From 1166e932c5e2a833024b37279ec5e6dd6833d037 Mon Sep 17 00:00:00 2001 From: michael Date: Mon, 5 Sep 2022 21:27:26 +1200 Subject: [PATCH] libvirt config --- ansible/playbooks/lab.yaml | 5 +- ansible/roles/firewall/tasks/main.yml | 2 +- .../roles/libvirt-server/defaults/main.yml | 2 + ansible/roles/libvirt-server/tasks/main.yml | 72 ++++++++------ .../libvirt-server/templates/pool.xml.j2 | 5 +- ansible/roles/zfs-install/defaults/main.yml | 17 ++++ ansible/roles/zfs-install/tasks/main.yml | 96 +++++++++++++++++-- .../roles/zfs-install/templates/key-params.j2 | 8 ++ .../roles/zfs-install/templates/zfs.conf.j2 | 2 + 9 files changed, 166 insertions(+), 43 deletions(-) create mode 100644 ansible/roles/zfs-install/defaults/main.yml create mode 100644 ansible/roles/zfs-install/templates/key-params.j2 create mode 100644 ansible/roles/zfs-install/templates/zfs.conf.j2 diff --git a/ansible/playbooks/lab.yaml b/ansible/playbooks/lab.yaml index feaeb69..15f109a 100644 --- a/ansible/playbooks/lab.yaml +++ b/ansible/playbooks/lab.yaml @@ -7,6 +7,7 @@ roles: - python-install - sshd - #- firewall + - firewall - pikaur - - zfs-install \ No newline at end of file + - zfs-install + - libvirt-server \ No newline at end of file diff --git a/ansible/roles/firewall/tasks/main.yml b/ansible/roles/firewall/tasks/main.yml index 0da9955..7076c24 100644 --- a/ansible/roles/firewall/tasks/main.yml +++ b/ansible/roles/firewall/tasks/main.yml @@ -30,7 +30,7 @@ proto: tcp interface: "{{ firewall_ssh_interface }}" direction: in - src: '{{ item }}' + src: "{{ item }}" loop: - 192.168.20.0/24 - 192.168.72.0/24 diff --git a/ansible/roles/libvirt-server/defaults/main.yml b/ansible/roles/libvirt-server/defaults/main.yml index 7ccc28b..5460dad 100644 --- a/ansible/roles/libvirt-server/defaults/main.yml +++ b/ansible/roles/libvirt-server/defaults/main.yml @@ -6,6 +6,8 @@ libvirt_server_packages: - openbsd-netcat - edk2-ovmf - swtpm + - libvirt-python + - python-lxml libvirt_zfs_pool_name: zfs libvirt_zfs_pool_path: ssd/vhds diff --git a/ansible/roles/libvirt-server/tasks/main.yml b/ansible/roles/libvirt-server/tasks/main.yml index 06c3003..bf81d5b 100644 --- a/ansible/roles/libvirt-server/tasks/main.yml +++ b/ansible/roles/libvirt-server/tasks/main.yml @@ -5,7 +5,6 @@ name: "{{ libvirt_server_packages }}" state: latest update_cache: true - reason: explicit when: - ansible_os_family == 'Arch' @@ -23,9 +22,12 @@ state: started enabled: yes +- name: set cluster network variables + set_fact: + libvirt_network_name: "{{ libvirt_cluster_network_name }}" + libvirt_network_domain: "{{ libvirt_cluster_network_name }}" + - name: define vm cluster network - libvirt_network_name: "{{ libvirt_cluster_network_name }}" - libvirt_network_domain: "{{ libvirt_cluster_network_name }}" community.libvirt.virt_net: name: "{{ libvirt_cluster_network_name }}" command: define @@ -34,7 +36,7 @@ - name: build vm cluster network community.libvirt.virt_net: name: "{{ libvirt_cluster_network_name }}" - command: build + command: create - name: start vm cluster network community.libvirt.virt_net: @@ -52,32 +54,36 @@ name: "{{ libvirt_zfs_pool_path }}" state: present extra_zfs_properties: - - canmount: off - - mountpoint: none - - compression: off - - primarycache: metadata - - secondarycache: none - - reservation: none - - refreservation: none - - dedup: off - - encryption: off - - volmode: dev - - devices: off - - atime: off + canmount: off + mountpoint: none + compression: off + primarycache: metadata + secondarycache: none + reservation: none + refreservation: none + dedup: off + encryption: off + volmode: dev + devices: off + atime: off + +- name: set zfs pool variables + set_fact: + libvirt_pool_type: zfs + libvirt_pool_name: "{{ libvirt_zfs_pool_name }}" + libvirt_pool_source: "{{ libvirt_zfs_pool_path }}" + libvirt_pool_target: "" - name: define zfs storage pool - libvirt_pool_type: zfs - libvirt_pool_name: "{{ libvirt_zfs_pool_name }}" - libvirt_pool_path: "{{ libvirt_zfs_pool_path }}" community.libvirt.virt_pool: name: "{{ libvirt_zfs_pool_name }}" command: define xml: '{{ lookup("template", "pool.xml.j2") }}' -- name: build zfs storage pool - community.libvirt.virt_pool: - name: "{{ libvirt_zfs_pool_name }}" - command: build +# - name: build zfs storage pool +# community.libvirt.virt_pool: +# name: "{{ libvirt_zfs_pool_name }}" +# command: build - name: start zfs storage pool community.libvirt.virt_pool: @@ -85,6 +91,13 @@ state: active autostart: true +- name: set iso pool variables + set_fact: + libvirt_pool_type: dir + libvirt_pool_name: "{{ libvirt_iso_pool_name }}" + libvirt_pool_source: "" + libvirt_pool_target: "{{ libvirt_iso_pool_path }}" + - name: create iso storage dir become: true ansible.builtin.file: @@ -95,9 +108,6 @@ mode: 0775 - name: define iso storage pool - libvirt_pool_type: dir - libvirt_pool_name: "{{ libvirt_iso_pool_name }}" - libvirt_pool_path: "{{ libvirt_iso_pool_path }}" community.libvirt.virt_pool: name: "{{ libvirt_iso_pool_name }}" command: define @@ -114,6 +124,13 @@ state: active autostart: true +- name: set iso pool variables + set_fact: + libvirt_pool_type: dir + libvirt_pool_name: "{{ libvirt_qcow_pool_name }}" + libvirt_pool_source: "" + libvirt_pool_target: "{{ libvirt_qcow_pool_path }}" + - name: create qcow storage dir become: true ansible.builtin.file: @@ -124,9 +141,6 @@ mode: 0775 - name: define qcow storage pool - libvirt_pool_type: dir - libvirt_pool_name: "{{ libvirt_qcow_pool_name }}" - libvirt_pool_path: "{{ libvirt_qcow_pool_path }}" community.libvirt.virt_pool: name: "{{ libvirt_qcow_pool_name }}" command: define diff --git a/ansible/roles/libvirt-server/templates/pool.xml.j2 b/ansible/roles/libvirt-server/templates/pool.xml.j2 index 5c3064a..002eaca 100644 --- a/ansible/roles/libvirt-server/templates/pool.xml.j2 +++ b/ansible/roles/libvirt-server/templates/pool.xml.j2 @@ -1,6 +1,9 @@ {{ libvirt_pool_name }} - {{ libvirt_pool_path }} + {{ libvirt_pool_source }} + + {{ libvirt_pool_target }} + diff --git a/ansible/roles/zfs-install/defaults/main.yml b/ansible/roles/zfs-install/defaults/main.yml new file mode 100644 index 0000000..f3532ed --- /dev/null +++ b/ansible/roles/zfs-install/defaults/main.yml @@ -0,0 +1,17 @@ +--- +aur_zfs_key_fingerprint: '4F3BA9AB6D1F8D683DC2DFB56AD860EED4598027' +zfs_prereq_packages: + - gnupg + - linux-lts-headers +zfs_packages: + - zfs-utils + - zfs-dkms +zfs_arc_min: '1073741824' +zfs_arc_max: '4294967296' +zfs_zpool_ashift: '12' +zfs_zpool_name: ssd +zfs_zpool_compression: lz4 +zfs_zpool_type: mirror +zfs_zpool_disk_a: /dev/disk/by-id/ata-Samsung_SSD_850_PRO_2TB_S3D4NX0J503633V +zfs_zpool_disk_b: /dev/disk/by-id/ata-Samsung_SSD_850_PRO_2TB_S3D4NX0J708201E +zfs_backup_dataset: ssd/backup \ No newline at end of file diff --git a/ansible/roles/zfs-install/tasks/main.yml b/ansible/roles/zfs-install/tasks/main.yml index e4aadc9..9f9011e 100644 --- a/ansible/roles/zfs-install/tasks/main.yml +++ b/ansible/roles/zfs-install/tasks/main.yml @@ -1,15 +1,91 @@ --- -- name: Install ZFS DKMS module +- name: install zfs prerequisites + become: true + community.general.pacman: + name: "{{ zfs_prereq_packages }}" + state: latest + update_cache: true + when: + - ansible_os_family == 'Arch' + +- name: add gpg parameters file from template + become: true + ansible.builtin.template: + src: key-params.j2 + dest: /root/key-params + owner: root + group: root + mode: 0660 + +- name: generate gpg key for root become: true ansible.builtin.shell: - cmd: pikaur -S zfs-dkms --noconfirm - executable: /usr/bin/bash + cmd: gpg --batch --gen-key /root/key-params -# install linux-lts-headers first -# add a gpg signing key, import and lsign the AUR key below -# https://gist.github.com/woods/8970150 -# zfs-dkms AUR key 6AD860EED4598027 / 4F3BA9AB6D1F8D683DC2DFB56AD860EED4598027 +- name: import zfs signing key + become: true + ansible.builtin.shell: + cmd: gpg --receive-keys {{ aur_zfs_key_fingerprint|quote }} -set zfs params (ARC) -modprobe zfs -set module to start at boot +- name: trust zfs signing key + become: true + ansible.builtin.shell: + cmd: gpg --quick-lsign-key {{ aur_zfs_key_fingerprint|quote }} + +- name: install zfs module + become: true + community.general.pacman: + executable: /usr/bin/pikaur + name: "{{ zfs_packages }}" + state: latest + update_cache: true + when: + - ansible_os_family == 'Arch' + +- name: set zfs module parameters + become: true + ansible.builtin.template: + src: zfs.conf.j2 + dest: /etc/modprobe.d/zfs.conf + owner: root + group: root + mode: 0664 + +- name: load zfs module + become: true + community.general.modprobe: + name: zfs + state: present + +- name: create zpool + become: true + ansible.builtin.shell: + cmd: zpool create -o ashift={{ zfs_zpool_ashift|quote }} -o autotrim=on -o cachefile=/etc/zfs/zpool.cache -O acltype=posixacl -O atime=off -O xattr=sa -O mountpoint=none -O canmount=off -O devices=off -O compression={{ zfs_zpool_compression|quote }} {{ zfs_zpool_name|quote }} {{ zfs_zpool_type|quote }} {{ zfs_zpool_disk_a|quote }} {{ zfs_zpool_disk_b|quote }} + +- name: enable zfs services + become: true + ansible.builtin.service: + name: "{{ item }}" + state: started + enabled: yes + loop: + - zfs-import-cache.service + - zfs-mount.service + - zfs.target + +- name: create backup zfs dataset + community.general.zfs: + name: "{{ zfs_backup_dataset }}" + state: present + extra_zfs_properties: + canmount: off + mountpoint: none + primarycache: none + secondarycache: none + reservation: none + refreservation: none + dedup: off + encryption: off + volmode: dev + devices: off + atime: off \ No newline at end of file diff --git a/ansible/roles/zfs-install/templates/key-params.j2 b/ansible/roles/zfs-install/templates/key-params.j2 new file mode 100644 index 0000000..edcd5b2 --- /dev/null +++ b/ansible/roles/zfs-install/templates/key-params.j2 @@ -0,0 +1,8 @@ +Key-Type: 1 +Key-Length: 3072 +Subkey-Type: 1 +Subkey-Length: 3072 +Name-Real: Local Administrator +Name-Email: root@{{ ansible_host }} +Expire-Date: 0 +%no-protection diff --git a/ansible/roles/zfs-install/templates/zfs.conf.j2 b/ansible/roles/zfs-install/templates/zfs.conf.j2 new file mode 100644 index 0000000..0d5ae27 --- /dev/null +++ b/ansible/roles/zfs-install/templates/zfs.conf.j2 @@ -0,0 +1,2 @@ +options zfs zfs_arc_min={{ zfs_arc_min }} +options zfs zfs_arc_max={{ zfs_arc_max }} \ No newline at end of file