From d4dfe02153de7bba2150ce6e108bf556ead31b19 Mon Sep 17 00:00:00 2001 From: Wojciech Kozlowski Date: Sun, 19 Feb 2023 17:49:35 +0100 Subject: [PATCH] Decouple root directories from services --- inventory/group_vars/asgard/vars.yml | 16 +++-- inventory/host_vars/valkyrie/vars.yml | 7 ++- inventory/host_vars/yggdrasil/vars.yml | 37 ++++++++---- .../services/backups/snapshots/tasks/main.yml | 2 +- .../backups/system/meta/argument_specs.yml | 16 ----- .../datasets/backups/system/tasks/main.yml | 20 ------- .../services/datasets/system/tasks/main.yml | 58 ------------------- .../setup/system/meta/argument_specs.yml | 6 -- .../system/tasks/include/directories.yml | 24 -------- .../services/setup/system/tasks/main.yml | 4 -- .../system/datasets/meta/argument_specs.yml | 31 ++++++++++ .../system/datasets/tasks/include/backups.yml | 20 +++++++ .../system/datasets/tasks/include/var.yml | 58 +++++++++++++++++++ .../roles/system/datasets/tasks/main.yml | 9 +++ .../directories}/meta/argument_specs.yml | 11 ++-- .../roles/system/directories/tasks/main.yml | 24 ++++++++ playbooks/services.yml | 26 ++------- playbooks/system.yml | 12 ++++ 18 files changed, 208 insertions(+), 173 deletions(-) delete mode 100644 playbooks/roles/services/datasets/backups/system/meta/argument_specs.yml delete mode 100644 playbooks/roles/services/datasets/backups/system/tasks/main.yml delete mode 100644 playbooks/roles/services/datasets/system/tasks/main.yml delete mode 100644 playbooks/roles/services/setup/system/tasks/include/directories.yml create mode 100644 playbooks/roles/system/datasets/meta/argument_specs.yml create mode 100644 playbooks/roles/system/datasets/tasks/include/backups.yml create mode 100644 playbooks/roles/system/datasets/tasks/include/var.yml create mode 100644 playbooks/roles/system/datasets/tasks/main.yml rename playbooks/roles/{services/datasets/system => system/directories}/meta/argument_specs.yml (58%) create mode 100644 playbooks/roles/system/directories/tasks/main.yml diff --git a/inventory/group_vars/asgard/vars.yml b/inventory/group_vars/asgard/vars.yml index 522b3bf..7555f90 100644 --- a/inventory/group_vars/asgard/vars.yml +++ b/inventory/group_vars/asgard/vars.yml @@ -5,6 +5,14 @@ system_base_additional_tcp_ports: "{{ services_host_services | dict2items | map(attribute='value.tcp', default=[]) | flatten }}" +# -------------------------------------------------------------------------------------------------- +# system:var +# -------------------------------------------------------------------------------------------------- +system_var_root_directory: "/var/lib/{{ system_var_hostname }}" +system_var_home_directory: "{{ system_var_root_directory }}/home" +system_var_data_directory: "{{ system_var_root_directory }}/data" +system_var_containers_directory: "{{ system_var_root_directory }}/containers" + # -------------------------------------------------------------------------------------------------- # vpn:wireguard # -------------------------------------------------------------------------------------------------- @@ -30,10 +38,10 @@ vpn_bridge_dnat: "\ # -------------------------------------------------------------------------------------------------- # services # -------------------------------------------------------------------------------------------------- -services_root_directory: "/var/lib/{{ services_hostname }}" -services_home_directory: "{{ services_root_directory }}/home" -services_data_directory: "{{ services_root_directory }}/data" -services_containers_directory: "{{ services_root_directory }}/containers" +services_root_directory: "{{ system_var_root_directory }}" +services_home_directory: "{{ system_var_home_directory }}" +services_data_directory: "{{ system_var_data_directory }}" +services_containers_directory: "{{ system_var_containers_directory }}" services_all_hosts: "{{ groups['asgard'] }}" services_all_services: "{{ diff --git a/inventory/host_vars/valkyrie/vars.yml b/inventory/host_vars/valkyrie/vars.yml index dae3bb3..f68a6fd 100644 --- a/inventory/host_vars/valkyrie/vars.yml +++ b/inventory/host_vars/valkyrie/vars.yml @@ -12,6 +12,11 @@ system_base_additional_ssh_users: system_base_udp_ports: - "{{ vpn_wireguard_port }}" +# -------------------------------------------------------------------------------------------------- +# system:var +# -------------------------------------------------------------------------------------------------- +system_var_hostname: "valkyrie" + # -------------------------------------------------------------------------------------------------- # vpn # -------------------------------------------------------------------------------------------------- @@ -30,8 +35,6 @@ vpn_wireguard_clients: # -------------------------------------------------------------------------------------------------- # services # -------------------------------------------------------------------------------------------------- -services_hostname: "valkyrie" - services_host_services: rproxy: address: "{{ vpn_bridge_prefix }}.2" diff --git a/inventory/host_vars/yggdrasil/vars.yml b/inventory/host_vars/yggdrasil/vars.yml index 2fb6647..10a1b9f 100644 --- a/inventory/host_vars/yggdrasil/vars.yml +++ b/inventory/host_vars/yggdrasil/vars.yml @@ -17,6 +17,25 @@ system_zfs_zpools_load_key: # -------------------------------------------------------------------------------------------------- system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}" +# -------------------------------------------------------------------------------------------------- +# system:var +# -------------------------------------------------------------------------------------------------- +system_var_hostname: "yggdrasil" + +system_var_root_dataset: "rpool{{ system_var_root_directory }}" +system_var_home_dataset: "rpool{{ system_var_home_directory }}" +system_var_data_dataset: "rpool{{ system_var_data_directory }}" +system_var_containers_dataset: "rpool{{ system_var_containers_directory }}" + +# -------------------------------------------------------------------------------------------------- +# system:backup +# -------------------------------------------------------------------------------------------------- +system_backups_snapshots_dataset: "hpool/backup" +system_backups_snapshots_root_dataset: "{{ system_var_root_dataset | + replace('rpool/var/lib', 'hpool/backup') }}" +system_backups_snapshots_data_dataset: "{{ system_var_data_dataset | + replace('rpool/var/lib', 'hpool/backup') }}" + # -------------------------------------------------------------------------------------------------- # vpn # -------------------------------------------------------------------------------------------------- @@ -57,12 +76,10 @@ backups_snapshots_sanoid_system_datasets: # -------------------------------------------------------------------------------------------------- # services # -------------------------------------------------------------------------------------------------- -services_hostname: "yggdrasil" - -services_root_dataset: "rpool{{ services_root_directory }}" -services_home_dataset: "rpool{{ services_home_directory }}" -services_data_dataset: "rpool{{ services_data_directory }}" -services_containers_dataset: "rpool{{ services_containers_directory }}" +services_root_dataset: "{{ system_var_root_dataset }}" +services_home_dataset: "{{ system_var_home_dataset }}" +services_data_dataset: "{{ system_var_data_dataset }}" +services_containers_dataset: "{{ system_var_containers_dataset }}" services_host_services: lrproxy: @@ -83,11 +100,9 @@ services_host_services: # -------------------------------------------------------------------------------------------------- # services:backups # -------------------------------------------------------------------------------------------------- -services_backups_snapshots_dataset: "hpool/backup" -services_backups_snapshots_root_dataset: "{{ services_root_dataset | - replace('rpool/var/lib', 'hpool/backup') }}" -services_backups_snapshots_data_dataset: "{{ services_data_dataset | - replace('rpool/var/lib', 'hpool/backup') }}" +services_backups_snapshots_dataset: "{{ system_backups_snapshots_dataset }}" +services_backups_snapshots_root_dataset: "{{ system_backups_snapshots_root_dataset }}" +services_backups_snapshots_data_dataset: "{{ system_backups_snapshots_data_dataset }}" services_backups_snapshots_services: "\ {% set services_backups_snapshots_service = {} %}\ {% for service in services_host_services.keys() %}\ diff --git a/playbooks/roles/services/backups/snapshots/tasks/main.yml b/playbooks/roles/services/backups/snapshots/tasks/main.yml index 8d7e897..a521f71 100644 --- a/playbooks/roles/services/backups/snapshots/tasks/main.yml +++ b/playbooks/roles/services/backups/snapshots/tasks/main.yml @@ -7,7 +7,7 @@ - name: "{{ services_service_name }} : tasks:vars" ansible.builtin.import_role: name: "services/backups/include" - vars_from: "main" + vars_from: "datasets" - name: "{{ services_service_name }} : configure service sanoid snapshots" ansible.builtin.blockinfile: diff --git a/playbooks/roles/services/datasets/backups/system/meta/argument_specs.yml b/playbooks/roles/services/datasets/backups/system/meta/argument_specs.yml deleted file mode 100644 index 944477d..0000000 --- a/playbooks/roles/services/datasets/backups/system/meta/argument_specs.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -argument_specs: - main: - options: - ansible_hostname: - type: "str" - required: true - services_backups_snapshots_dataset: - type: "str" - required: true - services_backups_snapshots_root_dataset: - type: "str" - required: true - services_backups_snapshots_data_dataset: - type: "str" - required: true diff --git a/playbooks/roles/services/datasets/backups/system/tasks/main.yml b/playbooks/roles/services/datasets/backups/system/tasks/main.yml deleted file mode 100644 index 4ba12c8..0000000 --- a/playbooks/roles/services/datasets/backups/system/tasks/main.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- name: "create root backup dataset" - community.general.zfs: - name: "{{ services_backups_snapshots_dataset }}" - state: "present" - extra_zfs_properties: - canmount: "off" - "com.sun:auto-snapshot": "false" - -- name: "create services backup dataset" - community.general.zfs: - name: "{{ services_backups_snapshots_root_dataset }}" - state: "present" - -- name: "create services data backup dataset" - community.general.zfs: - name: "{{ services_backups_snapshots_data_dataset }}" - state: "present" - extra_zfs_properties: - canmount: "off" diff --git a/playbooks/roles/services/datasets/system/tasks/main.yml b/playbooks/roles/services/datasets/system/tasks/main.yml deleted file mode 100644 index 5bb5d15..0000000 --- a/playbooks/roles/services/datasets/system/tasks/main.yml +++ /dev/null @@ -1,58 +0,0 @@ ---- -- name: "create containers dataset" - community.general.zfs: - name: "rpool/var/lib/containers" - state: "present" - extra_zfs_properties: - "com.sun:auto-snapshot": "false" - -- name: "create services root dataset" - community.general.zfs: - name: "{{ services_root_dataset }}" - state: "present" - -- name: "create containers zvol" - community.general.zfs: - name: "{{ services_containers_dataset }}" - state: "present" - extra_zfs_properties: - volsize: "107374182400" # 100G - refreservation: "0" - "com.sun:auto-snapshot": "false" - -- name: "format containers zvol" - community.general.filesystem: - dev: "/dev/{{ services_containers_dataset }}" - fstype: "ext4" - register: services_datasets_system_zvol_format - -- block: - - - name: "get containers zvol uuid" - ansible.builtin.command: >- - blkid -s UUID -o value /dev/{{ services_containers_dataset }} - register: services_datasets_system_zvol_uuid - - - name: "system : add fstab entry and mount containers zvol" - ansible.posix.mount: - path: "{{ services_containers_directory }}" - src: "UUID={{ services_datasets_system_zvol_uuid.stdout }}" - fstype: "ext4" - state: "mounted" - - when: - services_datasets_system_zvol_format.changed - -- name: "create data root dataset" - community.general.zfs: - name: "{{ services_data_dataset }}" - state: "present" - extra_zfs_properties: - canmount: "off" - -- name: "create home root dataset" - community.general.zfs: - name: "{{ services_home_dataset }}" - state: "present" - extra_zfs_properties: - canmount: "off" diff --git a/playbooks/roles/services/setup/system/meta/argument_specs.yml b/playbooks/roles/services/setup/system/meta/argument_specs.yml index 082d304..56ecdf7 100644 --- a/playbooks/roles/services/setup/system/meta/argument_specs.yml +++ b/playbooks/roles/services/setup/system/meta/argument_specs.yml @@ -8,12 +8,6 @@ argument_specs: services_root_directory: type: "str" required: true - services_home_directory: - type: "str" - required: true - services_data_directory: - type: "str" - required: true services_containers_directory: type: "str" required: true diff --git a/playbooks/roles/services/setup/system/tasks/include/directories.yml b/playbooks/roles/services/setup/system/tasks/include/directories.yml deleted file mode 100644 index 5b65f6b..0000000 --- a/playbooks/roles/services/setup/system/tasks/include/directories.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -- name: "directories : create services directory" - ansible.builtin.file: - path: "{{ services_root_directory }}" - state: "directory" - mode: 0755 - -- name: "directories : create containers root directory" - ansible.builtin.file: - path: "{{ services_containers_directory }}" - state: "directory" - mode: 0755 - -- name: "directories : create data root directory" - ansible.builtin.file: - path: "{{ services_data_directory }}" - state: "directory" - mode: 0755 - -- name: "directories : create home root directory" - ansible.builtin.file: - path: "{{ services_home_directory }}" - state: "directory" - mode: 0755 diff --git a/playbooks/roles/services/setup/system/tasks/main.yml b/playbooks/roles/services/setup/system/tasks/main.yml index 736c127..e098ccd 100644 --- a/playbooks/roles/services/setup/system/tasks/main.yml +++ b/playbooks/roles/services/setup/system/tasks/main.yml @@ -3,10 +3,6 @@ ansible.builtin.import_tasks: "include/podman.yml" tags: "services:setup:system:podman" -- name: "play:services : role:setup:system : tasks:directories" - ansible.builtin.import_tasks: "include/directories.yml" - tags: "services:setup:system:directories" - - name: "play:services : role:setup:system : tasks:nameserver" ansible.builtin.import_tasks: "include/nameserver.yml" tags: "services:setup:system:nameserver" diff --git a/playbooks/roles/system/datasets/meta/argument_specs.yml b/playbooks/roles/system/datasets/meta/argument_specs.yml new file mode 100644 index 0000000..7bd0516 --- /dev/null +++ b/playbooks/roles/system/datasets/meta/argument_specs.yml @@ -0,0 +1,31 @@ +--- +argument_specs: + main: + options: + ansible_hostname: + type: "str" + required: true + system_var_root_dataset: + type: "str" + required: true + system_var_home_dataset: + type: "str" + required: true + system_var_data_dataset: + type: "str" + required: true + system_var_containers_dataset: + type: "str" + required: true + system_var_containers_directory: + type: "str" + required: true + system_backups_snapshots_dataset: + type: "str" + required: true + system_backups_snapshots_root_dataset: + type: "str" + required: true + system_backups_snapshots_data_dataset: + type: "str" + required: true diff --git a/playbooks/roles/system/datasets/tasks/include/backups.yml b/playbooks/roles/system/datasets/tasks/include/backups.yml new file mode 100644 index 0000000..54a5993 --- /dev/null +++ b/playbooks/roles/system/datasets/tasks/include/backups.yml @@ -0,0 +1,20 @@ +--- +- name: "backups : create root backup dataset" + community.general.zfs: + name: "{{ system_backups_snapshots_dataset }}" + state: "present" + extra_zfs_properties: + canmount: "off" + "com.sun:auto-snapshot": "false" + +- name: "backups : create services backup dataset" + community.general.zfs: + name: "{{ system_backups_snapshots_root_dataset }}" + state: "present" + +- name: "backups : create services data backup dataset" + community.general.zfs: + name: "{{ system_backups_snapshots_data_dataset }}" + state: "present" + extra_zfs_properties: + canmount: "off" diff --git a/playbooks/roles/system/datasets/tasks/include/var.yml b/playbooks/roles/system/datasets/tasks/include/var.yml new file mode 100644 index 0000000..c6783b3 --- /dev/null +++ b/playbooks/roles/system/datasets/tasks/include/var.yml @@ -0,0 +1,58 @@ +--- +- name: "var : create containers dataset" + community.general.zfs: + name: "rpool/var/lib/containers" + state: "present" + extra_zfs_properties: + "com.sun:auto-snapshot": "false" + +- name: "var : create services root dataset" + community.general.zfs: + name: "{{ system_var_root_dataset }}" + state: "present" + +- name: "var : create containers zvol" + community.general.zfs: + name: "{{ system_var_containers_dataset }}" + state: "present" + extra_zfs_properties: + volsize: "107374182400" # 100G + refreservation: "0" + "com.sun:auto-snapshot": "false" + +- name: "var : format containers zvol" + community.general.filesystem: + dev: "/dev/{{ system_var_containers_dataset }}" + fstype: "ext4" + register: system_datasets_containers_zvol_format + +- block: + + - name: "var : get containers zvol uuid" + ansible.builtin.command: >- + blkid -s UUID -o value /dev/{{ system_var_containers_dataset }} + register: system_datasets_containers_zvol_uuid + + - name: "var : system : add fstab entry and mount containers zvol" + ansible.posix.mount: + path: "{{ system_var_containers_directory }}" + src: "UUID={{ system_datasets_containers_zvol_uuid.stdout }}" + fstype: "ext4" + state: "mounted" + + when: + system_datasets_containers_zvol_format.changed + +- name: "var : create data root dataset" + community.general.zfs: + name: "{{ system_var_data_dataset }}" + state: "present" + extra_zfs_properties: + canmount: "off" + +- name: "var : create home root dataset" + community.general.zfs: + name: "{{ system_var_home_dataset }}" + state: "present" + extra_zfs_properties: + canmount: "off" diff --git a/playbooks/roles/system/datasets/tasks/main.yml b/playbooks/roles/system/datasets/tasks/main.yml new file mode 100644 index 0000000..d8bb93c --- /dev/null +++ b/playbooks/roles/system/datasets/tasks/main.yml @@ -0,0 +1,9 @@ +- name: "play:system : role:datasets : tasks:var" + ansible.builtin.import_tasks: "include/var.yml" + tags: + - "system:datasets:var" + +- name: "play:system : role:datasets : tasks:backups" + ansible.builtin.import_tasks: "include/backups.yml" + tags: + - "system:datasets:backups" diff --git a/playbooks/roles/services/datasets/system/meta/argument_specs.yml b/playbooks/roles/system/directories/meta/argument_specs.yml similarity index 58% rename from playbooks/roles/services/datasets/system/meta/argument_specs.yml rename to playbooks/roles/system/directories/meta/argument_specs.yml index 1a185b9..6fe9ca9 100644 --- a/playbooks/roles/services/datasets/system/meta/argument_specs.yml +++ b/playbooks/roles/system/directories/meta/argument_specs.yml @@ -5,18 +5,15 @@ argument_specs: ansible_hostname: type: "str" required: true - services_root_dataset: + system_var_root_directory: type: "str" required: true - services_home_dataset: + system_var_home_directory: type: "str" required: true - services_data_dataset: + system_var_data_directory: type: "str" required: true - services_containers_dataset: - type: "str" - required: true - services_containers_directory: + system_var_containers_directory: type: "str" required: true diff --git a/playbooks/roles/system/directories/tasks/main.yml b/playbooks/roles/system/directories/tasks/main.yml new file mode 100644 index 0000000..018faab --- /dev/null +++ b/playbooks/roles/system/directories/tasks/main.yml @@ -0,0 +1,24 @@ +--- +- name: "create services directory" + ansible.builtin.file: + path: "{{ system_var_root_directory }}" + state: "directory" + mode: 0755 + +- name: "create containers root directory" + ansible.builtin.file: + path: "{{ system_var_containers_directory }}" + state: "directory" + mode: 0755 + +- name: "create data root directory" + ansible.builtin.file: + path: "{{ system_var_data_directory }}" + state: "directory" + mode: 0755 + +- name: "create home root directory" + ansible.builtin.file: + path: "{{ system_var_home_directory }}" + state: "directory" + mode: 0755 diff --git a/playbooks/services.yml b/playbooks/services.yml index 1f4a66b..c08109b 100644 --- a/playbooks/services.yml +++ b/playbooks/services.yml @@ -1,12 +1,6 @@ --- -- name: "services : zfs" - hosts: "zfs" - - roles: - - role: "services/datasets/system" - tags: - - "services:datasets" - - "services:datasets:system" +- name: "services : asgard:&zfs" + hosts: "asgard:&zfs" tasks: - name: "datasets : user" @@ -63,16 +57,8 @@ loop_var: "services_service_name" tags: "always" -- name: "services : yggdrasil" - hosts: "yggdrasil" - - roles: - - role: "services/datasets/backups/system" - when: the_nine_worlds_production | bool - tags: - - "services:datasets" - - "services:datasets:backups" - - "services:datasets:backups:system" +- name: "services : asgard:&zfs" + hosts: "asgard:&zfs" tasks: - name: "datasets : backups : user" @@ -106,8 +92,8 @@ loop_var: "services_service_name" tags: "always" -- name: "services : restic" - hosts: "restic" +- name: "services : asgard:&restic" + hosts: "asgard:&restic" tasks: - name: "backups : restic" diff --git a/playbooks/system.yml b/playbooks/system.yml index f1143a6..837dcd5 100644 --- a/playbooks/system.yml +++ b/playbooks/system.yml @@ -98,3 +98,15 @@ tags: - "system:base" - "system:base:user" + +- name: "system : asgard:&zfs" + hosts: "asgard:&zfs" + roles: + - role: "system/datasets" + tags: "system:datasets" + +- name: "system : asgard" + hosts: "asgard" + roles: + - role: "system/directories" + tags: "system:directories"