feat: coral ansible role (#1273)

.github/workflows/test-ansible.yaml

@@ -68,6 +68,7 @@ jobs:
           - boot-bare-metal
           - bootstrap
           - container-engine
+          - coral
           - home-lab-node
           - proxmox-node
           - main

config/ansible/inventory/host_vars/hl01.edge.lab.ferrari.how/main.yaml

@@ -0,0 +1,4 @@
+---
+ansible_user: debian
+has_coral_pci_accelerator: true
+...

config/ansible/inventory/hosts.yml

@@ -8,6 +8,7 @@ all:
       children:
         home_lab_raspberry_pis: null
         home_lab_proxmox_nodes: null
+        home_lab_proxmox_vms: null
     home_lab_raspberry_pis:
       hosts:
         raspberrypi.edge.lab.ferrari.how: null
@@ -16,4 +17,7 @@ all:
     home_lab_proxmox_nodes:
       hosts:
         pve1.edge.lab.ferrari.how: null
+    home_lab_proxmox_vms:
+      hosts:
+        hl01.edge.lab.ferrari.how: null
 ...

config/ansible/molecule/default/molecule.yml

@@ -52,6 +52,7 @@ provisioner:
         configure_zigbee2mqtt: true
         frigate_http_endpoint_fqdn: "frigate"
         grafana_http_endpoint_fqdn: "grafana"
+        has_coral_pci_accelerator: true
         home_assistant_http_endpoint_fqdn: "home-assistant"
         home_assistant_internal_url_home: "http://home-assistant"
         home_assistant_secrets:

config/ansible/playbooks/coral.yaml

@@ -0,0 +1,10 @@
+---
+- name: Import the bootstrap playbook
+  ansible.builtin.import_playbook: bootstrap.yaml
+
+- name: Configure Coral devices
+  hosts: all
+  gather_facts: true
+  roles:
+    - role: ferrarimarco_home_lab_coral
+...

config/ansible/playbooks/proxmox-vms.yaml

@@ -15,8 +15,14 @@
 # Resize: qm disk resize 100 scsi0 8G
 # Set boot order: qm set 100 --boot order=scsi0
 # Enable UEFI and create a UEFI disk volume: qm set 100 --bios ovmf
-# Configure UEFI disk volume: qm set 100 --efidisk0 local-zfs:0,efitype=4m,pre-enrolled-keys=1
+
+# Configure UEFI disk volume: qm set 100 --efidisk0 local-zfs:0,efitype=4m
+# If you need Secure Boot, add the "pre-enrolled-keys=1" option
+
 # Configure cloud-init datasource: qm set 100 --cicustom "user=local:snippets/cloud-init-hl01-user-data.yaml,network=local:snippets/cloud-init-hl01-network.yaml"
 # Configure cloud-init drive: qm set 100 --ide2 local-zfs:cloudinit,media=cdrom
-# Pass the Coral PCIe module to the VM: qm set 100 --hostpci0 0000:03:00,pcie=1
+
+# Pass the Coral PCIe module to the VM, mark it as a PCIe device: qm set 100 --hostpci0 0000:03:00,pcie=1
+# Pass the iGPU to the VM, mark it as a PCIe device, make the firmware ROM visible to the guest, set it as the primary GPU: qm set 100 -hostpci1 00:02,pcie=on,rombar=on,x-vga=on
+
 # Start the VM: qm start 100

config/ansible/roles/ferrarimarco_home_lab_coral/defaults/main.yaml

@@ -0,0 +1,3 @@
+---
+has_coral_pci_accelerator: false
+...

config/ansible/roles/ferrarimarco_home_lab_coral/handlers/main.yaml

@@ -0,0 +1,7 @@
+---
+- name: Reboot the host
+  ansible.builtin.reboot: null
+  when:
+    # Skip rebooting the host when running a Molecule test because we can't reboot a container
+    - molecule_yml is not defined
+...

config/ansible/roles/ferrarimarco_home_lab_coral/meta/main.yaml

@@ -0,0 +1,12 @@
+---
+galaxy_info:
+  author: https://github.com/ferrarimarco
+  description: |
+    Role to configure Coral Edge TPUs.
+  license: MIT
+  min_ansible_version: "2.13"
+  platforms:
+    - name: Debian
+      versions:
+        - all
+...

config/ansible/roles/ferrarimarco_home_lab_coral/tasks/main.yaml

@@ -0,0 +1,7 @@
+---
+- name: Setup Proxmox OS packages and repositories
+  ansible.builtin.include_tasks:
+    file: setup-coral-os-packages.yaml
+  when:
+    - has_coral_pci_accelerator
+...

config/ansible/roles/ferrarimarco_home_lab_coral/tasks/setup-coral-os-packages.yaml

@@ -0,0 +1,30 @@
+---
+- name: Enable the Coral APT repository
+  ansible.builtin.deb822_repository:
+    name: "{{ item.name }}"
+    uris: "{{ item.uris }}"
+    suites: "{{ item.suites }}"
+    components: "{{ item.components }}"
+    signed_by: "{{ item.key }}"
+    types: deb
+  become: true
+  with_items:
+    - name: coral-edgetpu-stable
+      components: main
+      key: https://packages.cloud.google.com/apt/doc/apt-key.gpg
+      suites: coral-edgetpu-stable
+      uris: https://packages.cloud.google.com/apt
+
+- name: Install Coral packages
+  # Don't set cache_valid_time because we want to force a cache update after we
+  # added the Coral APT repository
+  ansible.builtin.apt:
+    name:
+      - gasket-dkms
+      - libedgetpu1-std
+    state: present
+    update_cache: true
+  become: true
+  notify:
+    - Reboot the host
+...

config/ansible/roles/ferrarimarco_home_lab_coral/vars/main.yaml

@@ -0,0 +1,2 @@
+---
+...

config/ansible/roles/ferrarimarco_home_lab_node/vars/raspberry-pi-os.yaml

@@ -1,6 +1,6 @@
 ---
 configure_dphys_swapfile: true
-# Got those from v4l2-ctl --list-devices
+# Got those using: v4l2-ctl --list-devices
 frigate_gpu_decode_devices:
   - /dev/media0
   - /dev/media1

config/ansible/roles/ferrarimarco_home_lab_proxmox/handlers/main.yaml

@@ -4,4 +4,7 @@
 
 - name: Reboot the host
   ansible.builtin.reboot: null
+  when:
+    # Skip rebooting the host when running a Molecule test because we can't reboot a container
+    - molecule_yml is not defined
 ...

docs/guides/useful-proxmox-commands.md

@@ -4,3 +4,14 @@
 - Update cloud-init datasource: `qm cloudinit update <VM_ID>`
 - Get the next proxmox VM id: `pvesh get /cluster/nextid`
 - Get the list of PCI devices of a given Proxmox host: `pvesh get /nodes/{nodename}/hardware/pci --pci-class-blacklist ""`
+- Delete the EFI disk: `qm set <VM_ID> -delete efidisk0`
+
+## Disable Secure Boot
+
+Either enter the UEFI console and disable Secure Boot manually, or delete the
+EFI disk, and recreate it without the `pre-enrolled-keys=1` option.
+
+Notes:
+
+- Secure Boot prevents unsigned kernel modules from loading.
+    Example: Coral PCIe modules (`apex`, `gasket`)