diff options
-rw-r--r-- | dan/host_vars/sk-2019vm.yml | 30 | ||||
-rw-r--r-- | dan/sk-2019vm.yml | 2 | ||||
-rw-r--r-- | inventory/host_vars/sk-2019vm.yml | 18 | ||||
-rw-r--r-- | inventory/host_vars/sk-testvm.yml | 14 | ||||
-rw-r--r-- | roles/vm/define/templates/libvirt-domain.xml.j2 | 4 | ||||
-rw-r--r-- | roles/vm/host/tasks/network.yml | 8 |
6 files changed, 56 insertions, 20 deletions
diff --git a/dan/host_vars/sk-2019vm.yml b/dan/host_vars/sk-2019vm.yml index 53629208..a20c9957 100644 --- a/dan/host_vars/sk-2019vm.yml +++ b/dan/host_vars/sk-2019vm.yml @@ -1,10 +1,22 @@ $ANSIBLE_VAULT;1.2;AES256;dan -64313638393461613535643731303830343539313333643462633232303936346665636536313630 -6261376532663565343434376633613930613331626530380a633235326261306166356166636363 -32636530656665303633373331353565626534646466666336636561376638323834646262633636 -3633656465366263640a653837613439363438653366643763323933366361323938326439373138 -36323638633530323630323133386332303965353866353831383961333363613933373132353663 -35393938326630356261336136633763316436366435313965306166656138393032306434363861 -62383632636239653233626535316361376637646564333861323936343833383030303139346135 -39303735623038633661626238616638373061643762336339366434303162633731646432626364 -3432 +31643161386262663634396262643361353430306563326165323830666335303036626130353330 +6332343034356334306166633236326532366334333438340a366262336162643563363931616232 +31383137666134633536366233623237306365613661353562393836623831656138633066373265 +3033373239316132650a343364333332623661313430636631383731633261343432633437313266 +65343236613666383133666334666338623037383865376264646338373166323632366439666636 +63373833303036316439663661316462333330643461386662383631373732306262356130393266 +61323937633036666561356233666534326636363762656639626230626431323365393437366562 +32623566316364646336353031653866313764393366653635613261323565626339353739353565 +66653536636432386361633734653431623365323262643238376533616165643861616232323861 +37323631393934653632373465663337663537366464666338646466633130346164303163376665 +63386335356435323064386232353363313739343135623938316631333764366637393836646465 +61663830383735396339373837363262316431316362326334633666333839386236633139373035 +62386665396235643439666265653630653138626562373734396236326162623162353437346534 +38623331663730623830313138363462366232356163303265353839633538616261633632623262 +31376266303337373236653833623161393537373638376533643138346161373061636662373239 +35373836636233376162333038613030633734356462383932323238316237313163396634343964 +62383831666538393262383337646164376336393732376136666333613938623164393866353164 +36663037353836333230623938633530616130323563653533663363333166303466313132366134 +61313239643738303861353262323461376431633332313961363431666365396439313332653338 +34633931343337303136343434313062633137646236336532356630373531633738306465376663 +3836 diff --git a/dan/sk-2019vm.yml b/dan/sk-2019vm.yml index befbedf0..00c6a067 100644 --- a/dan/sk-2019vm.yml +++ b/dan/sk-2019vm.yml @@ -5,5 +5,7 @@ - role: base - role: sshd - role: zsh + - role: admin-user + - role: cryptdisk - role: zfs/base - role: vm/host diff --git a/inventory/host_vars/sk-2019vm.yml b/inventory/host_vars/sk-2019vm.yml index 04f34626..c0578ab9 100644 --- a/inventory/host_vars/sk-2019vm.yml +++ b/inventory/host_vars/sk-2019vm.yml @@ -12,9 +12,8 @@ network: {} vm_host: network: interface: br-public - ip: 192.168.250.254 - mask: 255.255.255.0 - nameservers: + prefix: 192.168.250.254/24 + dns: - 213.133.100.100 - 213.133.98.98 - 213.133.99.99 @@ -23,6 +22,17 @@ vm_host: nat: yes +ssh_keys_root: "{{ ssh_keys.equinox[env_group] + ssh_keys.dan }}" + +cryptdisk_volumes: + crypto-nvme0: + passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme0'].passphrase }}" + device: /dev/disk/by-id/nvme-eui.0025388291b201dc-part3 + crypto-nvme1: + passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme1'].passphrase }}" + device: /dev/disk/by-id/nvme-eui.0025388291b201cb-part3 + + zfs_zpool_name: storage zfs_zpool_mountpoint: /srv/storage -zfs_zpool_create_vdevs: mirror nvme0n1p3 nvme1n1p3 +zfs_zpool_create_vdevs: mirror /dev/mapper/crypto-nvme0 /dev/mapper/crypto-nvme1 diff --git a/inventory/host_vars/sk-testvm.yml b/inventory/host_vars/sk-testvm.yml index 656bef32..88fa4de1 100644 --- a/inventory/host_vars/sk-testvm.yml +++ b/inventory/host_vars/sk-testvm.yml @@ -13,6 +13,18 @@ install: pool: storage name: "{{ inventory_hostname }}" size: 5g + interfaces: + - bridge: br-public + name: primary0 autostart: False -network: {} +network: + nameservers: "{{ hostvars[vm_host].vm_host.network.dns }}" + domain: "{{ host_domain }}" + systemd_link: + interfaces: "{{ install.interfaces }}" + primary: + interface: primary0 + ip: "{{ hostvars[vm_host].vm_host.network.prefix | ipaddr(hostvars[vm_host].vm_host.network.offsets[inventory_hostname]) | ipaddr('address') }}" + mask: "{{ hostvars[vm_host].vm_host.network.prefix | ipaddr('netmask') }}" + gateway: "{{ hostvars[vm_host].vm_host.network.prefix | ipaddr('address') }}" diff --git a/roles/vm/define/templates/libvirt-domain.xml.j2 b/roles/vm/define/templates/libvirt-domain.xml.j2 index 59037fd9..426d4323 100644 --- a/roles/vm/define/templates/libvirt-domain.xml.j2 +++ b/roles/vm/define/templates/libvirt-domain.xml.j2 @@ -42,7 +42,7 @@ {% if src.type == 'lvm' %} <source dev='/dev/mapper/{{ src.vg | replace('-', '--') }}-{{ src.lv | replace('-', '--') }}'/> {% elif src.type == 'zfs' %} - <source dev='/dev/zvol/{{ srv.pool }}/{{ srv.name }}'/> + <source dev='/dev/zvol/{{ src.pool }}/{{ src.name }}'/> {% endif %} <target dev='{{ device }}' bus='virtio'/> </disk> @@ -57,7 +57,7 @@ {% if src.type == 'lvm' %} <source dev='/dev/mapper/{{ src.vg | replace('-', '--') }}-{{ src.lv | replace('-', '--') }}'/> {% elif src.type == 'zfs' %} - <source dev='/dev/zvol/{{ srv.pool }}/{{ srv.name }}'/> + <source dev='/dev/zvol/{{ src.pool }}/{{ src.name }}'/> {% endif %} <target dev='{{ device }}' bus='scsi'/> </disk> diff --git a/roles/vm/host/tasks/network.yml b/roles/vm/host/tasks/network.yml index d3d2edf2..7ce3de45 100644 --- a/roles/vm/host/tasks/network.yml +++ b/roles/vm/host/tasks/network.yml @@ -6,8 +6,8 @@ content: | auto {{ vm_host.network.interface }} iface {{ vm_host.network.interface }} inet static - address {{ vm_host.network.ip }} - netmask {{ vm_host.network.mask }} + address {{ vm_host.network.prefix | ipaddr('address') }} + netmask {{ vm_host.network.prefix | ipaddr('netmask') }} bridge_ports none bridge_stp off bridge_waitport 0 @@ -19,8 +19,8 @@ up /sbin/sysctl net.bridge.bridge-nf-call-ip6tables=0 up /sbin/sysctl net.bridge.bridge-nf-call-arptables=0 {% if 'nat' in vm_host.network and vm_host.network.nat %} - up /usr/sbin/iptables -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ (vm_host.network.ip + '/' + vm_host.network.mask) | ipaddr('network/prefix') }} -j SNAT --to {{ ansible_default_ipv4.address }} - down /usr/sbin/iptables -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ (vm_host.network.ip + '/' + vm_host.network.mask) | ipaddr('network/prefix') }} -j SNAT --to {{ ansible_default_ipv4.address }} + up /usr/sbin/iptables -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ vm_host.network.prefix | ipaddr('network/prefix') }} -j SNAT --to {{ ansible_default_ipv4.address }} + down /usr/sbin/iptables -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ vm_host.network.prefix | ipaddr('network/prefix') }} -j SNAT --to {{ ansible_default_ipv4.address }} {% endif %} register: vmhost_interface_config |