From 22625ac4e802a2317d0ad723a8d7f292ecf10fbe Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Mon, 11 May 2020 03:47:35 +0200 Subject: add host sk-tomnext --- roles/zfs/base/tasks/Debian.yml | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) (limited to 'roles') diff --git a/roles/zfs/base/tasks/Debian.yml b/roles/zfs/base/tasks/Debian.yml index b9fdda95..e13c03f5 100644 --- a/roles/zfs/base/tasks/Debian.yml +++ b/roles/zfs/base/tasks/Debian.yml @@ -3,9 +3,28 @@ import_role: name: prepare-dkms -## TODO: make sure contrib repo is enabled +- name: check if contrib apt component is enabled + assert: + msg: "Debian zfs packages are in contrib - please enable it using 'apt_repo_components'" + that: + - apt_repo_components is defined + - "'contrib' in apt_repo_components" -- name: install zfs-dkms +- name: install zfs-dkms (buster) + when: (ansible_distribution_major_version | int) == 10 + block: + - name: add backports repo + include_role: + name: apt-repo/backports + + - name: install zfs-dkms from backports + apt: + name: zfs-dkms + default_release: buster-backports + state: present + +- name: install zfs-dkms (bullseye and beyond) + when: (ansible_distribution_major_version | int) > 10 apt: name: zfs-dkms state: present -- cgit v1.2.3 From 4cbd0da346c2088933fbeca285f3c1bd2272b80b Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Tue, 12 May 2020 00:40:37 +0200 Subject: fix zfs role for buster --- roles/vm/host/tasks/network.yml | 1 + roles/zfs/base/tasks/Debian.yml | 25 +++++++++++++++++++------ roles/zfs/base/tasks/Ubuntu.yml | 5 ++++- roles/zfs/base/tasks/main.yml | 7 +------ 4 files changed, 25 insertions(+), 13 deletions(-) (limited to 'roles') diff --git a/roles/vm/host/tasks/network.yml b/roles/vm/host/tasks/network.yml index bc207805..0688ec42 100644 --- a/roles/vm/host/tasks/network.yml +++ b/roles/vm/host/tasks/network.yml @@ -69,3 +69,4 @@ label: "br-{{ item.item.key }}" when: item is changed command: "/sbin/ifup br-{{ item.item.key }}" + failed_when: false diff --git a/roles/zfs/base/tasks/Debian.yml b/roles/zfs/base/tasks/Debian.yml index e13c03f5..2a3d608e 100644 --- a/roles/zfs/base/tasks/Debian.yml +++ b/roles/zfs/base/tasks/Debian.yml @@ -10,24 +10,37 @@ - apt_repo_components is defined - "'contrib' in apt_repo_components" -- name: install zfs-dkms (buster) +- name: install zfs-dkms and utilities (buster) when: (ansible_distribution_major_version | int) == 10 block: - name: add backports repo include_role: name: apt-repo/backports - - name: install zfs-dkms from backports + - name: install zfs modules via dkms apt: name: zfs-dkms default_release: buster-backports state: present -- name: install zfs-dkms (bullseye and beyond) + - name: install zfs file system utilities + apt: + name: zfsutils-linux + default_release: buster-backports + state: present + +- name: install zfs-dkms and utilities (bullseye and beyond) when: (ansible_distribution_major_version | int) > 10 - apt: - name: zfs-dkms - state: present + block: + - name: install zfs modules via dkms + apt: + name: zfs-dkms + state: present + + - name: install zfs file system utilities + apt: + name: zfsutils-linux + state: present - name: check if module is available for the currently running kernel command: modprobe --dry-run zfs diff --git a/roles/zfs/base/tasks/Ubuntu.yml b/roles/zfs/base/tasks/Ubuntu.yml index 0ce85358..d45c30e4 100644 --- a/roles/zfs/base/tasks/Ubuntu.yml +++ b/roles/zfs/base/tasks/Ubuntu.yml @@ -1,2 +1,5 @@ --- -# Nothing to do here. +- name: install zfs file system utilities + apt: + name: zfsutils-linux + state: present diff --git a/roles/zfs/base/tasks/main.yml b/roles/zfs/base/tasks/main.yml index e6f2347b..ec1b04bf 100644 --- a/roles/zfs/base/tasks/main.yml +++ b/roles/zfs/base/tasks/main.yml @@ -7,7 +7,7 @@ options zfs zfs_arc_max={{ zfs_arc_size.max }} dest: /etc/modprobe.d/zfs.conf -- name: install zfs modules +- name: install zfs modules and utilities include_tasks: "{{ ansible_distribution }}.yml" - name: load zfs kernel module @@ -15,11 +15,6 @@ name: zfs state: present -- name: install zfs file system utilities - apt: - name: zfsutils-linux - state: present - - name: create zpools loop: "{{ zfs_zpools | dict2items }}" loop_control: -- cgit v1.2.3 From a6a1e9bf9b42cd54cd46202dee9212b3001f3213 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Mon, 18 May 2020 03:58:53 +0200 Subject: add temporary workaround for network interface stability fix --- dan/sk-tomnext.yml | 19 +++++++++++++++++++ inventory/host_vars/sk-2019vm.yml | 10 +++++----- inventory/host_vars/sk-tomnext.yml | 5 +++-- roles/base/tasks/Debian.yml | 4 ++++ 4 files changed, 31 insertions(+), 7 deletions(-) (limited to 'roles') diff --git a/dan/sk-tomnext.yml b/dan/sk-tomnext.yml index 54c31bfd..2fd81699 100644 --- a/dan/sk-tomnext.yml +++ b/dan/sk-tomnext.yml @@ -11,3 +11,22 @@ - role: zfs/base - role: vm/host - role: installer/debian/base + tasks: + - name: install post-boot script + copy: + dest: /usr/local/bin/post-boot + mode: 0755 + content: | + #!/bin/bash + set -e + + {% for name, volume in cryptdisk_volumes.items() %} + cryptsetup luksOpen '{{ volume.device }}' '{{ name }}' + {% endfor %} + systemctl restart zfs-import-cache.service + systemctl restart zfs-mount.service + systemctl restart zfs-share.service + mount -a + + sleep 2 + systemctl restart libvirtd.service diff --git a/inventory/host_vars/sk-2019vm.yml b/inventory/host_vars/sk-2019vm.yml index 4584813e..723d0b5c 100644 --- a/inventory/host_vars/sk-2019vm.yml +++ b/inventory/host_vars/sk-2019vm.yml @@ -11,11 +11,6 @@ network: {} base_intel_nic_stability_fix: true -apt_repo_components: -- main -- contrib ## for zfs -- non-free ## for microcode updates - vm_host: network: dns: @@ -45,6 +40,11 @@ vm_host: ssh_keys_root: "{{ ssh_keys.equinox[env_group] + ssh_keys.dan }}" +apt_repo_components: +- main +- contrib ## for zfs +- non-free ## for microcode updates + cryptdisk_volumes: crypto-nvme0: passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme0'].passphrase }}" diff --git a/inventory/host_vars/sk-tomnext.yml b/inventory/host_vars/sk-tomnext.yml index 725fbbb6..840de6f6 100644 --- a/inventory/host_vars/sk-tomnext.yml +++ b/inventory/host_vars/sk-tomnext.yml @@ -33,8 +33,9 @@ vm_host: ssh_keys_root: "{{ ssh_keys.equinox[env_group] + ssh_keys.dan }}" apt_repo_components: - - main - - contrib +- main +- contrib ## for zfs +- non-free ## for microcode updates cryptdisk_volumes: crypto-nvme0: diff --git a/roles/base/tasks/Debian.yml b/roles/base/tasks/Debian.yml index 185c3616..7551670f 100644 --- a/roles/base/tasks/Debian.yml +++ b/roles/base/tasks/Debian.yml @@ -114,11 +114,15 @@ - name: disable TSO (intel nic stability fix) when: base_intel_nic_stability_fix copy: + # TODO: copy settings from /usr/lib/systemd/network/99-default.link content: | [Match] MACAddress={{ ansible_default_ipv4.macaddress }} [Link] + NamePolicy=keep kernel database onboard slot path + MACAddressPolicy=persistent + TCPSegmentationOffload=false GenericSegmentationOffload=false GenericReceiveOffload=false -- cgit v1.2.3 From 99b57140373dd8d7a1e565611c8a2e2dab24eca8 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Thu, 21 May 2020 21:01:06 +0200 Subject: improved intel stability fix --- filter_plugins/config-parser.py | 28 ++++++++++++++++++++++++++++ roles/base/tasks/Debian.yml | 17 ++--------------- roles/base/tasks/intel-nic.yml | 23 +++++++++++++++++++++++ 3 files changed, 53 insertions(+), 15 deletions(-) create mode 100644 filter_plugins/config-parser.py create mode 100644 roles/base/tasks/intel-nic.yml (limited to 'roles') diff --git a/filter_plugins/config-parser.py b/filter_plugins/config-parser.py new file mode 100644 index 00000000..8654a104 --- /dev/null +++ b/filter_plugins/config-parser.py @@ -0,0 +1,28 @@ +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +from functools import partial + +from ansible import errors + + +def from_ini(data): + try: + import configparser + config = configparser.ConfigParser() + config.optionxform = lambda option: option + config.read_string(data) + return config._sections + except Exception as e: + raise errors.AnsibleFilterError("from_ini(): %s" % str(e)) + + +class FilterModule(object): + + ''' config parser filters ''' + filter_map = { + 'from_ini': from_ini, + } + + def filters(self): + return self.filter_map diff --git a/roles/base/tasks/Debian.yml b/roles/base/tasks/Debian.yml index 7551670f..13c3c9f9 100644 --- a/roles/base/tasks/Debian.yml +++ b/roles/base/tasks/Debian.yml @@ -111,19 +111,6 @@ when: install is defined and install.kernel_cmdline is defined notify: update grub -- name: disable TSO (intel nic stability fix) +- name: apply stability fix/workaround for machines using intel NIC when: base_intel_nic_stability_fix - copy: - # TODO: copy settings from /usr/lib/systemd/network/99-default.link - content: | - [Match] - MACAddress={{ ansible_default_ipv4.macaddress }} - - [Link] - NamePolicy=keep kernel database onboard slot path - MACAddressPolicy=persistent - - TCPSegmentationOffload=false - GenericSegmentationOffload=false - GenericReceiveOffload=false - dest: /etc/systemd/network/00-disable-offloading.link + import_tasks: intel-nic.yml diff --git a/roles/base/tasks/intel-nic.yml b/roles/base/tasks/intel-nic.yml new file mode 100644 index 00000000..2b9be474 --- /dev/null +++ b/roles/base/tasks/intel-nic.yml @@ -0,0 +1,23 @@ +--- +- name: fetch default link options for network interfaces + slurp: + src: /usr/lib/systemd/network/99-default.link + register: base_systemd_default_link_unit + +- name: disable TSO (intel nic stability fix) + vars: + default_link_options: "{{ (base_systemd_default_link_unit.content | b64decode | from_ini)['Link'] }}" + copy: + content: | + [Match] + MACAddress={{ ansible_default_ipv4.macaddress }} + + [Link] + {% for name, value in default_link_options.items() | sort(attribute='0') %} + {{ name }}={{ value }} + {% endfor %} + + TCPSegmentationOffload=false + GenericSegmentationOffload=false + GenericReceiveOffload=false + dest: /etc/systemd/network/00-disable-offloading.link -- cgit v1.2.3 From e3f04b3a488adb06b0fec892cf1b85fc15ed5ed7 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Fri, 22 May 2020 01:28:54 +0200 Subject: zfs: enable systemd mount-generator --- roles/zfs/base/tasks/Debian.yml | 38 +++++++++++++------------------------- roles/zfs/base/tasks/Ubuntu.yml | 5 +---- roles/zfs/base/tasks/main.yml | 29 ++++++++++++++++++++++++++++- 3 files changed, 42 insertions(+), 30 deletions(-) (limited to 'roles') diff --git a/roles/zfs/base/tasks/Debian.yml b/roles/zfs/base/tasks/Debian.yml index 2a3d608e..a1ed0387 100644 --- a/roles/zfs/base/tasks/Debian.yml +++ b/roles/zfs/base/tasks/Debian.yml @@ -10,37 +10,25 @@ - apt_repo_components is defined - "'contrib' in apt_repo_components" -- name: install zfs-dkms and utilities (buster) +- name: enable backports and force ZFS packages from backports for buster when: (ansible_distribution_major_version | int) == 10 block: - name: add backports repo include_role: name: apt-repo/backports - - name: install zfs modules via dkms - apt: - name: zfs-dkms - default_release: buster-backports - state: present - - - name: install zfs file system utilities - apt: - name: zfsutils-linux - default_release: buster-backports - state: present - -- name: install zfs-dkms and utilities (bullseye and beyond) - when: (ansible_distribution_major_version | int) > 10 - block: - - name: install zfs modules via dkms - apt: - name: zfs-dkms - state: present - - - name: install zfs file system utilities - apt: - name: zfsutils-linux - state: present + - name: pin zfs packages to buster-backports + copy: + content: | + Package: libnvpair1linux libuutil1linux libzfs2linux libzpool2linux spl-dkms zfs-dkms zfs-test zfsutils-linux zfsutils-linux-dev zfs-zed + Pin: release n=buster-backports + Pin-Priority: 990 + dest: /etc/apt/preferences.d/zfs-from-buster-backports + +- name: install zfs modules via dkms + apt: + name: zfs-dkms + state: present - name: check if module is available for the currently running kernel command: modprobe --dry-run zfs diff --git a/roles/zfs/base/tasks/Ubuntu.yml b/roles/zfs/base/tasks/Ubuntu.yml index d45c30e4..9745d716 100644 --- a/roles/zfs/base/tasks/Ubuntu.yml +++ b/roles/zfs/base/tasks/Ubuntu.yml @@ -1,5 +1,2 @@ --- -- name: install zfs file system utilities - apt: - name: zfsutils-linux - state: present +## nothing to do here - zfs modules are part of ubuntu core already diff --git a/roles/zfs/base/tasks/main.yml b/roles/zfs/base/tasks/main.yml index ec1b04bf..e86b974b 100644 --- a/roles/zfs/base/tasks/main.yml +++ b/roles/zfs/base/tasks/main.yml @@ -7,7 +7,7 @@ options zfs zfs_arc_max={{ zfs_arc_size.max }} dest: /etc/modprobe.d/zfs.conf -- name: install zfs modules and utilities +- name: install zfs modules include_tasks: "{{ ansible_distribution }}.yml" - name: load zfs kernel module @@ -15,6 +15,33 @@ name: zfs state: present +- name: install zed and zfs file system utilities + apt: + name: + - zfsutils-linux + - zfs-zed + state: present + +- name: enable zfs-list-cacher zlet for systemd zfs-mount-generator + file: + src: /usr/lib/zfs-linux/zed.d/history_event-zfs-list-cacher.sh + dest: /etc/zfs/zed.d/history_event-zfs-list-cacher.sh + state: link + +- name: create base-directory for zfs-list.cache + file: + path: /etc/zfs/zfs-list.cache/ + state: directory + +- name: create zfs-list.cache file for zpools + loop: "{{ zfs_zpools | dict2items }}" + loop_control: + label: "{{ item.key }}" + copy: + content: "" + dest: "/etc/zfs/zfs-list.cache/{{ item.key }}" + force: no + - name: create zpools loop: "{{ zfs_zpools | dict2items }}" loop_control: -- cgit v1.2.3 From dac9084c7038992d275cde0723cf05a9741a44e3 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 23 May 2020 01:45:06 +0200 Subject: make use of zfs-mount-generator configureable --- inventory/host_vars/sk-2019.yml | 14 +++--- inventory/host_vars/sk-2019vm.yml | 52 +++++++++++----------- inventory/host_vars/sk-cloudia/vars.yml | 10 +++-- roles/zfs/base/defaults/main.yml | 9 ++-- .../base/tasks/enable-systemd-mount-generator.yml | 23 ++++++++++ roles/zfs/base/tasks/main.yml | 22 ++------- 6 files changed, 72 insertions(+), 58 deletions(-) create mode 100644 roles/zfs/base/tasks/enable-systemd-mount-generator.yml (limited to 'roles') diff --git a/inventory/host_vars/sk-2019.yml b/inventory/host_vars/sk-2019.yml index 9de2b04a..f54d852f 100644 --- a/inventory/host_vars/sk-2019.yml +++ b/inventory/host_vars/sk-2019.yml @@ -10,12 +10,13 @@ install: network: {} base_intel_nic_stability_fix: true +ssh_keys_root: "{{ ssh_keys.equinox[env_group] + ssh_keys.dan + ssh_keys.brt }}" +ssh_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" + admin_user_host: - "{{ brt_user }}" -ssh_keys_root: "{{ ssh_keys.equinox[env_group] + ssh_keys.dan + ssh_keys.brt }}" -ssh_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" cryptdisk_volumes: @@ -27,11 +28,12 @@ cryptdisk_volumes: device: /dev/disk/by-id/nvme-eui.0025388791050fdc-part3 +zfs_use_systemd_mount_generator: no +zfs_arc_size: + min: "{{ 2 * 1024 * 1024 * 1024 }}" + max: "{{ 12 * 1024 * 1024 * 1024 }}" + zfs_zpools: storage: mountpoint: /srv/storage create_vdevs: mirror /dev/mapper/crypto-nvme0 /dev/mapper/crypto-nvme1 - -# zfs_arc_size: -# min: "{{ 2 * 1024 * 1024 * 1024 }}" -# max: "{{ 16 * 1024 * 1024 * 1024 }}" diff --git a/inventory/host_vars/sk-2019vm.yml b/inventory/host_vars/sk-2019vm.yml index 723d0b5c..f9bfb0bb 100644 --- a/inventory/host_vars/sk-2019vm.yml +++ b/inventory/host_vars/sk-2019vm.yml @@ -10,6 +10,33 @@ install: network: {} base_intel_nic_stability_fix: true +ssh_keys_root: "{{ ssh_keys.equinox[env_group] + ssh_keys.dan }}" + +apt_repo_components: +- main +- contrib ## for zfs +- non-free ## for microcode updates + + +cryptdisk_volumes: + crypto-nvme0: + passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme0'].passphrase }}" + device: /dev/disk/by-id/nvme-eui.0025388291b201dc-part3 + crypto-nvme1: + passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme1'].passphrase }}" + device: /dev/disk/by-id/nvme-eui.0025388291b201cb-part3 + + +zfs_use_systemd_mount_generator: no +zfs_arc_size: + min: "{{ 2 * 1024 * 1024 * 1024 }}" + max: "{{ 8 * 1024 * 1024 * 1024 }}" + +zfs_zpools: + storage: + mountpoint: /srv/storage + create_vdevs: mirror /dev/mapper/crypto-nvme0 /dev/mapper/crypto-nvme1 + vm_host: network: @@ -37,28 +64,3 @@ vm_host: ele-gwhetzner: 2 ch-mimas: 6 sk-testvm: 7 - -ssh_keys_root: "{{ ssh_keys.equinox[env_group] + ssh_keys.dan }}" - -apt_repo_components: -- main -- contrib ## for zfs -- non-free ## for microcode updates - -cryptdisk_volumes: - crypto-nvme0: - passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme0'].passphrase }}" - device: /dev/disk/by-id/nvme-eui.0025388291b201dc-part3 - crypto-nvme1: - passphrase: "{{ vault_cryptdisk_volumes['crypto-nvme1'].passphrase }}" - device: /dev/disk/by-id/nvme-eui.0025388291b201cb-part3 - - -zfs_zpools: - storage: - mountpoint: /srv/storage - create_vdevs: mirror /dev/mapper/crypto-nvme0 /dev/mapper/crypto-nvme1 - -zfs_arc_size: - min: "{{ 2 * 1024 * 1024 * 1024 }}" - max: "{{ 8 * 1024 * 1024 * 1024 }}" diff --git a/inventory/host_vars/sk-cloudia/vars.yml b/inventory/host_vars/sk-cloudia/vars.yml index 15dcb860..085a9c95 100644 --- a/inventory/host_vars/sk-cloudia/vars.yml +++ b/inventory/host_vars/sk-cloudia/vars.yml @@ -11,15 +11,17 @@ network: {} base_intel_nic_stability_fix: true -zfs_zpools: - storage: - mountpoint: /srv/storage - create_vdevs: mirror nvme0n1p3 nvme1n1p3 +zfs_use_systemd_mount_generator: no zfs_arc_size: min: "{{ 2 * 1024 * 1024 * 1024 }}" max: "{{ 16 * 1024 * 1024 * 1024 }}" +zfs_zpools: + storage: + mountpoint: /srv/storage + create_vdevs: mirror nvme0n1p3 nvme1n1p3 + docker_zfs: pool: storage diff --git a/roles/zfs/base/defaults/main.yml b/roles/zfs/base/defaults/main.yml index f3dfbce9..c275b981 100644 --- a/roles/zfs/base/defaults/main.yml +++ b/roles/zfs/base/defaults/main.yml @@ -1,4 +1,9 @@ --- +zfs_use_systemd_mount_generator: yes +#zfs_arc_size: +# min: {{ 2 * 1024 * 1024 * 1024 }} +# max: {{ 8 * 1024 * 1024 * 1024 }} + zfs_zpool_properties: ashift: 12 @@ -12,7 +17,3 @@ zfs_zpool_properties: # properties: # ashift: 12 # prop: value - -#zfs_arc_size: -# min: {{ 2 * 1024 * 1024 * 1024 }} -# max: {{ 8 * 1024 * 1024 * 1024 }} diff --git a/roles/zfs/base/tasks/enable-systemd-mount-generator.yml b/roles/zfs/base/tasks/enable-systemd-mount-generator.yml new file mode 100644 index 00000000..abefbeb1 --- /dev/null +++ b/roles/zfs/base/tasks/enable-systemd-mount-generator.yml @@ -0,0 +1,23 @@ +--- +- name: enable zfs-list-cacher zlet + file: + src: /usr/lib/zfs-linux/zed.d/history_event-zfs-list-cacher.sh + dest: /etc/zfs/zed.d/history_event-zfs-list-cacher.sh + state: link + +- name: create base-directory for zfs-list.cache + file: + path: /etc/zfs/zfs-list.cache/ + state: directory + +- name: create zfs-list.cache file for zpools + loop: "{{ zfs_zpools | dict2items }}" + loop_control: + label: "{{ item.key }}" + copy: + content: "" + dest: "/etc/zfs/zfs-list.cache/{{ item.key }}" + force: no + +## TODO: if this is installed after the zpool has already been created zed needs to be triggered +## using someing like: zfs set canmount=on DATASET diff --git a/roles/zfs/base/tasks/main.yml b/roles/zfs/base/tasks/main.yml index e86b974b..ad5d1ce2 100644 --- a/roles/zfs/base/tasks/main.yml +++ b/roles/zfs/base/tasks/main.yml @@ -22,25 +22,9 @@ - zfs-zed state: present -- name: enable zfs-list-cacher zlet for systemd zfs-mount-generator - file: - src: /usr/lib/zfs-linux/zed.d/history_event-zfs-list-cacher.sh - dest: /etc/zfs/zed.d/history_event-zfs-list-cacher.sh - state: link - -- name: create base-directory for zfs-list.cache - file: - path: /etc/zfs/zfs-list.cache/ - state: directory - -- name: create zfs-list.cache file for zpools - loop: "{{ zfs_zpools | dict2items }}" - loop_control: - label: "{{ item.key }}" - copy: - content: "" - dest: "/etc/zfs/zfs-list.cache/{{ item.key }}" - force: no +- name: enable systemd -mount-generator + when: zfs_use_systemd_mount_generator + import_tasks: enable-systemd-mount-generator.yml - name: create zpools loop: "{{ zfs_zpools | dict2items }}" -- cgit v1.2.3 From d5a8dc1066615935b6de278b31d7007e7a6c4597 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 23 May 2020 04:02:28 +0200 Subject: add role zfs sanoid --- dan/sk-tomnext.yml | 2 ++ inventory/host_vars/sk-tomnext.yml | 17 ++++++++++++++--- roles/zfs/sanoid/defaults/main.yml | 26 ++++++++++++++++++++++++++ roles/zfs/sanoid/tasks/main.yml | 15 +++++++++++++++ roles/zfs/sanoid/templates/sanoid.conf.j2 | 22 ++++++++++++++++++++++ 5 files changed, 79 insertions(+), 3 deletions(-) create mode 100644 roles/zfs/sanoid/defaults/main.yml create mode 100644 roles/zfs/sanoid/tasks/main.yml create mode 100644 roles/zfs/sanoid/templates/sanoid.conf.j2 (limited to 'roles') diff --git a/dan/sk-tomnext.yml b/dan/sk-tomnext.yml index 1aa9baa9..4294880d 100644 --- a/dan/sk-tomnext.yml +++ b/dan/sk-tomnext.yml @@ -9,6 +9,8 @@ - role: apt-repo/base - role: cryptdisk - role: zfs/base + - role: apt-repo/spreadspace + - role: zfs/sanoid - role: vm/host - role: installer/debian/base tasks: diff --git a/inventory/host_vars/sk-tomnext.yml b/inventory/host_vars/sk-tomnext.yml index 840de6f6..d570f1b2 100644 --- a/inventory/host_vars/sk-tomnext.yml +++ b/inventory/host_vars/sk-tomnext.yml @@ -46,11 +46,22 @@ cryptdisk_volumes: device: /dev/disk/by-id/nvme-eui.00000000000000018ce38e0500157b3d-part3 +zfs_arc_size: + min: "{{ 2 * 1024 * 1024 * 1024 }}" + max: "{{ 8 * 1024 * 1024 * 1024 }}" + zfs_zpools: storage: mountpoint: /srv/storage create_vdevs: mirror /dev/mapper/crypto-nvme0 /dev/mapper/crypto-nvme1 -zfs_arc_size: - min: "{{ 2 * 1024 * 1024 * 1024 }}" - max: "{{ 8 * 1024 * 1024 * 1024 }}" + +zfs_sanoid_modules: + storage/docker: + use_template: ignore + storage/kubelet: + use_template: ignore + storage/vm: + use_template: production + recursive: yes + process_children_only: yes diff --git a/roles/zfs/sanoid/defaults/main.yml b/roles/zfs/sanoid/defaults/main.yml new file mode 100644 index 00000000..55ebbd9d --- /dev/null +++ b/roles/zfs/sanoid/defaults/main.yml @@ -0,0 +1,26 @@ +--- +zfs_sanoid_modules: {} + +zfs_sanoid_templates: + production: + frequently: 0 + hourly: 36 + daily: 7 + monthly: 0 + yearly: 0 + autosnap: yes + autoprune: yes + + backup: + frequently: 0 + hourly: 0 + daily: 60 + monthly: 6 + yearly: 0 + autosnap: no + autoprune: yes + + ignore: + autoprune: no + autosnap: no + monitor: no diff --git a/roles/zfs/sanoid/tasks/main.yml b/roles/zfs/sanoid/tasks/main.yml new file mode 100644 index 00000000..e35190e9 --- /dev/null +++ b/roles/zfs/sanoid/tasks/main.yml @@ -0,0 +1,15 @@ +--- +- name: install sanoid + apt: + name: sanoid + state: present + +- name: create sanoid config directory + file: + path: /etc/sanoid + state: directory + +- name: genarate sanoid config + template: + src: sanoid.conf.j2 + dest: /etc/sanoid/sanoid.conf diff --git a/roles/zfs/sanoid/templates/sanoid.conf.j2 b/roles/zfs/sanoid/templates/sanoid.conf.j2 new file mode 100644 index 00000000..2f2b29b4 --- /dev/null +++ b/roles/zfs/sanoid/templates/sanoid.conf.j2 @@ -0,0 +1,22 @@ +############################### +## modules +############################### +{% for name,options in zfs_sanoid_modules.items() %} + +[{{ name }}] +{% for option,value in options.items() %} + {{ option }} = {{ value }} +{% endfor %} +{% endfor %} + + +############################### +## templates +############################### +{% for name,options in zfs_sanoid_templates.items() %} + +[template_{{ name }}] +{% for option,value in options.items() %} + {{ option }} = {{ value }} +{% endfor %} +{% endfor %} -- cgit v1.2.3 From 7783703ff07eb90fea5a1251032dc2901602219d Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 23 May 2020 05:40:09 +0200 Subject: major revamp for zfs based vm images --- inventory/host_vars/sk-tomnext-nc.yml | 36 +++++++++++++++++++++ inventory/host_vars/sk-tomnext.yml | 43 ++++++++++++++----------- inventory/hosts.ini | 5 ++- roles/vm/define/templates/libvirt-domain.xml.j2 | 4 +-- roles/vm/host/tasks/main.yml | 6 +++- roles/vm/host/tasks/zfs.yml | 12 +++++++ roles/vm/install/tasks/main.yml | 23 ++++++++----- 7 files changed, 98 insertions(+), 31 deletions(-) create mode 100644 inventory/host_vars/sk-tomnext-nc.yml create mode 100644 roles/vm/host/tasks/zfs.yml (limited to 'roles') diff --git a/inventory/host_vars/sk-tomnext-nc.yml b/inventory/host_vars/sk-tomnext-nc.yml new file mode 100644 index 00000000..a302a298 --- /dev/null +++ b/inventory/host_vars/sk-tomnext-nc.yml @@ -0,0 +1,36 @@ +--- +vm_host: sk-tomnext + +install: + host: "{{ vm_host }}" + mem: 16384 + numcpu: 8 + disks: + primary: /dev/sda + scsi: + sda: + type: zfs + name: root + size: 50g + sdb: + type: zfs + name: data + size: 20g + interfaces: + - bridge: br-public + name: primary0 + autostart: False + +network: + nameservers: "{{ hostvars[vm_host].vm_host.network.dns }}" + domain: "{{ host_domain }}" + systemd_link: + interfaces: "{{ install.interfaces }}" + primary: + interface: primary0 + ip: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr(hostvars[vm_host].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}" + mask: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}" + gateway: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr('address') }}" + overlay: "{{ (hostvars[vm_host].vm_host.network.bridges.public.overlay.prefix | ipaddr(hostvars[vm_host].vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}" + +external_ip: "{{ network.primary.overlay }}" diff --git a/inventory/host_vars/sk-tomnext.yml b/inventory/host_vars/sk-tomnext.yml index d570f1b2..57f3dcf1 100644 --- a/inventory/host_vars/sk-tomnext.yml +++ b/inventory/host_vars/sk-tomnext.yml @@ -11,25 +11,6 @@ network: {} base_intel_nic_stability_fix: true -vm_host: - network: - dns: - - 213.133.100.100 - - 213.133.98.98 - - 213.133.99.99 - bridges: - public: - prefix: 192.168.250.254/24 - offsets: - sk-tomnext-nc: 103 - sk-tomnext-hp: 104 - nat: yes - overlay: - prefix: 94.130.206.64/26 - offsets: - sk-tomnext-nc: 39 - sk-tomnext-hp: 40 - ssh_keys_root: "{{ ssh_keys.equinox[env_group] + ssh_keys.dan }}" apt_repo_components: @@ -65,3 +46,27 @@ zfs_sanoid_modules: use_template: production recursive: yes process_children_only: yes + + +vm_host: + network: + dns: + - 213.133.100.100 + - 213.133.98.98 + - 213.133.99.99 + bridges: + public: + prefix: 192.168.250.254/24 + offsets: + sk-tomnext-nc: 103 + sk-tomnext-hp: 104 + nat: yes + overlay: + prefix: 94.130.206.64/26 + offsets: + sk-tomnext-nc: 39 + sk-tomnext-hp: 40 + zfs: + default: + pool: storage + name: vm diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 6f7d7a72..02d900e2 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -129,6 +129,8 @@ sk-2019 host_name=2019 sk-cloudia host_name=cloudia sk-2019vm host_name=2019vm sk-tomnext host_name=tomnext +sk-tomnext-nc host_name=tomnext-nc +sk-tomnext-hp sk-testvm host_name=testvm sk-torrent host_name=torrent @@ -250,7 +252,8 @@ sk-torrent ch-mimas ele-gwhetzner ele-mur - +sk-tomnext-nc +sk-tomnext-hp [hroot] sk-2019 diff --git a/roles/vm/define/templates/libvirt-domain.xml.j2 b/roles/vm/define/templates/libvirt-domain.xml.j2 index 3465cec0..12c4f624 100644 --- a/roles/vm/define/templates/libvirt-domain.xml.j2 +++ b/roles/vm/define/templates/libvirt-domain.xml.j2 @@ -57,7 +57,7 @@ {% if src.type == 'lvm' %} {% elif src.type == 'zfs' %} - + {% endif %} @@ -72,7 +72,7 @@ {% if src.type == 'lvm' %} {% elif src.type == 'zfs' %} - + {% endif %} diff --git a/roles/vm/host/tasks/main.yml b/roles/vm/host/tasks/main.yml index 0e11da3d..390016a2 100644 --- a/roles/vm/host/tasks/main.yml +++ b/roles/vm/host/tasks/main.yml @@ -19,9 +19,13 @@ notify: restart haveged - name: install vm-host network - when: vm_host.network is defined + when: "'network' in vm_host" include_tasks: network.yml +- name: prepare zfs volumes + when: "'zfs' in vm_host" + include_tasks: zfs.yml + - name: create lvm-based disk for installers when: installer_lvm is defined block: diff --git a/roles/vm/host/tasks/zfs.yml b/roles/vm/host/tasks/zfs.yml new file mode 100644 index 00000000..00de48a9 --- /dev/null +++ b/roles/vm/host/tasks/zfs.yml @@ -0,0 +1,12 @@ +--- +- name: create zfs base datasets + loop: "{{ lookup('dict', vm_host.zfs, wantlist=True) }}" + loop_control: + label: "{{ item.key }} -> {{ item.value.pool }}/{{ item.value.name }}{% if 'quota' in item.value %}={{ item.value.quota }}{% endif %}" + zfs: + name: "{{ item.value.pool }}/{{ item.value.name }}" + state: present + extra_zfs_properties: + quota: "{{ item.value.quota | default(omit) }}" + canmount: no + mountpoint: none diff --git a/roles/vm/install/tasks/main.yml b/roles/vm/install/tasks/main.yml index 50772e53..4fa673c5 100644 --- a/roles/vm/install/tasks/main.yml +++ b/roles/vm/install/tasks/main.yml @@ -1,22 +1,29 @@ --- - name: create lvm-based disks for vm - loop: "{{ hostvars[install_hostname].install_cooked.disks.virtio | default({}) | combine(hostvars[install_hostname].install_cooked.disks.scsi | default({})) | dict2items }}" + loop: "{{ hostvars[install_hostname].install_cooked.disks.virtio | default({}) | combine(hostvars[install_hostname].install_cooked.disks.scsi | default({})) | dict2items | selectattr('value.type', 'eq', 'lvm') | list }}" loop_control: - label: "{% if item.value.type == 'lvm' %}{{ item.value.vg }} / {{ item.value.lv }} ({{ item.value.size }}){% else %}unused{% endif %}" - when: item.value.type == 'lvm' + label: "{{ item.value.vg }} / {{ item.value.lv }} ({{ item.value.size }})" lvol: vg: "{{ item.value.vg }}" lv: "{{ item.value.lv }}" size: "{{ item.value.size }}" state: present -- name: create zfs-based disks for vm - loop: "{{ hostvars[install_hostname].install_cooked.disks.virtio | default({}) | combine(hostvars[install_hostname].install_cooked.disks.scsi | default({})) | dict2items }}" +- name: create zfs base datasets for vm + loop: "{{ hostvars[install_hostname].install_cooked.disks.virtio | default({}) | combine(hostvars[install_hostname].install_cooked.disks.scsi | default({})) | dict2items | selectattr('value.type', 'eq', 'zfs') | map(attribute='value.backend') | map('default', 'default') | unique | list }}" + zfs: + name: "{{ vm_host.zfs[item].pool }}/{{ vm_host.zfs[item].name }}/{{ install_hostname }}" + state: present + extra_zfs_properties: + canmount: no + mountpoint: none + +- name: create zfs-based disk volumes for vm + loop: "{{ hostvars[install_hostname].install_cooked.disks.virtio | default({}) | combine(hostvars[install_hostname].install_cooked.disks.scsi | default({})) | dict2items | selectattr('value.type', 'eq', 'zfs') | list }}" loop_control: - label: "{% if item.value.type == 'zfs' %}{{ item.value.pool }} / {{ item.value.name }} ({{ item.value.size }}){% else %}unused{% endif %}" - when: item.value.type == 'zfs' + label: "{{ item.value.name }} on backend {{ item.value.backend | default('default') }} ({{ item.value.size }})" zfs: - name: "{{ item.value.pool }}/{{ item.value.name }}" + name: "{{ vm_host.zfs[item.value.backend | default('default')].pool }}/{{ vm_host.zfs[item.value.backend | default('default')].name }}/{{ install_hostname }}/{{ item.value.name }}" state: present extra_zfs_properties: volsize: "{{ item.value.size }}" -- cgit v1.2.3 From 7b758382bd74a872879a24ba1d4393823533ac8d Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 23 May 2020 10:12:14 +0200 Subject: zfs boot-time race condition has been fixe (at least for buster) --- roles/kubernetes/base/tasks/zfs.yml | 6 ------ 1 file changed, 6 deletions(-) (limited to 'roles') diff --git a/roles/kubernetes/base/tasks/zfs.yml b/roles/kubernetes/base/tasks/zfs.yml index c417a1b6..4311dd3f 100644 --- a/roles/kubernetes/base/tasks/zfs.yml +++ b/roles/kubernetes/base/tasks/zfs.yml @@ -13,9 +13,3 @@ fstype: none opts: bind,x-systemd.automount,nofail state: mounted - -## TODO: -## there is a race condition between the bind mound and the zfs-mount which is invisible to systemd. -## It seems ZFSonLinux 8 and beyond have a systemd-generator to fix this problem. Sadly Debain Buster and Ubuntu Bionic contain -## ZFSOnLinux 7 - so let's try the folllowing for a possible workaround: -## https://askubuntu.com/questions/988968/which-zfs-command-systemd-unit-to-depend-on-to-ensure-that-a-mountpoint-is-avail -- cgit v1.2.3