TF: be modularized

Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu>

ansible/configure-server.yml

@@ -1,6 +1,7 @@
 ---
 - hosts: pi
   gather_facts: no
+  tags: pihw
   tasks:
   ## LCD STUFF
   - name: Enable i2c on boot/config.txt
@@ -56,11 +57,59 @@
       state: present
 
 
+  ## Lower ethernet latency of smsc95xx
+  - name: Configure options in /boot/cmdline.txt
+    replace:
+      path: /boot/cmdline.txt
+      regexp: '^([\w](?!.*\b{{ item }}\b).*)$'
+      replace: '\1 {{ item }}'
+    with_items:
+    - smsc95xx.turbo_mode=N
+    tags: smsc95xx
+
+  ## Enable UART for the GPS module
+  - name: Enable UART
+    lineinfile:
+      dest: /boot/config.txt
+      regexp: "^#?enable_uart="
+      line: "enable_uart=1"
+      insertafter: EOF
+      state: present
+
+# - name: Disable bluetooth XXX makes it really laggy
+#   lineinfile:
+#     dest: /boot/config.txt
+#     regexp: "^dtoverlay=pi3-disable-bt"
+#     line: "dtoverlay=pi3-disable-bt"
+#     state: present
+
+  - name: Disable serial-getty@ttyS0
+    systemd:
+      name: serial-getty@ttyS0
+      enabled: no
+      state: stopped
+
+  - name: copy gpsd config files
+    ansible.builtin.copy:
+      src: files/gpsd
+      dest: /etc/default/gpsd
+      owner: root
+      group: root
+      mode: 0644
+    tags: gpsd
+
+  - name: start and enable gpsd
+    systemd:
+      name: gpsd
+      enabled: yes
+      state: started
+    tags: gpsd
+
+
 
 
 - hosts: all
   tasks:
-
   - name: Disable systemd LLMNR
     lineinfile:
       dest: /etc/systemd/resolved.conf
@@ -85,7 +134,7 @@
   - name: Configure chrony
     template:
       src: files/chrony.conf.j2
-      dest: /etc/chrony.conf
+      dest: "{{ '/etc/chrony/chrony.conf' if ansible_facts['distribution'] == 'Ubuntu' else '/etc/chrony.conf' }}"
       owner: root
       group: root
       mode: 0644
@@ -103,3 +152,38 @@
     service:
       name: chronyd
       state: restarted
+
+## BGP STUFF
+- hosts: all
+  tags: bgp
+  tasks:
+  - name: install FRR
+    package:
+      name: frr
+      state: present
+    when: ansible_facts['distribution'] == 'Ubuntu'
+    #XXX for arch install it manually with yay
+
+  - name: Enable FRR bgp daemon
+    lineinfile:
+      dest: /etc/frr/daemons
+      regexp: "^bgpd=no"
+      line: "bgpd=yes"
+      state: present
+
+  - name: Copy frr config
+    ansible.builtin.template:
+      src: files/frr.conf.j2
+      dest: /etc/frr/frr.conf
+      owner: frr
+      group: frr
+      mode: 0640
+    notify: restart frr
+
+
+
+  handlers:
+  - name: restart frr
+    systemd:
+      name: frr
+      state: restarted

ansible/files/chrony.conf.j2

@@ -19,12 +19,19 @@
 pool pool.ntp.infomaniak.ch iburst
 server ntp11.metas.ch
 server ntp-p1.obspm.fr
-pool 2.arch.pool.ntp.org iburst
+server tock.zg.ch
 
 {% if ansible_hostname == "chronos" %}
+## Chronos is a stratum 1 server. Peers with ntp-s2
+server ntp-s2.lan.k3s.fr iburst
 refclock PPS /dev/pps0 refid PPS
+refclock SHM 0 refid GPS poll 2 precision 1e-3 offset 0.128
 {% else %}
+## NTP s2 is a VM. Peers with chronos and other NTP S1 servers
 server chronos.lan.k3s.fr iburst
+server ntp-s2-1.itu.ch
+server ntp.sceen.net
+server ntp1.as34288.net
 {% endif %}
 
 #######################################################################

ansible/files/frr.conf.j2

@@ -0,0 +1,36 @@
+!
+frr version 10.0.1
+frr defaults traditional
+hostname {{ ansible_hostname }}
+log syslog informational
+service integrated-vtysh-config
+!
+router bgp {{ bgp_asn }}
+ bgp router-id {{ ansible_default_ipv4.address }}
+ bgp bestpath as-path multipath-relax
+ bgp bestpath compare-routerid
+ neighbor pg-leaf peer-group
+ neighbor pg-leaf remote-as external
+ neighbor pg-leaf capability extended-nexthop
+ neighbor {{ bgp_router_ipv6 }} peer-group pg-leaf
+ !
+ address-family ipv4 unicast
+  redistribute connected route-map map-bgp-iface
+  neighbor pg-leaf soft-reconfiguration inbound
+ exit-address-family
+ !
+ address-family ipv6 unicast
+  redistribute kernel
+  redistribute connected route-map map-bgp-iface
+  neighbor pg-leaf activate
+  neighbor pg-leaf soft-reconfiguration inbound
+  neighbor pg-leaf route-map map-bgp-iface out
+ exit-address-family
+exit
+!
+route-map map-bgp-iface permit 10
+ match interface lo
+exit
+!
+end
+

ansible/files/gpsd

@@ -0,0 +1,4 @@
+START_DAEMON="true"
+USBAUTO="true"
+DEVICES="/dev/ttyS0"
+GPSD_OPTIONS="-n"

ansible/inventory.yml

@@ -1,4 +1,20 @@
 pi:
   hosts:
-    192.168.10.155: #chronos.k3s.fr:
+    chronos.lan.k3s.fr:
+      bgp_router_ipv6: 2a01:e0a:431:b521:7683:c2ff:fe4d:4818
+      bgp_asn: 64600
+      bgp_router_asn: 65100
+      bgp_ipv6: 2a01:e0a:431:b527::a123/128
+vms:
+  hosts:
+    ntp-s2-cra.lan.k3s.fr:
+      bgp_router_ipv6: 2a01:e0a:431:b522:7683:c2ff:fe4d:4818
+      bgp_asn: 64601
+      bgp_router_asn: 65100
+      bgp_ipv6: 2a01:e0a:431:b527::b123/128
+    ntp-s2-ces.lan.k3s.fr:
+      bgp_router_ipv6: 2a0e:e701:122c:42::1
+      bgp_asn: 64602
+      bgp_router_asn: 65000
+      bgp_ipv6: 2a0e:e701:122c:fff0::a123/128
 

pi/display/src/main.rs

@@ -149,7 +149,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
         }
 
         rate.update(get_chrony_ntp_hits());
-        std::thread::sleep(Duration::from_millis(100));
+        std::thread::sleep(Duration::from_millis(300));
     }
 
     Ok(())

tf/.terraform.lock.hcl

@@ -0,0 +1,25 @@
+# This file is maintained automatically by "tofu init".
+# Manual edits may be lost in future updates.
+
+provider "registry.opentofu.org/bpg/proxmox" {
+  version     = "0.58.1"
+  constraints = "0.58.1"
+  hashes = [
+    "h1:jxrdhJ0SzIFzQlRFQfjifgFj0tqiQKqk+Nmst7hZ9C8=",
+    "zh:0c2b3ca3fd2e4eb6a6c4ad075070e4ba6bda74cafb66fb6d455c9496bdf45a46",
+    "zh:105dbec8e113d38d96fdb675435feb72742c10c9a74d60f065a2be9fd30b0968",
+    "zh:4156dd5d6bb556cc38dbe9ff901aa142782e1ca6986174286cc9d0ad0048084b",
+    "zh:4686d9282594b8f1bb431324711e920aa52040570284850b12421bbd94997f99",
+    "zh:6722fe648db670f91436d125cddd95607b32d2c99c20bfd4d5246e6aaac7cd0f",
+    "zh:71f86709b0b9b6b0113267c577175418d2171e661d9d0550833db771b260faae",
+    "zh:998ae52b8914d8d96f6d62015e8437402ccab49b8a41e16fdfec2fdb69b18be8",
+    "zh:a2568b155494ae908d134cf5673eddcb816337705585e3689391334828514a8b",
+    "zh:a3d16ccbd8997aaca938bdc2ef389439d8cb2046457dfc2a413958d6cba4f161",
+    "zh:c50737b963f3db6544c993e2b589f15e1259ff62373302647a829ca7b92a9c9b",
+    "zh:c9296aab2d0459317fd7c7d779b820cd9dd5241000bab22027c8cea83a683bfe",
+    "zh:cd57945822c97e1037c9256eb0a314b99c3b93a996fb234a85a78e52dc09e0cc",
+    "zh:e18024ac0bcc3a618c3c3f7f3ebe1376c0c0eae9defa06367d9ed7c5f984b391",
+    "zh:e33c5fd3940c0c64fde79b5b67a46a1f681266294ead074e94a581ecd6008ddb",
+    "zh:f26e0763dbe6a6b2195c94b44696f2110f7f55433dc142839be16b9697fa5597",
+  ]
+}

tf/providers.tf

@@ -0,0 +1,29 @@
+
+terraform {
+  required_providers {
+    proxmox = {
+      source  = "bpg/proxmox"
+      version = "0.58.1"
+    }
+  }
+}
+
+
+
+provider "proxmox" {
+  alias = "cessy"
+  insecure = true
+  endpoint = "https://proxmox-cessy.lan.k3s.fr:8006/"
+  ssh {
+    agent = true
+  }
+}
+
+provider "proxmox" {
+  alias = "cranves"
+  insecure = true
+  endpoint = "https://proxmox-cranves.lan.k3s.fr:8006/"
+  ssh {
+    agent = true
+  }
+}

tf/servers.tf

@@ -0,0 +1,29 @@
+module "ntp_serv_ces" {
+    source = "./vm"
+    providers = {
+      proxmox = proxmox.cessy
+    }
+    px_node = var.px_node_cessy
+    px_vmid = var.px_vmid_cessy
+
+    hostname = "ntp-s2-ces"
+
+    ipv4_addr = "192.168.43.123"
+    ipv4_gw = "192.168.43.254"
+    px_vlanid = null
+}
+
+module "ntp_serv_cra" {
+    source = "./vm"
+    providers = {
+      proxmox = proxmox.cranves
+    }
+    px_node = var.px_node_cranves
+    px_vmid = var.px_vmid_cranves
+
+    hostname = "ntp-s2-cra"
+
+    ipv4_addr = "192.168.21.123"
+    ipv4_gw = "192.168.21.254"
+    px_vlanid = 21
+}

tf/vars.tf

@@ -0,0 +1,18 @@
+
+variable "px_node_cessy" {
+  type    = string
+  default = "n00"
+}
+variable "px_vmid_cessy" {
+  type    = number
+  default = 123
+}
+
+variable "px_node_cranves" {
+  type    = string
+  default = "fatty"  # Coz backuped by chronos
+}
+variable "px_vmid_cranves" {
+  type    = number
+  default = 123
+}

tf/vm/cloud-init.tpl.cfg

@@ -0,0 +1,30 @@
+#cloud-config
+hostname: ${hostname}
+disable_root: false
+ssh_pwauth:   true
+ssh_authorized_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChSPXfIMvZHaK6c1mDNubZCNuR+908kzJGqQhhZ0kzjL3Gh/rdLVLBSEael2pEJeuSSA6ADHz/AneQnXqLLod1wHtirq9yspyjTRmEWNXiWI5giZ0Mz/twe4wMpBDZ8YX8XM0zxWhyzoidLI/yomA63s30v0UyzmUesSfRwHQJ3Md56pA0ZEomdMH97sNdgMOjlUlyAFdwuK8zVkbeCdbT/eCHM28PCT366KOOJfoaGQpVagIkrUBXjEvOIjnMAxy3gqfJ8kS/iFxDgws3m5o93Pm+WdWdcPLf/ir9NUwPt8l2GV2lCapWFnMC8ZqgdvTxlFikBZaTss8rO8SKB5QkG6eoypsbIaK9GGnRgOM/zGdX7e5rVW1N1Y6O8qoykuY9EQykN4Y48h1q/aGD6HGuxqeP9cqD4HUJyL9K62D3k8At6KO2BLCKbp5hPZ5tvHgfQK2ARa0rR5L/m08Hxac6qI2JDdWTa4XJnJj9+F/D7pYRZ/tzrYwMy+nTXarC5/JDsuC9sv5MR1vcjSuzjLB0iPjZnp7Tm6hszHy7D8qOZiHJdPh7s4/I3+Zj7mCaG3bRREvIgqAW1ZP+E2ZFuAM4lUL8e2Xu3LmyLOk+hrvovDc+SAplS6FJxLGJDfpFAcCgaGY6WPi8ETCClfxcdQxnejs2SNAmcRIUHw70keKHgQ== cardno:000606708696
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDEEf2vpLMXa2o9tA3xeoPWMZ0Dk1MjIV9AOPyKT4Gi8jSovEnN+Hu1FQhODLkRx+CGkD5dV9rirbL6yD4BC9vNXoO2FeQpgRPAl1WkMpmg+AvVmroOUlsiNYCQL/F/yIAGwXiIo4mWTcsYDNngnlFkmqWzjaUG1VltmVOJtN+YVYvMj5ak/NYnFQIF7UsUZ/TRmQ9pvej2Yw001crhqe7SUfCYinJL/ynBmT/pXnd2hKJR5JSQl9uqBpsOFhPBUuShKjOMH+zc/6aM/MNEPNBnstvykztht6t4u8umu7LujcfWotwccz8rBhDSU6sIii0hbzxIeNWcM2pvNp/YtqmpEXpDJ8Yz8ffQY92lreR6picfvkqkoR+RA2uhMGP0VzajWCLPYQAHFmWOZIba6PpvJ5bkTSM+IA8U5dtBJ7l9D4vCKhUeybZUHTKL3hwxpaumu75giszKtZ15SA76QhZ5fLz+AuG2LdQwgnEgcdgLmrXXGi3/SOhvj5O9JGkrt5dIJHNo1sADulqhCLXjurlE2I55j2SloLmpduVKTUSD+OC0iTqIwzn8Sk6VVgSYfrUoZs7ySmFKG4SH+2iAcatj3z6r45y6eGqGaLdkeSFRlA6PJPuI85p6Fc44NxOEFae5wXV/G9nWHsnfZYv8cr73gaIo4duUg7fqmdjJ8BeDw== frank-key-rsa
+
+network:
+    {config: disabled}
+write_files:
+- path: /etc/netplan/config.yaml
+  permissions: '0644'
+  content: |
+    network:
+        version: 2
+        ethernets:
+            ens18:
+                addresses: [ ${ipv4_addr}/24 ]
+                gateway4: ${ipv4_gw}
+                nameservers:
+                    addresses: [ 192.168.21.254, 192.168.43.254 ]
+                dhcp4: false
+runcmd:
+# cradofix pour l'interface qui ne monte pas
+  - netplan apply
+  - apt update
+  - apt install -y qemu-guest-agent
+  - systemctl start qemu-guest-agent.service
+

tf/vm/ntp.tf

@@ -0,0 +1,72 @@
+terraform {
+  required_providers {
+    proxmox = {
+      source  = "bpg/proxmox"
+      version = "0.58.1"
+    }
+  }
+}
+variable "hostname" {
+}
+variable "ipv4_addr" {
+}
+variable "ipv4_gw" {
+}
+variable "px_node" {
+}
+variable "px_vmid" {
+}
+variable "px_vlanid" {}
+
+resource "proxmox_virtual_environment_file" "this" {
+  content_type = "snippets"
+  datastore_id = "local"
+  node_name    = var.px_node
+
+  source_raw {
+    data = templatefile("${path.module}/cloud-init.tpl.cfg", {
+      hostname = var.hostname,
+      ipv4_addr = var.ipv4_addr,
+      ipv4_gw  = var.ipv4_gw,
+    })
+    file_name = "${var.hostname}.cloud-config.yaml"
+  }
+}
+
+resource "proxmox_virtual_environment_vm" "this" {
+  name        = var.hostname
+  description = "Managed by Terraform"
+  started     = true
+  on_boot     = true
+
+  node_name = var.px_node
+  vm_id     = var.px_vmid
+
+  cpu {
+    cores = 1
+  }
+  memory {
+    dedicated = 512
+  }
+  agent {
+    enabled = true
+  }
+
+  disk {
+    datastore_id = "local-lvm"
+    file_format  = "qcow2"
+    interface    = "scsi0"
+    file_id      = "local:iso/noble-server-cloudimg-amd64.img"
+    size         = "10"
+  }
+
+  initialization {
+    user_data_file_id = proxmox_virtual_environment_file.this.id
+    datastore_id      = "local-lvm"
+  }
+
+  network_device {
+    bridge  = "vmbr0"
+    vlan_id = var.px_vlanid
+  }
+}