we live in a society 🤡

.gitignore

@@ -0,0 +1 @@
+.vscode

Readme.md

@@ -3,7 +3,7 @@ Setup a Ganeti cluster on Debian VMs.
 
 ## How to use
 - First, edit the inventory file.
-- Disable secure boot (if using UEFI).
+- DON'T use UEFI
 - Then:
 ```sh
 # allow ansible to use the ssh key

group_vars/all.yml

@@ -7,7 +7,13 @@ packages:
   - drbd-utils
   - socat
   - python3
+  - xen-hypervisor
+  - xen-hypervisor-common
+  - xen-utils
+  - xen-tools
   - qemu-system-x86
+  - qemu-system-xen
+  - qemu-utils
   - systemd-resolved # needs to be the last one
                      # breaks dns resolution until
                      # systemd-networkd is configured
@@ -40,7 +46,7 @@ hostnames:
 # storage
 vg_name: xenvg
 pvs:
-  - /dev/vda3
+  - /dev/vda6
 
 # ganeti
 instance_debootstrap:

inventory

@@ -1,12 +1,12 @@
 [nodes]
 192.168.50.20
-192.168.50.21
+; 192.168.50.21
 
 [master]
 192.168.50.20
 
 [workers]
-192.168.50.21
+; 192.168.50.21
 
 [web-manager]
 192.168.50.20

roles/master/tasks/main.yml

@@ -9,7 +9,7 @@
   ansible.builtin.command:
     cmd: |-
       gnt-cluster init
-      --enabled-hypervisors kvm
+      --enabled-hypervisors xen-hvm
       --no-etc-hosts
       --master-netdev {{ bridge_name }}
       --nic-parameters link={{ bridge_name }},mode=bridged

roles/node/handlers/main.yml

@@ -6,6 +6,13 @@
     cmd: >
       update-initramfs -k all -u
 
+- name: Update grub
+  listen:
+    - update grub
+  ansible.builtin.command:
+    cmd: >
+      update-grub
+
 - name: Reboot
   listen:
     - reboot

roles/node/tasks/main.yml

@@ -18,6 +18,10 @@
   ansible.builtin.include_tasks:
     file: modules.yml
 
+- name: Configure Xen
+  ansible.builtin.include_tasks:
+    file: xen.yml
+
 - name: Create storages
   ansible.builtin.include_tasks:
     file: storage.yml
@@ -30,8 +34,6 @@
   ansible.builtin.include_tasks:
     file: debootstrap.yml
 
-- name: Add RAPI users
-  ansible.builtin.template:
-    src: var-lib-ganeti-rapi-users.j2
-    dest: /var/lib/ganeti/rapi/users
-    mode: "0644"
+- name: Configure RAPI
+  ansible.builtin.include_tasks:
+    file: rapi.yml

roles/node/tasks/rapi.yml

@@ -0,0 +1,17 @@
+- name: Make sure the directory exists
+  ansible.builtin.file:
+    state: directory
+    path: "/var/lib/ganeti/rapi"
+    mode: "0644"
+
+- name: Add RAPI users
+  ansible.builtin.template:
+    src: var-lib-ganeti-rapi-users.j2
+    dest: /var/lib/ganeti/rapi/users
+    mode: "0644"
+
+- name: Configure RAPI arguments
+  ansible.builtin.lineinfile:
+    regex: "RAPI_ARGS=.*"
+    line: RAPI_ARGS="-b 0.0.0.0 --require-authentication"
+    path: /etc/default/ganeti

roles/node/tasks/xen.yml

@@ -0,0 +1,87 @@
+- name: "Set Xen commandline"
+  ansible.builtin.lineinfile:
+    path: "/etc/default/grub.d/xen.cfg"
+    regexp: '^GRUB_CMDLINE_XEN_DEFAULT=.*$'
+    line: 'GRUB_CMDLINE_XEN_DEFAULT="dom0_mem=1024M,max:1024M dom0_max_vcpus=2 dom0_vcpus_pin loglvl=all guest_loglvl=all iommu=debug,verbose apic_verbosity=debug ivrs_ioapic[0]=00:14.0" console=com1 com1=115200'
+  notify:
+    - update grub
+
+- name: "Set CPU pinning from dom0"
+  ansible.builtin.replace:
+    path: "/etc/xen/xl.conf"
+    regexp: '^#vm.cpumask=.*$'
+    replace: 'vm.cpumask="2-7"'
+  notify:
+    - update grub
+
+- name: "Disable ballooning for dom0"
+  ansible.builtin.replace:
+    path: "/etc/xen/xl.conf"
+    regexp: '^#autoballoon=.*$'
+    replace: 'autoballoon="0"'
+  notify:
+    - update grub
+
+- name: "Disable domain saving"
+  ansible.builtin.lineinfile:
+    path: "/etc/default/xendomains"
+    regexp: '^XENDOMAINS_SAVE=.*$'
+    line: 'XENDOMAINS_SAVE='
+  notify:
+    - update grub
+
+- name: "Disable domain restore"
+  ansible.builtin.lineinfile:
+    path: "/etc/default/xendomains"
+    regexp: '^XENDOMAINS_RESTORE=.*$'
+    line: 'XENDOMAINS_RESTORE=false'
+  notify:
+    - update grub
+
+- name: "Get latest kernel"
+  ansible.builtin.command:
+    cmd: bash -c 'find /boot -name "vmlinuz*" | sort -r | head -1'
+  register: latest_kernel
+  changed_when: false
+  failed_when: latest_kernel.rc != 0
+
+- name: "Symlink to the latest kernel"
+  ansible.builtin.file:
+    state: link
+    src: "{{ latest_kernel.stdout }}"
+    dest: "/boot/vmlinuz-3-xenU"
+
+- name: "Get latest initrd"
+  ansible.builtin.command:
+    cmd: bash -c 'find /boot -name "initrd.img*" | sort -r | head -1'
+  register: latest_initrd
+  changed_when: false
+  failed_when: latest_initrd.rc != 0
+
+- name: "Symlink to initrd"
+  ansible.builtin.file:
+    state: link
+    src: "{{ latest_initrd.stdout }}"
+    dest: "/boot/initrd.img-3-xenU"
+
+- name: "Get latest kernel config"
+  ansible.builtin.command:
+    cmd: bash -c 'find /boot -name "config*" | sort -r | head -1'
+  register: latest_config
+  changed_when: false
+  failed_when: latest_config.rc != 0
+
+- name: "Symlink to kernel config"
+  ansible.builtin.file:
+    state: link
+    src: "{{ latest_config.stdout }}"
+    dest: "/boot/config-3-xenU"
+
+- name: "Add Xen block drivers to modules"
+  ansible.builtin.lineinfile:
+    path: "/etc/initramfs-tools/modules"
+    regexp: "xen_blkfront"
+    line: "xen_blkfront"
+  notify:
+    - update initramfs
+    - reboot

roles/web-manager/defaults/main.yml

@@ -10,6 +10,10 @@ web_manager:
     - make
   version: 0.11.1
   tz: Europe/Budapest
+  superuser:
+    username: admin
+    email: admin@cluster.ganeti
+    password: admin
 
 python:
   src: https://www.python.org/ftp/python/2.7.18/Python-2.7.18.tgz

roles/web-manager/tasks/main.yml

@@ -5,9 +5,17 @@
     install_recommends: false
   loop: "{{ web_manager.dependencies }}"
 
+- name: Check for Python 2
+  ansible.builtin.command:
+    cmd: python2 -V
+  register: python2_version
+  changed_when: false
+  failed_when: false
+
 - name: Install Python 2.7
   ansible.builtin.include_tasks:
     file: python.yml
+  when: python2_version.rc != 0
 
 - name: Clone Ganeti Web Manager
   ansible.builtin.git:
@@ -16,6 +24,12 @@
     force: true
     version: "{{ web_manager.version }}"
 
+- name: Link virtualenv for the dumb Ganeti Web Manager setup script
+  ansible.builtin.file:
+    state: link
+    src: /usr/local/bin/virtualenv
+    dest: /usr/bin/virtualenv
+
 - name: Create virtualenv for Ganeti Web Manager
   ansible.builtin.command:
     cmd: bash -c "python -m pip install virtualenv && python -m virtualenv /opt/ganeti_webmgr"
@@ -61,10 +75,16 @@
 
 - name: Init Ganeti Web Manager
   ansible.builtin.command:
-    cmd: bash -c "source /opt/ganeti_webmgr/bin/activate && export DJANGO_SETTINGS_MODULE=ganeti_webmgr.ganeti_web.settings && django-admin.py syncdb --migrate && django-admin.py refreshcache"
+    cmd: bash -c "source /opt/ganeti_webmgr/bin/activate && export DJANGO_SETTINGS_MODULE=ganeti_webmgr.ganeti_web.settings && django-admin.py syncdb --migrate --noinput && django-admin.py refreshcache"
   register: init_result
   changed_when: init_result.rc == 0
 
+- name: Add superuser
+  ansible.builtin.command:
+    cmd: bash -c "source /opt/ganeti_webmgr/bin/activate && export DJANGO_SETTINGS_MODULE=ganeti_webmgr.ganeti_web.settings && echo -e '{{ web_manager.superuser.password }}\n{{ web_manager.superuser.password }}\n' | django-admin.py createsuperuser --username {{ web_manager.superuser.username }} --email {{ web_manager.superuser.email }}"
+  register: superuser_result
+  changed_when: superuser_result.rc == 0
+
 - name: Install Ganeti Web Manager systemd service
   ansible.builtin.template:
     src: "ganeti-web-manager.service.j2"