diff options
Diffstat (limited to 'ansible/deployment_poc/tasks')
23 files changed, 353 insertions, 30 deletions
diff --git a/ansible/deployment_poc/tasks/configure_dhcp.yml b/ansible/deployment_poc/tasks/configure_dhcp.yml index 9802b0e..1be9fcd 100644 --- a/ansible/deployment_poc/tasks/configure_dhcp.yml +++ b/ansible/deployment_poc/tasks/configure_dhcp.yml @@ -1,7 +1,7 @@ --- - name: Configure DHCP block: - - name: Query DHCP server + - name: Set DHCP host OS set_fact: dhcp_os: "{{ hostvars[dhcp_host]['platforms'][0] }}" @@ -15,7 +15,16 @@ become: yes become_method: doas when: dhcp_os == 'openbsd-x86_64' - + + - name: Restart dhcpd + ansible.builtin.command: + argv: + - /usr/bin/doas + - rcctl + - restart + - dhcpd + when: dhcp_os == 'openbsd-x86_64' + - name: Insert DHCP static mapping vyos.vyos.vyos_config: backup: yes diff --git a/ansible/deployment_poc/tasks/configure_dns.yml b/ansible/deployment_poc/tasks/configure_dns.yml new file mode 100644 index 0000000..6f1896c --- /dev/null +++ b/ansible/deployment_poc/tasks/configure_dns.yml @@ -0,0 +1,44 @@ +--- +- name: Configure DNS + block: + - name: Set FQDNs + set_fact: + dns_fqdn: "{{ lookup('community.general.dig', dns_ip + '/PTR') }}" + vm_fqdn: "{{ vm_name + '.' + namespace }}" + + - name: Gather DNS hostname and zonename + set_fact: + dns_host: "{{ dns_fqdn.split('.')[0] }}" + zone: "{{ namespace.split('.')[1] + '.' + namespace.split('.')[2] }}" + + - name: Set DNS host OS + set_fact: + dns_os: "{{ hostvars[dns_host]['platforms'][0] }}" + + - name: Insert DNS record + ansible.builtin.blockinfile: + #backup: yes + block: "{{ lookup('template', '../templates/nsd_zone.j2') }}" + marker: "; {mark} Ansible managed block for {{ vm_name }}" + path: "/var/nsd/zones/master/{{ zone }}.zone" + when: dns_os == 'openbsd-x86_64' + delegate_to: "{{ dns_host }}" + + - name: Insert DNS static host mapping + vyos.vyos.vyos_config: + backup: yes + backup_options: + dir_path: "/tmp/" + comment: "Configured as part of {{ vm_name }} deployment" + lines: + - "set system static-host-mapping host-name {{ vm_fqdn }} inet {{ ip_address }}" + - "set system static-host-mapping host-name {{ vm_fqdn }} alias {{ vm_name }}" + save: no # CHANGE BEFORE ROLLOUT + when: dns_os == 'vyos-x86_64' + delegate_to: "{{ dns_host }}" + + always: + - name: Debug + ansible.builtin.debug: + msg: "{{ dns_ip if dns_ip is defined }} - {{ dns_host if dns_host is defined }} - {{ dns_fqdn if dns_fqdn is defined }} - {{ dns_os if dns_os is defined }} - {{ vm_fqdn if vm_fqdn is defined }} - {{ zone if zone is defined }}" + diff --git a/ansible/deployment_poc/tasks/configure_dps.yml b/ansible/deployment_poc/tasks/configure_dps.yml new file mode 100644 index 0000000..1b610b0 --- /dev/null +++ b/ansible/deployment_poc/tasks/configure_dps.yml @@ -0,0 +1,54 @@ +--- +- name: Configure Deployment Server + block: + - name: Set DP host OS + set_fact: + dp_os: "{{ hostvars[deployment_host]['platforms'][0] }}" + + - name: Prepare Grub host file + ansible.builtin.template: + src: ../templates/grub.j2 + dest: "/srv/www/boot/hosts/{{ ip_address }}.cfg" + group: wheel + mode: '0444' #consider 0440 if group is changed to one shared by admins and webserver service user + when: dp_os == 'fedora-x86_64' or dp_os == 'openSUSE-Leap-x86_64' + + - name: Prepare unattended installation + ansible.builtin.template: + src: "../templates/autoinst_{{ namespace }}.xml.j2" + dest: "/srv/www/autoinst_{{ vm_name }}.xml" + group: wheel + mode: '0444' #consider 0440 if group is changed to one shared by admins and webserver service user + when: dp_os == 'fedora-x86_64' or dp_os == 'openSUSE-Leap-x86_64' + + - name: Prepare Grub host file for http + ansible.builtin.template: + src: ../templates/grub.j2 + dest: "/var/www/htdocs/www/boot/hosts/{{ ip_address }}.cfg" + group: wheel + mode: '0444' #consider 0440 if group is changed to one shared by admins and webserver service user + when: dp_os == 'openbsd-x86_64' + + - name: Prepare Grub host file for tftp + ansible.builtin.template: + src: ../templates/grub.j2 + dest: "/tftpboot/boot/hosts/{{ ip_address }}.cfg" + group: wheel + mode: '0444' + when: dp_os == 'openbsd-x86_64' + + - name: Generate LUKS passphrase + set_fact: + luks_passphrase: "{{ lookup('password', '/dev/null', length=15, chars=hexdigits, seed=inventory_hostname) }}" + + - name: Prepare unattended installation + ansible.builtin.template: + src: "../templates/autoinst_{{ namespace }}.xml.j2" + dest: "/var/www/htdocs/www/autoinst_{{ vm_name }}.xml" + group: wheel + mode: '0444' #consider 0440 if group is changed to one shared by admins and webserver service user + when: dp_os == 'openbsd-x86_64' + + delegate_to: "{{ deployment_host }}" + tags: + - init_dp diff --git a/ansible/deployment_poc/tasks/configure_libvirt.yml b/ansible/deployment_poc/tasks/configure_libvirt.yml index b3e49b6..3b20529 100644 --- a/ansible/deployment_poc/tasks/configure_libvirt.yml +++ b/ansible/deployment_poc/tasks/configure_libvirt.yml @@ -1,28 +1,6 @@ --- - name: Provision VM block: - - name: Create domain template - ansible.builtin.template: - src: "../templates/libvirt-template.xml.j2" - dest: "../templates/libvirt-{{ inventory_hostname }}.xml" - group: lysergic - mode: '0660' - - - name: Create storage template - ansible.builtin.template: - src: "../templates/libvirt-storage-template.xml.j2" - dest: "../templates/generated/libvirt-storage-{{ inventory_hostname }}.xml" - group: lysergic - mode: '0660' - - - name: Define domain - virt: - uri: "{{ libvirt_url }}" - command: define - xml: "{{ lookup('template', '../templates/libvirt-template.xml.j2') }}" - autostart: no - # delegate_to: localhost - - name: Query volumes ansible.builtin.command: argv: @@ -34,6 +12,14 @@ register: volumes no_log: true + - name: Create storage template + ansible.builtin.template: + src: "../templates/libvirt-storage-template.xml.j2" + dest: "../templates/generated/libvirt-storage-{{ inventory_hostname }}.xml" + group: lysergic + mode: '0660' + when: vm_name not in volumes.stdout + - name: Define volume ansible.builtin.command: argv: @@ -45,8 +31,40 @@ - "../templates/generated/libvirt-storage-{{ inventory_hostname }}.xml" when: vm_name not in volumes.stdout + # https://gitlab.com/libvirt/libvirt/-/issues/135 + - name: Fetch volume path + ansible.builtin.command: + argv: + - /usr/bin/virsh + - -c + - "{{ libvirt_url }}" + - vol-path + - --pool + - "{{ storage.name }}" + - "{{ inventory_hostname }}_root_disk.qcow2" + register: volpath + + - name: Store volume path + set_fact: + volume_path: "{{ volpath.stdout }}" + + - name: Create domain template + ansible.builtin.template: + src: "../templates/libvirt-template.xml.j2" + dest: "../templates/libvirt-{{ inventory_hostname }}.xml" + group: lysergic + mode: '0660' + + - name: Define domain + community.libvirt.virt: + uri: "{{ libvirt_url }}" + command: define + xml: "{{ lookup('template', '../templates/libvirt-template.xml.j2') }}" + autostart: no + # delegate_to: localhost + - name: Fetch MAC address - ansible.builtin.shell: "/usr/bin/virsh -c {{ libvirt_url }} domiflist {{ vm_name }} | awk '{print $5}' | cut -d/ -f 1 | tail -n 2 | head -n1" # ewww :-( + ansible.builtin.shell: "/usr/bin/virsh -c {{ libvirt_url }} domiflist {{ vm_name }} | awk '{print $5}' | cut -d/ -f 1 | tail -n 2 | head -n 1" # ewww :-( register: domiflist_mac - name: Store MAC address diff --git a/ansible/deployment_poc/tasks/init_dns.yml b/ansible/deployment_poc/tasks/init_dns.yml new file mode 100644 index 0000000..d3259b9 --- /dev/null +++ b/ansible/deployment_poc/tasks/init_dns.yml @@ -0,0 +1,7 @@ +--- +- name: Initialize DNS configurator + include_tasks: "../tasks/configure_dns.yml" + vars: + dns_ip: "{{ item }}" + with_items: "{{ dns_servers }}" + diff --git a/ansible/deployment_poc/tasks/init_dps.yml b/ansible/deployment_poc/tasks/init_dps.yml new file mode 100644 index 0000000..43742b6 --- /dev/null +++ b/ansible/deployment_poc/tasks/init_dps.yml @@ -0,0 +1,9 @@ +--- +- name: Initialize Deployment Server configurator + include_tasks: "../tasks/configure_dps.yml" + vars: + deployment_host: "{{ item }}" + with_items: "{{ deployment_servers }}" + tags: + - init_dp + diff --git a/ansible/deployment_poc/tasks/init_vm_console.yml b/ansible/deployment_poc/tasks/init_vm_console.yml new file mode 100644 index 0000000..1007c90 --- /dev/null +++ b/ansible/deployment_poc/tasks/init_vm_console.yml @@ -0,0 +1,39 @@ +--- +- name: Start VM and attach console inside tmux + block: + - name: Start VM + community.libvirt.virt: + uri: "{{ libvirt_url }}" + command: start + name: "{{ vm_name }}" + state: running + + - name: Spawn tmux session + ansible.builtin.command: + argv: + - /usr/bin/tmux + - -S + - /tmp/ansible + - new-session + - -d + - -s + - "{{ vm_name }}" + + - name: Attach console inside tmux + ansible.builtin.command: + argv: + - /usr/bin/tmux + - -S + - /tmp/ansible + - new-window + - -t + - "{{ vm_name }}" + - /usr/bin/virsh + - -c + - "{{ libvirt_url }}" + - console + - "{{ vm_name }}" + + delegate_to: localhost + + diff --git a/ansible/deployment_poc/tasks/netbox_evaluate_cluster.yml b/ansible/deployment_poc/tasks/netbox_evaluate_cluster.yml index 1e8b07f..f53eef1 100644 --- a/ansible/deployment_poc/tasks/netbox_evaluate_cluster.yml +++ b/ansible/deployment_poc/tasks/netbox_evaluate_cluster.yml @@ -30,11 +30,16 @@ - name: Evaluate cluster host configuration set_fact: storage: "{{ host_choice.config_context.storage[0] }}" - #deployment_servers: "{{ host_choice.config_context.deployment_servers }}" + deployment_servers: "{{ host_choice.config_context.deployment_servers }}" dhcp_servers: "{{ host_choice.config_context.dhcp_servers }}" dns_servers: "{{ host_choice.config_context.dns_servers }}" + namespace: "{{ host_choice.config_context.namespace }}" + gateway: "{{ host_choice.config_context.gateway }}" when: host_status == 'active' + tags: + - init_dp + rescue: - name: Check retry counter fail: diff --git a/ansible/deployment_poc/tasks/netbox_evaluate_interface.yml b/ansible/deployment_poc/tasks/netbox_evaluate_interface.yml new file mode 100644 index 0000000..b6fd428 --- /dev/null +++ b/ansible/deployment_poc/tasks/netbox_evaluate_interface.yml @@ -0,0 +1,10 @@ +--- +- name: Register interface ID + set_fact: + ifid: '{{ nb_interface_2.json.results[0].id }}' + when: "nb_interface_1.status|int == 400" + +- name: Register interface ID + set_fact: + ifid: '{{ nb_interface_1.json.id }}' + when: "nb_interface_1.status|int == 201" diff --git a/ansible/deployment_poc/tasks/netbox_evaluate_ip.yml b/ansible/deployment_poc/tasks/netbox_evaluate_ip.yml index 828b15e..fd0399e 100644 --- a/ansible/deployment_poc/tasks/netbox_evaluate_ip.yml +++ b/ansible/deployment_poc/tasks/netbox_evaluate_ip.yml @@ -1,5 +1,17 @@ --- -- name: Define IP address +- name: Define existing IP address set_fact: - ip_address: "{{ nb_ip.json[0].address | ansible.netcommon.ipaddr('address') }}" + ip_address: "{{ nb_ip_1.json.results[0].address | ansible.netcommon.ipaddr('address') }}" + ip_address_cidr: "{{ nb_ip_1.json.results[0].address }}" + ip_address_type: "existing" + ipid: "{{ nb_ip_1.json.results[0].id }}" + when: "nb_ip_1.status|int == 200 and nb_ip_1.json.count|int != 0 and (nb_ip_1.json.results[0].status is defined and nb_ip_1.json.results[0].status.value == 'active')" +- name: Define new IP address + set_fact: + ip_address: "{{ nb_ip_2.json[0].address | ansible.netcommon.ipaddr('address') }}" + ip_address_cidr: "{{ nb_ip_2.json[0].address }}" + ip_address_type: "new" + when: "nb_ip_2.status is defined and nb_ip_2.status|int == 200" + tags: + - init_dp diff --git a/ansible/deployment_poc/tasks/netbox_evaluate_prefix.yml b/ansible/deployment_poc/tasks/netbox_evaluate_prefix.yml index 74983e4..e07aed9 100644 --- a/ansible/deployment_poc/tasks/netbox_evaluate_prefix.yml +++ b/ansible/deployment_poc/tasks/netbox_evaluate_prefix.yml @@ -3,4 +3,6 @@ set_fact: prefix_id: "{{ nb_prefix.json.results[0].id }}" prefix_display: "{{ nb_prefix.json.results[0].display }}" + tags: + - init_dp diff --git a/ansible/deployment_poc/tasks/netbox_evaluate_site.yml b/ansible/deployment_poc/tasks/netbox_evaluate_site.yml index abd5347..d09d2cd 100644 --- a/ansible/deployment_poc/tasks/netbox_evaluate_site.yml +++ b/ansible/deployment_poc/tasks/netbox_evaluate_site.yml @@ -2,4 +2,6 @@ - name: Gather site configuration set_fact: site_id: "{{ nb_site.json.results[0].id }}" + tags: + - init_dp diff --git a/ansible/deployment_poc/tasks/netbox_evaluate_vm.yml b/ansible/deployment_poc/tasks/netbox_evaluate_vm.yml index 8188024..c320bce 100644 --- a/ansible/deployment_poc/tasks/netbox_evaluate_vm.yml +++ b/ansible/deployment_poc/tasks/netbox_evaluate_vm.yml @@ -10,6 +10,8 @@ # set_fact: # memory: "{{ nb_vm.json.results[0].memory }}" # disk: "{{ nb_vm.json.results[0].disk }}" + tags: + - init_dp - name: Pick metadata set_fact: @@ -20,4 +22,6 @@ # # not needed, part of hostvars # #tags: "{{ nb_vm.json.results[0].tags[0].slug }}" # #tags: "{{ nb_vm.json.results[0].tags | sum(start=[]) | map(attribute='slug') }}" + tags: + - init_dp diff --git a/ansible/deployment_poc/tasks/netbox_init_interface.yml b/ansible/deployment_poc/tasks/netbox_init_interface.yml new file mode 100644 index 0000000..7d6f9f4 --- /dev/null +++ b/ansible/deployment_poc/tasks/netbox_init_interface.yml @@ -0,0 +1,20 @@ +--- +- name: Create VM interface objects + ansible.builtin.uri: + url: "{{ endpoint }}/virtualization/interfaces/" + client_cert: "{{ cert }}" + client_key: "{{ key }}" + method: POST + return_content: yes + status_code: + - 201 + - 400 #interface name already exists. is there an elegant way to limit 400 to this particular case? regex parsing the response text for "The fields virtual_machine, name must make a unique set." would be ugly. + headers: + Accept: application/json + Authorization: "Token {{ token }}" + body_format: json + body: ' {"virtual_machine": {{ id }}, "name": "eth0", "enabled": true, "mac_address": "{{ mac_address }}", "mode": "access"}' + register: nb_interface_1 + delegate_to: localhost + #no_log: true + diff --git a/ansible/deployment_poc/tasks/netbox_init_ip.yml b/ansible/deployment_poc/tasks/netbox_init_ip.yml new file mode 100644 index 0000000..5db97f4 --- /dev/null +++ b/ansible/deployment_poc/tasks/netbox_init_ip.yml @@ -0,0 +1,20 @@ +--- +- name: Create IP address object + ansible.builtin.uri: + url: "{{ endpoint }}/ipam/ip-addresses/" + client_cert: "{{ cert }}" + client_key: "{{ key }}" + method: POST + return_content: yes + status_code: + - 201 + - 400 + headers: + Accept: application/json + Authorization: "Token {{ token }}" + body_format: json + body: ' {"address": "{{ ip_address_cidr }}", "tenant": 1, "status": "active", "assigned_object_type": "virtualization.vminterface", "assigned_object_id": {{ ifid }}, "dns_name": "{{ vm_fqdn }}"}' + register: nb_ip_3 + when: "ip_address_type|string == 'new'" + delegate_to: localhost + diff --git a/ansible/deployment_poc/tasks/netbox_primaryip.yml b/ansible/deployment_poc/tasks/netbox_primaryip.yml new file mode 100644 index 0000000..1b319dc --- /dev/null +++ b/ansible/deployment_poc/tasks/netbox_primaryip.yml @@ -0,0 +1,20 @@ +--- +- name: Register IP address object ID #only for new addresses, existing ones have ipid set in _evaluate_ip.yml + set_fact: + ipid: "{{ nb_ip_3.json.id }}" + when: "ip_address_type|string == 'new'" + +- name: Set primary IPv4 address + ansible.builtin.uri: + url: "{{ endpoint }}/virtualization/virtual-machines/{{ id }}/" + client_cert: "{{ cert }}" + client_key: "{{ key }}" + method: PATCH + return_content: yes + headers: + Accept: application/json + Authorization: "Token {{ token }}" + body_format: json + body: ' {"primary_ip4": {{ ipid }}}' + delegate_to: localhost + diff --git a/ansible/deployment_poc/tasks/netbox_query_cluster.yml b/ansible/deployment_poc/tasks/netbox_query_cluster.yml index 1f948d1..a5b6fe0 100644 --- a/ansible/deployment_poc/tasks/netbox_query_cluster.yml +++ b/ansible/deployment_poc/tasks/netbox_query_cluster.yml @@ -11,4 +11,5 @@ Authorization: "Token {{ token }}" register: nb_hosts delegate_to: localhost - + tags: + - init_dp diff --git a/ansible/deployment_poc/tasks/netbox_query_interface.yml b/ansible/deployment_poc/tasks/netbox_query_interface.yml new file mode 100644 index 0000000..7ad7c63 --- /dev/null +++ b/ansible/deployment_poc/tasks/netbox_query_interface.yml @@ -0,0 +1,15 @@ +--- +- name: Query existing interface + ansible.builtin.uri: + url: "{{ endpoint }}/virtualization/interfaces/?name=eth0&virtual_machine_id={{ id }}" + client_cert: "{{ cert }}" + client_key: "{{ key }}" + method: GET + return_content: yes + headers: + Accept: application/json + Authorization: "Token {{ token }}" + register: nb_interface_2 + delegate_to: localhost + when: "nb_interface_1.status|int == 400" + diff --git a/ansible/deployment_poc/tasks/netbox_query_ip.yml b/ansible/deployment_poc/tasks/netbox_query_ip.yml index f0ed7b7..a4cea59 100644 --- a/ansible/deployment_poc/tasks/netbox_query_ip.yml +++ b/ansible/deployment_poc/tasks/netbox_query_ip.yml @@ -1,4 +1,17 @@ --- +- name: Query existing address + ansible.builtin.uri: + url: "{{ endpoint }}/ipam/ip-addresses?virtual_machine_id={{ id }}" + client_cert: "{{ cert }}" + client_key: "{{ key }}" + method: GET + return_content: yes + headers: + Accept: application/json + Authorization: "Token {{ token }}" + register: nb_ip_1 + delegate_to: localhost + - name: Query available address ansible.builtin.uri: url: "{{ endpoint }}/ipam/prefixes/{{ prefix_id }}/available-ips/?limit=1" @@ -9,6 +22,9 @@ headers: Accept: application/json Authorization: "Token {{ token }}" - register: nb_ip + register: nb_ip_2 delegate_to: localhost + when: "nb_ip_1.json.count|int == 0 or (nb_ip_1.json.results[0].status is defined and nb_ip_1.json.results[0].status.value != 'active')" + tags: + - init_dp diff --git a/ansible/deployment_poc/tasks/netbox_query_prefix.yml b/ansible/deployment_poc/tasks/netbox_query_prefix.yml index d0c0990..b039d7d 100644 --- a/ansible/deployment_poc/tasks/netbox_query_prefix.yml +++ b/ansible/deployment_poc/tasks/netbox_query_prefix.yml @@ -11,4 +11,6 @@ Authorization: "Token {{ token }}" register: nb_prefix delegate_to: localhost + tags: + - init_dp diff --git a/ansible/deployment_poc/tasks/netbox_query_site.yml b/ansible/deployment_poc/tasks/netbox_query_site.yml index 5894a6c..65ec180 100644 --- a/ansible/deployment_poc/tasks/netbox_query_site.yml +++ b/ansible/deployment_poc/tasks/netbox_query_site.yml @@ -11,4 +11,6 @@ Authorization: "Token {{ token }}" register: nb_site delegate_to: localhost + tags: + - init_dp diff --git a/ansible/deployment_poc/tasks/netbox_query_vm.yml b/ansible/deployment_poc/tasks/netbox_query_vm.yml index 52308f0..bdf6acb 100644 --- a/ansible/deployment_poc/tasks/netbox_query_vm.yml +++ b/ansible/deployment_poc/tasks/netbox_query_vm.yml @@ -12,4 +12,6 @@ Authorization: "Token {{ token }}" register: nb_vm delegate_to: localhost + tags: + - init_dp diff --git a/ansible/deployment_poc/tasks/wait.yml b/ansible/deployment_poc/tasks/wait.yml new file mode 100644 index 0000000..3f35e55 --- /dev/null +++ b/ansible/deployment_poc/tasks/wait.yml @@ -0,0 +1,10 @@ +--- +- name: Wait for guest to become alive + wait_for: + delay: 240 + connect_timeout: 3 + sleep: 15 + port: 22 + host: '{{ vm_fqdn }}' + search_regex: OpenSSH + connection: local |