Add services:base:system
This commit is contained in:
parent
9d6cc674fc
commit
0b3542c414
@ -3,10 +3,5 @@
|
|||||||
hosts: asgard
|
hosts: asgard
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- import_tasks: tasks/services/a-common/00-podman.yml
|
|
||||||
- import_tasks: tasks/services/a-common/01-zfs-datasets.yml
|
- import_tasks: tasks/services/a-common/01-zfs-datasets.yml
|
||||||
when: is_zfs
|
when: is_zfs
|
||||||
- import_tasks: tasks/services/a-common/01-directories.yml
|
|
||||||
- import_tasks: tasks/services/a-common/02-nameserver.yml
|
|
||||||
- import_tasks: tasks/services/a-common/03-systemd-veth.yml
|
|
||||||
- import_tasks: tasks/services/a-common/04-systemd-user.yml
|
|
||||||
|
@ -1,10 +0,0 @@
|
|||||||
- name: Install podman
|
|
||||||
apt:
|
|
||||||
name: podman
|
|
||||||
register: podman_install
|
|
||||||
|
|
||||||
# Required for podman.
|
|
||||||
- name: Reboot machine
|
|
||||||
reboot:
|
|
||||||
when:
|
|
||||||
podman_install is changed
|
|
@ -1,23 +0,0 @@
|
|||||||
- name: Create service directory
|
|
||||||
file:
|
|
||||||
path: /var/lib/{{ ansible_hostname }}
|
|
||||||
state: directory
|
|
||||||
mode: 0755
|
|
||||||
|
|
||||||
- name: Create service container directory
|
|
||||||
file:
|
|
||||||
path: /var/lib/{{ ansible_hostname }}/containers
|
|
||||||
state: directory
|
|
||||||
mode: 0755
|
|
||||||
|
|
||||||
- name: Create service data directory
|
|
||||||
file:
|
|
||||||
path: /var/lib/{{ ansible_hostname }}/data
|
|
||||||
state: directory
|
|
||||||
mode: 0755
|
|
||||||
|
|
||||||
- name: Create service home directory
|
|
||||||
file:
|
|
||||||
path: /var/lib/{{ ansible_hostname }}/home
|
|
||||||
state: directory
|
|
||||||
mode: 0755
|
|
@ -1,13 +0,0 @@
|
|||||||
- name: Fetch valkyrie's resolv.conf
|
|
||||||
fetch:
|
|
||||||
src: "/etc/resolv.conf"
|
|
||||||
dest: "./filesystem/tmp/"
|
|
||||||
when:
|
|
||||||
ansible_hostname == 'valkyrie'
|
|
||||||
|
|
||||||
- name: Copy valkyrie's resolv.conf to yggdrasil
|
|
||||||
copy:
|
|
||||||
src: "./filesystem/tmp/valkyrie/etc/resolv.conf"
|
|
||||||
dest: "/var/lib/{{ ansible_hostname }}/valkyrie-resolv.conf"
|
|
||||||
when:
|
|
||||||
ansible_hostname == 'yggdrasil'
|
|
@ -1,20 +0,0 @@
|
|||||||
- name: Configure connect-pod-service
|
|
||||||
copy:
|
|
||||||
src: "./filesystem/common/etc/systemd/system/connect-pod-service@.service"
|
|
||||||
dest: "/etc/systemd/system/connect-pod-service@.service"
|
|
||||||
mode: 0644
|
|
||||||
register: systemd_connect_pod_service_service
|
|
||||||
|
|
||||||
- name: Configure connect-pod-service path trigger
|
|
||||||
template:
|
|
||||||
src: "./filesystem/common/etc/systemd/system/connect-pod-service@.path.j2"
|
|
||||||
dest: "/etc/systemd/system/connect-pod-service@.path"
|
|
||||||
mode: 0644
|
|
||||||
register: systemd_connect_pod_service_path
|
|
||||||
|
|
||||||
- name: SystemD daemon reload
|
|
||||||
systemd:
|
|
||||||
daemon_reload: true
|
|
||||||
when:
|
|
||||||
systemd_connect_pod_service_service is changed or
|
|
||||||
systemd_connect_pod_service_path is changed
|
|
@ -1,23 +0,0 @@
|
|||||||
- name: Copy the pod-service update script
|
|
||||||
copy:
|
|
||||||
src: "./filesystem/common/usr/local/sbin/pod-service-auto-update"
|
|
||||||
dest: "/usr/local/sbin/pod-service-auto-update"
|
|
||||||
mode: 0755
|
|
||||||
|
|
||||||
- name: Copy the pod-service update service
|
|
||||||
copy:
|
|
||||||
src: "./filesystem/common/etc/systemd/user/pod-service-auto-update.service"
|
|
||||||
dest: "/etc/systemd/user/pod-service-auto-update.service"
|
|
||||||
mode: 0644
|
|
||||||
|
|
||||||
- name: Copy the pod-service update timer
|
|
||||||
copy:
|
|
||||||
src: "./filesystem/common/etc/systemd/user/pod-service-auto-update.timer"
|
|
||||||
dest: "/etc/systemd/user/pod-service-auto-update.timer"
|
|
||||||
mode: 0644
|
|
||||||
|
|
||||||
- name: Copy systemd image prune service for user
|
|
||||||
copy:
|
|
||||||
src: "./filesystem/common/etc/systemd/user/podman-image-prune.service"
|
|
||||||
dest: "/etc/systemd/user/podman-image-prune.service"
|
|
||||||
mode: 0644
|
|
1
plays/services/files/base/system/nameserver/.gitignore
vendored
Normal file
1
plays/services/files/base/system/nameserver/.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
resolv.conf
|
@ -4,8 +4,8 @@
|
|||||||
- role: "datasets"
|
- role: "datasets"
|
||||||
tags: "services:datasets"
|
tags: "services:datasets"
|
||||||
|
|
||||||
# - name: "services : asgard"
|
- name: "services : asgard"
|
||||||
# hosts: "asgard"
|
hosts: "asgard"
|
||||||
# roles:
|
roles:
|
||||||
# - role: "base"
|
- role: "base"
|
||||||
# tags: "services:base"
|
tags: "services:base"
|
||||||
|
@ -0,0 +1,23 @@
|
|||||||
|
- name: "system : directories : create services directory"
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "/var/lib/{{ ansible_hostname }}"
|
||||||
|
state: "directory"
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: "system : directories : create containers root directory"
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "/var/lib/{{ ansible_hostname }}/containers"
|
||||||
|
state: "directory"
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: "system : directories : create data root directory"
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "/var/lib/{{ ansible_hostname }}/data"
|
||||||
|
state: "directory"
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: "system : directories : create home root directory"
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "/var/lib/{{ ansible_hostname }}/home"
|
||||||
|
state: "directory"
|
||||||
|
mode: 0755
|
@ -0,0 +1,14 @@
|
|||||||
|
- name: "system : nameserver : fetch valkyrie's resolv.conf"
|
||||||
|
ansible.builtin.fetch:
|
||||||
|
src: "/etc/resolv.conf"
|
||||||
|
dest: "./files/base/system/nameserver/"
|
||||||
|
flat: true
|
||||||
|
when:
|
||||||
|
ansible_hostname == "valkyrie"
|
||||||
|
|
||||||
|
- name: "system : nameserver : copy valkyrie's resolv.conf to other hosts"
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: "../../../files/base/system/nameserver/resolv.conf"
|
||||||
|
dest: "/var/lib/{{ ansible_hostname }}/valkyrie-resolv.conf"
|
||||||
|
when:
|
||||||
|
ansible_hostname != "valkyrie"
|
@ -0,0 +1,9 @@
|
|||||||
|
- name: "system : podman : install podman"
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: "podman"
|
||||||
|
register: services_base_system_podman_install
|
||||||
|
|
||||||
|
- name: "system : podman : reboot host"
|
||||||
|
ansible.builtin.reboot:
|
||||||
|
when:
|
||||||
|
services_base_system_podman_install.changed
|
37
plays/services/roles/base/tasks/include/system/systemd.yml
Normal file
37
plays/services/roles/base/tasks/include/system/systemd.yml
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
- name: "system : systemd : pod-service update script"
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: "./system/systemd/pod-service-auto-update"
|
||||||
|
dest: "/usr/local/sbin/pod-service-auto-update"
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: "system : systemd : pod-service update service"
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: "./system/systemd/pod-service-auto-update.service"
|
||||||
|
dest: "/etc/systemd/user/pod-service-auto-update.service"
|
||||||
|
mode: 0644
|
||||||
|
register: services_base_system_pod_service_auto_update_service_file
|
||||||
|
|
||||||
|
- name: "system : systemd : pod-service update timer"
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: "./system/systemd/pod-service-auto-update.timer"
|
||||||
|
dest: "/etc/systemd/user/pod-service-auto-update.timer"
|
||||||
|
mode: 0644
|
||||||
|
register: services_base_system_pod_service_auto_update_timer_file
|
||||||
|
|
||||||
|
- name: "system : systemd : image prune service"
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: "./system/systemd/podman-image-prune.service"
|
||||||
|
dest: "/etc/systemd/user/podman-image-prune.service"
|
||||||
|
mode: 0644
|
||||||
|
register: services_base_system_podman_image_prune_service_file
|
||||||
|
|
||||||
|
# Include instead of import as otherwise the when clause is always applied which triggers errors if
|
||||||
|
# the above tasks haven't executed.
|
||||||
|
- name: "system : systemd : systemd daemon reload for each service"
|
||||||
|
ansible.builtin.include_role:
|
||||||
|
name: "include"
|
||||||
|
tasks_from: "daemon_reload"
|
||||||
|
when:
|
||||||
|
services_base_system_pod_service_auto_update_service_file.changed or
|
||||||
|
services_base_system_pod_service_auto_update_timer_file.changed or
|
||||||
|
services_base_system_podman_image_prune_service_file.changed
|
20
plays/services/roles/base/tasks/include/system/veth.yml
Normal file
20
plays/services/roles/base/tasks/include/system/veth.yml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
- name: "system : veth : configure connect-pod-service"
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: "./system/veth/connect-pod-service@.service"
|
||||||
|
dest: "/etc/systemd/system/connect-pod-service@.service"
|
||||||
|
mode: 0644
|
||||||
|
register: services_base_system_connect_pod_service_service_file
|
||||||
|
|
||||||
|
- name: "system : veth : configure connect-pod-service path trigger"
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "./system/veth/connect-pod-service@.path.j2"
|
||||||
|
dest: "/etc/systemd/system/connect-pod-service@.path"
|
||||||
|
mode: 0644
|
||||||
|
register: services_base_system_connect_pod_service_path_file
|
||||||
|
|
||||||
|
- name: "system : veth : systemd daemon reload"
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
daemon_reload: true
|
||||||
|
when:
|
||||||
|
services_base_system_connect_pod_service_service_file.changed or
|
||||||
|
services_base_system_connect_pod_service_path_file.changed
|
19
plays/services/roles/base/tasks/main.yml
Normal file
19
plays/services/roles/base/tasks/main.yml
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
- name: "play:services : role:base : tasks:system:podman"
|
||||||
|
ansible.builtin.import_tasks: "include/system/podman.yml"
|
||||||
|
tags: "services:base:system:podman"
|
||||||
|
|
||||||
|
- name: "play:services : role:base : tasks:system:directories"
|
||||||
|
ansible.builtin.import_tasks: "include/system/directories.yml"
|
||||||
|
tags: "services:base:system:directories"
|
||||||
|
|
||||||
|
- name: "play:services : role:base : tasks:system:nameserver"
|
||||||
|
ansible.builtin.import_tasks: "include/system/nameserver.yml"
|
||||||
|
tags: "services:base:system:nameserver"
|
||||||
|
|
||||||
|
- name: "play:services : role:base : tasks:system:veth"
|
||||||
|
ansible.builtin.import_tasks: "include/system/veth.yml"
|
||||||
|
tags: "services:base:system:veth"
|
||||||
|
|
||||||
|
- name: "play:services : role:base : tasks:system:systemd"
|
||||||
|
ansible.builtin.import_tasks: "include/system/systemd.yml"
|
||||||
|
tags: "services:base:system:systemd"
|
@ -10,7 +10,7 @@
|
|||||||
name: "rpool/var/lib/{{ ansible_hostname }}"
|
name: "rpool/var/lib/{{ ansible_hostname }}"
|
||||||
state: "present"
|
state: "present"
|
||||||
|
|
||||||
- name: "system : create a containers zvol"
|
- name: "system : create containers zvol"
|
||||||
community.general.zfs:
|
community.general.zfs:
|
||||||
name: "rpool/var/lib/{{ ansible_hostname }}/containers"
|
name: "rpool/var/lib/{{ ansible_hostname }}/containers"
|
||||||
state: "present"
|
state: "present"
|
||||||
@ -19,7 +19,7 @@
|
|||||||
refreservation: "none"
|
refreservation: "none"
|
||||||
"com.sun:auto-snapshot": "false"
|
"com.sun:auto-snapshot": "false"
|
||||||
|
|
||||||
- name: "system : format zvol with ext4"
|
- name: "system : format containers zvol"
|
||||||
community.general.filesystem:
|
community.general.filesystem:
|
||||||
dev: "/dev/rpool/var/lib/{{ ansible_hostname }}/containers"
|
dev: "/dev/rpool/var/lib/{{ ansible_hostname }}/containers"
|
||||||
fstype: "ext4"
|
fstype: "ext4"
|
||||||
@ -27,12 +27,12 @@
|
|||||||
|
|
||||||
- block:
|
- block:
|
||||||
|
|
||||||
- name: "system : get zvol uuid"
|
- name: "system : get containers zvol uuid"
|
||||||
ansible.builtin.command: >-
|
ansible.builtin.command: >-
|
||||||
blkid -s UUID -o value /dev/rpool/var/lib/{{ ansible_hostname }}/containers
|
blkid -s UUID -o value /dev/rpool/var/lib/{{ ansible_hostname }}/containers
|
||||||
register: services_datasets_system_zvol_uuid
|
register: services_datasets_system_zvol_uuid
|
||||||
|
|
||||||
- name: "system : add fstab entry and mount zvol"
|
- name: "system : add fstab entry and mount containers zvol"
|
||||||
ansible.posix.mount:
|
ansible.posix.mount:
|
||||||
path: "/var/lib/{{ ansible_hostname }}/containers"
|
path: "/var/lib/{{ ansible_hostname }}/containers"
|
||||||
src: "UUID={{ services_datasets_system_zvol_uuid.stdout }}"
|
src: "UUID={{ services_datasets_system_zvol_uuid.stdout }}"
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
- name: "user : {{ services_service_name }} : set variables"
|
- name: "user : {{ services_service_name }} : set variables"
|
||||||
ansible.builtin.import_role:
|
ansible.builtin.import_role:
|
||||||
name: "vars"
|
name: "include"
|
||||||
|
tasks_from: "vars"
|
||||||
|
|
||||||
- name: "user : {{ services_service_name }} : create home dataset"
|
- name: "user : {{ services_service_name }} : create home dataset"
|
||||||
community.general.zfs:
|
community.general.zfs:
|
||||||
|
12
plays/services/roles/include/meta/argument_specs.yml
Normal file
12
plays/services/roles/include/meta/argument_specs.yml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
argument_specs:
|
||||||
|
vars:
|
||||||
|
options:
|
||||||
|
services_service_name:
|
||||||
|
type: "str"
|
||||||
|
required: true
|
||||||
|
daemon_reload:
|
||||||
|
options:
|
||||||
|
services_host_services:
|
||||||
|
type: "list"
|
||||||
|
elem: "str"
|
||||||
|
required: true
|
5
plays/services/roles/include/tasks/daemon_reload.yml
Normal file
5
plays/services/roles/include/tasks/daemon_reload.yml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
- name: "daemon_reload : loop over services"
|
||||||
|
ansible.builtin.include_tasks: "daemon_reload/main.yml"
|
||||||
|
loop: "{{ services_host_services }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: "services_service_name"
|
15
plays/services/roles/include/tasks/daemon_reload/main.yml
Normal file
15
plays/services/roles/include/tasks/daemon_reload/main.yml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
- name: "daemon_reload : {{ services_service_name }} : set variables"
|
||||||
|
ansible.builtin.import_tasks: "../vars.yml"
|
||||||
|
|
||||||
|
- name: "daemon_reload : {{ services_service_name }} : check if home exists"
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: "{{ services_service_user_home }}"
|
||||||
|
register: services_include_daemon_reload_user_home
|
||||||
|
|
||||||
|
- name: "daemon_reload : {{ services_service_name }} : systemd daemon reload"
|
||||||
|
become_user: "{{ services_service_user_name }}"
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
daemon_reload: true
|
||||||
|
scope: "user"
|
||||||
|
when:
|
||||||
|
services_include_daemon_reload_user_home.stat.exists
|
8
plays/services/roles/include/tasks/vars.yml
Normal file
8
plays/services/roles/include/tasks/vars.yml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
- name: "vars : {{ services_service_name }} : set user name variable"
|
||||||
|
set_fact:
|
||||||
|
services_service_user_name: "pod-{{ services_service_name }}"
|
||||||
|
|
||||||
|
- name: "vars : {{ services_service_name }} : set user home variable"
|
||||||
|
set_fact:
|
||||||
|
services_service_user_home: >-
|
||||||
|
/var/lib/{{ ansible_hostname }}/home/{{ services_service_user_name }}
|
@ -1,6 +0,0 @@
|
|||||||
argument_specs:
|
|
||||||
main:
|
|
||||||
options:
|
|
||||||
services_service_name:
|
|
||||||
type: "str"
|
|
||||||
required: true
|
|
@ -1,15 +0,0 @@
|
|||||||
- name: "{{ services_service_name }} : set user name variable"
|
|
||||||
set_fact:
|
|
||||||
services_service_user_name: "pod-{{ services_service_name }}"
|
|
||||||
|
|
||||||
- name: "{{ services_service_name }} : set user home variable"
|
|
||||||
set_fact:
|
|
||||||
services_service_user_home: "/var/lib/{{ ansible_hostname }}/home/{{ services_service_user_name }}"
|
|
||||||
|
|
||||||
- name: "{{ services_service_name }} : print variables"
|
|
||||||
debug:
|
|
||||||
msg:
|
|
||||||
- "services_service_user_name: {{ services_service_user_name }}"
|
|
||||||
- "services_service_user_home: {{ services_service_user_home }}"
|
|
||||||
when:
|
|
||||||
ansible_check_mode
|
|
Loading…
Reference in New Issue
Block a user