rc/servers
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Factor frr role from debian, ceph and proxmox

Browse source 
Consolidate base system and networking setup into debian role and BGP
configuration into frr role. Add facts role to collect data from NetBox
once to avoid many slow lookups. Also many other tweaks and cleanups.
This commit is contained in:
Timotej Lazar 2024-05-18 18:35:41 +02:00
parent 256dae2955
commit 25bcddede1
31 changed files with 167 additions and 312 deletions
Download patch file Download diff file Expand all files Collapse all files

2
roles/proxmox/tasks/firewall.yml
View file

@ -5,4 +5,4 @@
mode: 0640
owner: root
group: www-data
when: inventory_hostname == primary
when: is_primary

22
roles/proxmox/tasks/frr.yml
View file

@ -1,22 +0,0 @@
- name: Install FRR
package:
name: frr
- name: Configure FRR
template:
dest: /etc/frr/frr.conf
src: frr.conf.j2
mode: 0644
notify: reload frr
- name: Set datacenter defaults for FRR
lineinfile:
path: /etc/frr/daemons
line: 'frr_profile="datacenter"'
regexp: '#?frr_profile="datacenter"'
- name: Enable FRR
service:
name: frr
enabled: yes
state: started

30
roles/proxmox/tasks/main.yml
View file

@ -1,11 +1,7 @@
- name: Get all nodes in my cluster
set_fact:
nodes: "{{ groups['cluster_'+cluster] | map('extract', hostvars) }}"
# choose a node for tasks that should only run on (any) one node, e.g. when writing to /etc/pve
- name: Select primary node
- name: Select the primary node
set_fact:
primary: '{{ nodes | map(attribute="inventory_hostname") | sort | first }}'
is_primary: '{{ inventory_hostname == (nodes | map(attribute="inventory_hostname") | sort | first) }}'
- name: Disable enterprise repositories
apt_repository:
@ -22,27 +18,15 @@
apt_repository:
repo: 'deb http://download.proxmox.com/debian/pve {{ ansible_distribution_release }} pve-no-subscription'
- name: Set hostname
hostname:
name: '{{ inventory_hostname }}'
- name: Add rules to rename network interfaces
template:
dest: /etc/udev/rules.d/10-network.rules
src: 10-network.rules.j2
mode: 0644
notify: reboot
- name: Set up sysctls
copy:
dest: /etc/sysctl.d/local.conf
src: sysctl.conf
- name: Set up interfaces
- name: Set VXLAN local tunnel IP
template:
dest: /etc/network/interfaces.d/real.intf
src: real.intf.j2
mode: 0644
dest: /etc/network/interfaces.d/loopback.intf
src: loopback.intf.j2
notify: reload interfaces
- name: Set up bridges
@ -52,10 +36,6 @@
mode: 0644
notify: reload interfaces
- include_tasks: mgmt.yml
- include_tasks: firewall.yml
- include_tasks: frr.yml
- include_tasks: user.yml

24
roles/proxmox/tasks/mgmt.yml
View file

@ -1,24 +0,0 @@
# We could probably avoid rebooting in some cases, but those should never happen
# in normal operation anyway. This way all setup is done before rebooting once.
- name: Configure SSH instance in management VRF
copy:
dest: /etc/ssh/
src: sshd_config.mgmt
mode: 0644
notify: reboot
- name: Set up a SSH instance in management VRF
copy:
dest: /etc/systemd/system/
src: sshd@mgmt.service
mode: 0644
notify: reboot
- name: Enable management SSH
service:
name: sshd@mgmt
enabled: yes
notify: reboot
- meta: flush_handlers

11
roles/proxmox/tasks/user.yml
View file

@ -1,17 +1,19 @@
# synchronize user and group data from LDAP when sync-ldap context key is set to a realm
- block:
- name: Set up LDAP user synchronization
when: '"sync-ldap" in hostvars[inventory_hostname]'
block:
- name: Install LDAP sync script
template:
dest: /usr/local/bin/sync-ldap.py
src: sync-ldap.py.j2
mode: 0700
when: primary == inventory_hostname
when: is_primary
- name: Remove LDAP sync script
file:
path: /usr/local/bin/sync-ldap.py
state: absent
when: primary != inventory_hostname
when: not is_primary
- name: Configure cronjob
cron:
@ -21,5 +23,4 @@
cron_file: sync-ldap
hour: "2"
minute: "51"
state: '{{ "present" if inventory_hostname == primary else "absent" }}'
when: '"sync-ldap" in hostvars[inventory_hostname]'
state: '{{ "present" if is_primary else "absent" }}'