trying to reset s3-rgw path

.gitea/workflows/act.yaml

@@ -5,35 +5,78 @@ on: [push]
 jobs:
   Explore-Gitea-Actions:
     runs-on: linux-amd64
-    defaults:
+    #defaults:
-      run:
+    #  run:
-        shell: bash
+    #    shell: bash
     steps:  
+      # echo "export PYENV_ROOT=\"$HOME/.pyenv\"" >> $GITHUB_ENV
+      #     echo "export PATH=\"$PYENV_ROOT/bin:$PATH\"" >> $GITHUB_ENV
+      #     echo "command -v pyenv >/dev/null || export PATH=\"$PYENV_ROOT/bin:$PATH\"" >> $GITHUB_ENV
+      #     echo "eval \"$(pyenv init -)\"" >> $GITHUB_ENV
+      #     source $GITHUB_ENV
+      #     cat $GITHUB_ENV 
       
-    - name: write secret to dotenv
+          # cd /usr/share/ansible-repo/
-      working-directory: /usr/share/ansible-repo
+          # echo "export PYENV_ROOT=\"/root/.pyenv\"" >> $GITHUB_ENV
-      run: |
+          # echo "export PATH=\"/root/.pyenv/bin:$PATH\"" >> $GITHUB_ENV
-        echo -e "nigg" 
+          # echo "cd /usr/share/ansible-repo/" >> $GITHUB_ENV
+          # echo "eval \"$(/root/.pyenv/bin/pyenv init --path)\"" >> $GITHUB_ENV
+          # echo "eval \"$(/root/.pyenv/bin/pyenv virtualenv-init -)\"" >> $GITHUB_ENV
+          #cat $GITHUB_ENV
 
-    - name: asdf2
+          #source $GITHUB_ENV
-      working-directory: /usr/share/ansible-repo
+      - name: common-setup-just-created
-      run: |
+        run: |  
-        echo -e "asdf" > /root/gig
+          cd /usr/share/ansible-repo/
-
+          git pull
-    - name: write secret to dotenv
+          ./playbooker.sh 
-      working-directory: /usr/share/ansible-repo
+        shell: bash
-      run: |
-        echo -e "{{ runner.os }}" 
 
 
-      # - run: echo "🎉 The job was automatically triggered by a ${{ gitea.event_name }} event."
+
-      # - run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by Gitea!"
+          # echo "PYENV_ROOT=\"/root/.pyenv\"" >> $GITHUB_ENV
-      # - run: echo "🔎 The name of your branch is ${{ gitea.ref }} and your repository is ${{ gitea.repository }}."
+          # echo "PATH=\"/root/.pyenv/bin:$PATH\"" >> $GITHUB_ENV
-      # - name: Check out repository code
+          # source $GITHUB_ENV
-      #   uses: actions/checkout@v4
+          # cd /usr/share/ansible-repo/
-      # - run: echo "💡 The ${{ gitea.repository }} repository has been cloned to the runner."
+          # eval "$(/root/.pyenv/bin/pyenv init --path)"
-      # - run: echo "🖥️ The workflow is now ready to test your code on the runner."
+          # eval "$(/root/.pyenv/bin/pyenv virtualenv-init -)"
-      # - name: List files in the repository
+          # pyenv global 3.14.0 
-      #   run: |
+
-      #     ls ${{ gitea.workspace }}
+          #./playbooker.sh
-      # - run: echo "🍏 This job's status is ${{ job.status }}."
+
+          #cat $GITHUB_ENV        
+          #pyenv install 3.14.0
+
+          # python3 --version
+          # /root/.pyenv/shims/pip3 freeze
+          # pip3 freeze
+#       - name: common-setup-just-created
+#         run: | 
+# #!/bin/bash
+
+#           # Get the list of changed files
+#           CHANGED_FILES=$(git diff --name-only HEAD~1 HEAD)
+
+#           # Initialize an array for playbooks to run
+#           PLAYBOOKS_TO_RUN=()
+
+#           # Check for changes in specific directories and add corresponding playbooks
+#           if echo "$CHANGED_FILES" | grep -q "roles/webserver/"; then
+#             PLAYBOOKS_TO_RUN+=("playbooks/webserver.yml")
+#           fi
+
+#           if echo "$CHANGED_FILES" | grep -q "roles/database/"; then
+#             PLAYBOOKS_TO_RUN+=("playbooks/database.yml")
+#           fi
+
+#           # Run the identified playbooks
+#           if [ ${#PLAYBOOKS_TO_RUN[@]} -gt 0 ]; then
+#             for playbook in "${PLAYBOOKS_TO_RUN[@]}"; do
+#               echo "Running playbook: $playbook"
+#               ansible-playbook "$playbook" -i inventory.ini
+#             done
+#           else
+#             echo "No relevant playbooks modified. Skipping Ansible run."
+#           fi
+#         shell: bash
+

.gitignore

@@ -1,2 +1,4 @@
-#.vaulto
+.vaulto
+mitogen-*
 asdf
+ansible-venv

ansible.cfg

@@ -7,11 +7,14 @@ fact_caching_connection = /tmp/facts_cache
 # two hours timeout
 fact_caching_timeout = 7200
 
+forks = 20
 
 interpreter_python = auto_silent
 ansible_python_interpreter = auto_silent
 # Use the YAML callback plugin. 
-stdout_callback = yaml
+stdout_callback = default
+callback_result_format = yaml
+
 # Use the stdout_callback when running ad-hoc commands.
 bin_ansible_callbacks = True
 
@@ -25,11 +28,22 @@ vault_password_file = .vaulto
 # callback_whitelist = telegram
 # callbacks_enabled = telegram
 
-strategy_plugins = mitogen-0.3.9/ansible_mitogen/plugins/strategy
+
+#### WUT по каким-то невероятным причинам ансибл не может заиспользовать колбек от pyenv-3.14.0
+#callback_plugins = /root/.pyenv/versions/3.14.0/lib/python3.14/site-packages/ara/plugins/callback
+callback_plugins = /root/.local/lib/python3.11/site-packages/ara/plugins/callback
+callbacks_enabled = ara
+callback_whitelist = ara
+
+strategy_plugins = mitogen-0.3.32/ansible_mitogen/plugins/strategy
 strategy = mitogen_linear
 
 #### TODO чому-то не делается
 roles_path = roles:internal_roles
+
+[callback_ara]
+api_client = http
+api_server = http://192.168.0.55:8000
 # # [callback_telegram]
 # # tg_token   = 6472915685:AAHPvgrQoqG7DxtfbnHWPe3Lfild-CGJ1j8
 # # tg_chat_id = -4023350326
@@ -43,3 +57,4 @@ roles_path = roles:internal_roles
 [ssh_connection]
 # Enable pipelining, requires disabling requiretty in sudoers
 pipelining = True
+ssh_args = -o ControlMaster=auto -o ControlPersist=60s

environments/just-created/hosts.yml

@@ -6,28 +6,41 @@ all: # keys must be unique, i.e. only one 'hosts' per group
 #       #printing-slut.guaranteedstruggle.host:
 #       harbor.guaranteedstruggle.host:
     
+    #backups-slut1.guaranteedstruggle.host:
     #video-slut.guaranteedstruggle.host:
+    torrents-slut.guaranteedstruggle.host:
     #orangepirv2.guaranteedstruggle.host:
     #192.168.0.32:
+    #192.168.0.33:
     #gpu-visor.guaranteedstruggle.host:
 lxc: # keys must be unique, i.e. only one 'hosts' per group
   hosts:
     #lb1.guaranteedstruggle.host:
     #lb2.guaranteedstruggle.host:
     
-    #matrix-server.guaranteedstruggle.host:
+    #matrix-server.guaranteedstr uggle.host:
     #wikijs.guaranteedstruggle.host:
       ### but its a vm wtf
       #harbor.guaranteedstruggle.host:
 
+
+ 
+
       #etcd.guaranteedstruggle.host:
       #prometheus.guaranteedstruggle.host:
    # 192.168.0.240
     #192.168.0.251
+
+    #192.168.0.31:
+
     #192.168.0.40
-    #192.168.0.88
+    #192.168.0.29
     #192.168.0.52
     #192.168.0.113
+
+
+    #netbox.guaranteedstruggle.host:
+
     #recording-slut.guaranteedstruggle.host:
     #keycloak.guaranteedstruggle.host:
    # vault.guaranteedstruggle.host:

environments/proxmoxes/hosts.yml

@@ -4,7 +4,6 @@ physical_machines:
         cyberbully.guaranteedstruggle.host:
         #
         
-        video-slut.guaranteedstruggle.host:
         orangepirv2.guaranteedstruggle.host:
         ##gpu-slut.guaranteedstruggle.host:
     children:
@@ -29,6 +28,13 @@ vms:
         #recording-slut.guaranteedstruggle.host:
         #192.168.0.26 
         recording-slut.guaranteedstruggle.host:
+        sdr-slut.guaranteedstruggle.host:
+        video-slut.guaranteedstruggle.host:
+
+        torrents-slut.guaranteedstruggle.host:
+        backups-slut1.guaranteedstruggle.host:
+        backups-slut1.guaranteedstruggle.host:
+        git.guaranteedstruggle.host:
     children:
         printer:
         kubernetes:
@@ -37,9 +43,9 @@ vms:
 
 docker:
     hosts:
-        swarm-node1.guaranteedstruggle.host:
+        # swarm-node1.guaranteedstruggle.host:
-        swarm-node2.guaranteedstruggle.host:
+        # swarm-node2.guaranteedstruggle.host:
-        swarm-node3.guaranteedstruggle.host:
+        # swarm-node3.guaranteedstruggle.host:
 
         harbor.guaranteedstruggle.host:
 
@@ -48,7 +54,7 @@ kubernetes:
         # rke2-master1.guaranteedstruggle.host:
         # rke2-master2.guaranteedstruggle.host:
         # rke2-master3.guaranteedstruggle.host:
-        ###rke2-worker1.guaranteedstruggle.host:
+        rke2-worker1.guaranteedstruggle.host:
         rke2-worker2.guaranteedstruggle.host:
         rke2-worker3.guaranteedstruggle.host:
         rke2-worker4.guaranteedstruggle.host:
@@ -65,6 +71,8 @@ printer:
 lxc:
   hosts:
 
+
+
     etcd.guaranteedstruggle.host:
     pipisa.guaranteedstruggle.host:
 
@@ -74,6 +82,7 @@ lxc:
     grafana.guaranteedstruggle.host:
     parca.guaranteedstruggle.host:
     nexus.guaranteedstruggle.host:
+    netbox.guaranteedstruggle.host:
 
     pg-tf.guaranteedstruggle.host:
 

files/act_runner/act_runner.service

@@ -0,0 +1,17 @@
+# /etc/systemd/system/act_runner.service
+[Unit]
+Description=Gitea Actions runner
+Documentation=https://gitea.com/gitea/act_runner
+#After=docker.service
+
+[Service]
+ExecStart=/usr/local/bin/act_runner daemon --config /etc/act_runner/config.yaml
+ExecReload=/bin/kill -s HUP $MAINPID
+WorkingDirectory=/var/lib/act_runner
+TimeoutSec=0
+RestartSec=10
+Restart=always
+#User=act_runner
+
+[Install]
+WantedBy=multi-user.target

files/prometheus/prometheus.yaml

@@ -55,12 +55,15 @@ scrape_configs:
       - 'video-slut:9100'
       - 'printing-slut:9100'
 
-      - 'swarm-node1:9100'
+      - 'torrents-slut:9100'
-      - 'swarm-node2:9100'
+      - 'backups-slut1:9100'
-      - 'swarm-node3:9100'
+     # - 'swarm-node1:9100'
+     # - 'swarm-node2:9100'
+     # - 'swarm-node3:9100'
 
       - 'harbor:9100'
       
+      - 'sdr-slut:9100'
       #- 'rke2-master1:9100'
       #- 'rke2-master2:9100'
       #- 'rke2-master3:9100'
@@ -109,6 +112,18 @@ scrape_configs:
     - target_label:  host
       replacement:   cyberbully
   
+  - job_name: 'ceph-prometheus-modul'
+    scheme: http
+    static_configs:
+    - targets:
+      - '192.168.0.89:9283'  
+      - '192.168.0.71:9283'  
+      - '192.168.0.72:9283'  
+      - '192.168.0.73:9283'  
+      - '192.168.0.74:9283'  
+      - '192.168.0.75:9283'  
+
+
   # пиписа-экспортер
   # - job_name: 'vllm-exporter'
   #   scheme: http

playbooker.sh

@@ -0,0 +1,55 @@
+#!/bin/bash
+
+
+#source /root/.bashrc
+
+#whoami
+
+#sudo -i
+#source /root/.bashrc
+
+export PYENV_ROOT="/root/.pyenv"
+export PATH="$PYENV_ROOT/bin:$PATH"
+eval "$(/root/.pyenv/bin/pyenv init --path)"
+eval "$(/root/.pyenv/bin/pyenv virtualenv-init -)"
+pyenv global 3.14.0
+
+python3 --version
+echo $PYENV_ROOT
+echo $PATH
+
+ANSIBLE_CONFIG=/usr/share/ansible-repo/ansible.cfg
+
+CHANGED_FILES=$(git diff --name-only HEAD~1 HEAD)
+
+PLAYBOOKS_TO_RUN=()
+PLAYBOOKS_TO_RUN_JUST_CREATED=()
+
+# Check for changes in specific directories and add corresponding playbooks
+if echo "$CHANGED_FILES" | grep -q "files/prometheus/"; then
+PLAYBOOKS_TO_RUN+=("playbooks/software/prometheus.yml")
+fi
+
+if echo "$CHANGED_FILES" | grep -q "environments/just-created/"; then
+PLAYBOOKS_TO_RUN_JUST_CREATED+=("playbooks/_common-setup.yml")
+fi
+
+
+PLAYBOOKS_TO_RUN2=( $(printf "%s\n" "${PLAYBOOKS_TO_RUN[@]}" | sort -u) )
+
+# Run the identified playbooks
+if [ ${#PLAYBOOKS_TO_RUN2[@]} -gt 0 ]; then
+for playbook in "${PLAYBOOKS_TO_RUN2[@]}"; do
+    echo "Running playbook: $playbook"
+    ARA_API_CLIENT="http" ARA_API_SERVER="http://192.168.0.55:8000"  ansible-playbook "$playbook" -i environments/proxmoxes/hosts.yml
+done
+fi
+
+if [ ${#PLAYBOOKS_TO_RUN_JUST_CREATED[@]} -gt 0 ]; then
+for playbook in "${PLAYBOOKS_TO_RUN_JUST_CREATED[@]}"; do
+    echo "Running playbook: $playbook"
+    ARA_API_CLIENT="http" ARA_API_SERVER="http://192.168.0.55:8000"  ansible-playbook "$playbook" -i environments/just-created/hosts.yml
+done
+else
+echo "No relevant playbooks modified. Skipping Ansible run."
+fi

playbooks/_common-setup.yml

@@ -1,5 +1,25 @@
 #### TODO обе роли - пакаджесы и юзеры
 --- 
+#### TODO почему не взлетает на дальнейших плейбуках?
+- name: Check host connectivity
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Ping hosts
+      ansible.builtin.ping:
+      register: ping_result
+      ignore_errors: true # Continue even if some hosts fail to ping
+
+    - name: Add reachable hosts to a dynamic group
+      ansible.builtin.add_host:
+        name: "{{ item.ansible_host }}"
+        groups: reachable_hosts
+      when: ping_result.results is defined and item.ansible_facts.ping == 'pong'
+      loop: "{{ ping_result.results }}"
+      loop_control:
+        label: "{{ item.ansible_host }}"
+
+- import_playbook: timezone.yml
 - import_playbook: packages.yml
 - import_playbook: resolvconf.yml
 - import_playbook: users.yml

playbooks/apt_repositories.yml

@@ -0,0 +1,76 @@
+---
+- name: Manage APT Repositories
+  hosts: 
+  - harbor.guaranteedstruggle.host
+  - ansible-slut.guaranteedstruggle.host
+  become: true # Required for managing system-level configurations
+
+  tasks:
+    #### TODO добавить указание что всё управляется ансиболью
+
+    #### TODO разобраться вподвидах репозиториев, почему оно необъектное??
+
+    #### TODO WUT :: чому нормально не раскидывается в контейнере?
+    - ansible.builtin.apt_repository:
+        repo: 'deb https://nexus.guaranteedstruggle.host/repository/generic-deb-debian-org/ {{ ansible_distribution_release }} main non-free-firmware' # Replace with your desired repository
+        state: present
+        #filename: /etc/apt/sources.list
+    - ansible.builtin.apt_repository:
+        repo: 'deb-src https://nexus.guaranteedstruggle.host/repository/generic-deb-debian-org/ {{ ansible_distribution_release }} main non-free-firmware' # Replace with your desired repository
+        state: present
+        #filename: /etc/apt/sources.list
+    - ansible.builtin.apt_repository:
+        repo: 'deb http://deb.debian.org/debian/ {{ ansible_distribution_release }} main non-free-firmware' # Replace with your desired repository
+        state: absent
+        #filename: /etc/apt/sources.list
+    - ansible.builtin.apt_repository:
+        repo: 'deb-src http://deb.debian.org/debian/ {{ ansible_distribution_release }} main non-free-firmware' # Replace with your desired repository
+        state: absent
+        #filename: /etc/apt/sources.list
+
+    - ansible.builtin.apt_repository:
+        repo: 'deb https://nexus.guaranteedstruggle.host/repository/generic-security-debian/ {{ ansible_distribution_release }}-security main non-free-firmware' # Replace with your desired repository
+        state: present
+        #filename: /etc/apt/sources.list
+    - ansible.builtin.apt_repository:
+        repo: 'deb-src https://nexus.guaranteedstruggle.host/repository/generic-security-debian/ bookworm-security main non-free-firmware' # Replace with your desired repository
+        state: present
+        #filename: /etc/apt/sources.list
+    - ansible.builtin.apt_repository:
+        repo: 'deb http://security.debian.org/debian-security {{ ansible_distribution_release }}-security main non-free-firmware' # Replace with your desired repository
+        state: absent
+        #filename: /etc/apt/sources.list
+    - ansible.builtin.apt_repository:
+        repo: 'deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware' # Replace with your desired repository
+        state: absent
+        #filename: /etc/apt/sources.list
+
+    - ansible.builtin.apt_repository:
+        repo: 'deb https://nexus.guaranteedstruggle.host/repository/generic-deb-debian-org/ {{ ansible_distribution_release }}-updates main non-free-firmware' # Replace with your desired repository
+        state: present
+        #filename: /etc/apt/sources.list
+    - ansible.builtin.apt_repository:
+        repo: 'deb-src https://nexus.guaranteedstruggle.host/repository/generic-deb-debian-org/ {{ ansible_distribution_release }}-updates main non-free-firmware' # Replace with your desired repository
+        state: present
+        #filename: /etc/apt/sources.list
+    - ansible.builtin.apt_repository:
+        repo: 'deb http://deb.debian.org/debian/ {{ ansible_distribution_release }}-updates main non-free-firmware' # Replace with your desired repository
+        state: absent
+        #filename: /etc/apt/sources.list
+    - ansible.builtin.apt_repository:
+        repo: 'deb-src http://deb.debian.org/debian/ {{ ansible_distribution_release }}-updates main non-free-firmware' # Replace with your desired repository
+        state: absent
+        #filename: /etc/apt/sources.list
+
+
+    # - name: Disable an existing APT repository (by commenting out its entry)
+    #   ansible.builtin.lineinfile:
+    #     path: /etc/apt/sources.list # Replace with the path to the .list file of the repository to disable
+    #     regexp: '^(http://security.debian.org/debian-security .*)$' # Matches lines starting with 'deb '
+    #     line: '# \g<1>' # Comments out the matched line
+    #     backrefs: true # Required to use backreferences in the 'line' parameter
+    #     state: present # Ensure the line is present (commented out)
+
+    - name: Ensure apt cache is updated after changes
+      ansible.builtin.apt:
+        update_cache: yes

playbooks/packages.yml

@@ -1,6 +1,4 @@
 ---
-
-
 - name: packages
   hosts: all
   become: true

playbooks/software/act_runner.yml

@@ -1,7 +1,8 @@
 ---
 - name: act_runner
   hosts:
-  - all
+  - ansible-slut.guaranteedstruggle.host
+  - pipisa.guaranteedstruggle.host
   vars:
     act_runner_version: '0.2.13'
   gather_facts: yes
@@ -34,3 +35,24 @@
       src: /usr/share/act_runner/act_runner-{{act_runner_version}}
       dest: /usr/local/bin/act_runner 
       state: link
+
+  - name: Copy act_runner.service
+    register: act_runner_service_file
+    copy:
+      src: ../../files/act_runner/act_runner.service
+      dest: /etc/systemd/system/act_runner.service
+
+  # - name: ensure service
+  #   ansible.builtin.systemd_service:
+  #     name: act_runner
+  #     state: started
+  #     enabled: true
+
+  - name: Just force systemd to reread configs
+    ansible.builtin.systemd_service:
+      daemon_reload: true
+    when: act_runner_service_file.changed
+
+
+    #### TODO авторегистрация на основе токенов
+    # если ещё не работает то гнать регистрацию с токенов в хост-групп-варсах

playbooks/timezone.yml

@@ -0,0 +1,12 @@
+---
+- name: Change timezone
+  hosts: all
+  become: yes
+  tasks:
+    - name: Set timezone to Asia/Vladivostok
+      community.general.timezone:
+        name: Asia/Vladivostok
+
+
+  #### TODO генерация локалей в lxc и мб ещё и хостах
+  #localectl set-locale LANG=en_US.UTF-8

requirements.yml

@@ -1,9 +1,19 @@
 ---
 collections:
   - name: community.general
-    version: 9.5.0
+    source: https://github.com/ansible-collections/community.general.git
+    type: git
+        #version: 9.5.0
   - name: ansible.utils
-    version: 4.1.0 
+    source: https://github.com/ansible-collections/ansible.utils.git
+    type: git
+    #version: 4.1.0 
     
   - name: prometheus.prometheus
-    version: 0.22.0
+    source: https://github.com/prometheus-community/ansible.git
+    type: git
+    #version: 0.22.0
+
+  - name: recordsansible.ara
+    source: https://github.com/ansible-community/ara-collection.git
+    type: git