diff --git a/playbooks/02a-services-common.yml b/playbooks/02a-services-common.yml index 30f1ec8..3cfaffd 100644 --- a/playbooks/02a-services-common.yml +++ b/playbooks/02a-services-common.yml @@ -3,10 +3,5 @@ hosts: asgard tasks: - - import_tasks: tasks/services/a-common/00-podman.yml - import_tasks: tasks/services/a-common/01-zfs-datasets.yml when: is_zfs - - import_tasks: tasks/services/a-common/01-directories.yml - - import_tasks: tasks/services/a-common/02-nameserver.yml - - import_tasks: tasks/services/a-common/03-systemd-veth.yml - - import_tasks: tasks/services/a-common/04-systemd-user.yml diff --git a/playbooks/filesystem/tmp/.gitdummy b/playbooks/filesystem/tmp/.gitdummy deleted file mode 100644 index e69de29..0000000 diff --git a/playbooks/tasks/services/a-common/00-podman.yml b/playbooks/tasks/services/a-common/00-podman.yml deleted file mode 100644 index f7c7365..0000000 --- a/playbooks/tasks/services/a-common/00-podman.yml +++ /dev/null @@ -1,10 +0,0 @@ -- name: Install podman - apt: - name: podman - register: podman_install - -# Required for podman. -- name: Reboot machine - reboot: - when: - podman_install is changed diff --git a/playbooks/tasks/services/a-common/01-directories.yml b/playbooks/tasks/services/a-common/01-directories.yml deleted file mode 100644 index fd22856..0000000 --- a/playbooks/tasks/services/a-common/01-directories.yml +++ /dev/null @@ -1,23 +0,0 @@ -- name: Create service directory - file: - path: /var/lib/{{ ansible_hostname }} - state: directory - mode: 0755 - -- name: Create service container directory - file: - path: /var/lib/{{ ansible_hostname }}/containers - state: directory - mode: 0755 - -- name: Create service data directory - file: - path: /var/lib/{{ ansible_hostname }}/data - state: directory - mode: 0755 - -- name: Create service home directory - file: - path: /var/lib/{{ ansible_hostname }}/home - state: directory - mode: 0755 diff --git a/playbooks/tasks/services/a-common/02-nameserver.yml b/playbooks/tasks/services/a-common/02-nameserver.yml deleted file mode 100644 index d22108c..0000000 --- a/playbooks/tasks/services/a-common/02-nameserver.yml +++ /dev/null @@ -1,13 +0,0 @@ -- name: Fetch valkyrie's resolv.conf - fetch: - src: "/etc/resolv.conf" - dest: "./filesystem/tmp/" - when: - ansible_hostname == 'valkyrie' - -- name: Copy valkyrie's resolv.conf to yggdrasil - copy: - src: "./filesystem/tmp/valkyrie/etc/resolv.conf" - dest: "/var/lib/{{ ansible_hostname }}/valkyrie-resolv.conf" - when: - ansible_hostname == 'yggdrasil' diff --git a/playbooks/tasks/services/a-common/03-systemd-veth.yml b/playbooks/tasks/services/a-common/03-systemd-veth.yml deleted file mode 100644 index 6d24d2f..0000000 --- a/playbooks/tasks/services/a-common/03-systemd-veth.yml +++ /dev/null @@ -1,20 +0,0 @@ -- name: Configure connect-pod-service - copy: - src: "./filesystem/common/etc/systemd/system/connect-pod-service@.service" - dest: "/etc/systemd/system/connect-pod-service@.service" - mode: 0644 - register: systemd_connect_pod_service_service - -- name: Configure connect-pod-service path trigger - template: - src: "./filesystem/common/etc/systemd/system/connect-pod-service@.path.j2" - dest: "/etc/systemd/system/connect-pod-service@.path" - mode: 0644 - register: systemd_connect_pod_service_path - -- name: SystemD daemon reload - systemd: - daemon_reload: true - when: - systemd_connect_pod_service_service is changed or - systemd_connect_pod_service_path is changed diff --git a/playbooks/tasks/services/a-common/04-systemd-user.yml b/playbooks/tasks/services/a-common/04-systemd-user.yml deleted file mode 100644 index ae637dc..0000000 --- a/playbooks/tasks/services/a-common/04-systemd-user.yml +++ /dev/null @@ -1,23 +0,0 @@ -- name: Copy the pod-service update script - copy: - src: "./filesystem/common/usr/local/sbin/pod-service-auto-update" - dest: "/usr/local/sbin/pod-service-auto-update" - mode: 0755 - -- name: Copy the pod-service update service - copy: - src: "./filesystem/common/etc/systemd/user/pod-service-auto-update.service" - dest: "/etc/systemd/user/pod-service-auto-update.service" - mode: 0644 - -- name: Copy the pod-service update timer - copy: - src: "./filesystem/common/etc/systemd/user/pod-service-auto-update.timer" - dest: "/etc/systemd/user/pod-service-auto-update.timer" - mode: 0644 - -- name: Copy systemd image prune service for user - copy: - src: "./filesystem/common/etc/systemd/user/podman-image-prune.service" - dest: "/etc/systemd/user/podman-image-prune.service" - mode: 0644 diff --git a/plays/services/files/base/system/nameserver/.gitignore b/plays/services/files/base/system/nameserver/.gitignore new file mode 100644 index 0000000..9292462 --- /dev/null +++ b/plays/services/files/base/system/nameserver/.gitignore @@ -0,0 +1 @@ +resolv.conf diff --git a/plays/services/main.yml b/plays/services/main.yml index 72854c2..872fff7 100644 --- a/plays/services/main.yml +++ b/plays/services/main.yml @@ -4,8 +4,8 @@ - role: "datasets" tags: "services:datasets" -# - name: "services : asgard" -# hosts: "asgard" -# roles: -# - role: "base" -# tags: "services:base" +- name: "services : asgard" + hosts: "asgard" + roles: + - role: "base" + tags: "services:base" diff --git a/playbooks/filesystem/common/usr/local/sbin/pod-service-auto-update b/plays/services/roles/base/files/system/systemd/pod-service-auto-update similarity index 100% rename from playbooks/filesystem/common/usr/local/sbin/pod-service-auto-update rename to plays/services/roles/base/files/system/systemd/pod-service-auto-update diff --git a/playbooks/filesystem/common/etc/systemd/user/pod-service-auto-update.service b/plays/services/roles/base/files/system/systemd/pod-service-auto-update.service similarity index 100% rename from playbooks/filesystem/common/etc/systemd/user/pod-service-auto-update.service rename to plays/services/roles/base/files/system/systemd/pod-service-auto-update.service diff --git a/playbooks/filesystem/common/etc/systemd/user/pod-service-auto-update.timer b/plays/services/roles/base/files/system/systemd/pod-service-auto-update.timer similarity index 100% rename from playbooks/filesystem/common/etc/systemd/user/pod-service-auto-update.timer rename to plays/services/roles/base/files/system/systemd/pod-service-auto-update.timer diff --git a/playbooks/filesystem/common/etc/systemd/user/podman-image-prune.service b/plays/services/roles/base/files/system/systemd/podman-image-prune.service similarity index 100% rename from playbooks/filesystem/common/etc/systemd/user/podman-image-prune.service rename to plays/services/roles/base/files/system/systemd/podman-image-prune.service diff --git a/playbooks/filesystem/common/etc/systemd/system/connect-pod-service@.service b/plays/services/roles/base/files/system/veth/connect-pod-service@.service similarity index 100% rename from playbooks/filesystem/common/etc/systemd/system/connect-pod-service@.service rename to plays/services/roles/base/files/system/veth/connect-pod-service@.service diff --git a/plays/services/roles/base/tasks/include/system/directories.yml b/plays/services/roles/base/tasks/include/system/directories.yml new file mode 100644 index 0000000..c941d74 --- /dev/null +++ b/plays/services/roles/base/tasks/include/system/directories.yml @@ -0,0 +1,23 @@ +- name: "system : directories : create services directory" + ansible.builtin.file: + path: "/var/lib/{{ ansible_hostname }}" + state: "directory" + mode: 0755 + +- name: "system : directories : create containers root directory" + ansible.builtin.file: + path: "/var/lib/{{ ansible_hostname }}/containers" + state: "directory" + mode: 0755 + +- name: "system : directories : create data root directory" + ansible.builtin.file: + path: "/var/lib/{{ ansible_hostname }}/data" + state: "directory" + mode: 0755 + +- name: "system : directories : create home root directory" + ansible.builtin.file: + path: "/var/lib/{{ ansible_hostname }}/home" + state: "directory" + mode: 0755 diff --git a/plays/services/roles/base/tasks/include/system/nameserver.yml b/plays/services/roles/base/tasks/include/system/nameserver.yml new file mode 100644 index 0000000..3d23161 --- /dev/null +++ b/plays/services/roles/base/tasks/include/system/nameserver.yml @@ -0,0 +1,14 @@ +- name: "system : nameserver : fetch valkyrie's resolv.conf" + ansible.builtin.fetch: + src: "/etc/resolv.conf" + dest: "./files/base/system/nameserver/" + flat: true + when: + ansible_hostname == "valkyrie" + +- name: "system : nameserver : copy valkyrie's resolv.conf to other hosts" + ansible.builtin.copy: + src: "../../../files/base/system/nameserver/resolv.conf" + dest: "/var/lib/{{ ansible_hostname }}/valkyrie-resolv.conf" + when: + ansible_hostname != "valkyrie" diff --git a/plays/services/roles/base/tasks/include/system/podman.yml b/plays/services/roles/base/tasks/include/system/podman.yml new file mode 100644 index 0000000..d69bac7 --- /dev/null +++ b/plays/services/roles/base/tasks/include/system/podman.yml @@ -0,0 +1,9 @@ +- name: "system : podman : install podman" + ansible.builtin.apt: + name: "podman" + register: services_base_system_podman_install + +- name: "system : podman : reboot host" + ansible.builtin.reboot: + when: + services_base_system_podman_install.changed diff --git a/plays/services/roles/base/tasks/include/system/systemd.yml b/plays/services/roles/base/tasks/include/system/systemd.yml new file mode 100644 index 0000000..4b03b09 --- /dev/null +++ b/plays/services/roles/base/tasks/include/system/systemd.yml @@ -0,0 +1,37 @@ +- name: "system : systemd : pod-service update script" + ansible.builtin.copy: + src: "./system/systemd/pod-service-auto-update" + dest: "/usr/local/sbin/pod-service-auto-update" + mode: 0755 + +- name: "system : systemd : pod-service update service" + ansible.builtin.copy: + src: "./system/systemd/pod-service-auto-update.service" + dest: "/etc/systemd/user/pod-service-auto-update.service" + mode: 0644 + register: services_base_system_pod_service_auto_update_service_file + +- name: "system : systemd : pod-service update timer" + ansible.builtin.copy: + src: "./system/systemd/pod-service-auto-update.timer" + dest: "/etc/systemd/user/pod-service-auto-update.timer" + mode: 0644 + register: services_base_system_pod_service_auto_update_timer_file + +- name: "system : systemd : image prune service" + ansible.builtin.copy: + src: "./system/systemd/podman-image-prune.service" + dest: "/etc/systemd/user/podman-image-prune.service" + mode: 0644 + register: services_base_system_podman_image_prune_service_file + +# Include instead of import as otherwise the when clause is always applied which triggers errors if +# the above tasks haven't executed. +- name: "system : systemd : systemd daemon reload for each service" + ansible.builtin.include_role: + name: "include" + tasks_from: "daemon_reload" + when: + services_base_system_pod_service_auto_update_service_file.changed or + services_base_system_pod_service_auto_update_timer_file.changed or + services_base_system_podman_image_prune_service_file.changed diff --git a/plays/services/roles/base/tasks/include/system/veth.yml b/plays/services/roles/base/tasks/include/system/veth.yml new file mode 100644 index 0000000..1b9c121 --- /dev/null +++ b/plays/services/roles/base/tasks/include/system/veth.yml @@ -0,0 +1,20 @@ +- name: "system : veth : configure connect-pod-service" + ansible.builtin.copy: + src: "./system/veth/connect-pod-service@.service" + dest: "/etc/systemd/system/connect-pod-service@.service" + mode: 0644 + register: services_base_system_connect_pod_service_service_file + +- name: "system : veth : configure connect-pod-service path trigger" + ansible.builtin.template: + src: "./system/veth/connect-pod-service@.path.j2" + dest: "/etc/systemd/system/connect-pod-service@.path" + mode: 0644 + register: services_base_system_connect_pod_service_path_file + +- name: "system : veth : systemd daemon reload" + ansible.builtin.systemd: + daemon_reload: true + when: + services_base_system_connect_pod_service_service_file.changed or + services_base_system_connect_pod_service_path_file.changed diff --git a/plays/services/roles/base/tasks/main.yml b/plays/services/roles/base/tasks/main.yml new file mode 100644 index 0000000..9cde159 --- /dev/null +++ b/plays/services/roles/base/tasks/main.yml @@ -0,0 +1,19 @@ +- name: "play:services : role:base : tasks:system:podman" + ansible.builtin.import_tasks: "include/system/podman.yml" + tags: "services:base:system:podman" + +- name: "play:services : role:base : tasks:system:directories" + ansible.builtin.import_tasks: "include/system/directories.yml" + tags: "services:base:system:directories" + +- name: "play:services : role:base : tasks:system:nameserver" + ansible.builtin.import_tasks: "include/system/nameserver.yml" + tags: "services:base:system:nameserver" + +- name: "play:services : role:base : tasks:system:veth" + ansible.builtin.import_tasks: "include/system/veth.yml" + tags: "services:base:system:veth" + +- name: "play:services : role:base : tasks:system:systemd" + ansible.builtin.import_tasks: "include/system/systemd.yml" + tags: "services:base:system:systemd" diff --git a/playbooks/filesystem/common/etc/systemd/system/connect-pod-service@.path.j2 b/plays/services/roles/base/templates/system/veth/connect-pod-service@.path.j2 similarity index 100% rename from playbooks/filesystem/common/etc/systemd/system/connect-pod-service@.path.j2 rename to plays/services/roles/base/templates/system/veth/connect-pod-service@.path.j2 diff --git a/plays/services/roles/datasets/tasks/include/system.yml b/plays/services/roles/datasets/tasks/include/system.yml index 34d94a0..f9dd2ed 100644 --- a/plays/services/roles/datasets/tasks/include/system.yml +++ b/plays/services/roles/datasets/tasks/include/system.yml @@ -10,7 +10,7 @@ name: "rpool/var/lib/{{ ansible_hostname }}" state: "present" -- name: "system : create a containers zvol" +- name: "system : create containers zvol" community.general.zfs: name: "rpool/var/lib/{{ ansible_hostname }}/containers" state: "present" @@ -19,7 +19,7 @@ refreservation: "none" "com.sun:auto-snapshot": "false" -- name: "system : format zvol with ext4" +- name: "system : format containers zvol" community.general.filesystem: dev: "/dev/rpool/var/lib/{{ ansible_hostname }}/containers" fstype: "ext4" @@ -27,12 +27,12 @@ - block: - - name: "system : get zvol uuid" + - name: "system : get containers zvol uuid" ansible.builtin.command: >- blkid -s UUID -o value /dev/rpool/var/lib/{{ ansible_hostname }}/containers register: services_datasets_system_zvol_uuid - - name: "system : add fstab entry and mount zvol" + - name: "system : add fstab entry and mount containers zvol" ansible.posix.mount: path: "/var/lib/{{ ansible_hostname }}/containers" src: "UUID={{ services_datasets_system_zvol_uuid.stdout }}" diff --git a/plays/services/roles/datasets/tasks/include/user.yml b/plays/services/roles/datasets/tasks/include/user.yml index 301e037..bdfe8ae 100644 --- a/plays/services/roles/datasets/tasks/include/user.yml +++ b/plays/services/roles/datasets/tasks/include/user.yml @@ -1,6 +1,7 @@ - name: "user : {{ services_service_name }} : set variables" ansible.builtin.import_role: - name: "vars" + name: "include" + tasks_from: "vars" - name: "user : {{ services_service_name }} : create home dataset" community.general.zfs: diff --git a/plays/services/roles/include/meta/argument_specs.yml b/plays/services/roles/include/meta/argument_specs.yml new file mode 100644 index 0000000..23781ec --- /dev/null +++ b/plays/services/roles/include/meta/argument_specs.yml @@ -0,0 +1,12 @@ +argument_specs: + vars: + options: + services_service_name: + type: "str" + required: true + daemon_reload: + options: + services_host_services: + type: "list" + elem: "str" + required: true diff --git a/plays/services/roles/include/tasks/daemon_reload.yml b/plays/services/roles/include/tasks/daemon_reload.yml new file mode 100644 index 0000000..2ebd44a --- /dev/null +++ b/plays/services/roles/include/tasks/daemon_reload.yml @@ -0,0 +1,5 @@ +- name: "daemon_reload : loop over services" + ansible.builtin.include_tasks: "daemon_reload/main.yml" + loop: "{{ services_host_services }}" + loop_control: + loop_var: "services_service_name" diff --git a/plays/services/roles/include/tasks/daemon_reload/main.yml b/plays/services/roles/include/tasks/daemon_reload/main.yml new file mode 100644 index 0000000..49dc916 --- /dev/null +++ b/plays/services/roles/include/tasks/daemon_reload/main.yml @@ -0,0 +1,15 @@ +- name: "daemon_reload : {{ services_service_name }} : set variables" + ansible.builtin.import_tasks: "../vars.yml" + +- name: "daemon_reload : {{ services_service_name }} : check if home exists" + ansible.builtin.stat: + path: "{{ services_service_user_home }}" + register: services_include_daemon_reload_user_home + +- name: "daemon_reload : {{ services_service_name }} : systemd daemon reload" + become_user: "{{ services_service_user_name }}" + ansible.builtin.systemd: + daemon_reload: true + scope: "user" + when: + services_include_daemon_reload_user_home.stat.exists diff --git a/plays/services/roles/include/tasks/vars.yml b/plays/services/roles/include/tasks/vars.yml new file mode 100644 index 0000000..a0ef160 --- /dev/null +++ b/plays/services/roles/include/tasks/vars.yml @@ -0,0 +1,8 @@ +- name: "vars : {{ services_service_name }} : set user name variable" + set_fact: + services_service_user_name: "pod-{{ services_service_name }}" + +- name: "vars : {{ services_service_name }} : set user home variable" + set_fact: + services_service_user_home: >- + /var/lib/{{ ansible_hostname }}/home/{{ services_service_user_name }} diff --git a/plays/services/roles/vars/meta/argument_specs.yml b/plays/services/roles/vars/meta/argument_specs.yml deleted file mode 100644 index 75551fc..0000000 --- a/plays/services/roles/vars/meta/argument_specs.yml +++ /dev/null @@ -1,6 +0,0 @@ -argument_specs: - main: - options: - services_service_name: - type: "str" - required: true diff --git a/plays/services/roles/vars/tasks/main.yml b/plays/services/roles/vars/tasks/main.yml deleted file mode 100644 index 8932e3a..0000000 --- a/plays/services/roles/vars/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: "{{ services_service_name }} : set user name variable" - set_fact: - services_service_user_name: "pod-{{ services_service_name }}" - -- name: "{{ services_service_name }} : set user home variable" - set_fact: - services_service_user_home: "/var/lib/{{ ansible_hostname }}/home/{{ services_service_user_name }}" - -- name: "{{ services_service_name }} : print variables" - debug: - msg: - - "services_service_user_name: {{ services_service_user_name }}" - - "services_service_user_home: {{ services_service_user_home }}" - when: - ansible_check_mode