From 08ae4e6bffb8f44ad0436d8e541c7bc7763cbbca Mon Sep 17 00:00:00 2001 From: Christoph Date: Sat, 15 Jan 2022 15:24:33 +0100 Subject: [PATCH] update.. --- group_vars/all/main.yml | 21 ++- group_vars/lxc_host.yml | 72 -------- host_vars/ga-st-kvm5.ga.netz.yaml | 291 ++++++++++++++++++++++++++++++ host_vars/nd.warenform.de.yml | 2 + hosts | 15 +- roles/common/tasks/apt.yml | 23 ++- roles/common/tasks/basic.yml | 19 -- 7 files changed, 346 insertions(+), 97 deletions(-) delete mode 100644 group_vars/lxc_host.yml create mode 100644 host_vars/ga-st-kvm5.ga.netz.yaml diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index f47993e..2910a66 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -44,8 +44,6 @@ locales: - en_US.UTF-8 - de_DE.UTF-8 -set_default_limit_nofile: false - #copy_plain_files_systemd: [] copy_plain_files_systemd: @@ -827,6 +825,25 @@ apt_lxc_host_pkgs: - debootstrap - ntp +apt_install_kvm_host_pkgs: false +apt_kvm_host_pkgs: + - lvm2 + - bridge-utils + - ntfs-3g + - qemu-kvm + - libvirt-clients + - libvirt-daemon-system + - virtinst + - libguestfs-tools + - kpartx + - debootstrap + - ntp + +# available in debian 10 (buster) but not in debian 11 (bullseye) +# +apt_kvm_host_buster_pkgs: + - virt-top + apt_install_extra_pkgs: false apt_extra_pkgs: [] diff --git a/group_vars/lxc_host.yml b/group_vars/lxc_host.yml deleted file mode 100644 index fab14d0..0000000 --- a/group_vars/lxc_host.yml +++ /dev/null @@ -1,72 +0,0 @@ ---- - -# --- -# vars used by roles/ansible_dependencies -# --- - - -# --- -# vars used by roles/ansible_user -# --- - - -# --- -# vars used by roles/common/tasks/basic.yml -# --- - -set_default_limit_nofile: true - - -# --- -# vars used by roles/common/tasks/sshd.yml -# --- - - -# --- -# vars used by roles/common/tasks/apt.yml -# --- - -apt_install_lxc_host_pkgs: true - - -# --- -# vars used by roles/common/tasks/users.yml -# --- - - -# --- -# vars used by roles/common/tasks/users-systemfiles.yml -# --- - - -# --- -# vars used by roles/common/tasks/webadmin-user.yml -# --- - - -# --- -# vars used by roles/common/tasks/sudoers.yml -# --- -# -# see: roles/common/tasks/vars - - -# --- -# vars used by roles/common/tasks/caching-nameserver.yml -# --- - - -# --- -# vars used by roles/common/tasks/git.yml -# --- -# -# see: roles/common/tasks/vars - - -# ============================== - - -# --- -# vars used by scripts/reset_root_passwd.yml -# --- - diff --git a/host_vars/ga-st-kvm5.ga.netz.yaml b/host_vars/ga-st-kvm5.ga.netz.yaml new file mode 100644 index 0000000..e01850d --- /dev/null +++ b/host_vars/ga-st-kvm5.ga.netz.yaml @@ -0,0 +1,291 @@ +--- + +# --- +# vars used by roles/network_interfaces +# --- + + +# If true, all additional files in /etc/network/interfaces/interfaces.d/ are deleted +network_manage_devices: True + +# Should the interfaces be reloaded after config change? +network_interface_reload: False + +network_interface_path: /etc/network/interfaces.d +network_interface_required_packages: + - vlan + - bridge-utils + - ifmetric + - ifupdown + - ifenslave + - resolvconf + + +network_interfaces: + + - device: eno2 + headline: eno2 + auto: true + family: inet + method: manual + pre-up: + - ifconfig $IFACE up + - vconfig add eno2 11 + post-down: + - ifconfig $IFACE down + + + - device: eno2.11 + # use only once per device (for the first device entry) + headline: eno2.11 + + # auto & allow are only used for the first device entry + allow: [] # array of allow-[stanzas] eg. allow-hotplug + auto: true + + family: inet + method: static + hwaddress: 3c:ec:ef:77:d3:5e + description: + address: 10.10.11.6 + netmask: 24 + gateway: 10.10.11.254 + metric: + pointopoint: + mtu: + scope: + + # additional user by dhcp method + # + hostname: + leasehours: + leasetime: + vendor: + client: + + # additional used by bootp method + # + bootfile: + server: + hwaddr: + + # optional dns settings nameservers: [] + # + # nameservers: + # - 194.150.168.168 # dns.as250.net + # - 91.239.100.100 # anycast.censurfridns.dk + # search: warenform.de + # + nameservers: + - 192.168.11.1 + - 192.168.10.3 + search: ga.netz + + # optional additional subnets/ips subnets: [] + # subnets: + # - '192.168.123.0/24' + # - '192.168.124.11/32' + + # optional bridge parameters bridge: {} + # bridge: + # ports: + # stp: + # fd: + # maxwait: + # waitport: + bridge: {} + + # optional bonding parameters bond: {} + # bond: + # master + # primary + # slave + # method: + # miimon: + # lacp-rate: + # ad-select-rate: + # master: + # slaves: + bond: {} + + # optional vlan settings | vlan: {} + # vlan: {} + # raw-device: 'eth0' + vlan: {} + + # inline hook scripts + pre-up: [] # pre-up script lines + up: [] + post-up: [] # post-up script lines (alias for up) + pre-down: [] # pre-down script lines (alias for down) + down: [] # down script lines + post-down: [] # post-down script lines + + - device: br0 + # use only once per device (for the first device entry) + headline: br0 - bridge over device eno1 + + # auto & allow are only used for the first device entry + allow: [] # array of allow-[stanzas] eg. allow-hotplug + auto: true + + family: inet + method: manual + hwaddress: 3c:ec:ef:77:d3:5f + description: + address: + netmask: + gateway: + metric: + pointopoint: + mtu: + scope: + + # additional user by dhcp method + # + hostname: + leasehours: + leasetime: + vendor: + client: + + # additional used by bootp method + # + bootfile: + server: + hwaddr: + + # optional dns settings nameservers: [] + # + # nameservers: + # - 194.150.168.168 # dns.as250.net + # - 91.239.100.100 # anycast.censurfridns.dk + # search: warenform.de + # + nameservers: + search: + + # optional additional subnets/ips subnets: [] + # subnets: + # - '192.168.123.0/24' + # - '192.168.124.11/32' + + # optional bridge parameters bridge: {} + # bridge: + # ports: + # stp: + # fd: + # maxwait: + # waitport: + bridge: + ports: eno1 # for mor devices support a blank separated list + stp: !!str off + fd: 5 + hello: 2 + maxage: 12 + + # optional bonding parameters bond: {} + # bond: + # master + # primary + # slave + # method: + # miimon: + # lacp-rate: + # ad-select-rate: + # master: + # slaves: + bond: {} + + # optional vlan settings | vlan: {} + # vlan: {} + # raw-device: 'eth0' + vlan: {} + + # inline hook scripts + pre-up: [] # pre-up script lines + up: [] + post-up: [] # post-up script lines (alias for up) + pre-down: [] # pre-down script lines (alias for down) + down: [] # down script lines + post-down: [] # post-down script lines + + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + +# --- +# vars used by apt.yml +# --- + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + +sshd_permit_root_login: !!str "prohibit-password" + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- + +# --- +# vars used by roles/common/tasks/copy_files.yml +# --- + + +# --- +# vars used by roles/common/tasks/symlink_files.yml +# --- + + +# --- +# vars used by roles/common/tasks/config_files_mailsystem_scripts.yml +# --- + + + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + +root_user: {} diff --git a/host_vars/nd.warenform.de.yml b/host_vars/nd.warenform.de.yml index 1e7f578..d040269 100644 --- a/host_vars/nd.warenform.de.yml +++ b/host_vars/nd.warenform.de.yml @@ -34,6 +34,8 @@ apt_extra_pkgs: # --- # vars used by roles/common/tasks/users.yml # --- + +create_sftp_group: false insert_ssh_keypair_backup_server: false ssh_keypair_backup_server: diff --git a/hosts b/hosts index 19da4f1..95c31ed 100644 --- a/hosts +++ b/hosts @@ -56,6 +56,7 @@ ga-nh-gw.ga.netz ga-st-lxc1.ga.netz ga-st-mail.ga.netz ga-st-kvm1.ga.netz +ga-st-kvm5.ga.netz ga-al-kvm2.ga.netz ga-al-kvm3.ga.netz @@ -412,6 +413,7 @@ ga-st-lxc1.ga.netz ga-st-mail.ga.netz ga-al-ws1.ga.netz ga-st-kvm1.ga.netz +ga-st-kvm5.ga.netz ga-al-kvm2.ga.netz ga-al-kvm3.ga.netz @@ -1093,6 +1095,15 @@ meet.akweb.de o34.oopen.de +[kvm_host] + +# - GA - Gemeinschaft Altensclirf +ga-st-kvm1.ga.netz +ga-st-kvm5.ga.netz +ga-al-kvm2.ga.netz +ga-al-kvm3.ga.netz + + [lxc_host] # --- @@ -1125,9 +1136,6 @@ bbb-server.b3-bornim.netz # - GA - Gemeinschaft Altensclirf ga-st-lxc1.ga.netz -ga-st-kvm1.ga.netz -ga-al-kvm2.ga.netz -ga-al-kvm3.ga.netz # --- # Warenform @@ -1598,6 +1606,7 @@ devel-wiki.wf.netz ga-st-lxc1.ga.netz ga-st-mail.ga.netz ga-st-kvm1.ga.netz +ga-st-kvm5.ga.netz ga-al-kvm2.ga.netz ga-al-kvm3.ga.netz diff --git a/roles/common/tasks/apt.yml b/roles/common/tasks/apt.yml index efac15e..d88336d 100644 --- a/roles/common/tasks/apt.yml +++ b/roles/common/tasks/apt.yml @@ -177,10 +177,31 @@ apt: name: "{{ apt_lxc_host_pkgs }}" state: "{{ apt_install_state }}" - when: apt_install_lxc_host_pkgs|bool + when: + - groups['lxc_host']|string is search(inventory_hostname) tags: - apt-lxc-hosts-pkgs +- name: (apt.yml) Install kvm_host related packages + apt: + name: "{{ apt_kvm_host_pkgs }}" + state: "{{ apt_install_state }}" + when: + - groups['kvm_host']|string is search(inventory_hostname) + tags: + - apt-kvm-hosts-pkgs + +- name: (apt.yml) Install kvm_host related packages only debian 10 (buster) + apt: + name: "{{ apt_kvm_host_buster_pkgs }}" + state: "{{ apt_install_state }}" + when: + - groups['kvm_host']|string is search(inventory_hostname) + - ansible_facts['distribution'] == "Debian" + - ansible_facts['distribution_major_version'] == "10" + tags: + - apt-kvm-hosts-pkgs + - name: (apt.yml) Install compiler related packages apt: name: "{{ apt_compiler_pkgs }}" diff --git a/roles/common/tasks/basic.yml b/roles/common/tasks/basic.yml index d693a1f..bd528a1 100644 --- a/roles/common/tasks/basic.yml +++ b/roles/common/tasks/basic.yml @@ -86,22 +86,3 @@ tags: - systctl-config -#- name: (basic.yml) Check file '/etc/systemd/system.conf' exists -# stat: -# path: /etc/systemd/system -# register: etc_systemd_system_conf -# when: -# - set_default_limit_nofile|bool == true -# -#- name: (basic.yml) Change DefaultLimitNOFILE to 1048576 -# lineinfile: -# dest: /etc/systemd/system.conf -# state: present -# regexp: '^DefaultLimitNOFILE' -# line: 'DefaultLimitNOFILE=1048576' -# insertafter: '^#DefaultLimitNOFILE' -# when: -# - set_default_limit_nofile|bool == true -# - etc_systemd_system_conf.stat.exists == true -# tags: -# - systemd-nofiles