From 9e8d248a02045ff649497279824bc85c3bcccb3a Mon Sep 17 00:00:00 2001 From: Namu Date: Fri, 19 Jun 2026 19:16:15 +0200 Subject: [PATCH] refactor: improve project structure, idempotency, and security - Replace interactive python setup script with native Ansible vars_prompt. - Add missing Prometheus helm values template for resource management on Raspberry Pi. - Replace deprecated apt_key module usage with modern keyring file download. - Add project files: requirements.txt, requirements.yml, and .gitignore. --- .gitignore | 12 +++++ inventory.ini | 2 +- playbook.yml | 9 ++++ requirements.txt | 2 + requirements.yml | 6 +++ roles/docker/tasks/main.yml | 15 +++++-- roles/prometheus/templates/values.yml.j2 | 56 ++++++++++++++++++++++++ setup.py | 17 ------- 8 files changed, 97 insertions(+), 22 deletions(-) create mode 100644 .gitignore create mode 100644 requirements.txt create mode 100644 requirements.yml create mode 100644 roles/prometheus/templates/values.yml.j2 delete mode 100644 setup.py diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3d13d4d --- /dev/null +++ b/.gitignore @@ -0,0 +1,12 @@ +# Ansible dynamic content +inventory.ini +*.retry + +# Python Virtual Environment and cache +venv/ +.venv/ +__pycache__/ +*.py[cod] + +# Ansible local folders +.ansible/ diff --git a/inventory.ini b/inventory.ini index 26d5552..bab5f2d 100644 --- a/inventory.ini +++ b/inventory.ini @@ -1,2 +1,2 @@ [pis] -pi_node1 ansible_host={{IP}} ansible_user={{USER}} ansible_ssh_private_key_file=~/.ssh/id_rsa +pi_node1 ansible_host="{{ target_ip }}" ansible_user="{{ target_user }}" ansible_ssh_private_key_file=~/.ssh/id_rsa diff --git a/playbook.yml b/playbook.yml index b3b8f51..2bd5ea9 100644 --- a/playbook.yml +++ b/playbook.yml @@ -2,6 +2,15 @@ hosts: pis become: yes + vars_prompt: + - name: target_ip + prompt: "Entrez l'IP du Raspberry Pi" + private: no + - name: target_user + prompt: "Entrez l'utilisateur SSH" + private: no + default: "pi" + roles: - docker - k3s diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..a137bb7 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,2 @@ +ansible>=2.10 +kubernetes>=12.0.0 diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..28eedef --- /dev/null +++ b/requirements.yml @@ -0,0 +1,6 @@ +# External Ansible dependencies +# Install using: ansible-galaxy install -r requirements.yml (for roles) +# and: ansible-galaxy collection install -r requirements.yml (for collections) + +collections: + - name: kubernetes.core diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 89177b7..5275773 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -10,14 +10,21 @@ state: present update_cache: yes -- name: Add Docker official GPG key - apt_key: +- name: Create directory for apt keyrings + file: + path: /etc/apt/keyrings + state: directory + mode: '0755' + +- name: Add Docker official GPG key (modern keyring approach) + get_url: url: https://download.docker.com/linux/debian/gpg - state: present + dest: /etc/apt/keyrings/docker.asc + mode: '0644' - name: Set up Docker repository for ARM architecture apt_repository: - repo: "deb [arch={{ 'arm64' if ansible_architecture == 'aarch64' else 'armhf' }}] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable" + repo: "deb [arch={{ 'arm64' if ansible_architecture == 'aarch64' else 'armhf' }} signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable" state: present - name: Install Docker Engine and CLI components diff --git a/roles/prometheus/templates/values.yml.j2 b/roles/prometheus/templates/values.yml.j2 new file mode 100644 index 0000000..b534b28 --- /dev/null +++ b/roles/prometheus/templates/values.yml.j2 @@ -0,0 +1,56 @@ +# Prometheus community Helm Chart values for Raspberry Pi (kube-prometheus-stack) +# Optimisé pour des environnements à ressources limitées (ex: Raspberry Pi) + +prometheus: + prometheusSpec: + # Réglage des ressources mémoire/CPU pour éviter les OOM-kills sur les RPi + resources: + requests: + cpu: 100m + memory: 512Mi + limits: + cpu: 1000m + memory: 1024Mi + # Rétention des données + retention: 7d + retentionSize: 10Gi + +alertmanager: + enabled: true + alertmanagerSpec: + resources: + requests: + cpu: 50m + memory: 128Mi + limits: + cpu: 200m + memory: 256Mi + +grafana: + enabled: true + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 500m + memory: 512Mi + +# Désactivation optionnelle de certains services non requis ou consommateurs +kubeStateMetrics: + resources: + requests: + cpu: 10m + memory: 64Mi + limits: + cpu: 100m + memory: 128Mi + +nodeExporter: + resources: + requests: + cpu: 10m + memory: 32Mi + limits: + cpu: 100m + memory: 64Mi diff --git a/setup.py b/setup.py deleted file mode 100644 index d1e0b47..0000000 --- a/setup.py +++ /dev/null @@ -1,17 +0,0 @@ - -if __name__ == '__main__': - print('Running setup config for PIs') - - ip = input('Enter the IP of the PI:') - user = input('Enter the user of the PI:') - - with open('inventory.ini', 'r') as inventory: - content = inventory.read() - content = content.replace('{{USER}}', user) - content = content.replace('{{IP}}', ip) - - with open('inventory.ini', 'w') as inventory: - inventory.write(content) - - print(f'Changed inventory.ini content with: {content}') -