diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..600d2d3 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.vscode \ No newline at end of file diff --git a/Readme.md b/Readme.md index 73b6089..7d8eb4f 100644 --- a/Readme.md +++ b/Readme.md @@ -3,7 +3,7 @@ Setup a Ganeti cluster on Debian VMs. ## How to use - First, edit the inventory file. -- Disable secure boot (if using UEFI). +- DON'T use UEFI - Then: ```sh # allow ansible to use the ssh key diff --git a/group_vars/all.yml b/group_vars/all.yml index e8654f2..5d2f86c 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -7,7 +7,13 @@ packages: - drbd-utils - socat - python3 + - xen-hypervisor + - xen-hypervisor-common + - xen-utils + - xen-tools - qemu-system-x86 + - qemu-system-xen + - qemu-utils - systemd-resolved # needs to be the last one # breaks dns resolution until # systemd-networkd is configured @@ -40,7 +46,7 @@ hostnames: # storage vg_name: xenvg pvs: - - /dev/vda3 + - /dev/vda6 # ganeti instance_debootstrap: diff --git a/inventory b/inventory index ef74b37..755fb1b 100644 --- a/inventory +++ b/inventory @@ -1,12 +1,12 @@ [nodes] 192.168.50.20 -192.168.50.21 +; 192.168.50.21 [master] 192.168.50.20 [workers] -192.168.50.21 +; 192.168.50.21 [web-manager] 192.168.50.20 diff --git a/roles/master/tasks/main.yml b/roles/master/tasks/main.yml index 84b695f..7a0a1c1 100644 --- a/roles/master/tasks/main.yml +++ b/roles/master/tasks/main.yml @@ -9,7 +9,7 @@ ansible.builtin.command: cmd: |- gnt-cluster init - --enabled-hypervisors kvm + --enabled-hypervisors xen-hvm --no-etc-hosts --master-netdev {{ bridge_name }} --nic-parameters link={{ bridge_name }},mode=bridged diff --git a/roles/node/handlers/main.yml b/roles/node/handlers/main.yml index 4d5e24f..d09de3f 100644 --- a/roles/node/handlers/main.yml +++ b/roles/node/handlers/main.yml @@ -6,6 +6,13 @@ cmd: > update-initramfs -k all -u +- name: Update grub + listen: + - update grub + ansible.builtin.command: + cmd: > + update-grub + - name: Reboot listen: - reboot diff --git a/roles/node/tasks/main.yml b/roles/node/tasks/main.yml index 4a1ad62..05db2ba 100644 --- a/roles/node/tasks/main.yml +++ b/roles/node/tasks/main.yml @@ -18,6 +18,10 @@ ansible.builtin.include_tasks: file: modules.yml +- name: Configure Xen + ansible.builtin.include_tasks: + file: xen.yml + - name: Create storages ansible.builtin.include_tasks: file: storage.yml @@ -30,8 +34,6 @@ ansible.builtin.include_tasks: file: debootstrap.yml -- name: Add RAPI users - ansible.builtin.template: - src: var-lib-ganeti-rapi-users.j2 - dest: /var/lib/ganeti/rapi/users - mode: "0644" +- name: Configure RAPI + ansible.builtin.include_tasks: + file: rapi.yml diff --git a/roles/node/tasks/rapi.yml b/roles/node/tasks/rapi.yml new file mode 100644 index 0000000..754a59c --- /dev/null +++ b/roles/node/tasks/rapi.yml @@ -0,0 +1,17 @@ +- name: Make sure the directory exists + ansible.builtin.file: + state: directory + path: "/var/lib/ganeti/rapi" + mode: "0644" + +- name: Add RAPI users + ansible.builtin.template: + src: var-lib-ganeti-rapi-users.j2 + dest: /var/lib/ganeti/rapi/users + mode: "0644" + +- name: Configure RAPI arguments + ansible.builtin.lineinfile: + regex: "RAPI_ARGS=.*" + line: RAPI_ARGS="-b 0.0.0.0 --require-authentication" + path: /etc/default/ganeti diff --git a/roles/node/tasks/xen.yml b/roles/node/tasks/xen.yml new file mode 100644 index 0000000..d2f34da --- /dev/null +++ b/roles/node/tasks/xen.yml @@ -0,0 +1,87 @@ +- name: "Set Xen commandline" + ansible.builtin.lineinfile: + path: "/etc/default/grub.d/xen.cfg" + regexp: '^GRUB_CMDLINE_XEN_DEFAULT=.*$' + line: 'GRUB_CMDLINE_XEN_DEFAULT="dom0_mem=1024M,max:1024M dom0_max_vcpus=2 dom0_vcpus_pin loglvl=all guest_loglvl=all iommu=debug,verbose apic_verbosity=debug ivrs_ioapic[0]=00:14.0" console=com1 com1=115200' + notify: + - update grub + +- name: "Set CPU pinning from dom0" + ansible.builtin.replace: + path: "/etc/xen/xl.conf" + regexp: '^#vm.cpumask=.*$' + replace: 'vm.cpumask="2-7"' + notify: + - update grub + +- name: "Disable ballooning for dom0" + ansible.builtin.replace: + path: "/etc/xen/xl.conf" + regexp: '^#autoballoon=.*$' + replace: 'autoballoon="0"' + notify: + - update grub + +- name: "Disable domain saving" + ansible.builtin.lineinfile: + path: "/etc/default/xendomains" + regexp: '^XENDOMAINS_SAVE=.*$' + line: 'XENDOMAINS_SAVE=' + notify: + - update grub + +- name: "Disable domain restore" + ansible.builtin.lineinfile: + path: "/etc/default/xendomains" + regexp: '^XENDOMAINS_RESTORE=.*$' + line: 'XENDOMAINS_RESTORE=false' + notify: + - update grub + +- name: "Get latest kernel" + ansible.builtin.command: + cmd: bash -c 'find /boot -name "vmlinuz*" | sort -r | head -1' + register: latest_kernel + changed_when: false + failed_when: latest_kernel.rc != 0 + +- name: "Symlink to the latest kernel" + ansible.builtin.file: + state: link + src: "{{ latest_kernel.stdout }}" + dest: "/boot/vmlinuz-3-xenU" + +- name: "Get latest initrd" + ansible.builtin.command: + cmd: bash -c 'find /boot -name "initrd.img*" | sort -r | head -1' + register: latest_initrd + changed_when: false + failed_when: latest_initrd.rc != 0 + +- name: "Symlink to initrd" + ansible.builtin.file: + state: link + src: "{{ latest_initrd.stdout }}" + dest: "/boot/initrd.img-3-xenU" + +- name: "Get latest kernel config" + ansible.builtin.command: + cmd: bash -c 'find /boot -name "config*" | sort -r | head -1' + register: latest_config + changed_when: false + failed_when: latest_config.rc != 0 + +- name: "Symlink to kernel config" + ansible.builtin.file: + state: link + src: "{{ latest_config.stdout }}" + dest: "/boot/config-3-xenU" + +- name: "Add Xen block drivers to modules" + ansible.builtin.lineinfile: + path: "/etc/initramfs-tools/modules" + regexp: "xen_blkfront" + line: "xen_blkfront" + notify: + - update initramfs + - reboot diff --git a/roles/web-manager/defaults/main.yml b/roles/web-manager/defaults/main.yml index 6ef0773..9eccb99 100644 --- a/roles/web-manager/defaults/main.yml +++ b/roles/web-manager/defaults/main.yml @@ -10,6 +10,10 @@ web_manager: - make version: 0.11.1 tz: Europe/Budapest + superuser: + username: admin + email: admin@cluster.ganeti + password: admin python: src: https://www.python.org/ftp/python/2.7.18/Python-2.7.18.tgz diff --git a/roles/web-manager/tasks/main.yml b/roles/web-manager/tasks/main.yml index 3823b07..119fa49 100644 --- a/roles/web-manager/tasks/main.yml +++ b/roles/web-manager/tasks/main.yml @@ -5,9 +5,17 @@ install_recommends: false loop: "{{ web_manager.dependencies }}" +- name: Check for Python 2 + ansible.builtin.command: + cmd: python2 -V + register: python2_version + changed_when: false + failed_when: false + - name: Install Python 2.7 ansible.builtin.include_tasks: file: python.yml + when: python2_version.rc != 0 - name: Clone Ganeti Web Manager ansible.builtin.git: @@ -16,6 +24,12 @@ force: true version: "{{ web_manager.version }}" +- name: Link virtualenv for the dumb Ganeti Web Manager setup script + ansible.builtin.file: + state: link + src: /usr/local/bin/virtualenv + dest: /usr/bin/virtualenv + - name: Create virtualenv for Ganeti Web Manager ansible.builtin.command: cmd: bash -c "python -m pip install virtualenv && python -m virtualenv /opt/ganeti_webmgr" @@ -61,10 +75,16 @@ - name: Init Ganeti Web Manager ansible.builtin.command: - cmd: bash -c "source /opt/ganeti_webmgr/bin/activate && export DJANGO_SETTINGS_MODULE=ganeti_webmgr.ganeti_web.settings && django-admin.py syncdb --migrate && django-admin.py refreshcache" + cmd: bash -c "source /opt/ganeti_webmgr/bin/activate && export DJANGO_SETTINGS_MODULE=ganeti_webmgr.ganeti_web.settings && django-admin.py syncdb --migrate --noinput && django-admin.py refreshcache" register: init_result changed_when: init_result.rc == 0 +- name: Add superuser + ansible.builtin.command: + cmd: bash -c "source /opt/ganeti_webmgr/bin/activate && export DJANGO_SETTINGS_MODULE=ganeti_webmgr.ganeti_web.settings && echo -e '{{ web_manager.superuser.password }}\n{{ web_manager.superuser.password }}\n' | django-admin.py createsuperuser --username {{ web_manager.superuser.username }} --email {{ web_manager.superuser.email }}" + register: superuser_result + changed_when: superuser_result.rc == 0 + - name: Install Ganeti Web Manager systemd service ansible.builtin.template: src: "ganeti-web-manager.service.j2"