Add datastore role for validating config of datastore setup

This commit is contained in:
Ethan Paul 2021-11-10 00:22:43 -05:00
parent c11e492f8f
commit 01c0e21f94
No known key found for this signature in database
GPG Key ID: 6A337337DF6B5B1A
5 changed files with 195 additions and 0 deletions

View File

@ -21,3 +21,5 @@
roles: roles:
- role: server - role: server
when: "'server' in skylab_roles | default([])" when: "'server' in skylab_roles | default([])"
- role: datastore
when: "'datastore' in skylab_roles | default([])"

View File

@ -0,0 +1,45 @@
---
- name: Allow gluster through firewall
become: true
ansible.posix.firewalld:
service: glusterfs
state: enabled
zone: trusted
immediate: true
permanent: true
- name: Create datastore directory
become: true
ansible.builtin.file:
path: /mnt/brick/datastore
state: directory
- name: Fetch peer status
become: true
ansible.builtin.command:
cmd: gluster peer status
changed_when: false
register: _gluster_peer_status_raw
- name: Check peer status
ansible.builtin.assert:
that:
- not _gluster_peer_status_raw.stdout_lines[0].strip().endswith('0')
fail_msg: >-
ERROR: Datastore host '{{ inventory_hostname }}' is not joined to the gluster pool. Run the
command 'gluster peer probe {{ inventory_hostname }}.local' from another datastore host to
add it.
success_msg: >-
Datastore host {{ inventory_hostname }} is joined to the gluster pool
- name: Mount gluster volume
become: true
ansible.posix.mount:
path: /mnt/datastore
src: localhost:/datastore
state: mounted
fstype: glusterfs
# Note that this just needs to be any path *other* than the actual
# fstab. This is done just to prevent the devices from being
# automatically mounted at boot
fstab: "{{ skylab_state_dir }}/mounts"

View File

@ -0,0 +1,9 @@
---
- name: Install datastore packages
ansible.builtin.import_tasks: packages.yaml
- name: Configure mounting
ansible.builtin.import_tasks: mounts.yaml
- name: Configure glusterfs
ansible.builtin.import_tasks: gluster.yaml

View File

@ -0,0 +1,108 @@
---
- name: Create mount points
become: true
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: 0755
owner: root
group: "{{ ansible_user }}"
loop:
- /mnt/datastore
- /mnt/brick
- name: Determine current mounts
vars:
_current_mounts: []
ansible.builtin.set_fact:
_current_mounts: "{{ _current_mounts + [item.mount] }}"
loop: "{{ ansible_mounts }}"
loop_control:
label: "{{ item.mount }}"
- name: Ensure mount points are empty when unmounted
when: item not in _current_mounts
ansible.builtin.command:
cmd: "/usr/bin/ls {{ item }}"
changed_when: false
failed_when: _mountpoint_ls_raw.stdout
register: _mountpoint_ls_raw
loop:
- /mnt/datastore
- /mnt/brick
- name: Fetch block device information
ansible.builtin.command:
cmd: lsblk /dev/{{ skylab_datastore_device }} --fs --json
changed_when: false
register: _lsblk_info_raw
- name: Process block device information
ansible.builtin.set_fact:
_datastore_device_info: "{{ (_lsblk_info_raw.stdout | from_json).blockdevices[0] }}"
- name: Check state of the datastore device
ansible.builtin.assert:
that: _datastore_device_info.fstype == "crypto_LUKS"
fail_msg: >-
ERROR: Datastore block device {{ inventory_hostname }}:/dev/{{ skylab_datastore_device }}
must be LUKS encrypted
success_msg: >-
Datastore block device {{ inventory_hostname }}:/dev/{{ skylab_datastore_device }} is
LUKS encrypted
- name: Determine whether datastore block is decrypted
ansible.builtin.set_fact:
_datastore_device_is_decrypted: "{{ _datastore_device_info.children is defined }}"
- name: Decrypt datastore block
when: not _datastore_device_is_decrypted
block:
- name: Prompt for decryption key
no_log: true
ansible.builtin.pause:
prompt: >-
Datastore device {{ inventory_hostname }}:/dev/{{ skylab_datastore_device }} is not
decrypted. Enter decryption passphrase to continue GlusterFS brick configuration
echo: false
register: _luks_decryption_key
- name: Open LUKS device
become: true
community.crypto.luks_device:
device: /dev/{{ skylab_datastore_device }}
state: opened
name: brick
passphrase: "{{ _luks_decryption_key.user_input }}"
- name: Fetch updated block device information
ansible.builtin.command:
cmd: lsblk /dev/{{ skylab_datastore_device }} --fs --json
changed_when: false
register: _lsblk_info_raw
- name: Process updated block device information
ansible.builtin.set_fact:
_datastore_device_info: "{{ (_lsblk_info_raw.stdout | from_json).blockdevices[0] }}"
- name: Create dummy fstab
ansible.builtin.file:
state: touch
path: "{{ skylab_state_dir }}/mounts"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: 0644
access_time: preserve
modification_time: preserve
- name: Mount datastore block
become: true
ansible.posix.mount:
path: /mnt/brick
src: UUID={{ _datastore_device_info.children[0].uuid }}
state: mounted
fstype: "{{ _datastore_device_info.children[0].fstype }}"
# Note that this just needs to be any path *other* than the actual
# fstab. This is done just to prevent the devices from being
# automatically mounted at boot
fstab: "{{ skylab_state_dir }}/mounts"

View File

@ -0,0 +1,31 @@
---
- name: Install gluster repository
become: true
ansible.builtin.dnf:
name: centos-release-gluster9
state: present
register: _datastore_repo_gluster
- name: Enable required repositories
become: true
ansible.builtin.lineinfile:
path: /etc/yum.repos.d/{{ item }}.repo
line: enabled=1
state: present
regexp: "#?enabled=(0|1)"
loop:
- Rocky-AppStream
- Rocky-PowerTools
register: _datastore_repo_powertools
- name: Install datastore packages
become: true
when: ansible_distribution == "Rocky"
ansible.builtin.dnf:
state: present
update_cache: "{{ _datastore_repo_powertools.changed or _datastore_repo_gluster.changed }}"
name:
- cryptsetup-luks
- glusterfs
- glusterfs-fuse
- glusterfs-server