From 22a81e86508821422943703dd42a8ff3a2709ba5 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Mon, 9 Nov 2020 03:44:38 +0100 Subject: add test servers --- inventory/group_vars/chaos-at-home/network.yml | 5 +++++ inventory/group_vars/chaos-at-home/vars.yml | 2 ++ 2 files changed, 7 insertions(+) (limited to 'inventory/group_vars/chaos-at-home') diff --git a/inventory/group_vars/chaos-at-home/network.yml b/inventory/group_vars/chaos-at-home/network.yml index 67950f94..ea7b4958 100644 --- a/inventory/group_vars/chaos-at-home/network.yml +++ b/inventory/group_vars/chaos-at-home/network.yml @@ -13,6 +13,11 @@ network_zones: offsets: ch-equinox-ws: 1 ch-mc: 10 + ch-telesto: 20 + ch-calypso: 21 + ch-thetys: 22 + ch-dione: 23 + ch-helene: 24 ch-prometheus: 200 ch-gw-lan: 254 ############# diff --git a/inventory/group_vars/chaos-at-home/vars.yml b/inventory/group_vars/chaos-at-home/vars.yml index b0322c81..ac999612 100644 --- a/inventory/group_vars/chaos-at-home/vars.yml +++ b/inventory/group_vars/chaos-at-home/vars.yml @@ -5,3 +5,5 @@ admin_users_group: - equinox acmetool_account_email: admin@chaos-at-home.org + +apt_repo_provider: inode -- cgit v1.2.3 From 1e4520fbdb6a72cfaf39746e3f89544771720394 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Wed, 11 Nov 2020 03:09:35 +0100 Subject: add zfs support to new workstation/base role --- chaos-at-home/ch-telesto.yml | 14 +++ chaos-at-home/group_vars/chaos-at-home.yml | 49 ++++----- inventory/group_vars/chaos-at-home/vars.yml | 4 + inventory/host_vars/ch-equinox-ws.yml | 2 +- inventory/host_vars/ch-telesto.yml | 26 +++++ .../templates/preseed_xubuntu-focal-desktop.cfg.j2 | 111 --------------------- roles/ws/base/defaults/main.yml | 4 +- roles/ws/base/tasks/main.yml | 9 +- 8 files changed, 82 insertions(+), 137 deletions(-) create mode 100644 chaos-at-home/ch-telesto.yml delete mode 100644 roles/installer/debian/preseed/templates/preseed_xubuntu-focal-desktop.cfg.j2 (limited to 'inventory/group_vars/chaos-at-home') diff --git a/chaos-at-home/ch-telesto.yml b/chaos-at-home/ch-telesto.yml new file mode 100644 index 00000000..a78517ce --- /dev/null +++ b/chaos-at-home/ch-telesto.yml @@ -0,0 +1,14 @@ +--- +- name: Basic Setup + hosts: ch-telesto + roles: + - role: apt-repo/base + - role: core/base + - role: core/sshd + - role: core/zsh + - role: core/cpu-microcode + - role: zfs/base + - role: ws/base + - role: core/admin-users + - role: apt-repo/spreadspace + - role: streaming/blackmagic/desktopvideo diff --git a/chaos-at-home/group_vars/chaos-at-home.yml b/chaos-at-home/group_vars/chaos-at-home.yml index f7da7437..8cc9a860 100644 --- a/chaos-at-home/group_vars/chaos-at-home.yml +++ b/chaos-at-home/group_vars/chaos-at-home.yml @@ -1,24 +1,27 @@ $ANSIBLE_VAULT;1.2;AES256;chaos-at-home -66636539316637643337323635383630306330396536346236333839653364343866633434376437 -3564646633666539396238383762656433633165386661620a353730316633323237653539313263 -31633563343634356261653231336465343666303537323830333662363330343032623634646131 -3065356635643364610a333366326563623633336463626330316637663432303765626633653738 -32386131613737653332643836636237663739626566386432616262363031646236366161303138 -31343730393662646333376631343539306136323432393639396433643665333531333963346264 -33393563383136396636303366353037386461376135353332353534306131326666333565356335 -38363938396635666630316630333266353238343834303338363637393661353263306531373535 -30336561663961313736636631653033303966376231353430323965376234643337626536383435 -36316430636130636433303736633665333938343731653130663562316464353764323736653533 -38616535313137383162343130366235613539623933393830323366376663313932303932376335 -61326334303733646539356334336437626363333865623963316361303330356535303733393034 -30653538373161626362643362313061633565393663323864653436666464353464353765613735 -62623635323164383537616161643566333539623732376130336266363631323733383434316666 -63303561386434633833396432653932353739383836646434393832363936336538383661313266 -34633432323366633664646335373362313831643834306265333163316462316233363335333938 -63383037376563343566663130353731333561343131353362393937326161396232663566366638 -61643263663865353364313431336439326139303233646665356435616638656466353064383632 -33626538646166326639383064353736623666653339623865643237396563336361353263616466 -66346563313737313037653735363666643662356239353163336337393565643165633732663839 -30616166346637623030646262386435613066636132646665623764643661653730343730346331 -62666638313737346332336236653864633931356231613037373638656562396438323533323062 -393534663638616536653534663333613639 +37363633653262356539353263326436303965373365613031326238343332623531633734626466 +6431623733383832306662613039373138346666336663640a303764313730626231383965663130 +37386565653733303737343433626332373639353663616235346131313339396263386133326361 +6565353432386538320a623337346334663139323533613333363665656162346138313236393637 +36623439626632396531353631613037313166666136373934623739333237623661396332376436 +31373461653564386266336639633861613536663831633162323863373630393834663531306531 +32343932303561333363373561353035346562383833336663383135626631663133346663333635 +62333661386237613035313235303132396431643732383732386336636165393838393464323033 +34343963646534306433303163616132653164666163336137353034336164383661616263613965 +62633937656538323461306361626235613338653266386134363363356163366161366166346362 +35366531376664613237376133396164373762383735373236343166383534636636643733393838 +37616361316363373262336530336564653335383630633736383239353635616432386635306134 +38663464653535613738666631303337326334346635393363363837623734316233396166303232 +34343561313736353765633064656665333934316631613233353163393837646465303830613231 +62363033363066336438306636636330646530663330356638343930646430323838666533666337 +31363038356435346239613930323161643065663063613665333566623634653333396561376365 +35336437643339303465323361326561646436366437636165356563653636333766343038303134 +61343239333536623331306561646336636335323432643434333561386664373861303732393665 +32393332336135633135643938613330666236323631613634353533656462383966333761343461 +34353838356561636161383565333039613136333431623936316136396630363662313234613735 +39383765643961316164633333323237343063653565353461626461333737313363326436376461 +61656465373035316466653733613931666139643336363866636136333039643536333336653630 +35383463623334616162306639303132633637373031383638666331653333656132313934366131 +61343337626561333537613534396333636139356264313731636462363362336231663363613862 +63653365393139383234306362306430373636636262313662663531633537356536303931373963 +3565613330363934636135636531633932653537656563336336 diff --git a/inventory/group_vars/chaos-at-home/vars.yml b/inventory/group_vars/chaos-at-home/vars.yml index ac999612..c09c75e1 100644 --- a/inventory/group_vars/chaos-at-home/vars.yml +++ b/inventory/group_vars/chaos-at-home/vars.yml @@ -7,3 +7,7 @@ admin_users_group: acmetool_account_email: admin@chaos-at-home.org apt_repo_provider: inode + +apt_repo_blackmagic_auth: + username: "chaos-at-home" + password: "{{ vault_apt_repo_blackmagic_auth.password }}" diff --git a/inventory/host_vars/ch-equinox-ws.yml b/inventory/host_vars/ch-equinox-ws.yml index 50cafbec..a1130257 100644 --- a/inventory/host_vars/ch-equinox-ws.yml +++ b/inventory/host_vars/ch-equinox-ws.yml @@ -56,7 +56,7 @@ apt_repo_components: - universe - multiverse -ubuntu_ws_extra_packages: +ws_base_extra_packages: - aisleriot - atftp - asciidoc diff --git a/inventory/host_vars/ch-telesto.yml b/inventory/host_vars/ch-telesto.yml index 6e642dee..a2d94e16 100644 --- a/inventory/host_vars/ch-telesto.yml +++ b/inventory/host_vars/ch-telesto.yml @@ -47,7 +47,33 @@ network: - *_network_primary_ +apt_repo_components: + - main + - restricted + - universe + - multiverse + base_modules_blacklist: "{{ base_modules_blacklist_all_but_sound }}" admin_users_host: - equinox + +zfs_arc_size: + min: 1GB + max: 2GB + +zfs_pools: + storage: + mountpoint: /srv/storage + create_vdevs: mirror /dev/disk/by-id/ata-SAMSUNG_HD103UJ_S1PVJDWQ720808-part4 /dev/disk/by-id/ata-SAMSUNG_HD103UJ_S1PVJDWQ720810-part4 + +ws_base_home_zfs: + pool: storage + name: home + properties: + xattr: sa + compression: lz4 + quota: 100G + +ws_base_extra_packages: + - obs-studio diff --git a/roles/installer/debian/preseed/templates/preseed_xubuntu-focal-desktop.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_xubuntu-focal-desktop.cfg.j2 deleted file mode 100644 index 7a424673..00000000 --- a/roles/installer/debian/preseed/templates/preseed_xubuntu-focal-desktop.cfg.j2 +++ /dev/null @@ -1,111 +0,0 @@ -######################################################################### -# spreadspace preseed file for Ubuntu focal based workstations -######################################################################### - -d-i debian-installer/language string {{ preseed_language }} -d-i debian-installer/country string {{ preseed_country }} -d-i debian-installer/locale string {{ preseed_locales | first }} -d-i localechooser/preferred-locale string {{ preseed_locales | first }} -d-i localechooser/supported-locales multiselect {{ preseed_locales | join(', ') }} -d-i localechooser/translation/warn-light boolean true - -d-i console-setup/ask_detect boolean false -d-i keyboard-configuration/layoutcode string {{ preseed_keyboard_layout }} -d-i keyboard-configuration/variantcode string {{ preseed_keyboard_variant }} - -d-i hw-detect/load_firmware boolean false - -{% if preseed_no_netplan %} -d-i netcfg/do_not_use_netplan boolean true -{% endif %} -d-i netcfg/choose_interface select {{ install_interface | default(hostvars[install_hostname].network_cooked.primary.name) }} -{% if 'install_dhcp' in hostvars[install_hostname] and hostvars[install_hostname].install_dhcp %} -d-i netcfg/disable_dhcp boolean false -d-i netcfg/disable_autoconfig boolean false -{% else %} -d-i netcfg/disable_dhcp boolean true -d-i netcfg/disable_autoconfig boolean true -d-i netcfg/get_ipaddress string {{ hostvars[install_hostname].network_cooked.primary.address | ipaddr('address') }} -d-i netcfg/get_netmask string {{ hostvars[install_hostname].network_cooked.primary.address | ipaddr('netmask') }} -d-i netcfg/get_gateway string {{ hostvars[install_hostname].network_cooked.primary.gateway }} -d-i netcfg/get_nameservers string {{ hostvars[install_hostname].network_cooked.nameservers | join(' ') }} -d-i netcfg/confirm_static boolean true -{% endif %} - -d-i netcfg/hostname string {{ hostvars[install_hostname].host_name }} -d-i netcfg/get_hostname string {{ hostvars[install_hostname].host_name }} -d-i netcfg/domain string {{ hostvars[install_hostname].network_cooked.domain }} -d-i netcfg/get_domain string {{ hostvars[install_hostname].network_cooked.domain }} -d-i netcfg/wireless_wep string - - -d-i mirror/country string manual -d-i mirror/http/hostname string {{ apt_repo_providers[hostvars[install_hostname].apt_repo_provider].ubuntu.host }} -d-i mirror/http/directory string {{ apt_repo_providers[hostvars[install_hostname].apt_repo_provider].ubuntu.path }} -d-i mirror/http/proxy string - - -d-i passwd/make-user boolean false -d-i passwd/root-login boolean true -d-i passwd/root-password password this-very-very-secure-password-will-be-removed-by-latecommand -d-i passwd/root-password-again password this-very-very-secure-password-will-be-removed-by-latecommand - - -d-i clock-setup/utc boolean true -d-i time/zone string {{ preseed_timezone }} -d-i clock-setup/ntp boolean false - - -{% include 'partman_config.j2' %} - - -{% if preseed_kernel_image is defined %} -d-i base-installer/kernel/image string {{ preseed_kernel_image }} -{% elif preseed_virtual_machine %} -d-i base-installer/kernel/image string linux-virtual -{% endif %} -{% if preseed_no_splash %} -d-i debian-installer/splash boolean false -d-i debian-installer/add-kernel-opts string nosplash -{% endif %} - -d-i base-installer/install-recommends boolean false -d-i apt-setup/security_host string {{ apt_repo_providers[hostvars[install_hostname].apt_repo_provider].ubuntu.host }} -d-i apt-setup/security_path string {{ apt_repo_providers[hostvars[install_hostname].apt_repo_provider].ubuntu.path }} -{% if hostvars[install_hostname].install_cooked.arch | default('amd64') == 'amd64' %} -d-i apt-setup/multiarch string amd64 -{% endif %} - -tasksel tasksel/first multiselect {{ preseed_install_tasks | join(', ') }} -d-i pkgsel/include string openssh-server {{ hostvars[install_hostname].python_basename }} {{ hostvars[install_hostname].python_basename }}-apt{% if preseed_no_netplan %} ifupdown{% endif %}{{ '' }} -d-i pkgsel/upgrade select safe-upgrade -popularity-contest popularity-contest/participate boolean false -d-i pkgsel/update-policy select none - -d-i finish-install/reboot_in_progress note - - -d-i preseed/late_command string \ - lvremove -f {{ hostvars[install_hostname].host_name }}/dummy; \ - in-target bash -c "swapoff -a; sed -e '/^\/swapfile/d' -i /etc/fstab; rm -f /swapfile"; \ - in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \ - in-target bash -c "env SUDO_FORCE_REMOVE=yes apt-get purge -y -q ubuntu-minimal sudo ubuntu-advantage-tools"; \ -{% if preseed_no_netplan %} - in-target bash -c "apt-get purge -y -q netplan.io && apt-get autoremove -y -q && rm -rf /etc/netplan"; \ -{% endif %} - in-target bash -c "sed -e 's/^allow-hotplug/auto/' -i /etc/network/interfaces"; \ -{% if preseed_force_net_ifnames_policy is defined %} - mkdir -p /target/etc/systemd/network; \ - in-target bash -c "echo '[Match]' > /etc/systemd/network/90-namepolicy.link"; \ - in-target bash -c "echo 'OriginalName=*' >> /etc/systemd/network/90-namepolicy.link"; \ - in-target bash -c "echo '' >> /etc/systemd/network/90-namepolicy.link"; \ - in-target bash -c "echo '[Link]' >> /etc/systemd/network/90-namepolicy.link"; \ - in-target bash -c "echo 'NamePolicy={{ preseed_force_net_ifnames_policy }}' >> /etc/systemd/network/90-namepolicy.link"; \ - in-target bash -c "update-initramfs -u"; \ -{% endif %} - in-target bash -c "passwd -d root && passwd -l root"; \ -{% if hostvars[install_hostname].ansible_port is defined %} - in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ hostvars[install_hostname].ansible_port }}/' -i /etc/ssh/sshd_config"; \ -{% endif %} - mkdir -p -m 0700 /target/root/.ssh; \ - cp /authorized_keys /target/root/.ssh/ diff --git a/roles/ws/base/defaults/main.yml b/roles/ws/base/defaults/main.yml index 9db0c3dc..eb094e0b 100644 --- a/roles/ws/base/defaults/main.yml +++ b/roles/ws/base/defaults/main.yml @@ -1,2 +1,4 @@ --- -ubuntu_ws_extra_packages: [] +ws_base_extra_packages: [] + +# ws_base_home_zfs: {} diff --git a/roles/ws/base/tasks/main.yml b/roles/ws/base/tasks/main.yml index 9e3b55b8..75a753d8 100644 --- a/roles/ws/base/tasks/main.yml +++ b/roles/ws/base/tasks/main.yml @@ -1,4 +1,11 @@ --- +- name: create zfs dataset for /home + when: ws_base_home_zfs is defined + zfs: + name: "{{ ws_base_home_zfs.pool }}/{{ ws_base_home_zfs.name }}" + state: present + extra_zfs_properties: "{{ ws_base_home_zfs.properties | default({}) | combine({'mountpoint': '/home'}) }}" + - name: prohibited packages loop: - flashplugin-installer @@ -78,5 +85,5 @@ - name: install extra packages apt: - name: "{{ ubuntu_ws_extra_packages }}" + name: "{{ ws_base_extra_packages }}" state: present -- cgit v1.2.3