From ba4ce45f961f203227fba8b78da79538b20f0e43 Mon Sep 17 00:00:00 2001 From: "Ethan N. Paul" Date: Sun, 25 Nov 2018 23:33:42 -0500 Subject: [PATCH] Ongoing work to establish working baseline --- group_vars/all.yml | 4 +- omni.yml | 28 +++---- playbooks/common.yml | 114 +++++++++++++++++++++++++++++ playbooks/provision-hypervisor.yml | 0 playbooks/templates/network.j2 | 8 ++ roles/datastore/tasks/main.yml | 45 ++++++++++++ roles/gitea/tasks/main.yml | 0 roles/hypervisor/tasks/main.yml | 17 +++++ 8 files changed, 201 insertions(+), 15 deletions(-) create mode 100644 playbooks/common.yml create mode 100644 playbooks/provision-hypervisor.yml create mode 100644 playbooks/templates/network.j2 create mode 100644 roles/datastore/tasks/main.yml create mode 100644 roles/gitea/tasks/main.yml create mode 100644 roles/hypervisor/tasks/main.yml diff --git a/group_vars/all.yml b/group_vars/all.yml index 91d9acc..157dc97 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -5,7 +5,9 @@ domain: net.enp.one router: address: router.tre2.local - dhcp_server: DOMAIN + static: + server: DOMAIN + subnet: 10.42.101.0/24 users: # - name: username (required) diff --git a/omni.yml b/omni.yml index 9409924..59f4561 100644 --- a/omni.yml +++ b/omni.yml @@ -6,24 +6,24 @@ servers: enable_ssh_password_auth: False enable_sudo_password: True hosts: - alpha: - vars: - description: "LDAP and Central Administration Server" - netowrking: - eth0: ["10.42.101.101/24"] - apex: - vars: - description: "VPN and Reverse Proxy Server" - networking: - eth0: ["10.42.101.100/24"] - potentia: + romulus.net.enp.one: vars: description: "Primary Hypervisor" networking: - eth0: ["10.42.101.10/24"] - omni-nimbus-1: + em1: + address: "10.42.101.20" + mac: "d4:ae:52:b1:a7:70" + em2: + address: "10.42.101.21" + mac: "d4:ae:52:b1:a7:71" + alias: "vmhost-1" + novis.net.enp.one: vars: - description: "Digital Ocean Cloud Server" + description: "Secondary Datastore" + networking: + enp2s0: + address: "10.42.101.40" + mac: "" vms: vars: diff --git a/playbooks/common.yml b/playbooks/common.yml new file mode 100644 index 0000000..e00907a --- /dev/null +++ b/playbooks/common.yml @@ -0,0 +1,114 @@ +--- +- name: Set hostname + become: true + hostname: + name: "{{ default_host if default_host is defined else inventory_hostname }}" + +- name: Install CentOS-specific repositories + become: true + when: ansible_distribution == "CentOS" + block: + - name: Enable Extra Packages for Enterprise Linux + yum_repository: + name: epel + description: Extra Packages for Enterprise Linux + baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/ + - name: Install Extra Packages for Enterprise Linux GPG key + rpm_key: + state: present + key: https://archive.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 + - name: Enable Inline with Upstream Stable + yum: + state: latest + name: https://centos7.iuscommunity.org/ius-release.rpm + +- name: Install selinux and firewalld python bindings + become: true + block: + - name: Install python bindings using DNF + when: ansible_distribution == "Fedora" + dnf: + name: "{{ item }}" + state: latest + with_items: + - libselinux-python + - policycoreutils-python + - python-firewall + - name: Install python bindings using YUM + when: ansible_distribution == "CentOS" + yum: + state: latest + name: + - libselinux-python + - policycoreutils-python + - python-firewall + +- name: Install networkd on CentOS + when: ansible_distribution == "CentOS" + become: true + yum: + state: latest + name: "{{ item }}" + with_items: + - systemd-resolved + - systemd-networkd + +# The directory is deleted ahead of creation to ensure that no old configs +# remain after runnign ansible +- name: Delete networkd config directory + file: + path: /etc/systemd/network + state: absent + +- name: Create the networkd config directory + file: + path: /etc/systemd/network + state: directory + +- name: Make .network files + template: + src: dot.network.j2 + dest: "/etc/systemd/network/{{ item.key }}.network" + with_dict: "{{ networking }}" + +- name: Register static entries + delegate_to: {{ router.address }} + edgeos_config: + save: true + lines: + - set service dhcp-server shared-network-name {{ router.static.server }} subnet {{ router.static.subnet }} static-mapping {{ item.alias | default(inventory_hostname) }} mac-address {{ item.mac }} + - set service dhcp-server shared-network-name {{ router.static.server }} subnet {{ router.static.subnet }} static-mapping {{ item.alias | default(inventory_hostname) }} ip-address {{ item.address }} + +- name: Disable network scripts and NetworkManager + service: + name: "{{ item }}" + enabled: false + with_items: + - network + - NetworkManager + - NetworkManager-wait-online + +- name: Enable systemd-networkd and systemd-resolved + service: + name: "{{ item }}" + enabled: true + state: started + with_items: + - systemd-networkd + - systemd-networkd-wait-online + - systemd-resolved + +- name: Symlink so systemd-resolved uses /etc/resolv.conf + file: + dest: /etc/resolv.conf + src: /run/systemd/resolve/resolv.conf + state: link + force: true + setype: net_conf_t + +- name: Symlink so /etc/resolv.conf uses systemd + file: + dest: /etc/systemd/system/multi-user.target.wants/systemd-resolved.service + src: /usr/lib/systemd/system/systemd-resolved.service + state: link + force: true diff --git a/playbooks/provision-hypervisor.yml b/playbooks/provision-hypervisor.yml new file mode 100644 index 0000000..e69de29 diff --git a/playbooks/templates/network.j2 b/playbooks/templates/network.j2 new file mode 100644 index 0000000..f51356a --- /dev/null +++ b/playbooks/templates/network.j2 @@ -0,0 +1,8 @@ +# ANSIBLE MANAGED FILE - DO NOT EDIT +[Match] +Name={{ item.key }} + +[Network] +DHCP=Yes + +# EOF diff --git a/roles/datastore/tasks/main.yml b/roles/datastore/tasks/main.yml new file mode 100644 index 0000000..2841584 --- /dev/null +++ b/roles/datastore/tasks/main.yml @@ -0,0 +1,45 @@ +--- +- name: Configure firewall for NFS + become: true + firewalld: + immediate: yes + permenant: yes + service: nfs + state: enabled + zone: public + +- name: Install NFS + become: true + when: ansible_distribution == "CentOS" + yum: + name: nfs-utils + state: latest + +- name: Enable NFS server + become: true + service: + name: nfs-server + enabled: true + state: started + +- name: Create exports directory + become: true + file: + path: /share + state: directory + +- name: Symlink shares to exports directory + become: true + file: + dest: /share/{{ item.name }} + src: {{ item.path }} + state: link + +- name: Modify /etc/exports + become: true + lineinfile: + path: /etc/exports + backup: yes + create: true + state: present + line: "/share/{{ item.name }} {{ item.access }}({{ item.permissions }})" diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/hypervisor/tasks/main.yml b/roles/hypervisor/tasks/main.yml new file mode 100644 index 0000000..8e6fa69 --- /dev/null +++ b/roles/hypervisor/tasks/main.yml @@ -0,0 +1,17 @@ +- name: Check system compatibility + when: ansible_distribution != "CentOS" and ansible_distribution != "Red Hat Enterprise Linux" + meta: end_play + debug: + msg: "Hypervisor deployment is only supported on CentOS and RHEL" + +- name: Install OVirt repository + become: true + yum: + name: http://resources.ovirt.org/pub/yum-repo/ovirt-release42.rpm + state: latest + +- name: Install OVirt Engine + become: true + yum: + name: ovirt-engine + state: latest