Merge pull request #81 from wiseflat/dev/build/docker-buildx

Configure docker buildx and more

Author: wiseflat

ansible/playbooks/paas/main.yml

@@ -58,10 +58,14 @@
     - unattended-upgrades
     - ansible-ufw
 
+- name: Configure sshd
+  ansible.builtin.import_playbook: sshd.yml
 - name: Configure timesyncd
   ansible.builtin.import_playbook: timesyncd.yml
 - name: Configure systemd resolved
   ansible.builtin.import_playbook: systemd-resolved.yml
+- name: Configure nvidia
+  ansible.builtin.import_playbook: nvidia.yml
 - name: Configure docker
   ansible.builtin.import_playbook: docker.yml
 - name: Configure nomad

ansible/playbooks/paas/metrology.yml

@@ -5,9 +5,9 @@
   gather_facts: true
   become: true
   tasks:
-    - name: End the play for hosts that are not in admins group
-      ansible.builtin.meta: end_host
-      when: fact_instance.location != 'admins'
+    # - name: End the play for hosts that are not in admins group
+    #   ansible.builtin.meta: end_host
+    #   when: fact_instance.location != 'admins'
 
     - name: Install prometheus
       ansible.builtin.import_role:

…le/playbooks/saas/nomad-clean-errors.yml …le/playbooks/paas/nomad-clean-errors.ymlansible/playbooks/saas/nomad-clean-errors.yml renamed to ansible/playbooks/paas/nomad-clean-errors.yml ansible/playbooks/saas/nomad-clean-errors.yml renamed to ansible/playbooks/paas/nomad-clean-errors.yml

@@ -18,6 +18,10 @@
 
   pre_tasks:
 
+    - name: End the play for hosts that don't have nvidia gpu
+      ansible.builtin.meta: end_host
+      when: not nvidia_enable
+      
     - name: Créer le répertoire du keyring s'il n'existe pas
       ansible.builtin.file:
         path: "{{ nvidia_keyring_path | dirname }}"

ansible/playbooks/paas/nvidia.yml

@@ -1,10 +1,10 @@
 ---
-- name: Uninstall scan_exporter
+- name: Install scan_exporter
   any_errors_fatal: true
   hosts: "{{ hosts_limit | default('infrastructure') }}"
   gather_facts: true
   become: true
   pre_tasks:
-    - name: Uninstall scan_exporter
+    - name: Install scan_exporter
       ansible.builtin.include_role:
         name: scan_exporter

ansible/playbooks/paas/scan_exporter.yml

@@ -4,5 +4,9 @@
   hosts: "{{ hosts_limit | default('infrastructure') }}"
   gather_facts: true
   become: true
+  pre_tasks:
+    - name: End the play for hosts that are not in frontends group
+      ansible.builtin.meta: end_host
+      when: fact_instance.location != 'frontends'
   roles:
     - sshd

ansible/playbooks/paas/sshd.yml

@@ -27,6 +27,8 @@
 
     - name: Use RTC in UTC
       ansible.builtin.command: timedatectl set-local-rtc 0
+      register: timedatectl
+      changed_when: false
 
   handlers:
     - name: Restart timesyncd

ansible/playbooks/paas/timesyncd.yml

@@ -93,15 +93,15 @@
       failed_when: ui_update.status != 200
       become: false
 
+  post_tasks:
+    - name: Trigger cleanup on failure
+      ansible.builtin.meta: clear_host_errors
+      when: ansible_failed_result is defined
+      notify: Cleanup build directory
+
   handlers:
     - name: Cleanup build directory
       ansible.builtin.file:
         path: "{{ build_work_dir }}"
         state: absent
       listen: cleanup_build
-
-  post_tasks:
-    - name: Trigger cleanup on failure
-      ansible.builtin.meta: clear_host_errors
-      when: ansible_failed_result is defined
-      notify: Cleanup build directory

ansible/playbooks/saas/image-forkable.yml

@@ -45,13 +45,16 @@
     - name: Build
       when: image_definition.build
       block:
-        - name: Build and publish image
+        - name: Build and publish multi-arch image
           community.docker.docker_image_build:
             name: "{{ docker_private_registry.url }}/{% if docker_private_registry.project is defined %}{{ docker_private_registry.project }}/{% endif %}{{ image_definition.name }}:{{ image_version }}"
             tag: latest
             path: "{{ build_work_dir }}"
             dockerfile: Dockerfile
             labels: "{{ image_definition.labels }}"
+            platform:
+              - linux/amd64
+              - linux/arm64
             rebuild: always
             outputs:
               - type: image

ansible/playbooks/saas/image.yml

@@ -12,3 +12,44 @@ www.domain.com:
   domain_alias: domain.com    # (string) Primary domain name for the application.
   ipfilter: []                # (list) List of allowed IPs for access control (empty for unrestricted access).
   basic_auth: False           # (bool) Enable/disable HTTP Basic Authentication (True/False).
+```
+
+## variable
+
+```yaml
+passwd: s3cret!
+user: myuser
+```
+
+## Secret
+
+```yaml
+plugins:
+  - disabled: false
+    jsonData:
+      models:
+        default: base
+        mapping:
+          base: gpt-oss-120b
+          large: gpt-oss-120b
+      openAI:
+        apiPath: /api/openai_compat/v1
+        url: https://llm.public.api
+      provider: custom
+      vector:
+        embed:
+          grafanaVectorAPI:
+            authType: no-auth
+            url: http://vectorStore.default.service.nomad:8687
+          type: grafana/vectorapi
+        enabled: true
+        model: BAAI/bge-small-en-v1.5
+        store:
+          grafanaVectorAPI:
+            authType: no-auth
+            url: http://vectorStore.default.service.nomad:8687
+          type: grafana/vectorapi
+    secureJsonData:
+      openAIKey: <secretkey>
+    type: grafana-llm-app
+```