Ongoing work to establish working baseline

This commit is contained in:
Ethan N. Paul 2018-11-25 23:33:42 -05:00
parent a5e418f940
commit ba4ce45f96
8 changed files with 201 additions and 15 deletions

View File

@ -5,7 +5,9 @@ domain: net.enp.one
router: router:
address: router.tre2.local address: router.tre2.local
dhcp_server: DOMAIN static:
server: DOMAIN
subnet: 10.42.101.0/24
users: users:
# - name: username (required) # - name: username (required)

View File

@ -6,24 +6,24 @@ servers:
enable_ssh_password_auth: False enable_ssh_password_auth: False
enable_sudo_password: True enable_sudo_password: True
hosts: hosts:
alpha: romulus.net.enp.one:
vars:
description: "LDAP and Central Administration Server"
netowrking:
eth0: ["10.42.101.101/24"]
apex:
vars:
description: "VPN and Reverse Proxy Server"
networking:
eth0: ["10.42.101.100/24"]
potentia:
vars: vars:
description: "Primary Hypervisor" description: "Primary Hypervisor"
networking: networking:
eth0: ["10.42.101.10/24"] em1:
omni-nimbus-1: address: "10.42.101.20"
mac: "d4:ae:52:b1:a7:70"
em2:
address: "10.42.101.21"
mac: "d4:ae:52:b1:a7:71"
alias: "vmhost-1"
novis.net.enp.one:
vars: vars:
description: "Digital Ocean Cloud Server" description: "Secondary Datastore"
networking:
enp2s0:
address: "10.42.101.40"
mac: ""
vms: vms:
vars: vars:

114
playbooks/common.yml Normal file
View File

@ -0,0 +1,114 @@
---
- name: Set hostname
become: true
hostname:
name: "{{ default_host if default_host is defined else inventory_hostname }}"
- name: Install CentOS-specific repositories
become: true
when: ansible_distribution == "CentOS"
block:
- name: Enable Extra Packages for Enterprise Linux
yum_repository:
name: epel
description: Extra Packages for Enterprise Linux
baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
- name: Install Extra Packages for Enterprise Linux GPG key
rpm_key:
state: present
key: https://archive.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
- name: Enable Inline with Upstream Stable
yum:
state: latest
name: https://centos7.iuscommunity.org/ius-release.rpm
- name: Install selinux and firewalld python bindings
become: true
block:
- name: Install python bindings using DNF
when: ansible_distribution == "Fedora"
dnf:
name: "{{ item }}"
state: latest
with_items:
- libselinux-python
- policycoreutils-python
- python-firewall
- name: Install python bindings using YUM
when: ansible_distribution == "CentOS"
yum:
state: latest
name:
- libselinux-python
- policycoreutils-python
- python-firewall
- name: Install networkd on CentOS
when: ansible_distribution == "CentOS"
become: true
yum:
state: latest
name: "{{ item }}"
with_items:
- systemd-resolved
- systemd-networkd
# The directory is deleted ahead of creation to ensure that no old configs
# remain after runnign ansible
- name: Delete networkd config directory
file:
path: /etc/systemd/network
state: absent
- name: Create the networkd config directory
file:
path: /etc/systemd/network
state: directory
- name: Make .network files
template:
src: dot.network.j2
dest: "/etc/systemd/network/{{ item.key }}.network"
with_dict: "{{ networking }}"
- name: Register static entries
delegate_to: {{ router.address }}
edgeos_config:
save: true
lines:
- set service dhcp-server shared-network-name {{ router.static.server }} subnet {{ router.static.subnet }} static-mapping {{ item.alias | default(inventory_hostname) }} mac-address {{ item.mac }}
- set service dhcp-server shared-network-name {{ router.static.server }} subnet {{ router.static.subnet }} static-mapping {{ item.alias | default(inventory_hostname) }} ip-address {{ item.address }}
- name: Disable network scripts and NetworkManager
service:
name: "{{ item }}"
enabled: false
with_items:
- network
- NetworkManager
- NetworkManager-wait-online
- name: Enable systemd-networkd and systemd-resolved
service:
name: "{{ item }}"
enabled: true
state: started
with_items:
- systemd-networkd
- systemd-networkd-wait-online
- systemd-resolved
- name: Symlink so systemd-resolved uses /etc/resolv.conf
file:
dest: /etc/resolv.conf
src: /run/systemd/resolve/resolv.conf
state: link
force: true
setype: net_conf_t
- name: Symlink so /etc/resolv.conf uses systemd
file:
dest: /etc/systemd/system/multi-user.target.wants/systemd-resolved.service
src: /usr/lib/systemd/system/systemd-resolved.service
state: link
force: true

View File

View File

@ -0,0 +1,8 @@
# ANSIBLE MANAGED FILE - DO NOT EDIT
[Match]
Name={{ item.key }}
[Network]
DHCP=Yes
# EOF

View File

@ -0,0 +1,45 @@
---
- name: Configure firewall for NFS
become: true
firewalld:
immediate: yes
permenant: yes
service: nfs
state: enabled
zone: public
- name: Install NFS
become: true
when: ansible_distribution == "CentOS"
yum:
name: nfs-utils
state: latest
- name: Enable NFS server
become: true
service:
name: nfs-server
enabled: true
state: started
- name: Create exports directory
become: true
file:
path: /share
state: directory
- name: Symlink shares to exports directory
become: true
file:
dest: /share/{{ item.name }}
src: {{ item.path }}
state: link
- name: Modify /etc/exports
become: true
lineinfile:
path: /etc/exports
backup: yes
create: true
state: present
line: "/share/{{ item.name }} {{ item.access }}({{ item.permissions }})"

View File

View File

@ -0,0 +1,17 @@
- name: Check system compatibility
when: ansible_distribution != "CentOS" and ansible_distribution != "Red Hat Enterprise Linux"
meta: end_play
debug:
msg: "Hypervisor deployment is only supported on CentOS and RHEL"
- name: Install OVirt repository
become: true
yum:
name: http://resources.ovirt.org/pub/yum-repo/ovirt-release42.rpm
state: latest
- name: Install OVirt Engine
become: true
yum:
name: ovirt-engine
state: latest