Added watchdog set function

Reviewed-on: vlad/ansible-cache#1

dnaclab_linux/ad1.dnaclab.net.crt

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDYzCCAkugAwIBAgIQOjH4SmsJLppClIB6CKuPKTANBgkqhkiG9w0BAQsFADBE
+MRMwEQYKCZImiZPyLGQBGRYDbmV0MRcwFQYKCZImiZPyLGQBGRYHZG5hY2xhYjEU
+MBIGA1UEAxMLZG5hY2xhYi5uZXQwHhcNMjIwNDI4MTYyODMxWhcNMzIwNDI4MTYz
+ODMwWjBEMRMwEQYKCZImiZPyLGQBGRYDbmV0MRcwFQYKCZImiZPyLGQBGRYHZG5h
+Y2xhYjEUMBIGA1UEAxMLZG5hY2xhYi5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDJiTcCiTFlBkDIe19uDPm/JWfM53v2BHlyQZadk2aNVq18ZHTC
+2724X9gKG2qUWhdxVYyBgnz/EYra+kgsJdXMsiDWN+MbfOdD3Xs7MBPC1goujFVW
+6n6dvi5JZarFJjvDhKLfuRUB61we6vfccZwE4PwSChaIWDoCJlpcRaHnKEgLxawh
+/UpArEm2KRWfRMDloxXmVJkjZ1JKQF54iZbMRvGhyGpIEcwLG9ddetEvjmDK+FIU
+4AKG356ktjvFQFOCp4U9CTnm0h+AwOem+Le6Q5qV8GKPEc9wTJjbkarsoEYd9doS
+d2qrmHiSe/mpO52Fn1HZELnjH3yis4wpaxP3AgMBAAGjUTBPMAsGA1UdDwQEAwIB
+hjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSm6oQF7HWtEn8/zS61YUU7WEJ6
+5DAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQsFAAOCAQEAU3PZaenth8q3
+9O4HmcNR6+uPx3Ic4G6AgY6/rI1WSNnax9n76wvYBGd+DytOGLVhmzdW6U7udcUB
+rn4mwKhiUa4LtvbZfSz7gycJ2f/l0Vqq2ebSWTM3D2L6leQKfy71USQ9u7oRNWHN
+kmq8bzXrJ5NGCdMG4u+0848jqquD3wHZixvjHsCwZeKYDldnbZIvuOBQSh4N+YCV
+jEgE2XULMYrxLSCh/01p1cl4It3Rb0/xR105cPlYEU6HyYQVctjdhgZAnanYAu+1
+HaQtKGeASlx+i7WftsMCOJuC3ddEF7yT9se3yeAGjioIjLUhlx+1yHcXzEVyFVQd
+uzeSL2RGjA==
+-----END CERTIFICATE-----

dnaclab_linux/inventory.yml

@@ -3,8 +3,7 @@ all:
   children:
     services_hosts:
       hosts:
-        ubuntu.dnaclab.net:
+        services.dnaclab.net:
-        staging.dnaclab.net:
     developer_hosts:
       hosts:
         developer.dnaclab.net:
@@ -17,12 +16,7 @@ all:
         backups.dnaclab.net:
     kubernetes:
       hosts:
-        10.221.0.130:
+        k8s-master.dnaclab.net:
-        10.221.0.131:
+        k8s-worker1.dnaclab.net:
-        10.221.0.132:
+        k8s-worker2.dnaclab.net:
-    kubernetes_dev:
+
-      hosts:
-        172.16.1.130:
-        172.16.1.131:
-        172.16.1.132:
-        172.16.1.133:

dnaclab_linux/prestage_root_ca.yaml

@@ -0,0 +1,33 @@
+---
+- name: Prestage server(s) with the NCA FSA AD1 root CA and load it into SSL service
+  hosts: all
+  become: yes
+  vars_files:
+    - global_vars/main.yml
+
+  tasks:
+
+    - name: Copy AD1 root certificate to the shared SSL store
+      ansible.builtin.copy:
+        src: "./ad1.dnaclab.net.crt"
+        dest: /usr/local/share/ca-certificates/
+        owner: root
+        group: root
+        mode: '0666'
+
+    - name: Update the CA certificate store
+      ansible.builtin.command: update-ca-certificates
+      register: update_results
+    
+    - name: Print update results
+      ansible.builtin.debug:
+        var: update_results.stdout
+    
+    - name: Verify that certificates signed by AD1 can be verified now
+      ansible.builtin.shell: openssl s_client -connect gitlab.dnaclab.net:443 -showcerts </dev/null
+      register: verify_results
+        
+    - name: Report outcome of certificate install and validation
+      ansible.builtin.debug:
+        msg: Root CA installation and validation successfull!
+      when: '"Verification: OK" in verify_results.stdout'

dnaclab_linux/prestage_update_dns.yaml

@@ -0,0 +1,31 @@
+---
+- name: Change the netplan configuration to only allow the internal DNS server
+  hosts: all
+  become: yes
+  vars_files:
+    - global_vars/main.yml
+
+  tasks:
+
+    - name: Check if the netplan configuration is present
+      ansible.builtin.stat:
+        path: /etc/netplan/00-installer-config.yaml 
+
+    - name: Set the new netplan to use only the internal DNS
+      ansible.builtin.command: netplan set ethernets.ens160.nameservers.addresses=[10.221.0.100]
+    
+    - name: Apply the new netplan
+      ansible.builtin.command: netplan apply
+    
+    - name: Restart the resolved service
+      ansible.builtin.command: systemctl restart systemd-resolved.service
+
+    - name: Get currently configured DNS servers
+      ansible.builtin.command: netplan get ethernets.ens160.nameservers.addresses
+      register: dns_check
+
+    - name: Validate that only the internal DNS is configured
+      ansible.builtin.debug:
+        msg: Change successfull!
+      when: dns_check.stdout == "- 10.221.0.100"
+

dnaclab_linux/reboot.yml

@@ -1,6 +1,6 @@
 ---
 - name: Reboots linux host and checks status
-  hosts: kubernetes_dev
+  hosts: kubernetes
   become: yes
   vars_files:
     - global_vars/main.yml

home_linux/change_password.yml

@@ -0,0 +1,13 @@
+---
+# Run this script with -> ansible-playbook -i home-inventory.yml change_password.yml --extra-vars 'new_password=XXXXXXX' --ask-vault-pass
+- name: Change the admin password for all hosts (remember to edit the vars.yml file afterwards with the new pass!!!)
+  hosts: all
+  become: yes
+  roles:
+    - common
+  tasks:
+    - name: Change user password
+      user:
+        name: "{{ ansible_user }}"
+        update_password: always
+        password: "{{ new_password | password_hash('sha512') }}"

home_linux/config_files/nextcloud-pv.yml

@@ -1,18 +0,0 @@
-## nextcloud.persistentvolume.yml
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: "nextcloud-seagate"
-  labels:
-    type: "local"
-spec:
-  storageClassName: "manual"
-  capacity:
-    storage: "50Gi"
-  accessModes:
-    - ReadWriteOnce
-  hostPath:
-    path: "/mnt/seagate/_NEXTCLOUD"
----
-

home_linux/config_files/nextcloud-pvc.yml

@@ -1,15 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  namespace: "nextcloud"
-  name: "nextcloud-seagate"
-spec:
-  storageClassName: "manual"
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: "50Gi"
----
-

home_linux/enable_watchdog.yaml

@@ -0,0 +1,28 @@
+---
+- name: Enable hardware watchdog
+  hosts: all
+  gather_facts: no
+  roles: 
+    - common
+  become: yes
+  
+  tasks:
+    - name: Enable systemd watchdog in system.conf
+      ansible.builtin.lineinfile:
+        path: /etc/systemd/system.conf
+        regexp: '^#?{{ item.key }}='
+        line: "{{ item.key }}={{ item.value }}"
+      loop:
+        - { key: 'RuntimeWatchdogSec', value: '15' }
+        - { key: 'RebootWatchdogSec', value: '10min' }
+      notify: Restart systemd
+
+    - name: Ensure watchdog device permissions (Optional/Standard)
+      ansible.builtin.shell: |
+        modprobe bcm2835_wdt
+      changed_when: false
+
+  handlers:
+    - name: Restart systemd
+      ansible.builtin.systemd:
+        daemon_reexec: yes

home_linux/home_inventory.yml

@@ -5,6 +5,7 @@ all:
         192.168.0.51:
         192.168.0.52:
         192.168.0.53:
+        192.168.0.54:
     kube_masters:
       hosts:
         192.168.0.51:
@@ -12,12 +13,14 @@ all:
       hosts:
         192.168.0.52:
         192.168.0.53:
+        192.168.0.54:
     docker:
       hosts:
         192.168.0.50:
     zero:
       hosts:
-        192.168.0.54:
+        192.168.0.49:
         192.168.0.55:
-  vars:
+        192.168.0.48:
-    ansible_ssh_private_key_file = /home/vraducanu/.ssh/id_rsa
+vars:
+  ansible_ssh_private_key_file = /home/vraducanu/.ssh/id_rsa

home_linux/install_longhorn_deps.yml

@@ -0,0 +1,20 @@
+---
+- name: Update and upgrade packages on Raspberries
+  hosts: kubernetes
+  roles:
+    - common
+  become: yes
+
+  tasks:
+
+  - name: Update package repositories
+    apt: update_cache=yes force_apt_get=yes cache_valid_time=3600
+
+  - name: Upgrade packages on targets
+    apt: upgrade=dist force_apt_get=yes 
+
+  - name: Install open-iscsi
+    apt:
+      name: open-iscsi
+      state: present
+    

home_linux/install_network_manager.yaml

@@ -0,0 +1,29 @@
+---
+- name: Install the Network Manager service on the Raspberries
+  hosts: kubernetes
+  roles: 
+    - common
+  become: yes
+  gather_facts: no
+  
+  tasks:
+
+  - name: Install the Network Manager package
+    ansible.builtin.apt:
+      name: network-manager
+      state: present
+      update_cache: yes
+
+  - name: Enable and start the Network Manager service
+    ansible.builtin.service:
+      name: NetworkManager
+      state: started
+      enabled: yes
+
+  - name: Test that the Network Manager service is running
+    ansible.builtin.shell: nmcli g
+    register: nmcli_status
+
+  - name: Print test results
+    ansible.builtin.debug:
+      var: nmcli_status["stdout_lines"]

home_linux/k3s_stuff/disable_swap.yml

@@ -0,0 +1,23 @@
+---
+- name: Disable swap on Raspberries
+  hosts: kubernetes
+  roles: 
+    - common
+  become: yes
+  gather_facts: no
+  
+  tasks:
+  
+  - name: Stop swap service
+    ansible.builtin.shell: dphys-swapfile swapoff
+
+  - name: Disable swap service
+    ansible.builtin.shell: systemctl disable dphys-swapfile
+
+  - name: Delete swap file 
+    ansible.builtin.shell: dphys-swapfile uninstall
+
+  - name: Reboot
+    ansible.builtin.reboot:
+      test_command: uptime
+

home_linux/k3s_stuff/home_inventory.yml

@@ -0,0 +1,26 @@
+all:
+  children:
+    kubernetes:
+      hosts:
+        192.168.0.51:
+        192.168.0.52:
+        192.168.0.53:
+        192.168.0.54:
+    kube_masters:
+      hosts:
+        192.168.0.51:
+    kube_workers:
+      hosts:
+        192.168.0.52:
+        192.168.0.53:
+        192.168.0.54:
+    docker:
+      hosts:
+        192.168.0.50:
+    zero:
+      hosts:
+        192.168.0.49:
+        192.168.0.55:
+        192.168.0.48:
+vars:
+  ansible_ssh_private_key_file = /home/vraducanu/.ssh/id_rsa

home_linux/k3s_stuff/roles/common/vars/main.yml

@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+30633834386366326437646166323334396138353739343932333030646534663939353664623132
+3132376461376265646335333462306135643361343366620a633835303133306134613433313833
+38323961306433633466643139666566636365313538313062636161373130313633393265313162
+3537633336316361330a323462613431363138363035383532636166613434393661663832616532
+63633632383431653930363638326237663533316632666266653734396165393130386238323661
+65653832343031356130303961333134656139306165666234343737386362343939376435663332
+64366535366265366532393130363862376363323664666362663663613238653564613963616138
+33383635373133343032313834376232623166393161616136663566303437656536376536646439
+3163

home_linux/k3s_stuff/set_hosts_file_for_k3s.yml

@@ -0,0 +1,14 @@
+---
+- name: Update hosts files on k3s nodes
+  hosts: kubernetes
+  roles: 
+    - common
+  become: yes
+  gather_facts: no
+  
+  tasks:
+  
+  - name: Replace the local A records for local services in k3s
+    ansible.builtin.lineinfile:
+      path: /etc/hosts
+      line: 192.168.0.56 services.ze.internet.local

home_linux/k8s_stuff/home_inventory.yml

@@ -0,0 +1,26 @@
+all:
+  children:
+    kubernetes:
+      hosts:
+        192.168.0.51:
+        192.168.0.52:
+        192.168.0.53:
+        192.168.0.54:
+    kube_masters:
+      hosts:
+        192.168.0.51:
+    kube_workers:
+      hosts:
+        192.168.0.52:
+        192.168.0.53:
+        192.168.0.54:
+    docker:
+      hosts:
+        192.168.0.50:
+    zero:
+      hosts:
+        192.168.0.49:
+        192.168.0.55:
+        192.168.0.48:
+vars:
+  ansible_ssh_private_key_file = /home/vraducanu/.ssh/id_rsa

home_linux/k8s_stuff/roles/common/vars/main.yml

@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+34323466633533666237623830316138373237326134336236613536633664373564633163613230
+3938393338663632613061646365613630373635613536360a613039306363616432633030306334
+33353839346339393965616234323561306338626533363238306662383938626364303061633332
+6230623361393438610a383230376431373034306331376536313831633366373665393866373338
+65313334623131323931353436623265623033396266623364313934383865386532623630336164
+32653432613065303363303730353864353739633530376637333662303134613339353062303932
+33646466383561373264333734626364663763393766666664653365386230393562626563376265
+63303939363932636266303566363062643166343064343762313339353839326361383062653036
+6232

home_linux/reboot.yml

@@ -1,6 +1,6 @@
 ---
 - name: Reboot the Raspberries
-  hosts: all
+  hosts: kubernetes
   gather_facts: no
   roles: 
     - common

home_linux/roles/common/vars/main.yml

@@ -1,10 +1,10 @@
 $ANSIBLE_VAULT;1.1;AES256
-34323466633533666237623830316138373237326134336236613536633664373564633163613230
+31373666386334376331316561663830613065303332353965306334613165396261663564393937
-3938393338663632613061646365613630373635613536360a613039306363616432633030306334
+6365613862623531356333613266346637663333613964330a323664323932626166623161663431
-33353839346339393965616234323561306338626533363238306662383938626364303061633332
+62333230373733643261613364626635613162363464366361643737636633336362383465643635
-6230623361393438610a383230376431373034306331376536313831633366373665393866373338
+3261366564663333620a396136303364376461323233616361633166653063623233383638353033
-65313334623131323931353436623265623033396266623364313934383865386532623630336164
+37336439366533316262363761303730313039353038333636326330623261306633303630623463
-32653432613065303363303730353864353739633530376637333662303134613339353062303932
+39313238353965666638323262666231386238663262353036313334623565373232623563613935
-33646466383561373264333734626364663763393766666664653365386230393562626563376265
+61313461333961363061323166616162376132643531376162383431666436666463346161653032
-63303939363932636266303566363062643166343064343762313339353839326361383062653036
+64653435636661313164663964343162313163616531313535613630626364303963396433666431
-6232
+3631

home_linux/shutdown.yml

@@ -1,6 +1,6 @@
 ---
 - name: Shutdown the Raspberries
-  hosts: all
+  hosts: kubernetes 
   gather_facts: no
   roles: 
     - common