From ba2ab1cb42db29c8287c65a3f1e0b646eeba0464 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 20 Jan 2024 22:42:30 +0100 Subject: add storage_device roles --- chaos-at-home/ch-testvm-phoebe.yml | 5 --- inventory/host_vars/ch-testvm-phoebe.yml | 4 --- roles/storage/luks/base/tasks/main.yml | 45 +++++------------------ roles/storage/luks/device/defaults/main.yml | 7 ++++ roles/storage/luks/device/tasks/main.yml | 36 +++++++++++++++++++ roles/storage/lvm/base/defaults/main.yml | 36 +++++++++++++------ roles/storage/lvm/base/filter_plugins/lvm.py | 18 +++++----- roles/storage/lvm/base/tasks/main.yml | 15 ++++++-- roles/storage/lvm/device/defaults/main.yml | 11 ++++++ roles/storage/lvm/device/tasks/main.yml | 25 +++++++++++++ roles/storage/lvm/volume/tasks/main.yml | 53 ++++++++++++---------------- roles/storage/zfs/base/defaults/main.yml | 19 ++++++++-- roles/storage/zfs/base/tasks/main.yml | 9 +++++ roles/storage/zfs/device/defaults/main.yml | 11 ++++++ roles/storage/zfs/device/tasks/main.yml | 14 ++++++++ 15 files changed, 206 insertions(+), 102 deletions(-) create mode 100644 roles/storage/luks/device/defaults/main.yml create mode 100644 roles/storage/luks/device/tasks/main.yml create mode 100644 roles/storage/lvm/device/defaults/main.yml create mode 100644 roles/storage/lvm/device/tasks/main.yml create mode 100644 roles/storage/zfs/device/defaults/main.yml create mode 100644 roles/storage/zfs/device/tasks/main.yml diff --git a/chaos-at-home/ch-testvm-phoebe.yml b/chaos-at-home/ch-testvm-phoebe.yml index bcb4d92e..e791839b 100644 --- a/chaos-at-home/ch-testvm-phoebe.yml +++ b/chaos-at-home/ch-testvm-phoebe.yml @@ -7,8 +7,3 @@ - role: core/sshd/base - role: core/zsh - role: core/ntp - -- name: Payload Setup - hosts: ch-testvm-phoebe - roles: - - role: greenbone/target diff --git a/inventory/host_vars/ch-testvm-phoebe.yml b/inventory/host_vars/ch-testvm-phoebe.yml index df89e810..d15e4142 100644 --- a/inventory/host_vars/ch-testvm-phoebe.yml +++ b/inventory/host_vars/ch-testvm-phoebe.yml @@ -39,7 +39,3 @@ network: address: "{{ network_zones.iot.prefix | ansible.utils.ipaddr(network_zones.iot.offsets[inventory_hostname]) }}" ntp_variant: systemd-timesyncd - - -#### -sshd_allowusers_host: "{{ admin_users_host + ['greenbone'] }}" diff --git a/roles/storage/luks/base/tasks/main.yml b/roles/storage/luks/base/tasks/main.yml index 7fe556a1..eca233e8 100644 --- a/roles/storage/luks/base/tasks/main.yml +++ b/roles/storage/luks/base/tasks/main.yml @@ -4,40 +4,11 @@ name: cryptsetup-bin state: present -- name: Create temporary build directory - tempfile: - state: directory - register: keyfile_dir - changed_when: False - check_mode: False - -- name: create luks volumes - block: - - name: write passphrases into temporary keyfiles - loop: "{{ luks_devices | dict2items }}" - loop_control: - label: "{{ item.key }}" - copy: - dest: "{{ keyfile_dir.path }}/{{ item.key }}" - content: "{{ item.value.passphrase }}" - mode: 0600 - changed_when: False - check_mode: False - - - name: create/open luks volumes - loop: "{{ luks_devices | dict2items }}" - loop_control: - label: "{{ item.key }} ({{ item.value.device }})" - luks_device: - name: "{{ item.key }}" - device: "{{ item.value.device }}" - keyfile: "{{ keyfile_dir.path }}/{{ item.key }}" - state: opened - - always: - - name: remove base-directory for keyfiles - file: - path: "{{ keyfile_dir.path }}" - state: absent - changed_when: False - check_mode: False +- name: create luks devices + loop: "{{ luks_devices | dict2items }}" + loop_control: + label: "{{ item.key }}" + vars: + luks_device: "{{ item.value | combine({'name': item.key}) }}" + include_role: + name: storage/luks/device diff --git a/roles/storage/luks/device/defaults/main.yml b/roles/storage/luks/device/defaults/main.yml new file mode 100644 index 00000000..009d1485 --- /dev/null +++ b/roles/storage/luks/device/defaults/main.yml @@ -0,0 +1,7 @@ +--- +# luks_device: +# name: crypto-nvme0 +# passphrase: "keep-this-very-very-secret" +# device: /dev/nvme0n1p3 + +luks_device: "{{ storage_device }}" diff --git a/roles/storage/luks/device/tasks/main.yml b/roles/storage/luks/device/tasks/main.yml new file mode 100644 index 00000000..7b84b8cc --- /dev/null +++ b/roles/storage/luks/device/tasks/main.yml @@ -0,0 +1,36 @@ +--- +- name: Create temporary build directory + check_mode: False + tempfile: + state: directory + changed_when: False + register: luks_keyfile_dir + +- name: create luks device + block: + - name: write passphrase into temporary keyfile + check_mode: False + copy: + dest: "{{ luks_keyfile_dir.path }}/{{ luks_device.name }}" + content: "{{ luks_device.passphrase }}" + mode: 0400 + changed_when: False + + - name: create/open luks device + luks_device: + name: "{{ luks_device.name }}" + device: "{{ luks_device.device }}" + keyfile: "{{ luks_keyfile_dir.path }}/{{ luks_device.name }}" + state: opened + + always: + - name: remove base-directory for keyfiles + check_mode: False + file: + path: "{{ luks_keyfile_dir.path }}" + state: absent + changed_when: False + +- name: export device path + set_fact: + storage_device_path: "/dev/mapper/{{ luks_device.name }}" diff --git a/roles/storage/lvm/base/defaults/main.yml b/roles/storage/lvm/base/defaults/main.yml index 36df4a51..f85e2c80 100644 --- a/roles/storage/lvm/base/defaults/main.yml +++ b/roles/storage/lvm/base/defaults/main.yml @@ -5,17 +5,15 @@ lvm_groups: {} # foo: # pvs: # - /dev/sdb -# - /dev/sdc1 +# - /dev/sdc -lvm_volumes: {} +lvm_devices: {} -# lvm_volumes: -# system/test: +# lvm_devices: +# system/dev-test: # vg: "{{ host_name }}" -# lv: test +# lv: dev-test # size: 1G -# fs: ext4 -# dest: /srv/test # foo/test: &_lvm_thinpool_foo_test_ # vg: foo # lv: test @@ -25,11 +23,29 @@ lvm_volumes: {} # parent: *_lvm_thinpool_foo_test_ # lv: blub # size: 3G -# fs: ext4 -# dest: /srv/blub # foo/hugo: # parent: *_lvm_thinpool_foo_test_ # lv: hugo # size: 2G + +lvm_volumes: {} + +# lvm_volumes: +# system/vol-test: +# vg: "{{ host_name }}" +# lv: vol-test +# size: 1G +# fs: ext4 +# dest: /srv/test +# foo/app1: +# parent: *_lvm_thinpool_foo_test_ +# lv: app1 +# size: 3G +# fs: ext4 +# dest: /srv/app1 +# foo/app2: +# parent: *_lvm_thinpool_foo_test_ +# lv: app2 +# size: 2G # fs: ext4 -# dest: /srv/hugo +# dest: /srv/app2 diff --git a/roles/storage/lvm/base/filter_plugins/lvm.py b/roles/storage/lvm/base/filter_plugins/lvm.py index 0f8b1e97..312741a6 100644 --- a/roles/storage/lvm/base/filter_plugins/lvm.py +++ b/roles/storage/lvm/base/filter_plugins/lvm.py @@ -6,25 +6,25 @@ from functools import partial from ansible import errors -def lvm_volume_list(data): +def lvm_device_list(data): try: thinpools = [] - volumes = [] - for name, volume in data.items(): - entry = {'name': name, 'volume': volume} - if 'thinpool' in volume and volume['thinpool'] == True: + devices = [] + for name, device in data.items(): + entry = {'name': name, 'device': device} + if 'thinpool' in device and device['thinpool'] == True: thinpools.append(entry) else: - volumes.append(entry) - return thinpools + volumes + devices.append(entry) + return thinpools + devices except Exception as e: - raise errors.AnsibleFilterError("lvm_volume_list(): %s" % str(e)) + raise errors.AnsibleFilterError("lvm_device_list(): %s" % str(e)) class FilterModule(object): filter_map = { - 'lvm_volume_list': lvm_volume_list, + 'lvm_device_list': lvm_device_list, } def filters(self): diff --git a/roles/storage/lvm/base/tasks/main.yml b/roles/storage/lvm/base/tasks/main.yml index 75af733b..04d44ad0 100644 --- a/roles/storage/lvm/base/tasks/main.yml +++ b/roles/storage/lvm/base/tasks/main.yml @@ -11,11 +11,20 @@ pv_options: "{{ item.value.pv_options | default(omit) }}" state: present -- name: create lvm volumes - loop: "{{ lvm_volumes | lvm_volume_list }}" +- name: create lvm devices + loop: "{{ lvm_devices | lvm_device_list }}" loop_control: label: "{{ item.name }}" vars: - lvm_volume: "{{ item.volume }}" + lvm_device: "{{ item.device }}" + include_role: + name: storage/lvm/device + +- name: create lvm volumes + loop: "{{ lvm_volumes | dict2items }}" + loop_control: + label: "{{ item.key }}" + vars: + lvm_volume: "{{ item.value }}" include_role: name: storage/lvm/volume diff --git a/roles/storage/lvm/device/defaults/main.yml b/roles/storage/lvm/device/defaults/main.yml new file mode 100644 index 00000000..abe4f52c --- /dev/null +++ b/roles/storage/lvm/device/defaults/main.yml @@ -0,0 +1,11 @@ +--- +# lvm_device: +# parent: +# thinpool: true +# ... +# vg: foo +# lv: bar +# thinpool: false +# size: 10G + +lvm_device: "{{ storage_device }}" diff --git a/roles/storage/lvm/device/tasks/main.yml b/roles/storage/lvm/device/tasks/main.yml new file mode 100644 index 00000000..bac06b3d --- /dev/null +++ b/roles/storage/lvm/device/tasks/main.yml @@ -0,0 +1,25 @@ +--- +- name: check device parent + when: "'parent' in lvm_device" + assert: + msg: "the device parent must be a lvm thinpool" + that: + - (lvm_device.parent.thinpool | default(false)) + +- name: install thin-provisioning-tools + when: (lvm_device.thinpool | default(false)) + apt: + name: thin-provisioning-tools + state: present + +- name: create logical volume + lvol: + vg: "{{ lvm_device.parent.vg | default(lvm_device.vg) }}" + lv: "{{ (lvm_device.thinpool | default(false)) | ternary(omit, lvm_device.lv) }}" + size: "{{ lvm_device.size }}" + thinpool: "{{ (lvm_device.thinpool | default(false)) | ternary(lvm_device.lv, (lvm_device.parent.lv | default(omit))) }}" + +- name: export device path + when: not (lvm_device.thinpool | default(false)) + set_fact: + storage_device_path: "/dev/mapper/{{ lvm_device.parent.vg | default(lvm_device.vg) | replace('-', '--') }}-{{ lvm_device.lv | replace('-', '--') }}" diff --git a/roles/storage/lvm/volume/tasks/main.yml b/roles/storage/lvm/volume/tasks/main.yml index 9329965c..d7255739 100644 --- a/roles/storage/lvm/volume/tasks/main.yml +++ b/roles/storage/lvm/volume/tasks/main.yml @@ -6,42 +6,33 @@ that: - (lvm_volume.parent.thinpool | default(false)) -- name: install thin-provisioning-tools - when: (lvm_volume.thinpool | default(false)) - apt: - name: thin-provisioning-tools - state: present - - name: create logical volume lvol: vg: "{{ lvm_volume.parent.vg | default(lvm_volume.vg) }}" - lv: "{{ (lvm_volume.thinpool | default(false)) | ternary(omit, lvm_volume.lv) }}" + lv: "{{ lvm_volume.lv }}" size: "{{ lvm_volume.size }}" - thinpool: "{{ (lvm_volume.thinpool | default(false)) | ternary(lvm_volume.lv, (lvm_volume.parent.lv | default(omit))) }}" + thinpool: "{{ lvm_volume.parent.lv | default(omit) }}" -- name: create and mount filesystem - when: not (lvm_volume.thinpool | default(false)) - block: - - name: create filesystem - filesystem: - fstype: "{{ lvm_volume.fs }}" - dev: "/dev/mapper/{{ lvm_volume.parent.vg | default(lvm_volume.vg) | replace('-', '--') }}-{{ lvm_volume.lv | replace('-', '--') }}" +- name: create filesystem + filesystem: + fstype: "{{ lvm_volume.fs }}" + dev: "/dev/mapper/{{ lvm_volume.parent.vg | default(lvm_volume.vg) | replace('-', '--') }}-{{ lvm_volume.lv | replace('-', '--') }}" - - name: mount filesytem - mount: - src: "/dev/mapper/{{ lvm_volume.parent.vg | default(lvm_volume.vg) | replace('-', '--') }}-{{ lvm_volume.lv | replace('-', '--') }}" - path: "{{ lvm_volume.dest }}" - fstype: "{{ lvm_volume.fs }}" - state: mounted +- name: mount filesytem + mount: + src: "/dev/mapper/{{ lvm_volume.parent.vg | default(lvm_volume.vg) | replace('-', '--') }}-{{ lvm_volume.lv | replace('-', '--') }}" + path: "{{ lvm_volume.dest }}" + fstype: "{{ lvm_volume.fs }}" + state: mounted - - name: set volume owner/group and mode - file: - state: directory - path: "{{ lvm_volume.dest }}" - mode: "{{ lvm_volume.mode | default(omit) }}" - owner: "{{ lvm_volume.owner | default(omit) }}" - group: "{{ lvm_volume.group | default(omit) }}" +- name: set volume owner/group and mode + file: + state: directory + path: "{{ lvm_volume.dest }}" + mode: "{{ lvm_volume.mode | default(omit) }}" + owner: "{{ lvm_volume.owner | default(omit) }}" + group: "{{ lvm_volume.group | default(omit) }}" - - name: export volume mountpoint - set_fact: - storage_volume_mountpoint: "{{ lvm_volume.dest }}" +- name: export volume mountpoint + set_fact: + storage_volume_mountpoint: "{{ lvm_volume.dest }}" diff --git a/roles/storage/zfs/base/defaults/main.yml b/roles/storage/zfs/base/defaults/main.yml index df56f0c8..96fb3b73 100644 --- a/roles/storage/zfs/base/defaults/main.yml +++ b/roles/storage/zfs/base/defaults/main.yml @@ -12,7 +12,7 @@ zfs_pool_default_properties: # mountpoint: /srv/storage # create_vdevs: mirror /dev/sda /dev/sdb mirror /dev/sdc /dev/sdd log mirror /dev/nvme0n1p3 /dev/nvme1n1p3 cache /dev/nvme0n1p4 /dev/nvme1n1p4 # test: -# mountpoint: /srv/storage +# mountpoint: /srv/test # create_vdevs: raidz /dev/sda /dev/sdb /dev/sdc /dev/sdd # properties: # ashift: 12 @@ -40,10 +40,23 @@ zfs_volumes: {} # quota: 2G # children: # ben: {} -# after: +# vms: # properties: -# quota: 100M +# canmount: no +# mountpoint: none # test: # sub1: # properties: # quota: 512M + +zfs_devices: {} + +# zfs_devices: +# - pool: storage +# name: vms/host1 +# size: 1g +# properties: +# compression: lz4 +# - pool: storage +# name: vms/host2 +# size: 2g diff --git a/roles/storage/zfs/base/tasks/main.yml b/roles/storage/zfs/base/tasks/main.yml index b731bb1f..d0854880 100644 --- a/roles/storage/zfs/base/tasks/main.yml +++ b/roles/storage/zfs/base/tasks/main.yml @@ -68,3 +68,12 @@ zfs_volume: "{{ item }}" include_role: name: storage/zfs/volume + +- name: create zfs devices + loop: "{{ zfs_devices }}" + loop_control: + label: "{{ item.pool }}/{{ item.name }}" + vars: + zfs_device: "{{ item }}" + include_role: + name: storage/zfs/device diff --git a/roles/storage/zfs/device/defaults/main.yml b/roles/storage/zfs/device/defaults/main.yml new file mode 100644 index 00000000..175136eb --- /dev/null +++ b/roles/storage/zfs/device/defaults/main.yml @@ -0,0 +1,11 @@ +--- +# zfs_device: +# parent: +# ... +# pool: tank +# name: bar +# size: 10g +# properties: +# ... + +zfs_device: "{{ storage_device }}" diff --git a/roles/storage/zfs/device/tasks/main.yml b/roles/storage/zfs/device/tasks/main.yml new file mode 100644 index 00000000..1204da02 --- /dev/null +++ b/roles/storage/zfs/device/tasks/main.yml @@ -0,0 +1,14 @@ +--- +- name: compute full zfs device path + set_fact: + zfs_device_path_full: "{{ ('parent' in zfs_device) | ternary((zfs_device.parent.pool | default(''))~'/'~(zfs_device.parent.name | default('')), zfs_device.pool) }}/{{ zfs_device.name }}" + +- name: create zfs volume + zfs: + name: "{{ zfs_device_path_full }}" + extra_zfs_properties: "{{ zfs_device.properties | default({}) | combine({'volsize': zfs_device.size}) | dehumanize_zfs_properties }}" + state: present + +- name: export device path + set_fact: + storage_device_path: "/dev/zvol/{{ zfs_device_path_full }}" -- cgit v1.2.3