From 6eacc2ad5539abf37dc90cd378b44320f7758869 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Tue, 7 Jul 2020 22:09:19 +0200 Subject: refactor vm role names --- roles/vm/host/base/handlers/main.yml | 5 ++ roles/vm/host/base/tasks/main.yml | 49 ++++++++++++++ roles/vm/host/base/tasks/zfs.yml | 20 ++++++ roles/vm/host/handlers/main.yml | 5 -- roles/vm/host/network/tasks/network.yml | 22 +++++++ .../vm/host/network/templates/bridge-interfaces.j2 | 53 +++++++++++++++ roles/vm/host/tasks/main.yml | 53 --------------- roles/vm/host/tasks/network.yml | 75 ---------------------- roles/vm/host/tasks/zfs.yml | 20 ------ 9 files changed, 149 insertions(+), 153 deletions(-) create mode 100644 roles/vm/host/base/handlers/main.yml create mode 100644 roles/vm/host/base/tasks/main.yml create mode 100644 roles/vm/host/base/tasks/zfs.yml delete mode 100644 roles/vm/host/handlers/main.yml create mode 100644 roles/vm/host/network/tasks/network.yml create mode 100644 roles/vm/host/network/templates/bridge-interfaces.j2 delete mode 100644 roles/vm/host/tasks/main.yml delete mode 100644 roles/vm/host/tasks/network.yml delete mode 100644 roles/vm/host/tasks/zfs.yml (limited to 'roles/vm/host') diff --git a/roles/vm/host/base/handlers/main.yml b/roles/vm/host/base/handlers/main.yml new file mode 100644 index 00000000..6541dd80 --- /dev/null +++ b/roles/vm/host/base/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart haveged + service: + name: haveged + state: restarted diff --git a/roles/vm/host/base/tasks/main.yml b/roles/vm/host/base/tasks/main.yml new file mode 100644 index 00000000..1a7cb7d8 --- /dev/null +++ b/roles/vm/host/base/tasks/main.yml @@ -0,0 +1,49 @@ +--- +- name: install dependencies + apt: + name: + - qemu-kvm + - # configuration package, pulls in libvirt-clients and libvirt-daemon + libvirt-daemon-system + - python-libvirt + - haveged + - bridge-utils + - acl + state: present + +- name: configure haveged + lineinfile: + regexp: "^#?DAEMON_ARGS" + line: 'DAEMON_ARGS="-w 3072"' + path: /etc/default/haveged + notify: restart haveged + +- name: prepare zfs volumes + when: "'zfs' in vm_host" + include_tasks: zfs.yml + +- name: create lvm-based disk for installers + when: installer_lvm is defined + block: + - name: create logical volume + lvol: + vg: "{{ installer_lvm.vg }}" + lv: "{{ installer_lvm.lv }}" + size: "{{ installer_lvm.size }}" + + - name: create filesystem + filesystem: + fstype: "{{ installer_lvm.fs }}" + dev: "/dev/mapper/{{ installer_lvm.vg | replace('-', '--') }}-{{ installer_lvm.lv | replace('-', '--') }}" + + - name: mount filesytem + mount: + src: "/dev/mapper/{{ installer_lvm.vg | replace('-', '--') }}-{{ installer_lvm.lv | replace('-', '--') }}" + path: "{{ installer_base_path }}" + fstype: "{{ installer_lvm.fs }}" + state: mounted + +- name: make sure installer directory exists + file: + name: "{{ installer_base_path }}" + state: directory diff --git a/roles/vm/host/base/tasks/zfs.yml b/roles/vm/host/base/tasks/zfs.yml new file mode 100644 index 00000000..b84f2d0d --- /dev/null +++ b/roles/vm/host/base/tasks/zfs.yml @@ -0,0 +1,20 @@ +--- +- name: create zfs base datasets + loop: "{{ lookup('dict', vm_host.zfs, wantlist=True) }}" + loop_control: + label: "{{ item.key }} -> {{ item.value.pool }}/{{ item.value.name }} ({{ (item.value.properties | default({})).items() | map('join', '=') | join(', ') }})" + vars: + default_properties: + canmount: no + mountpoint: none + zfs: + name: "{{ item.value.pool }}/{{ item.value.name }}" + state: present + extra_zfs_properties: "{{ default_properties | combine(item.value.properties | default({})) }}" + +- name: configure lvm to ignore zfs volumes + lineinfile: + path: /etc/lvm/lvm.conf + backrefs: yes + regexp: '^\s*#?\s*global_filter\s*=' + line: ' global_filter = [ "r|/dev/zd[0-9]+|" ]' diff --git a/roles/vm/host/handlers/main.yml b/roles/vm/host/handlers/main.yml deleted file mode 100644 index 6541dd80..00000000 --- a/roles/vm/host/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: restart haveged - service: - name: haveged - state: restarted diff --git a/roles/vm/host/network/tasks/network.yml b/roles/vm/host/network/tasks/network.yml new file mode 100644 index 00000000..103ff194 --- /dev/null +++ b/roles/vm/host/network/tasks/network.yml @@ -0,0 +1,22 @@ +--- +- name: create network bridges + when: "'bridges' in vm_host.network" + block: + - name: generate bridge interface config + loop: "{{ vm_host.network.bridges | default({}) | dict2items }}" + loop_control: + label: "{{ item.key }}" + template: + src: bridge-interfaces.j2 + dest: "/etc/network/interfaces.d/br-{{ item.key }}" + register: vmhost_bridge_config + + ## We don't try to be to clever here: aka don't call ifdown before ifup because + ## if there are VMs running they would end up with a broken network + - name: bring up bridge interfaces + loop: "{{ vmhost_bridge_config.results }}" + loop_control: + label: "br-{{ item.item.key }}" + when: item is changed + command: "/sbin/ifup br-{{ item.item.key }}" + failed_when: false diff --git a/roles/vm/host/network/templates/bridge-interfaces.j2 b/roles/vm/host/network/templates/bridge-interfaces.j2 new file mode 100644 index 00000000..05144430 --- /dev/null +++ b/roles/vm/host/network/templates/bridge-interfaces.j2 @@ -0,0 +1,53 @@ +{% set bridge_name = 'br-'+item.key %} +{% set bridge = item.value %} +{% set interface = (network.interfaces | selectattr('name', 'eq', bridge_name) | first | default({})) %} +auto {{ bridge_name }} +{% if 'address' in interface %} +iface {{ bridge_name }} inet static + address {{ interface.address | ipaddr('address') }} + netmask {{ interface.address | ipaddr('netmask') }} +{% if 'gateway' in interface %} + gateway {{ interface.gateway }} +{% endif %} +{% else %} +iface {{ bridge_name }} inet manual +{% endif %} +{% if 'interfaces' in bridge and (bridge.interfaces | length) > 0 %} + bridge_ports {{ bridge.interfaces | join(' ') }} +{% else %} + bridge_ports none +{% endif %} + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra + up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf + up modprobe br_netfilter + up /sbin/sysctl net.bridge.bridge-nf-call-iptables=0 + up /sbin/sysctl net.bridge.bridge-nf-call-ip6tables=0 + up /sbin/sysctl net.bridge.bridge-nf-call-arptables=0 +{% if 'address' in interface and 'prefix' in bridge %} +{% if 'nat' in bridge and bridge.nat %} + up echo 1 > /proc/sys/net/ipv4/conf/$IFACE/forwarding + up echo 1 > /proc/sys/net/ipv4/conf/{{ ansible_default_ipv4.interface }}/forwarding + up /sbin/iptables -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ bridge.prefix }} -j SNAT --to {{ ansible_default_ipv4.address }} +{% endif %} +{% if 'overlay' in bridge %} +{% for dest, offset in (bridge.overlay.offsets | dictsort(by='value')) %} + up /bin/ip route add {{ (bridge.overlay.prefix | ipaddr(offset)).split('/')[0] }}/32 via {{ (bridge.prefix | ipaddr(bridge.offsets[dest])).split('/')[0] }} # {{ dest }} +{% endfor %} + up /bin/ip route add unreachable {{ bridge.overlay.prefix }} + down /sbin/ip route del {{ bridge.overlay.prefix }} +{% endif %} +{% if 'nat' in bridge and bridge.nat %} + down /sbin/iptables -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ bridge.prefix }} -j SNAT --to {{ ansible_default_ipv4.address }} +{% endif %} +{% endif %} +{% if 'address6' in interface %} + +iface {{ bridge_name }} inet6 static + address {{ interface.address6 }} +{% if 'gateway6' in interface %} + gateway {{ interface.gateway6 }} +{% endif %} +{% endif %} diff --git a/roles/vm/host/tasks/main.yml b/roles/vm/host/tasks/main.yml deleted file mode 100644 index 4c29970d..00000000 --- a/roles/vm/host/tasks/main.yml +++ /dev/null @@ -1,53 +0,0 @@ ---- -- name: install dependencies - apt: - name: - - qemu-kvm - - # configuration package, pulls in libvirt-clients and libvirt-daemon - libvirt-daemon-system - - python-libvirt - - haveged - - bridge-utils - - acl - state: present - -- name: configure haveged - lineinfile: - regexp: "^#?DAEMON_ARGS" - line: 'DAEMON_ARGS="-w 3072"' - path: /etc/default/haveged - notify: restart haveged - -- name: install vm-host network - when: "'network' in vm_host" - include_tasks: network.yml - -- name: prepare zfs volumes - when: "'zfs' in vm_host" - include_tasks: zfs.yml - -- name: create lvm-based disk for installers - when: installer_lvm is defined - block: - - name: create logical volume - lvol: - vg: "{{ installer_lvm.vg }}" - lv: "{{ installer_lvm.lv }}" - size: "{{ installer_lvm.size }}" - - - name: create filesystem - filesystem: - fstype: "{{ installer_lvm.fs }}" - dev: "/dev/mapper/{{ installer_lvm.vg | replace('-', '--') }}-{{ installer_lvm.lv | replace('-', '--') }}" - - - name: mount filesytem - mount: - src: "/dev/mapper/{{ installer_lvm.vg | replace('-', '--') }}-{{ installer_lvm.lv | replace('-', '--') }}" - path: "{{ installer_base_path }}" - fstype: "{{ installer_lvm.fs }}" - state: mounted - -- name: make sure installer directory exists - file: - name: "{{ installer_base_path }}" - state: directory diff --git a/roles/vm/host/tasks/network.yml b/roles/vm/host/tasks/network.yml deleted file mode 100644 index 802ffd8b..00000000 --- a/roles/vm/host/tasks/network.yml +++ /dev/null @@ -1,75 +0,0 @@ ---- -- name: create network bridges - when: "'bridges' in vm_host.network" - block: - - name: generate bridge interface config - loop: "{{ vm_host.network.bridges | default({}) | dict2items }}" - loop_control: - label: "{{ item.key }}" - copy: - dest: "/etc/network/interfaces.d/br-{{ item.key }}" - content: | - {% set bridge_name = 'br-'+item.key %} - {% set bridge = item.value %} - {% set interface = (network.interfaces | selectattr('name', 'eq', bridge_name) | first | default({})) %} - auto {{ bridge_name }} - {% if 'address' in interface %} - iface {{ bridge_name }} inet static - address {{ interface.address | ipaddr('address') }} - netmask {{ interface.address | ipaddr('netmask') }} - {% if 'gateway' in interface %} - gateway {{ interface.gateway }} - {% endif %} - {% else %} - iface {{ bridge_name }} inet manual - {% endif %} - {% if 'interfaces' in bridge and (bridge.interfaces | length) > 0 %} - bridge_ports {{ bridge.interfaces | join(' ') }} - {% else %} - bridge_ports none - {% endif %} - bridge_stp off - bridge_waitport 0 - bridge_fd 0 - up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra - up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf - up modprobe br_netfilter - up /sbin/sysctl net.bridge.bridge-nf-call-iptables=0 - up /sbin/sysctl net.bridge.bridge-nf-call-ip6tables=0 - up /sbin/sysctl net.bridge.bridge-nf-call-arptables=0 - {% if 'address' in interface and 'prefix' in bridge %} - {% if 'nat' in bridge and bridge.nat %} - up echo 1 > /proc/sys/net/ipv4/conf/$IFACE/forwarding - up echo 1 > /proc/sys/net/ipv4/conf/{{ ansible_default_ipv4.interface }}/forwarding - up /sbin/iptables -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ bridge.prefix }} -j SNAT --to {{ ansible_default_ipv4.address }} - {% endif %} - {% if 'overlay' in bridge %} - {% for dest, offset in (bridge.overlay.offsets | dictsort(by='value')) %} - up /bin/ip route add {{ (bridge.overlay.prefix | ipaddr(offset)).split('/')[0] }}/32 via {{ (bridge.prefix | ipaddr(bridge.offsets[dest])).split('/')[0] }} # {{ dest }} - {% endfor %} - up /bin/ip route add unreachable {{ bridge.overlay.prefix }} - down /sbin/ip route del {{ bridge.overlay.prefix }} - {% endif %} - {% if 'nat' in bridge and bridge.nat %} - down /sbin/iptables -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ bridge.prefix }} -j SNAT --to {{ ansible_default_ipv4.address }} - {% endif %} - {% endif %} - {% if 'address6' in interface %} - - iface {{ bridge_name }} inet6 static - address {{ interface.address6 }} - {% if 'gateway6' in interface %} - gateway {{ interface.gateway6 }} - {% endif %} - {% endif %} - register: vmhost_bridge_config - - ## We don't try to be to clever here: aka don't call ifdown before ifup because - ## if there are VMs running they would end up with a broken network - - name: bring up bridge interfaces - loop: "{{ vmhost_bridge_config.results }}" - loop_control: - label: "br-{{ item.item.key }}" - when: item is changed - command: "/sbin/ifup br-{{ item.item.key }}" - failed_when: false diff --git a/roles/vm/host/tasks/zfs.yml b/roles/vm/host/tasks/zfs.yml deleted file mode 100644 index b84f2d0d..00000000 --- a/roles/vm/host/tasks/zfs.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- name: create zfs base datasets - loop: "{{ lookup('dict', vm_host.zfs, wantlist=True) }}" - loop_control: - label: "{{ item.key }} -> {{ item.value.pool }}/{{ item.value.name }} ({{ (item.value.properties | default({})).items() | map('join', '=') | join(', ') }})" - vars: - default_properties: - canmount: no - mountpoint: none - zfs: - name: "{{ item.value.pool }}/{{ item.value.name }}" - state: present - extra_zfs_properties: "{{ default_properties | combine(item.value.properties | default({})) }}" - -- name: configure lvm to ignore zfs volumes - lineinfile: - path: /etc/lvm/lvm.conf - backrefs: yes - regexp: '^\s*#?\s*global_filter\s*=' - line: ' global_filter = [ "r|/dev/zd[0-9]+|" ]' -- cgit v1.2.3