diff options
-rw-r--r-- | chaos-at-home/ch-testvm-prometheus.yml | 14 | ||||
-rw-r--r-- | inventory/host_vars/ch-testvm-prometheus.yml | 257 | ||||
-rw-r--r-- | roles/storage/lvm/base/defaults/main.yml | 21 | ||||
-rw-r--r-- | roles/storage/lvm/base/filter_plugins/lvm.py | 31 | ||||
-rw-r--r-- | roles/storage/lvm/base/tasks/main.yml | 21 | ||||
-rw-r--r-- | roles/storage/lvm/device/defaults/main.yml | 2 | ||||
-rw-r--r-- | roles/storage/lvm/device/tasks/main.yml | 18 | ||||
-rw-r--r-- | roles/storage/lvm/volume/defaults/main.yml | 2 | ||||
-rw-r--r-- | roles/storage/lvm/volume/tasks/main.yml | 7 |
9 files changed, 32 insertions, 341 deletions
diff --git a/chaos-at-home/ch-testvm-prometheus.yml b/chaos-at-home/ch-testvm-prometheus.yml index c739e714..9a1191ad 100644 --- a/chaos-at-home/ch-testvm-prometheus.yml +++ b/chaos-at-home/ch-testvm-prometheus.yml @@ -7,17 +7,3 @@ - role: core/sshd/base - role: core/zsh - role: core/ntp - -- name: Basic Setup - hosts: ch-testvm-prometheus - roles: - - role: storage/lvm/base - - role: storage/zfs/base - - role: nginx/base - - role: x509/static-ca/base - - role: apt-repo/spreadspace - - role: kubernetes/base - - role: kubernetes/standalone/base - - role: apps/publish/base - - role: apps/whawty/auth - - role: apps/node-red diff --git a/inventory/host_vars/ch-testvm-prometheus.yml b/inventory/host_vars/ch-testvm-prometheus.yml index ad4a1d9c..415e6774 100644 --- a/inventory/host_vars/ch-testvm-prometheus.yml +++ b/inventory/host_vars/ch-testvm-prometheus.yml @@ -35,260 +35,3 @@ network: - *_network_primary_ ntp_variant: systemd-timesyncd - - - -################# -system_lvm_volume_size_root: 3G - -apt_repo_components: - - main - - contrib ## for zfs - - -lvm_devices: - system/storage: - vg: "{{ host_name }}" - lv: storage - size: 5G - -zfs_pools: - storage: - mountpoint: /srv/storage - create_vdevs: "/dev/{{ host_name }}/storage" - -zfs_volumes: - storage: - whawty: - children: - auth: {} - node-red: {} - -spreadspace_apt_repo_components: - - container - -docker_pkg_provider: docker-com -docker_plugins: - - buildx - -docker_storage: - type: zfs - pool: storage - name: docker - properties: - quota: 1G - -kubelet_storage: - type: zfs - pool: storage - name: kubelet - properties: - quota: 1G - -kubernetes_version: 1.28.5 -kubernetes_container_runtime: docker -kubernetes_standalone_max_pods: 42 -kubernetes_standalone_cni_variant: with-portmap - - - -ch_testvm_prometheus_apps_publish_ca_key: | - -----BEGIN RSA PRIVATE KEY----- - MIIJKQIBAAKCAgEAopKJFGAl3yKFcIFI7j3M/n3lNafjBo3QySoTgtkobO2gR8Me - E6RFwZXEquceO5MYU4BxmWN+m+mOFnTezJbQZAmGv/dPsV+yM/I/oidokg7EZNuo - 2lOrnlt9SP8koIvSBOrzVjCy84BeZWTNpKPXK26lcBoFGxjQ2PYjdW99t0gkX9Rz - KUE9ybTb60F7mVUt99O/eWOBBdQAMPX80eyr7OjFBoQoyDAv3OMx/ZuVjhYOIE+s - Eijjl36NCu4LQawvwd2ewIH+YeTK/VH/JN1yt9RZurlhHrajJvQ6U1t5zY8SubsX - nTUMpTHFoX+B3vPC1fKhMnG+QoPlN2sT9lBCxZcDVKKj6zuhoFCupBWOc4m9A+yK - zAVq0sWnmV1O2AVgtFKdFUc7D7On5hKsN8hlX83haIfyqLN45wdCeXxrHbcyHYS1 - RDTbE2Y5CKqjcgLWjrO72tDyhQJEu1ttkY6HR8d0EBd9WemvWN1xIjx5x4HHHk5e - 1VSaNKp25SucwvsySGpPfnWV4dKnIzFYPnhnpt6xsbwA0s0w/POggKgK+p4YEgtt - GdpBbesME1OrYFu8mlj25JobVyC8H+e7DF7NKNEpLlT0VWR4E1yYTTm9rIhhM0Ne - Cqs0mqOhr+bZ0EDpmD6O9ffyIFjIh9ArkUuf1cD/8V+33Kl8AcB4pHlFaQ0CAwEA - AQKCAgAeWYpfRCrVyvlL3Urq9R0ftouTln3Ow6tiXqlJUHaYTU1SkFW9V3nRT78p - I5/0gbu1HQG4H8erXjDxNszAN3h8cH3YORiG1cVsJrGj+UTvnXOjG5HcfmnH1K8h - MUaadTfWRLF8WfeSd1jIB4dPkOmyuUOH18ezvRCCLINGoXOAA6cMv9nm7f/Vt96l - fvJO2ATOoxh4FjAoUSFfApE59HvNLNBZbNM7Oim5TC3ROVo0biAhfpYyRrFkXxMA - Ixv1XOqGf/Pq3unJRz/xBj2CWZgYwvskXYbIx9JSC56W4Lkuu6LEiy23osdzUIUj - Zu0tHOc270aSJwNcogho7ePKZEXulnx721gQWzSGtY8fVmVHshyFb/h7AiU7uvzQ - b/zh4uG/FcXfTOHWD6nLkzA0bXlnhkhodwt6qn4tCxDTzmlN5Y2oMT3yYax7fxSZ - MVRTvwt5PUKNOf3oxx4IqdmXhVGhdMBaKfrCly4sGQksPes5bcBDbYHlDNZCRwr9 - pn1lSHqrEoD0bN+DV+jDLl2/FUXd/G6SlJUmMwINDRsLaKIM89cOwfIjJa1Y/o9Z - iQ+XZQBKnff9fhLG3cI33CVWXF/v3C99Gy//v2kmyIxamE4cjR76p8hRM1jq896R - Hnb2hKZAONP5a/v3cpnaW08+yvBRT+SvtPFPTuuSUwUTWCymiQKCAQEAwJ7Z/797 - p4lnZBqoDPQfDqqFzn5aTqLvyY1jOYltgxDrlgDjD3SRWDJO3rzUAzIZlCw2stGu - wxhNAT/kaptB3QMcStiVGBnYa0YnPTwp0kVC7+jsp1+FyyGN0b1hcxbkq2EyQN3m - RB5rQZuTKaBDSGO/VQGzTBEW4DAg9bYmBfetbhNQoBjNJ/7yTQIrL9Mf25V3LdXM - T8txuGnOb1eP21t4Ty9mVQMiv/s5Gn611r4rO3BsQ+DSHomUbybGUrnMs4PHmO84 - lTKMCLI1RtebO0Kjhbb6ufWgdrYBzZ0Ir/eleohB8zLhKT6m99Hk57Ou1u1OIi0s - v8jLs43MAPoK+QKCAQEA2BCecN1b/kP3Pex1ZyaXmMZJUNk9BPwFe90KrfJVAmJ9 - qo8Ql8hF95I1roCJghxo3c5EUzp/y7C+vXQdCLUrRGCG2qT5/IIuy8NclmtYSx2T - NH+16ZtO/4EhmmazRWzTBjDyU5Umgvp9O2PKC8iGL7JC32lJ4NYX6M81NgfYXnjz - 4JlgRQZ6mtNlrN+Zc/zyzm7Pb9bSPUJj6sOadrsdgvR0gu1Yi/nKQeGpXMd9LjPT - DFV+Nb0KIFo22MHrUPTaWl7oTtNqBWjKvvV252QzVEuxqzrFOtFMO8Fd4r/lHSAG - kZMFBCiFrApk+hEzchn1umG9IDzBc+6JOglvIMOftQKCAQEAmCAdDbX+A+gp5s6C - sJBQwvV77gSub/KRLH5kwjk+a0f+t56FtVwbuispTRKW4ts7hmGQ5ZNi0aQslPMQ - A/4Qe2uMebQptDodSUPDk8IjSXT4E5/C38E6Wp5qch5+izWmbY+6764QwPXBQbSL - +lEfMlnM72cDYu0QQwjfzw8HYqkkqI3KnFZaGN9qH9W5o/C69WJLGMEEtnR3oOy3 - ZAokjFrmXquRx0xNso/Hnpw6IppYbH4ykz1I1WNU/qAB+63P9Gr8RVWRO4wLOob8 - OrHnYFsV6HIF/L33+ClwrSH7jXYpk+dvJpKlbzyTA6Aah7/KMuaCUc2ZzPHZpzoy - xwaziQKCAQEA0DcTuMhZQqrUtIQOj50NMljDhnoS557G2hqllAOYEHhBif/ciaii - ZHYt7UBJQ22FUVrZVStmxDBLX99pq16Ll5U9365kigYaepqFux8vMxQJK+p2r+zP - MEKM03JtCFZa9fhtTkbJmicyT+1WZAyV45jyAMJCQ72NxPkJ2kutIz2EJ8kmkN4x - gMp/jRzdkH0OsAjxNmHasNYt26ssS4b+ZZiWPyXi0uGhG+QPhi1oYQHoPFaXDcpi - 29KUUEZwMtADLFuRm4T5AsV9vJBoSYyyOmXHja9RKeFQibVKeJ1cebjHG7qGdv9l - 8ekCbkntPePuffJ6g3qJIuOYsqkswnJCkQKCAQAns9UolfLKHB68NuCswjtqlozX - KpMhDQKeS7a1/oOmlymAKJ9irmzwYvlsYTyW9mtYSurstTxKVbqIcPzY+jqGIuuh - 6gpRsKUlfFHluZHl8sCB4ZZ7g+QDQCWAfoiBNgD+pkJqlL7DGKd520NMxQyYxDH1 - cEx5blKgO2sKkkV0jTYHO7SAlVpy4j7Gm9olG8v6AxBFQrEgeI/pGANXundho6ai - u2m8YDkIlS1zQiyyvBncNoZ5X2ZDSa1aAJn9B6lCq9PWKxhKNX8E8aVVbrDFIK4+ - zu71QecMIJVfHGtrjBbfQgFiJzxTi10YpuJvBT5HQPF4XjAN3DB15D/Gy9BG - -----END RSA PRIVATE KEY----- -ch_testvm_prometheus_apps_publish_ca_cert: | - -----BEGIN CERTIFICATE----- - MIIFBDCCAuygAwIBAgIUB05Y1b+0LfULh1R7h1OUHF44VO4wDQYJKoZIhvcNAQEL - BQAwLzEtMCsGA1UEAwwkY2gtdGVzdHZtLXByb21ldGh1ZXMgQXBwcyBQdWJsaXNo - IENBMCAXDTI0MDExMTIwMTIyMloYDzIwNjMxMTIzMjAxMjIyWjAvMS0wKwYDVQQD - DCRjaC10ZXN0dm0tcHJvbWV0aHVlcyBBcHBzIFB1Ymxpc2ggQ0EwggIiMA0GCSqG - SIb3DQEBAQUAA4ICDwAwggIKAoICAQCikokUYCXfIoVwgUjuPcz+feU1p+MGjdDJ - KhOC2Shs7aBHwx4TpEXBlcSq5x47kxhTgHGZY36b6Y4WdN7MltBkCYa/90+xX7Iz - 8j+iJ2iSDsRk26jaU6ueW31I/ySgi9IE6vNWMLLzgF5lZM2ko9crbqVwGgUbGNDY - 9iN1b323SCRf1HMpQT3JtNvrQXuZVS330795Y4EF1AAw9fzR7Kvs6MUGhCjIMC/c - 4zH9m5WOFg4gT6wSKOOXfo0K7gtBrC/B3Z7Agf5h5Mr9Uf8k3XK31Fm6uWEetqMm - 9DpTW3nNjxK5uxedNQylMcWhf4He88LV8qEycb5Cg+U3axP2UELFlwNUoqPrO6Gg - UK6kFY5zib0D7IrMBWrSxaeZXU7YBWC0Up0VRzsPs6fmEqw3yGVfzeFoh/Kos3jn - B0J5fGsdtzIdhLVENNsTZjkIqqNyAtaOs7va0PKFAkS7W22RjodHx3QQF31Z6a9Y - 3XEiPHnHgcceTl7VVJo0qnblK5zC+zJIak9+dZXh0qcjMVg+eGem3rGxvADSzTD8 - 86CAqAr6nhgSC20Z2kFt6wwTU6tgW7yaWPbkmhtXILwf57sMXs0o0SkuVPRVZHgT - XJhNOb2siGEzQ14KqzSao6Gv5tnQQOmYPo719/IgWMiH0CuRS5/VwP/xX7fcqXwB - wHikeUVpDQIDAQABoxYwFDASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEB - CwUAA4ICAQBOwXLbrM+9D9177SWrn/O9ETGBAMyITotf970eSDTfh7qeMagYY3z2 - 72sABwv226ITrS/ukgyWqC/jqZFr/lONqG5ckrfn8JHJyX8PpQUW0C9TkOrd6NMu - bgoQWXJHrKiqW56jPzo9WiQ0HqEY/QUKw7ZkhVr/SrUykSombGw0mCzPXGrpcYBe - 5p0IwEEDX7Meu6iPPXhLhK0RMtLGPNSKmnGdnlMR88DdbVzAyxS5bfwmEsaE8U4x - 3oMYCfzVTjYIu/mNizEen4TMK8MlYMD4xFP/Zsd+/l3JGfXy/qhQiOaCQZy1yhZI - S5Ypm6IsnZ9yhz6+XysOSq1aXeMsJeADGrpCIz1MKSK6YK5J6wMvEYWLVC73FosF - 0pLbO+OANXW3/h6qatZoqCKEOmFe5vSLDbl7G4JPhl2YpW2nuKNyDhOSgH0NcbJy - saidgBVGFz5reT+Dj3rHaGUxgnBvBRF19RAy17K4jWvQlHNYP3+K4T3fXg2Jk+TJ - xNP1ILaGJp6lzTgWu2eOnuzoSL1nHXnFlH0j/GR/iutZMMUPWwifUn7AT1t8NcBF - sb5sQP1wadb+tLgNH47loPxdP5Ox8xReSPgvwB5Kjt3yvRnJ7WCezG2xUQOIO2cT - ZZPiVEsoxs6xspIPbfPPA6cOxsKPnWzp5eZpjFbDkkgURn0c2nSKlQ== - -----END CERTIFICATE----- - - -apps_publish_zone__ch_testvm_prometheus: - name: ch-testvm-prometheus - publisher: ch-testvm-prometheus - certificate_provider: static-ca - certificate_ca_config: - cert_content: "{{ ch_testvm_prometheus_apps_publish_ca_cert }}" - key_content: "{{ ch_testvm_prometheus_apps_publish_ca_key }}" - - - -_whawty_auth_zfs_base_: - pool: storage - name: whawty/auth - -whawty_auth_instances: - foo: - version: 0.2-rc9 - port: 3080 - store: - default: 1 - params: - - id: 1 - argon2id: - time: 1 - memory: 65536 - threads: 4 - length: 32 - sync: - port: 3022 - authorized_keys: "{{ users.equinox.ssh }}" - storage: - type: zfs - parent: "{{ _whawty_auth_zfs_base_ }}" - name: foo - properties: - quota: 256M - publish: - zone: "{{ apps_publish_zone__ch_testvm_prometheus }}" - hostnames: - - passwd.example.com - tls: - certificate_provider: selfsigned - cert: - organization_name: "chaos-at-home" - organizational_unit_name: "ansible" - key_usage: - - digitalSignature - - keyAgreement - key_usage_critical: yes - extended_key_usage: - - serverAuth - extended_key_usage_critical: yes - create_subject_key_identifier: yes - not_after: +52w - renew_margin: +42d - bar: - version: 0.2-rc9 - port: 3180 - store: - default: 1 - params: - - id: 1 - argon2id: - time: 1 - memory: 65536 - threads: 4 - length: 32 - sync: - port: 3122 - authorized_keys: "{{ users.equinox.ssh }}" - storage: - type: zfs - parent: "{{ _whawty_auth_zfs_base_ }}" - name: bar - properties: - quota: 128M - publish: - zone: "{{ apps_publish_zone__ch_testvm_prometheus }}" - hostnames: - - passwd.bar.com - tls: - certificate_provider: selfsigned - cert: - organization_name: "chaos-at-home" - organizational_unit_name: "ansible" - key_usage: - - digitalSignature - - keyAgreement - key_usage_critical: yes - extended_key_usage: - - serverAuth - extended_key_usage_critical: yes - create_subject_key_identifier: yes - not_after: +52w - renew_margin: +42d - - -_node_red_zfs_base_: - pool: storage - name: node-red - -node_red_instances: - test: - version: 3.1.3 - port: 1880 - credential_secret: "altough-i-should-be-i-am-neither-secret-nor-random" - storage: - type: zfs - parent: "{{ _node_red_zfs_base_ }}" - name: test - properties: - quota: 512M - publish: - zone: "{{ apps_publish_zone__ch_testvm_prometheus }}" - hostnames: - - node-red.example.com diff --git a/roles/storage/lvm/base/defaults/main.yml b/roles/storage/lvm/base/defaults/main.yml index f85e2c80..bc57a43d 100644 --- a/roles/storage/lvm/base/defaults/main.yml +++ b/roles/storage/lvm/base/defaults/main.yml @@ -7,6 +7,14 @@ lvm_groups: {} # - /dev/sdb # - /dev/sdc +lvm_thinpools: {} + +# lvm_thinpools: +# foo/test: +# vg: foo +# lv: test +# size: 4G + lvm_devices: {} # lvm_devices: @@ -14,17 +22,12 @@ lvm_devices: {} # vg: "{{ host_name }}" # lv: dev-test # size: 1G -# foo/test: &_lvm_thinpool_foo_test_ -# vg: foo -# lv: test -# thinpool: true -# size: 4G # foo/blub: -# parent: *_lvm_thinpool_foo_test_ +# parent: "{{ lvm_thinpools['foo/test'] }}" # lv: blub # size: 3G # foo/hugo: -# parent: *_lvm_thinpool_foo_test_ +# parent: "{{ lvm_thinpools['foo/test'] }}" # lv: hugo # size: 2G @@ -38,13 +41,13 @@ lvm_volumes: {} # fs: ext4 # dest: /srv/test # foo/app1: -# parent: *_lvm_thinpool_foo_test_ +# parent: "{{ lvm_thinpools['foo/test'] }}" # lv: app1 # size: 3G # fs: ext4 # dest: /srv/app1 # foo/app2: -# parent: *_lvm_thinpool_foo_test_ +# parent: "{{ lvm_thinpools['foo/test'] }}" # lv: app2 # size: 2G # fs: ext4 diff --git a/roles/storage/lvm/base/filter_plugins/lvm.py b/roles/storage/lvm/base/filter_plugins/lvm.py deleted file mode 100644 index 312741a6..00000000 --- a/roles/storage/lvm/base/filter_plugins/lvm.py +++ /dev/null @@ -1,31 +0,0 @@ -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -from functools import partial - -from ansible import errors - - -def lvm_device_list(data): - try: - thinpools = [] - devices = [] - for name, device in data.items(): - entry = {'name': name, 'device': device} - if 'thinpool' in device and device['thinpool'] == True: - thinpools.append(entry) - else: - devices.append(entry) - return thinpools + devices - except Exception as e: - raise errors.AnsibleFilterError("lvm_device_list(): %s" % str(e)) - - -class FilterModule(object): - - filter_map = { - 'lvm_device_list': lvm_device_list, - } - - def filters(self): - return self.filter_map diff --git a/roles/storage/lvm/base/tasks/main.yml b/roles/storage/lvm/base/tasks/main.yml index 04d44ad0..a564e3c0 100644 --- a/roles/storage/lvm/base/tasks/main.yml +++ b/roles/storage/lvm/base/tasks/main.yml @@ -11,12 +11,27 @@ pv_options: "{{ item.value.pv_options | default(omit) }}" state: present +- name: install thin-provisioning-tools + when: (lvm_thinpools | list | length) > 0 + apt: + name: thin-provisioning-tools + state: present + +- name: create lvm thinpools + loop: "{{ lvm_thinpools | dict2items }}" + loop_control: + label: "{{ item.key }}" + lvol: + vg: "{{ item.value.vg }}" + thinpool: "{{ item.value.lv }}" + size: "{{ item.value.size }}" + - name: create lvm devices - loop: "{{ lvm_devices | lvm_device_list }}" + loop: "{{ lvm_devices | dict2items }}" loop_control: - label: "{{ item.name }}" + label: "{{ item.key }}" vars: - lvm_device: "{{ item.device }}" + lvm_device: "{{ item.value }}" include_role: name: storage/lvm/device diff --git a/roles/storage/lvm/device/defaults/main.yml b/roles/storage/lvm/device/defaults/main.yml index abe4f52c..f9e1b255 100644 --- a/roles/storage/lvm/device/defaults/main.yml +++ b/roles/storage/lvm/device/defaults/main.yml @@ -1,11 +1,9 @@ --- # lvm_device: # parent: -# thinpool: true # ... # vg: foo # lv: bar -# thinpool: false # size: 10G lvm_device: "{{ storage_device }}" diff --git a/roles/storage/lvm/device/tasks/main.yml b/roles/storage/lvm/device/tasks/main.yml index bac06b3d..303013ec 100644 --- a/roles/storage/lvm/device/tasks/main.yml +++ b/roles/storage/lvm/device/tasks/main.yml @@ -1,25 +1,11 @@ --- -- name: check device parent - when: "'parent' in lvm_device" - assert: - msg: "the device parent must be a lvm thinpool" - that: - - (lvm_device.parent.thinpool | default(false)) - -- name: install thin-provisioning-tools - when: (lvm_device.thinpool | default(false)) - apt: - name: thin-provisioning-tools - state: present - - name: create logical volume lvol: vg: "{{ lvm_device.parent.vg | default(lvm_device.vg) }}" - lv: "{{ (lvm_device.thinpool | default(false)) | ternary(omit, lvm_device.lv) }}" + lv: "{{ lvm_device.lv }}" size: "{{ lvm_device.size }}" - thinpool: "{{ (lvm_device.thinpool | default(false)) | ternary(lvm_device.lv, (lvm_device.parent.lv | default(omit))) }}" + thinpool: "{{ lvm_device.parent.lv | default(omit) }}" - name: export device path - when: not (lvm_device.thinpool | default(false)) set_fact: storage_device_path: "/dev/mapper/{{ lvm_device.parent.vg | default(lvm_device.vg) | replace('-', '--') }}-{{ lvm_device.lv | replace('-', '--') }}" diff --git a/roles/storage/lvm/volume/defaults/main.yml b/roles/storage/lvm/volume/defaults/main.yml index 6c0d6cf5..c81fc239 100644 --- a/roles/storage/lvm/volume/defaults/main.yml +++ b/roles/storage/lvm/volume/defaults/main.yml @@ -1,11 +1,9 @@ --- # lvm_volume: # parent: -# thinpool: true # ... # vg: foo # lv: bar -# thinpool: false # size: 10G # fs: ext4 # dest: /srv/foo/bar diff --git a/roles/storage/lvm/volume/tasks/main.yml b/roles/storage/lvm/volume/tasks/main.yml index d7255739..7e8c304f 100644 --- a/roles/storage/lvm/volume/tasks/main.yml +++ b/roles/storage/lvm/volume/tasks/main.yml @@ -1,11 +1,4 @@ --- -- name: check volume parent - when: "'parent' in lvm_volume" - assert: - msg: "the volume parent must be a lvm thinpool" - that: - - (lvm_volume.parent.thinpool | default(false)) - - name: create logical volume lvol: vg: "{{ lvm_volume.parent.vg | default(lvm_volume.vg) }}" |