ptoal/toallab-automation
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Claude assisted cleanup

Browse Source
This commit is contained in:
Patrick Toal
2026-02-23 23:44:21 -05:00
parent d11167b345
commit 995b7c4070
34 changed files with 925 additions and 282 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
roles/dnsmadeeasy_record/README.md Normal file
View File

@@ -0,0 +1,58 @@
# dnsmadeeasy_record
Manages DNS records in DNS Made Easy via the `community.general.dnsmadeeasy` module.
Accepts a list of record entries and creates or updates each one.
## Requirements
- `community.general` collection
- DNS Made Easy account credentials
## Role Variables
| Variable | Default | Description |
|---|---|---|
| `dnsmadeeasy_record_account_key` | *required* | DNS Made Easy account key |
| `dnsmadeeasy_record_account_secret` | *required* | DNS Made Easy account secret (sensitive) |
| `dnsmadeeasy_record_entries` | `[]` | List of DNS record entries (see below) |
### Entry format
Each entry in `dnsmadeeasy_record_entries` requires:
| Field | Required | Default | Description |
|---|---|---|---|
| `domain` | yes | | DNS zone (e.g. `openshift.toal.ca`) |
| `record_name` | yes | | Record name within the zone |
| `record_type` | yes | | DNS record type (A, CNAME, etc.) |
| `record_value` | yes | | Target value |
| `record_ttl` | no | `1800` | TTL in seconds |
## Example Playbook
```yaml
- name: Configure public DNS records
hosts: sno.openshift.toal.ca
gather_facts: false
connection: local
roles:
- role: dnsmadeeasy_record
dnsmadeeasy_record_account_key: "{{ dme_account_key }}"
dnsmadeeasy_record_account_secret: "{{ dme_account_secret }}"
dnsmadeeasy_record_entries:
- domain: openshift.toal.ca
record_name: api.sno
record_type: A
record_value: 203.0.113.1
record_ttl: 300
```
## License
MIT
## Author
ptoal

24
roles/dnsmadeeasy_record/defaults/main.yml Normal file
View File

@@ -0,0 +1,24 @@
---
# DNS Made Easy API credentials
# dnsmadeeasy_record_account_key: "" # required
# dnsmadeeasy_record_account_secret: "" # required (sensitive)
# List of DNS records to create/update.
#
# Each entry requires:
# domain: DNS zone (e.g. "openshift.toal.ca")
# record_name: record name within the zone (e.g. "api.sno")
# record_type: DNS record type (A, CNAME, etc.)
# record_value: target value (IP address or hostname)
#
# Optional per entry:
# record_ttl: TTL in seconds (default: 1800)
#
# Example:
# dnsmadeeasy_record_entries:
# - domain: openshift.toal.ca
# record_name: api.sno
# record_type: A
# record_value: 203.0.113.1
# record_ttl: 300
dnsmadeeasy_record_entries: []

24
roles/dnsmadeeasy_record/meta/argument_specs.yml Normal file
View File

@@ -0,0 +1,24 @@
---
argument_specs:
main:
short_description: Manage DNS records in DNS Made Easy
description:
- Creates or updates DNS records via the DNS Made Easy API
using the community.general.dnsmadeeasy module.
options:
dnsmadeeasy_record_account_key:
description: DNS Made Easy account key.
type: str
required: true
dnsmadeeasy_record_account_secret:
description: DNS Made Easy account secret.
type: str
required: true
no_log: true
dnsmadeeasy_record_entries:
description: >-
List of DNS record entries. Each entry requires C(domain), C(record_name),
C(record_type), and C(record_value). Optional C(record_ttl) defaults to 1800.
type: list
elements: dict
default: []

15
roles/dnsmadeeasy_record/meta/main.yml Normal file
View File

@@ -0,0 +1,15 @@
---
galaxy_info:
author: ptoal
description: Manage DNS records in DNS Made Easy
license: MIT
min_ansible_version: "2.16"
platforms:
- name: GenericLinux
versions:
- all
galaxy_tags:
- dns
- dnsmadeeasy
dependencies: []

14
roles/dnsmadeeasy_record/tasks/main.yml Normal file
View File

@@ -0,0 +1,14 @@
---
- name: Manage DNS Made Easy records
community.general.dnsmadeeasy:
account_key: "{{ dnsmadeeasy_record_account_key }}"
account_secret: "{{ dnsmadeeasy_record_account_secret }}"
domain: "{{ item.domain }}"
record_name: "{{ item.record_name }}"
record_type: "{{ item.record_type }}"
record_value: "{{ item.record_value }}"
record_ttl: "{{ item.record_ttl | default(1800) }}"
state: present
loop: "{{ dnsmadeeasy_record_entries }}"
loop_control:
label: "{{ item.record_name }}.{{ item.domain }} ({{ item.record_type }})"

61
roles/opnsense_dns_override/README.md Normal file
View File

@@ -0,0 +1,61 @@
# opnsense_dns_override
Manages OPNsense Unbound DNS host overrides (A record) and domain forwards via the `oxlorg.opnsense` collection.
Accepts a list of entries, each specifying either a `host` override or a `forward` rule. All tasks delegate to localhost (OPNsense modules are API-based).
## Requirements
- `oxlorg.opnsense` collection
- `module_defaults` for `group/oxlorg.opnsense.all` must be set at play level (firewall, api_key, api_secret)
## Role Variables
| Variable | Default | Description |
|---|---|---|
| `opnsense_dns_override_entries` | `[]` | List of DNS override entries (see below) |
### Entry format
Each entry in `opnsense_dns_override_entries` requires:
| Field | Required | Description |
|---|---|---|
| `type` | yes | `host` for Unbound host override, `forward` for domain forwarding |
| `value` | yes | Target IP address |
| `hostname` | host only | Subdomain part (e.g. `api.sno`) |
| `domain` | yes | Parent domain for host type, or full domain for forward type |
## Example Playbook
```yaml
- name: Configure OPNsense DNS overrides
hosts: gate.toal.ca
gather_facts: false
connection: local
module_defaults:
group/oxlorg.opnsense.all:
firewall: "{{ opnsense_host }}"
api_key: "{{ opnsense_api_key }}"
api_secret: "{{ opnsense_api_secret }}"
roles:
- role: opnsense_dns_override
opnsense_dns_override_entries:
- hostname: api.sno
domain: openshift.toal.ca
value: 192.168.40.10
type: host
- domain: apps.sno.openshift.toal.ca
value: 192.168.40.10
type: forward
```
## License
MIT
## Author
ptoal

26
roles/opnsense_dns_override/defaults/main.yml Normal file
View File

@@ -0,0 +1,26 @@
---
# List of DNS override entries to create in OPNsense Unbound.
#
# Each entry must have:
# type: "host" for unbound_host (A record override) or
# "forward" for unbound_forward (domain forwarding)
#
# For type "host":
# hostname: subdomain part (e.g. "api.sno")
# domain: parent domain (e.g. "openshift.toal.ca")
# value: target IP address
#
# For type "forward":
# domain: full domain to forward (e.g. "apps.sno.openshift.toal.ca")
# value: target IP address
#
# Example:
# opnsense_dns_override_entries:
# - hostname: api.sno
# domain: openshift.toal.ca
# value: 192.168.40.10
# type: host
# - domain: apps.sno.openshift.toal.ca
# value: 192.168.40.10
# type: forward
opnsense_dns_override_entries: []

17
roles/opnsense_dns_override/meta/argument_specs.yml Normal file
View File

@@ -0,0 +1,17 @@
---
argument_specs:
main:
short_description: Manage OPNsense Unbound DNS overrides
description:
- Creates Unbound host overrides (A record) and domain forwards
in OPNsense via the oxlorg.opnsense collection.
- Requires oxlorg.opnsense module_defaults to be set at play level.
options:
opnsense_dns_override_entries:
description: >-
List of DNS override entries. Each entry requires C(type) ("host" or "forward"),
C(value) (target IP), and either C(hostname)+C(domain) (for host type) or
C(domain) (for forward type).
type: list
elements: dict
default: []

16
roles/opnsense_dns_override/meta/main.yml Normal file
View File

@@ -0,0 +1,16 @@
---
galaxy_info:
author: ptoal
description: Manage OPNsense Unbound DNS host overrides and domain forwards
license: MIT
min_ansible_version: "2.16"
platforms:
- name: GenericLinux
versions:
- all
galaxy_tags:
- opnsense
- dns
- unbound
dependencies: []

24
roles/opnsense_dns_override/tasks/main.yml Normal file
View File

@@ -0,0 +1,24 @@
---
- name: Create Unbound host overrides
oxlorg.opnsense.unbound_host:
hostname: "{{ item.hostname }}"
domain: "{{ item.domain }}"
value: "{{ item.value }}"
match_fields:
- hostname
- domain
state: present
delegate_to: localhost
loop: "{{ opnsense_dns_override_entries | selectattr('type', 'eq', 'host') }}"
loop_control:
label: "{{ item.hostname }}.{{ item.domain }} -> {{ item.value }}"
- name: Create Unbound domain forwards
oxlorg.opnsense.unbound_forward:
domain: "{{ item.domain }}"
target: "{{ item.value }}"
state: present
delegate_to: localhost
loop: "{{ opnsense_dns_override_entries | selectattr('type', 'eq', 'forward') }}"
loop_control:
label: "{{ item.domain }} -> {{ item.value }}"

58
roles/proxmox_sno_vm/README.md Normal file
View File

@@ -0,0 +1,58 @@
# proxmox_sno_vm
Creates a Proxmox virtual machine configured for Single Node OpenShift (SNO) deployment. The VM uses q35 machine type with UEFI boot (required for RHCOS), VirtIO NIC with optional VLAN tagging, and an empty CD-ROM slot for the agent installer ISO.
After creation the role retrieves the VM ID and MAC address, setting them as cacheable facts for use by subsequent plays.
## Requirements
- `community.proxmox` collection
- A `proxmox_api` inventory host with `ansible_host` and `ansible_port` set to the Proxmox API endpoint
## Role Variables
| Variable | Default | Description |
|---|---|---|
| `proxmox_node` | `pve1` | Proxmox cluster node |
| `proxmox_api_user` | `ansible@pam` | API username |
| `proxmox_api_token_id` | `ansible` | API token ID |
| `proxmox_api_token_secret` | *required* | API token secret (sensitive) |
| `proxmox_validate_certs` | `false` | Validate TLS certificates |
| `proxmox_storage` | `local-lvm` | Storage pool for VM disks |
| `proxmox_iso_storage` | `local` | Storage pool for ISOs |
| `proxmox_iso_dir` | `/var/lib/vz/template/iso` | ISO filesystem path on Proxmox host |
| `sno_credentials_dir` | `/root/sno-{{ ocp_cluster_name }}` | Credential persistence directory |
| `sno_vm_name` | `sno-{{ ocp_cluster_name }}` | VM name in Proxmox |
| `sno_cpu` | `8` | CPU cores |
| `sno_memory_mb` | `32768` | Memory in MB |
| `sno_disk_gb` | `120` | Disk size in GB |
| `sno_bridge` | `vmbr0` | Network bridge |
| `sno_vlan` | `40` | VLAN tag |
| `sno_mac` | `""` | MAC address (empty = auto-assign) |
| `sno_vm_id` | `0` | VM ID (0 = auto-assign) |
## Cacheable Facts Set
- `sno_vm_id` — assigned Proxmox VM ID
- `sno_mac` — assigned or detected MAC address
## Example Playbook
```yaml
- name: Create SNO VM in Proxmox
hosts: sno.openshift.toal.ca
gather_facts: false
connection: local
roles:
- role: proxmox_sno_vm
tags: proxmox
```
## License
MIT
## Author
ptoal

83
roles/proxmox_sno_vm/meta/argument_specs.yml Normal file
View File

@@ -0,0 +1,83 @@
---
argument_specs:
main:
short_description: Create a Proxmox VM for Single Node OpenShift
description:
- Creates a q35/UEFI virtual machine in Proxmox suitable for SNO deployment.
- Retrieves the assigned VM ID and MAC address as cacheable facts.
options:
proxmox_node:
description: Proxmox cluster node to create the VM on.
type: str
default: pve1
proxmox_api_user:
description: Proxmox API username.
type: str
default: ansible@pam
proxmox_api_token_id:
description: Proxmox API token ID.
type: str
default: ansible
proxmox_api_token_secret:
description: Proxmox API token secret.
type: str
required: true
no_log: true
proxmox_validate_certs:
description: Whether to validate TLS certificates for the Proxmox API.
type: bool
default: false
proxmox_storage:
description: Proxmox storage pool for VM disks.
type: str
default: local-lvm
proxmox_iso_storage:
description: Proxmox storage pool name for ISO images.
type: str
default: local
proxmox_iso_dir:
description: Filesystem path on the Proxmox host where ISOs are stored.
type: str
default: /var/lib/vz/template/iso
sno_credentials_dir:
description: >-
Directory on proxmox_host where kubeconfig and kubeadmin-password
are persisted after installation.
type: str
default: "/root/sno-{{ ocp_cluster_name }}"
sno_vm_name:
description: Name of the VM in Proxmox.
type: str
default: "sno-{{ ocp_cluster_name }}"
sno_cpu:
description: Number of CPU cores for the VM.
type: int
default: 8
sno_memory_mb:
description: Memory in megabytes for the VM.
type: int
default: 32768
sno_disk_gb:
description: Primary disk size in gigabytes.
type: int
default: 120
sno_bridge:
description: Proxmox network bridge for the VM NIC.
type: str
default: vmbr0
sno_vlan:
description: VLAN tag for the VM NIC.
type: int
default: 40
sno_mac:
description: >-
MAC address to assign. Leave empty for auto-assignment by Proxmox.
Set explicitly to pin a MAC for static IP reservations.
type: str
default: ""
sno_vm_id:
description: >-
Proxmox VM ID. Set to 0 for auto-assignment.
Populated as a cacheable fact after VM creation.
type: int
default: 0

17
roles/proxmox_sno_vm/meta/main.yml Normal file
View File

@@ -0,0 +1,17 @@
---
galaxy_info:
author: ptoal
description: Create a Proxmox VM for Single Node OpenShift (SNO) deployment
license: MIT
min_ansible_version: "2.16"
platforms:
- name: GenericLinux
versions:
- all
galaxy_tags:
- proxmox
- openshift
- sno
- vm
dependencies: []

13
roles/proxmox_sno_vm/tasks/main.yml
View File

@@ -7,7 +7,7 @@
- name: Build net0 string
ansible.builtin.set_fact:
# Proxmox net format: model[=macaddr],bridge=<bridge>[,tag=<vlan>]
_sno_net0: >-
__proxmox_sno_vm_net0: >-
virtio{{
'=' + sno_mac if sno_mac | length > 0 else ''
}},bridge={{ sno_bridge }},tag={{ sno_vlan }}
@@ -40,11 +40,11 @@
ide:
ide2: none,media=cdrom
net:
net0: "{{ _sno_net0 }}"
net0: "{{ __proxmox_sno_vm_net0 }}"
boot: "order=scsi0;ide2"
onboot: true
state: present
register: proxmox_vm_result
register: __proxmox_sno_vm_result
- name: Retrieve VM info
community.proxmox.proxmox_vm_info:
@@ -58,19 +58,19 @@
name: "{{ sno_vm_name }}"
type: qemu
config: current
register: proxmox_vm_info
register: __proxmox_sno_vm_info
retries: 5
- name: Set VM ID fact for subsequent plays
ansible.builtin.set_fact:
sno_vm_id: "{{ proxmox_vm_info.proxmox_vms[0].vmid }}"
sno_vm_id: "{{ __proxmox_sno_vm_info.proxmox_vms[0].vmid }}"
cacheable: true
- name: Extract MAC address from VM config
ansible.builtin.set_fact:
# net0 format: virtio=52:54:00:xx:xx:xx,bridge=vmbr0,tag=40
sno_mac: >-
{{ proxmox_vm_info.proxmox_vms[0].config.net0
{{ __proxmox_sno_vm_info.proxmox_vms[0].config.net0
| regex_search('([0-9A-Fa-f]{2}(?::[0-9A-Fa-f]{2}){5})', '\1')
| first }}
cacheable: true
@@ -82,3 +82,4 @@
- "VM Name : {{ sno_vm_name }}"
- "VM ID : {{ sno_vm_id }}"
- "MAC : {{ sno_mac }}"
verbosity: 1

38
roles/toal-common/README.md
View File

@@ -1,38 +0,0 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

2
roles/toal-common/defaults/main.yml
View File

@@ -1,2 +0,0 @@
---
# defaults file for toal-common

1
roles/toal-common/files/hello.txt
View File

@@ -1 +0,0 @@
Hello World

14
roles/toal-common/handlers/main.yml
View File

@@ -1,14 +0,0 @@
---
# handlers file for toal-common
- name: Ovirt Agent Restart
service:
name: ovirt-guest-agent
state: restarted
when: ansible_virtualization_type == "RHEV"
- name: Qemu Agent Restart
service:
name: qemu-guest-agent
state: restarted
when: ansible_virtualization_type == "RHEV"

57
roles/toal-common/meta/main.yml
View File

@@ -1,57 +0,0 @@
galaxy_info:
author: your name
description: your description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Some suggested licenses:
# - BSD (default)
# - MIT
# - GPLv2
# - GPLv3
# - Apache
# - CC-BY
license: license (GPLv2, CC-BY, etc)
min_ansible_version: 1.2
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
# Optionally specify the branch Galaxy will use when accessing the GitHub
# repo for this role. During role install, if no tags are available,
# Galaxy will use this branch. During import Galaxy will access files on
# this branch. If Travis integration is configured, only notifications for this
# branch will be accepted. Otherwise, in all cases, the repo's default branch
# (usually master) will be used.
#github_branch:
#
# platforms is a list of platforms, and each platform has a name and a list of versions.
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

49
roles/toal-common/tasks/main.yml
View File

@@ -1,49 +0,0 @@
---
# Ensure that virtual guests have the guest tools installed.
# TODO: Refactor to make cleaner, and more DRY
- block:
- name: Guest Tools Repository
rhsm_repository:
name: rhel-7-server-rh-common-rpms
state: present
when:
- ansible_distribution_major_version == '7'
- name: Install ovirt-guest-agent on RHV Guests
yum:
name: ovirt-guest-agent
state: present
notify: Ovirt Agent Restart
when:
- ansible_distribution_major_version == '7'
- name: Guest Tools Repository
rhsm_repository:
name: rhel-8-for-x86_64-appstream-rpms
state: present
when:
- ansible_distribution_major_version == '8'
- name: Install qemu-guest agent on RHEL8 Guest
yum:
name: qemu-guest-agent
state: present
notify: Qemu Agent Restart
when:
- ansible_distribution_major_version == '8'
when:
- ansible_os_family == "RedHat"
- ansible_virtualization_type == "RHEV"
- name: Install katello-agent on Satellite managed systems
yum:
name: katello-agent
state: present
when: foreman is defined
- name: Install insights-client on RHEL systems
yum:
name: insights-client
state: present
when: ansible_distribution == "RedHat"

2
roles/toal-common/tests/inventory
View File

@@ -1,2 +0,0 @@
localhost

5
roles/toal-common/tests/test.yml
View File

@@ -1,5 +0,0 @@
---
- hosts: localhost
remote_user: root
roles:
- toal-common

2
roles/toal-common/vars/main.yml
View File

@@ -1,2 +0,0 @@
---
# vars file for toal-common