Decouple root directories from services

This commit is contained in:
Wojciech Kozlowski 2023-02-19 17:49:35 +01:00
parent faa68b0585
commit d4dfe02153
18 changed files with 208 additions and 173 deletions

View File

@ -5,6 +5,14 @@
system_base_additional_tcp_ports: "{{ system_base_additional_tcp_ports: "{{
services_host_services | dict2items | map(attribute='value.tcp', default=[]) | flatten }}" services_host_services | dict2items | map(attribute='value.tcp', default=[]) | flatten }}"
# --------------------------------------------------------------------------------------------------
# system:var
# --------------------------------------------------------------------------------------------------
system_var_root_directory: "/var/lib/{{ system_var_hostname }}"
system_var_home_directory: "{{ system_var_root_directory }}/home"
system_var_data_directory: "{{ system_var_root_directory }}/data"
system_var_containers_directory: "{{ system_var_root_directory }}/containers"
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
# vpn:wireguard # vpn:wireguard
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
@ -30,10 +38,10 @@ vpn_bridge_dnat: "\
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
# services # services
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
services_root_directory: "/var/lib/{{ services_hostname }}" services_root_directory: "{{ system_var_root_directory }}"
services_home_directory: "{{ services_root_directory }}/home" services_home_directory: "{{ system_var_home_directory }}"
services_data_directory: "{{ services_root_directory }}/data" services_data_directory: "{{ system_var_data_directory }}"
services_containers_directory: "{{ services_root_directory }}/containers" services_containers_directory: "{{ system_var_containers_directory }}"
services_all_hosts: "{{ groups['asgard'] }}" services_all_hosts: "{{ groups['asgard'] }}"
services_all_services: "{{ services_all_services: "{{

View File

@ -12,6 +12,11 @@ system_base_additional_ssh_users:
system_base_udp_ports: system_base_udp_ports:
- "{{ vpn_wireguard_port }}" - "{{ vpn_wireguard_port }}"
# --------------------------------------------------------------------------------------------------
# system:var
# --------------------------------------------------------------------------------------------------
system_var_hostname: "valkyrie"
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
# vpn # vpn
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
@ -30,8 +35,6 @@ vpn_wireguard_clients:
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
# services # services
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
services_hostname: "valkyrie"
services_host_services: services_host_services:
rproxy: rproxy:
address: "{{ vpn_bridge_prefix }}.2" address: "{{ vpn_bridge_prefix }}.2"

View File

@ -17,6 +17,25 @@ system_zfs_zpools_load_key:
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}" system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}"
# --------------------------------------------------------------------------------------------------
# system:var
# --------------------------------------------------------------------------------------------------
system_var_hostname: "yggdrasil"
system_var_root_dataset: "rpool{{ system_var_root_directory }}"
system_var_home_dataset: "rpool{{ system_var_home_directory }}"
system_var_data_dataset: "rpool{{ system_var_data_directory }}"
system_var_containers_dataset: "rpool{{ system_var_containers_directory }}"
# --------------------------------------------------------------------------------------------------
# system:backup
# --------------------------------------------------------------------------------------------------
system_backups_snapshots_dataset: "hpool/backup"
system_backups_snapshots_root_dataset: "{{ system_var_root_dataset |
replace('rpool/var/lib', 'hpool/backup') }}"
system_backups_snapshots_data_dataset: "{{ system_var_data_dataset |
replace('rpool/var/lib', 'hpool/backup') }}"
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
# vpn # vpn
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
@ -57,12 +76,10 @@ backups_snapshots_sanoid_system_datasets:
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
# services # services
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
services_hostname: "yggdrasil" services_root_dataset: "{{ system_var_root_dataset }}"
services_home_dataset: "{{ system_var_home_dataset }}"
services_root_dataset: "rpool{{ services_root_directory }}" services_data_dataset: "{{ system_var_data_dataset }}"
services_home_dataset: "rpool{{ services_home_directory }}" services_containers_dataset: "{{ system_var_containers_dataset }}"
services_data_dataset: "rpool{{ services_data_directory }}"
services_containers_dataset: "rpool{{ services_containers_directory }}"
services_host_services: services_host_services:
lrproxy: lrproxy:
@ -83,11 +100,9 @@ services_host_services:
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
# services:backups # services:backups
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
services_backups_snapshots_dataset: "hpool/backup" services_backups_snapshots_dataset: "{{ system_backups_snapshots_dataset }}"
services_backups_snapshots_root_dataset: "{{ services_root_dataset | services_backups_snapshots_root_dataset: "{{ system_backups_snapshots_root_dataset }}"
replace('rpool/var/lib', 'hpool/backup') }}" services_backups_snapshots_data_dataset: "{{ system_backups_snapshots_data_dataset }}"
services_backups_snapshots_data_dataset: "{{ services_data_dataset |
replace('rpool/var/lib', 'hpool/backup') }}"
services_backups_snapshots_services: "\ services_backups_snapshots_services: "\
{% set services_backups_snapshots_service = {} %}\ {% set services_backups_snapshots_service = {} %}\
{% for service in services_host_services.keys() %}\ {% for service in services_host_services.keys() %}\

View File

@ -7,7 +7,7 @@
- name: "{{ services_service_name }} : tasks:vars" - name: "{{ services_service_name }} : tasks:vars"
ansible.builtin.import_role: ansible.builtin.import_role:
name: "services/backups/include" name: "services/backups/include"
vars_from: "main" vars_from: "datasets"
- name: "{{ services_service_name }} : configure service sanoid snapshots" - name: "{{ services_service_name }} : configure service sanoid snapshots"
ansible.builtin.blockinfile: ansible.builtin.blockinfile:

View File

@ -1,16 +0,0 @@
---
argument_specs:
main:
options:
ansible_hostname:
type: "str"
required: true
services_backups_snapshots_dataset:
type: "str"
required: true
services_backups_snapshots_root_dataset:
type: "str"
required: true
services_backups_snapshots_data_dataset:
type: "str"
required: true

View File

@ -1,20 +0,0 @@
---
- name: "create root backup dataset"
community.general.zfs:
name: "{{ services_backups_snapshots_dataset }}"
state: "present"
extra_zfs_properties:
canmount: "off"
"com.sun:auto-snapshot": "false"
- name: "create services backup dataset"
community.general.zfs:
name: "{{ services_backups_snapshots_root_dataset }}"
state: "present"
- name: "create services data backup dataset"
community.general.zfs:
name: "{{ services_backups_snapshots_data_dataset }}"
state: "present"
extra_zfs_properties:
canmount: "off"

View File

@ -1,58 +0,0 @@
---
- name: "create containers dataset"
community.general.zfs:
name: "rpool/var/lib/containers"
state: "present"
extra_zfs_properties:
"com.sun:auto-snapshot": "false"
- name: "create services root dataset"
community.general.zfs:
name: "{{ services_root_dataset }}"
state: "present"
- name: "create containers zvol"
community.general.zfs:
name: "{{ services_containers_dataset }}"
state: "present"
extra_zfs_properties:
volsize: "107374182400" # 100G
refreservation: "0"
"com.sun:auto-snapshot": "false"
- name: "format containers zvol"
community.general.filesystem:
dev: "/dev/{{ services_containers_dataset }}"
fstype: "ext4"
register: services_datasets_system_zvol_format
- block:
- name: "get containers zvol uuid"
ansible.builtin.command: >-
blkid -s UUID -o value /dev/{{ services_containers_dataset }}
register: services_datasets_system_zvol_uuid
- name: "system : add fstab entry and mount containers zvol"
ansible.posix.mount:
path: "{{ services_containers_directory }}"
src: "UUID={{ services_datasets_system_zvol_uuid.stdout }}"
fstype: "ext4"
state: "mounted"
when:
services_datasets_system_zvol_format.changed
- name: "create data root dataset"
community.general.zfs:
name: "{{ services_data_dataset }}"
state: "present"
extra_zfs_properties:
canmount: "off"
- name: "create home root dataset"
community.general.zfs:
name: "{{ services_home_dataset }}"
state: "present"
extra_zfs_properties:
canmount: "off"

View File

@ -8,12 +8,6 @@ argument_specs:
services_root_directory: services_root_directory:
type: "str" type: "str"
required: true required: true
services_home_directory:
type: "str"
required: true
services_data_directory:
type: "str"
required: true
services_containers_directory: services_containers_directory:
type: "str" type: "str"
required: true required: true

View File

@ -1,24 +0,0 @@
---
- name: "directories : create services directory"
ansible.builtin.file:
path: "{{ services_root_directory }}"
state: "directory"
mode: 0755
- name: "directories : create containers root directory"
ansible.builtin.file:
path: "{{ services_containers_directory }}"
state: "directory"
mode: 0755
- name: "directories : create data root directory"
ansible.builtin.file:
path: "{{ services_data_directory }}"
state: "directory"
mode: 0755
- name: "directories : create home root directory"
ansible.builtin.file:
path: "{{ services_home_directory }}"
state: "directory"
mode: 0755

View File

@ -3,10 +3,6 @@
ansible.builtin.import_tasks: "include/podman.yml" ansible.builtin.import_tasks: "include/podman.yml"
tags: "services:setup:system:podman" tags: "services:setup:system:podman"
- name: "play:services : role:setup:system : tasks:directories"
ansible.builtin.import_tasks: "include/directories.yml"
tags: "services:setup:system:directories"
- name: "play:services : role:setup:system : tasks:nameserver" - name: "play:services : role:setup:system : tasks:nameserver"
ansible.builtin.import_tasks: "include/nameserver.yml" ansible.builtin.import_tasks: "include/nameserver.yml"
tags: "services:setup:system:nameserver" tags: "services:setup:system:nameserver"

View File

@ -0,0 +1,31 @@
---
argument_specs:
main:
options:
ansible_hostname:
type: "str"
required: true
system_var_root_dataset:
type: "str"
required: true
system_var_home_dataset:
type: "str"
required: true
system_var_data_dataset:
type: "str"
required: true
system_var_containers_dataset:
type: "str"
required: true
system_var_containers_directory:
type: "str"
required: true
system_backups_snapshots_dataset:
type: "str"
required: true
system_backups_snapshots_root_dataset:
type: "str"
required: true
system_backups_snapshots_data_dataset:
type: "str"
required: true

View File

@ -0,0 +1,20 @@
---
- name: "backups : create root backup dataset"
community.general.zfs:
name: "{{ system_backups_snapshots_dataset }}"
state: "present"
extra_zfs_properties:
canmount: "off"
"com.sun:auto-snapshot": "false"
- name: "backups : create services backup dataset"
community.general.zfs:
name: "{{ system_backups_snapshots_root_dataset }}"
state: "present"
- name: "backups : create services data backup dataset"
community.general.zfs:
name: "{{ system_backups_snapshots_data_dataset }}"
state: "present"
extra_zfs_properties:
canmount: "off"

View File

@ -0,0 +1,58 @@
---
- name: "var : create containers dataset"
community.general.zfs:
name: "rpool/var/lib/containers"
state: "present"
extra_zfs_properties:
"com.sun:auto-snapshot": "false"
- name: "var : create services root dataset"
community.general.zfs:
name: "{{ system_var_root_dataset }}"
state: "present"
- name: "var : create containers zvol"
community.general.zfs:
name: "{{ system_var_containers_dataset }}"
state: "present"
extra_zfs_properties:
volsize: "107374182400" # 100G
refreservation: "0"
"com.sun:auto-snapshot": "false"
- name: "var : format containers zvol"
community.general.filesystem:
dev: "/dev/{{ system_var_containers_dataset }}"
fstype: "ext4"
register: system_datasets_containers_zvol_format
- block:
- name: "var : get containers zvol uuid"
ansible.builtin.command: >-
blkid -s UUID -o value /dev/{{ system_var_containers_dataset }}
register: system_datasets_containers_zvol_uuid
- name: "var : system : add fstab entry and mount containers zvol"
ansible.posix.mount:
path: "{{ system_var_containers_directory }}"
src: "UUID={{ system_datasets_containers_zvol_uuid.stdout }}"
fstype: "ext4"
state: "mounted"
when:
system_datasets_containers_zvol_format.changed
- name: "var : create data root dataset"
community.general.zfs:
name: "{{ system_var_data_dataset }}"
state: "present"
extra_zfs_properties:
canmount: "off"
- name: "var : create home root dataset"
community.general.zfs:
name: "{{ system_var_home_dataset }}"
state: "present"
extra_zfs_properties:
canmount: "off"

View File

@ -0,0 +1,9 @@
- name: "play:system : role:datasets : tasks:var"
ansible.builtin.import_tasks: "include/var.yml"
tags:
- "system:datasets:var"
- name: "play:system : role:datasets : tasks:backups"
ansible.builtin.import_tasks: "include/backups.yml"
tags:
- "system:datasets:backups"

View File

@ -5,18 +5,15 @@ argument_specs:
ansible_hostname: ansible_hostname:
type: "str" type: "str"
required: true required: true
services_root_dataset: system_var_root_directory:
type: "str" type: "str"
required: true required: true
services_home_dataset: system_var_home_directory:
type: "str" type: "str"
required: true required: true
services_data_dataset: system_var_data_directory:
type: "str" type: "str"
required: true required: true
services_containers_dataset: system_var_containers_directory:
type: "str"
required: true
services_containers_directory:
type: "str" type: "str"
required: true required: true

View File

@ -0,0 +1,24 @@
---
- name: "create services directory"
ansible.builtin.file:
path: "{{ system_var_root_directory }}"
state: "directory"
mode: 0755
- name: "create containers root directory"
ansible.builtin.file:
path: "{{ system_var_containers_directory }}"
state: "directory"
mode: 0755
- name: "create data root directory"
ansible.builtin.file:
path: "{{ system_var_data_directory }}"
state: "directory"
mode: 0755
- name: "create home root directory"
ansible.builtin.file:
path: "{{ system_var_home_directory }}"
state: "directory"
mode: 0755

View File

@ -1,12 +1,6 @@
--- ---
- name: "services : zfs" - name: "services : asgard:&zfs"
hosts: "zfs" hosts: "asgard:&zfs"
roles:
- role: "services/datasets/system"
tags:
- "services:datasets"
- "services:datasets:system"
tasks: tasks:
- name: "datasets : user" - name: "datasets : user"
@ -63,16 +57,8 @@
loop_var: "services_service_name" loop_var: "services_service_name"
tags: "always" tags: "always"
- name: "services : yggdrasil" - name: "services : asgard:&zfs"
hosts: "yggdrasil" hosts: "asgard:&zfs"
roles:
- role: "services/datasets/backups/system"
when: the_nine_worlds_production | bool
tags:
- "services:datasets"
- "services:datasets:backups"
- "services:datasets:backups:system"
tasks: tasks:
- name: "datasets : backups : user" - name: "datasets : backups : user"
@ -106,8 +92,8 @@
loop_var: "services_service_name" loop_var: "services_service_name"
tags: "always" tags: "always"
- name: "services : restic" - name: "services : asgard:&restic"
hosts: "restic" hosts: "asgard:&restic"
tasks: tasks:
- name: "backups : restic" - name: "backups : restic"

View File

@ -98,3 +98,15 @@
tags: tags:
- "system:base" - "system:base"
- "system:base:user" - "system:base:user"
- name: "system : asgard:&zfs"
hosts: "asgard:&zfs"
roles:
- role: "system/datasets"
tags: "system:datasets"
- name: "system : asgard"
hosts: "asgard"
roles:
- role: "system/directories"
tags: "system:directories"