From 3240798cc177832fdb98b549f38448a77fbfc6d7 Mon Sep 17 00:00:00 2001 From: Marco Ferrari Date: Mon, 22 Apr 2024 21:47:44 +0200 Subject: [PATCH] feat: coral ansible role (#1273) --- .github/workflows/test-ansible.yaml | 1 + .../hl01.edge.lab.ferrari.how/main.yaml | 4 +++ config/ansible/inventory/hosts.yml | 4 +++ config/ansible/molecule/default/molecule.yml | 1 + config/ansible/playbooks/coral.yaml | 10 +++++++ config/ansible/playbooks/proxmox-vms.yaml | 10 +++++-- .../defaults/main.yaml | 3 ++ .../handlers/main.yaml | 7 +++++ .../meta/main.yaml | 12 ++++++++ .../tasks/main.yaml | 7 +++++ .../tasks/setup-coral-os-packages.yaml | 30 +++++++++++++++++++ .../vars/main.yaml | 2 ++ .../vars/raspberry-pi-os.yaml | 2 +- .../handlers/main.yaml | 3 ++ docs/guides/useful-proxmox-commands.md | 11 +++++++ 15 files changed, 104 insertions(+), 3 deletions(-) create mode 100644 config/ansible/inventory/host_vars/hl01.edge.lab.ferrari.how/main.yaml create mode 100644 config/ansible/playbooks/coral.yaml create mode 100644 config/ansible/roles/ferrarimarco_home_lab_coral/defaults/main.yaml create mode 100644 config/ansible/roles/ferrarimarco_home_lab_coral/handlers/main.yaml create mode 100644 config/ansible/roles/ferrarimarco_home_lab_coral/meta/main.yaml create mode 100644 config/ansible/roles/ferrarimarco_home_lab_coral/tasks/main.yaml create mode 100644 config/ansible/roles/ferrarimarco_home_lab_coral/tasks/setup-coral-os-packages.yaml create mode 100644 config/ansible/roles/ferrarimarco_home_lab_coral/vars/main.yaml diff --git a/.github/workflows/test-ansible.yaml b/.github/workflows/test-ansible.yaml index d86455cde..472f73067 100644 --- a/.github/workflows/test-ansible.yaml +++ b/.github/workflows/test-ansible.yaml @@ -68,6 +68,7 @@ jobs: - boot-bare-metal - bootstrap - container-engine + - coral - home-lab-node - proxmox-node - main diff --git a/config/ansible/inventory/host_vars/hl01.edge.lab.ferrari.how/main.yaml b/config/ansible/inventory/host_vars/hl01.edge.lab.ferrari.how/main.yaml new file mode 100644 index 000000000..e3c55d2c0 --- /dev/null +++ b/config/ansible/inventory/host_vars/hl01.edge.lab.ferrari.how/main.yaml @@ -0,0 +1,4 @@ +--- +ansible_user: debian +has_coral_pci_accelerator: true +... diff --git a/config/ansible/inventory/hosts.yml b/config/ansible/inventory/hosts.yml index fdffbd598..abfd60fb2 100644 --- a/config/ansible/inventory/hosts.yml +++ b/config/ansible/inventory/hosts.yml @@ -8,6 +8,7 @@ all: children: home_lab_raspberry_pis: null home_lab_proxmox_nodes: null + home_lab_proxmox_vms: null home_lab_raspberry_pis: hosts: raspberrypi.edge.lab.ferrari.how: null @@ -16,4 +17,7 @@ all: home_lab_proxmox_nodes: hosts: pve1.edge.lab.ferrari.how: null + home_lab_proxmox_vms: + hosts: + hl01.edge.lab.ferrari.how: null ... diff --git a/config/ansible/molecule/default/molecule.yml b/config/ansible/molecule/default/molecule.yml index 4653f87a3..ead4bf599 100644 --- a/config/ansible/molecule/default/molecule.yml +++ b/config/ansible/molecule/default/molecule.yml @@ -52,6 +52,7 @@ provisioner: configure_zigbee2mqtt: true frigate_http_endpoint_fqdn: "frigate" grafana_http_endpoint_fqdn: "grafana" + has_coral_pci_accelerator: true home_assistant_http_endpoint_fqdn: "home-assistant" home_assistant_internal_url_home: "http://home-assistant" home_assistant_secrets: diff --git a/config/ansible/playbooks/coral.yaml b/config/ansible/playbooks/coral.yaml new file mode 100644 index 000000000..1e030efed --- /dev/null +++ b/config/ansible/playbooks/coral.yaml @@ -0,0 +1,10 @@ +--- +- name: Import the bootstrap playbook + ansible.builtin.import_playbook: bootstrap.yaml + +- name: Configure Coral devices + hosts: all + gather_facts: true + roles: + - role: ferrarimarco_home_lab_coral +... diff --git a/config/ansible/playbooks/proxmox-vms.yaml b/config/ansible/playbooks/proxmox-vms.yaml index e53bd18f7..5392e4120 100644 --- a/config/ansible/playbooks/proxmox-vms.yaml +++ b/config/ansible/playbooks/proxmox-vms.yaml @@ -15,8 +15,14 @@ # Resize: qm disk resize 100 scsi0 8G # Set boot order: qm set 100 --boot order=scsi0 # Enable UEFI and create a UEFI disk volume: qm set 100 --bios ovmf -# Configure UEFI disk volume: qm set 100 --efidisk0 local-zfs:0,efitype=4m,pre-enrolled-keys=1 + +# Configure UEFI disk volume: qm set 100 --efidisk0 local-zfs:0,efitype=4m +# If you need Secure Boot, add the "pre-enrolled-keys=1" option + # Configure cloud-init datasource: qm set 100 --cicustom "user=local:snippets/cloud-init-hl01-user-data.yaml,network=local:snippets/cloud-init-hl01-network.yaml" # Configure cloud-init drive: qm set 100 --ide2 local-zfs:cloudinit,media=cdrom -# Pass the Coral PCIe module to the VM: qm set 100 --hostpci0 0000:03:00,pcie=1 + +# Pass the Coral PCIe module to the VM, mark it as a PCIe device: qm set 100 --hostpci0 0000:03:00,pcie=1 +# Pass the iGPU to the VM, mark it as a PCIe device, make the firmware ROM visible to the guest, set it as the primary GPU: qm set 100 -hostpci1 00:02,pcie=on,rombar=on,x-vga=on + # Start the VM: qm start 100 diff --git a/config/ansible/roles/ferrarimarco_home_lab_coral/defaults/main.yaml b/config/ansible/roles/ferrarimarco_home_lab_coral/defaults/main.yaml new file mode 100644 index 000000000..e3e18ca46 --- /dev/null +++ b/config/ansible/roles/ferrarimarco_home_lab_coral/defaults/main.yaml @@ -0,0 +1,3 @@ +--- +has_coral_pci_accelerator: false +... diff --git a/config/ansible/roles/ferrarimarco_home_lab_coral/handlers/main.yaml b/config/ansible/roles/ferrarimarco_home_lab_coral/handlers/main.yaml new file mode 100644 index 000000000..2c2d36d86 --- /dev/null +++ b/config/ansible/roles/ferrarimarco_home_lab_coral/handlers/main.yaml @@ -0,0 +1,7 @@ +--- +- name: Reboot the host + ansible.builtin.reboot: null + when: + # Skip rebooting the host when running a Molecule test because we can't reboot a container + - molecule_yml is not defined +... diff --git a/config/ansible/roles/ferrarimarco_home_lab_coral/meta/main.yaml b/config/ansible/roles/ferrarimarco_home_lab_coral/meta/main.yaml new file mode 100644 index 000000000..73f7ce457 --- /dev/null +++ b/config/ansible/roles/ferrarimarco_home_lab_coral/meta/main.yaml @@ -0,0 +1,12 @@ +--- +galaxy_info: + author: https://github.com/ferrarimarco + description: | + Role to configure Coral Edge TPUs. + license: MIT + min_ansible_version: "2.13" + platforms: + - name: Debian + versions: + - all +... diff --git a/config/ansible/roles/ferrarimarco_home_lab_coral/tasks/main.yaml b/config/ansible/roles/ferrarimarco_home_lab_coral/tasks/main.yaml new file mode 100644 index 000000000..1e927f25c --- /dev/null +++ b/config/ansible/roles/ferrarimarco_home_lab_coral/tasks/main.yaml @@ -0,0 +1,7 @@ +--- +- name: Setup Proxmox OS packages and repositories + ansible.builtin.include_tasks: + file: setup-coral-os-packages.yaml + when: + - has_coral_pci_accelerator +... diff --git a/config/ansible/roles/ferrarimarco_home_lab_coral/tasks/setup-coral-os-packages.yaml b/config/ansible/roles/ferrarimarco_home_lab_coral/tasks/setup-coral-os-packages.yaml new file mode 100644 index 000000000..5d86ade65 --- /dev/null +++ b/config/ansible/roles/ferrarimarco_home_lab_coral/tasks/setup-coral-os-packages.yaml @@ -0,0 +1,30 @@ +--- +- name: Enable the Coral APT repository + ansible.builtin.deb822_repository: + name: "{{ item.name }}" + uris: "{{ item.uris }}" + suites: "{{ item.suites }}" + components: "{{ item.components }}" + signed_by: "{{ item.key }}" + types: deb + become: true + with_items: + - name: coral-edgetpu-stable + components: main + key: https://packages.cloud.google.com/apt/doc/apt-key.gpg + suites: coral-edgetpu-stable + uris: https://packages.cloud.google.com/apt + +- name: Install Coral packages + # Don't set cache_valid_time because we want to force a cache update after we + # added the Coral APT repository + ansible.builtin.apt: + name: + - gasket-dkms + - libedgetpu1-std + state: present + update_cache: true + become: true + notify: + - Reboot the host +... diff --git a/config/ansible/roles/ferrarimarco_home_lab_coral/vars/main.yaml b/config/ansible/roles/ferrarimarco_home_lab_coral/vars/main.yaml new file mode 100644 index 000000000..91da2a75b --- /dev/null +++ b/config/ansible/roles/ferrarimarco_home_lab_coral/vars/main.yaml @@ -0,0 +1,2 @@ +--- +... diff --git a/config/ansible/roles/ferrarimarco_home_lab_node/vars/raspberry-pi-os.yaml b/config/ansible/roles/ferrarimarco_home_lab_node/vars/raspberry-pi-os.yaml index d9dc6b1a8..cb7e26ff4 100644 --- a/config/ansible/roles/ferrarimarco_home_lab_node/vars/raspberry-pi-os.yaml +++ b/config/ansible/roles/ferrarimarco_home_lab_node/vars/raspberry-pi-os.yaml @@ -1,6 +1,6 @@ --- configure_dphys_swapfile: true -# Got those from v4l2-ctl --list-devices +# Got those using: v4l2-ctl --list-devices frigate_gpu_decode_devices: - /dev/media0 - /dev/media1 diff --git a/config/ansible/roles/ferrarimarco_home_lab_proxmox/handlers/main.yaml b/config/ansible/roles/ferrarimarco_home_lab_proxmox/handlers/main.yaml index 3bd0eb9b2..41d56e403 100644 --- a/config/ansible/roles/ferrarimarco_home_lab_proxmox/handlers/main.yaml +++ b/config/ansible/roles/ferrarimarco_home_lab_proxmox/handlers/main.yaml @@ -4,4 +4,7 @@ - name: Reboot the host ansible.builtin.reboot: null + when: + # Skip rebooting the host when running a Molecule test because we can't reboot a container + - molecule_yml is not defined ... diff --git a/docs/guides/useful-proxmox-commands.md b/docs/guides/useful-proxmox-commands.md index d03696c38..2423b9376 100644 --- a/docs/guides/useful-proxmox-commands.md +++ b/docs/guides/useful-proxmox-commands.md @@ -4,3 +4,14 @@ - Update cloud-init datasource: `qm cloudinit update ` - Get the next proxmox VM id: `pvesh get /cluster/nextid` - Get the list of PCI devices of a given Proxmox host: `pvesh get /nodes/{nodename}/hardware/pci --pci-class-blacklist ""` +- Delete the EFI disk: `qm set -delete efidisk0` + +## Disable Secure Boot + +Either enter the UEFI console and disable Secure Boot manually, or delete the +EFI disk, and recreate it without the `pre-enrolled-keys=1` option. + +Notes: + +- Secure Boot prevents unsigned kernel modules from loading. + Example: Coral PCIe modules (`apex`, `gasket`)