From 1eaf6359b31b813bfba08cb6ec98fc39e0a884e8 Mon Sep 17 00:00:00 2001 From: Benoit S Date: Sat, 20 Mar 2021 09:38:57 +0900 Subject: [PATCH] Branch lxd.local --- group_data/all.py | 4 +- inventory.py | 2 +- setup-backup.py | 12 ++-- setup-base.py | 126 ++++++++---------------------------- setup-zfs-and-lxd.py | 60 +---------------- templates/borgmatic.yaml.j2 | 2 +- 6 files changed, 38 insertions(+), 168 deletions(-) diff --git a/group_data/all.py b/group_data/all.py index 14f96a0..7dc06cf 100644 --- a/group_data/all.py +++ b/group_data/all.py @@ -9,9 +9,9 @@ def get_secret(crypted_value): b_borg_passphrase = get_secret(b'1$2$o9juQh0wvpWhOsXHhh-xyimKIpWAUOk9MgLeSHiM_NA=$Z0FBQUFBQmdGb3U0RmNfaDdYYkVfU1pvdW9SbXFJMC1GN2FsSXJoTVpkVENaRlN1V2ZiOVNpalk2Z28zS3R5bFRWMkh3VnQ4cFhIZVhtWVphWDhwQi00ejJsWS1pMkZMSGhvTnlVTi15aTBLejdTTHVjdGZLYUtqRUY0Wm9Lc19ISTZ3Wkc1SHJFLWNIMUNtekFXMzFBV1BMN1hNZlludG5xMU9WdkNPM3lwaDZfWFpESExaVHdFPQ==') borg_passphrase = b_borg_passphrase.decode('utf-8') -b_borg_healthchecks = get_secret(b'1$2$AbHQ2WFelnJfIi5SjEtgAugd3xHSJDfikh0RBV3QY80=$Z0FBQUFBQmdGOWdKZnp1d3B0YUJUck9kOVNBVWxTRjJZZnpubUZmNmV0cmlCUm9kLUhYNndqWkhMOG5WQU44ZUVMQ2lEdW1jLUhSOTJub0VMZWFWdHBBb0JKdVptanNCQ2xyQXQ2cEdfMjBaUy00Y2dlcnJzc1ViaE5sQ0RUUS1idkViQ0hOOWdRWUlqZElQSlAzYmpjSUl5bjNuTDhDLTNBPT0=') +b_borg_healthchecks = get_secret(b'1$2$qCFfK9b1A2D-xf3oEJ5uwOt1r3QOm0DJGsi_hKKjk0Q=$Z0FBQUFBQmdVeFFnZ0c1SUhhSzNBQ3h3MzRxLXd1b1luSjl6NjcxdzdxdjBFU3pncG1jSVYySFNlV0dZdU5VaU0wRVkxSEJveU01RU9Oby1uU1U5dXExQXlKNG9xNmxMeDRfNW9tUXprSzVFaWFYdWlya0V0TmlWQ1ZDdk5JRUhrdVFXdW5LOFh4ODNnak1RcGJIOVI5SDFtN3g1T1pWMkh3PT0=') borg_healthchecks = b_borg_healthchecks.decode('utf-8') -b_zfs_healthchecks = get_secret(b'1$2$dsh3T6POjU9RvOqr_Itg1paAckP4K2cIRN8L22OsGVo=$Z0FBQUFBQmdIa21UYUtGeVdmLWNvbGhYUDNfNzdTd0gwN21ISHRTV3B6SDBrTFA4aTRCaF84bWY5UlhYV3RSOUxsekRyTVd4REhqczZTTW00WHhzSjJSV2JuNjZ5NXdGWmtrQjFkWjNNdmZYTm4xMXUxOHlYNlpJb0pGQmoyb0JTajRjanQwMHlEUzhUSTNjRFlXenBwdDRTMzA5c2NzeFJBPT0=') +b_zfs_healthchecks = get_secret(b'1$2$Km9O6WZsSvCsvwcPxl0v27FXK6ZiI05OOThCLGmp0iI=$Z0FBQUFBQmdVVmRQS1F4SllzWWxkLU9UYjNQMXBaYmZIUFAxN0Q2dmh6S2M0ZHQwMUxra1R2aTZEbWVqeG9jRGZYeUtla1FncEFMMFc0VHg1ZXZoeDl6WWgzdUFMMHNiQ3J5Y1hmTzFXTlg4bVFGQjVUVndyNWt3VUZ2ZUI5OGU1UzlVQkhaSlFhc2pna3dCLTNzT051cGw0a1MyNWRqM1Z3PT0=') zfs_healthchecks = b_zfs_healthchecks.decode('utf-8') diff --git a/inventory.py b/inventory.py index 2712441..ffc823e 100644 --- a/inventory.py +++ b/inventory.py @@ -1 +1 @@ -my_hosts = ['lxd10.benpro.fr'] +my_hosts = ['lxd.local'] diff --git a/setup-backup.py b/setup-backup.py index d4132ff..2c5b94a 100644 --- a/setup-backup.py +++ b/setup-backup.py @@ -20,13 +20,13 @@ files.directory( if not host.fact.command('zfs list | grep exports || true'): server.shell( name='Create ZFS volume exports', - commands=['zfs create local/exports -o mountpoint=/var/backups/lxd'] + commands=['zfs create backup/exports -o mountpoint=/var/backups/lxd'] ) if not host.fact.command('mount | grep exports || true'): server.shell( - name='Mount local/exports', - commands=['zfs mount local/exports'], + name='Mount backup/exports', + commands=['zfs mount backup/exports || true'], ) files.directory( @@ -40,13 +40,13 @@ files.directory( if not host.fact.command('zfs list | grep databases || true'): server.shell( name='Create ZFS volume databases', - commands=['zfs create local/databases -o mountpoint=/var/backups/databases'] + commands=['zfs create backup/databases -o mountpoint=/var/backups/databases'] ) if not host.fact.command('mount | grep databases || true'): server.shell( - name='Mount local/databases', - commands=['zfs mount local/databases'], + name='Mount backup/databases', + commands=['zfs mount backup/databases || true'], ) files.template( diff --git a/setup-base.py b/setup-base.py index 7139fe6..afac532 100644 --- a/setup-base.py +++ b/setup-base.py @@ -14,7 +14,7 @@ server.user( server.hostname( name='Set the hostname', - hostname='lxd10.benpro.fr', + hostname='lxd.local', ) apt.update( @@ -33,7 +33,7 @@ apt.packages( server.shell( name='Add ufw rules', - commands=['ufw limit 22', 'ufw limit 28', 'ufw allow 80', 'ufw allow 443'], + commands=['ufw limit 22'], ) server.shell( @@ -41,19 +41,6 @@ server.shell( commands=['yes | ufw enable'], ) -files.line( - name='Set port 28 for SSH', - path='/etc/ssh/sshd_config', - line=r'Port .*', - replace='Port 28', -) - -systemd.service( - name='Reload sshd', - service='ssh.service', - reloaded=True, -) - apt.packages( name='Install packages', packages=['manpages', 'man', 'snapd', 'vim', 'file', @@ -62,31 +49,31 @@ apt.packages( update=False, ) -files.line( - name='Enable postfix relays to mail.benpro.fr', - path='/etc/postfix/main.cf', - line=r'relayhost = .*', - replace='relayhost = 10.0.0.2', -) - -files.line( - name='Set root aliases', - path='/etc/aliases', - line='root: lxd10@benpro.fr', -) - -server.shell( - name='Load aliases table', - commands=['newaliases'], -) - -systemd.service( - name='Restart and enable postfix service', - service='postfix.service', - running=True, - restarted=True, - enabled=True, -) +#files.line( +# name='Enable postfix relays to mail.benpro.fr', +# path='/etc/postfix/main.cf', +# line=r'relayhost = .*', +# replace='relayhost = 10.0.0.2', +#) +# +#files.line( +# name='Set root aliases', +# path='/etc/aliases', +# line='root: lxd10@benpro.fr', +#) +# +#server.shell( +# name='Load aliases table', +# commands=['newaliases'], +#) +# +#systemd.service( +# name='Restart and enable postfix service', +# service='postfix.service', +# running=True, +# restarted=True, +# enabled=True, +#) if not host.fact.directory('/var/snap/lxd'): server.shell( @@ -94,65 +81,6 @@ if not host.fact.directory('/var/snap/lxd'): commands=['snap install lxd'], ) -if not host.fact.command('file -s /dev/sdc1 | grep swap || true'): - server.shell( - name='Create swap', - commands=['wipefs -a /dev/sdc1', 'mkswap /dev/sdc1'], - ) - -files.line( - name='Add swap to /etc/fstab', - path='/etc/fstab', - line='/dev/sdc1 none swap defaults 0 0', -) - -server.shell( - name='Enable swap', - commands=['swapon -a'], -) - -files.line( - name='Disable intel_pstate', - path='/etc/default/grub', - line='GRUB_CMDLINE_LINUX="intel_pstate=disable"', -) - -server.shell( - name='Reload grub', - commands=['update-grub'], -) - -files.put( - name='Install set-cpufreq-performance', - src='files/set-cpufreq-performance', - dest='/lib/systemd/set-cpufreq-performance', - user='root', - group='root', - mode='755', -) - -files.put( - name='Override systemd ondemand.service', - src='files/ondemand.service', - dest='/etc/systemd/system/ondemand.service', - user='root', - group='root', - mode='644', -) - -systemd.daemon_reload( - name='Reload systemd', - user_mode=False, -) - -systemd.service( - name='Restart and enable ondemand service', - service='ondemand.service', - running=True, - restarted=True, - enabled=True, -) - files.put( name='Add lxd-containers-upgrade.sh', src='files/lxd-containers-upgrade.sh', diff --git a/setup-zfs-and-lxd.py b/setup-zfs-and-lxd.py index 86e14cd..f3ea2c7 100644 --- a/setup-zfs-and-lxd.py +++ b/setup-zfs-and-lxd.py @@ -3,76 +3,18 @@ from pyinfra.operations import server, files, systemd, apt SUDO = True -# This suppose you have: -# sda 8:0 0 2.7T 0 disk -# ├─sda1 8:1 0 512M 0 part -# │ └─md0 9:0 0 511M 0 raid1 /boot -# ├─sda2 8:2 0 40G 0 part -# │ └─md1 9:1 0 40G 0 raid1 / -# └─sda3 8:3 0 1M 0 part -# sdb 8:16 0 2.7T 0 disk -# ├─sdb1 8:17 0 512M 0 part -# │ └─md0 9:0 0 511M 0 raid1 /boot -# ├─sdb2 8:18 0 40G 0 part -# │ └─md1 9:1 0 40G 0 raid1 / -# └─sdb3 8:19 0 1M 0 part -# sdc 8:32 0 223.6G 0 disk -# └─sdc1 8:33 0 24G 0 part - apt.packages( name='Install packages', packages=['zfsutils-linux'], update=True, ) -if not host.fact.command('lsblk | grep sda4 || true'): - server.shell( - name='Create sda4 for zpool', - commands=['sgdisk -n4:0:0 -t4:BF00 /dev/sda', 'partprobe'] - ) - -if not host.fact.command('lsblk | grep sdb4 || true'): - server.shell( - name='Create sdb4 for zpool', - commands=['sgdisk -n4:0:0 -t4:BF00 /dev/sdb', 'partprobe'] - ) - -if not host.fact.command('lsblk | grep sdc2 || true'): - server.shell( - name='Create sdc2 for ZFS cache L2ARC', - commands=['sgdisk -n2:0:0 -t2:FD00 /dev/sdc', 'partprobe'] - ) - -# zfs.key is not stored on GIT, but on KeePassXC -# When using new server be sure to set right disk ID if not host.fact.command('zpool list local | grep local || true'): server.shell( name='Create ZFS pool', - commands=['zpool create -o ashift=12 -o autotrim=on -O encryption=aes-256-gcm -O keylocation=file:///etc/zfs.key -O keyformat=passphrase -O acltype=posixacl -O canmount=off -O compression=lz4 -O dnodesize=auto -O normalization=formD -O relatime=on -O xattr=sa local mirror /dev/disk/by-id/ata-ST33000650NS_Z290FDG2-part4 /dev/disk/by-id/ata-ST33000650NS_Z290FEJQ-part4 cache /dev/disk/by-id/ata-INTEL_SSDSC2CW240A3_CVCV306301L3240CGN-part2'] + commands=['zpool create -o ashift=12 -o autotrim=on -O acltype=posixacl -O canmount=off -O compression=lz4 -O dnodesize=auto -O normalization=formD -O relatime=on -O xattr=sa local /dev/vdb'] ) -files.put( - name='Upload systemd zfs-load-key service', - src='files/zfs-load-key.service', - dest='/etc/systemd/system/zfs-load-key.service', - user='root', - group='root', - mode='644', -) - -systemd.daemon_reload( - name='Reload systemd', - user_mode=False, -) - -systemd.service( - name='Enable zfs-load-key service', - service='zfs-load-key.service', - enabled=True, - restarted=False, - running=False, -) - files.put( name='Upload LXD config', src='files/lxd.yml', diff --git a/templates/borgmatic.yaml.j2 b/templates/borgmatic.yaml.j2 index e24a70c..2c037f0 100644 --- a/templates/borgmatic.yaml.j2 +++ b/templates/borgmatic.yaml.j2 @@ -4,7 +4,7 @@ location: one_file_system: false repositories: - - r0t85632@r0t85632.repo.borgbase.com:repo + - quv7z6k8@quv7z6k8.repo.borgbase.com:repo exclude_patterns: - ~/*/.cache