From 6eacc2ad5539abf37dc90cd378b44320f7758869 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Tue, 7 Jul 2020 22:09:19 +0200
Subject: refactor vm role names

---
 common/vm-install.yml | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

(limited to 'common/vm-install.yml')

diff --git a/common/vm-install.yml b/common/vm-install.yml
index b0c3815a..ac36f3c5 100644
--- a/common/vm-install.yml
+++ b/common/vm-install.yml
@@ -27,7 +27,7 @@
 - name: basic installation
   hosts: _vmhost_
   roles:
-  - role: vm/install
+  - role: vm/guest/install
 
 
 - name: wait for new vm to start up
@@ -58,11 +58,9 @@
   - name: make sure to update cached facts
     setup:
   roles:
-  - role: vm/grub
+  - role: vm/guest/base
     when: install_distro in ['debian', 'ubuntu']
-  - role: vm/network
-    when: install_distro in ['debian', 'ubuntu']
-  - role: vm/guest
+  - role: vm/guest/network
     when: install_distro in ['debian', 'ubuntu']
 
 - name: reboot and wait for VM come back
-- 
cgit v1.2.3


From cb006428feac7f330fee3098dbf749aec6ebf585 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Wed, 8 Jul 2020 03:16:17 +0200
Subject: vm/host/network: config initial setup works now

---
 chaos-at-home/ch-oulu.yml                     | 11 ++++
 common/vm-install.yml                         |  2 +-
 inventory/group_vars/vmhost-ch-oulu/main.yml  | 21 ++++++++
 inventory/host_vars/ch-oulu.yml               | 16 ++++++
 inventory/hosts.ini                           |  9 ++++
 roles/vm/host/network/tasks/main.yml          | 39 +++++++++++++++
 roles/vm/host/network/tasks/network.yml       | 22 --------
 roles/vm/host/network/templates/interfaces.j2 | 72 +++++++++++++++++++++++++++
 8 files changed, 169 insertions(+), 23 deletions(-)
 create mode 100644 chaos-at-home/ch-oulu.yml
 create mode 100644 inventory/group_vars/vmhost-ch-oulu/main.yml
 create mode 100644 roles/vm/host/network/tasks/main.yml
 delete mode 100644 roles/vm/host/network/tasks/network.yml
 create mode 100644 roles/vm/host/network/templates/interfaces.j2

(limited to 'common/vm-install.yml')

diff --git a/chaos-at-home/ch-oulu.yml b/chaos-at-home/ch-oulu.yml
new file mode 100644
index 00000000..ef508629
--- /dev/null
+++ b/chaos-at-home/ch-oulu.yml
@@ -0,0 +1,11 @@
+---
+- name: Basic Setup
+  hosts: ch-oulu
+  roles:
+  - role: apt-repo/base
+  - role: core/base
+  - role: core/sshd
+  - role: core/zsh
+  - role: core/cpu-microcode
+  - role: vm/host/base
+  - role: vm/host/network
diff --git a/common/vm-install.yml b/common/vm-install.yml
index ac36f3c5..64894d1a 100644
--- a/common/vm-install.yml
+++ b/common/vm-install.yml
@@ -63,7 +63,7 @@
   - role: vm/guest/network
     when: install_distro in ['debian', 'ubuntu']
 
-- name: reboot and wait for VM come back
+- name: reboot and wait for VM to come back
   hosts: "{{ install_hostname }}"
   gather_facts: no
   roles:
diff --git a/inventory/group_vars/vmhost-ch-oulu/main.yml b/inventory/group_vars/vmhost-ch-oulu/main.yml
new file mode 100644
index 00000000..db5daa9c
--- /dev/null
+++ b/inventory/group_vars/vmhost-ch-oulu/main.yml
@@ -0,0 +1,21 @@
+---
+__vmhost_bridge_interface_zones__:
+  bond0:
+    - lan
+    - svc
+    - mgmt
+
+__vmhost_bridge_interface_zones_yaml__: |
+  {% for interface in (__vmhost_bridge_interface_zones__.keys() | sort) %}
+  {%   for zone in __vmhost_bridge_interface_zones__[interface] %}
+  {{ zone }}:
+    interfaces:
+      - {{ interface }}.{{ network_zones[zone].vlan }}
+  {%   endfor %}
+  {% endfor %}
+
+
+vm_host:
+  name: ch-oulu
+  network:
+    bridges: "{{ __vmhost_bridge_interface_zones_yaml__ | from_yaml }}"
diff --git a/inventory/host_vars/ch-oulu.yml b/inventory/host_vars/ch-oulu.yml
index 1e43f21d..e9113e7e 100644
--- a/inventory/host_vars/ch-oulu.yml
+++ b/inventory/host_vars/ch-oulu.yml
@@ -23,3 +23,19 @@ network:
     gateway: "{{ network_zones.lan.gateway }}"
   interfaces:
   - *_network_primary_
+  bonds:
+  - name: bond0
+    mode: 802.3ad
+    slaves:
+    - eno1
+    - eno2
+    options:
+      miimon: 100
+  vlans:
+    bond0: "{{ __vmhost_bridge_interface_zones__['bond0'] | map('extract', network_zones) | map(attribute='vlan') | list }}"
+
+
+apt_repo_components:
+  - main
+  - contrib
+  - non-free ## for microcode updates
diff --git a/inventory/hosts.ini b/inventory/hosts.ini
index 5d19bee4..549e494b 100644
--- a/inventory/hosts.ini
+++ b/inventory/hosts.ini
@@ -231,6 +231,13 @@ ch-atlas
 [vmhost-ch-atlas:children]
 vmhost-ch-atlas-guests
 
+[vmhost-ch-oulu-guests]
+ch-oulu-vm1
+[vmhost-ch-oulu]
+ch-oulu
+[vmhost-ch-oulu:children]
+vmhost-ch-oulu-guests
+
 [vmhost-sk-2019vm-guests]
 sk-testvm
 sk-torrent
@@ -255,12 +262,14 @@ vmhost-sk-tomnext-guests
 [kvmhosts]
 ch-gnocchi
 ch-atlas
+ch-oulu
 sk-2019vm
 sk-tomnext
 
 [kvmguests:children]
 vmhost-ch-gnocchi-guests
 vmhost-ch-atlas-guests
+vmhost-ch-oulu-guests
 vmhost-sk-2019vm-guests
 vmhost-sk-tomnext-guests
 
diff --git a/roles/vm/host/network/tasks/main.yml b/roles/vm/host/network/tasks/main.yml
new file mode 100644
index 00000000..e7668917
--- /dev/null
+++ b/roles/vm/host/network/tasks/main.yml
@@ -0,0 +1,39 @@
+---
+- name: install ifenslave package
+  when: "'bonds' in network"
+  apt:
+    name: ifenslave
+    state: present
+
+- name: install vlan package
+  when: "'vlans' in network"
+  apt:
+    name: vlan
+    state: present
+
+- name: create network interfaces
+  template:
+    src: interfaces.j2
+    dest: /etc/network/interfaces
+
+- name: create network bridges
+  when: "'bridges' in vm_host.network"
+  block:
+  - name: generate bridge interface config
+    loop: "{{ vm_host.network.bridges | default({}) | dict2items }}"
+    loop_control:
+      label: "{{ item.key }}"
+    template:
+      src: bridge-interfaces.j2
+      dest: "/etc/network/interfaces.d/br-{{ item.key }}"
+    register: vmhost_bridge_config
+
+  ## We don't try to be to clever here: aka don't call ifdown before ifup because
+  ## if there are VMs running they would end up with a broken network
+  - name: bring up bridge interfaces
+    loop: "{{ vmhost_bridge_config.results }}"
+    loop_control:
+      label: "br-{{ item.item.key }}"
+    when: item is changed
+    command: "/sbin/ifup br-{{ item.item.key }}"
+    failed_when: false
diff --git a/roles/vm/host/network/tasks/network.yml b/roles/vm/host/network/tasks/network.yml
deleted file mode 100644
index 103ff194..00000000
--- a/roles/vm/host/network/tasks/network.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-- name: create network bridges
-  when: "'bridges' in vm_host.network"
-  block:
-  - name: generate bridge interface config
-    loop: "{{ vm_host.network.bridges | default({}) | dict2items }}"
-    loop_control:
-      label: "{{ item.key }}"
-    template:
-      src: bridge-interfaces.j2
-      dest: "/etc/network/interfaces.d/br-{{ item.key }}"
-    register: vmhost_bridge_config
-
-  ## We don't try to be to clever here: aka don't call ifdown before ifup because
-  ## if there are VMs running they would end up with a broken network
-  - name: bring up bridge interfaces
-    loop: "{{ vmhost_bridge_config.results }}"
-    loop_control:
-      label: "br-{{ item.item.key }}"
-    when: item is changed
-    command: "/sbin/ifup br-{{ item.item.key }}"
-    failed_when: false
diff --git a/roles/vm/host/network/templates/interfaces.j2 b/roles/vm/host/network/templates/interfaces.j2
new file mode 100644
index 00000000..eebfb8cc
--- /dev/null
+++ b/roles/vm/host/network/templates/interfaces.j2
@@ -0,0 +1,72 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+
+{% for bond in network.bonds | default([]) %}
+## Bond: {{ bond.name }}
+
+{%   for slave in bond.slaves | sort %}
+auto {{ slave }}
+iface {{ slave }} inet manual
+
+{%   endfor %}
+{%   set tmp = network.interfaces | selectattr('name', 'eq', bond.name) | list %}
+auto {{ bond.name }}
+iface {{ bond.name }} inet {{ ((tmp | length) == 0) | ternary('manual', 'static') }}
+  bond-mode {{ bond.mode }}
+  bond-slaves {{ bond.slaves | sort | join(' ') }}
+{%   for option in (bond.options | default({}) | list | sort) %}
+  bond-{{ option }} {{ bond.options[option] }}
+{%   endfor %}
+  up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra
+  up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf
+{%   if (tmp | length) > 0 %}
+{%     set interface = tmp | first %}
+  address {{ interface.address | ipaddr('address') }}
+  netmask {{ interface.address | ipaddr('netmask') }}
+{%     if 'gateway' in interface %}
+  gateway {{ interface.gateway }}
+{%     endif %}
+{%     for route in interface.static_routes | default([]) %}
+  up /bin/ip route add {{ route.destination }} via {{ route.gateway }}
+{%     endfor %}
+{%     for route in interface.static_routes | default([]) | reverse %}
+  down /bin/ip route del {{ route.destination }} via {{ route.gateway }}
+{%     endfor %}
+{%     if 'address6' in interface %}
+
+iface {{ interface.name }} inet6 static
+  address {{ interface.address6 }}
+{%       if 'gateway6' in interface %}
+  gateway {{ interface.gateway6 }}
+{%       endif %}
+{%       for route in interface.static_routes6 | default([]) %}
+  up /bin/ip -6 route add {{ route.destination }} via {{ route.gateway }}
+{%       endfor %}
+{%       for route in interface.static_routes6 | default([])  | reverse %}
+  down /bin/ip -6 route del {{ route.destination }} via {{ route.gateway }}
+{%       endfor %}
+{%     endif %}
+{%   endif %}
+
+
+{% endfor %}
+{% for parent in network.vlans | default({}) | list | sort %}
+## vlan interfaces @ {{ parent }}
+
+{%   for vlan in network.vlans[parent] %}
+auto {{ parent }}.{{ vlan }}
+iface {{ parent }}.{{ vlan }} inet manual
+{# TODO: add interface config like above if (network.interfaces | selectattr('name', 'eq', 'parent+'.'+vlan') | list) > 0 ... #}
+
+{%   endfor %}
+
+{% endfor %}
+
+## source bridge configs
+
+source /etc/network/interfaces.d/*
-- 
cgit v1.2.3