How to manage storage using Fedora linux-system-roles and ansible

How to manage storage using Fedora linux-system-roles and ansible

ansible-storage

Here in this article we will look at linux-system-roles which is a set of ansible roles and modules provided for linux system configuration and management. We will be using the storage role to provision a filesystem and mount it to the system using the ansible playbook.

Test Environment

Fedora 35 installed Contoller (ansicontrol) and Managed Node (ansinode)

If you are interested in watching the video. Here is the YouTube video on the same step by step outline below.

Procedure

Step1: Install linux-system-roles package on control node

linux-system-roles package is a collection ansible roles and modules which provides stable and consistent configuration interface for managing multiple versions of Fedora, Red Hat Enterprise Linux & CentOS systems.

[admin@ansicontrol ~]$ sudo dnf install linux-system-roles

Step2: Install Ansible on control node

Ansible is an agentless configuration management tool that we install on a control node. From the control node, Ansible manages machines and other devices remotely (by default, over the SSH protocol).

[admin@ansicontrol ~]$ sudo dnf install ansible

Step3: Update hostname for DNS resolution

As i don’t have any DNS server setup, i have updated the ‘/etc/hosts’ file with server FQDN and IP address for DNS resolution from each of the servers.

[admin@ansicontrol ~]$ cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.122.201 ansicontrol
192.168.122.169 ansinode

[admin@ansinode ~]$ cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.122.201 ansicontrol
192.168.122.169 ansinode

Step4: Update inventory with managed nodes

By default ansible creates a template ‘/etc/ansible/hosts’ file which can be used to update the information about managed nodes. Lets take a backup of the original file and update ‘hosts’ file with managed node FQDN ‘ansinode’ as shown below.

[admin@ansicontrol ~]$ sudo cp /etc/ansible/hosts /etc/ansible/hosts_original_backup
[admin@ansicontrol ~]$ cat /etc/ansible/hosts
[stack]
ansinode

Step5: Enable SSH key based authentication for managing nodes

In my setup i have two systems ‘ansicontrol’ and ‘ansinode’ with a Administrative user ‘admin’ on each. Now lets generate the ssh keypair on control node and copy the public key onto the managed node as shown below.

[admin@ansicontrol ~]$ ssh-keygen 
[admin@ansicontrol ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub admin@ansinode

Make sure you are able to SSH to managed node without password prompt.

[admin@ansicontrol ~]$ ssh admin@ansinode

Step6: Validate setup by running an ansible module on control node

We can validate if we able to manage the node using the below command which get the release version from the managed node.

[admin@ansicontrol ~]$ ansible stack -a "cat /etc/redhat-release"
[DEPRECATION WARNING]: Distribution fedora 35 on host ansinode should use /usr/bin/python3, but is using /usr/bin/python for backward compatibility with 
prior Ansible releases. A future Ansible release will default to using the discovered platform python for this host. See 
https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information. This feature will be removed in version 2.12. 
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
ansinode | CHANGED | rc=0 >>
Fedora release 35 (Thirty Five)

Step7: List the ansible roles

Now, let’s try to list the roles are currently available for use which are provided by the linux-system-roles package as shown below.

[admin@ansicontrol ~]$ ansible-galaxy list
# /usr/share/ansible/roles
- linux-system-roles.certificate, (unknown version)
- linux-system-roles.crypto_policies, (unknown version)
- linux-system-roles.ha_cluster, (unknown version)
- linux-system-roles.kdump, (unknown version)
- linux-system-roles.kernel_settings, (unknown version)
- linux-system-roles.logging, (unknown version)
- linux-system-roles.metrics, (unknown version)
- linux-system-roles.nbde_client, (unknown version)
- linux-system-roles.nbde_server, (unknown version)
- linux-system-roles.network, (unknown version)
- linux-system-roles.postfix, (unknown version)
- linux-system-roles.selinux, (unknown version)
- linux-system-roles.ssh, (unknown version)
- linux-system-roles.sshd, (unknown version)
- linux-system-roles.storage, (unknown version)
- linux-system-roles.timesync, (unknown version)
- linux-system-roles.tlog, (unknown version)
- linux-system-roles.vpn, (unknown version)
# /etc/ansible/roles
[WARNING]: - the configured path /home/admin/.ansible/roles does not exist.

Step8: Create a virtual disk and attach it to ansinode

[admin@fedser virtualstorage]$ sudo qemu-img create -f raw ansinode-vm-disk1-2G 2G
Formatting 'ansinode-vm-disk1-2G', fmt=raw size=2147483648
[admin@fedser virtualstorage]$ sudo chown -R admin:admin ansinode-vm-disk1-2G
[admin@fedser virtualstorage]$ ls -ltr
total 4
-rw-r--r--. 1 admin admin 2147483648 Mar 13 00:27 ansinode-vm-disk1-2G
[admin@fedser virtualstorage]$ virsh attach-disk ansinode $PWD/ansinode-vm-disk1-2G vdb --cache none
Disk attached successfully

If you want to attach a persistent virtual storage you can do it with the ‘–persistent’ option as shown below.

[admin@fedser virtualstorage]$ virsh attach-disk ansinode $PWD/ansinode-vm-disk1-2G vdb --cache none --persistent

Now, ssh into your ‘ansinode’ and check if disk got attached.

[admin@ansinode ~]$ sudo fdisk -l | grep '^Disk /dev/vd[a-z]'
[sudo] password for admin: 
Disk /dev/vda: 20 GiB, 21474836480 bytes, 41943040 sectors
Disk /dev/vdb: 2 GiB, 2147483648 bytes, 4194304 sectors

Step9: Create a filesystem on virtual disk using storage role

‘linux-system-roles.storage’ role enables us to automate administration of filesystems on disks and logical volumes on managed nodes. Let’s try to use this role to create a filesystem on managed node.

Here is my ansible playbook to create a xfs filesystem on newly attached disk.

[admin@ansicontrol ~]$ mkdir storage_management
[admin@ansicontrol ~]$ cd storage_management/
[admin@ansicontrol storage_management]$ cat create_fs.yml 
---
- hosts: stack
  become: true
  become_user: root
  vars:
    storage_volumes:
      - name: barefs
        type: disk
        disks:
          - vdb
        fs_type: xfs
  roles:
    - linux-system-roles.storage

Step10: Execute the Playbook to provision the filesystem

[admin@ansicontrol storage_management]$ ansible-playbook create_fs.yml -K

Step11: Validate the new filesystem

Now you got a disk with filesystem xfs of size 2G that you can mount it on the managed node for usage.

[admin@ansinode ~]$ sudo parted -l
Model: Virtio Block Device (virtblk)
Disk /dev/vdb: 2147MB
Sector size (logical/physical): 512B/512B
Partition Table: loop
Disk Flags: 

Number  Start  End     Size    File system  Flags
 1      0.00B  2147MB  2147MB  xfs
...

Step12: Mount the filesystem to a directory

Here with the below playbook we are trying to mount the xfs filesystem on device /dev/vdb to /data mount point.

[admin@ansicontrol storage_management]$ cat mount_fs.yml 
---
- hosts: stack
  become: true
  become_user: root
  tasks:
  - name: mount filesystem
    mount:
      path: /data
      src: /dev/vdb
      fstype: xfs
      state: mounted
[admin@ansicontrol storage_management]$ ansible-playbook mount_fs.yml -K

We can verify with ‘lsblk’ whether the mount is successful or not as shown below. Also you can check the ‘/etc/fstab’ with an entry to mount ‘/dev/vdb’ onto ‘/data’ mount whenever the system reboots.

[admin@ansinode ~]$ lsblk | grep /data
vdb    252:16   0    2G  0 disk /data
[admin@ansinode ~]$ cat /etc/fstab | grep "/dev/vdb"
/dev/vdb /data xfs defaults 0 0

Note: As this is virtual storage that i have created and attached to VM. I haven’t attached it as a persistent storage. Make sure you umount the disk before reboot to avoid any issues. Here is the updated playbook for unmounting the disk before reboot as shown below.

[admin@ansicontrol storage_management]$ cat umount_fs.yml 
---
- hosts: stack
  become: true
  become_user: root
  tasks:
  - name: mount filesystem
    mount:
      path: /data
      src: /dev/vdb
      fstype: ext4
      state: absent

This is just one example i have shown you on how we can use storage role. But you can do many other configuration tasks with these roles. For more information you can refer to the documentation that is available for each role at the below location once the ‘linux-system-roles’ package is installed.

[admin@ansicontrol storage_management]$ ls -ltr /usr/share/doc/linux-system-roles/*/README.md 
-rw-r--r--. 1 root root  3675 Aug 10  2021 /usr/share/doc/linux-system-roles/crypto_policies/README.md
-rw-r--r--. 1 root root 15232 Aug 10  2021 /usr/share/doc/linux-system-roles/certificate/README.md
-rw-r--r--. 1 root root 10629 Aug 10  2021 /usr/share/doc/linux-system-roles/kernel_settings/README.md
-rw-r--r--. 1 root root  4258 Aug 10  2021 /usr/share/doc/linux-system-roles/nbde_client/README.md
-rw-r--r--. 1 root root  4894 Aug 10  2021 /usr/share/doc/linux-system-roles/nbde_server/README.md
-rw-r--r--. 1 root root  1495 Aug 10  2021 /usr/share/doc/linux-system-roles/tlog/README.md
-rw-r--r--. 1 root root  3537 Aug 10  2021 /usr/share/doc/linux-system-roles/postfix/README.md
-rw-r--r--. 1 root root  4258 Aug 17  2021 /usr/share/doc/linux-system-roles/metrics/README.md
-rw-r--r--. 1 root root 26409 Sep 16 03:19 /usr/share/doc/linux-system-roles/vpn/README.md
-rw-r--r--. 1 root root  3985 Sep 21 19:35 /usr/share/doc/linux-system-roles/ssh/README.md
-rw-r--r--. 1 root root  6683 Sep 21 19:35 /usr/share/doc/linux-system-roles/timesync/README.md
-rw-r--r--. 1 root root 15205 Sep 22 08:10 /usr/share/doc/linux-system-roles/ha_cluster/README.md
-rw-r--r--. 1 root root  1674 Sep 22 20:12 /usr/share/doc/linux-system-roles/kdump/README.md
-rw-r--r--. 1 root root 37479 Oct  4 21:07 /usr/share/doc/linux-system-roles/logging/README.md
-rw-r--r--. 1 root root  8278 Oct  5 00:48 /usr/share/doc/linux-system-roles/storage/README.md
-rw-r--r--. 1 root root  5623 Oct  6 04:22 /usr/share/doc/linux-system-roles/selinux/README.md
-rw-r--r--. 1 root root 37155 Oct  6 23:32 /usr/share/doc/linux-system-roles/network/README.md
-rw-r--r--. 1 root root 12418 Oct 11 14:08 /usr/share/doc/linux-system-roles/sshd/README.md
-rw-r--r--. 1 root root  2704 Oct 11 14:08 /usr/share/doc/linux-system-roles/collection/README.md

Hope you enjoyed reading this article. Thank you..