Ongoing work to establish working baseline

group_vars/all.yml

@@ -5,7 +5,9 @@ domain: net.enp.one
 
 router:
   address: router.tre2.local
-  dhcp_server: DOMAIN
+  static:
+    server: DOMAIN
+    subnet: 10.42.101.0/24
 
 users:
   # - name: username (required)

omni.yml

@@ -6,24 +6,24 @@ servers:
     enable_ssh_password_auth: False
     enable_sudo_password: True
   hosts:
-    alpha:
+    romulus.net.enp.one:
-      vars:
-        description: "LDAP and Central Administration Server"
-        netowrking:
-          eth0: ["10.42.101.101/24"]
-    apex:
-      vars:
-        description: "VPN and Reverse Proxy Server"
-        networking:
-          eth0: ["10.42.101.100/24"]
-    potentia:
       vars:
         description: "Primary Hypervisor"
         networking:
-          eth0: ["10.42.101.10/24"]
+          em1:
-    omni-nimbus-1:
+            address: "10.42.101.20"
+            mac: "d4:ae:52:b1:a7:70"
+          em2:
+            address: "10.42.101.21"
+            mac: "d4:ae:52:b1:a7:71"
+            alias: "vmhost-1"
+    novis.net.enp.one:
       vars:
-        description: "Digital Ocean Cloud Server"
+        description: "Secondary Datastore"
+        networking:
+          enp2s0:
+            address: "10.42.101.40"
+            mac: ""
 
 vms:
   vars:

playbooks/common.yml

@@ -0,0 +1,114 @@
+---
+- name: Set hostname
+  become: true
+  hostname:
+    name: "{{ default_host if default_host is defined else inventory_hostname }}"
+
+- name: Install CentOS-specific repositories
+  become: true
+  when: ansible_distribution == "CentOS"
+  block:
+    - name: Enable Extra Packages for Enterprise Linux
+      yum_repository:
+        name: epel
+        description: Extra Packages for Enterprise Linux
+        baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
+    - name: Install Extra Packages for Enterprise Linux GPG key
+      rpm_key:
+        state: present
+        key: https://archive.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
+    - name: Enable Inline with Upstream Stable
+      yum:
+        state: latest
+        name: https://centos7.iuscommunity.org/ius-release.rpm
+
+- name: Install selinux and firewalld python bindings
+  become: true
+  block:
+    - name: Install python bindings using DNF
+      when: ansible_distribution == "Fedora"
+      dnf:
+        name: "{{ item }}"
+        state: latest
+      with_items:
+        - libselinux-python
+        - policycoreutils-python
+        - python-firewall
+    - name: Install python bindings using YUM
+      when: ansible_distribution == "CentOS"
+      yum:
+        state: latest
+        name:
+          - libselinux-python
+          - policycoreutils-python
+          - python-firewall
+
+- name: Install networkd on CentOS
+  when: ansible_distribution == "CentOS"
+  become: true
+  yum:
+    state: latest
+    name: "{{ item }}"
+  with_items:
+    - systemd-resolved
+    - systemd-networkd
+
+# The directory is deleted ahead of creation to ensure that no old configs
+# remain after runnign ansible
+- name: Delete networkd config directory
+  file:
+    path: /etc/systemd/network
+    state: absent
+
+- name: Create the networkd config directory
+  file:
+    path: /etc/systemd/network
+    state: directory
+
+- name: Make .network files
+  template:
+    src: dot.network.j2
+    dest: "/etc/systemd/network/{{ item.key }}.network"
+  with_dict: "{{ networking }}"
+
+- name: Register static entries
+  delegate_to: {{ router.address }}
+  edgeos_config:
+    save: true
+    lines:
+      - set service dhcp-server shared-network-name {{ router.static.server }} subnet {{ router.static.subnet }} static-mapping {{ item.alias | default(inventory_hostname) }} mac-address {{ item.mac }}
+      - set service dhcp-server shared-network-name {{ router.static.server }} subnet {{ router.static.subnet }} static-mapping {{ item.alias | default(inventory_hostname) }} ip-address {{ item.address }}
+
+- name: Disable network scripts and NetworkManager
+  service:
+    name: "{{ item }}"
+    enabled: false
+  with_items:
+    - network
+    - NetworkManager
+    - NetworkManager-wait-online
+
+- name: Enable systemd-networkd and systemd-resolved
+  service:
+    name: "{{ item }}"
+    enabled: true
+    state: started
+  with_items:
+    - systemd-networkd
+    - systemd-networkd-wait-online
+    - systemd-resolved
+
+- name: Symlink so systemd-resolved uses /etc/resolv.conf
+  file:
+    dest: /etc/resolv.conf
+    src: /run/systemd/resolve/resolv.conf
+    state: link
+    force: true
+    setype: net_conf_t
+
+- name: Symlink so /etc/resolv.conf uses systemd
+  file:
+    dest: /etc/systemd/system/multi-user.target.wants/systemd-resolved.service
+    src: /usr/lib/systemd/system/systemd-resolved.service
+    state: link
+    force: true

playbooks/templates/network.j2

@@ -0,0 +1,8 @@
+# ANSIBLE MANAGED FILE - DO NOT EDIT
+[Match]
+Name={{ item.key }}
+
+[Network]
+DHCP=Yes
+
+# EOF

roles/datastore/tasks/main.yml

@@ -0,0 +1,45 @@
+---
+- name: Configure firewall for NFS
+  become: true
+  firewalld:
+    immediate: yes
+    permenant: yes
+    service: nfs
+    state: enabled
+    zone: public
+
+- name: Install NFS
+  become: true
+  when: ansible_distribution == "CentOS"
+  yum:
+    name: nfs-utils
+    state: latest
+
+- name: Enable NFS server
+  become: true
+  service:
+    name: nfs-server
+    enabled: true
+    state: started
+
+- name: Create exports directory
+  become: true
+  file:
+    path: /share
+    state: directory
+
+- name: Symlink shares to exports directory
+  become: true
+  file:
+    dest: /share/{{ item.name }}
+    src: {{ item.path }}
+    state: link
+
+- name: Modify /etc/exports
+  become: true
+  lineinfile:
+    path: /etc/exports
+    backup: yes
+    create: true
+    state: present
+    line: "/share/{{ item.name }} {{ item.access }}({{ item.permissions }})"

roles/hypervisor/tasks/main.yml

@@ -0,0 +1,17 @@
+- name: Check system compatibility
+  when: ansible_distribution != "CentOS" and ansible_distribution != "Red Hat Enterprise Linux"
+  meta: end_play
+  debug:
+    msg: "Hypervisor deployment is only supported on CentOS and RHEL"
+
+- name: Install OVirt repository
+  become: true
+  yum:
+    name: http://resources.ovirt.org/pub/yum-repo/ovirt-release42.rpm
+    state: latest
+
+- name: Install OVirt Engine
+  become: true
+  yum:
+    name: ovirt-engine
+    state: latest