873 --description "RSYNC input from Web" --ingress
openstack --os-cloud teoxane server create os203 --availability-zone Finland --flavor cpu4-ram12-disk20 --image debian-11-genericcloud-arm64_2022-11-21 --network private-network1 --security-group default --security-group private-ssh --security-group private-http --security-group private-rsync --key-name remi --user-data /home/pkgdata/work/infras/os1/user_data.txt
openstack --os-cloud teoxane server create os206 --availability-zone Finland --flavor cpu2-ram8-disk20 --image debian-11-genericcloud-arm64_2022-11-21 --network private-network1 --security-group default --security-group private-ssh --security-group private-http --key-name remi --user-data /home/pkgdata/work/infras/os1/user_data.txt
openstack --os-cloud teoxane server create os206 --availability-zone Finland --flavor cpu2-ram8-disk20 --image debian-11-genericcloud-arm64_2022-11-21 --network private-network1 --security-group default --security-group private-ssh --security-group private-http --key-name remi --user-data /home/pkgdata/work/infras/os1/user_data.txt
openstack --os-cloud teoxane server create os203-live1 --availability-zone Finland --flavor cpu16-ram24-disk20 --image debian-11-genericcloud-arm64_2022-11-21 --network private-network1 --security-group default --security-group private-ssh --security-group private-http --key-name remi --user-data /home/pkgdata/work/infras/os1/user_data.txt
openstack --os-cloud teoxane server create os203-live2 --availability-zone Finland --flavor cpu16-ram24-disk20 --image debian-11-genericcloud-arm64_2022-11-21 --network private-network1 --security-group default --security-group private-ssh --security-group private-http --key-name remi --user-data /home/pkgdata/work/infras/os1/user_data.txt
openstack --os-cloud teoxane server create os203-live3 --availability-zone Finland --flavor cpu16-ram24-disk20 --image debian-11-genericcloud-arm64_2022-11-21 --network private-network1 --security-group default --security-group private-ssh --security-group private-http --key-name remi --user-data /home/pkgdata/work/infras/os1/user_data.txt
openstack --os-cloud teoxane server create os203-live4 --availability-zone Finland --flavor cpu16-ram24-disk20 --image debian-11-genericcloud-arm64_2022-11-21 --network private-network1 --security-group default --security-group private-ssh --security-group private-http --key-name remi --user-data /home/pkgdata/work/infras/os1/user_data.txt
openstack --os-cloud teoxane server create os203-live5 --availability-zone Finland --flavor cpu16-ram24-disk20 --image debian-11-genericcloud-arm64_2022-11-21 --network private-network1 --security-group default --security-group private-ssh --security-group private-http --key-name remi --user-data /home/pkgdata/work/infras/os1/user_data.txt
openstack --os-cloud teoxane server create os203-live6 --availability-zone Germany --flavor cpu16-ram24-disk20 --image debian-11-genericcloud-arm64_2022-11-21 --network private-network1 --security-group default --security-group private-ssh --security-group private-http --key-name remi --user-data /home/pkgdata/work/infras/os1/user_data.txt
openstack --os-cloud teoxane server create os203-live7 --availability-zone Germany --flavor cpu16-ram24-disk20 --image debian-11-genericcloud-arm64_2022-11-21 --network private-network1 --security-group default --security-group private-ssh --security-group private-http --key-name remi --user-data /home/pkgdata/work/infras/os1/user_data.txt
openstack --os-cloud teoxane server create os203-live8 --availability-zone Germany --flavor cpu16-ram24-disk20 --image debian-11-genericcloud-arm64_2022-11-21 --network private-network1 --security-group default --security-group private-ssh --security-group private-http --key-name remi --user-data /home/pkgdata/work/infras/os1/user_data.txt
openstack --os-cloud teoxane server create os203-live9 --availability-zone Germany --flavor cpu16-ram24-disk20 --image debian-11-genericcloud-arm64_2022-11-21 --network private-network1 --security-group default --security-group private-ssh --security-group private-http --key-name remi --user-data /home/pkgdata/work/infras/os1/user_data.txt
openstack --os-cloud teoxane server create os203-live10 --availability-zone Germany --flavor cpu16-ram24-disk20 --image debian-11-genericcloud-arm64_2022-11-21 --network private-network1 --security-group default --security-group private-ssh --security-group private-http --key-name remi --user-data /home/pkgdata/work/infras/os1/user_data.txt
openstack --os-cloud teoxane volume create --size 50 --type lvm --description "/home for os203" --availability-zone hn003 os203-home
openstack --os-cloud teoxane volume create --size 50 --type lvm --description "/home for os206" --availability-zone hn003 os206-home
openstack --os-cloud teoxane volume create --size 50 --type lvm --description "/home for os203-live1" --availability-zone hn003 os203-live1-home
openstack --os-cloud teoxane volume create --size 50 --type lvm --description "/home for os203-live2" --availability-zone hn003 os203-live2-home
openstack --os-cloud teoxane volume create --size 50 --type lvm --description "/home for os203-live3" --availability-zone hn003 os203-live3-home
openstack --os-cloud teoxane volume create --size 50 --type lvm --description "/home for os203-live4" --availability-zone hn003 os203-live4-home
openstack --os-cloud teoxane volume create --size 50 --type lvm --description "/home for os203-live5" --availability-zone hn003 os203-live5-home
openstack --os-cloud teoxane volume create --size 50 --type lvm --description "/home for os203-live6" --availability-zone hn005 os203-live6-home
openstack --os-cloud teoxane volume create --size 50 --type lvm --description "/home for os203-live7" --availability-zone hn005 os203-live7-home
openstack --os-cloud teoxane volume create --size 50 --type lvm --description "/home for os203-live8" --availability-zone hn005 os203-live8-home
openstack --os-cloud teoxane volume create --size 50 --type lvm --description "/home for os203-live9" --availability-zone hn005 os203-live9-home
openstack --os-cloud teoxane volume create --size 50 --type lvm --description "/home for os203-live10" --availability-zone hn005 os203-live10-home
openstack --os-cloud teoxane server add volume os203 os203-home
openstack --os-cloud teoxane server add volume os206 os206-home
openstack --os-cloud teoxane server add volume os203-live1 os203-live1-home
openstack --os-cloud teoxane server add volume os203-live2 os203-live2-home
openstack --os-cloud teoxane server add volume os203-live3 os203-live3-home
openstack --os-cloud teoxane server add volume os203-live4 os203-live4-home
openstack --os-cloud teoxane server add volume os203-live5 os203-live5-home
openstack --os-cloud teoxane server add volume os203-live6 os203-live6-home
openstack --os-cloud teoxane server add volume os203-live7 os203-live7-home
openstack --os-cloud teoxane server add volume os203-live8 os203-live8-home
openstack --os-cloud teoxane server add volume os203-live9 os203-live9-home
openstack --os-cloud teoxane server add volume os203-live10 os203-live10-home
mv /home /home.bak ; mkfs.ext4 /dev/sdb ; mkdir /home; disk=$(blkid /dev/sdb | awk '{print $2}'); echo "${disk} /home ext4 rw,discard,errors=remount-ro,x-systemd.growfs,usrjquota=aquota.user,jqfmt=vfsv1 0 2" >> /etc/fstab; mount -a; mv /home.bak/* /home/; rmdir /home.bak
openstack --os-cloud teoxane security group create --description '[PRIVATE] MySQL from proxy' private-mysql
openstack --os-cloud teoxane security group rule delete $(openstack --os-cloud teoxane security group rule list private-mysql --egress --column ID --format value | xargs)
openstack --os-cloud teoxane security group rule create private-mysql --remote-group private-http --protocol tcp --dst-port 3306 --description "MySQL input from Web" --ingress
openstack --os-cloud teoxane security group rule create private-mysql --remote-group private-mysql --protocol tcp --dst-port 3306 --description "MySQL input from MySQL (replication)" --ingress
openstack --os-cloud teoxane server create os204 --availability-zone Finland --flavor cpu4-ram16-disk20 --image debian-11-genericcloud-arm64_2022-11-21 --network private-network1 --security-group default --security-group private-mysql --key-name remi --user-data /home/pkgdata/work/infras/os1/user_data.txt
openstack --os-cloud teoxane server create os205 --availability-zone Finland --flavor cpu4-ram16-disk20 --image debian-11-genericcloud-arm64_2022-11-21 --network private-network1 --security-group default --security-group private-mysql --key-name remi --user-data /home/pkgdata/work/infras/os1/user_data.txt
openstack --os-cloud teoxane server create os207 --availability-zone Finland --flavor cpu4-ram16-disk20 --image debian-11-genericcloud-arm64_2022-11-21 --network private-network1 --security-group default --security-group private-mysql --key-name remi --user-data /home/pkgdata/work/infras/os1/user_data.txt
openstack --os-cloud teoxane volume create --size 100 --type lvm --description "/home for os204" --availability-zone hn003 os204-home
openstack --os-cloud teoxane volume create --size 100 --type lvm --description "/home for os205" --availability-zone hn003 os205-home
openstack --os-cloud teoxane volume create --size 100 --type lvm --description "/home for os207" --availability-zone hn003 os207-home
openstack --os-cloud teoxane server add volume os204 os204-home
openstack --os-cloud teoxane server add volume os205 os205-home
openstack --os-cloud teoxane server add volume os207 os207-home
mv /home /home.bak ; mkfs.ext4 -O project -E quotatype=prjquota /dev/sdb ; mkdir /home; disk=$(blkid /dev/sdb | awk '{print $2}'); echo "${disk} /home ext4 rw,discard,errors=remount-ro,x-systemd.growfs,prjquota 0 2" >> /etc/fstab; mount -a; mv /home.bak/* /home/; rmdir /home.bak
/etc/init.d/mariadb stop
mv /var/lib/mysql /home/
mkdir /var/lib/mysql
cat >> /etc/fstab <<EOF
/home/mysql /var/lib/mysql none bind 0 0
EOF
mount -a
/etc/init.d/mariadb start
~/.ssh/config :
Host os2*
TCPKeepAlive yes
ServerAliveInterval 60
ForwardAgent yes
User pkgdata
ProxyCommand ssh pkgdata@front200.pkgdata.net -W %h:%p
IdentityFile /home/remi/.ssh/id_ed25519_remi
~/work/infras/host_vars/on002.pkgdata.net/vars : & ~/work/infras/group_vars/200/vars :
private_dns:
- { hostname: "os201", ip: "192.168.100.181" }
- { hostname: "os202", ip: "192.168.100.122" }
- { hostname: "os203", ip: "192.168.100.6" }
[...]
ansible-playbook -i 000_hosts playbooks/common.yml --vault-id @prompt --limit on002\* --tags resolv
ansible-playbook -i 200_hosts playbooks/common.yml --vault-id @prompt --tags resolv
ansible-playbook -i 200_hosts playbooks/site.yml --flush-cache --vault-id @prompt --limit os201
ansible-playbook -i 200_hosts playbooks/site.yml --flush-cache --vault-id @prompt --limit os203
ansible-playbook -i 200_hosts playbooks/site.yml --flush-cache --vault-id @prompt --limit os204
ansible-playbook -i 200_hosts playbooks/site.yml --flush-cache --vault-id @prompt --limit os205
ansible-playbook -i 200_hosts playbooks/site.yml --flush-cache --vault-id @prompt --limit os206