refactor: improve project structure, idempotency, and security

- Replace interactive python setup script with native Ansible vars_prompt. - Add missing Prometheus helm values template for resource management on Raspberry Pi. - Replace deprecated apt_key module usage with modern keyring file download. - Add project files: requirements.txt, requirements.yml, and .gitignore.
2026-06-19 19:16:15 +02:00
parent d18ed0799c
commit 9e8d248a02
8 changed files with 97 additions and 22 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,12 @@
+# Ansible dynamic content
+inventory.ini
+*.retry
+
+# Python Virtual Environment and cache
+venv/
+.venv/
+__pycache__/
+*.py[cod]
+
+# Ansible local folders
+.ansible/
--- a/inventory.ini
+++ b/inventory.ini
@@ -1,2 +1,2 @@
 [pis]
-pi_node1 ansible_host={{IP}} ansible_user={{USER}} ansible_ssh_private_key_file=~/.ssh/id_rsa
+pi_node1 ansible_host="{{ target_ip }}" ansible_user="{{ target_user }}" ansible_ssh_private_key_file=~/.ssh/id_rsa
--- a/playbook.yml
+++ b/playbook.yml
@@ -2,6 +2,15 @@
  hosts: pis
  become: yes

+  vars_prompt:
+    - name: target_ip
+      prompt: "Entrez l'IP du Raspberry Pi"
+      private: no
+    - name: target_user
+      prompt: "Entrez l'utilisateur SSH"
+      private: no
+      default: "pi"
+
  roles:
    - docker
    - k3s
--- a/requirements.txt
+++ b/requirements.txt
@@ -0,0 +1,2 @@
+ansible>=2.10
+kubernetes>=12.0.0
--- a/requirements.yml
+++ b/requirements.yml
@@ -0,0 +1,6 @@
+# External Ansible dependencies
+# Install using: ansible-galaxy install -r requirements.yml (for roles)
+# and: ansible-galaxy collection install -r requirements.yml (for collections)
+
+collections:
+  - name: kubernetes.core
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -10,14 +10,21 @@
    state: present
    update_cache: yes

- name: Add Docker official GPG key
-  apt_key:
+- name: Create directory for apt keyrings
+  file:
+    path: /etc/apt/keyrings
+    state: directory
+    mode: '0755'
+
+- name: Add Docker official GPG key (modern keyring approach)
+  get_url:
    url: https://download.docker.com/linux/debian/gpg
-    state: present
+    dest: /etc/apt/keyrings/docker.asc
+    mode: '0644'

 - name: Set up Docker repository for ARM architecture
  apt_repository:
-    repo: "deb [arch={{ 'arm64' if ansible_architecture == 'aarch64' else 'armhf' }}] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
+    repo: "deb [arch={{ 'arm64' if ansible_architecture == 'aarch64' else 'armhf' }} signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
    state: present

 - name: Install Docker Engine and CLI components
--- a/roles/prometheus/templates/values.yml.j2
+++ b/roles/prometheus/templates/values.yml.j2
@@ -0,0 +1,56 @@
+# Prometheus community Helm Chart values for Raspberry Pi (kube-prometheus-stack)
+# Optimisé pour des environnements à ressources limitées (ex: Raspberry Pi)
+
+prometheus:
+  prometheusSpec:
+    # Réglage des ressources mémoire/CPU pour éviter les OOM-kills sur les RPi
+    resources:
+      requests:
+        cpu: 100m
+        memory: 512Mi
+      limits:
+        cpu: 1000m
+        memory: 1024Mi
+    # Rétention des données
+    retention: 7d
+    retentionSize: 10Gi
+
+alertmanager:
+  enabled: true
+  alertmanagerSpec:
+    resources:
+      requests:
+        cpu: 50m
+        memory: 128Mi
+      limits:
+        cpu: 200m
+        memory: 256Mi
+
+grafana:
+  enabled: true
+  resources:
+    requests:
+      cpu: 100m
+      memory: 256Mi
+    limits:
+      cpu: 500m
+      memory: 512Mi
+
+# Désactivation optionnelle de certains services non requis ou consommateurs
+kubeStateMetrics:
+  resources:
+    requests:
+      cpu: 10m
+      memory: 64Mi
+    limits:
+      cpu: 100m
+      memory: 128Mi
+
+nodeExporter:
+  resources:
+    requests:
+      cpu: 10m
+      memory: 32Mi
+    limits:
+      cpu: 100m
+      memory: 64Mi
--- a/setup.py
+++ b/setup.py
@@ -1,17 +0,0 @@
-
-if __name__ == '__main__':
-	print('Running setup config for PIs')
-
-	ip = input('Enter the IP of the PI:')
-	user = input('Enter the user of the PI:')
-
-	with open('inventory.ini', 'r') as inventory:
-		content = inventory.read()
-	content = content.replace('{{USER}}', user)
-	content = content.replace('{{IP}}', ip)
-
-	with open('inventory.ini', 'w') as inventory:
-		inventory.write(content)
-	
-	print(f'Changed inventory.ini content with: {content}')
-