Skip to content
Snippets Groups Projects
Select Git revision
2 results Searching

infrastructure

  • Clone with SSH
  • Clone with HTTPS
  • user avatar
    Arnaud Lemettre authored
    ef41b6c5
    History

    EPITA Infrastructure

    This project is the main repository for EPITA's teaching IT infrastructure. We try to follow the Infrastructure as Code (IaC) methodology as much as possible for all of our deployments.

    EPITA's teaching IT infrastructure is made of a OpenStack private cloud cluster made available to some entities of the school (majors or laboratories). We also use it ourselves to deploy common services for the whole school. Most of our services are deployed in Kubernetes clusters on top of our OpenStack private cloud.

    Repository structure

    Undercloud

    The undercloud folder is the Ansible deployment folder for our Undercloud. The Undercloud is the underlying infrastructure behind our OpenStack private cloud deployment.

    The Undercloud is in charge of :

    • backbone networking (routing, firewalling)
    • DNS secondary of some zones, primary is OpenStack Designate
    • DNS primary of some zones
    • Vault
    • Authentication inside the Undercloud
    • E-mail relaying
    • Backups
    • Part of the monitoring
    • Storage (Ceph)
    • OpenStack infrastructure (control plane and computes)
    • ArgoCD

    We have a small k3s cluster for some of the mentioned above services inside the Undercloud. The cluster runs in libvirt virtual machines on some physical servers of the Undercloud.

    Ceph is deployed using cephadm which is not a IaC tool, so our Ceph deployment cannot be found in this repository.

    Kolla-Ansible

    The kolla folder contains the Kolla-Ansible deployment files used to deploy our OpenStack private cloud infrastructure. It is not part of the undercloud folder as it is far more complicated than the other Ansible roles we use for the rest of the Undercloud.

    Overcloud

    The overcloud folder contains all of our Ansible and Terraform files to deploy our services inside our OpenStack private cloud. Most of user facing services are part of the Overcloud, and the vast majority is deployed in Kubernetes clusters in the Overcloud.

    Currently deployed services of the Overcloud are :

    • Moulinette as a Service (MaaS) workers
    • GitLab CI runners
    • RT ticket system
    • OpenAFS cluster for students file storage in computer rooms
    • Moodle
    • ops RKE1 cluster (mostly for monitoring and logging operations)
    • prod-1 RKE1 cluster for most of the user facing services

    Kubernetes

    The k8s folder contains the Kubernetes manifests for all of our Kubernetes clusters. Everything is automatically synced to our clusters using ArgoCD.

    Getting started

    Before using Ansible in undercloud or overcloud and each time the requirements.yml file changes, run the following from the root of the repository:

    ansible-galaxy install -r requirements.yml --force

    You also need to login to Vault before running Ansible.

    First, load the config.sh script to populate the VAULT_ADDR environment variable.

    source ./config.sh

    Login to the Vault, replace MY_USERNAME with your login.

    vault login -method=ldap username=MY_USERNAME

    Load the config.sh script again to populate some useful secrets, especially if working in the undercloud.

    source ./config.sh