dfritz/playbooks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial migration and clean-up from previous repo

Browse Source
This commit is contained in:
Donavan Fritz 2024-06-07 13:43:00 -07:00
commit ec76d50c7b
17 changed files with 745 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.gitignore vendored Normal file
View File

@ -0,0 +1,6 @@
vault*
venv/*
.venv/*
.idea/*

57
README.md Normal file
View File

@ -0,0 +1,57 @@
# Fritzlab Ansible Playbooks
---
### Proxmox Hosts
We manage Proxmox hosts via Ansible.
The following playbook will set the Proxmox settings for all hosts in the inventory file.
```bash
$ ansible-playbook --vault-password-file vault-password compute/playbook-host-proxmox.yaml -i compute/inventory-host-proxmox.yaml
```
### Dell iDRAC
We manage Dell iDRAC settings via Ansible (via Redfish API).
The following playbook will set the iDRAC settings for all hosts in the inventory file.
```bash
$ ansible-playbook --vault-password-file vault-password compute/playbook-machine-idrac.yaml -i compute/inventory-machine-idrac.yaml
```
### Secrets
We use ansible-vault to encrypt secrets.
The vault password is assumed to be available in a file called `vault-password`.
This password file is not stored in the repository and must be created by the user.
It is stored in 1Password under the name `Ansible Vault Password`.
#### Add new secret into an inventory file
Here is how to encrypt a new secret with ansible-vault:
```bash
$ ansible-vault encrypt_string --vault-password-file vault-password <super-secret-text>
!vault |
$ANSIBLE_VAULT;1.1;AES256
64383837303638393966666536323131376366613531613966633532633439343961663934373263
6237393730666235326365326430396231623031613166340a386363653865656432373138616232
34393765326262373435373334653838366562616465333536633335356637353335333839613233
6337316139363334650a393238656266643965333630343166366335616539393838366333323934
65616636656235373738306561316431336232376165356465623232313465303435
```
The result is a string that can be used in a playbook.
```yaml
dell_machines:
hosts:
host001:
idrac_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
65356164386561376463613762323663633466653432643561313230393131356635646361353265
6437613034393061336565366465656539326366326430650a366331383165333136326535633833
39336366666137623230393261633166313837303432653336636363393936323133636366313636
3738316235663337370a333031643466323962643034313433666236313831643861656461643833
35316235356566333761333635356337373632646365343364373563613034636334
```

138
compute/inventory-host-proxmox.yaml Normal file
View File

@ -0,0 +1,138 @@
all:
hosts:
# dell poweredge r640 hosts
host001:
ansible_user: root
ansible_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
62396366303338343231383764336164626531613464616535663237346439313133656162646233
3435323336663030613038653831393366376637353933300a303130626663313563313434316564
38653161303031303935666534613933323437393965353332666637666132393036666531613232
3766333934383130310a343137326561316561306138636163313632366662306337623232336166
32666561303536636136316634383562633232333632363430643239333436336433
ansible_host: host001.sjc001.fritzlab.net
ipv4_address: 172.25.6.101
ipv6_address: 2602:817:3000:c206::101
host002:
ansible_user: root
ansible_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
31653536313038353937653034643230366637363464333534653065363261313565323935613561
3830653463613463626466393961383531353233626330630a616131373837656133383534393537
66643463626336393161323733383230323131323062343062656139613330623461646338393035
6562613235393039650a386666343039653739623336303430353835313461336331646430363063
38633438353737303932613330356532386138346265316432616564346239343836
ansible_host: host002.sjc001.fritzlab.net
ipv4_address: 172.25.6.102
ipv6_address: 2602:817:3000:c206::102
host003:
ansible_user: root
ansible_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
64306133313464643937343234636132343839313465646131623866626461333537383337613537
3365313231663034663339373633653461643463666638300a323531366265613531356338643736
39343331663230333165633431366466313838636432636638333965333937313834323732346536
6131353761376366640a316131346538323965633536613965306639633032343439313962386630
33366530393336336466623461333738313566663663663336616230353735373865
ansible_host: host003.sjc001.fritzlab.net
ipv4_address: 172.25.6.103
ipv6_address: 2602:817:3000:c206::103
host004:
ansible_user: root
ansible_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
30343932313439653462613862333838366438383066613466633431373038306338346635306562
3362306632323435383332633633616563626238346435300a663137393532666239303862663061
31646361323562383866663062633337316664393164373436653730316431376133613262653339
6439363865303266640a376232366234666563393638613935656230386631643364333832393036
35653462306330393735363061636234623564643764653936353939616230646233
ansible_host: host004.sjc001.fritzlab.net
ipv4_address: 172.25.6.104
ipv6_address: 2602:817:3000:c206::104
# Intel NUC hosts
host201:
ansible_user: root
ansible_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
63366438616366643633383736323435656637386137376166613765663962623761333762663461
3966613863636636376636343533623936666334626336620a623433363830326262663238636532
34323731623766396163313063333266666266396539616533626135656661393064613530326633
3336643339616434650a313464653764666264346564363166656531306165613037623035333038
33336337303565663530626632666462313832316231306633333263396164306462
ansible_host: host201.sjc001.fritzlab.net
ipv4_address: 172.25.6.201
ipv6_address: 2602:817:3000:c206::201
host202:
ansible_user: root
ansible_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
61633065303062393637303631356165643930666134366233326635356230666465326466376639
3564346461363335373238366633666261613536303062300a393262653233623934303563323162
64313263616132636233636463663436326430303030646234653939646661626366643263623364
3262366331643733380a343439633763653563356634366336323866366563313130333036353765
61303333313935316232303064653833373466623533613935383161323938633761
ansible_host: host202.sjc001.fritzlab.net
ipv4_address: 172.25.6.202
ipv6_address: 2602:817:3000:c206::202
host203:
ansible_user: root
ansible_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
66313132663037653035623066333133393736656362663062313261313465316232326262346533
3537313839613736663963656463393264666538623562650a393532333264333933303230616639
36363136616562333433623863336262323939623732303934626162366133326162363966623139
6635653538646465360a333363656135643431396562663239373537643964633063633266613630
32343164396531666665656130373132386562626533326562636234613233623566
ansible_host: host203.sjc001.fritzlab.net
ipv4_address: 172.25.6.203
ipv6_address: 2602:817:3000:c206::203
host204:
ansible_user: root
ansible_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
30356265386433663730306532306430616632333033356630656233346332386633323337646330
3533363566356362373639363063333863393663316438650a366263356238393938616561653037
36383332373137616165346535653063636431653365613335656533313064666633623635643938
3639306462303639630a316238613166376335393165663564386263313933333766323232333533
62316137383036373162376262353231663062393636346136356539653234306235
ansible_host: host204.sjc001.fritzlab.net
ipv4_address: 172.25.6.204
ipv6_address: 2602:817:3000:c206::204
vars:
ipv6_prefix_len: 64
ipv6_gateway: 2602:817:3000:c206::A
ipv4_prefix_len: 24
ipv4_gateway: 172.25.6.254
resolvers:
- 2602:817:3000:c608::202
- 2602:817:3000:c608::203
- 142.202.202.202
- 142.202.203.204
domain_name: "fritzlab.net"
vlans:
# DMZ
630: DMZ_USER
600: DMZ_TRANSIT
603: DMZ_TRANSIT_FRITZLAB
604: DMZ_TRANSIT_VINO
606: DMZ_SERVER1
607: DMZ_SERVER_MSP
608: DMZ_DNS
666: DMZ_SERVER6
# FRITZLAB
200: FRITZLAB_TRANSIT
204: FRITZLAB_MANAGEMENT4
205: FRITZLAB_MANAGEMENT
206: FRITZLAB_SERVER
207: FRITZLAB_USER
260: FRITZLAB_SERVER6
270: FRITZLAB_USER6
# VINO
300: VINO_TRANSIT
306: VINO_SERVER
307: VINO_USER
360: VINO_SERVER6
370: VINO_USER6

73
compute/inventory-machine-idrac.yaml Normal file
View File

@ -0,0 +1,73 @@
dell_machines:
hosts:
host001:
idrac_user: root
idrac_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
65356164386561376463613762323663633466653432643561313230393131356635646361353265
6437613034393061336565366465656539326366326430650a366331383165333136326535633833
39336366666137623230393261633166313837303432653336636363393936323133636366313636
3738316235663337370a333031643466323962643034313433666236313831643861656461643833
35316235356566333761333635356337373632646365343364373563613034636334
ipv4_address: 172.25.5.101
ipv4_gateway: 172.25.5.254
ipv4_mask: 255.255.255.0
ipv4_dns_1: 142.202.202.202
ipv6_address: 2602:817:3000:C205::101
ipv6_gateway: 2602:817:3000:C205::A
ipv6_prefix_len: 64
ipv6_dns_1: 2602:817:3000:c607::203
host002:
idrac_user: root
idrac_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
64383837303638393966666536323131376366613531613966633532633439343961663934373263
6237393730666235326365326430396231623031613166340a386363653865656432373138616232
34393765326262373435373334653838366562616465333536633335356637353335333839613233
6337316139363334650a393238656266643965333630343166366335616539393838366333323934
65616636656235373738306561316431336232376165356465623232313465303435
ipv4_address: 172.25.5.102
ipv4_gateway: 172.25.5.254
ipv4_mask: 255.255.255.0
ipv4_dns_1: 142.202.202.202
ipv6_address: 2602:817:3000:C205::102
ipv6_gateway: 2602:817:3000:C205::A
ipv6_prefix_len: 64
ipv6_dns_1: 2602:817:3000:c607::203
host003:
idrac_user: root
idrac_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
65376638303736373436663038396632613035393461303131383933633933313734306532363230
3930343335323535383266333335333137663364316361620a643666663936653737663962613030
32376430323735346435623261656261343535376162643435653639343065666331353034656330
3061666336326131300a613137623161313063313535333266303933346639363537373466616165
30333230623238356639313565376530663039383162613038373362303063316331
ipv4_address: 172.25.5.103
ipv4_gateway: 172.25.5.254
ipv4_mask: 255.255.255.0
ipv4_dns_1: 142.202.202.202
ipv6_address: 2602:817:3000:C205::103
ipv6_gateway: 2602:817:3000:C205::A
ipv6_prefix_len: 64
ipv6_dns_1: 2602:817:3000:c607::203
host004:
idrac_user: root
idrac_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
66333238656166383431323739373466333163353534303936323264323034663263623630646630
6133646630613666303838653764383938376537636632640a376330366161666466623830343133
32666630306437323839393564316139343664666161623333633365643839306631383337383330
3833643366396262620a363065396134346635353234663835616162323062303132393662333236
37396434316334333730306633626261646531356662336634306663663832363431
ipv4_address: 172.25.5.104
ipv4_gateway: 172.25.5.254
ipv4_mask: 255.255.255.0
ipv4_dns_1: 142.202.202.202
ipv6_address: 2602:817:3000:C205::104
ipv6_gateway: 2602:817:3000:C205::A
ipv6_prefix_len: 64
ipv6_dns_1: 2602:817:3000:c607::203
vars:
snmp_trap_dst_ipv4_1: 0.0.0.0

153
compute/playbook-host-proxmox.yaml Normal file
View File

@ -0,0 +1,153 @@
---
- name: Configure Network and DNS settings on Proxmox Host
hosts:
- host20*
become: true
tasks:
- name: Set system hostname to inventory hostname
hostname:
name: "{{ inventory_hostname }}.{{ domain_name }}"
- name: Configure base bond network interfaces for Dell PowerEdge R640
template:
src: interface-base-dell.j2
dest: /etc/network/interfaces.d/base
notify: restart networking
when: inventory_hostname.startswith('host0')
- name: Configure network interfaces for Dell PowerEdge R640
template:
src: interface-main-dell.j2
dest: /etc/network/interfaces
notify: restart networking
when: inventory_hostname.startswith('host0')
- name: Configure base vlan network interfaces for Intel NUCs
template:
src: interface-base-intel.j2
dest: /etc/network/interfaces.d/base
notify: restart networking
when: inventory_hostname.startswith('host2')
- name: Configure network interfaces for Intel NUCs
template:
src: interface-main-intel.j2
dest: /etc/network/interfaces
notify: restart networking
when: inventory_hostname.startswith('host2')
- name: Configure resolv.conf for DNS settings
template:
src: resolv.conf.j2
dest: /etc/resolv.conf
- name: Configure /ets/hosts
template:
src: hosts.j2
dest: /etc/hosts
- name: Set timezone to UTC
ansible.builtin.timezone:
name: UTC
- name: Configure NTP (Chrony)
template:
src: chrony.conf.j2
dest: /etc/chrony/chrony.conf
notify: restart chrony
- name: Create managed .bashrc file
template:
src: bashrc_managed.j2
dest: "/root/.bashrc_managed"
- name: Ensure .bashrc includes the managed file
lineinfile:
path: "/root/.bashrc"
line: 'if [ -f ~/.bashrc_managed ]; then . ~/.bashrc_managed; fi'
insertbefore: EOF
- name: Copy SSH public key to remote host
authorized_key:
user: root
state: present
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKfPOnXImpSaSDzHLtlv6tenIdWhZEA15WWbkNCkM0u8q8eefJYMEkdT0F+46rilxjVnB0wmWcVUFmU8uT2YqfUczYb185LDKeSC5qQI/J+XibxeZNkE7swcTy9nj/dRqO2OpKPJnWUTQAUrgY7hmZYtOx8cjuQUvuRA1yBi5AuGFrHG0NKLr1h7AriLhkTv1xYAQ0W9wrG3hw882oLf1cLSAKWWhJX0XrlqKJQ5bqmt8yW3JO+Twdm2KDbxkR3IiHgpyfe9/zf5STMBejP2gXG0vpbRoVM9X10BtWDo22JudPEt2Wdy7qe7UqZLlNjHaYkUVTtN+JEf4ZoaBUf98t dfritz@desktops-mbp.corp.netflix.com"
- name: Check if PVE enterprise apt sources file exists
stat:
path: /etc/apt/sources.list.d/pve-enterprise.list
register: pve_apt_source_enterprise
- name: Move PVE enterprise apt sources, if file exists
command: mv /etc/apt/sources.list.d/pve-enterprise.list /etc/apt/sources.list.d/pve-enterprise.list.old
when: pve_apt_source_enterprise.stat.exists
- name: Check if PVE ceph apt sources file exists
stat:
path: /etc/apt/sources.list.d/ceph.list
register: pve_apt_source_ceph
- name: Move PVE ceph apt sources, if file exists
command: mv /etc/apt/sources.list.d/ceph.list /etc/apt/sources.list.d/ceph.list.old
when: pve_apt_source_ceph.stat.exists
- name: Manage apt sources
template:
src: sources.j2
dest: "/etc/apt/sources.list"
- name: Manage .digrc
template:
src: digrc.j2
dest: "/root/.digrc"
- name: Update apt repos
apt:
update_cache: yes
- name: Install packages
apt:
state: present
name:
- htop
- nano
- wget
- curl
- iperf3
- name: Update all host/vm packages
ansible.builtin.apt:
update_cache: true
cache_valid_time: 3600
name: "*"
state: latest
- name: Ensure ISO mount point directory exists
ansible.builtin.file:
path: /mnt/iso-images/template/iso
state: directory
- name: Insert/update NFS mount block in /etc/fstab
notify: reload fstab
ansible.builtin.blockinfile:
path: /etc/fstab
block: |
nas001.sjc001.fritzlab.net:/mnt/main/iso /mnt/iso-images/template/iso nfs4 rw 0 0
marker: "# {mark} ANSIBLE MANAGED BLOCK for NFS mounts"
backup: yes
handlers:
- name: restart networking
command: ifreload -a
- name: restart chrony
systemd:
name: chrony
state: restarted
- name: restart pveproxy
systemd:
name: pveproxy
state: restarted
- name: reload fstab
command: mount -a

99
compute/playbook-machine-idrac.yaml Normal file
View File

@ -0,0 +1,99 @@
---
- name: Configure Dell Server with OpenManage Ansible Modules
hosts:
- host001
# these are required because the module is running locally and
# connecting to the iDRAC over HTTP/HTTPS
gather_facts: false
connection: local
vars:
common_idrac_settings: &common_idrac_settings
idrac_ip: "{{ ipv6_address }}"
idrac_user: "{{ idrac_user }}"
idrac_password: "{{ idrac_password }}"
validate_certs: false
tasks:
- name: Set Name
dellemc.openmanage.idrac_attributes:
<<: *common_idrac_settings
idrac_attributes:
"WebServer.1.ManualDNSEntry": "idrac.{{ inventory_hostname }}.sjc001.fritzlab.net"
"NIC.1.DNSDomainName": "{{ inventory_hostname }}"
"NIC.1.DNSRacName": "{{ inventory_hostname }}"
"NICStatic.1.DNSDomainName": "{{ inventory_hostname }}"
- name: Set IPv6 Address
dellemc.openmanage.idrac_attributes:
<<: *common_idrac_settings
idrac_attributes:
"IPv6.1.Enable": "Enabled"
"IPv6Static.1.DNSFromDHCP6": "Disabled"
"IPv6.1.AutoConfig": "Disabled"
"IPv6Static.1.Address1": "{{ ipv6_address }}"
"IPv6Static.1.PrefixLength": "{{ ipv6_prefix_len }}"
"IPv6Static.1.Gateway": "{{ ipv6_gateway }}"
"IPv6Static.1.DNS1": "{{ ipv6_dns_1 }}"
- name: Set IPv4 Address
dellemc.openmanage.idrac_attributes:
<<: *common_idrac_settings
idrac_attributes:
"IPv4.1.Enable": "Enabled"
"IPv4.1.DHCPEnable": "Disabled"
"IPv4.1.DNSFromDHCP": "Disabled"
"IPv4Static.1.Address": "{{ ipv4_address }}"
"IPv4Static.1.DNS1": "{{ ipv4_dns_1 }}"
"IPv4Static.1.Gateway": "{{ ipv4_gateway }}"
"IPv4Static.1.Netmask": "{{ ipv4_mask }}"
- name: Set SNMP Settings
dellemc.openmanage.idrac_attributes:
<<: *common_idrac_settings
idrac_attributes:
# pollers settings
"SNMPAlert.1.Destination": ""
"SNMPAlert.1.SNMPv3Username": ""
"SNMPAlert.2.Destination": ""
"SNMPAlert.2.SNMPv3Username": ""
"SNMPAlert.3.Destination": ""
"SNMPAlert.3.SNMPv3Username": ""
"SNMPAlert.4.Destination": ""
"SNMPAlert.4.SNMPv3Username": ""
"SNMPAlert.5.Destination": "::"
"SNMPAlert.5.SNMPv3Username": ""
"SNMPAlert.6.Destination": "::"
"SNMPAlert.6.SNMPv3Username": ""
"SNMPAlert.7.Destination": "::"
"SNMPAlert.7.SNMPv3Username": ""
"SNMPAlert.8.Destination": "::"
"SNMPAlert.8.SNMPv3Username": ""
# trap settings
"SNMPTrapIPv4.1.DestIPv4Addr": "{{ snmp_trap_dst_ipv4_1 }}"
"SNMPTrapIPv4.2.DestIPv4Addr": "0.0.0.0"
"SNMPTrapIPv4.3.DestIPv4Addr": "0.0.0.0"
"SNMPTrapIPv4.4.DestIPv4Addr": "0.0.0.0"
"SNMPTrapIPv6.1.DestIPv6Addr": "::"
"SNMPTrapIPv6.2.DestIPv6Addr": "::"
"SNMPTrapIPv6.3.DestIPv6Addr": "::"
- name: Auto Attach Virtual Media
dellemc.openmanage.idrac_attributes:
<<: *common_idrac_settings
idrac_attributes:
"VirtualMedia.1.Attached": "AutoAttach"
- name: Disable auto discovery
dellemc.openmanage.idrac_attributes:
<<: *common_idrac_settings
idrac_attributes:
"Autodiscovery.1.EnableIPChangeAnnounce": "Disabled"
"Autodiscovery.1.EnableIPChangeAnnounceFromDHCP": "Enabled"
"Autodiscovery.1.EnableIPChangeAnnounceFromUnicastDNS": "Enabled"
"Autodiscovery.1.EnableIPChangeAnnounceFrommDNS": "Enabled"
"Autodiscovery.1.SendTestAnnouncement": "Disabled"

6
compute/templates/bashrc_managed.j2 Normal file
View File

@ -0,0 +1,6 @@
#
# This file is managed by Ansible, do not edit manually.
#
alias ll="ls -lFah"
alias sudo=""

27
compute/templates/chrony.conf.j2 Normal file
View File

@ -0,0 +1,27 @@
#
# This file is managed by Ansible, do not edit manually.
#
server 0.debian.pool.ntp.org. iburst prefer
server 1.debian.pool.ntp.org. iburst
server 2.debian.pool.ntp.org. iburst
server 3.debian.pool.ntp.org. iburst
# Log files location.
logdir /var/log/chrony
# Stop bad estimates upsetting machine clock.
maxupdateskew 100.0
# This directive enables kernel synchronisation (every 11 minutes) of the
# real-time clock. Note that it can't be used along with the 'rtcfile' directive.
rtcsync
# Step the system clock instead of slewing it if the adjustment is larger than
# one second, but only in the first three clock updates.
makestep 1 3
# Get TAI-UTC offset and leap seconds from the system tz database.
# This directive must be commented out when using time sources serving
# leap-smeared time.
leapsectz right/UTC

1
compute/templates/digrc.j2 Normal file
View File

@ -0,0 +1 @@
-t aaaa

4
compute/templates/fstab.j2 Normal file
View File

@ -0,0 +1,4 @@
nas001.sjc001.fritzlab.net:/mnt/main/iso /mnt/iso-images/template/iso nfs4 rw 0 0

34
compute/templates/hosts.j2 Normal file
View File

@ -0,0 +1,34 @@
#
# This file is managed by Ansible, do not edit manually.
#
# Loopback
127.0.0.1 localhost.localdomain
127.0.0.1 localhost
::1 localhost.localdomain
::1 localhost
# IPv4 addresses
{% if ansible_facts['all_ipv4_addresses'] %}
{% for ip in ansible_facts['all_ipv4_addresses'] %}
{{ ip }} {{ inventory_hostname}}
{{ ip }} {{ inventory_hostname }}.{{ domain_name }}
{% endfor %}
{% endif %}
# IPv6 addresses
{% if ansible_facts['all_ipv6_addresses'] %}
{% for ip in ansible_facts['all_ipv6_addresses'] %}
{% if not ip.startswith('fe80') %}
{{ ip }} {{ inventory_hostname}}
{{ ip }} {{ inventory_hostname }}.{{ domain_name }}
{% endif %}
{% endfor %}
{% endif %}
# The following lines are desirable for IPv6 capable hosts
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

44
compute/templates/interface-base-dell.j2 Normal file
View File

@ -0,0 +1,44 @@
#
# This file is managed by Ansible, do not edit manually.
#
# loopback network interface
auto lo
iface lo inet loopback
# 1g rj45 network interfaces
iface eno1 inet manual
iface eno2 inet manual
# 10g rg45 network interfaces
iface eno3 inet manual
iface eno4 inet manual
# 10g sfp+ network interfaces
iface ens2f0 inet manual
iface ens2f1 inet manual
# 20g bond interfaces
auto bond10
iface bond10 inet manual
bond-slaves ens2f0 ens2f1
bond-miimon 100
bond-mode 802.3ad
# 4g bond interfaces
auto bond1
iface bond1 inet manual
bond-slaves eno1 eno2 eno3 eno4
bond-miimon 100
bond-mode 802.3ad
# bond subinterfaces
{% for vlan_id, vlan_name in vlans.items() %}
auto bond10.{{ vlan_id }}
iface bond10.{{ vlan_id }} inet manual
vlan-raw-device bond10
auto bond1.{{ vlan_id }}
iface bond1.{{ vlan_id }} inet manual
vlan-raw-device bond1
{% endfor %}

18
compute/templates/interface-base-intel.j2 Normal file
View File

@ -0,0 +1,18 @@
#
# This file is managed by Ansible, do not edit manually.
#
# loopback network interface
auto lo
iface lo inet loopback
# 1g rj45 network interface
iface eno1 inet manual
# vlan subinterfaces
{% for vlan_id, vlan_name in vlans.items() %}
auto vlan{{ vlan_id }}
iface vlan{{ vlan_id }} inet manual
vlan-raw-device eno1
{% endfor %}

28
compute/templates/interface-main-dell.j2 Normal file
View File

@ -0,0 +1,28 @@
#
# This file is managed by Ansible, do not edit manually.
#
source-directory /etc/network/interfaces.d
{% for vlan_id, vlan_name in vlans.items() %}
auto vmbr{{ vlan_id }}
iface vmbr{{ vlan_id }} inet manual
bridge-ports bond1.{{ vlan_id }} bond10.{{ vlan_id }}
bridge_fd 15
bridge_hello 2
bridge_maxage 20
bridge_stp on
{% if vlan_id == 206 %}
address {{ ipv4_address }}/{{ ipv4_prefix_len }}
gateway {{ ipv4_gateway }}
{% endif %}
#{{ vlan_name }}
iface vmbr{{ vlan_id }} inet6 static
accept_ra 0
{% if vlan_id == 206 %}
address {{ ipv6_address }}/{{ ipv6_prefix_len }}
gateway {{ ipv6_gateway }}
{% endif %}
{% endfor %}

26
compute/templates/interface-main-intel.j2 Normal file
View File

@ -0,0 +1,26 @@
#
# This file is managed by Ansible, do not edit manually.
#
source-directory /etc/network/interfaces.d
{% for vlan_id, vlan_name in vlans.items() %}
auto vmbr{{ vlan_id }}
iface vmbr{{ vlan_id }} inet manual
bridge-ports vlan{{ vlan_id }}
bridge-stp off
bridge-fd 0
{% if vlan_id == 206 %}
address {{ ipv4_address }}/{{ ipv4_prefix_len }}
gateway {{ ipv4_gateway }}
{% endif %}
#{{ vlan_name }}
iface vmbr{{ vlan_id }} inet6 static
accept_ra 0
{% if vlan_id == 206 %}
address {{ ipv6_address }}/{{ ipv6_prefix_len }}
gateway {{ ipv6_gateway }}
{% endif %}
{% endfor %}

9
compute/templates/resolv.conf.j2 Normal file
View File

@ -0,0 +1,9 @@
#
# This file is managed by Ansible, do not edit manually.
#
options rotate
{% for resolver in resolvers %}
nameserver {{ resolver }}
{% endfor %}
search {{ domain_name }}

22
compute/templates/sources.j2 Normal file
View File

@ -0,0 +1,22 @@
#
# This file is managed by Ansible, do not edit manually.
#
# copied from docs at:
# https://pve.proxmox.com/wiki/Package_Repositories#sysadmin_pve-no-subscription_repo
# ------
deb http://ftp.debian.org/debian bookworm main contrib
deb http://ftp.debian.org/debian bookworm-updates main contrib
# Proxmox VE pve-no-subscription repository provided by proxmox.com,
# NOT recommended for production use
deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription
# security updates
deb http://security.debian.org/debian-security bookworm-security main contrib
# -----
# required for nvidia drivers
deb http://deb.debian.org/debian bookworm main contrib non-free
deb http://deb.debian.org/debian bookworm-updates main contrib non-free
deb http://security.debian.org/debian-security bookworm-security main contrib non-free