From 5878ef2e31a1171249d7439f68defabdc78f89e3 Mon Sep 17 00:00:00 2001 From: dave Date: Sat, 31 Dec 2022 15:00:23 +0300 Subject: [PATCH] wip --- group_vars/infra.yml.template | 4 +- hosts.template | 4 +- mappings.yml | 2 +- roles/common/tasks/debian.yml | 5 +- roles/proxmox/defaults/main.yml | 10 ++- roles/proxmox/tasks/install.yml | 66 ++++++++++--------- roles/proxmox/tasks/main.yml | 11 +++- roles/proxmox/tasks/{tls.yml => rproxy.yml} | 4 +- .../{nginx_server.j2 => rproxy_nginx.j2} | 0 tasks/includes/role.yml | 2 + 10 files changed, 66 insertions(+), 42 deletions(-) rename roles/proxmox/tasks/{tls.yml => rproxy.yml} (73%) rename roles/proxmox/templates/{nginx_server.j2 => rproxy_nginx.j2} (100%) diff --git a/group_vars/infra.yml.template b/group_vars/infra.yml.template index c523518..4c81a67 100644 --- a/group_vars/infra.yml.template +++ b/group_vars/infra.yml.template @@ -13,4 +13,6 @@ networks: srv: gw: 10.0.0.1/16 -services: \ No newline at end of file +services: + +mail_server: \ No newline at end of file diff --git a/hosts.template b/hosts.template index 3875869..8ea75f7 100644 --- a/hosts.template +++ b/hosts.template @@ -5,7 +5,7 @@ all: ansible: ansible_host: 10.0.0.3 ansible_ssh_private_key_file: /etc/ansible/keys/ansible - container_password: --- + host_password: --- container_id: 100 container_network: srv database: {user: 'test', name: 'test', pass: 'test'} @@ -15,7 +15,7 @@ all: hosts: node1: ansible_host: 10.0.0.2 - ansible_password: --- + host_password: --- ansible_ssh_extra_args: -o StrictHostKeyChecking=no external_ipv4: 1.1.1.1 primary_role: proxmox diff --git a/mappings.yml b/mappings.yml index 3699a98..fa52d6f 100644 --- a/mappings.yml +++ b/mappings.yml @@ -54,7 +54,7 @@ - {stage: 1, role: 'common'} - {stage: 1, role: 'proxmox', function: 'install'} - {stage: 5, role: 'mail-user'} - - {stage: 5, role: 'proxmox', function: 'tls'} + - {stage: 5, role: 'proxmox', function: 'rproxy'} - {stage: 6, role: 'proxmox', function: 'mail'} rest-server: - {stage: 6, role: 'rest-server', function: 'install'} diff --git a/roles/common/tasks/debian.yml b/roles/common/tasks/debian.yml index 298dbbd..b3a0dc6 100644 --- a/roles/common/tasks/debian.yml +++ b/roles/common/tasks/debian.yml @@ -13,7 +13,7 @@ apt: force_apt_get: yes update_cache: yes - changed_when: false + changed_when: no - name: ensure apt-show-versions is installed @@ -27,13 +27,14 @@ shell: cmd: apt-show-versions --upgradeable register: upgradeable - changed_when: false + changed_when: no - block: - name: pause and confirm updates pause: prompt: "{{ upgradeable.stdout }}" + when: interactive | d(true) == true - name: upgrade all packages diff --git a/roles/proxmox/defaults/main.yml b/roles/proxmox/defaults/main.yml index 3bd0ee9..a2d87e9 100644 --- a/roles/proxmox/defaults/main.yml +++ b/roles/proxmox/defaults/main.yml @@ -1 +1,9 @@ -cpu_governor: conservative +proxmox_default_config: + cpu_governor: conservative + auto_reboot: yes + + datacenter: + mac_prefix: "{{ mac_prefix }}" + email_from: "{{ host_name ~ '@' ~ ((mail_server | d({}))['tld'] | d(tld)) }}" + +proxmox_default_packages: [] \ No newline at end of file diff --git a/roles/proxmox/tasks/install.yml b/roles/proxmox/tasks/install.yml index 786898b..b46322d 100644 --- a/roles/proxmox/tasks/install.yml +++ b/roles/proxmox/tasks/install.yml @@ -1,29 +1,38 @@ -- name: set cpu scheduler in cron - cron: - name: set cpu scheduler - special_time: reboot - job: 'echo {{ cpu_governor | quote }} | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor > /dev/null' - user: root - - +- name: install extra proxmox packages + package: + name: "{{ item }}" + loop: "{{ proxmox_default_packages + (proxmox_packages | d([])) }}" + + - block: - - name: get current cpu scheduler types - shell: - cmd: cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor - register: result - changed_when: false + - name: set cpu scheduler in cron + cron: + name: set cpu scheduler + special_time: reboot + job: 'echo {{ proxmox_cfg.cpu_governor | quote }} | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor > /dev/null' + user: root + + + - block: + - name: get current cpu scheduler types + shell: + cmd: cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor + register: result + changed_when: no - - name: change cpu scheduler - shell: - cmd: 'echo {{ cpu_governor | quote }} | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor' - when: (result.stdout_lines | unique | length > 1) or ((result.stdout_lines | unique)[0] != cpu_governor) + - name: change cpu scheduler + shell: + cmd: 'echo {{ proxmox_cfg.cpu_governor | quote }} | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor' + when: (result.stdout_lines | unique | length > 1) or ((result.stdout_lines | unique)[0] != proxmox_cfg.cpu_governor) - rescue: - - name: report that cpu scheduler cannot be changed - debug: - msg: failed to change cpu scheduler + rescue: + - name: report that cpu scheduler cannot be changed + debug: + msg: failed to change cpu scheduler + when: proxmox_cfg.cpu_governor is string + - name: disable enterprise repo apt_repository: @@ -44,17 +53,13 @@ - name: set datacenter configuration lineinfile: path: /etc/pve/datacenter.cfg - regexp: "^{{ item.name }}: " - line: "{{ item.name }}: {{ item.value }}" + regexp: "^{{ item.key }}: " + line: "{{ item.key }}: {{ item.value }}" mode: 0640 owner: root group: www-data create: yes - loop: - - name: mac_prefix - value: "{{ mac_prefix }}" - - name: email_from - value: "{{ host_name }}@{{ mail_server.tld | d(tld) }}" + loop: "{{ proxmox_cfg.datacenter | dict2items }}" - name: enable auto-reboot on kernel panic @@ -62,13 +67,14 @@ dest: /etc/sysctl.d/90-auto-reboot.conf content: "kernel.panic = 5\n" mode: 0644 + when: proxmox_cfg.auto_reboot | d(true) == true - name: set max arc cache size for zfs lineinfile: path: /etc/modprobe.d/zfs.conf regexp: "^options zfs zfs_arc_max=" - line: "options zfs zfs_arc_max={{ zfs_arc_max }}" + line: "options zfs zfs_arc_max={{ proxmox_cfg.zfs_arc_max }}" create: yes mode: 0644 - when: zfs_arc_max is defined + when: proxmox_cfg.zfs_arc_max is defined diff --git a/roles/proxmox/tasks/main.yml b/roles/proxmox/tasks/main.yml index e1d9510..86c4d91 100644 --- a/roles/proxmox/tasks/main.yml +++ b/roles/proxmox/tasks/main.yml @@ -1,11 +1,16 @@ +- name: set proxmox_cfg + set_fact: + proxmox_cfg: "{{ proxmox_default_config | d({}) | combine(proxmox_config | d({}), recursive=true) }}" + + - name: proxmox installation include_tasks: install.yml when: function == 'install' -- name: proxmox tls configuration - include_tasks: tls.yml - when: function == 'tls' +- name: proxmox reverse proxy configuration + include_tasks: rproxy.yml + when: function == 'rproxy' - name: proxmox mail configuration diff --git a/roles/proxmox/tasks/tls.yml b/roles/proxmox/tasks/rproxy.yml similarity index 73% rename from roles/proxmox/tasks/tls.yml rename to roles/proxmox/tasks/rproxy.yml index 2424df0..9f33840 100644 --- a/roles/proxmox/tasks/tls.yml +++ b/roles/proxmox/tasks/rproxy.yml @@ -4,8 +4,8 @@ vars: nginx: servers: - - conf: nginx_server - certs: true + - conf: rproxy_nginx + certs: "{{ host_tls }}" conf: http: ssl_conf_command: [] diff --git a/roles/proxmox/templates/nginx_server.j2 b/roles/proxmox/templates/rproxy_nginx.j2 similarity index 100% rename from roles/proxmox/templates/nginx_server.j2 rename to roles/proxmox/templates/rproxy_nginx.j2 diff --git a/tasks/includes/role.yml b/tasks/includes/role.yml index 9fd03df..35cbd0b 100644 --- a/tasks/includes/role.yml +++ b/tasks/includes/role.yml @@ -7,5 +7,7 @@ - name: include role include_role: name: "{{ this_role.role }}" + public: "{{ this_role.public | d(false) }}" + tasks_from: "{{ this_role.tasks_from | d(omit) }}" vars: function: "{{ this_role.function | d(None) }}"