OpenNebula Ansible Deployment (Technology Preview)

Initial set of optimized OpenNebula deployment playbooks dedicated for public use. Included features: - Ansible Galaxy collection structure - Debian / RedHat-like Linux distros - CE / EE OpenNebula - MariaDB / PostgreSQL - Single / HA Front-end - OneGate Server / Proxy - OneFlow Server - Sunstone and FireEdge Servers - Prometheus Server / Exporters (EE-only) - Grafana Server (EE-only) - OpenNebula KVM Node management (including fixes for Libvirt instances) - Semi-automated Datastore configuration - Semi-automated Datastore symlink management - Semi-automated Networking configuration - Semi-automated Networking IP / bridging management - Auto-generated SSH jumphost / bastion config - Auto-generated SSH keys (password-less login) - Predefined easy-to-use Ansible tags - Markdown documentation for each role - Simple Makefile for handling common tasks - Apache-2.0 License Author: Michal Opala <[email protected]>
OpenNebula · Jun 28, 2023 · 2b52153 · 2b52153
1 parent 4245090
commit 2b52153
Show file tree

Hide file tree

Showing 138 changed files with 4,384 additions and 1 deletion.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,10 @@
+*.swp
+*.tar.gz
+__pycache__/
+/ansible_collections/*
+!/ansible_collections/opennebula/deploy
+/inventory/.one-deploy/
+/inventory/*.yml
+!/inventory/example.yml
+!/inventory/shared.yml
+!/inventory/shared-generic.yml
diff --git a/Makefile b/Makefile
@@ -0,0 +1,42 @@
+SHELL := $(shell which bash)
+SELF  := $(patsubst %/,%,$(dir $(abspath $(firstword $(MAKEFILE_LIST)))))
+
+I         ?= $(SELF)/inventory/example.yml
+INVENTORY ?= $(I)
+
+T    ?=
+TAGS ?= $(T)
+
+S         ?=
+SKIP_TAGS ?= $(S)
+
+V       ?= vv
+VERBOSE ?= $(V)
+
+export
+
+.PHONY: all
+
+all: main
+
+.PHONY: pre site main
+
+pre site main: _TAGS      := $(if $(TAGS),-t $(TAGS),)
+pre site main: _SKIP_TAGS := $(if $(SKIP_TAGS),--skip-tags $(SKIP_TAGS),)
+pre site main: _VERBOSE   := $(if $(VERBOSE),-$(VERBOSE),)
+pre site main:
+	cd $(SELF)/ && ansible-playbook $(_VERBOSE) -i $(INVENTORY) $(_TAGS) $(_SKIP_TAGS) opennebula.deploy.$@
+
+.PHONY: requirements build publish
+
+requirements: $(SELF)/requirements.yml
+	ansible-galaxy collection install --requirements-file $<
+
+build:
+	ansible-galaxy collection build --force --verbose
+
+publish: build
+	shopt -qs failglob && \
+	ansible-galaxy collection publish \
+	"$$(ls -1 $(SELF)/opennebula-deploy-[0-9].[0-9].[0-9].tar.gz | sort --version-sort | tail -n1)" \
+	--api-key="$$(cat $(SELF)/.galaxy-key)"
diff --git a/README.md b/README.md
@@ -1 +1,28 @@
-# one-deploy
+# OpenNebula Ansible Playbooks
+
+The OpenNebula Ansible project consists of a set of playbooks and roles that let you deploy an OpenNebula cloud in a simple and convenient way.
+
+The documentation is organized based on three distinct architectures. We will start with the most straightforward architecture and gradually move towards more complex scenarios. For each scenario, we will provide concise explanations of the configurations implemented on both the platform and OpenNebula.
+
+## Contents
+
+* [Requirements & Platform Notes](../../wiki/sys_reqs)
+* [Using the playbooks](../../wiki/sys_use)
+* Deployments
+  * [Local storage](../../wiki/arch_single_local)
+  * [Shared storage](../../wiki/arch_single_shared)
+  * [High availability front-ends](../../wiki/arch_ha)
+  * [Connect through a bastion host](../../wiki/arch_bastion)
+  * [Other configurations](../../wiki/arch_other)
+* [Verifying the installation](../../wiki/sys_verify)
+* [Playbook reference](../../wiki/sys_reference)
+
+## License
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
+
+## Author Information
+
+Copyright 2002-2023, OpenNebula Project, OpenNebula Systems
diff --git a/ansible.cfg b/ansible.cfg
@@ -0,0 +1,22 @@
+[defaults]
+collections_paths=./ansible_collections/
+inventory=./inventory/example.yml
+gathering=explicit
+host_key_checking=false
+display_skipped_hosts=true
+retry_files_enabled=false
+any_errors_fatal=true
+callbacks_enabled=profile_tasks
+stdout_callback=yaml
+timeout=30
+
+[privilege_escalation]
+become=true
+become_user=root
+
+[ssh_connection]
+pipelining=true
+# Uncomment to disable bastion:
+ssh_args=-q -o ControlMaster=auto -o ControlPersist=60s
+# Uncomment to enable bastion:
+#ssh_args=-q -o ControlMaster=auto -o ControlPersist=60s -F inventory/.one-deploy/bastion
diff --git a/ansible_collections/opennebula/deploy b/ansible_collections/opennebula/deploy
@@ -0,0 +1 @@
+../../
diff --git a/galaxy.yml b/galaxy.yml
@@ -0,0 +1,27 @@
+---
+namespace: opennebula
+name: deploy
+version: 0.0.1
+
+readme: README.md
+
+authors:
+- http://opennebula.io <[email protected]>
+description: HA DEPLOYMENT FOR OPENNEBULA (ANSIBLE)
+
+license: []
+license_file: LICENSE
+
+tags: []
+dependencies: {}
+
+repository: https://github.com/OpenNebula/one-deploy
+documentation: https://github.com/OpenNebula/one-deploy
+homepage: https://github.com/OpenNebula/one-deploy
+issues: https://github.com/OpenNebula/one-deploy/issues
+
+build_ignore:
+- .gitignore
+- .galaxy-key
+- inventory
+- ansible_collections
diff --git a/inventory/example.yml b/inventory/example.yml
@@ -0,0 +1,67 @@
+---
+all:
+  vars:
+    env_name: example
+    ansible_user: example
+    ensure_keys_for: [example, root]
+    one_version: '6.6'
+    one_token: example:example
+    features:
+      gateproxy: true
+      prometheus: false
+    one_vip: 10.11.12.69
+    one_vip_cidr: 24
+    one_vip_if: eth0
+    vn:
+      service:
+        managed: true
+        template:
+          VN_MAD: bridge
+          PHYDEV: eth0
+          BRIDGE: br0
+          AR:
+            TYPE: IP4
+            IP: 10.11.12.200
+            SIZE: 48
+          NETWORK_ADDRESS: 10.11.12.0
+          NETWORK_MASK: 255.255.255.0
+          GATEWAY: 10.11.12.1
+          DNS: 1.1.1.1
+      vm:
+        managed: true
+        template:
+          VN_MAD: bridge
+          PHYDEV: eth1
+          AR:
+            TYPE: IP4
+            IP: 192.168.150.200
+            SIZE: 48
+          NETWORK_ADDRESS: 192.168.150.0
+          NETWORK_MASK: 255.255.255.0
+    ds:
+      mode: ssh
+      config:
+        mounts:
+          - type: image
+            path: /opt/nfs0/1/
+          - type: file
+            path: /opt/nfs0/2/
+
+bastion:
+  hosts:
+    b1: { ansible_host: 10.11.12.10 }
+
+frontend:
+  hosts:
+    f1: { ansible_host: 10.11.12.10 }
+    f2: { ansible_host: 10.11.12.20 }
+    f3: { ansible_host: 10.11.12.30 }
+
+node:
+  hosts:
+    n1: { ansible_host: 10.11.12.40 }
+    n2: { ansible_host: 10.11.12.50 }
+
+grafana:
+  hosts:
+    f1: { ansible_host: 10.11.12.10 }
diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
@@ -0,0 +1,2 @@
+---
+ansible_python_interpreter: /usr/bin/python3
diff --git a/inventory/local.yml b/inventory/local.yml
@@ -0,0 +1,32 @@
+---
+all:
+  vars:
+    ansible_user: root
+    one_version: '6.6'
+    one_pass: opennebulapass
+    ds:
+      mode: ssh
+    vn:
+      admin_net:
+        managed: true
+        template:
+          VN_MAD: bridge
+          PHYDEV: eth0
+          BRIDGE: br0
+          AR:
+            TYPE: IP4
+            IP: 172.20.0.100
+            SIZE: 48
+          NETWORK_ADDRESS: 172.20.0.0
+          NETWORK_MASK: 255.255.255.0
+          GATEWAY: 172.20.0.1
+          DNS: 1.1.1.1
+
+frontend:
+  hosts:
+    f1: { ansible_host: 172.20.0.6 }
+
+node:
+  hosts:
+    n1: { ansible_host: 172.20.0.7 }
+    n2: { ansible_host: 172.20.0.8 }
diff --git a/inventory/shared-generic.yml b/inventory/shared-generic.yml
@@ -0,0 +1,72 @@
+---
+all:
+  vars:
+    env_name: shared
+    ansible_python_interpreter: /usr/bin/python3
+    ansible_user: example
+    ensure_keys_for: [example, root]
+    one_version: '6.6'
+    one_token: example:example
+    one_vip: 10.11.12.69
+    one_vip_cidr: 24
+    one_vip_if: eth0
+    ds:
+      mode: generic
+      config:
+        SYSTEM_DS:
+          system:
+            enabled: false
+          system1:
+            id: 100
+            managed: true
+            enabled: true
+            symlink:
+              groups: [node]
+              src: /opt/nfs1/100/
+            template: &template
+              TYPE: SYSTEM_DS
+              TM_MAD: shared
+              BRIDGE_LIST: "{{ groups.node | map('extract', hostvars, ['ansible_host']) | join(' ') }}"
+          system2:
+            id: 101
+            managed: true
+            enabled: true
+            symlink:
+              groups: [node]
+              src: /opt/nfs2/101/
+            template: *template
+          system3:
+            id: 102
+            managed: true
+            enabled: true
+            symlink:
+              groups: [node]
+              src: /opt/nfs3/102/
+            template: *template
+        IMAGE_DS:
+          default:
+            symlink: { src: /opt/nfs0/1/ }
+            template:
+              TM_MAD: shared
+        FILE_DS:
+          files:
+            symlink: { src: /opt/nfs0/2/ }
+
+bastion:
+  hosts:
+    b1: { ansible_host: 10.11.12.10 }
+
+frontend:
+  hosts:
+    f1: { ansible_host: 10.11.12.10 }
+    f2: { ansible_host: 10.11.12.20 }
+    f3: { ansible_host: 10.11.12.30 }
+
+node:
+  hosts:
+    n1: { ansible_host: 10.11.12.40 }
+    n2: { ansible_host: 10.11.12.50 }
+
+grafana:
+  hosts:
+    f1: { ansible_host: 10.11.12.10 }
diff --git a/inventory/shared.yml b/inventory/shared.yml
@@ -0,0 +1,40 @@
+---
+all:
+  vars:
+    ansible_user: root
+    one_version: '6.6'
+    one_pass: opennebulapass
+    ds:
+      mode: shared
+      config:
+        mounts:
+        - type: system
+          path: /mnt/0
+        - type: image
+          path: /mnt/1
+        - type: files
+          path: /mnt/2
+    vn:
+      admin_net:
+        managed: true
+        template:
+          VN_MAD: bridge
+          PHYDEV: eth0
+          BRIDGE: br0
+          AR:
+            TYPE: IP4
+            IP: 172.20.0.100
+            SIZE: 48
+          NETWORK_ADDRESS: 172.20.0.0
+          NETWORK_MASK: 255.255.255.0
+          GATEWAY: 172.20.0.1
+          DNS: 1.1.1.1
+
+frontend:
+  hosts:
+    f1: { ansible_host: 172.20.0.6 }
+
+node:
+  hosts:
+    n1: { ansible_host: 172.20.0.7 }
+    n2: { ansible_host: 172.20.0.8 }
diff --git a/meta/runtime.yml b/meta/runtime.yml
@@ -0,0 +1,2 @@
+---
+requires_ansible: ">=2.14.0"
diff --git a/playbooks/main.yml b/playbooks/main.yml
@@ -0,0 +1,3 @@
+---
+- ansible.builtin.import_playbook: opennebula.deploy.pre
+- ansible.builtin.import_playbook: opennebula.deploy.site
diff --git a/playbooks/pre.yml b/playbooks/pre.yml
@@ -0,0 +1,28 @@
+---
+- hosts: "{{ bastion_group | d('bastion') }}"
+  collections:
+    - opennebula.deploy
+  roles:
+    - role: bastion
+      delegate_to: localhost
+      become: false
+      tags: [bastion]
+
+- hosts: "{{ frontend_group | d('frontend') }}:{{ node_group | d('node') }}"
+  strategy: linear
+  collections:
+    - opennebula.deploy
+  roles:
+    - role: helper/python3
+
+- hosts: "{{ frontend_group | d('frontend') }}:{{ node_group | d('node') }}"
+  collections:
+    - opennebula.deploy
+  roles:
+    - role: helper/facts
+      tags: [always]
+
+    - role: precheck
+
+    - role: helper/keys
+      tags: [keys]
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		---
		ansible_python_interpreter: /usr/bin/python3