diff options
49 files changed, 645 insertions, 145 deletions
diff --git a/chaos-at-home/r3-cccamp19-dione.yml b/chaos-at-home/r3-cccamp19-dione.yml deleted file mode 100644 index 6a4933a1..00000000 --- a/chaos-at-home/r3-cccamp19-dione.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Basic Setup - hosts: r3-cccamp19-dione - roles: - - role: base - - role: sshd - - role: zsh diff --git a/chaos-at-home/r3-cccamp19-flora.yml b/chaos-at-home/r3-cccamp19-flora.yml deleted file mode 100644 index 0208c1db..00000000 --- a/chaos-at-home/r3-cccamp19-flora.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Basic Setup - hosts: r3-cccamp19-flora - roles: - - role: base - - role: sshd - - role: zsh - - role: dyndns/client diff --git a/chaos-at-home/r3-cccamp19-helene.yml b/chaos-at-home/r3-cccamp19-helene.yml deleted file mode 100644 index 35344505..00000000 --- a/chaos-at-home/r3-cccamp19-helene.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Basic Setup - hosts: r3-cccamp19-helene - roles: - - role: base - - role: sshd - - role: zsh diff --git a/chaos-at-home/r3-cccamp19-verr.yml b/chaos-at-home/r3-cccamp19-verr.yml deleted file mode 100644 index 187d76ad..00000000 --- a/chaos-at-home/r3-cccamp19-verr.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Basic Setup - hosts: r3-cccamp19-verr - roles: - - role: base - - role: sshd - - role: zsh - - role: dyndns/client diff --git a/chaos-at-home/r3-cccamp19-av.yml b/chaos-at-home/r3-cccamp19_vm.yml index 511776de..ca8d230b 100644 --- a/chaos-at-home/r3-cccamp19-av.yml +++ b/chaos-at-home/r3-cccamp19_vm.yml @@ -1,6 +1,6 @@ --- - name: Basic Setup - hosts: r3-cccamp19-av + hosts: "{{ install_hostname }}" roles: - role: base - role: sshd diff --git a/common/cloud-install.yml b/common/cloud-install.yml index e21d4bf1..414cabd1 100644 --- a/common/cloud-install.yml +++ b/common/cloud-install.yml @@ -29,14 +29,6 @@ roles: - role: cloud/post-install -- name: run host playbook - vars: - params: - files: - - "../{{ install_environment }}/{{ install_hostname }}.yml" - - "../{{ install_environment }}/{{ install_playbook | default('common') }}.yml" - import_playbook: "{{ q('first_found', params) | first }}" - - name: reboot and wait for machine come back hosts: "{{ install_hostname }}" gather_facts: no @@ -44,3 +36,11 @@ - role: reboot-and-wait reboot_delay: 10 reboot_timeout: 120 + +- name: run host playbook + vars: + params: + files: + - "../{{ install_environment }}/{{ install_hostname }}.yml" + - "../{{ install_environment }}/{{ install_playbook | default('common') }}.yml" + import_playbook: "{{ q('first_found', params) | first }}" diff --git a/common/vm-install.yml b/common/vm-install.yml index d449926e..7aaf32fc 100644 --- a/common/vm-install.yml +++ b/common/vm-install.yml @@ -58,14 +58,6 @@ - role: vm/guest when: install_distro in ['debian', 'ubuntu'] -- name: run host playbook - vars: - params: - files: - - "../{{ install_environment }}/{{ install_hostname }}.yml" - - "../{{ install_environment }}/{{ install_playbook | default('common') }}.yml" - import_playbook: "{{ q('first_found', params) | first }}" - - name: reboot and wait for VM come back hosts: "{{ install_hostname }}" gather_facts: no @@ -73,3 +65,11 @@ - role: reboot-and-wait reboot_delay: 10 reboot_timeout: 120 + +- name: run host playbook + vars: + params: + files: + - "../{{ install_environment }}/{{ install_hostname }}.yml" + - "../{{ install_environment }}/{{ install_playbook | default('common') }}.yml" + import_playbook: "{{ q('first_found', params) | first }}" diff --git a/dan/host_vars/sk-tomnext-nc.yml b/dan/host_vars/sk-tomnext-nc.yml new file mode 100644 index 00000000..4d3758a1 --- /dev/null +++ b/dan/host_vars/sk-tomnext-nc.yml @@ -0,0 +1,14 @@ +$ANSIBLE_VAULT;1.2;AES256;dan +31356637373366366135373964373331383431333233356234613565616139666262393362636261 +3664303764633061666262326134656162346438303634610a303434636562376435333733633164 +35323734313462363936386231363962643631313033363766323230633134616532373639373936 +3439646464326230380a353638343834303036353335396236626239393330393466383064306266 +36396631393366333932323761343933316266386632363032656566343530323236353539313763 +39353463333466373335313230623361393434353939623039646235346566306535613865363263 +38313432633632316435373139333263636635636563356266396434373733313538643865363939 +62343862336666393261383336376163373038623165313966643839626166613066323536646135 +66646565323135656665316263653132633432306630386262313933666435316435663436363865 +39643965353664376237636266623437336339376465333834663139656630633731383762313766 +66306437396437623938353734646161373534646362666639646138663264333830633332386130 +61616231346561346332326637373864303562626538313461386238626435356665373766303535 +3966 diff --git a/dan/host_vars/sk-tomnext.yml b/dan/host_vars/sk-tomnext.yml new file mode 100644 index 00000000..cc9eda31 --- /dev/null +++ b/dan/host_vars/sk-tomnext.yml @@ -0,0 +1,21 @@ +$ANSIBLE_VAULT;1.2;AES256;dan +64623637363864333635663161656561306662333266613733373033383336326364623534363039 +6231636266303035623261613365613364353532316233390a646463373462363339313239313961 +31363961646463373761346664333937646265333433623132383236643033613666656562303932 +3564313234396433620a633739653966336139333239636363383139383066616662666336616566 +64666365373530633363633238313163333634643339356261373364396263376662386239303037 +34613233323532623130316538623339323833346236393432646238656265666363363635336331 +61626536633837646361313865313735653135313533386534303664393562333461393133616534 +64356432303863663236326232326365323165383761663233396664653964376363626630616663 +61356331626465396430656432613731623032396438303736623663383363643762313431343337 +30363039306264356536346464666262663733393966313132653161376334353763623664396134 +36323135656133393664616535646338323033363666386464336566643836306433633665336332 +38363032363237356336343064666363323638346262623834323530623734343033336632393431 +64646462383364346430326338313730626533346437333135656262333036376133636533353365 +38613133633034653165343437373637353366323438383862383065353363646337643435383334 +35346431353765303866383532386263353930383466323439386466633438643535663935373834 +37653430663331313935633066633862316337666430373164643133316139633133663934303232 +34633836373931373363316334373634363430653436366433393235336566346532663739353033 +31623432323731393966613838366564613661336433386463306538343834656463653831656462 +39383031343038373734313064316638623361343339623130326333303166346263353230323437 +37353666633036386130 diff --git a/dan/sk-2019vm.yml b/dan/sk-2019vm.yml index 6479636d..0aa1ed31 100644 --- a/dan/sk-2019vm.yml +++ b/dan/sk-2019vm.yml @@ -9,6 +9,8 @@ - role: admin-user - role: cryptdisk - role: zfs/base + - role: apt-repo/spreadspace + - role: zfs/sanoid - role: vm/host - role: installer/debian/base tasks: @@ -25,6 +27,8 @@ {% endfor %} systemctl restart zfs-import-cache.service systemctl restart zfs-mount.service + systemctl restart zfs-share.service + systemctl restart zfs-zed.service mount -a sleep 2 diff --git a/dan/sk-tomnext-hp.yml b/dan/sk-tomnext-hp.yml new file mode 100644 index 00000000..b0c38093 --- /dev/null +++ b/dan/sk-tomnext-hp.yml @@ -0,0 +1,6 @@ +--- +- name: do nothing + hosts: sk-tomnext-hp + tasks: + - debug: + msg: this host is not managed by ansible ... nothing to do here diff --git a/dan/sk-tomnext-nc.yml b/dan/sk-tomnext-nc.yml new file mode 100644 index 00000000..ff475fb9 --- /dev/null +++ b/dan/sk-tomnext-nc.yml @@ -0,0 +1,18 @@ +--- +- name: Basic Setup + hosts: sk-tomnext-nc + roles: + - role: base + - role: sshd + - role: zsh + - role: apt-repo/base + - role: admin-user + - role: zfs/base + - role: apt-repo/spreadspace + - role: zfs/sanoid + - role: kubernetes/base + - role: kubernetes/standalone + - role: acmetool/base + - role: nginx/base + - role: apps/nextcloud + - role: apps/collabora/code diff --git a/dan/sk-tomnext.yml b/dan/sk-tomnext.yml new file mode 100644 index 00000000..d5d0fec6 --- /dev/null +++ b/dan/sk-tomnext.yml @@ -0,0 +1,35 @@ +--- +- name: Basic Setup + hosts: sk-tomnext + roles: + - role: base + - role: sshd + - role: zsh + - role: apt-repo/base + - role: admin-user + - role: cryptdisk + - role: zfs/base + - role: apt-repo/spreadspace + - role: zfs/sanoid + - role: vm/host + - role: installer/debian/base + tasks: + - name: install post-boot script + copy: + dest: /usr/local/bin/post-boot + mode: 0755 + content: | + #!/bin/bash + set -e + + {% for name, volume in cryptdisk_volumes.items() %} + cryptsetup luksOpen '{{ volume.device }}' '{{ name }}' + {% endfor %} + systemctl restart zfs-import-cache.service + systemctl restart zfs-mount.service + systemctl restart zfs-share.service + systemctl restart zfs-zed.service + mount -a + + sleep 2 + systemctl restart libvirtd.service diff --git a/filter_plugins/config-parser.py b/filter_plugins/config-parser.py new file mode 100644 index 00000000..c052a7ec --- /dev/null +++ b/filter_plugins/config-parser.py @@ -0,0 +1,28 @@ +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +from functools import partial + +from ansible import errors + + +def from_ini(data): + try: + import configparser + config = configparser.ConfigParser() + config.optionxform = lambda option: option + config.read_string(data) + return {s: dict(config.items(s)) for s in config.sections()} + except Exception as e: + raise errors.AnsibleFilterError("from_ini(): %s" % str(e)) + + +class FilterModule(object): + + ''' config parser filters ''' + filter_map = { + 'from_ini': from_ini, + } + + def filters(self): + return self.filter_map diff --git a/inventory/host_vars/ch-gnocchi.yml b/inventory/host_vars/ch-gnocchi.yml index 35527e2d..d5525443 100644 --- a/inventory/host_vars/ch-gnocchi.yml +++ b/inventory/host_vars/ch-gnocchi.yml @@ -33,7 +33,7 @@ __interface_zones__: __interface_zones_yaml__: | - {% for interface in __interface_zones__.keys() %} + {% for interface in (__interface_zones__.keys() | sort) %} {% for zone in __interface_zones__[interface] %} {% if zone is mapping %} {{ zone.name }}: @@ -61,7 +61,7 @@ __interface_configs__: | # The loopback network interface auto lo iface lo inet loopback - {% for interface in __interface_zones__.keys() %} + {% for interface in (__interface_zones__.keys() | sort) %} auto {{ interface }} diff --git a/inventory/host_vars/ch-mimas.yml b/inventory/host_vars/ch-mimas.yml index 9a89fe7c..194ecbb7 100644 --- a/inventory/host_vars/ch-mimas.yml +++ b/inventory/host_vars/ch-mimas.yml @@ -10,8 +10,7 @@ install: virtio: vda: type: zfs - pool: storage - name: "{{ inventory_hostname }}" + name: root size: 62g interfaces: - bridge: br-public diff --git a/inventory/host_vars/ele-gwhetzner.yml b/inventory/host_vars/ele-gwhetzner.yml index 7ebda8ff..98f5fb6e 100644 --- a/inventory/host_vars/ele-gwhetzner.yml +++ b/inventory/host_vars/ele-gwhetzner.yml @@ -10,8 +10,7 @@ install: scsi: sda: type: zfs - pool: storage - name: "{{ inventory_hostname }}" + name: root size: 5g interfaces: - bridge: br-public diff --git a/inventory/host_vars/emc-master.yml b/inventory/host_vars/emc-master.yml index e89463a9..71fe8c75 100644 --- a/inventory/host_vars/emc-master.yml +++ b/inventory/host_vars/emc-master.yml @@ -10,14 +10,11 @@ install: scsi: sda: type: zfs - pool: storage - name: "{{ inventory_hostname }}" + name: root size: 20g - sdb: - type: zfs - pool: storage - name: "streamstats" - size: 50g + # sdb: + # type: image + # path: /dev/zvol/storage/streamstats interfaces: - bridge: br-public name: primary0 diff --git a/inventory/host_vars/lw-master.yml b/inventory/host_vars/lw-master.yml index e89463a9..71fe8c75 100644 --- a/inventory/host_vars/lw-master.yml +++ b/inventory/host_vars/lw-master.yml @@ -10,14 +10,11 @@ install: scsi: sda: type: zfs - pool: storage - name: "{{ inventory_hostname }}" + name: root size: 20g - sdb: - type: zfs - pool: storage - name: "streamstats" - size: 50g + # sdb: + # type: image + # path: /dev/zvol/storage/streamstats interfaces: - bridge: br-public name: primary0 diff --git a/inventory/host_vars/r3-cccamp19-av.yml b/inventory/host_vars/r3-cccamp19-av.yml index 378f459c..54f6c5da 100644 --- a/inventory/host_vars/r3-cccamp19-av.yml +++ b/inventory/host_vars/r3-cccamp19-av.yml @@ -31,5 +31,7 @@ network: mask: "{{ network_zones.lan.prefix | ipaddr('netmask') }}" gateway: "{{ network_zones.lan.gateway }}" +install_playbook: r3-cccamp19_vm + dyndns: server: ch-pan diff --git a/inventory/host_vars/r3-cccamp19-flora.yml b/inventory/host_vars/r3-cccamp19-flora.yml index 378f459c..54f6c5da 100644 --- a/inventory/host_vars/r3-cccamp19-flora.yml +++ b/inventory/host_vars/r3-cccamp19-flora.yml @@ -31,5 +31,7 @@ network: mask: "{{ network_zones.lan.prefix | ipaddr('netmask') }}" gateway: "{{ network_zones.lan.gateway }}" +install_playbook: r3-cccamp19_vm + dyndns: server: ch-pan diff --git a/inventory/host_vars/r3-cccamp19-verr.yml b/inventory/host_vars/r3-cccamp19-verr.yml index 03b32e4c..81cbe05b 100644 --- a/inventory/host_vars/r3-cccamp19-verr.yml +++ b/inventory/host_vars/r3-cccamp19-verr.yml @@ -31,5 +31,7 @@ network: mask: "{{ network_zones.lan.prefix | ipaddr('netmask') }}" gateway: "{{ network_zones.lan.gateway }}" +install_playbook: r3-cccamp19_vm + dyndns: server: ch-pan diff --git a/inventory/host_vars/sk-2019.yml b/inventory/host_vars/sk-2019.yml index 9de2b04a..f54d852f 100644 --- a/inventory/host_vars/sk-2019.yml +++ b/inventory/host_vars/sk-2019.yml @@ -10,12 +10,13 @@ install: network: {} base_intel_nic_stability_fix: true +ssh_keys_root: "{{ ssh_keys.equinox[env_group] + ssh_keys.dan + ssh_keys.brt }}" +ssh_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" + admin_user_host: - "{{ brt_user }}" -ssh_keys_root: "{{ ssh_keys.equinox[env_group] + ssh_keys.dan + ssh_keys.brt }}" -ssh_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" cryptdisk_volumes: @@ -27,11 +28,12 @@ cryptdisk_volumes: device: /dev/disk/by-id/nvme-eui.0025388791050fdc-part3 +zfs_use_systemd_mount_generator: no +zfs_arc_size: + min: "{{ 2 * 1024 * 1024 * 1024 }}" + max: "{{ 12 * 1024 * 1024 * 1024 }}" + zfs_zpools: storage: mountpoint: /srv/storage create_vdevs: mirror /dev/mapper/crypto-nvme0 /dev/mapper/crypto-nvme1 - -# zfs_arc_size: -# min: "{{ 2 * 1024 * 1024 * 1024 }}" -# max: "{{ 16 * 1024 * 1024 * 1024 }}" diff --git a/inventory/host_vars/sk-2019vm.yml b/inventory/host_vars/sk-2019vm.yml index 4584813e..705ff929 100644 --- a/inventory/host_vars/sk-2019vm.yml +++ b/inventory/host_vars/sk-2019vm.yml @@ -10,12 +10,42 @@ install: network: {} base_intel_nic_stability_fix: true +ssh_keys_root: "{{ ssh_keys.equinox[env_group] + ssh_keys.dan }}" apt_repo_components: - main - contrib ## for zfs - non-free ## for microcode updates + +cryptdisk_volumes: + crypto-nvme0: + passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme0'].passphrase }}" + device: /dev/disk/by-id/nvme-eui.0025388291b201dc-part3 + crypto-nvme1: + passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme1'].passphrase }}" + device: /dev/disk/by-id/nvme-eui.0025388291b201cb-part3 + + +zfs_arc_size: + min: "{{ 2 * 1024 * 1024 * 1024 }}" + max: "{{ 8 * 1024 * 1024 * 1024 }}" + +zfs_zpools: + storage: + mountpoint: /srv/storage + create_vdevs: mirror /dev/mapper/crypto-nvme0 /dev/mapper/crypto-nvme1 + +zfs_sanoid_modules: + storage/vm: + use_template: production + recursive: yes + process_children_only: yes + storage/vm/sk-testvm: + use_template: ignore + recursive: yes + + vm_host: network: dns: @@ -42,23 +72,7 @@ vm_host: ele-gwhetzner: 2 ch-mimas: 6 sk-testvm: 7 - -ssh_keys_root: "{{ ssh_keys.equinox[env_group] + ssh_keys.dan }}" - -cryptdisk_volumes: - crypto-nvme0: - passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme0'].passphrase }}" - device: /dev/disk/by-id/nvme-eui.0025388291b201dc-part3 - crypto-nvme1: - passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme1'].passphrase }}" - device: /dev/disk/by-id/nvme-eui.0025388291b201cb-part3 - - -zfs_zpools: - storage: - mountpoint: /srv/storage - create_vdevs: mirror /dev/mapper/crypto-nvme0 /dev/mapper/crypto-nvme1 - -zfs_arc_size: - min: "{{ 2 * 1024 * 1024 * 1024 }}" - max: "{{ 8 * 1024 * 1024 * 1024 }}" + zfs: + default: + pool: storage + name: vm diff --git a/inventory/host_vars/sk-cloudia/vars.yml b/inventory/host_vars/sk-cloudia/vars.yml index 15dcb860..085a9c95 100644 --- a/inventory/host_vars/sk-cloudia/vars.yml +++ b/inventory/host_vars/sk-cloudia/vars.yml @@ -11,15 +11,17 @@ network: {} base_intel_nic_stability_fix: true -zfs_zpools: - storage: - mountpoint: /srv/storage - create_vdevs: mirror nvme0n1p3 nvme1n1p3 +zfs_use_systemd_mount_generator: no zfs_arc_size: min: "{{ 2 * 1024 * 1024 * 1024 }}" max: "{{ 16 * 1024 * 1024 * 1024 }}" +zfs_zpools: + storage: + mountpoint: /srv/storage + create_vdevs: mirror nvme0n1p3 nvme1n1p3 + docker_zfs: pool: storage diff --git a/inventory/host_vars/sk-testvm.yml b/inventory/host_vars/sk-testvm.yml index 6ee92378..5d9561f0 100644 --- a/inventory/host_vars/sk-testvm.yml +++ b/inventory/host_vars/sk-testvm.yml @@ -10,8 +10,7 @@ install: scsi: sda: type: zfs - pool: storage - name: "{{ inventory_hostname }}" + name: root size: 10g interfaces: - bridge: br-public diff --git a/inventory/host_vars/sk-tomnext-hp.yml b/inventory/host_vars/sk-tomnext-hp.yml new file mode 100644 index 00000000..72f116b9 --- /dev/null +++ b/inventory/host_vars/sk-tomnext-hp.yml @@ -0,0 +1,32 @@ +--- +vm_host: sk-tomnext + +install: + host: "{{ vm_host }}" + mem: 8192 + numcpu: 4 + disks: + primary: /dev/sda + scsi: + sda: + type: zfs + name: root + size: 20g + interfaces: + - bridge: br-public + name: primary0 + autostart: True + +network: + nameservers: "{{ hostvars[vm_host].vm_host.network.dns }}" + domain: "{{ host_domain }}" + systemd_link: + interfaces: "{{ install.interfaces }}" + primary: + interface: primary0 + ip: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr(hostvars[vm_host].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}" + mask: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}" + gateway: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr('address') }}" + overlay: "{{ (hostvars[vm_host].vm_host.network.bridges.public.overlay.prefix | ipaddr(hostvars[vm_host].vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}" + +external_ip: "{{ network.primary.overlay }}" diff --git a/inventory/host_vars/sk-tomnext-nc.yml b/inventory/host_vars/sk-tomnext-nc.yml new file mode 100644 index 00000000..296a9e28 --- /dev/null +++ b/inventory/host_vars/sk-tomnext-nc.yml @@ -0,0 +1,126 @@ +--- +vm_host: sk-tomnext + +install: + host: "{{ vm_host }}" + mem: 16384 + numcpu: 8 + disks: + primary: /dev/sda + scsi: + sda: + type: zfs + name: root + size: 15g + sdb: + type: zfs + name: data + size: 800g + interfaces: + - bridge: br-public + name: primary0 + autostart: True + +network: + nameservers: "{{ hostvars[vm_host].vm_host.network.dns }}" + domain: "{{ host_domain }}" + systemd_link: + interfaces: "{{ install.interfaces }}" + primary: + interface: primary0 + ip: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr(hostvars[vm_host].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}" + mask: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}" + gateway: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr('address') }}" + overlay: "{{ (hostvars[vm_host].vm_host.network.bridges.public.overlay.prefix | ipaddr(hostvars[vm_host].vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}" + +external_ip: "{{ network.primary.overlay }}" + + +apt_repo_components: +- main +- contrib ## for zfs + + +zfs_arc_size: + min: "{{ 2 * 1024 * 1024 * 1024 }}" + max: "{{ 8 * 1024 * 1024 * 1024 }}" + +zfs_zpools: + storage: + mountpoint: /srv/storage + create_vdevs: /dev/sdb + +zfs_sanoid_modules: + storage/nextcloud: + use_template: production + recursive: yes + process_children_only: yes + + +docker_zfs: + pool: storage + name: docker + size: 15G + +kubelet_zfs: + pool: storage + name: kubelet + size: 15G + +kubernetes_version: 1.18.3 +kubernetes_container_runtime: docker +kubernetes_standalone_max_pods: 15 +kubernetes_standalone_pod_cidr: 192.168.255.0/24 +kubernetes_standalone_cni_variant: with-portmap + + +acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}" +nginx_server_names_hash_bucket_size: 64 + +nextcloud_zfs: + pool: storage + name: nextcloud + size: 700G + +nextcloud_instances: + team.tomwaitz.eu: + # new: true + version: 18.0.4 + port: 8100 + hostnames: + - team.tomwaitz.eu + quota: 700G + database: + type: mariadb + version: 10.5.3 + password: "{{ vault_nextcloud_database_passwords['team.tomwaitz.eu'] }}" + custom_image: + dockerfile: | + RUN set -x \ + && sed 's/main$/main contrib non-free/' -i /etc/apt/sources.list \ + && apt-get update -q \ + && apt-get install -y -q unrar \ + && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + + +collabora_code_base_path: /srv/storage/collabora/code + +collabora_code_instances: + o.tomwaitz.eu: + version: 4.2.3.1 + port: 8200 + hostname: o.tomwaitz.eu + admin: + username: admin + password: "{{ vault_collabora_code_admin_passwords['o.tomwaitz.eu'] }}" + backend_storages: + - team.tomwaitz.eu + custom_image: + dockerfile: | + USER root + RUN set -x \ + && echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections \ + && apt-get update -q \ + && apt-get install -y -q ttf-mscorefonts-installer \ + && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + USER 101 diff --git a/inventory/host_vars/sk-tomnext.yml b/inventory/host_vars/sk-tomnext.yml new file mode 100644 index 00000000..22a96897 --- /dev/null +++ b/inventory/host_vars/sk-tomnext.yml @@ -0,0 +1,70 @@ +--- +install: + cloud: + credentials: "{{ vault_hroot_robot_account }}" + server_name: "{{ host_name }}" + disks: + layout: nvme_raid + root_lvm_size: 10G + +network: {} + +base_intel_nic_stability_fix: true +ssh_keys_root: "{{ ssh_keys.equinox[env_group] + ssh_keys.dan }}" + +apt_repo_components: +- main +- contrib ## for zfs +- non-free ## for microcode updates + + +cryptdisk_volumes: + crypto-nvme0: + passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme0'].passphrase }}" + device: /dev/disk/by-id/nvme-eui.00000000000000018ce38e0500157a42-part3 + crypto-nvme1: + passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme1'].passphrase }}" + device: /dev/disk/by-id/nvme-eui.00000000000000018ce38e0500157b3d-part3 + + +zfs_arc_size: + min: "{{ 2 * 1024 * 1024 * 1024 }}" + max: "{{ 8 * 1024 * 1024 * 1024 }}" + +zfs_zpools: + storage: + mountpoint: /srv/storage + create_vdevs: mirror /dev/mapper/crypto-nvme0 /dev/mapper/crypto-nvme1 + +zfs_sanoid_modules: + storage/vm: + use_template: production + recursive: yes + process_children_only: yes + storage/vm/sk-tomnext-nc: + use_template: ignore + recursive: yes + + +vm_host: + network: + dns: + - 213.133.100.100 + - 213.133.98.98 + - 213.133.99.99 + bridges: + public: + prefix: 192.168.250.254/24 + offsets: + sk-tomnext-nc: 103 + sk-tomnext-hp: 104 + nat: yes + overlay: + prefix: 94.130.206.64/26 + offsets: + sk-tomnext-nc: 39 + sk-tomnext-hp: 40 + zfs: + default: + pool: storage + name: vm diff --git a/inventory/host_vars/sk-torrent.yml b/inventory/host_vars/sk-torrent.yml index cdf5f94a..8135dde0 100644 --- a/inventory/host_vars/sk-torrent.yml +++ b/inventory/host_vars/sk-torrent.yml @@ -10,13 +10,11 @@ install: scsi: sda: type: zfs - pool: storage - name: "{{ inventory_hostname }}" + name: root size: 10g sdb: type: zfs - pool: storage - name: "{{ inventory_hostname }}-data" + name: data size: 180g interfaces: - bridge: br-public diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 89d073a8..2e55d5dd 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -15,9 +15,9 @@ env_group=chaos-at-home ch-equinox-ws host_name=equinox-ws ch-atlas host_name=atlas ch-pan host_name=pan -ch-mimas host_name=mimas ch-keyserver host_name=keyserver ch-testvm host_name=testvm +ch-mimas host_name=mimas ch-mimas2 host_name=mimas ch-gnocchi host_name=gnocchi ch-router host_name=router @@ -128,6 +128,9 @@ env_group=dan sk-2019 host_name=2019 sk-cloudia host_name=cloudia sk-2019vm host_name=2019vm +sk-tomnext host_name=tomnext +sk-tomnext-nc host_name=tomnext-nc +sk-tomnext-hp host_name=homepage host_domain="" sk-testvm host_name=testvm sk-torrent host_name=torrent @@ -228,6 +231,7 @@ ch-gnocchi r3-cccamp19-dione r3-cccamp19-helene sk-2019vm +sk-tomnext [kvmguests] emc-master @@ -248,12 +252,14 @@ sk-torrent ch-mimas ele-gwhetzner ele-mur - +sk-tomnext-nc +sk-tomnext-hp [hroot] sk-2019 sk-cloudia sk-2019vm +sk-tomnext [hcloud] ch-mimas2 @@ -305,6 +311,7 @@ k8s-lwl sk-cloudia ele-thetys lw-thetys +sk-tomnext-nc [kubernetes:children] kubernetes-cluster diff --git a/remove-known-host.sh b/remove-known-host.sh index aab40144..647909ea 100755 --- a/remove-known-host.sh +++ b/remove-known-host.sh @@ -11,13 +11,19 @@ ssh_port=$(ssh -G "$short" | grep "^port " | awk '{ print($2) }' ) known_hosts_file=$(ssh -G "$short" | grep "^userknownhostsfile " | awk '{ print($2) }' ) known_hosts_file=${known_hosts_file/#\~/$HOME} +declare -a names +names+=("$short") +names+=("$ssh_host") +names+=("$ssh_host:$ssh_port") +names+=("[$ssh_host]:$ssh_port") + cd "${BASH_SOURCE%/*}" source common/utils.sh ansible_variable__get host_name "$short" || exit 1 -ansible_variable__get host_domain "$short" || exit 1 - +names+=("$host_name") +ansible_variable__get host_domain "$short" > /dev/null 2>&1 && names+=("$host_name.$host_domain") -for name in "$short" "$ssh_host" "$ssh_host:$ssh_port" "[$ssh_host]:$ssh_port" "$host_name" "$host_name.$host_domain"; do +for name in ${names[@]} ; do ssh-keygen -f "$known_hosts_file" -R "$name" done diff --git a/roles/base/tasks/Debian.yml b/roles/base/tasks/Debian.yml index 185c3616..13c3c9f9 100644 --- a/roles/base/tasks/Debian.yml +++ b/roles/base/tasks/Debian.yml @@ -111,15 +111,6 @@ when: install is defined and install.kernel_cmdline is defined notify: update grub -- name: disable TSO (intel nic stability fix) +- name: apply stability fix/workaround for machines using intel NIC when: base_intel_nic_stability_fix - copy: - content: | - [Match] - MACAddress={{ ansible_default_ipv4.macaddress }} - - [Link] - TCPSegmentationOffload=false - GenericSegmentationOffload=false - GenericReceiveOffload=false - dest: /etc/systemd/network/00-disable-offloading.link + import_tasks: intel-nic.yml diff --git a/roles/base/tasks/intel-nic.yml b/roles/base/tasks/intel-nic.yml new file mode 100644 index 00000000..2b9be474 --- /dev/null +++ b/roles/base/tasks/intel-nic.yml @@ -0,0 +1,23 @@ +--- +- name: fetch default link options for network interfaces + slurp: + src: /usr/lib/systemd/network/99-default.link + register: base_systemd_default_link_unit + +- name: disable TSO (intel nic stability fix) + vars: + default_link_options: "{{ (base_systemd_default_link_unit.content | b64decode | from_ini)['Link'] }}" + copy: + content: | + [Match] + MACAddress={{ ansible_default_ipv4.macaddress }} + + [Link] + {% for name, value in default_link_options.items() | sort(attribute='0') %} + {{ name }}={{ value }} + {% endfor %} + + TCPSegmentationOffload=false + GenericSegmentationOffload=false + GenericReceiveOffload=false + dest: /etc/systemd/network/00-disable-offloading.link diff --git a/roles/kubernetes/base/tasks/zfs.yml b/roles/kubernetes/base/tasks/zfs.yml index c417a1b6..4311dd3f 100644 --- a/roles/kubernetes/base/tasks/zfs.yml +++ b/roles/kubernetes/base/tasks/zfs.yml @@ -13,9 +13,3 @@ fstype: none opts: bind,x-systemd.automount,nofail state: mounted - -## TODO: -## there is a race condition between the bind mound and the zfs-mount which is invisible to systemd. -## It seems ZFSonLinux 8 and beyond have a systemd-generator to fix this problem. Sadly Debain Buster and Ubuntu Bionic contain -## ZFSOnLinux 7 - so let's try the folllowing for a possible workaround: -## https://askubuntu.com/questions/988968/which-zfs-command-systemd-unit-to-depend-on-to-ensure-that-a-mountpoint-is-avail diff --git a/roles/vm/define/templates/libvirt-domain.xml.j2 b/roles/vm/define/templates/libvirt-domain.xml.j2 index 3465cec0..12c4f624 100644 --- a/roles/vm/define/templates/libvirt-domain.xml.j2 +++ b/roles/vm/define/templates/libvirt-domain.xml.j2 @@ -57,7 +57,7 @@ {% if src.type == 'lvm' %} <source dev='/dev/mapper/{{ src.vg | replace('-', '--') }}-{{ src.lv | replace('-', '--') }}'/> {% elif src.type == 'zfs' %} - <source dev='/dev/zvol/{{ src.pool }}/{{ src.name }}'/> + <source dev='/dev/zvol/{{ vm_host.zfs[src.backend | default('default')].pool }}/{{ vm_host.zfs[src.backend | default('default')].name }}/{{ install_hostname }}/{{ src.name }}'/> {% endif %} <target dev='{{ device }}' bus='virtio'/> </disk> @@ -72,7 +72,7 @@ {% if src.type == 'lvm' %} <source dev='/dev/mapper/{{ src.vg | replace('-', '--') }}-{{ src.lv | replace('-', '--') }}'/> {% elif src.type == 'zfs' %} - <source dev='/dev/zvol/{{ src.pool }}/{{ src.name }}'/> + <source dev='/dev/zvol/{{ vm_host.zfs[src.backend | default('default')].pool }}/{{ vm_host.zfs[src.backend | default('default')].name }}/{{ install_hostname }}/{{ src.name }}'/> {% endif %} <target dev='{{ device }}' bus='scsi'/> </disk> diff --git a/roles/vm/host/tasks/main.yml b/roles/vm/host/tasks/main.yml index 0e11da3d..390016a2 100644 --- a/roles/vm/host/tasks/main.yml +++ b/roles/vm/host/tasks/main.yml @@ -19,9 +19,13 @@ notify: restart haveged - name: install vm-host network - when: vm_host.network is defined + when: "'network' in vm_host" include_tasks: network.yml +- name: prepare zfs volumes + when: "'zfs' in vm_host" + include_tasks: zfs.yml + - name: create lvm-based disk for installers when: installer_lvm is defined block: diff --git a/roles/vm/host/tasks/network.yml b/roles/vm/host/tasks/network.yml index bc207805..0688ec42 100644 --- a/roles/vm/host/tasks/network.yml +++ b/roles/vm/host/tasks/network.yml @@ -69,3 +69,4 @@ label: "br-{{ item.item.key }}" when: item is changed command: "/sbin/ifup br-{{ item.item.key }}" + failed_when: false diff --git a/roles/vm/host/tasks/zfs.yml b/roles/vm/host/tasks/zfs.yml new file mode 100644 index 00000000..00de48a9 --- /dev/null +++ b/roles/vm/host/tasks/zfs.yml @@ -0,0 +1,12 @@ +--- +- name: create zfs base datasets + loop: "{{ lookup('dict', vm_host.zfs, wantlist=True) }}" + loop_control: + label: "{{ item.key }} -> {{ item.value.pool }}/{{ item.value.name }}{% if 'quota' in item.value %}={{ item.value.quota }}{% endif %}" + zfs: + name: "{{ item.value.pool }}/{{ item.value.name }}" + state: present + extra_zfs_properties: + quota: "{{ item.value.quota | default(omit) }}" + canmount: no + mountpoint: none diff --git a/roles/vm/install/tasks/main.yml b/roles/vm/install/tasks/main.yml index 50772e53..4fa673c5 100644 --- a/roles/vm/install/tasks/main.yml +++ b/roles/vm/install/tasks/main.yml @@ -1,22 +1,29 @@ --- - name: create lvm-based disks for vm - loop: "{{ hostvars[install_hostname].install_cooked.disks.virtio | default({}) | combine(hostvars[install_hostname].install_cooked.disks.scsi | default({})) | dict2items }}" + loop: "{{ hostvars[install_hostname].install_cooked.disks.virtio | default({}) | combine(hostvars[install_hostname].install_cooked.disks.scsi | default({})) | dict2items | selectattr('value.type', 'eq', 'lvm') | list }}" loop_control: - label: "{% if item.value.type == 'lvm' %}{{ item.value.vg }} / {{ item.value.lv }} ({{ item.value.size }}){% else %}unused{% endif %}" - when: item.value.type == 'lvm' + label: "{{ item.value.vg }} / {{ item.value.lv }} ({{ item.value.size }})" lvol: vg: "{{ item.value.vg }}" lv: "{{ item.value.lv }}" size: "{{ item.value.size }}" state: present -- name: create zfs-based disks for vm - loop: "{{ hostvars[install_hostname].install_cooked.disks.virtio | default({}) | combine(hostvars[install_hostname].install_cooked.disks.scsi | default({})) | dict2items }}" +- name: create zfs base datasets for vm + loop: "{{ hostvars[install_hostname].install_cooked.disks.virtio | default({}) | combine(hostvars[install_hostname].install_cooked.disks.scsi | default({})) | dict2items | selectattr('value.type', 'eq', 'zfs') | map(attribute='value.backend') | map('default', 'default') | unique | list }}" + zfs: + name: "{{ vm_host.zfs[item].pool }}/{{ vm_host.zfs[item].name }}/{{ install_hostname }}" + state: present + extra_zfs_properties: + canmount: no + mountpoint: none + +- name: create zfs-based disk volumes for vm + loop: "{{ hostvars[install_hostname].install_cooked.disks.virtio | default({}) | combine(hostvars[install_hostname].install_cooked.disks.scsi | default({})) | dict2items | selectattr('value.type', 'eq', 'zfs') | list }}" loop_control: - label: "{% if item.value.type == 'zfs' %}{{ item.value.pool }} / {{ item.value.name }} ({{ item.value.size }}){% else %}unused{% endif %}" - when: item.value.type == 'zfs' + label: "{{ item.value.name }} on backend {{ item.value.backend | default('default') }} ({{ item.value.size }})" zfs: - name: "{{ item.value.pool }}/{{ item.value.name }}" + name: "{{ vm_host.zfs[item.value.backend | default('default')].pool }}/{{ vm_host.zfs[item.value.backend | default('default')].name }}/{{ install_hostname }}/{{ item.value.name }}" state: present extra_zfs_properties: volsize: "{{ item.value.size }}" diff --git a/roles/zfs/base/defaults/main.yml b/roles/zfs/base/defaults/main.yml index f3dfbce9..c275b981 100644 --- a/roles/zfs/base/defaults/main.yml +++ b/roles/zfs/base/defaults/main.yml @@ -1,4 +1,9 @@ --- +zfs_use_systemd_mount_generator: yes +#zfs_arc_size: +# min: {{ 2 * 1024 * 1024 * 1024 }} +# max: {{ 8 * 1024 * 1024 * 1024 }} + zfs_zpool_properties: ashift: 12 @@ -12,7 +17,3 @@ zfs_zpool_properties: # properties: # ashift: 12 # prop: value - -#zfs_arc_size: -# min: {{ 2 * 1024 * 1024 * 1024 }} -# max: {{ 8 * 1024 * 1024 * 1024 }} diff --git a/roles/zfs/base/tasks/Debian.yml b/roles/zfs/base/tasks/Debian.yml index b9fdda95..a1ed0387 100644 --- a/roles/zfs/base/tasks/Debian.yml +++ b/roles/zfs/base/tasks/Debian.yml @@ -3,9 +3,29 @@ import_role: name: prepare-dkms -## TODO: make sure contrib repo is enabled +- name: check if contrib apt component is enabled + assert: + msg: "Debian zfs packages are in contrib - please enable it using 'apt_repo_components'" + that: + - apt_repo_components is defined + - "'contrib' in apt_repo_components" -- name: install zfs-dkms +- name: enable backports and force ZFS packages from backports for buster + when: (ansible_distribution_major_version | int) == 10 + block: + - name: add backports repo + include_role: + name: apt-repo/backports + + - name: pin zfs packages to buster-backports + copy: + content: | + Package: libnvpair1linux libuutil1linux libzfs2linux libzpool2linux spl-dkms zfs-dkms zfs-test zfsutils-linux zfsutils-linux-dev zfs-zed + Pin: release n=buster-backports + Pin-Priority: 990 + dest: /etc/apt/preferences.d/zfs-from-buster-backports + +- name: install zfs modules via dkms apt: name: zfs-dkms state: present diff --git a/roles/zfs/base/tasks/Ubuntu.yml b/roles/zfs/base/tasks/Ubuntu.yml index 0ce85358..9745d716 100644 --- a/roles/zfs/base/tasks/Ubuntu.yml +++ b/roles/zfs/base/tasks/Ubuntu.yml @@ -1,2 +1,2 @@ --- -# Nothing to do here. +## nothing to do here - zfs modules are part of ubuntu core already diff --git a/roles/zfs/base/tasks/enable-systemd-mount-generator.yml b/roles/zfs/base/tasks/enable-systemd-mount-generator.yml new file mode 100644 index 00000000..abefbeb1 --- /dev/null +++ b/roles/zfs/base/tasks/enable-systemd-mount-generator.yml @@ -0,0 +1,23 @@ +--- +- name: enable zfs-list-cacher zlet + file: + src: /usr/lib/zfs-linux/zed.d/history_event-zfs-list-cacher.sh + dest: /etc/zfs/zed.d/history_event-zfs-list-cacher.sh + state: link + +- name: create base-directory for zfs-list.cache + file: + path: /etc/zfs/zfs-list.cache/ + state: directory + +- name: create zfs-list.cache file for zpools + loop: "{{ zfs_zpools | dict2items }}" + loop_control: + label: "{{ item.key }}" + copy: + content: "" + dest: "/etc/zfs/zfs-list.cache/{{ item.key }}" + force: no + +## TODO: if this is installed after the zpool has already been created zed needs to be triggered +## using someing like: zfs set canmount=on DATASET diff --git a/roles/zfs/base/tasks/main.yml b/roles/zfs/base/tasks/main.yml index e6f2347b..ad5d1ce2 100644 --- a/roles/zfs/base/tasks/main.yml +++ b/roles/zfs/base/tasks/main.yml @@ -15,11 +15,17 @@ name: zfs state: present -- name: install zfs file system utilities +- name: install zed and zfs file system utilities apt: - name: zfsutils-linux + name: + - zfsutils-linux + - zfs-zed state: present +- name: enable systemd -mount-generator + when: zfs_use_systemd_mount_generator + import_tasks: enable-systemd-mount-generator.yml + - name: create zpools loop: "{{ zfs_zpools | dict2items }}" loop_control: diff --git a/roles/zfs/sanoid/defaults/main.yml b/roles/zfs/sanoid/defaults/main.yml new file mode 100644 index 00000000..55ebbd9d --- /dev/null +++ b/roles/zfs/sanoid/defaults/main.yml @@ -0,0 +1,26 @@ +--- +zfs_sanoid_modules: {} + +zfs_sanoid_templates: + production: + frequently: 0 + hourly: 36 + daily: 7 + monthly: 0 + yearly: 0 + autosnap: yes + autoprune: yes + + backup: + frequently: 0 + hourly: 0 + daily: 60 + monthly: 6 + yearly: 0 + autosnap: no + autoprune: yes + + ignore: + autoprune: no + autosnap: no + monitor: no diff --git a/roles/zfs/sanoid/tasks/main.yml b/roles/zfs/sanoid/tasks/main.yml new file mode 100644 index 00000000..e35190e9 --- /dev/null +++ b/roles/zfs/sanoid/tasks/main.yml @@ -0,0 +1,15 @@ +--- +- name: install sanoid + apt: + name: sanoid + state: present + +- name: create sanoid config directory + file: + path: /etc/sanoid + state: directory + +- name: genarate sanoid config + template: + src: sanoid.conf.j2 + dest: /etc/sanoid/sanoid.conf diff --git a/roles/zfs/sanoid/templates/sanoid.conf.j2 b/roles/zfs/sanoid/templates/sanoid.conf.j2 new file mode 100644 index 00000000..2f2b29b4 --- /dev/null +++ b/roles/zfs/sanoid/templates/sanoid.conf.j2 @@ -0,0 +1,22 @@ +############################### +## modules +############################### +{% for name,options in zfs_sanoid_modules.items() %} + +[{{ name }}] +{% for option,value in options.items() %} + {{ option }} = {{ value }} +{% endfor %} +{% endfor %} + + +############################### +## templates +############################### +{% for name,options in zfs_sanoid_templates.items() %} + +[template_{{ name }}] +{% for option,value in options.items() %} + {{ option }} = {{ value }} +{% endfor %} +{% endfor %} diff --git a/spreadspace/s2-build.yml b/spreadspace/s2-build.yml new file mode 100644 index 00000000..0fc9de6e --- /dev/null +++ b/spreadspace/s2-build.yml @@ -0,0 +1,5 @@ +--- +- name: Basic Setup + hosts: s2-build + roles: + - role: zsh |