Update to 2022-08-19 16:00

roles/drbd/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+
+# List of IP/CIDR for which ports 7000 to 8000 will be opened
+# if iptables_manage is True
+drbd_src_ip: []

roles/drbd/meta/main.yml

@@ -0,0 +1,4 @@
+---
+
+dependencies:
+  - role: repo_elrepo

roles/drbd/tasks/facts.yml

@@ -0,0 +1,10 @@
+---
+
+# Load distribution specific variables
+- include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_distribution }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}.yml"
+  tags: drbd

roles/drbd/tasks/install.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Install packages
+  package: name={{ drbd_packages }}
+  tags: drbd

roles/drbd/tasks/iptables.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Handle DRBD ports
+  iptables_raw:
+    name: drbd_ports
+    state: "{{ (drbd_src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport 7000:8000 -s {{ drbd_src_ip | join(',') }} -j ACCEPT"
+  tags: firewall,drbd
+

roles/drbd/tasks/main.yml

@@ -0,0 +1,7 @@
+---
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: install.yml
+  tags: always

roles/drbd/vars/RedHat-8.yml

@@ -0,0 +1,6 @@
+---
+
+drbd_packages:
+  - kmod-drbd90
+  - drbd-utils
+  - drbd-udev

roles/drbd_reactor/defaults/main.yml

@@ -0,0 +1,6 @@
+---
+
+# Port on which the prometheus exporter will listen
+drbd_reactor_prom_port: 9942
+# List of IP/CIDR for which the prometheus port will be opened
+drbd_reactor_prom_src_ip: []

roles/drbd_reactor/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+
+- name: restart drbd-reactor
+  service: name=drbd-reactor state=restarted
+  when: not drbd_reactor_started.changed

roles/drbd_reactor/meta/main.yml

@@ -0,0 +1,4 @@
+---
+
+dependencies:
+  - role: drbd

roles/drbd_reactor/tasks/conf.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Deploy DRBD Reactor configuration
+  template: src=drbd-reactor.toml.j2 dest=/etc/drbd-reactor.toml
+  notify: restart drbd-reactor
+  tags: drbd

roles/drbd_reactor/tasks/facts.yml

@@ -0,0 +1,11 @@
+---
+
+# Load distribution specific variables
+- include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_distribution }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}.yml"
+  tags: drbd
+

roles/drbd_reactor/tasks/install.yml

@@ -0,0 +1,18 @@
+---
+
+- name: Install packages
+  package: name={{ drbd_reactor_packages }}
+  tags: drbd
+
+- name: Install drbd-reactor-reload units
+  template: src=drbd-reactor-reload.{{ item }}.j2 dest=/etc/systemd/system/drbd-reactor-reload.{{ item }}
+  loop:
+    - path
+    - service
+  register: drbd_reactor_reload_unit
+  tags: drbd
+
+- name: Reload systemd
+  systemd: daemon_realod=True
+  when: drbd_reactor_reload_unit.changed
+  tags: drbd

roles/drbd_reactor/tasks/iptables.yml

@@ -0,0 +1,8 @@
+---
+
+- name: Handle prometheus port ports
+  iptables_raw:
+    name: drbd_reactor_prom_port
+    state: "{{ (drbd_reactor_prom_src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ drbd_reactor_prom_port }} -s {{ drbd_reactor_prom_src_ip | join(',') }} -j ACCEPT"
+  tags: firewall,drbd

roles/drbd_reactor/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: iptables.yml
+  when: iptables_manage | default(True)
+  tags: always
+
+- include_tasks: services.yml
+  tags: always

roles/drbd_reactor/tasks/services.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Start and enable the service
+  service: name=drbd-reactor state=started enabled=True
+  register: drbd_reactor_started
+  tags: drbd
+
+- name: Start drbd-reactor-reload
+  systemd: name=drbd-reactor-reload.path state=started enabled=True
+  tags: drbd

roles/drbd_reactor/templates/drbd-reactor-reload.path.j2

@@ -0,0 +1,8 @@
+[Unit]
+Description=Reload drbd-reactor on plugin changes
+
+[Path]
+PathChanged=/etc/drbd-reactor.d
+
+[Install]
+WantedBy=multi-user.target

roles/drbd_reactor/templates/drbd-reactor-reload.service.j2

@@ -0,0 +1,11 @@
+[Unit]
+Description=Reload drbd-reactor on plugin changes
+After=drbd-reactor.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/systemctl reload drbd-reactor.service
+
+[Install]
+WantedBy=multi-user.target
+

roles/drbd_reactor/templates/drbd-reactor.toml.j2

@@ -0,0 +1,9 @@
+snippets = "/etc/drbd-reactor.d"
+statistics-poll-interval = 60
+
+[[log]]
+level = "info"
+
+[[promotheus]]
+enums = false
+address = "0.0.0.0:{{ drbd_reactor_prom_port }}"

roles/drbd_reactor/vars/RedHat-8.yml

@@ -0,0 +1,4 @@
+---
+
+drbd_reactor_packages:
+  - drbd-reactor

roles/linstor_gateway/defaults/main.yml

@@ -0,0 +1,17 @@
+---
+
+# Version of linstor-gateway to install
+lingw_version: 0.13.1
+# URL where linstor-gateway will be downloaded
+lingw_bin_url: https://github.com/LINBIT/linstor-gateway/releases/download/v{{ linsat_gateway_version }}/linstor-gateway-linux-amd64
+# Expected sha256 of the binary
+lingw_bin_sha256: 83d4d13154caeee79a0bec01db4a571cc417301fc001eb0ee9a6210279201934
+
+# List of Linstor controllers
+lingw_controllers: ['http://localhost:3370']
+
+# List of IP/CIDR for which NFS service will be opened in the firewall
+lingw_nfs_src_ip: []
+
+# Same for iSCSI
+lingw_iscsi_src_ip: []

roles/linstor_gateway/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+
+- name: restart linstor-gateway
+  service: name=linstor-gateway state=restarted
+  when: not lingw_started.changed
+

roles/linstor_gateway/meta/main.yml

@@ -0,0 +1,5 @@
+---
+
+dependencies:
+  - role: drbd_reactor
+  - role: linstor_satellite

roles/linstor_gateway/tasks/conf.yml

@@ -0,0 +1,13 @@
+---
+
+- name: Configure Linstor Gateway
+  template: src=linstor-gateway.toml.j2 dest=/etc/linstor-gateway/linstor-gateway.toml
+  notify: restart linstor-gateway
+  tags: drbd
+
+- name: Install linstor-gateway completion
+  shell: linstor-gateway completion > /etc/bash_completion.d/linstor_gateway
+  args:
+    creates: /etc/bash_completion.d/linstor_gateway
+  tags: drbd
+

roles/linstor_gateway/tasks/directories.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Create linstor-gateway conf dir
+  file: path=/etc/linstor-gateway state=directory
+  tags: drbd
+

roles/linstor_gateway/tasks/facts.yml

@@ -0,0 +1,35 @@
+---
+
+# Load distribution specific variables
+- include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_distribution }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}.yml"
+  tags: drbd
+
+- set_fact: lingw_install_mode='none'
+  tags: drbd
+
+- name: Check if linstor-gateway is installed
+  stat: path=/usr/local/bin/linstor-gateway
+  register: lingw_bin
+  tags: drbd
+
+- when: not lingw_bin.stat.exists
+  set_fact: lingw_install_mode='install'
+  tags: drbd
+
+- when: lingw_bin.stat.exists
+  block:
+    - name: Detect installed version
+      shell: linstor-gateway version | perl -ne 'm/version (\d+(\.\d+)*)/ && print "$1\n"'
+      changed_when: False
+      register: lingw_current_version
+    - set_fact: lingw_current_version={{ lingw_current_version.stdout }}
+  tags: drbd
+
+- when: lingw_bin.stat.exists and lingw_current_version != lingw_version
+  set_fact: lingw_install_mode='upgrade'
+  tags: drbd

roles/linstor_gateway/tasks/install.yml

@@ -0,0 +1,22 @@
+---
+
+- name: Install linstor-gateway
+  get_url:
+    url: "{{ linsat_gateway_url }}"
+    dest: /usr/local/bin/linstor-gateway
+    checksum: sha256:{{ linsat_gateway_sha256 }}
+    mode: 755
+  when: lingw_install_mode != 'none'
+  tags: drbd
+
+- name: Install linstor-gateway service unit
+  template: src=linstor-gateway.service.j2 dest=/etc/systemd/system/linstor-gateway.service
+  notify: restart linstor-gateway
+  register: lingw_unit
+  tags: drbd
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: lingw_unit.changed
+  tags: drbd
+

roles/linstor_gateway/tasks/iptables.yml

@@ -0,0 +1,19 @@
+---
+
+- name: Handle NFS port
+  iptables_raw:
+    name: lingw_nfs_port
+    state: "{{ (lingw_nfs_src_ip | length > 0) | ternary('present','absent') }}"
+    rules: |
+      -A INPUT -m state --state NEW -p tcp --dport 2049 -s {{ lingw_nfs_src_ip | join(',') }} -j ACCEPT
+      -A INPUT -m state --state NEW -p tcp --dport 111 -s {{ lingw_nfs_src_ip | join(',') }} -j ACCEPT
+      -A INPUT -m state --state NEW -p udp --dport 111 -s {{ lingw_nfs_src_ip | join(',') }} -j ACCEPT
+  tags: firewall,drbd
+
+- name: Handle iSCSI port
+  iptables_raw:
+    name: lingw_iscsi_port
+    state: "{{ (lingw_iscsi_src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport 3260 -s {{ lingw_iscsi_src_ip | join(',') }} -j ACCEPT"
+  tags: firewall,drbd
+

roles/linstor_gateway/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: user.yml
+  tags: drbd
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: iptables.yml
+  when: iptables_manage | default(True)
+  tags: always
+
+- include_tasks: services.yml
+  tags: always

roles/linstor_gateway/tasks/services.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Ensure NFS server is disabled
+  service: name=nfs-server enabled=False
+  tags: drbd
+
+- name: Start and enable linstor-gateway
+  service: name=linstor-gateway state=started enabled=True
+  register: lingw_started
+  tags: drbd

roles/linstor_gateway/tasks/user.yml

@@ -0,0 +1,8 @@
+---
+
+- name: Create linstor-gateway user
+  user:
+    name: linstor-gateway
+    system: True
+    shell: /sbin/nologin
+  tags: drbd

roles/linstor_gateway/templates/linstor-gateway.service.j2

@@ -0,0 +1,10 @@
+[Unit]
+Description=LINSTOR Gateway
+After=network.target
+
+[Service]
+User=linstor-gateway
+ExecStart=/usr/local/bin/linstor-gateway server --addr "127.0.0.1:8080"
+
+[Install]
+WantedBy=multi-user.target

roles/linstor_gateway/templates/linstor-gateway.toml.j2

@@ -0,0 +1,6 @@
+[linstor]
+  controllers = [
+{% for url in lingw_controllers %}
+    "{{ url }}"
+{% endfor %}
+  ]

roles/linstor_gateway/vars/RedHat-8.yml

@@ -0,0 +1,7 @@
+---
+
+lingw_packages:
+  - nfs-utils
+  - targetcli
+  - resource-agents
+  - nvmetcli

roles/linstor_satellite/defaults/main.yml

@@ -0,0 +1,23 @@
+---
+
+# Port on which the satellite will listen
+linsat_api_port: 3366
+
+# URL of the linstor-controller API (you can set several and they will be tried in order)
+linsat_controllers_url:
+  - http://localhost:3370
+
+# List of IP/CIDR which can reach the API of the satellite (only Linstor controller should reach it)
+linsat_api_src_ip: []
+
+# HA NFS Service
+linsat_nfs_src_ip: []
+# HA iSCSI Service
+linsat_iscsi_src_ip: []
+
+# Version of linstor-gateway to install
+linsat_gateway_version: 0.13.1
+# URL where linstor-gateway will be downloaded
+linsat_gateway_url: https://github.com/LINBIT/linstor-gateway/releases/download/v{{ linsat_gateway_version }}/linstor-gateway-linux-amd64
+# Expected sha256 of the binary
+linsat_gateway_sha256: 83d4d13154caeee79a0bec01db4a571cc417301fc001eb0ee9a6210279201934

roles/linstor_satellite/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+
+- name: restart linstor-satellite
+  service: name=linstor-satellite state=restarted
+  when: not linsat_started
+

roles/linstor_satellite/meta/main.yml

@@ -0,0 +1,4 @@
+---
+
+dependencies:
+  - role: drbd

roles/linstor_satellite/tasks/conf.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Configure linstor-satellite
+  template: src=linstor_satellite.toml.j2 dest=/etc/linstor/linstor_satellite.toml
+  notify: restart linstor-satellite
+  tags: drbd
+

roles/linstor_satellite/tasks/directories.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Create linstor-satellite unit snippet dir
+  file: path=/etc/systemd/system/linstor-satellite.service.d state=directory
+  tags: drbd
+
+- name: Create linstor conf dir
+  file: path=/etc/linstor state=directory
+  tags: drbd
+

roles/linstor_satellite/tasks/facts.yml

@@ -0,0 +1,10 @@
+---
+
+# Load distribution specific variables
+- include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_distribution }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}.yml"
+  tags: drbd

roles/linstor_satellite/tasks/install.yml

@@ -0,0 +1,20 @@
+---
+
+- name: Install packages
+  package: name={{ linsat_packages }}
+  tags: drbd
+
+- name: Customize satellite service
+  copy:
+    content: |
+      [Service]
+      Type=notify
+    dest: /etc/systemd/system/linstor-satellite.service.d/99-ansible.conf
+  notify: restart linstor-satellite
+  register: linsat_unit
+  tags: drbd
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: linsat_unit.changed
+  tags: drbd

roles/linstor_satellite/tasks/iptables.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Handle API ports
+  iptables_raw:
+    name: linsat_api_port
+    state: "{{ (linsat_api_src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ linsat_api_port }} -s {{ linsat_api_src_ip | join(',') }} -j ACCEPT"
+  tags: firewall,drbd
+

roles/linstor_satellite/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: iptables.yml
+  when: iptables_manage | default(True)
+  tags: always
+
+- include_tasks: services.yml
+  tags: always

roles/linstor_satellite/tasks/services.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Start and enable the linstor-satellite
+  service: name=linstor-satellite state=started enabled=True
+  register: linsat_started
+  tags: drbd
+

roles/linstor_satellite/templates/drbd-reactor-reload.path.j2

@@ -0,0 +1,8 @@
+[Unit]
+Description=Reload drbd-reactor on plugin changes
+
+[Path]
+PathChanged=/etc/drbd-reactor.d
+
+[Install]
+WantedBy=multi-user.target

roles/linstor_satellite/templates/drbd-reactor-reload.service.j2

@@ -0,0 +1,11 @@
+[Unit]
+Description=Reload drbd-reactor on plugin changes
+After=drbd-reactor.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/systemctl reload drbd-reactor.service
+
+[Install]
+WantedBy=multi-user.target
+

roles/linstor_satellite/templates/linstor-gateway.service.j2

@@ -0,0 +1,9 @@
+[Unit]
+Description=LINSTOR Gateway
+After=network.target
+
+[Service]
+ExecStart=/usr/local/bin/linstor-gateway server --addr ":8080"
+
+[Install]
+WantedBy=multi-user.target

roles/linstor_satellite/templates/linstor-gateway.toml.j2

@@ -0,0 +1,6 @@
+[linstor]
+  controllers = [
+{% for url in linsat_controllers_url %}
+    "{{ url }}"
+{% endfor %}
+  ]

roles/linstor_satellite/templates/linstor_satellite.toml.j2

@@ -0,0 +1,11 @@
+[netcom]
+  type = "plain"
+  bind_address = "0.0.0.0"
+  port = {{ linsat_api_port }}
+
+[files]
+  allowExtFiles = [
+    "/etc/systemd/system",
+    "/etc/systemd/system/linstor-satellite.service.d",
+    "/etc/drbd-reactor.d"
+  ]

roles/linstor_satellite/vars/RedHat-8.yml

@@ -0,0 +1,5 @@
+---
+
+linsat_packages:
+  - linstor-satellite
+  - lvm2