From 7040a443c5973be872cdf5f3a656e9f947650b2b Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <me@liz.coffee>
Date: Sun, 4 May 2025 12:17:10 -0700
Subject: Refactor the swarm cluster role a bit

---
 group_vars/swarm.yml                               |  3 ---
 group_vars/swarm_cluster.yml                       |  3 +++
 inventory                                          |  2 +-
 .../labdns/templates/stacks/docker-compose.yml     |  1 +
 .../templates/volumes/unbound/a-records.conf       |  4 ++++
 .../templates/volumes/unbound/forward-records.conf |  7 +++----
 .../roles/swarm_cluster/swarm_init/tasks/main.yml  | 19 +++++++++++++++++++
 .../roles/swarm_cluster/swarm_join/tasks/main.yml  | 22 ++++++++++++++++++++++
 playbooks/roles/swarm_cluster/tasks/main.yml       | 20 ++++++++++++++++++++
 playbooks/roles/swarm_init/tasks/main.yml          | 19 -------------------
 playbooks/roles/swarm_join/tasks/main.yml          | 22 ----------------------
 playbooks/swarm_cluster.yml                        | 22 +++-------------------
 12 files changed, 76 insertions(+), 68 deletions(-)
 delete mode 100644 group_vars/swarm.yml
 create mode 100644 group_vars/swarm_cluster.yml
 create mode 100644 playbooks/roles/swarm_cluster/swarm_init/tasks/main.yml
 create mode 100644 playbooks/roles/swarm_cluster/swarm_join/tasks/main.yml
 create mode 100644 playbooks/roles/swarm_cluster/tasks/main.yml
 delete mode 100644 playbooks/roles/swarm_init/tasks/main.yml
 delete mode 100644 playbooks/roles/swarm_join/tasks/main.yml

diff --git a/group_vars/swarm.yml b/group_vars/swarm.yml
deleted file mode 100644
index bf0744d..0000000
--- a/group_vars/swarm.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-
-swarm_base: "{{ ceph_base }}/docker"
diff --git a/group_vars/swarm_cluster.yml b/group_vars/swarm_cluster.yml
new file mode 100644
index 0000000..bf0744d
--- /dev/null
+++ b/group_vars/swarm_cluster.yml
@@ -0,0 +1,3 @@
+---
+
+swarm_base: "{{ ceph_base }}/docker"
diff --git a/inventory b/inventory
index 69d14d8..2b2ebe9 100644
--- a/inventory
+++ b/inventory
@@ -19,7 +19,7 @@ swarm-one ansible_host=10.128.0.201  ansible_user=serve ansible_connection=ssh a
 swarm-two ansible_host=10.128.0.202  ansible_user=serve ansible_connection=ssh ansible_become_password='{{ swarm_become_password }}'
 swarm-three ansible_host=10.128.0.203  ansible_user=serve ansible_connection=ssh ansible_become_password='{{ swarm_become_password }}'
 
-[swarm]
+[swarm_cluster]
 swarm-one ansible_host=10.128.0.201  ansible_user=serve ansible_connection=ssh ansible_become_password='{{ swarm_become_password }}'
 swarm-two ansible_host=10.128.0.202  ansible_user=serve ansible_connection=ssh ansible_become_password='{{ swarm_become_password }}'
 swarm-three ansible_host=10.128.0.203  ansible_user=serve ansible_connection=ssh ansible_become_password='{{ swarm_become_password }}'
diff --git a/playbooks/roles/labdns/templates/stacks/docker-compose.yml b/playbooks/roles/labdns/templates/stacks/docker-compose.yml
index 3327c18..c2a2ab5 100644
--- a/playbooks/roles/labdns/templates/stacks/docker-compose.yml
+++ b/playbooks/roles/labdns/templates/stacks/docker-compose.yml
@@ -17,6 +17,7 @@ services:
       test: ["CMD-SHELL", "drill loadbalancer.{{ domain }} @127.0.0.1 | grep -q {{ loadbalancer_ip }}"]
       retries: 3
       timeout: 5s
+      interval: 10s
       start_period: 8s
 {% endif %}
     deploy:
diff --git a/playbooks/roles/labdns/templates/volumes/unbound/a-records.conf b/playbooks/roles/labdns/templates/volumes/unbound/a-records.conf
index 6248b0c..5eefeb5 100644
--- a/playbooks/roles/labdns/templates/volumes/unbound/a-records.conf
+++ b/playbooks/roles/labdns/templates/volumes/unbound/a-records.conf
@@ -2,3 +2,7 @@
 {% for service in internal_services %}
 local-data: "{{ service }}. A {{ loadbalancer_ip }}" 
 {% endfor %}
+
+# lucina.cloud
+local-zone: "lucina.cloud." redirect
+local-data: "lucina.cloud. A 10.128.0.44"
diff --git a/playbooks/roles/labdns/templates/volumes/unbound/forward-records.conf b/playbooks/roles/labdns/templates/volumes/unbound/forward-records.conf
index ae977e7..19af327 100644
--- a/playbooks/roles/labdns/templates/volumes/unbound/forward-records.conf
+++ b/playbooks/roles/labdns/templates/volumes/unbound/forward-records.conf
@@ -1,6 +1,5 @@
 forward-zone:
   name: "."
-  forward-addr: 10.128.0.44@53
-# forward-addr: 1.1.1.1@853#cloudflare-dns.com
-# forward-addr: 1.0.0.1@853#cloudflare-dns.com
-# forward-tls-upstream: yes
+  forward-addr: 1.1.1.1@853#cloudflare-dns.com
+  forward-addr: 1.0.0.1@853#cloudflare-dns.com
+  forward-tls-upstream: yes
diff --git a/playbooks/roles/swarm_cluster/swarm_init/tasks/main.yml b/playbooks/roles/swarm_cluster/swarm_init/tasks/main.yml
new file mode 100644
index 0000000..19967e9
--- /dev/null
+++ b/playbooks/roles/swarm_cluster/swarm_init/tasks/main.yml
@@ -0,0 +1,19 @@
+---
+
+- name: Check Docker Swarm Status
+  ansible.builtin.command: docker info --format '{{ "{{.Swarm.LocalNodeState}}" }}'
+  register: docker_swarm_status
+  changed_when: false
+
+- name: Initialize Docker Swarm if Inactive
+  ansible.builtin.command:
+    cmd: docker swarm init --advertise-addr "{{ ansible_default_ipv4.address }}"
+  when: docker_swarm_status.stdout == "inactive"
+  register: swarm_init
+  changed_when: '"Swarm initialized" in swarm_init.stdout'
+
+- name: Retrieve Docker Swarm Manager Token
+  ansible.builtin.command: docker swarm join-token manager -q
+  register: manager_token
+  changed_when: false
+
diff --git a/playbooks/roles/swarm_cluster/swarm_join/tasks/main.yml b/playbooks/roles/swarm_cluster/swarm_join/tasks/main.yml
new file mode 100644
index 0000000..b73030e
--- /dev/null
+++ b/playbooks/roles/swarm_cluster/swarm_join/tasks/main.yml
@@ -0,0 +1,22 @@
+---
+
+- name: Check Docker Swarm Status
+  ansible.builtin.command: docker info --format '{{ "{{.Swarm.LocalNodeState}}" }}'
+  register: docker_swarm_status
+  changed_when: false
+
+- name: Join Swarm as Manager
+  ansible.builtin.command:
+    cmd: docker swarm join --token {{ hostvars[swarm_initializer_host]['manager_token'].stdout }} {{ hostvars[swarm_initializer_host]['ansible_default_ipv4']['address'] }}:2377
+  when:
+    - hostvars[swarm_initializer_host]['manager_token'].stdout is defined
+    - docker_swarm_status.stdout != "active"
+  register: swarm_join
+  changed_when: '"This node joined a swarm as a manager" in swarm_join.stdout'
+
+- name: Label Docker Swarm Manager Nodes
+  ansible.builtin.command:
+    cmd: docker node update --label-add manager=true {{ ansible_hostname }}
+  when: swarm_join is changed
+  changed_when: false
+
diff --git a/playbooks/roles/swarm_cluster/tasks/main.yml b/playbooks/roles/swarm_cluster/tasks/main.yml
new file mode 100644
index 0000000..d2507af
--- /dev/null
+++ b/playbooks/roles/swarm_cluster/tasks/main.yml
@@ -0,0 +1,20 @@
+---
+
+- name: Enable Local Swarm Communications
+  community.general.ufw:
+    rule: allow
+    from: "{{ homelab_network }}"
+    state: enabled
+
+- name: Set swarm initializer variable
+  ansible.builtin.set_fact:
+    swarm_initializer_host: "{{ groups['swarm_cluster'][0] }}"
+
+- name: Initialize the swarm cluster on the first node
+  when: ansible_hostname == swarm_initializer_host
+  ansible.builtin.import_tasks: swarm_init/tasks/main.yml
+
+- name: Join the swarm cluster on all other nodes
+  when: ansible_hostname != swarm_initializer_host
+  ansible.builtin.import_tasks: swarm_join/tasks/main.yml
+
diff --git a/playbooks/roles/swarm_init/tasks/main.yml b/playbooks/roles/swarm_init/tasks/main.yml
deleted file mode 100644
index 19967e9..0000000
--- a/playbooks/roles/swarm_init/tasks/main.yml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-
-- name: Check Docker Swarm Status
-  ansible.builtin.command: docker info --format '{{ "{{.Swarm.LocalNodeState}}" }}'
-  register: docker_swarm_status
-  changed_when: false
-
-- name: Initialize Docker Swarm if Inactive
-  ansible.builtin.command:
-    cmd: docker swarm init --advertise-addr "{{ ansible_default_ipv4.address }}"
-  when: docker_swarm_status.stdout == "inactive"
-  register: swarm_init
-  changed_when: '"Swarm initialized" in swarm_init.stdout'
-
-- name: Retrieve Docker Swarm Manager Token
-  ansible.builtin.command: docker swarm join-token manager -q
-  register: manager_token
-  changed_when: false
-
diff --git a/playbooks/roles/swarm_join/tasks/main.yml b/playbooks/roles/swarm_join/tasks/main.yml
deleted file mode 100644
index f6fe454..0000000
--- a/playbooks/roles/swarm_join/tasks/main.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-
-- name: Check Docker Swarm Status
-  ansible.builtin.command: docker info --format '{{ "{{.Swarm.LocalNodeState}}" }}'
-  register: docker_swarm_status
-  changed_when: false
-
-- name: Join Swarm as Manager
-  ansible.builtin.command:
-    cmd: docker swarm join --token {{ hostvars[groups['swarm'][0]]['manager_token'].stdout }} {{ hostvars[groups['swarm'][0]]['ansible_default_ipv4']['address'] }}:2377
-  when:
-    - hostvars[groups['swarm'][0]]['manager_token'].stdout is defined
-    - docker_swarm_status.stdout != "active"
-  register: swarm_join
-  changed_when: '"This node joined a swarm as a manager" in swarm_join.stdout'
-
-- name: Label Docker Swarm Manager Nodes
-  ansible.builtin.command:
-    cmd: docker node update --label-add manager=true {{ ansible_hostname }}
-  when: swarm_join is changed
-  changed_when: false
-
diff --git a/playbooks/swarm_cluster.yml b/playbooks/swarm_cluster.yml
index 6a13f8c..8dadae4 100644
--- a/playbooks/swarm_cluster.yml
+++ b/playbooks/swarm_cluster.yml
@@ -1,24 +1,8 @@
 ---
 
-- name: Configure Docker Swarm Firewall Rules
-  hosts: swarm
-  become: true
-  tasks:
-    - name: Enable Local Swarm Communications
-      community.general.ufw:
-        rule: allow
-        from: "{{ homelab_network }}"
-        state: enabled
-
-- name: Setup swarm on init node
-  hosts: swarm[0]
-  become: true
-  roles:
-    - swarm_init
-
-- name: Join non-init nodes
-  hosts: swarm:!swarm[0]
+- name: Deploy swarm cluster
+  hosts: swarm_cluster
   become: true
   roles:
-    - swarm_join
+    - swarm_cluster
 
-- 
cgit v1.2.3-70-g09d2