diff --git a/inventories/clients/danchilla/client_template/group_vars/all.yml b/inventories/clients/danchilla/client_template/group_vars/all.yml new file mode 100644 index 0000000..cbf88b9 --- /dev/null +++ b/inventories/clients/danchilla/client_template/group_vars/all.yml @@ -0,0 +1,7 @@ +--- +# Client-specific overrides go here +# client_id: "ACME-001" +# client_name: "ACME Corp" +# billing_model: "hybrid" +# change_freeze: false +# human_estimate_seconds: 2700 diff --git a/inventories/clients/danchilla/client_template/group_vars/pfsense_nodes.yml b/inventories/clients/danchilla/client_template/group_vars/pfsense_nodes.yml new file mode 100644 index 0000000..b59d9d3 --- /dev/null +++ b/inventories/clients/danchilla/client_template/group_vars/pfsense_nodes.yml @@ -0,0 +1,30 @@ +--- +# inventory/group_vars/pfsense_nodes.yml +# Applied to all hosts in the [pfsense] group. + +# pfSense runs FreeBSD — Python may not be installed. +# Using 'raw' module throughout the role avoids this entirely, +# but set the interpreter discovery to auto for safety. +ansible_python_interpreter: auto_silent + +# SSH connection settings tuned for pfSense/FreeBSD +ansible_connection: ssh +ansible_ssh_common_args: >- + -o StrictHostKeyChecking=no + -o UserKnownHostsFile=/dev/null + -o ConnectTimeout=15 + -o ServerAliveInterval=10 + -o ServerAliveCountMax=3 + +# pfSense's shell is tcsh by default; force sh for compatibility +ansible_shell_type: sh +ansible_shell_executable: /bin/sh + +# Set to your SSH key or use ansible_password +# ansible_ssh_private_key_file: ~/.ssh/pfsense_rsa + +# Default upgrade settings (can be overridden per host in host_vars/) +perform_upgrade: false +allow_major_upgrade: false +auto_reboot: true +pkg_repo_update: true diff --git a/inventories/clients/danchilla/client_template/hosts.yml b/inventories/clients/danchilla/client_template/hosts.yml new file mode 100644 index 0000000..9e30043 --- /dev/null +++ b/inventories/clients/danchilla/client_template/hosts.yml @@ -0,0 +1,59 @@ +--- +all: + vars: + client_id: "CLIENT_ID" + client_name: "Client Name" + billing_model: "hybrid" + maintenance_window_start: "02:00" + maintenance_window_end: "05:00" + maintenance_window_tz: "UTC" + n8n_webhook_url: "{{ lookup('env', 'N8N_WEBHOOK_URL') }}" + human_estimate_seconds: 2700 + change_freeze: false + ansible_ssh_extra_args: "-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" + + children: + # --- NETWORK LAYER --- + firewalls: + children: + opnsense: + hosts: + client-fw-01: + ansible_host: "{{ FW_HOST }}" + + pfsense: + hosts: + client-fw-01: + ansible_host: "{{ FW_HOST }}" + ansible_port: 22222 + ha_role: "primary" # Use: primary | backup + #ha_peer: "client-fw-02" # Uncomment if this node is part an HA pair + + # --- INFRASTRUCTURE --- + hypervisors: + children: + proxmox: + hosts: + client-pv-01: + ansible_host: "{{ PV_HOST }}" + xcp: + hosts: + client-xcp-01: + ansible_host: "{{ XCP_HOST }}" + + # --- WORKSTATIONS/SERVERS --- + linux_hosts: + hosts: {} + vars: + ansible_user: root + ansible_ssh_private_key_file: "~/.ssh/client_key" + os_family: "debian" + + windows_hosts: + hosts: {} + vars: + ansible_user: Administrator + ansible_connection: winrm + ansible_winrm_transport: ntlm + ansible_winrm_server_cert_validation: validate + ansible_port: 5986 diff --git a/inventories/clients/danchilla/client_template/hypervisor_hosts.yml b/inventories/clients/danchilla/client_template/hypervisor_hosts.yml new file mode 100644 index 0000000..64c73e0 --- /dev/null +++ b/inventories/clients/danchilla/client_template/hypervisor_hosts.yml @@ -0,0 +1,117 @@ +--- +# ============================================================================= +# hypervisor_hosts.yml — Physical Hypervisor Node Inventory +# ============================================================================= +# This file defines the physical hypervisor nodes for a client. +# Used by the hypervisor upgrade playbook (proxmox_upgrade.yml, xcpng_upgrade.yml) +# NOT used by guest playbooks (linux_patch, windows_patch, snapshot, etc.) +# +# Supported hypervisor_type values: +# proxmox — Proxmox VE cluster or standalone node +# xcpng — XCP-NG pool +# +# Copy this file to inventories/client_/hypervisor_hosts.yml +# and fill in the values for the client. +# ============================================================================= + +all: + vars: + client_id: "CLIENT-ID" + client_name: "Client Name" + children: + + # ── Proxmox Cluster / Standalone ───────────────────────────────────────── + # Remove this section if client does not use Proxmox + proxmox_cluster: + vars: + hypervisor_type: proxmox + + # Proxmox API connection — used for migration and cluster queries + # Points to any node in the cluster (usually node-01) + api_host: 192.168.X.X + api_port: 8006 + api_token_id: "ansible@pve!ansible-token" + api_token_secret: "REPLACE_ME" + + # Is this a single node or a cluster? + # single — no migration, just upgrade in place + # cluster — rolling upgrade with VM migration + cluster_mode: cluster # cluster | single + + # CEPH — if true, playbook will set noout flag before upgrading each + # node and clear it after the node rejoins the cluster + ceph_enabled: false + + # Shared storage — if false, VMs with local disks cannot be live + # migrated. Playbook will cold-migrate (shutdown) or skip based on + # local_disk_action below. + shared_storage: true + + # What to do with VMs that have local disks when shared_storage: false + # skip — leave them on the node, warn and proceed (risky) + # cold — shut down, migrate, start on new node + # abort — stop the upgrade if any local-disk VMs are found + local_disk_action: cold # skip | cold | abort + + # Rolling upgrade order — list nodes in the order you want them upgraded + # First node in list is drained first. If empty, playbook will sort + # alphabetically. + upgrade_order: + - pm-node-01 + - pm-node-02 + - pm-node-03 + + # SSH user for running apt upgrade on nodes directly + ansible_user: root + ansible_become: false + + # Tags to exclude from migration (e.g. VMs you never want moved) + # migrate_exclude_tags: + # - nomigrate + # - pinned + + hosts: + pm-node-01: + ansible_host: 192.168.X.X + # proxmox_node_name: pm-node-01 # only needed if hostname differs + pm-node-02: + ansible_host: 192.168.X.X + pm-node-03: + ansible_host: 192.168.X.X + + # ── XCP-NG Pool ────────────────────────────────────────────────────────── + # Remove this section if client does not use XCP-NG + xcpng_pool: + vars: + hypervisor_type: xcpng + + # XO (Xen Orchestra) API — used for migration + xo_url: "https://xoa.example.com" + xo_token: "REPLACE_ME" + + # Pool UUID — find with: xe pool-list + pool_uuid: "REPLACE_ME" + + # CEPH not applicable to XCP-NG + ceph_enabled: false + + # Shared storage — XCP-NG SR type + # true if using NFS/iSCSI/Ceph SR, false if local SR only + shared_storage: true + local_disk_action: cold # skip | cold | abort + + upgrade_order: + - xcp-node-01 + - xcp-node-02 + - xcp-node-03 + + ansible_user: root + ansible_become: false + + hosts: + xcp-node-01: + ansible_host: 192.168.X.X + xcp-node-02: + ansible_host: 192.168.X.X + xcp-node-03: + ansible_host: 192.168.X.X \ No newline at end of file