add storage_device roles

author: Christian Pointner <equinox@spreadspace.org> 2024-01-20 22:42:30 +0100
committer: Christian Pointner <equinox@spreadspace.org> 2024-01-20 22:42:30 +0100
commit: ba2ab1cb42db29c8287c65a3f1e0b646eeba0464 (patch)
tree: 73a496d6b03085de2aa8dfe22ca201ff0354ba07
parent: apps/storage: test with zfs volumes (diff)
15 files changed, 206 insertions, 102 deletions
diff --git a/chaos-at-home/ch-testvm-phoebe.yml b/chaos-at-home/ch-testvm-phoebe.yml
index bcb4d92e..e791839b 100644
--- a/chaos-at-home/ch-testvm-phoebe.yml
+++ b/chaos-at-home/ch-testvm-phoebe.yml
@@ -7,8 +7,3 @@
   - role: core/sshd/base
   - role: core/zsh
   - role: core/ntp
-
-- name: Payload Setup
-  hosts: ch-testvm-phoebe
-  roles:
-  - role: greenbone/target
diff --git a/inventory/host_vars/ch-testvm-phoebe.yml b/inventory/host_vars/ch-testvm-phoebe.yml
index df89e810..d15e4142 100644
--- a/inventory/host_vars/ch-testvm-phoebe.yml
+++ b/inventory/host_vars/ch-testvm-phoebe.yml
@@ -39,7 +39,3 @@ network:
     address: "{{ network_zones.iot.prefix | ansible.utils.ipaddr(network_zones.iot.offsets[inventory_hostname]) }}"
 
 ntp_variant: systemd-timesyncd
-
-
-####
-sshd_allowusers_host: "{{ admin_users_host + ['greenbone'] }}"
diff --git a/roles/storage/luks/base/tasks/main.yml b/roles/storage/luks/base/tasks/main.yml
index 7fe556a1..eca233e8 100644
--- a/roles/storage/luks/base/tasks/main.yml
+++ b/roles/storage/luks/base/tasks/main.yml
@@ -4,40 +4,11 @@
     name: cryptsetup-bin
     state: present
 
-- name: Create temporary build directory
-  tempfile:
-    state: directory
-  register: keyfile_dir
-  changed_when: False
-  check_mode: False
-
-- name: create luks volumes
-  block:
-  - name: write passphrases into temporary keyfiles
-    loop: "{{ luks_devices | dict2items }}"
-    loop_control:
-      label: "{{ item.key }}"
-    copy:
-      dest: "{{ keyfile_dir.path }}/{{ item.key }}"
-      content: "{{ item.value.passphrase }}"
-      mode: 0600
-    changed_when: False
-    check_mode: False
-
-  - name: create/open luks volumes
-    loop: "{{ luks_devices | dict2items }}"
-    loop_control:
-      label: "{{ item.key }} ({{ item.value.device }})"
-    luks_device:
-      name: "{{ item.key }}"
-      device: "{{ item.value.device }}"
-      keyfile: "{{ keyfile_dir.path }}/{{ item.key }}"
-      state: opened
-
-  always:
-  - name: remove base-directory for keyfiles
-    file:
-      path: "{{ keyfile_dir.path }}"
-      state: absent
-    changed_when: False
-    check_mode: False
+- name: create luks devices
+  loop: "{{ luks_devices | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  vars:
+    luks_device: "{{ item.value | combine({'name': item.key}) }}"
+  include_role:
+    name: storage/luks/device
diff --git a/roles/storage/luks/device/defaults/main.yml b/roles/storage/luks/device/defaults/main.yml
new file mode 100644
index 00000000..009d1485
--- /dev/null
+++ b/roles/storage/luks/device/defaults/main.yml
@@ -0,0 +1,7 @@
+---
+# luks_device:
+#   name: crypto-nvme0
+#   passphrase: "keep-this-very-very-secret"
+#   device: /dev/nvme0n1p3
+
+luks_device: "{{ storage_device }}"
diff --git a/roles/storage/luks/device/tasks/main.yml b/roles/storage/luks/device/tasks/main.yml
new file mode 100644
index 00000000..7b84b8cc
--- /dev/null
+++ b/roles/storage/luks/device/tasks/main.yml
@@ -0,0 +1,36 @@
+---
+- name: Create temporary build directory
+  check_mode: False
+  tempfile:
+    state: directory
+  changed_when: False
+  register: luks_keyfile_dir
+
+- name: create luks device
+  block:
+  - name: write passphrase into temporary keyfile
+    check_mode: False
+    copy:
+      dest: "{{ luks_keyfile_dir.path }}/{{ luks_device.name }}"
+      content: "{{ luks_device.passphrase }}"
+      mode: 0400
+    changed_when: False
+
+  - name: create/open luks device
+    luks_device:
+      name: "{{ luks_device.name }}"
+      device: "{{ luks_device.device }}"
+      keyfile: "{{ luks_keyfile_dir.path }}/{{ luks_device.name }}"
+      state: opened
+
+  always:
+  - name: remove base-directory for keyfiles
+    check_mode: False
+    file:
+      path: "{{ luks_keyfile_dir.path }}"
+      state: absent
+    changed_when: False
+
+- name: export device path
+  set_fact:
+    storage_device_path: "/dev/mapper/{{ luks_device.name }}"
diff --git a/roles/storage/lvm/base/defaults/main.yml b/roles/storage/lvm/base/defaults/main.yml
index 36df4a51..f85e2c80 100644
--- a/roles/storage/lvm/base/defaults/main.yml
+++ b/roles/storage/lvm/base/defaults/main.yml
@@ -5,17 +5,15 @@ lvm_groups: {}
 #   foo:
 #     pvs:
 #     - /dev/sdb
-#     - /dev/sdc1
+#     - /dev/sdc
 
-lvm_volumes: {}
+lvm_devices: {}
 
-# lvm_volumes:
-#   system/test:
+# lvm_devices:
+#   system/dev-test:
 #     vg: "{{ host_name }}"
-#     lv: test
+#     lv: dev-test
 #     size: 1G
-#     fs: ext4
-#     dest: /srv/test
 #   foo/test: &_lvm_thinpool_foo_test_
 #     vg: foo
 #     lv: test
@@ -25,11 +23,29 @@ lvm_volumes: {}
 #     parent: *_lvm_thinpool_foo_test_
 #     lv: blub
 #     size: 3G
-#     fs: ext4
-#     dest: /srv/blub
 #   foo/hugo:
 #     parent: *_lvm_thinpool_foo_test_
 #     lv: hugo
 #     size: 2G
+
+lvm_volumes: {}
+
+# lvm_volumes:
+#   system/vol-test:
+#     vg: "{{ host_name }}"
+#     lv: vol-test
+#     size: 1G
+#     fs: ext4
+#     dest: /srv/test
+#   foo/app1:
+#     parent: *_lvm_thinpool_foo_test_
+#     lv: app1
+#     size: 3G
+#     fs: ext4
+#     dest: /srv/app1
+#   foo/app2:
+#     parent: *_lvm_thinpool_foo_test_
+#     lv: app2
+#     size: 2G
 #     fs: ext4
-#     dest: /srv/hugo
+#     dest: /srv/app2
diff --git a/roles/storage/lvm/base/filter_plugins/lvm.py b/roles/storage/lvm/base/filter_plugins/lvm.py
index 0f8b1e97..312741a6 100644
--- a/roles/storage/lvm/base/filter_plugins/lvm.py
+++ b/roles/storage/lvm/base/filter_plugins/lvm.py
@@ -6,25 +6,25 @@ from functools import partial
 from ansible import errors
 
 
-def lvm_volume_list(data):
+def lvm_device_list(data):
     try:
         thinpools = []
-        volumes = []
-        for name, volume in data.items():
-            entry = {'name': name, 'volume': volume}
-            if 'thinpool' in volume and volume['thinpool'] == True:
+        devices = []
+        for name, device in data.items():
+            entry = {'name': name, 'device': device}
+            if 'thinpool' in device and device['thinpool'] == True:
                 thinpools.append(entry)
             else:
-                volumes.append(entry)
-        return thinpools + volumes
+                devices.append(entry)
+        return thinpools + devices
     except Exception as e:
-        raise errors.AnsibleFilterError("lvm_volume_list(): %s" % str(e))
+        raise errors.AnsibleFilterError("lvm_device_list(): %s" % str(e))
 
 
 class FilterModule(object):
 
     filter_map = {
-        'lvm_volume_list': lvm_volume_list,
+        'lvm_device_list': lvm_device_list,
     }
 
     def filters(self):
diff --git a/roles/storage/lvm/base/tasks/main.yml b/roles/storage/lvm/base/tasks/main.yml
index 75af733b..04d44ad0 100644
--- a/roles/storage/lvm/base/tasks/main.yml
+++ b/roles/storage/lvm/base/tasks/main.yml
@@ -11,11 +11,20 @@
     pv_options: "{{ item.value.pv_options | default(omit) }}"
     state: present
 
-- name: create lvm volumes
-  loop: "{{ lvm_volumes | lvm_volume_list }}"
+- name: create lvm devices
+  loop: "{{ lvm_devices | lvm_device_list }}"
   loop_control:
     label: "{{ item.name }}"
   vars:
-    lvm_volume: "{{ item.volume }}"
+    lvm_device: "{{ item.device }}"
+  include_role:
+    name: storage/lvm/device
+
+- name: create lvm volumes
+  loop: "{{ lvm_volumes | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  vars:
+    lvm_volume: "{{ item.value }}"
   include_role:
     name: storage/lvm/volume
diff --git a/roles/storage/lvm/device/defaults/main.yml b/roles/storage/lvm/device/defaults/main.yml
new file mode 100644
index 00000000..abe4f52c
--- /dev/null
+++ b/roles/storage/lvm/device/defaults/main.yml
@@ -0,0 +1,11 @@
+---
+# lvm_device:
+#   parent:
+#     thinpool: true
+#     ...
+#   vg: foo
+#   lv: bar
+#   thinpool: false
+#   size: 10G
+
+lvm_device: "{{ storage_device }}"
diff --git a/roles/storage/lvm/device/tasks/main.yml b/roles/storage/lvm/device/tasks/main.yml
new file mode 100644
index 00000000..bac06b3d
--- /dev/null
+++ b/roles/storage/lvm/device/tasks/main.yml
@@ -0,0 +1,25 @@
+---
+- name: check device parent
+  when: "'parent' in lvm_device"
+  assert:
+    msg: "the device parent must be a lvm thinpool"
+    that:
+    - (lvm_device.parent.thinpool | default(false))
+
+- name: install thin-provisioning-tools
+  when: (lvm_device.thinpool | default(false))
+  apt:
+    name: thin-provisioning-tools
+    state: present
+
+- name: create logical volume
+  lvol:
+    vg: "{{ lvm_device.parent.vg | default(lvm_device.vg) }}"
+    lv: "{{ (lvm_device.thinpool | default(false)) | ternary(omit, lvm_device.lv) }}"
+    size: "{{ lvm_device.size }}"
+    thinpool: "{{ (lvm_device.thinpool | default(false)) | ternary(lvm_device.lv, (lvm_device.parent.lv | default(omit))) }}"
+
+- name: export device path
+  when: not (lvm_device.thinpool | default(false))
+  set_fact:
+    storage_device_path: "/dev/mapper/{{ lvm_device.parent.vg | default(lvm_device.vg) | replace('-', '--') }}-{{ lvm_device.lv | replace('-', '--') }}"
diff --git a/roles/storage/lvm/volume/tasks/main.yml b/roles/storage/lvm/volume/tasks/main.yml
index 9329965c..d7255739 100644
--- a/roles/storage/lvm/volume/tasks/main.yml
+++ b/roles/storage/lvm/volume/tasks/main.yml
@@ -6,42 +6,33 @@
     that:
     - (lvm_volume.parent.thinpool | default(false))
 
-- name: install thin-provisioning-tools
-  when: (lvm_volume.thinpool | default(false))
-  apt:
-    name: thin-provisioning-tools
-    state: present
-
 - name: create logical volume
   lvol:
     vg: "{{ lvm_volume.parent.vg | default(lvm_volume.vg) }}"
-    lv: "{{ (lvm_volume.thinpool | default(false)) | ternary(omit, lvm_volume.lv) }}"
+    lv: "{{ lvm_volume.lv }}"
     size: "{{ lvm_volume.size }}"
-    thinpool: "{{ (lvm_volume.thinpool | default(false)) | ternary(lvm_volume.lv, (lvm_volume.parent.lv | default(omit))) }}"
+    thinpool: "{{ lvm_volume.parent.lv | default(omit) }}"
 
-- name: create and mount filesystem
-  when: not (lvm_volume.thinpool | default(false))
-  block:
-  - name: create filesystem
-    filesystem:
-      fstype: "{{ lvm_volume.fs }}"
-      dev: "/dev/mapper/{{ lvm_volume.parent.vg | default(lvm_volume.vg) | replace('-', '--') }}-{{ lvm_volume.lv | replace('-', '--') }}"
+- name: create filesystem
+  filesystem:
+    fstype: "{{ lvm_volume.fs }}"
+    dev: "/dev/mapper/{{ lvm_volume.parent.vg | default(lvm_volume.vg) | replace('-', '--') }}-{{ lvm_volume.lv | replace('-', '--') }}"
 
-  - name: mount filesytem
-    mount:
-      src: "/dev/mapper/{{ lvm_volume.parent.vg | default(lvm_volume.vg) | replace('-', '--') }}-{{ lvm_volume.lv | replace('-', '--') }}"
-      path: "{{ lvm_volume.dest }}"
-      fstype: "{{ lvm_volume.fs }}"
-      state: mounted
+- name: mount filesytem
+  mount:
+    src: "/dev/mapper/{{ lvm_volume.parent.vg | default(lvm_volume.vg) | replace('-', '--') }}-{{ lvm_volume.lv | replace('-', '--') }}"
+    path: "{{ lvm_volume.dest }}"
+    fstype: "{{ lvm_volume.fs }}"
+    state: mounted
 
-  - name: set volume owner/group and mode
-    file:
-      state: directory
-      path: "{{ lvm_volume.dest }}"
-      mode: "{{ lvm_volume.mode | default(omit) }}"
-      owner: "{{ lvm_volume.owner | default(omit) }}"
-      group: "{{ lvm_volume.group | default(omit) }}"
+- name: set volume owner/group and mode
+  file:
+    state: directory
+    path: "{{ lvm_volume.dest }}"
+    mode: "{{ lvm_volume.mode | default(omit) }}"
+    owner: "{{ lvm_volume.owner | default(omit) }}"
+    group: "{{ lvm_volume.group | default(omit) }}"
 
-  - name: export volume mountpoint
-    set_fact:
-      storage_volume_mountpoint: "{{ lvm_volume.dest }}"
+- name: export volume mountpoint
+  set_fact:
+    storage_volume_mountpoint: "{{ lvm_volume.dest }}"
diff --git a/roles/storage/zfs/base/defaults/main.yml b/roles/storage/zfs/base/defaults/main.yml
index df56f0c8..96fb3b73 100644
--- a/roles/storage/zfs/base/defaults/main.yml
+++ b/roles/storage/zfs/base/defaults/main.yml
@@ -12,7 +12,7 @@ zfs_pool_default_properties:
 #     mountpoint: /srv/storage
 #     create_vdevs: mirror /dev/sda /dev/sdb  mirror /dev/sdc /dev/sdd  log mirror /dev/nvme0n1p3 /dev/nvme1n1p3  cache /dev/nvme0n1p4 /dev/nvme1n1p4
 #   test:
-#     mountpoint: /srv/storage
+#     mountpoint: /srv/test
 #     create_vdevs: raidz /dev/sda /dev/sdb /dev/sdc /dev/sdd
 #     properties:
 #       ashift: 12
@@ -40,10 +40,23 @@ zfs_volumes: {}
 #             quota: 2G
 #           children:
 #             ben: {}
-#     after:
+#     vms:
 #       properties:
-#         quota: 100M
+#         canmount: no
+#         mountpoint: none
 #   test:
 #     sub1:
 #       properties:
 #         quota: 512M
+
+zfs_devices: {}
+
+# zfs_devices:
+#   - pool: storage
+#     name: vms/host1
+#     size: 1g
+#     properties:
+#       compression: lz4
+#   - pool: storage
+#     name: vms/host2
+#     size: 2g
diff --git a/roles/storage/zfs/base/tasks/main.yml b/roles/storage/zfs/base/tasks/main.yml
index b731bb1f..d0854880 100644
--- a/roles/storage/zfs/base/tasks/main.yml
+++ b/roles/storage/zfs/base/tasks/main.yml
@@ -68,3 +68,12 @@
     zfs_volume: "{{ item }}"
   include_role:
     name: storage/zfs/volume
+
+- name: create zfs devices
+  loop: "{{ zfs_devices }}"
+  loop_control:
+    label: "{{ item.pool }}/{{ item.name }}"
+  vars:
+    zfs_device: "{{ item }}"
+  include_role:
+    name: storage/zfs/device
diff --git a/roles/storage/zfs/device/defaults/main.yml b/roles/storage/zfs/device/defaults/main.yml
new file mode 100644
index 00000000..175136eb
--- /dev/null
+++ b/roles/storage/zfs/device/defaults/main.yml
@@ -0,0 +1,11 @@
+---
+# zfs_device:
+#   parent:
+#     ...
+#   pool: tank
+#   name: bar
+#   size: 10g
+#   properties:
+#     ...
+
+zfs_device: "{{ storage_device }}"
diff --git a/roles/storage/zfs/device/tasks/main.yml b/roles/storage/zfs/device/tasks/main.yml
new file mode 100644
index 00000000..1204da02
--- /dev/null
+++ b/roles/storage/zfs/device/tasks/main.yml
@@ -0,0 +1,14 @@
+---
+- name: compute full zfs device path
+  set_fact:
+    zfs_device_path_full: "{{ ('parent' in zfs_device) | ternary((zfs_device.parent.pool | default(''))~'/'~(zfs_device.parent.name | default('')), zfs_device.pool) }}/{{ zfs_device.name }}"
+
+- name: create zfs volume
+  zfs:
+    name: "{{ zfs_device_path_full }}"
+    extra_zfs_properties: "{{ zfs_device.properties | default({}) | combine({'volsize': zfs_device.size}) | dehumanize_zfs_properties }}"
+    state: present
+
+- name: export device path
+  set_fact:
+    storage_device_path: "/dev/zvol/{{ zfs_device_path_full }}"
author	Christian Pointner <equinox@spreadspace.org>	2024-01-20 22:42:30 +0100
committer	Christian Pointner <equinox@spreadspace.org>	2024-01-20 22:42:30 +0100
commit	ba2ab1cb42db29c8287c65a3f1e0b646eeba0464 (patch)
tree	73a496d6b03085de2aa8dfe22ca201ff0354ba07
parent	apps/storage: test with zfs volumes (diff)