-
Notifications
You must be signed in to change notification settings - Fork 91
Expand file tree
/
Copy pathMakefile
More file actions
175 lines (131 loc) · 6.52 KB
/
Copy pathMakefile
File metadata and controls
175 lines (131 loc) · 6.52 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
.EXPORT_ALL_VARIABLES:
RUNNER := ansible-runner/ansible-runner.sh
ANSIBLE_DIR := ansible
ANSIBLE_LOCAL_ROLES_DIR := $(HOME)/.ansible/roles
ANSIBLE_LOCAL_COLLECTIONS_DIR := $(HOME)/.ansible/collections
.DEFAULT_GOAL := help
.PHONY: \
help \
default \
prepare-ansible \
ansible-local-setup \
ansible-local-galaxy \
ansible-local-lint \
ansible-local-syntax-check-external-services \
uv-lock-check \
lint \
lint-ci \
syntax-check-external-services \
lint-fix-whitespace \
clean \
ansible-runner-setup \
init \
secret-files \
os-upgrade \
external-setup \
nodes-setup \
dns-setup \
pxe-setup \
external-services \
configure-os-backup \
os-backup \
k3s-install \
k3s-bootstrap \
k3s-bootstrap-dev \
k3s-reset \
external-services-reset \
openwrt-certbot-tls \
deploy-monitoring-agent \
shutdown-k3s-worker \
shutdown-k3s-master \
shutdown-picluster \
deploy-vault \
deploy-minio \
configure-minio \
configure-vault \
load-external-services-keys \
get-pi-status \
install-local-utils
help: ## Show this help message
@echo "Available targets:"
@awk 'BEGIN {FS = ":.*##"} /^[a-zA-Z0-9][a-zA-Z0-9_.-]*:.*##/ {printf " %-32s %s\n", $$1, $$2}' $(firstword $(MAKEFILE_LIST))
default: help ## Alias for help
prepare-ansible: ansible-runner-setup secret-files ## Bootstrap runner and generate secret files
ansible-local-setup: ## Create/update local UV-based Ansible environment and install Galaxy deps
cd $(ANSIBLE_DIR) && uv sync --frozen
$(MAKE) ansible-local-galaxy
ansible-local-galaxy: ## Install Ansible roles/collections using local UV env
cd $(ANSIBLE_DIR) && mkdir -p $(ANSIBLE_LOCAL_ROLES_DIR) $(ANSIBLE_LOCAL_COLLECTIONS_DIR)
cd $(ANSIBLE_DIR) && uv run ansible-galaxy role install -r requirements.yml --roles-path "$(ANSIBLE_LOCAL_ROLES_DIR)" --timeout 600
cd $(ANSIBLE_DIR) && uv run ansible-galaxy collection install -r requirements.yml --collections-path "$(ANSIBLE_LOCAL_COLLECTIONS_DIR)"
ansible-local-lint: ansible-local-setup ## Run yamllint using local UV env
cd $(ANSIBLE_DIR) && uv run yamllint .
ansible-local-syntax-check-external-services: ansible-local-galaxy ## Syntax-check external services playbook using local UV env
cd $(ANSIBLE_DIR) && uv run ansible-playbook --syntax-check external_services.yml
uv-lock-check: ## Ensure uv.lock is in sync with pyproject.toml
cd $(ANSIBLE_DIR) && uv lock --check
lint: ## Run yamllint in the runner container
$(RUNNER) yamllint .
lint-ci: lint ## CI-parity YAML lint
syntax-check-external-services: ansible-runner-setup ## Ansible syntax check for external services playbook
cd ansible && ../$(RUNNER) ansible-playbook --syntax-check external_services.yml
lint-fix-whitespace: ## Trim trailing spaces and ensure newline at EOF for YAML files
$(RUNNER) /bin/bash -lc 'cd /runner && find . -type f \( -name "*.yml" -o -name "*.yaml" \) ! -path "./.ansible/*" -print0 | xargs -0 sed -i -E "s/[[:space:]]+$$//"'
$(RUNNER) /bin/bash -lc 'cd /runner && python3 -c "from pathlib import Path\nfor p in Path(\".\").rglob(\"*.yml\"):\n if str(p).startswith(\".ansible/\"):\n continue\n b = p.read_bytes()\n if b and not b.endswith(b\"\\n\"):\n p.write_bytes(b + b\"\\n\")\nfor p in Path(\".\").rglob(\"*.yaml\"):\n if str(p).startswith(\".ansible/\"):\n continue\n b = p.read_bytes()\n if b and not b.endswith(b\"\\n\"):\n p.write_bytes(b + b\"\\n\")"'
clean: k3s-reset external-services-reset ## Reset k3s and external services
ansible-runner-setup: ## Build and prepare ansible runner
$(MAKE) -C ansible-runner
init: os-upgrade nodes-setup external-services configure-os-backup k3s-install k3s-bootstrap ## Full cluster initialization workflow
secret-files: ## Create encrypted/local secret files for Ansible runs
$(RUNNER) ansible-playbook create_secret_files.yml
os-upgrade: ## Upgrade OS packages on target nodes
$(RUNNER) ansible-playbook update.yml
external-setup: ## Configure external services host prerequisites
$(RUNNER) ansible-playbook setup_picluster.yml --tags "external"
nodes-setup: ## Configure node prerequisites
$(RUNNER) ansible-playbook setup_picluster.yml --tags "node"
dns-setup: ## Configure authoritative DNS
$(RUNNER) ansible-playbook configure_dns_authoritative.yml
pxe-setup: ## Configure PXE server
$(RUNNER) ansible-playbook configure_pxe_server.yml
external-services: ## Deploy and configure external services
$(RUNNER) ansible-playbook external_services.yml
configure-os-backup: ## Configure node backup jobs
$(RUNNER) ansible-playbook backup_configuration.yml
os-backup: ## Trigger restic backup on all cluster nodes
$(RUNNER) ansible -b -m shell -a 'systemctl start restic-backup' picluster
k3s-install: ## Install k3s on cluster nodes
$(RUNNER) ansible-playbook k3s_install.yml
k3s-bootstrap: ## Bootstrap k3s services and addons
$(RUNNER) ansible-playbook k3s_bootstrap.yml
k3s-bootstrap-dev: ## Bootstrap k3s using dev overlay
$(RUNNER) ansible-playbook k3s_bootstrap.yml -e overlay=dev
k3s-reset: ## Reset k3s from all nodes
$(RUNNER) ansible-playbook k3s_reset.yml
external-services-reset: ## Reset external services
$(RUNNER) ansible-playbook reset_external_services.yml
openwrt-certbot-tls: ## Generate gateway TLS certificate via certbot
$(RUNNER) ansible-playbook generate_gateway_tls_certificate.yml
./metal/openwrt/script/openwrt-deploy-tls.sh
deploy-monitoring-agent: ## Deploy monitoring agent
$(RUNNER) ansible-playbook deploy_monitoring_agent.yml
shutdown-k3s-worker: ## Shutdown worker nodes in 1 minute
$(RUNNER) ansible -b -m shell -a "shutdown -h 1 min" k3s_worker
shutdown-k3s-master: ## Shutdown master nodes in 1 minute
$(RUNNER) ansible -b -m shell -a "shutdown -h 1 min" k3s_master
shutdown-picluster: ## Shutdown all cluster nodes in 1 minute
$(RUNNER) ansible -b -m shell -a "shutdown -h 1 min" picluster
deploy-vault: ## Deploy Vault workloads
$(RUNNER) ansible-playbook deploy_vault.yml
deploy-minio: ## Deploy MinIO workloads
$(RUNNER) ansible-playbook deploy_minio.yml
load-external-services-keys: ## Load external services keys into the cluster
$(RUNNER) ansible-playbook load_external_services_keys.yml
get-pi-status: ## Get Raspberry Pi throttling status
$(RUNNER) ansible -b -m shell -a "pi_throttling" raspberrypi
install-local-utils: ## Install local utility tooling on localhost
cd ansible; ansible-playbook install_utilities_localhost.yml --ask-become-pass
configure-minio: ## Configure MinIO Resoures (Terraform)
$(RUNNER) ansible-playbook configure_minio.yml
configure-vault: ## Configure Vault (Terraform)
$(RUNNER) ansible-playbook configure_vault.yml -e enable_kubernetes_auth=true