Stuff

config/automation/ansible.md

@@ -62,8 +62,42 @@ interpreter_python = /usr/bin/python3
 
 ## Templating
 
-- YAML files:
-    - Conditionals and stuff tend to mess up indentation. Specify `#jinja2: trim_blocks:False` to avoid that. This will also make the output a little uglier with empty lines in place of unsatisfied conditionals and stuff though.
+### YAML Files
+
+- Indented conditionals/loops (tags) might mess up indentation for the next line. Either avoid indenting Ansible tags or specify `#jinja2: trim_blocks:False` at the top of the file to avoid removing the newline after a block.
+
+#### ipaddr Filter
+
+- There currently exists three versions, [`ipaddr`](https://docs.ansible.com/ansible/2.4/playbooks_filters_ipaddr.html) (deprecated), [`ansible.netcommon.ipaddr`](https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters_ipaddr.html) (deprecated) and [`ansible.utils.ipaddr`](https://docs.ansible.com/ansible/latest/collections/ansible/utils/docsite/filters_ipaddr.html).
+- The filter takes either a single value or a list of values. For single value input, it returns false if the input is invalid. For list input, it filters out any invalid input elements.
+- Common, basic usage:
+    - Normal usage: `{{ some_address | ansible.utils.ipaddr('address') }}`
+    - Filter IPv4 or IPv6 addresses: `ansible.utils.ipv4` and `ansible.utils.ipv6`
+    - Get address without length: `ansible.utils.ipaddr('address')`
+    - Get address with length: `ansible.utils.ipaddr('host')`
+    - Get address with length (alternative): `ansible.utils.ipaddr('address/prefix')`
+    - Get network without length: `ansible.utils.ipaddr('network')`
+    - Get network with length: `ansible.utils.ipaddr('subnet')`
+    - Get prefix length: `ansible.utils.ipaddr('prefix')`
+    - Get netmask: `ansible.utils.ipaddr('netmask')`
+    - Get broadcast address: `ansible.utils.ipv4 | ansible.utils.ipaddr('broadcast')`
+    - Get addresses count: `ansible.utils.ipaddr('size')`
+    - Get indexed address with length: `ansible.utils.ipaddr('net') | ansible.utils.ipaddr(1)` (`-1` for last address)
+    - Get the other address for a P2P link without length: `ansible.utils.ipaddr('peer')`
+    - Convert IPv4 to IPv6 (IPv4-mapped): `ansible.utils.ipv4('ipv6')`
+    - Filter MAC addresses: `ansible.utils.hwaddr`
+
+## Examples
+
+**Combine key-value pairs to string:**
+
+```yaml
+vars:
+  qm_params:
+    name: "{{ vm.name }}"
+    description: "{{ vm.description | default('') }}"
+  qm_params_string: "{{ vm_config.items() | map('join', '=') | map('regex_replace', '^([^=]*)=(.*)$', '--\\1=\"\\2\"') | join(' ') }}"
+```
 
 ## Troubleshooting
 

config/linux-server/storage-zfs.md

@@ -89,7 +89,7 @@ The backports repo is used to get the newest version of ZoL.
     - Basic example: `zpool create [-f] [options] <name> {[mirror|raidz|raidz2|spare|...] <drives>}+`
         - Use `-f` (force) if the disks aren't clean.
         - See example above for recommended options.
-    - Recommended example: `zpool create -o ashift=<9|12> -o autotrim=on -O compression=zstd -O xattr=sa -O atime=off -O relatime=on <disks>` (`autotrim` only for SSDs)
+    - Recommended example: `zpool create -o ashift=<9|12> -o autotrim=on -O compression=zstd -O xattr=sa -O dnodesize=auto -O atime=off -O relatime=on <disks>` (`autotrim` only for SSDs)
     - Specifying options during creation: For `zpool`/pools, use `-o` for pool options and `-O` for dataset options. For `zfs`/datasets, use `-o` for dataset options.
     - Set physical block/sector size (pool option): `ashift=<9|12>`
         - Use 9 for 512 (2^9) and 12 for 4096 (2^12). Use 12 if unsure (bigger is safer).
@@ -99,8 +99,10 @@ The backports repo is used to get the newest version of ZoL.
     - Enable autoreplacement for new disks in the same physical slot as old ones (using ZED): `autoreplace=on`
     - Enable compression (dataset option): `compression=zstd`
         - Use `lz4` for boot drives (`zstd` booting isn't currently supported) or if `zstd` isn't yet available in the version you're using.
-    - Store extended attributes in the inodes (dataset option): `xattr=sa`
-        - The default is `on`, which stores them in a hidden file.
+    - Store extended attributes in the inodes/dnodes (dataset option): `xattr=sa` and `dnodesize=auto`
+        - The default for `xattr` is `on`, which stores them in a hidden file.
+        - `dnodesize=auto` allows for bigger dnodes and is typically used with `xattr=sa`.
+        - GRUB doesn't support `dnodesize=auto`, so never use it on ZFS boot pools.
     - Relax access times (dataset option): `atime=off` and `relatime=on`
     - Don't enable dedup.
     - Use absolute drive paths (`/dev/disk/by-id/` or similar), not `/dev/sdX`.
@@ -150,6 +152,7 @@ The backports repo is used to get the newest version of ZoL.
 
 ### Datasets
 
+- See the "pools" section for more info, especially the `-O` options there which actually apply to datasets and not pools.
 - Basics:
     - List datasets: `zfs list [-t {filesystem|volume|snapshot|bookmark}] [-r] [dataset]`
     - Check if mounted: `zfs get mounted -t filesystem`

config/virt-cont/proxmox-ve.md

@@ -245,6 +245,8 @@ The "Cloud-Init" notes can be ignored if you're not using Cloud-Init. See the se
 - CPU tab:
     - CPU type: Generally, use "kvm64". For HA, use "kvm64" or similar (since the new host must support the same CPU flags). For maximum performance on one node or HA with same-CPU nodes, use "host".
     - NUMA: Enable for NUMA systems. Set the socket count equal to the number of NUMA nodes (if giving it more than one vCPU).
+    - Sockets: Should match the host if NUMA is enabled.
+    - Cores: Cores per socket.
     - CPU limit: Aka CPU quota. Floating-point number where 1.0 is equivalent to 100% of *one* CPU core.
     - CPU units: Aka CPU shares/weight. Processing priority, higher is higher priority.
     - See the documentation for the various CPU flags (especially the ones related to Meltdown/Spectre).
@@ -287,7 +289,7 @@ Example for creating a Cloud-Init-enabled Debian template using official cloud i
 1. Create the VM:
     1. (Note) You may want to use a high VMID like 1000+ for templates to visually separate them from the rest of VMs e.g. in the PVE UI.
     1. (Note) Using legacy BIOS and chipset (SeaBIOS and i440fx).
-    1. Create: `qm create <VMID> --name <NAME> --description "<DESC>" --ostype l26 --numa 1 --cpu cputype=host --sockets <CPU_SOCKETS> --cores <CPU_CORES> --memory <MEM_MB> --scsihw virtio-scsi-pci --ide2 <STORAGE>:vm-<VMID>-cloudinit --net0 virtio,bridge=<NET_BRIDGE>[,tag=<VLAN_ID>][,firewall=1] --serial0 socket [--vga serial0] --boot c --bootdisk scsi0  --onboot no`
+    1. Create: `qm create <VMID> --name <NAME> --description "<DESC>" --ostype l26 --numa 1 --cpu cputype=host --sockets <CPU_SOCKETS> --cores <CPU_CORES> --memory <MEM_MB> --scsihw virtio-scsi-pci --ide2 <STORAGE>:vm-<VMID>-cloudinit --net0 virtio,bridge=<NET_BRIDGE>[,tag=<VLAN_ID>][,firewall=1] --serial0 socket [--vga serial0] --boot order=scsi0;ide2 --onboot no`
 1. Import the cloud disk image:
     1. Import as unused disk: `qm importdisk <VMID> <FILE> <STORAGE>`
     1. Attach the disk: `qm set <VMID> --scsi0 <STORAGE>:vm-<VMID>-disk-0` (or whatever disk ID it got)
@@ -441,6 +443,8 @@ The QEMU guest agent provides more info about the VM to PVE, allows proper shutd
 
 SPICE allows interacting with graphical VM desktop environments, including support for keyboard, mouse, audio and video.
 
+SPICE in PVE uses authentication and encryption by default.
+
 1. Install a SPICE compatible viewer on your client:
     - Linux: `virt-viewer`
 1. Install the guest agent:
@@ -464,7 +468,7 @@ Check the host system logs. It may for instance be due to hardware changes or st
 - To enable the firewall for VMs, both the VM option and the option for individual interfaces must be enabled.
 - The firewall is pretty pre-configured for most basic stuff, like connection tracking and management network access.
 - Host NDP problem:
-    - For hosts, there is a vulnerability where the hosts autoconfigures itself for IPv6 on all bridges (see [Bug 1251 - Security issue: IPv6 autoconfiguration on Bridge-Interfaces ](https://bugzilla.proxmox.com/show_bug.cgi?id=1251)).
+    - For hosts, there is a vulnerability where the hosts autoconfigures itself for IPv6 on all bridges (see [Bug 1251 - Security issue: IPv6 autoconfiguration on Bridge-Interfaces](https://bugzilla.proxmox.com/show_bug.cgi?id=1251)).
     - Even though you firewall off management traffic to the host, the host may still use the "other" networks as default gateways, which will cause routing issues for IPv6.
     - To partially fix this, disable NDP on all nodes and add a rule allowing protocol "ipv6-icmp" on trusted interfaces.
     - To verify that it's working, reboot and check its IPv6 routes and neighbors.