refactor(infra): reorganize docker host VMs and service assignments

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
2025-05-07 00:02:30 +02:00
parent de62327fde
commit 6ff1ccecd0
11 changed files with 86 additions and 49 deletions
--- a/roles/common/tasks/packages.yml
+++ b/roles/common/tasks/packages.yml
@@ -11,6 +11,7 @@
  ansible.builtin.apt:
    name: "{{ common_packages }}"
    state: present
+  become: true
  when: ansible_user_id != "root"

 - name: Update and upgrade packages
--- a/roles/common/tasks/time.yml
+++ b/roles/common/tasks/time.yml
@@ -2,3 +2,10 @@
 - name: Set timezone to "{{ timezone }}"
  community.general.timezone:
    name: "{{ timezone }}"
+  become: true
+  when: ansible_user_id != "root"
+
+- name: Set timezone to "{{ timezone }}"
+  community.general.timezone:
+    name: "{{ timezone }}"
+  when: ansible_user_id == "root"
--- a/roles/docker_host/handlers/main.yml
+++ b/roles/docker_host/handlers/main.yml
@@ -11,3 +11,9 @@
    state: present
  retries: 3
  delay: 5
+
+- name: Restart host
+  ansible.builtin.reboot:
+    connect_timeout: 5
+    reboot_timeout: 600
+    test_command: whoami
--- a/roles/docker_host/tasks/30_user_group_setup.yml
+++ b/roles/docker_host/tasks/30_user_group_setup.yml
@@ -12,3 +12,5 @@
    groups: docker
    append: true
  become: true
+  notify:
+    - Restart host
--- a/roles/docker_host/vars/main.yml
+++ b/roles/docker_host/vars/main.yml
@@ -1,3 +1,2 @@
 docker_host_package_common_dependencies:
  - nfs-common
-  - firmware-misc-nonfree
--- a/roles/proxmox/tasks/06_hardware_acceleration.yml
+++ b/roles/proxmox/tasks/06_hardware_acceleration.yml
@@ -7,6 +7,14 @@
    backup: true
  register: iommu_result

+- name: Set GRUB_CMDLINE_LINUX_DEFAULT for PCI passthrough
+  ansible.builtin.lineinfile:
+    path: /etc/default/grub
+    regexp: "^GRUB_CMDLINE_LINUX_DEFAULT="
+    line: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on iommu=pt pcie_acs_override=downstream,multifunction initcall_blacklist=sysfb_init video=simplefb:off video=vesafb:off video=efifb:off video=vesa:off disable_vga=1 vfio_iommu_type1.allow_unsafe_interrupts=1 kvm.ignore_msrs=1 modprobe.blacklist=radeon,nouveau,nvidia,nvidiafb,nvidia-gpu,snd_hda_intel,snd_hda_codec_hdmi,i915"'
+    backup: true
+  register: iommu_result
+
 - name: Ensure VFIO modules are listed in /etc/modules
  ansible.builtin.blockinfile:
    path: /etc/modules
@@ -22,16 +30,12 @@

 - name: Update initramfs
  ansible.builtin.command: update-initramfs -u -k all
-  args:
-    warn: false
  when: iommu_result.changed or vfio_result.changed
  # notify:
  #   - Reboot Node

 - name: update grub configuration
  ansible.builtin.command: update-grub
-  args:
-    warn: false
  when: iommu_result.changed or vfio_result.changed
  # notify:
  #   - Reboot Node
--- a/roles/proxmox/tasks/50_create_vms.yml
+++ b/roles/proxmox/tasks/50_create_vms.yml
@@ -4,11 +4,11 @@
    file: "{{ proxmox_vault_file }}"
    name: vm_secrets

- name: Destroy vms (Only during rapid testing)
-  ansible.builtin.include_tasks: 54_destroy_vm.yml
-  loop: "{{ vms }}"
-  loop_control:
-    loop_var: "vm"
+# - name: Destroy vms (Only during rapid testing)
+#   ansible.builtin.include_tasks: 54_destroy_vm.yml
+#   loop: "{{ vms }}"
+#   loop_control:
+#     loop_var: "vm"

 - name: Create vms
  ansible.builtin.include_tasks: 55_create_vm.yml