Update to 2022-08-29 11:00

roles/linstor_controller/tasks/conf.yml

@@ -0,0 +1,26 @@
+---
+
+- name: Deploy linstor-controller conf
+  template: src=linstor.toml.j2 dest=/etc/linstor/linstor.toml mode=640
+  notify: restart linstor-controller
+  tags: drbd
+
+- name: Deploy linstor-client configuration
+  template: src=linstor-client.conf.j2 dest=/etc/linstor/linstor-client.conf
+  tags: drbd
+
+- name: Setup logrotate
+  template: src=logrotate.j2 dest=/etc/logrotate.d/linstor-controller
+  tags: drbd
+
+- name: Remove old reactor conf
+  file: path=/etc/drbd-reactor.d/linstor_db.toml state=absent
+  notify: restart drbd-reactor
+  tags: drbd
+
+- when: linctl_ha
+  name: Configure the drbd-reactor promoter
+  template: src=drbd-reactor.toml.j2 dest=/etc/drbd-reactor.d/linstor-controller.toml
+  notify: restart drbd-reactor
+  tags: drbd
+

roles/linstor_controller/tasks/directories.yml

@@ -0,0 +1,17 @@
+---
+
+- name: Create conf dir
+  file: path=/etc/linstor state=directory
+  tags: drbd
+
+#- name: Create data directory
+#  file: path=/var/lib/linstor state=directory owner=root group=linstor-controller mode=u=rwX,g=rwX,o=- recurse=True
+#  tags: drbd
+
+- name: Create systemd unit snippet dir
+  file: path=/etc/systemd/system/linstor-controller.service.d state=directory
+  tags: drbd
+
+#- name: Set permission on log dir
+#  file: path=/var/log/linstor-controller state=directory owner=root group=linstor-controller mode=u=rwX,g=rwX,o=- recurse=True
+#  tags: drbd

roles/linstor_controller/tasks/facts.yml

@@ -0,0 +1,16 @@
+---
+
+# Load distribution specific variables
+- include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_distribution }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}.yml"
+  tags: drbd
+
+- name: Check the state of the service
+  service_facts:
+  register: linctl_service
+  tags: drbd
+

roles/linstor_controller/tasks/install.yml

@@ -0,0 +1,44 @@
+---
+
+- name: Install packages
+  package: name={{ linctl_packages }}
+  tags: drbd
+
+- name: Custimize systemd unit
+  copy:
+    content: |
+      [Service]
+      #User=linstor-controller
+      #Group=linstor-controller
+      PrivateDevices=yes
+      ProtectSystem=full
+      ProtectHome=yes
+      NoNewPrivileges=yes
+      SyslogIdentifier=linstor-controller
+      Restart=on-failure
+      StartLimitInterval=0
+      RestartSec=15
+    dest: /etc/systemd/system/linstor-controller.service.d/99-ansible.conf
+  notify: restart linstor-controller
+  register: linctl_unit
+  tags: drbd
+
+- name: Install mount unit
+  copy:
+    content: |
+      [Unit]
+      Description=Filesystem for the LINSTOR controller
+      
+      [Mount]
+      # you can use the minor like /dev/drbdX or the udev symlink
+      What=/dev/drbd/by-res/{{ linctl_ha_res }}/0
+      Where=/var/lib/linstor
+    dest: /etc/systemd/system/var-lib-linstor.mount
+  register: linctl_data_unit
+  when: linctl_ha
+  tags: drbd
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: linctl_unit.changed or (linctl_data_unit is defined and linctl_data_unit.changed)
+  tags: drbd

roles/linstor_controller/tasks/iptables.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Handle API ports
+  iptables_raw:
+    name: linctl_api_port
+    state: "{{ (linctl_api_src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ linctl_api_port }} -s {{ linctl_api_src_ip | join(',') }} -j ACCEPT"
+  tags: firewall,drbd
+

roles/linstor_controller/tasks/main.yml

@@ -0,0 +1,26 @@
+---
+
+- include_tasks: facts.yml
+  tags: always
+
+#- include_tasks: user.yml
+#  tags: always
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+#- include_tasks: directories.yml
+#  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: iptables.yml
+  when: iptables_manage | default(True)
+  tags: always
+
+- include_tasks: services.yml
+  tags: always

roles/linstor_controller/tasks/services.yml

@@ -0,0 +1,16 @@
+---
+
+- when: not linctl_ha
+  name: Start and enable the service
+  service: name=linstor-controller state=started enabled=True
+  register: linctl_started
+  tags: drbd
+
+- when: linctl_ha
+  block:
+    - name: Ensure the service is disabled and managed by drbd-reactor
+      service: name=linstor-controller enabled=False
+
+    - name: Ensure the data mount unit is disabled
+      systemd: name=var-lib-linstor.mount enabled=False
+  tags: drbd

roles/linstor_controller/tasks/user.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Create linstor-controller user
+  user:
+    name: linstor-controller
+    system: True
+    shell: /sbin/nologin
+    home: /var/lib/linstor
+  tags: drbd