add hacky workaround for zfs-mount-generator bug

11 files changed, 77 insertions, 234 deletions

diff --git a/dan/host_vars/sk-cloudia.yml b/dan/host_vars/sk-cloudia.yml
index 6869b96b..9e724418 100644
--- a/dan/host_vars/sk-cloudia.yml
+++ b/dan/host_vars/sk-cloudia.yml
@@ -1,53 +1,22 @@
 $ANSIBLE_VAULT;1.2;AES256;dan
-33353432393638656337656336616631353532623663353535353962393962343232313662386230
-3461623264323762633038613863383232663530626332630a643534306263613833646265633539
-33656263333533333566313532353231643466613561393531373138393033333161366537643733
-3633303032633231620a656537373333623963663964383834373963323234303334363431383237
-39633261373235663030346561373765323230616264653837663364353666313835626636656436
-38646266653862666161376430663534653161616234616135646636303830376433383662636462
-66626537336433633366346330333036333661346561656231653533626634616562353036626333
-30646666623634363438623032396135326635663531303565623962393534343437613539393032
-61306164323461613862383037653534393463643965643663323034353665656235323262366635
-38653236663966393639373636663763356464396462623935666537353465393164653764383564
-64363261373734343837343130616339306139333137656438346138303732376433303639346432
-65363237363439626231613334616330336637303764623136323863646162656364356532383834
-65666566373262373230633535376232346266336139636532613864343561663235373862373566
-33326666613062656238653966383438343834663837353165653036316438396436633838303037
-36306634613961613662393064346139306562363662646538656533306464316338363939373738
-61616232366139356266643465646337323231363565303263363033623632623163656338626137
-32626339623134396138636436633765623736373933386362336531383266363130383937653432
-33616235303763353262333961306332303464383639623239393139643333613962346264303165
-36643263653135393639623465376661633763383435623535666563333736396336333836326639
-36666335653033656661623363363231663566313535326635313930616664333565643134376431
-30336563636666663930653263376634353030393866306463303438656131653866333836356533
-61323463666264653035326135616563313530323161373531353064643761316666626635633736
-65646364333335623961353731666637353763643963356630303233303431613235383962363463
-31363662326235636637346539303566646333336130383965313637373666646136616330303365
-39316365316465656266356366356664636663333930393634303537656465333930386638303466
-38313331363862343566313862653536626163336362636536366162306664663135343634356662
-61316132333634653264666635643632363739613764343161383931626132623365376266316433
-31346238303737373337653730346461356531306531303631316663613930313433333163623134
-62383665656661363766316330366231383531386132646234386337623766633063366366353665
-33643961613566326133393435643439323930613632326532346638333730396536633164326666
-39313364366239343762383038366135336564643263666235643166396264653637353065363033
-66316166306235333430663934653364323634326136623632306632383562623162363135663032
-35323766666262626438623837626133306630646334363235633130646638343734303964356536
-33373738623735383165643332653934363335336633393065656538333035653630636137636637
-32663165646632383930346662383636646466663661626138353037363562366664343633373731
-33353238343262343736613239643233313830313962393039313937626330326237623938336531
-31633335666333373663373064353235646562656536303839346562323637656535376566303835
-34656532623136303537386463393063383138323833333134393138333364656662363433653033
-38366665643366333936623233633033643735313234656634393832633163343330633965636566
-65366665646239303664356331616437376233383266336162343962353537626136363635666438
-37356364343838343033363165336131323430613562363061393164356538326237316134666466
-36323230383637373131336339663565313364353063393638343531356638376432303139666237
-66656365396664373063373866303231653934393966386438303966343738313233333339383031
-66323739626135363165386538633431346335376431626439663066643634373232303234616530
-39363732303063303739613961313430303837613731373765303566626461346330653265663465
-66353761386563643931656161356532306237363438363465356333313433353665373735306338
-62373531633032336464346136326232343466666531636264636162323535393565643233366236
-30313636663039643762653364323430666632303935353535316633643033333561306161663262
-66326465666638313232306538396665653966656464613735663734346265363133616136376436
-66326537643839643239653638313333396463363539343164613561366630343962326632356139
-66333234356639386536396130643135633761346430336266383864316237386432613037356534
-37393937663666373934
+65656633373536656135646536393062363731656139636262383430343234393431613134653636
+3339346463363033353961383861323139396633366164380a303036376566343832316364373733
+65353030313737633036303865643463356338356436386631383062646531316237613530386431
+3465663833303061340a303765616235373637626139343833383539363538323032376363326162
+34396536663162623163373263363565386331323236323833393533303132336562303933363938
+34623363343330666231343637376363373432643134646164326235646439366231353631373766
+62396634373530383866303634633837303462376137396435636137363364373830323166643434
+64666666363935613031393239656262643962303466323166333433383039623839323631613936
+33343265636232616632613063393030393235333434396261643933306134323337383265343164
+37316361356635623039333430613161303934623536366434643838653533343466376537346132
+62346135383938346630353163653833656666386161323664383832636335663937313231316161
+34633938343835363763313133373462666333333138646331356438623463346661626237303434
+37346365323439646164643739666262376638313138396462653234303136386363363039333762
+65386632353735643338333234323866343632663363333335653036336137303730363038613633
+63376163303830653230613262616631336238626535663734653439306264326134353735366434
+36643930363166313465626365663737626434303762346338363361643132643264333931303230
+36643932333537386434373834383564623130396466636635353066393132353164653238393131
+32313339373736346136323237326430363464306637383032383961623566306433656536613266
+38636531356263313162366364613766353162323562373665656662616239613463393635333532
+61613664616366323636343366356162356364616563643964626166303365313063313834383761
+3666
diff --git a/dan/sk-cloudia.yml b/dan/sk-cloudia.yml
index e58669d1..67c94cb9 100644
--- a/dan/sk-cloudia.yml
+++ b/dan/sk-cloudia.yml
@@ -1,24 +1,32 @@
 ---
 - name: Basic Setup
   hosts: sk-cloudia
+  roles:
+   - role: apt-repo/base
+   - role: core/base
+   - role: core/sshd
+   - role: core/zsh
+   - role: core/cpu-microcode
+   - role: core/admin-users
+   - role: cryptdisk
+   - role: zfs/base
+   - role: kubernetes/base
+   - role: kubernetes/standalone/base
   tasks:
-  - debug:
-      msg: "please use the branch topic/skillz-legacy for this host"
-  #roles:
-  # - role: apt-repo/base
-  # - role: core/base
-  # - role: core/sshd
-  # - role: core/zsh
-  # - role: core/cpu-microcode
-  # - role: core/admin-users
-  # - role: zfs/base
-  # - role: kubernetes/base
-  # - role: kubernetes/standalone/base
-  # - role: apt-repo/spreadspace
-  # - role: acmetool/base
-  # - role: nginx/base
-  # - role: apps/nextcloud
-  # - role: apps/collabora/code
-  # - role: apps/etherpad-lite
-  # - role: apps/coturn
-  # - role: apps/jitsi/meet
+  - name: install post-boot script
+    copy:
+      dest: /usr/local/bin/post-boot
+      mode: 0755
+      content: |
+        #!/bin/bash
+        set -e
+
+        {% for name, volume in  cryptdisk_volumes.items() %}
+        cryptsetup luksOpen '{{ volume.device }}' '{{ name }}'
+        {% endfor %}
+        systemctl restart zfs-import-cache.service
+        systemctl restart zfs-mount.service
+        mount -a
+        sleep 2
+        systemctl restart docker.service
+        systemctl restart kubelet.service
diff --git a/inventory/host_vars/sk-cloudia/collabora.yml b/inventory/host_vars/sk-cloudia/collabora.yml
deleted file mode 100644
index 3fc973c3..00000000
--- a/inventory/host_vars/sk-cloudia/collabora.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-collabora_code_base_path: /srv/storage/collabora/code
-
-collabora_code_instances:
-  o.skillz.biz:
-    version: 4.2.4.5
-    port: 8200
-    hostname: o.skillz.biz
-    admin:
-      username: admin
-      password: "{{ vault_collabora_code_admin_passwords['o.skillz.biz'] }}"
-    backend_storages:
-    - wolke.elevate.at
-    - insomnia.skillz.biz
-    - nc.skillz.biz
-    - wae.elevate.at
diff --git a/inventory/host_vars/sk-cloudia/coturn.yml b/inventory/host_vars/sk-cloudia/coturn.yml
deleted file mode 100644
index 43dc2d3c..00000000
--- a/inventory/host_vars/sk-cloudia/coturn.yml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-coturn_base_path: /srv/storage/coturn
-
-coturn_version: 4.5.1.3
-coturn_realm: elev8.at
-coturn_hostnames:
-  - stun.elev8.at
-  - turn.elev8.at
-
-coturn_max_bps: 1048576  ## 8Mbit/s
-coturn_bps_capacity: 13107200  ## 100Mbit/s
-coturn_threads: 4
-
-coturn_auth_secret: "{{ vault_coturn_auth_secret }}"
diff --git a/inventory/host_vars/sk-cloudia/etherpad.yml b/inventory/host_vars/sk-cloudia/etherpad.yml
deleted file mode 100644
index 1d82e4b3..00000000
--- a/inventory/host_vars/sk-cloudia/etherpad.yml
+++ /dev/null
@@ -1,58 +0,0 @@
----
-etherpad_lite_zfs:
-  pool: storage
-  name: etherpad-lite
-  properties:
-    compression: lz4
-
-etherpad_lite_instances:
-  pad.elevate.at:
-    version: c65c5f17aa26c9179ce591f44721861ba6f6bec4-elevate
-    port: 8300
-    hostnames:
-      - pad.elevate.at
-    zfs_properties:
-      quota: 5G
-    settings:
-      title: Elevate Etherpad
-      users:
-        admin:
-          is_admin: true
-          password: "{{ vault_etherpad_lite_user_passwords['pad.elevate.at']['admin'] }}"
-        user:
-          is_admin: false
-          password: "{{ vault_etherpad_lite_user_passwords['pad.elevate.at']['user'] }}"
-
-      defaultPadText: "Welcome to the ELEVATE - Etherpad!\n\nThis pad text is synchronized\
-        \ as you type, so that everyone viewing this page sees the same text. This allows\
-        \ you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http://etherpad.org\n\
-        \n IMPORTANT: THIS PAD IS PRIVIDED FOR FREE TO THE PUBLIC! There is no guarantee\
-        \ for your data - please take care of backups yourself! This is usually intended\
-        \ only for the Elevate Team and it might get access control in the future! If you\
-        \ are interested in having a PAD for your project, please get back to dan@elevate.at\
-        \ for information. It can be made available!"
-      favicon: favicon.ico
-
-      maxAge: 21600
-      editOnly: false
-      minify: true
-      requireSession: false
-      requireAuthentication: false
-      requireAuthorization: false
-      socketTransportProtocols: [xhr-polling, jsonp-polling, htmlfile]
-      abiword: null
-      loglevel: INFO
-      logconfig:
-        appenders:
-        - type: console
-      dbType: "mysql"
-      dbSettings:
-        host: "127.0.0.1"
-        user: "etherpad-lite"
-        password: "{{ vault_etherpad_lite_database_passwords['pad.elevate.at'] }}"
-        database: "etherpad-lite"
-        charset: "utf8mb4"
-    database:
-      type: mariadb
-      version: 10.4.8
-      password: "{{ vault_etherpad_lite_database_passwords['pad.elevate.at'] }}"
diff --git a/inventory/host_vars/sk-cloudia/jitsi.yml b/inventory/host_vars/sk-cloudia/jitsi.yml
deleted file mode 100644
index 1c50c94c..00000000
--- a/inventory/host_vars/sk-cloudia/jitsi.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-jitsi_meet_base_path: /srv/storage/jitsi/meet
-
-jitsi_meet_version: stable-4857
-jitsi_meet_hostnames:
-  - meet.elev8.at
-
-jitsi_meet_secrets: "{{ vault_jitsi_meet_secrets }}"
diff --git a/inventory/host_vars/sk-cloudia/nextcloud.yml b/inventory/host_vars/sk-cloudia/nextcloud.yml
deleted file mode 100644
index 2bb6eab5..00000000
--- a/inventory/host_vars/sk-cloudia/nextcloud.yml
+++ /dev/null
@@ -1,56 +0,0 @@
----
-nextcloud_zfs:
-  pool: storage
-  name: nextcloud
-  properties:
-    compression: lz4
-
-nextcloud_instances:
-  wolke.elevate.at:
-    # new: true
-    version: 18.0.6
-    port: 8100
-    hostnames:
-    - wolke.elevate.at
-    zfs_properties:
-      quota: 300G
-    database:
-      type: mariadb
-      version: 10.4.13
-      password: "{{ vault_nextcloud_database_passwords['wolke.elevate.at'] }}"
-  insomnia.skillz.biz:
-    # new: true
-    version: 18.0.6
-    port: 8101
-    hostnames:
-      - insomnia.skillz.biz
-    zfs_properties:
-      quota: 200G
-    database:
-      type: mariadb
-      version: 10.4.13
-      password: "{{ vault_nextcloud_database_passwords['insomnia.skillz.biz'] }}"
-  nc.skillz.biz:
-    # new: true
-    version: 18.0.6
-    port: 8102
-    hostnames:
-      - nc.skillz.biz
-    zfs_properties:
-      quota: 200G
-    database:
-      type: mariadb
-      version: 10.4.13
-      password: "{{ vault_nextcloud_database_passwords['nc.skillz.biz'] }}"
-  wae.elevate.at:
-    # new: true
-    version: 18.0.6
-    port: 8104
-    hostnames:
-    - wae.elevate.at
-    zfs_properties:
-      quota: 100G
-    database:
-      type: mariadb
-      version: 10.4.13
-      password: "{{ vault_nextcloud_database_passwords['wae.elevate.at'] }}"
diff --git a/inventory/host_vars/sk-cloudia/vars.yml b/inventory/host_vars/sk-cloudia/vars.yml
index 1a21765d..38bd7cfb 100644
--- a/inventory/host_vars/sk-cloudia/vars.yml
+++ b/inventory/host_vars/sk-cloudia/vars.yml
@@ -18,15 +18,31 @@ network: {}
 base_intel_nic_stability_fix: true
 
 
-zfs_use_systemd_mount_generator: no
+
+apt_repo_components:
+  - main
+  - contrib  ## for zfs
+  - non-free ## for microcode updates
+
+
+cryptdisk_volumes:
+  crypto-nvme0:
+    passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme0'].passphrase }}"
+    device: /dev/disk/by-id/nvme-SAMSUNG_MZVLB1T0HALR-00000_S3W6NA0M713049-part3
+  crypto-nvme1:
+    passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme1'].passphrase }}"
+    device: /dev/disk/by-id/nvme-SAMSUNG_MZVLB1T0HALR-00000_S3W6NA0M713090-part3
+
+
 zfs_arc_size:
   min: "{{ 2 * 1024 * 1024 * 1024 }}"
-  max: "{{ 16 * 1024 * 1024 * 1024 }}"
+  max: "{{ 12 * 1024 * 1024 * 1024 }}"
 
 zfs_zpools:
   storage:
     mountpoint: /srv/storage
-    create_vdevs: mirror nvme0n1p3 nvme1n1p3
+    create_vdevs: mirror /dev/mapper/crypto-nvme0 /dev/mapper/crypto-nvme1
+
 
 
 docker_zfs:
@@ -44,10 +60,5 @@ kubelet_zfs:
 kubernetes_version: 1.18.6
 kubernetes_container_runtime: docker
 kubernetes_standalone_max_pods: 100
-kubernetes_standalone_resolv_conf: /var/run/systemd/resolve/resolv.conf
 kubernetes_standalone_pod_cidr: 192.168.255.0/24
 kubernetes_standalone_cni_variant: with-portmap
-
-acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}"
-
-nginx_stream_module: yes
diff --git a/inventory/hosts.ini b/inventory/hosts.ini
index 17360d01..c718da7e 100644
--- a/inventory/hosts.ini
+++ b/inventory/hosts.ini
@@ -232,7 +232,6 @@ ch-jump
 s2-build
 lw-master
 sk-2019
-sk-cloudia
 sk-2019vm
 sk-tomnext
 sk-tomnext-nc
diff --git a/roles/zfs/base/tasks/enable-systemd-mount-generator.yml b/roles/zfs/base/tasks/enable-systemd-mount-generator.yml
index abefbeb1..46e709da 100644
--- a/roles/zfs/base/tasks/enable-systemd-mount-generator.yml
+++ b/roles/zfs/base/tasks/enable-systemd-mount-generator.yml
@@ -21,3 +21,11 @@
 
 ## TODO: if this is installed after the zpool has already been created zed needs to be triggered
 ##       using someing like:   zfs set canmount=on DATASET
+
+### HACK HACK HACK (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966565)
+- name: patch zfs mount generator (Debian Bug 966565)
+  when: ansible_distribution == 'Debian'
+  lineinfile:
+    path: /usr/lib/systemd/system-generators/zfs-mount-generator
+    regexp: '^pools=\$\(zpool list -H -o name\)$'
+    line: "pools=$(zpool list -H -o name || true)"
diff --git a/roles/zfs/base/tasks/main.yml b/roles/zfs/base/tasks/main.yml
index db5cfe2d..54e716a6 100644
--- a/roles/zfs/base/tasks/main.yml
+++ b/roles/zfs/base/tasks/main.yml
@@ -22,7 +22,7 @@
       - zfs-zed
     state: present
 
-- name: enable systemd -mount-generator
+- name: enable systemd mount-generator
   when: zfs_use_systemd_mount_generator
   import_tasks: enable-systemd-mount-generator.yml