evolix
/
ansible-roles
22
2
Fork 2
Code Issues 61 Pull Requests 18 Releases 32 Wiki Activity

evolinux-base: reorganize hardware section

This commit is contained in:
Jérémy Lecour 2023-03-18 18:36:50 +01:00 committed by Jérémy Lecour
parent 8f25dfe041
commit 38b106a8f2
5 changed files with 230 additions and 217 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
evolinux-base/tasks/hardware.dell.yml Normal file
View File

@ -0,0 +1,99 @@
---
## LSI MegaRAID 12GSAS/PCIe Secure SAS39xx
# This is still incompatible with Debian
- name: Check if PERC HBA11 device is present
ansible.builtin.shell: "lspci | grep -qE 'MegaRAID.*SAS39xx'"
check_mode: no
register: perc_hba11_search
failed_when: False
changed_when: False
tags:
- packages
- name: MegaCLI SAS package must not be installed if PERC HBA11 is present
block:
- name: Disable harware RAID tasks
ansible.builtin.set_fact:
evolinux_packages_hardware_raid: False
- name: blacklist mageclisas-status package
ansible.builtin.blockinfile:
dest: /etc/apt/preferences.d/0-blacklist
create: yes
marker: "## {mark} MEGACLISAS-STATUS BLACKLIST"
block: |
# DO NOT INSTALL THESE PACKAGES ON THIS SERVER
Package: megacli megaclisas-status
Pin: version *
Pin-Priority: -100
- name: Remove MegaCLI packages
ansible.builtin.apt:
name:
- megacli
- megaclisas-status
state: absent
when: perc_hba11_search.rc == 0
- name: MegaCLI SAS package is present
block:
- name: HWRaid GPG key is installed
ansible.builtin.copy:
src: hwraid.le-vert.net.asc
dest: "{{ apt_keyring_dir }}/hwraid.le-vert.net.asc"
force: yes
mode: "0644"
owner: root
group: root
tags:
- packages
when: ansible_distribution_major_version is version('9', '>=')
- name: Add HW tool repository (Debian <12)
ansible.builtin.apt_repository:
repo: 'deb [signed-by={{ apt_keyring_dir }}/hwraid.le-vert.net.asc] http://hwraid.le-vert.net/debian {{ ansible_distribution_release }} main'
state: present
tags:
- packages
when:
- ansible_distribution_major_version is version('12', '<')
- name: Add HW tool repository (Debian >=12)
ansible.builtin.template:
src: hardware/hwraid.le-vert.net.sources.j2
dest: /etc/apt/sources.list.d/hwraid.le-vert.net.sources
tags:
- packages
when:
- ansible_distribution_major_version is version('12', '>=')
- name: Install packages for DELL/LSI hardware
ansible.builtin.apt:
name:
- megacli
- megaclisas-status
allow_unauthenticated: yes
tags:
- packages
- name: Configure packages for DELL/LSI hardware
ansible.builtin.template:
src: hardware/megaclisas-statusd.j2
dest: /etc/default/megaclisas-statusd
mode: "0755"
tags:
- config
- name: megaclisas-statusd is enabled and started
ansible.builtin.systemd:
name: megaclisas-statusd
enabled: true
state: restarted
tags:
- packages
- config
when:
- "'MegaRAID' in raidmodel.stdout"

87
evolinux-base/tasks/hardware.hp.yml Normal file
View File

@ -0,0 +1,87 @@
---
- name: HPE GPG key is installed
ansible.builtin.copy:
src: hpePublicKey2048_key1.asc
dest: "{{ apt_keyring_dir }}/hpePublicKey2048_key1.asc"
force: yes
mode: "0644"
owner: root
group: root
tags:
- packages
- name: Add HPE repository (Debian <12)
ansible.builtin.apt_repository:
repo: 'deb [signed-by={{ apt_keyring_dir }}/hpePublicKey2048_key1.asc] https://downloads.linux.hpe.com/SDR/repo/mcp {{ ansible_distribution_release }}/current non-free'
state: present
tags:
- packages
when:
- ansible_distribution_major_version is version('12', '<')
- name: Add HPE repository (Debian >=12)
ansible.builtin.template:
src: hardware/hp.sources.j2
dest: /etc/apt/sources.list.d/hp.sources
tags:
- packages
when:
- ansible_distribution_major_version is version('12', '>=')
- name: Install HPE Smart Storage Administrator (ssacli)
ansible.builtin.apt:
name: ssacli
tags:
- packages
# NOTE: check_hpraid cron use check_hpraid from nagios-nrpe role
# So, if nagios-nrpe role is not installed it will not work
- name: Install and configure check_hpraid cron (HP gen >=10)
block:
- name: check_hpraid cron is present (HP gen >=10)
ansible.builtin.copy:
src: check_hpraid.cron.sh
dest: /etc/cron.{{ evolinux_cron_checkhpraid_frequency | mandatory }}/check_hpraid
mode: "0755"
tags:
- config
when:
- "'Adaptec Smart Storage PQI' in raidmodel.stdout"
- name: Install and configure cciss-vol-status (HP gen <10)
block:
- name: Install cciss-vol-status (HP gen <10)
ansible.builtin.apt:
name: cciss-vol-status
state: present
tags:
- packages
- name: cciss-vol-statusd init script is present (HP gen <10)
ansible.builtin.template:
src: hardware/cciss-vol-statusd.j2
dest: /etc/init.d/cciss-vol-statusd
mode: "0755"
tags:
- packages
- name: Configure cciss-vol-statusd (HP gen <10)
ansible.builtin.lineinfile:
dest: /etc/default/cciss-vol-statusd
line: 'MAILTO="{{ raid_alert_email or general_alert_email | mandatory }}"'
regexp: 'MAILTO='
create: yes
tags:
- config
- name: Enable cciss-vol-status in systemd (HP gen <10)
ansible.builtin.systemd:
name: cciss-vol-statusd
enabled: true
state: restarted
tags:
- packages
- config
when:
- "'Hewlett-Packard Company Smart Array' in raidmodel.stdout"

245
evolinux-base/tasks/hardware.yml
View File

@ -1,15 +1,24 @@
---
- name: Install pciutils
apt:
ansible.builtin.apt:
name: pciutils
state: present
tags:
- packages
- name: firmware-non-free components are installed (Debian 12+)
ansible.builtin.replace:
dest: /etc/apt/sources.list.d/system.sources
regexp: '^(Components: ((?!\bfirmware-non-free\b).)*)$'
replace: '\1 firmware-non-free'
when:
- ansible_distribution_major_version is version('12', '>=')
## Broadcom NetXtreme II
- name: Check if Broadcom NetXtreme II device is present
shell: "lspci | grep -q 'NetXtreme II'"
ansible.builtin.shell:
cmd: "lspci | grep -q 'NetXtreme II'"
check_mode: no
register: broadcom_netextreme_search
failed_when: False
@ -17,23 +26,21 @@
tags:
- packages
# TODO: add the "non-free" part to the existing sources
# instead of adding a new source
- name: Add non-free repo for Broadcom NetXtreme II
include_role:
name: evolix/apt
tasks_from: basics.yml
vars:
apt_basics_components: "main contrib non-free"
- name: Add non-free repo for Broadcom NetXtreme II (Debian <12)
ansible.builtin.replace:
dest: /etc/apt/sources.list
regexp: '^(main ((?!\bnon-free\b).)*)$'
replace: '\1 non-free'
tags:
- packages
when: broadcom_netextreme_search.rc == 0
when:
- broadcom_netextreme_search.rc == 0
- ansible_distribution_major_version is version('12', '<')
## Baremetal servers
## Dedicated hardware
- name: Install some additionnals tools when it dedicated hardware
apt:
ansible.builtin.apt:
name:
- libipc-run-perl
- freeipmi
@ -43,14 +50,13 @@
state: present
tags:
- packages
when: ansible_virtualization_role == "host"
## RAID
# Dell and others: MegaRAID SAS
# HP gen <10: Hewlett-Packard Company Smart Array
# HP gen >=10: Adaptec Smart Storage PQI
- name: Detect if RAID is installed
shell:
ansible.builtin.shell:
cmd: "lspci -q | grep -e 'RAID bus controller' -e 'Serial Attached SCSI controller'"
executable: /bin/bash
check_mode: no
@ -60,211 +66,16 @@
tags:
- packages
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- packages
- name: HPE Smart Storage Administrator (ssacli) is present
block:
- name: HPE GPG embedded key is absent
apt_key:
id: "26C2B797"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- packages
- name: HPE GPG key is installed
copy:
src: hpePublicKey2048_key1.asc
dest: "{{ apt_keyring_dir }}/hpePublicKey2048_key1.asc"
force: yes
mode: "0644"
owner: root
group: root
tags:
- packages
- name: Add HPE repository
apt_repository:
repo: 'deb [signed-by={{ apt_keyring_dir }}/hpePublicKey2048_key1.asc] https://downloads.linux.hpe.com/SDR/repo/mcp {{ ansible_distribution_release }}/current non-free'
state: present
tags:
- packages
- name: Remove unsigned HPE repository
apt_repository:
repo: 'deb https://downloads.linux.hpe.com/SDR/repo/mcp {{ ansible_distribution_release }}/current non-free'
state: absent
tags:
- packages
- name: Install HPE Smart Storage Administrator (ssacli)
apt:
name: ssacli
tags:
- packages
- name: "HP"
import_tasks: hardware.hp.yml
when:
- "'Hewlett-Packard Company Smart Array' in raidmodel.stdout"
- "'Adaptec Smart Storage PQI' in raidmodel.stdout"
- "'Hewlett-Packard Company Smart Array' in raidmodel.stdout or 'Adaptec Smart Storage PQI' in raidmodel.stdout"
- evolinux_packages_hardware_raid | bool
# NOTE: check_hpraid cron use check_hpraid from nagios-nrpe role
# So, if nagios-nrpe role is not installed it will not work
- name: Install and configure check_hpraid cron (HP gen >=10)
block:
- name: check_hpraid cron is present (HP gen >=10)
copy:
src: check_hpraid.cron.sh
dest: /etc/cron.{{ evolinux_cron_checkhpraid_frequency | mandatory }}/check_hpraid
mode: "0755"
tags:
- config
when: "'Adaptec Smart Storage PQI' in raidmodel.stdout"
- name: Install and configure cciss-vol-status (HP gen <10)
block:
- name: Install cciss-vol-status (HP gen <10)
apt:
name: cciss-vol-status
state: present
tags:
- packages
- name: cciss-vol-statusd init script is present (HP gen <10)
template:
src: hardware/cciss-vol-statusd.j2
dest: /etc/init.d/cciss-vol-statusd
mode: "0755"
tags:
- packages
- name: Configure cciss-vol-statusd (HP gen <10)
lineinfile:
dest: /etc/default/cciss-vol-statusd
line: 'MAILTO="{{ raid_alert_email or general_alert_email | mandatory }}"'
regexp: 'MAILTO='
create: yes
tags:
- config
- name: Enable cciss-vol-status in systemd (HP gen <10)
service:
name: cciss-vol-statusd
enabled: true
state: restarted
tags:
- packages
- config
when:
- "'Hewlett-Packard Company Smart Array' in raidmodel.stdout"
- evolinux_packages_hardware_raid | bool
## LSI MegaRAID 12GSAS/PCIe Secure SAS39xx
# This is still incompatible with Debian
- name: Check if PERC HBA11 device is present
shell: "lspci | grep -qE 'MegaRAID.*SAS39xx'"
check_mode: no
register: perc_hba11_search
failed_when: False
changed_when: False
tags:
- packages
- name: MegaCLI SAS package must not be installed if PERC HBA11 is present
block:
- name: Disable harware RAID tasks
set_fact:
evolinux_packages_hardware_raid: False
- name: blacklist mageclisas-status package
blockinfile:
dest: /etc/apt/preferences.d/0-blacklist
create: yes
marker: "## {mark} MEGACLISAS-STATUS BLACKLIST"
block: |
# DO NOT INSTALL THESE PACKAGES ON THIS SERVER
Package: megacli megaclisas-status
Pin: version *
Pin-Priority: -100
- name: Remove MegaCLI packages
apt:
name:
- megacli
- megaclisas-status
state: absent
when: perc_hba11_search.rc == 0
- name: MegaCLI SAS package is present
block:
- name: HWRaid embedded GPG key is absent
apt_key:
id: "23B3D3B4"
keyring: /etc/apt/trusted.gpg
state: absent
tags:
- packages
when: _trusted_gpg_keyring.stat.exists
- name: HWRaid GPG key is installed
copy:
src: hwraid.le-vert.net.asc
dest: "{{ apt_keyring_dir }}/hwraid.le-vert.net.asc"
force: yes
mode: "0644"
owner: root
group: root
tags:
- packages
when: ansible_distribution_major_version is version('9', '>=')
- name: Add HW tool repository
apt_repository:
repo: 'deb [signed-by={{ apt_keyring_dir }}/hwraid.le-vert.net.asc] http://hwraid.le-vert.net/debian {{ ansible_distribution_release }} main'
state: present
tags:
- packages
- name: Remove unsigned HW tool repository
apt_repository:
repo: 'deb http://hwraid.le-vert.net/debian {{ ansible_distribution_release }} main'
state: absent
tags:
- packages
- name: Install packages for DELL/LSI hardware
apt:
name:
- megacli
- megaclisas-status
allow_unauthenticated: yes
tags:
- packages
- name: Configure packages for DELL/LSI hardware
template:
src: hardware/megaclisas-statusd.j2
dest: /etc/default/megaclisas-statusd
mode: "0755"
tags:
- config
- name: Enable DELL/LSI hardware in systemd
service:
name: megaclisas-statusd
enabled: true
state: restarted
tags:
- packages
- config
- name: "Dell"
import_tasks: hardware.dell.yml
when:
- "'MegaRAID' in raidmodel.stdout"
- evolinux_packages_hardware_raid | bool
- meta: flush_handlers
- ansible.builtin.meta: flush_handlers

8
evolinux-base/templates/hardware/hp.sources.j2 Normal file
View File

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: https://downloads.linux.hpe.com/SDR/repo/mcp
Suites: {{ ansible_distribution_release }}/current
Components: non-free
Signed-by: {{ apt_keyring_dir }}/hpePublicKey2048_key1.asc
Enabled: yes

8
evolinux-base/templates/hardware/hwraid.le-vert.net.sources.j2 Normal file
View File

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: http://hwraid.le-vert.net/debian
Suites: {{ ansible_distribution_release }}
Components: main
Signed-by: {{ apt_keyring_dir }}/hwraid.le-vert.net.asc]
Enabled: yes