refactor: improve project structure, idempotency, and security
- Replace interactive python setup script with native Ansible vars_prompt. - Add missing Prometheus helm values template for resource management on Raspberry Pi. - Replace deprecated apt_key module usage with modern keyring file download. - Add project files: requirements.txt, requirements.yml, and .gitignore.
This commit is contained in:
Namu
12
.gitignore
vendored
Normal file
12
.gitignore
vendored
Normal file
@@ -0,0 +1,12 @@
|
|||||||
|
# Ansible dynamic content
|
||||||
|
inventory.ini
|
||||||
|
*.retry
|
||||||
|
|
||||||
|
# Python Virtual Environment and cache
|
||||||
|
venv/
|
||||||
|
.venv/
|
||||||
|
__pycache__/
|
||||||
|
*.py[cod]
|
||||||
|
|
||||||
|
# Ansible local folders
|
||||||
|
.ansible/
|
||||||
@@ -1,2 +1,2 @@
|
|||||||
[pis]
|
[pis]
|
||||||
pi_node1 ansible_host={{IP}} ansible_user={{USER}} ansible_ssh_private_key_file=~/.ssh/id_rsa
|
pi_node1 ansible_host="{{ target_ip }}" ansible_user="{{ target_user }}" ansible_ssh_private_key_file=~/.ssh/id_rsa
|
||||||
|
|||||||
@@ -2,6 +2,15 @@
|
|||||||
hosts: pis
|
hosts: pis
|
||||||
become: yes
|
become: yes
|
||||||
|
|
||||||
|
vars_prompt:
|
||||||
|
- name: target_ip
|
||||||
|
prompt: "Entrez l'IP du Raspberry Pi"
|
||||||
|
private: no
|
||||||
|
- name: target_user
|
||||||
|
prompt: "Entrez l'utilisateur SSH"
|
||||||
|
private: no
|
||||||
|
default: "pi"
|
||||||
|
|
||||||
roles:
|
roles:
|
||||||
- docker
|
- docker
|
||||||
- k3s
|
- k3s
|
||||||
|
|||||||
2
requirements.txt
Normal file
2
requirements.txt
Normal file
@@ -0,0 +1,2 @@
|
|||||||
|
ansible>=2.10
|
||||||
|
kubernetes>=12.0.0
|
||||||
6
requirements.yml
Normal file
6
requirements.yml
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
# External Ansible dependencies
|
||||||
|
# Install using: ansible-galaxy install -r requirements.yml (for roles)
|
||||||
|
# and: ansible-galaxy collection install -r requirements.yml (for collections)
|
||||||
|
|
||||||
|
collections:
|
||||||
|
- name: kubernetes.core
|
||||||
@@ -10,14 +10,21 @@
|
|||||||
state: present
|
state: present
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
|
|
||||||
- name: Add Docker official GPG key
|
- name: Create directory for apt keyrings
|
||||||
apt_key:
|
file:
|
||||||
|
path: /etc/apt/keyrings
|
||||||
|
state: directory
|
||||||
|
mode: '0755'
|
||||||
|
|
||||||
|
- name: Add Docker official GPG key (modern keyring approach)
|
||||||
|
get_url:
|
||||||
url: https://download.docker.com/linux/debian/gpg
|
url: https://download.docker.com/linux/debian/gpg
|
||||||
state: present
|
dest: /etc/apt/keyrings/docker.asc
|
||||||
|
mode: '0644'
|
||||||
|
|
||||||
- name: Set up Docker repository for ARM architecture
|
- name: Set up Docker repository for ARM architecture
|
||||||
apt_repository:
|
apt_repository:
|
||||||
repo: "deb [arch={{ 'arm64' if ansible_architecture == 'aarch64' else 'armhf' }}] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
|
repo: "deb [arch={{ 'arm64' if ansible_architecture == 'aarch64' else 'armhf' }} signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Install Docker Engine and CLI components
|
- name: Install Docker Engine and CLI components
|
||||||
|
|||||||
56
roles/prometheus/templates/values.yml.j2
Normal file
56
roles/prometheus/templates/values.yml.j2
Normal file
@@ -0,0 +1,56 @@
|
|||||||
|
# Prometheus community Helm Chart values for Raspberry Pi (kube-prometheus-stack)
|
||||||
|
# Optimisé pour des environnements à ressources limitées (ex: Raspberry Pi)
|
||||||
|
|
||||||
|
prometheus:
|
||||||
|
prometheusSpec:
|
||||||
|
# Réglage des ressources mémoire/CPU pour éviter les OOM-kills sur les RPi
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 512Mi
|
||||||
|
limits:
|
||||||
|
cpu: 1000m
|
||||||
|
memory: 1024Mi
|
||||||
|
# Rétention des données
|
||||||
|
retention: 7d
|
||||||
|
retentionSize: 10Gi
|
||||||
|
|
||||||
|
alertmanager:
|
||||||
|
enabled: true
|
||||||
|
alertmanagerSpec:
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 128Mi
|
||||||
|
limits:
|
||||||
|
cpu: 200m
|
||||||
|
memory: 256Mi
|
||||||
|
|
||||||
|
grafana:
|
||||||
|
enabled: true
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 256Mi
|
||||||
|
limits:
|
||||||
|
cpu: 500m
|
||||||
|
memory: 512Mi
|
||||||
|
|
||||||
|
# Désactivation optionnelle de certains services non requis ou consommateurs
|
||||||
|
kubeStateMetrics:
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 10m
|
||||||
|
memory: 64Mi
|
||||||
|
limits:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 128Mi
|
||||||
|
|
||||||
|
nodeExporter:
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 10m
|
||||||
|
memory: 32Mi
|
||||||
|
limits:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 64Mi
|
||||||
17
setup.py
17
setup.py
@@ -1,17 +0,0 @@
|
|||||||
|
|
||||||
if __name__ == '__main__':
|
|
||||||
print('Running setup config for PIs')
|
|
||||||
|
|
||||||
ip = input('Enter the IP of the PI:')
|
|
||||||
user = input('Enter the user of the PI:')
|
|
||||||
|
|
||||||
with open('inventory.ini', 'r') as inventory:
|
|
||||||
content = inventory.read()
|
|
||||||
content = content.replace('{{USER}}', user)
|
|
||||||
content = content.replace('{{IP}}', ip)
|
|
||||||
|
|
||||||
with open('inventory.ini', 'w') as inventory:
|
|
||||||
inventory.write(content)
|
|
||||||
|
|
||||||
print(f'Changed inventory.ini content with: {content}')
|
|
||||||
|
|
||||||
Reference in New Issue
Block a user