From 5007f0b68e27cfa7e5ed5aacb660362f56a92693 Mon Sep 17 00:00:00 2001 From: michael Date: Wed, 9 Aug 2023 18:38:34 +1000 Subject: [PATCH] new hypervisor wip --- .../hv00_balsillie_house.yaml | 26 ++++ .../hv00_balsillie_net.yaml} | 0 ansible/inventory/inventory.yaml | 137 +++++++++++------- ansible/roles/archinstall/defaults/main.yml | 5 + .../{baremetal => archinstall}/files/packages | 0 .../{baremetal => archinstall}/tasks/main.yml | 0 .../templates/eno.network.j2 | 0 ansible/roles/baremetal/defaults/main.yml | 2 - .../roles/hypervisor_qcow/defaults/main.yaml | 12 ++ ansible/roles/hypervisor_qcow/tasks/main.yaml | 76 ++++++++++ .../templates/bridge.netdev.j2 | 9 ++ .../templates/ethernet.link.j2 | 6 + .../templates/ethernet.netdev.j2 | 0 .../templates/ethernet.network.j2 | 12 ++ 14 files changed, 233 insertions(+), 52 deletions(-) create mode 100644 ansible/inventory/host_vars/hv00_balsillie_home/hv00_balsillie_house.yaml rename ansible/inventory/host_vars/{hv00/hv00.yaml => hv00_balsillie_net/hv00_balsillie_net.yaml} (100%) create mode 100644 ansible/roles/archinstall/defaults/main.yml rename ansible/roles/{baremetal => archinstall}/files/packages (100%) rename ansible/roles/{baremetal => archinstall}/tasks/main.yml (100%) rename ansible/roles/{baremetal => archinstall}/templates/eno.network.j2 (100%) delete mode 100644 ansible/roles/baremetal/defaults/main.yml create mode 100644 ansible/roles/hypervisor_qcow/defaults/main.yaml create mode 100644 ansible/roles/hypervisor_qcow/templates/ethernet.link.j2 delete mode 100644 ansible/roles/hypervisor_qcow/templates/ethernet.netdev.j2 diff --git a/ansible/inventory/host_vars/hv00_balsillie_home/hv00_balsillie_house.yaml b/ansible/inventory/host_vars/hv00_balsillie_home/hv00_balsillie_house.yaml new file mode 100644 index 0000000..e47ea59 --- /dev/null +++ b/ansible/inventory/host_vars/hv00_balsillie_home/hv00_balsillie_house.yaml @@ -0,0 +1,26 @@ +systemd_networkd_configs: + - name: 00-eth0.link + src: ethernet.link.j2 + mac_address: 00-00-00-00-00-00 + - name: 00-eth1.link + src: ethernet.link.j2 + mac_address: 00-00-00-00-00-00 + - name: 00-eth2.link + src: ethernet.link.j2 + mac_address: 00-00-00-00-00-00 + - name: 00-eth3.link + src: ethernet.link.j2 + mac_address: 00-00-00-00-00-00 + - name: br0.netdev + src: bridge.netdev.j2 + vlan_filtering: true + stp: true + - name: br0.network + src: bridge.network.j2 + - name: vlan110.netdev + src: vlan.netdev.j2 + - name: vlan110.network + src: vlan.network.j2 + +qemu_bridges: + br0 diff --git a/ansible/inventory/host_vars/hv00/hv00.yaml b/ansible/inventory/host_vars/hv00_balsillie_net/hv00_balsillie_net.yaml similarity index 100% rename from ansible/inventory/host_vars/hv00/hv00.yaml rename to ansible/inventory/host_vars/hv00_balsillie_net/hv00_balsillie_net.yaml diff --git a/ansible/inventory/inventory.yaml b/ansible/inventory/inventory.yaml index a9e41de..d23d4df 100644 --- a/ansible/inventory/inventory.yaml +++ b/ansible/inventory/inventory.yaml @@ -1,64 +1,101 @@ all: children: + ups: + hosts: + ups00_balsillie_house: + firewalls: + children: + opnsense: + hosts: + fw00_balsillie_net: + openwrt: + hosts: + fw00_balsillie_house: + switches: + hosts: + sw00_balsillie_house: + waps: + hosts: + wap00_balsillie_house: + virtual_machines: + hosts: + kube01_balsillie_net: + kube02_balsillie_net: + kube03_balsillie_net: + fw00_balsillie_net: + fw00_balsillie_house: + mp00_balsillie_house: + win11_balsillie_house: + bare_metal: + hosts: + ups00_balsillie_house: + sw00_balsillie_house: + wap00_balsillie_house: + hv00_balsillie_house: + hv00_balsillie_net: + lat5420_balsillie_house: + lat7490_balsillie_house: + sff_balsillie_house: servers: children: hypervisors: hosts: - server: - lab: - hv00: - vms: + hv00_balsillie_net: # Hetzner + hv00_balsillie_house: # vp2420 + hv01_balsillie_net: # 4U Rosewill + k8s: children: - nodes: + k8s_control: hosts: - node1: - node2: - node3: - hosts: - router: - hetzner: - hosts: - hv00: - fw00: - k8s: - children: - k8s_control: - hosts: - kube01: - # kube02: - # kube03: - k8s_taint: - hosts: - kube01: - # kube02: - # kube03: - k8s_worker: - hosts: - kube01: - # kube02: - # kube03: - k8s_storage: - hosts: - kube01: - # kube02: - # kube03: - firewalls: - children: - fortigate: - hosts: - fortigate00: - opnsense: - hosts: - fw00: - switches: - hosts: - sw00: + kube01_balsillie_net: + kube02_balsillie_net: + kube03_balsillie_net: + k8s_taint: + hosts: + kube01_balsillie_net: + kube02_balsillie_net: + kube03_balsillie_net: + k8s_worker: + hosts: + kube01_balsillie_net: + kube02_balsillie_net: + kube03_balsillie_net: + k8s_storage: + hosts: + kube01_balsillie_net: + kube02_balsillie_net: + kube03_balsillie_net: workstations: children: arch: hosts: - lat5420: - sff: + lat5420_balsillie_house: + sff_balsillie_house: + mp00_balsillie_house: windows: hosts: - bridie: \ No newline at end of file + lat7490_balsillie_house: + win11_balsillie_house: + laptops: + hosts: + lat5420_balsillie_house: + lat7490_balsillie_house: + desktops: + hosts: + sff_balsillie_house: + mp00_balsillie_house: + hetzner: + hosts: + fw00_balsillie_net: + hv00_balsillie_net: + kube01_balsillie_net: + kube02_balsillie_net: + kube03_balsillie_net: + house: + hosts: + hv00_balsillie_house: + fw00_balsillie_house: + mp00_balsillie_house: + win11_balsillie_house: + lat5420_balsillie_house: + sff_balsillie_house: diff --git a/ansible/roles/archinstall/defaults/main.yml b/ansible/roles/archinstall/defaults/main.yml new file mode 100644 index 0000000..14156c9 --- /dev/null +++ b/ansible/roles/archinstall/defaults/main.yml @@ -0,0 +1,5 @@ +--- +iso_source: +ntp_servers: + - time.example.com + \ No newline at end of file diff --git a/ansible/roles/baremetal/files/packages b/ansible/roles/archinstall/files/packages similarity index 100% rename from ansible/roles/baremetal/files/packages rename to ansible/roles/archinstall/files/packages diff --git a/ansible/roles/baremetal/tasks/main.yml b/ansible/roles/archinstall/tasks/main.yml similarity index 100% rename from ansible/roles/baremetal/tasks/main.yml rename to ansible/roles/archinstall/tasks/main.yml diff --git a/ansible/roles/baremetal/templates/eno.network.j2 b/ansible/roles/archinstall/templates/eno.network.j2 similarity index 100% rename from ansible/roles/baremetal/templates/eno.network.j2 rename to ansible/roles/archinstall/templates/eno.network.j2 diff --git a/ansible/roles/baremetal/defaults/main.yml b/ansible/roles/baremetal/defaults/main.yml deleted file mode 100644 index 0048b5f..0000000 --- a/ansible/roles/baremetal/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -iso_source: diff --git a/ansible/roles/hypervisor_qcow/defaults/main.yaml b/ansible/roles/hypervisor_qcow/defaults/main.yaml new file mode 100644 index 0000000..24b2094 --- /dev/null +++ b/ansible/roles/hypervisor_qcow/defaults/main.yaml @@ -0,0 +1,12 @@ +libvirt_packages: + arch: + qemu-base + openbsd-netcat + swtpm + gettext + libvirt + libvirt-python + +default_network_services: + Archlinux: + NetworkManager \ No newline at end of file diff --git a/ansible/roles/hypervisor_qcow/tasks/main.yaml b/ansible/roles/hypervisor_qcow/tasks/main.yaml index e69de29..10d9bd8 100644 --- a/ansible/roles/hypervisor_qcow/tasks/main.yaml +++ b/ansible/roles/hypervisor_qcow/tasks/main.yaml @@ -0,0 +1,76 @@ +--- + +- name: Clear systemd-networkd config directory + ansible.builtin.file: + path: "/etc/systemd/network/" + state: "{{ item }}" + owner: root + group: root + mode: '0755' + with_items: + - absent + - directory + +- name: Create systemd-networkd config files + ansible.builtin.template: + src: "{{ item.src }}" + dest: /etc/systemd/network/"{{ item.name }}" + owner: root + group: root + mode: '0644' + loop: "{{ systemd_networkd_configs }}" + +- name: Disable non-systemd networking services + ansible.builtin.service: + name: "{{ item }}" + state: stopped + enabled: false + loop: "{{ default_network_services[ansible_os_family] }}" + +- name: Enable systemd networking + ansible.builtin.service: + name: "{{ item }}" + state: started + enabled: true + loop: + - systemd-networkd + - systemd-resolved + +- name: Install libvirt packages (Arch) + when: ansible_os_distribution == 'Archlinux' + community.general.pacman: + name: "{{ libvirt_packages['Arch'] }}" + state: present + update_cache: true + +- name: Add user to libvirt group + ansible.builtin.user: + name: "{{ ansible_user }}" + groups: libvirt + append: true + +- name: Add bridge(s) to qemu_bridge_helper + when: qemu_bridges is defined + ansible.builtin.lineinfile: + path: /etc/qemu/bridge.conf + line: "{{ item }}" + state: present + backup: false + insertafter: EOF + loop: "{{ qemu_bridges | default(['virbr0']) }}" + +- name: Start and enable libvirt service + ansible.builtin.service: + name: libvirtd.service + state: started + enabled: true + +- name: Stop the default libvirt network + community.libvirt.virt_net: + name: default + state: inactive + +- name: Remove default libvirt network + community.libvirt.virt_net: + name: default + state: absent diff --git a/ansible/roles/hypervisor_qcow/templates/bridge.netdev.j2 b/ansible/roles/hypervisor_qcow/templates/bridge.netdev.j2 index e69de29..72a8c15 100644 --- a/ansible/roles/hypervisor_qcow/templates/bridge.netdev.j2 +++ b/ansible/roles/hypervisor_qcow/templates/bridge.netdev.j2 @@ -0,0 +1,9 @@ +[NetDev] +Name=br0 +Kind=bridge + +[Bridge] +DefaultPVID=none +VLANFiltering={{ item.vlan_filtering }} +VLANProtocol=802.1q +STP={{ item.stp }} \ No newline at end of file diff --git a/ansible/roles/hypervisor_qcow/templates/ethernet.link.j2 b/ansible/roles/hypervisor_qcow/templates/ethernet.link.j2 new file mode 100644 index 0000000..8ad8415 --- /dev/null +++ b/ansible/roles/hypervisor_qcow/templates/ethernet.link.j2 @@ -0,0 +1,6 @@ +[Match] +PermanentMACAddress={{ item.mac_address }} +[Link] +MACAddressPolicy=permanent +MACAddress={{ item.mac_address }} +Name={{ item.name | regex_replace('^[0-9]*-', '') | regex_replace('\.link', '') }} diff --git a/ansible/roles/hypervisor_qcow/templates/ethernet.netdev.j2 b/ansible/roles/hypervisor_qcow/templates/ethernet.netdev.j2 deleted file mode 100644 index e69de29..0000000 diff --git a/ansible/roles/hypervisor_qcow/templates/ethernet.network.j2 b/ansible/roles/hypervisor_qcow/templates/ethernet.network.j2 index e69de29..4bad9ba 100644 --- a/ansible/roles/hypervisor_qcow/templates/ethernet.network.j2 +++ b/ansible/roles/hypervisor_qcow/templates/ethernet.network.j2 @@ -0,0 +1,12 @@ +[Match] +MACAddress={{ item.mac_address }} + +[Link] +ARP={{ item.arp }} + +[Network] +DHCP=no +if item.bond + Bond={{ item.bond }} +if item.bridge + Bridge={{ item.bridge }}