Refactor base setup. Add roles for DHCP/DNS.

2020-06-28 10:49:54 -04:00
parent ded4e9279a
commit 5afdb44488
4 changed files with 160 additions and 19 deletions
--- a/buildvm.yml
+++ b/buildvm.yml
@@ -0,0 +1,118 @@
+# Playbook to build new VMs in RHV Cluster
+# Currently only builds RHEL VMs
+- name: Create VMs
+  hosts: cluster_ToalLabRHV
+  connection: local
+  gather_facts: no
+  collections:
+    - netbox.netbox
+  vars:
+    # Workaround to get correct venv python interpreter
+    ansible_python_interpreter: "{{ ansible_playbook_python }}"
+
+  # Never run this, unless specifically enabled
+  # tags:
+  #  - never
+  #  - rebuild
+
+  tasks:
+    - name: Basic Disk Profile
+      set_fact:
+        vm_disks:
+        -  name: '{{ inventory_hostname }}_boot'
+           bootable: true
+           sparse: true
+           descr: '{{ inventory_hostname }} Boot / Root disk'
+           interface: virtio
+           size: '{{ disk|default(40) }}'
+           state: present
+           storage_domain: 'ssdvdo0'
+           activate: true
+      when: vm_disks is not defined
+
+    - name: Create VM Disks
+      ovirt_disk:
+        auth: '{{ ovirt_auth }}'
+        name: '{{ item.name }}'
+        description: '{{ item.descr }}'
+        interface: '{{ item.interface }}'
+        size: '{{ item.size }}'
+        state: '{{ item.state }}'
+        sparse: '{{ item.sparse }}'
+        wait: true
+        storage_domain: '{{ item.storage_domain }}'
+      async: 300
+      poll: 15
+      loop: '{{ vm_disks }}'
+
+
+    - set_fact:
+        nb_query_filter: "slug={{ platform }}"
+    - debug: msg='{{ query("netbox.netbox.nb_lookup", "platforms", api_filter=nb_query_filter, api_endpoint=netbox_api, token=netbox_token)[0].value.name }}'
+
+    - name: Create VM in RHV
+      ovirt_vm:
+        auth: '{{ ovirt_auth }}'
+        name: '{{ inventory_hostname }}'
+        state: present
+        memory: '{{ memory }}MiB'
+        memory_guaranteed: '{{ (memory / 2)|int }}MiB'
+        disks: '{{ vm_disks }}'
+        cpu_cores: '{{ vcpus }}'
+        cluster: '{{ cluster }}'
+        # Damn... This is ugly
+        operating_system: '{{ query("netbox.netbox.nb_lookup", "platforms", api_filter=nb_query_filter, api_endpoint=netbox_api, token=netbox_token)[0].value.name }}'
+        type: server
+        graphical_console:
+          protocol:
+            - vnc
+            - spice
+        boot_devices:
+          - hd
+      async: 300
+      poll: 15
+
+    - name: Assign NIC
+      ovirt_nic:
+        auth: '{{ ovirt_auth }}'
+        interface: virtio
+        mac_address: '{{ item.mac_address|default(omit) }}'
+        name: '{{ item.name }}'
+        profile: ovirtmgmt
+        network: '{{ item.untagged_vlan.name }}' # This is fragile
+        state: '{{ (item.enabled == True) |ternary("plugged","unplugged") }}'
+        linked: yes
+        vm: '{{ inventory_hostname }}'
+      loop: '{{ interfaces }}'
+
+  handlers:
+    - name: PXE Boot
+      ovirt_vm:
+        auth: "{{ ovirt_auth }}"
+        name: "{{ inventory_hostname }}"
+        boot_devices:
+         - network
+        state: running
+      register: vm_build_result
+
+- name: Ensure VM is running and reachable
+  hosts: cluster_ToalLabRHV
+  gather_facts: no
+  connection: local
+  vars:
+    # Hack to work around virtualenv python interpreter
+    ansible_python_interpreter: "{{ ansible_playbook_python }}"
+
+  tasks:
+    - name: VM is running
+      ovirt_vm:
+          auth: "{{ ovirt_auth }}"
+          name: "{{ inventory_hostname }}"
+          state: running
+          boot_devices:
+          - hd
+
+    - name: Wait for SSH to be ready
+      wait_for_connection:
+        timeout: 1800
+        sleep: 5
--- a/monitoring.yml
+++ b/monitoring.yml
@@ -1,15 +1,15 @@
 ---
 - name: Prometheus
-  hosts: podhost1.mgmt.toal.ca # Hard-coded for now
+  hosts: monitor.mgmt.toal.ca # Hard-coded for now
  become: yes
  vars:
    container_image: prom/prometheus
    container_name: prometheus
    container_state: running
    container_firewall_ports:
-      - 9090/tcp
+      - 8090/tcp
    container_run_args: >-
-      -p 9090:9090
+      -p 8090:8090
      -v /home/prometheus/etc:/etc/prometheus:Z
      -v /home/prometheus/data:/prometheus:Z
      -v /home/prometheus/console_libraries:/usr/share/prometheus/console_libraries:Z
@@ -29,9 +29,15 @@
        - /home/prometheus/data
        - /home/prometheus/console_libraries
        - /home/prometheus/console_template
+  post_tasks:
+    - name: Firewall
+      firewalld:
+          state: enabled # required. choices: enabled;disabled;present;absent. Enable or disable a setting. For ports: Should this port accept(enabled) or reject(disabled) connections. The states "present" and "absent" can only be used in zone level operations (i.e. when no other parameters but zone and state are set).
+          permanent: true
+          port: 9090/tcp

 - name: Grafana
-  hosts: podhost1.mgmt.toal.ca # Hard-coded for now
+  hosts: monitor.mgmt.toal.ca # Hard-coded for now
  become: yes
  vars:
    container_image: grafana/grafana
@@ -41,5 +47,21 @@
      - 3000/tcp
    container_run_args: >-
      -p 3000:3000
+      -v /home/grafana/data:/var/lib/grafana:Z
+  pre_tasks:
+    - name: Directories exist
+      file:
+        path: '{{ item }}'
+        state: directory
+        owner: nobody
+        group: nobody
+      loop:
+        - /home/grafana/data
  roles:
    - ikke_t.podman_container_systemd
+  post_tasks:
+    - name: Firewall
+      firewalld:
+          state: enabled # required. choices: enabled;disabled;present;absent. Enable or disable a setting. For ports: Should this port accept(enabled) or reject(disabled) connections. The states "present" and "absent" can only be used in zone level operations (i.e. when no other parameters but zone and state are set).
+          permanent: true
+          port: 3000/tcp
--- a/roles/requirements.yml
+++ b/roles/requirements.yml
@@ -13,4 +13,8 @@
 - name: oatakan.windows_ovirt_guest_agent
 - name: oatakan.windows_virtio
 - name: ikke_t.podman_container_systemd
- name: ikke_t.container_image_cleanup
+- name: ikke_t.container_image_cleanup
+
+# Infra
+- name: bertvv.bind
+- name: bertvv.dhcp  
--- a/roles/toal-common/tasks/main.yml
+++ b/roles/toal-common/tasks/main.yml
@@ -7,36 +7,33 @@
      name: rhel-7-server-rh-common-rpms
      state: present
    when:
-     - ansible_os_family == "RedHat"
     - ansible_distribution_major_version == '7'

-  - name: Guest Tools Repository
-    rhsm_repository:
-      name: rhel-8-for-x86_64-appstream-rpms
-      state: present
-    when:
-     - ansible_os_family == "RedHat"
-     - ansible_distribution_major_version == '8'
-
  - name: Install ovirt-guest-agent on RHV Guests
    yum:
      name: ovirt-guest-agent
      state: present
    notify: Ovirt Agent Restart
    when:
-     - ansible_os_family == "RedHat"
     - ansible_distribution_major_version == '7'

+  - name: Guest Tools Repository
+    rhsm_repository:
+      name: rhel-8-for-x86_64-appstream-rpms
+      state: present
+    when:
+     - ansible_distribution_major_version == '8'
+
  - name: Install qemu-guest agent on RHEL8 Guest
    yum:
      name: qemu-guest-agent
      state: present
    notify: Qemu Agent Restart
    when:
-     - ansible_os_family == "RedHat"
     - ansible_distribution_major_version == '8'

  when:
+    - ansible_os_family == "RedHat"
    - ansible_virtualization_type == "RHEV"

 - name: Install katello-agent on Satellite managed systems
@@ -49,13 +46,13 @@
  yum:
    name: insights-client
    state: present
-  when: ansible_os_family == "RedHat"
+  when: ansible_distribution == "RedHat"

 - name: Performance Co-Pilot
  yum:
    name:
-     - pcp
-     - cockpit-pcp
     - pcp-system-tools
+     - pcp-zeroconf
+     - cockpit-pcp
     - pcp-pmda-trace
     - pcp-selinux