ptoal/toallab-automation
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

vmware builds

Browse Source
This commit is contained in:
Patrick Toal
2021-06-28 17:49:11 -04:00
parent 833f589d56
commit dfe9dea2ca
79 changed files with 1986 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
roles/oatakan.rhel_ovirt_template/.travis.yml Normal file
View File

@@ -0,0 +1,29 @@
---
language: python
python: "2.7"
# Use the new container infrastructure
sudo: false
# Install ansible
addons:
apt:
packages:
- python-pip
install:
# Install ansible
- pip install ansible
# Check ansible version
- ansible --version
# Create ansible.cfg with correct roles_path
- printf '[defaults]\nroles_path=../' >ansible.cfg
script:
# Basic role syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

21
roles/oatakan.rhel_ovirt_template/LICENSE Normal file
View File

@@ -0,0 +1,21 @@
MIT License
Copyright (c) 2020 Orcun Atakan
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

86
roles/oatakan.rhel_ovirt_template/README.md Normal file
View File

@@ -0,0 +1,86 @@
# rhel_ovirt_template
This repo contains an Ansible role that builds a RHEL/CentOS VM template from an ISO file on Ovirt/RHV.
You can run this role as a part of CI/CD pipeline for building RHEL/CentOS templates on Ovirt/RHV from an ISO file.
> **_Note:_** This role is provided as an example only. Do not use this in production. You can fork/clone and add/remove steps for your environment based on your organization's security and operational requirements.
Requirements
------------
You need to have the following packages installed on your control machine:
- mkisofs
- genisoimage
You need to enable qemu_cmdline hook on your RHV/Ovirt environment, this is required to enable attaching multiple iso files. Follow the instructions documented here:
https://www.ovirt.org/develop/developer-guide/vdsm/hook/qemucmdline.html
Before you can use this role, you need to make sure you have RHEL/CentOS install media iso file uploaded to a iso domain on your RHV/Ovirt environment.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
Import ovirt.ovirt collections.
A list of roles that this role utilizes:
- oatakan.rhn
- oatakan.rhel_upgrade
- oatakan.rhel_template_build
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
# import ovirt.ovirt collections
- name: create a ovirt rhel template
hosts: all
gather_facts: False
connection: local
become: no
vars:
template_force: yes #overwrite existing template with the same name
export_ovf: no # export the template to export domain upon creation
local_account_password: ''
local_administrator_password: ''
linux_distro_name: rhel_81 # this needs to be one of the standard values see 'os_short_names' var
template_vm_name: rhel81-x64-v1
template_vm_root_disk_size: 10
template_vm_memory: 4096
template_vm_efi: false # you need to install efi file to use this, false should be fine in most cases
iso_file_name: '' # name of the iso file
ovirt_datacenter: '' # name of the datacenter
ovirt_cluster: '' # name of the cluster
ovirt_data_domain: '' # name of the data domain
ovirt_export_domain: '' # name of the iso domain
ovirt_iso_domain: '' # this is deprecated as of 4.3 you can omit if not used
template_vm_network_name: ovirtmgmt
template_vm_ip_address: 192.168.10.95 # static ip is required
template_vm_netmask: 255.255.255.0
template_vm_gateway: 192.168.10.254
template_vm_domain: example.com
template_vm_dns_servers:
- 8.8.4.4
- 8.8.8.8
roles:
- oatakan.rhel_ovirt_template
License
-------
MIT
Author Information
------------------
Orcun Atakan

91
roles/oatakan.rhel_ovirt_template/defaults/main.yml Normal file
View File

@@ -0,0 +1,91 @@
---
install_updates: yes
instance_wait_retry_limit: 300
instance_wait_connection_timeout: 600
# this will remove existing template with the same name
template_force: no
template_found: no
export_ovf: no
datastore_iso_folder: iso
datastore_ova_folder: ova
remove_vm_on_error: yes
custom_efi_enabled: no
custom_efi_path: /usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd
qemu_second_cdrom_device_bus_type: ide
qemu_second_cdrom_device_bus_id: 3
qemu_second_cdrom_device_bus_unit: 0
local_administrator_password: Chang3MyP@ssw0rd21
local_account_username: ansible
local_account_password: Chang3MyP@ssw0rd21
linux_distro_name: rhel_77
iso_file_name: CentOS-7-x86_64-DVD-1908.iso
linux_ks_folder: rhel7
template_vm_name: centos77-x64-bigdisk_v1
template_vm_root_disk_size: 300
template_vm_root_disk_format: cow
template_vm_root_disk_interface: virtio
template_vm_memory: 4096
template_vm_cpu: 2
template_vm_guest_id: rhel_7x64
template_vm_efi: no
template_vm_network_name: ovirtmgmt
template_vm_ip_address: 192.168.10.96
template_vm_netmask: 255.255.255.0
template_vm_gateway: 192.168.10.254
template_vm_domain: example.com
template_vm_dns_servers:
- 8.8.4.4
- 8.8.8.8
template_convert_timeout: 600
template_convert_seal: no
template_selinux_enabled: no
ovirt_datacenter: mydatacenter
ovirt_cluster: production
ovirt_folder: template
ovirt_data_domain: data_domain
ovirt_export_domain: export_domain
ovirt_iso_domain: iso_domain
os_short_names:
rhel_77:
ks_folder: rhel7
guest_id: rhel_7x64
rhel_78:
ks_folder: rhel7
guest_id: rhel_7x64
rhel_80:
ks_folder: rhel8
guest_id: rhel_8x64
rhel_81:
ks_folder: rhel8
guest_id: rhel_8x64
rhel_82:
ks_folder: rhel8
guest_id: rhel_8x64
rhel_83:
ks_folder: rhel8
guest_id: rhel_8x64
centos_77:
ks_folder: rhel7
guest_id: rhel_7x64
centos_80:
ks_folder: rhel8
guest_id: rhel_8x64
centos_81:
ks_folder: rhel8
guest_id: rhel_8x64
centos_82:
ks_folder: rhel8
guest_id: rhel_8x64

2
roles/oatakan.rhel_ovirt_template/meta/.galaxy_install_info Normal file
View File

@@ -0,0 +1,2 @@
install_date: Wed May 5 16:14:09 2021
version: master

28
roles/oatakan.rhel_ovirt_template/meta/main.yml Normal file
View File

@@ -0,0 +1,28 @@
---
galaxy_info:
author: Orcun Atakan
description: Ansible galaxy role for building a RHEL/CentOS VM template from an ISO file on Ovirt/RHV.
role_name: rhel_ovirt_template
company: Red Hat
license: MIT
min_ansible_version: 2.5
platforms:
- name: EL
versions:
- all
cloud_platforms:
- oVirt
galaxy_tags:
- rhel
- ovirt
- rhv
- cloud
- multicloud
- template
dependencies: []

10
roles/oatakan.rhel_ovirt_template/tasks/convert_to_template.yml Normal file
View File

@@ -0,0 +1,10 @@
---
- name: convert to template
ovirt.ovirt.ovirt_template:
auth: "{{ ovirt_auth }}"
name: "{{ template.name }}"
vm: "{{ template.name }}"
cluster: "{{ providers.ovirt.cluster }}"
timeout: "{{ template_convert_timeout }}"
seal: "{{ template_convert_seal }}"
when: template is defined

22
roles/oatakan.rhel_ovirt_template/tasks/datastore_iso_remove.yml Normal file
View File

@@ -0,0 +1,22 @@
---
- block:
- name: remove iso file from data_domain
ovirt.ovirt.ovirt_disk:
auth: "{{ ovirt_auth }}"
name: "{{ iso_file }}"
storage_domain: "{{ providers.ovirt.data_domain | default('data_domain') }}"
state: absent
rescue:
- include_tasks: wait_iso_disk_unlock_pre29.yml
when: ansible_version.full is version('2.9', '<')
- include_tasks: wait_iso_disk_unlock.yml
when: ansible_version.full is version('2.9', '>=')
- name: remove iso file from data_domain
ovirt.ovirt.ovirt_disk:
auth: "{{ ovirt_auth }}"
name: "{{ iso_file }}"
storage_domain: "{{ providers.ovirt.data_domain | default('data_domain') }}"
state: absent

29
roles/oatakan.rhel_ovirt_template/tasks/datastore_upload.yml Normal file
View File

@@ -0,0 +1,29 @@
---
- name: validate file
stat:
path: "{{ playbook_dir }}/{{ temp_directory }}/linux_{{ linux_distro_name }}_ks_autogen.iso"
get_checksum: no
register: iso_file_check
- name: upload iso file to data_domain
ovirt.ovirt.ovirt_disk:
auth: "{{ ovirt_auth }}"
name: "{{ iso_file }}"
upload_image_path: "{{ iso_file_check.stat.path }}"
storage_domain: "{{ providers.ovirt.data_domain | default('data_domain') }}"
size: "{{ (iso_file_check.stat.size/1024/1024)|round(0, 'ceil')|int|string }}MiB"
wait: true
bootable: true
format: raw
content_type: iso
force: yes
register: disk_iso_file
when: iso_file_check.stat.exists
- name: set iso file disk id
set_fact:
ks_iso_file_disk_id: "{{ disk_iso_file.disk.id }}"
ks_iso_file_image_id: "{{ disk_iso_file.disk.image_id }}"
ovirt_datacenter_id: "{{ disk_iso_file.disk.quota.href | regex_replace('^/ovirt-engine/api/datacenters/(.*)/quotas.*$', '\\1') }}"
ovirt_datastore_id: "{{ disk_iso_file.disk.storage_domains[0].id }}"

20
roles/oatakan.rhel_ovirt_template/tasks/export_ovf.yml Normal file
View File

@@ -0,0 +1,20 @@
---
- name: export template to export domain
ovirt.ovirt.ovirt_template:
auth: "{{ ovirt_auth }}"
state: exported
name: "{{ template.name }}"
export_domain: "{{ providers.ovirt.export_domain }}"
cluster: "{{ providers.ovirt.cluster }}"
async: 7200
poll: 0
register: export_ovf_file
- name: wait for export to complete
async_status:
jid: "{{ export_ovf_file.ansible_job_id }}"
register: ovf
until: ovf.finished
retries: "{{ instance_wait_retry_limit }}"
delay: 10

138
roles/oatakan.rhel_ovirt_template/tasks/main.yml Normal file
View File

@@ -0,0 +1,138 @@
---
- name: obtain SSO token with using username/password credentials
ovirt.ovirt.ovirt_auth:
url: "{{ lookup('env', 'OVIRT_URL')|default(ovirt.url, true) }}"
username: "{{ lookup('env', 'OVIRT_USERNAME')|default(ovirt.username, true) }}"
password: "{{ lookup('env', 'OVIRT_PASSWORD')|default(ovirt.password, true) }}"
insecure: yes
- include_tasks: preflight_check_pre29.yml
when: ansible_version.full is version('2.9', '<')
- include_tasks: preflight_check.yml
when: ansible_version.full is version('2.9', '>=')
# remove existing template
- block:
- include_tasks: remove_template.yml
when:
- template_force|bool
- template_found|bool
- block:
- include_tasks: make_iso.yml
- include_tasks: provision_vm.yml
- name: refresh inventory
meta: refresh_inventory
- name: clear gathered facts
meta: clear_facts
- name: clear any host errors
meta: clear_host_errors
- name: add host
add_host:
hostname: template_vm
ansible_host: '{{ template_vm_ip_address }}'
host_key_checking: false
ansible_user: "{{ local_account_username }}"
ansible_password: "{{ local_account_password }}"
ansible_port: "{{ vm_ansible_port | default('22') }}"
ansible_ssh_common_args: '-o UserKnownHostsFile=/dev/null'
ansible_python_interpreter: auto
- name: run setup module
setup:
delegate_to: template_vm
connection: ssh
- block:
- include_role:
name: oatakan.rhn
apply:
delegate_to: template_vm
connection: ssh
become: yes
- include_role:
name: oatakan.rhel_upgrade
apply:
delegate_to: template_vm
connection: ssh
become: yes
when: install_updates|bool
- include_role:
name: oatakan.rhel_template_build
apply:
delegate_to: template_vm
connection: ssh
become: yes
vars:
target_ovirt: yes
always:
- include_role:
name: oatakan.rhn
apply:
delegate_to: template_vm
connection: ssh
become: yes
vars:
role_action: unregister
- name: force handlers to run before stoppping the vm
meta: flush_handlers
- name: refresh SSO credentials
ovirt.ovirt.ovirt_auth:
url: "{{ lookup('env', 'OVIRT_URL')|default(ovirt.url, true) }}"
username: "{{ lookup('env', 'OVIRT_USERNAME')|default(ovirt.username, true) }}"
password: "{{ lookup('env', 'OVIRT_PASSWORD')|default(ovirt.password, true) }}"
insecure: yes
- include_tasks: stop_vm.yml
- include_tasks: convert_to_template.yml
- include_tasks: export_ovf.yml
when: export_ovf|bool
rescue:
- name: refresh SSO credentials
ovirt.ovirt.ovirt_auth:
url: "{{ lookup('env', 'OVIRT_URL')|default(ovirt.url, true) }}"
username: "{{ lookup('env', 'OVIRT_USERNAME')|default(ovirt.username, true) }}"
password: "{{ lookup('env', 'OVIRT_PASSWORD')|default(ovirt.password, true) }}"
insecure: yes
- include_tasks: remove_template.yml
when: remove_vm_on_error|bool
always:
- name: refresh SSO credentials
ovirt.ovirt.ovirt_auth:
url: "{{ lookup('env', 'OVIRT_URL')|default(ovirt.url, true) }}"
username: "{{ lookup('env', 'OVIRT_USERNAME')|default(ovirt.username, true) }}"
password: "{{ lookup('env', 'OVIRT_PASSWORD')|default(ovirt.password, true) }}"
insecure: yes
- include_tasks: remove_vm.yml
- include_tasks: datastore_iso_remove.yml
- name: remove temporary directory
file:
path: "{{ temp_directory }}"
state: absent
- name: logout from oVirt
ovirt.ovirt.ovirt_auth:
state: absent
ovirt_auth: "{{ ovirt_auth }}"

29
roles/oatakan.rhel_ovirt_template/tasks/make_iso.yml Normal file
View File

@@ -0,0 +1,29 @@
---
- block:
- name: create temporary directory
file:
path: "{{ temp_directory }}/ks_iso"
state: directory
- name: create ks.cfg file
template:
src: "{{ linux_ks_folder }}/ks.cfg.j2"
dest: "{{ temp_directory }}/ks_iso/ks.cfg"
- name: create iso
command: >
mkisofs -U -A "OEMDRV" -V "OEMDRV"
-volset "OEMDRV" -J -joliet-long -r -v -T
-o {{ playbook_dir }}/{{ temp_directory }}/linux_{{ linux_distro_name }}_ks_autogen.iso .
args:
chdir: "{{ playbook_dir }}/{{ temp_directory }}/ks_iso"
- include_tasks: datastore_upload.yml
always:
- name: remove temporary files
file:
path: "{{ temp_directory }}/{{ item }}"
state: absent
loop:
- linux_{{ linux_distro_name }}_ks_autogen.iso
- ks_iso/

70
roles/oatakan.rhel_ovirt_template/tasks/preflight_check.yml Normal file
View File

@@ -0,0 +1,70 @@
---
- name: get the datacenter name
ovirt.ovirt.ovirt_datacenter_info:
auth: "{{ ovirt_auth }}"
pattern: "Clusters.name = {{ providers.ovirt.cluster }}"
register: datacenter_info
- name: get storage information
ovirt.ovirt.ovirt_storage_domain_info:
auth: "{{ ovirt_auth }}"
pattern: "datacenter={{ datacenter_info.ovirt_datacenters[0].name }}"
register: storage_info
when:
- template_disk_storage is undefined
- name: get data domain
set_fact:
disk_storage_domain: "{{ storage_info.ovirt_storage_domains|json_query(the_query)|list|first|default(None) }}"
when:
- template_disk_storage is undefined
vars:
the_query: "[?type=='data']"
- name: get iso domain (deprecated as of oVirt/RHV 4.3)
set_fact:
iso_domain: "{{ storage_info.ovirt_storage_domains|json_query(the_query)|list|first|default(None) }}"
vars:
the_query: "[?type=='iso']"
- name: check if template already exists
ovirt.ovirt.ovirt_template_info:
auth: "{{ ovirt_auth }}"
pattern: "name={{ template.name }} and datacenter={{ datacenter_info.ovirt_datacenters[0].name }}"
register: template_info
- block:
- name: set template_found to yes
set_fact:
template_found: yes
- name: fail with message
fail:
msg: "Existing template found on ovirt/rhv: {{ template.name }}"
when: not template_force|bool
when:
- template_info.ovirt_templates is defined
- template_info.ovirt_templates | length > 0
- name: check iso file on data domain
ovirt.ovirt.ovirt_disk_info:
auth: "{{ ovirt_auth }}"
pattern: "name={{ iso_file_name }}"
register: ovirt_disk_main_iso
when: iso_file_name is defined
- name: set file id of the iso file
set_fact:
iso_file_id: "{{ ovirt_disk_main_iso.ovirt_disks[0].id }}"
when:
- ovirt_disk_main_iso.ovirt_disks | length > 0
- ovirt_disk_main_iso.ovirt_disks[0].id is defined
- ovirt_disk_main_iso.ovirt_disks[0].content_type == 'iso'
- name: fail with message
fail:
msg: "iso file ({{ iso_file_name }}) could not be found on the data domain and iso domain does not exists"
when:
- iso_file_id is undefined
- iso_domain is undefined or iso_domain|length == 0

67
roles/oatakan.rhel_ovirt_template/tasks/preflight_check_pre29.yml Normal file
View File

@@ -0,0 +1,67 @@
---
- name: get the datacenter name (<2.9)
ovirt_datacenter_facts:
auth: "{{ ovirt_auth }}"
pattern: "Clusters.name = {{ providers.ovirt.cluster }}"
- name: get storage information (<2.9)
ovirt_storage_domain_facts:
auth: "{{ ovirt_auth }}"
pattern: "datacenter={{ ovirt_datacenters[0].name }}"
when:
- template_disk_storage is undefined
- name: get data domain (<2.9)
set_fact:
disk_storage_domain: "{{ ovirt_storage_domains|json_query(the_query)|list|first }}"
when:
- template_disk_storage is undefined
vars:
the_query: "[?type=='data']"
- name: get iso domain (deprecated as of oVirt/RHV 4.3)
set_fact:
iso_domain: "{{ ovirt_storage_domains|json_query(the_query)|list|first }}"
vars:
the_query: "[?type=='iso']"
- name: check if template already exists (<2.9)
ovirt_template_facts:
auth: "{{ ovirt_auth }}"
pattern: "name={{ template.name }} and datacenter={{ ovirt_datacenters[0].name }}"
- block:
- name: set template_found to yes
set_fact:
template_found: yes
- name: fail with message
fail:
msg: "Existing template found on ovirt/rhv: {{ template.name }}"
when: not template_force|bool
when:
- ovirt_templates is defined
- ovirt_templates | length > 0
- name: check iso file on data domain
ovirt_disk_facts:
auth: "{{ ovirt_auth }}"
pattern: "name={{ iso_file_name }}"
when: iso_file_name is defined
- name: set file id of the iso file
set_fact:
iso_file_id: "{{ ovirt_disks[0].id }}"
when:
- ovirt_disks | length > 0
- ovirt_disks[0].id is defined
- ovirt_disks[0].content_type == 'iso'
- name: fail with message
fail:
msg: "iso file ({{ template.name }}) could not be found on the data domain and iso domain does not exists"
when:
- iso_file_id is undefined
- iso_domain is undefined or iso_domain|length == 0

123
roles/oatakan.rhel_ovirt_template/tasks/provision_vm.yml Normal file
View File

@@ -0,0 +1,123 @@
---
- name: provision a new vm
ovirt.ovirt.ovirt_vm:
auth: "{{ ovirt_auth }}"
name: "{{ template.name }}"
cluster: "{{ providers.ovirt.cluster|default('Default') }}"
state: present
wait: yes
memory: "{{ template.memory }}MiB"
cpu_sockets: "{{ template.cpu }}"
bios_type: "{{ template.bios_type | default(omit) }}"
boot_devices:
- hd
- cdrom
cd_iso: "{{ template.cd_iso }}"
type: server
high_availability: true
nics:
- name: nic1
profile_name: "{{ template.networks[0].name }}"
network: "{{ template.networks[0].name }}"
custom_properties: "{{ custom_properties | default(omit) }}"
operating_system: "{{ template_vm_guest_id | default(omit) }}"
async: 7200
poll: 0
register: deploy
- name: wait for instance creation to complete
async_status: jid="{{ deploy.ansible_job_id }}"
register: instance
until: instance.finished
retries: "{{ instance_wait_retry_limit }}"
delay: 10
- name: create a disk
ovirt.ovirt.ovirt_disk:
auth: "{{ ovirt_auth }}"
name: "{% if item.name_prefix | default(false) %}{{ template.name }}_{% endif %}{{ item.name }}"
vm_name: "{{ template.name }}"
size: "{{ item.size | default(omit) }}"
format: "{{ item.format | default(omit) }}"
interface: "{{ item.interface | default(omit) }}"
bootable: "{{ item.bootable | default(omit) }}"
storage_domain: "{{ item.storage_domain | default(omit) }}"
activate: yes
state: present
wait: yes
async: 7200
poll: 0
register: create_disks
loop: "{{ template.disks }}"
when:
- template is defined
- template.disks is defined
- name: wait for disk creation to complete
async_status:
jid: "{{ item.ansible_job_id }}"
register: disks_creation
until: disks_creation.finished
retries: "{{ instance_wait_retry_limit }}"
delay: 10
loop: "{{ create_disks.results }}"
when:
- template is defined
- create_disks.results is defined
- item.ansible_job_id is defined
- include_tasks: wait_disk_unlock_pre29.yml
when:
- ansible_version.full is version('2.9', '<')
- template is defined
- template.disks is defined
- disks_creation.results is defined
- include_tasks: wait_disk_unlock.yml
when:
- ansible_version.full is version('2.9', '>=')
- template is defined
- template.disks is defined
- disks_creation.results is defined
- name: assign tags to provisioned vms
ovirt.ovirt.ovirt_tag:
name: "{{ item }}_{{ instance.item.item[item] }}"
vms: ["{{ instance.item.item.name }}"]
state: attached
loop:
- app_name
- role
when:
- template is defined
- instance is defined
- instance.vm is defined
- instance.item.item[item] is defined
- name: start vm
ovirt.ovirt.ovirt_vm:
auth: "{{ ovirt_auth }}"
name: "{{ template.name }}"
cluster: "{{ providers.ovirt.cluster|default('Default') }}"
state: running
async: 7200
poll: 0
register: start
- name: wait for instance creation to complete
async_status: jid="{{ start.ansible_job_id }}"
register: instance
until: instance.finished
retries: "{{ instance_wait_retry_limit }}"
delay: 10
- name: waiting for server to come online
wait_for:
host: "{{ template.networks[0].ip }}"
port: "{{ template.ansible_port | default(vm_ansible_port) | default(ansible_port) | default('22') }}"
timeout: "{{ instance_wait_connection_timeout }}"
when:
- instance is changed
- template is defined
ignore_errors: yes

20
roles/oatakan.rhel_ovirt_template/tasks/remove_template.yml Normal file
View File

@@ -0,0 +1,20 @@
---
- name: remove template
ovirt.ovirt.ovirt_template:
auth: "{{ ovirt_auth }}"
cluster: "{{ providers.ovirt.cluster }}"
name: "{{ template.name }}"
state: absent
async: 7200
poll: 0
register: undeploy
when: template is defined
- name: wait for template deletion to complete
async_status:
jid: "{{ undeploy.ansible_job_id }}"
register: instance
until: instance.finished
retries: "{{ instance_wait_retry_limit }}"
delay: 10

20
roles/oatakan.rhel_ovirt_template/tasks/remove_vm.yml Normal file
View File

@@ -0,0 +1,20 @@
---
- name: remove vm
ovirt.ovirt.ovirt_vm:
auth: "{{ ovirt_auth }}"
cluster: "{{ providers.ovirt.cluster }}"
name: "{{ template.name }}"
state: absent
async: 7200
poll: 0
register: undeploy
when: template is defined
- name: wait for template deletion to complete
async_status:
jid: "{{ undeploy.ansible_job_id }}"
register: instance
until: instance.finished
retries: "{{ instance_wait_retry_limit }}"
delay: 10

45
roles/oatakan.rhel_ovirt_template/tasks/stop_vm.yml Normal file
View File

@@ -0,0 +1,45 @@
---
- block:
- name: shutdown guest vm
ovirt.ovirt.ovirt_vm:
auth: "{{ ovirt_auth }}"
cluster: "{{ providers.ovirt.cluster }}"
name: "{{ template.name }}"
state: stopped
async: 7200
poll: 0
register: shutdown
when: template is defined
- name: wait for server to stop responding
wait_for:
host: "{{ template_vm_ip_address }}"
port: "{{ vm_ansible_port | default('22') }}"
timeout: 120
state: stopped
- include_tasks: wait_vm_poweredoff_pre29.yml
when: ansible_version.full is version('2.9', '<')
- include_tasks: wait_vm_poweredoff.yml
when: ansible_version.full is version('2.9', '>=')
rescue:
- name: ignoring any error
debug:
msg: "ignoring error..."
- name: reconfigure vm
ovirt.ovirt.ovirt_vm:
auth: "{{ ovirt_auth }}"
cluster: "{{ providers.ovirt.cluster }}"
name: "{{ template.name }}"
boot_devices:
- hd
cd_iso: ""
custom_properties: "{{ custom_properties_efi if (template_vm_efi|bool and custom_efi_enabled|bool) else ([{}]) }}"
force: yes
state: present
when: template is defined

11
roles/oatakan.rhel_ovirt_template/tasks/wait_disk_unlock.yml Normal file
View File

@@ -0,0 +1,11 @@
---
- name: wait until the image is unlocked by the oVirt engine
ovirt.ovirt.ovirt_disk_info:
auth: "{{ ovirt_auth }}"
pattern: "name={% if item.name_prefix | default(false) %}{{ template.name }}_{% endif %}{{ item.name }}"
register: ovirt_disk_info
until: (ovirt_disk_info.ovirt_disks is defined) and (ovirt_disk_info.ovirt_disks | length > 0) and (ovirt_disk_info.ovirt_disks[0].status != "locked")
retries: 10
delay: 3
loop: "{{ template.disks }}"

10
roles/oatakan.rhel_ovirt_template/tasks/wait_disk_unlock_pre29.yml Normal file
View File

@@ -0,0 +1,10 @@
---
- name: wait until the image is unlocked by the oVirt engine (<2.9)
ovirt_disk_facts:
auth: "{{ ovirt_auth }}"
pattern: "name={% if item.name_prefix | default(false) %}{{ template.name }}_{% endif %}{{ item.name }}"
until: (ovirt_disks is defined) and (ovirt_disks | length > 0) and (ovirt_disks[0].status != "locked")
retries: 10
delay: 3
loop: "{{ template.disks }}"

11
roles/oatakan.rhel_ovirt_template/tasks/wait_iso_disk_unlock.yml Normal file
View File

@@ -0,0 +1,11 @@
---
- name: wait until the disk is unlocked by the oVirt engine
ovirt.ovirt.ovirt_disk_info:
auth: "{{ ovirt_auth }}"
pattern: "name={{ iso_file }}"
register: ovirt_disk_info
until: (ovirt_disk_info.ovirt_disks is defined) and (ovirt_disk_info.ovirt_disks | length > 0) and (ovirt_disk_info.ovirt_disks[0].status != "locked")
retries: 10
delay: 3
when: iso_file is defined

10
roles/oatakan.rhel_ovirt_template/tasks/wait_iso_disk_unlock_pre29.yml Normal file
View File

@@ -0,0 +1,10 @@
---
- name: wait until the disk is unlocked by the oVirt engine (<2.9)
ovirt_disk_facts:
auth: "{{ ovirt_auth }}"
pattern: "name={{ iso_file }}"
until: (ovirt_disks is defined) and (ovirt_disks | length > 0) and (ovirt_disks[0].status != "locked")
retries: 10
delay: 3
when: iso_file is defined

13
roles/oatakan.rhel_ovirt_template/tasks/wait_vm_poweredoff.yml Normal file
View File

@@ -0,0 +1,13 @@
---
- name: wait for vm status to be poweredoff
ovirt.ovirt.ovirt_vm_info:
auth: "{{ ovirt_auth }}"
pattern: name={{ template.name }} and cluster={{ providers.ovirt.cluster }}
register: ovirt_vm_info_result
until:
- ovirt_vm_info_result.ovirt_vms is defined
- ovirt_vm_info_result.ovirt_vms|length > 0
- ovirt_vm_info_result.ovirt_vms[0].status == 'down'
delay: 5
retries: 30

12
roles/oatakan.rhel_ovirt_template/tasks/wait_vm_poweredoff_pre29.yml Normal file
View File

@@ -0,0 +1,12 @@
---
- name: wait for vm status to be poweredoff
ovirt_vm_facts:
auth: "{{ ovirt_auth }}"
pattern: name={{ template.name }} and cluster={{ providers.ovirt.cluster }}
until:
- ovirt_vms is defined
- ovirt_vms|length > 0
- ovirt_vms[0].status == 'down'
delay: 5
retries: 30

131
roles/oatakan.rhel_ovirt_template/templates/rhel7/ks.cfg.j2 Normal file
View File

@@ -0,0 +1,131 @@
firewall --disabled
install
cdrom
lang en_US.UTF-8
keyboard us
timezone UTC
{% if template.networks is defined and template.networks[0].ip is defined and template.networks[0].gateway is defined and template.networks[0].netmask is defined %}
network --bootproto=static --ip={{ template.networks[0].ip }} --netmask={{ template.networks[0].netmask }} --gateway={{ template.networks[0].gateway }}{% if template.networks[0].dns_servers is defined %} --nameserver={{ template.networks[0].dns_servers|join(',') }}{% endif %}
{% else %}
network --bootproto=dhcp
{% endif %}
network --hostname=localhost.localdomain
rootpw {{ local_administrator_password }}
authconfig --enableshadow --passalgo=sha512
{% if template_selinux_enabled is undefined or not template_selinux_enabled %}
selinux --disabled
{% endif %}
text
skipx
logging --level=info
eula --agreed
bootloader --append="no_timer_check"
clearpart --all --initlabel
part /boot/efi --fstype="efi" --size=200 --fsoptions="umask=0077,shortname=winnt" --asprimary
part /boot --fstype="xfs" --size=1024 --asprimary
part pv.00 --fstype="lvmpv" --size=1 --grow --asprimary
volgroup vg00 --pesize=4096 pv.00
logvol swap --fstype="swap" --size=4096 --name=swap --vgname=vg00
logvol / --fstype="xfs" --size=1 --grow --name=root --vgname=vg00
#clearpart --all --initlabel
#part /boot/efi --fstype=efi --grow --maxsize=200 --size=20
#part /boot --size=1000 --asprimary --fstype=ext4 --label=boot --fsoptions=acl,user_xattr,errors=remount-ro,nodev,noexec,nosuid
#part pv.00 --size=1 --grow --asprimary
#volgroup vg00 pv.00
#logvol swap --name=swap --vgname=vg00 --size=4098
#logvol / --fstype=xfs --fsoptions=acl,user_xattr,errors=remount-ro --size=1 --grow --name=root --vgname=vg00
#bootloader --boot-drive=vda
#reqpart --add-boot
#part swap --size 4098 --asprimary
#part pv.01 --fstype xfs --size=1 --grow --asprimary volgroup VolGroup00 pv.01
#logvol / --fstype xfs --name=lv_root --vgname=VolGroup00 --size=32768
auth --useshadow --enablemd5
firstboot --disabled
services --enabled=NetworkManager,sshd
reboot
user --name={{ local_account_username }} --plaintext --password {{ local_account_password }} --groups={{ local_account_username }},wheel
%packages --ignoremissing --excludedocs
@Base
@Core
openssh-clients
sudo
openssl-devel
readline-devel
zlib-devel
kernel-headers
kernel-devel
gcc
make
perl
curl
wget
ntp
nfs-utils
net-tools
vim
curl
unbound-libs
bzip2
sshpass
-fprintd-pam
-intltool
-NetworkManager
-NetworkManager-tui
# unnecessary firmware
-aic94xx-firmware
-atmel-firmware
-b43-openfwwf
-bfa-firmware
-ipw2100-firmware
-ipw2200-firmware
-ivtv-firmware
-iwl100-firmware
-iwl1000-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6050-firmware
-libertas-usb8388-firmware
-ql2100-firmware
-ql2200-firmware
-ql23xx-firmware
-ql2400-firmware
-ql2500-firmware
-rt61pci-firmware
-rt73usb-firmware
-xorg-x11-drv-ati-firmware
-zd1211-firmware
%end
%post
# update root certs
# wget -O/etc/pki/tls/certs/ca-bundle.crt https://curl.haxx.se/ca/cacert.pem --no-check-certificate
# yum reinstall ca-certificates
# permit root login
sed -i s'/PermitRootLogin\ prohibit-password/PermitRootLogin\ yes'/g /etc/ssh/sshd_config
# sudo
yum install -y sudo
echo "{{ local_account_username }} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/{{ local_account_username }}
sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers
{% if template_selinux_enabled is undefined or not template_selinux_enabled %}
sed -i s'/SELINUX=enforcing/SELINUX=disabled'/g /etc/selinux/config
{% endif %}
yum clean all
%end

113
roles/oatakan.rhel_ovirt_template/templates/rhel8/ks.cfg.j2 Normal file
View File

@@ -0,0 +1,113 @@
firewall --disabled
install
cdrom
lang en_US.UTF-8
keyboard us
timezone UTC
{% if template.networks is defined and template.networks[0].ip is defined and template.networks[0].gateway is defined and template.networks[0].netmask is defined %}
network --bootproto=static --ip={{ template.networks[0].ip }} --netmask={{ template.networks[0].netmask }} --gateway={{ template.networks[0].gateway }}{% if template.networks[0].dns_servers is defined %} --nameserver={{ template.networks[0].dns_servers|join(',') }}{% endif %}
{% else %}
network --bootproto=dhcp
{% endif %}
network --hostname=localhost.localdomain
rootpw {{ local_administrator_password }}
authconfig --enableshadow --passalgo=sha512
{% if template_selinux_enabled is undefined or not template_selinux_enabled %}
selinux --disabled
{% endif %}
text
skipx
logging --level=info
eula --agreed
bootloader --append="no_timer_check"
clearpart --all --initlabel
part /boot/efi --fstype="efi" --size=200 --fsoptions="umask=0077,shortname=winnt" --asprimary
part /boot --fstype="xfs" --size=1024 --asprimary
part pv.00 --fstype="lvmpv" --size=1 --grow --asprimary
volgroup vg00 --pesize=4096 pv.00
logvol swap --fstype="swap" --size=4096 --name=swap --vgname=vg00
logvol / --fstype="xfs" --size=1 --grow --name=root --vgname=vg00
auth --useshadow --enablemd5
firstboot --disabled
services --enabled=NetworkManager,sshd
reboot
# this doesn't seem to work in RHEL 8.0
#user --name={{ local_account_username }} --plaintext --password {{ local_account_password }} --groups={{ local_account_username }},wheel
%packages --ignoremissing --excludedocs
@Base
@Core
openssh-clients
sudo
openssl-devel
readline-devel
zlib-devel
kernel-headers
kernel-devel
gcc
make
perl
curl
wget
ntp
nfs-utils
net-tools
vim
curl
unbound-libs
bzip2
sshpass
openssl
# unnecessary firmware
-aic94xx-firmware
-atmel-firmware
-b43-openfwwf
-bfa-firmware
-ipw2100-firmware
-ipw2200-firmware
-ivtv-firmware
-iwl100-firmware
-iwl1000-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6050-firmware
-libertas-usb8388-firmware
-ql2100-firmware
-ql2200-firmware
-ql23xx-firmware
-ql2400-firmware
-ql2500-firmware
-rt61pci-firmware
-rt73usb-firmware
-xorg-x11-drv-ati-firmware
-zd1211-firmware
%end
%post
# update root certs
# wget -O/etc/pki/tls/certs/ca-bundle.crt https://curl.haxx.se/ca/cacert.pem --no-check-certificate
# yum reinstall ca-certificates
# sudo
groupadd {{ local_account_username }}
useradd -g {{ local_account_username }} -G {{ local_account_username }},wheel -d /home/{{ local_account_username }} -m -p $(openssl passwd -1 {{ local_account_password }}) {{ local_account_username }}
yum install -y sudo
echo "{{ local_account_username }} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/{{ local_account_username }}
sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers
{% if template_selinux_enabled is undefined or not template_selinux_enabled %}
sed -i s'/SELINUX=enforcing/SELINUX=disabled'/g /etc/selinux/config
{% endif %}
yum clean all
%end

1
roles/oatakan.rhel_ovirt_template/tests/inventory Normal file
View File

@@ -0,0 +1 @@
localhost

7
roles/oatakan.rhel_ovirt_template/tests/test.yml Normal file
View File

@@ -0,0 +1,7 @@
---
- hosts: localhost
gather_facts: False
connection: local
become: no
roles:
- ../.

61
roles/oatakan.rhel_ovirt_template/vars/main.yml Normal file
View File

@@ -0,0 +1,61 @@
---
temp_directory: tmp{{ awx_job_id | default('') }}
iso_file: "linux_{{ linux_distro_name }}_ks{{ awx_job_id | default('') }}.iso"
export_dir: "{{ playbook_dir }}/{{ temp_directory }}"
providers:
ovirt:
datacenter: "{{ ovirt_datacenter }}"
cluster: "{{ ovirt_cluster }}"
data_domain: "{{ ovirt_data_domain }}"
export_domain: "{{ ovirt_export_domain }}"
iso_domain: "{{ ovirt_iso_domain }}"
template:
name: "{{ template_vm_name }}"
role: linux_template
app_name: linux_template_generate
domain: "{{ template_vm_domain }}"
disks:
- name: "{{ template_vm_name }}"
size: "{{ template_vm_root_disk_size }}GiB"
format: "{{ template_vm_root_disk_format }}"
interface: "{{ template_vm_root_disk_interface | default('virtio') }}"
bootable: yes
storage_domain: "{{ providers.ovirt.data_domain | default('data_domain') }}"
memory: "{{ template_vm_memory }}"
cpu: "{{ template_vm_cpu }}"
bios_type: "{{ ('q35_ovmf') if (template_vm_efi|bool and not custom_efi_enabled|bool) else (omit) }}"
networks:
- name: "{{ template_vm_network_name }}"
ip: "{{ template_vm_ip_address }}"
netmask: "{{ template_vm_netmask }}"
gateway: "{{ template_vm_gateway }}"
domain: "{{ template_vm_domain }}"
device_type: e1000
dns_servers: "{{ template_vm_dns_servers }}"
cd_iso: "{{ iso_file_id | default(iso_file_name) }}" # if using data domain, file name does not work, need to use id
linux_ks_folder: "{{ os_short_names[(linux_distro_name|default('rhel_80'))].ks_folder | default('rhel8') }}"
template_vm_guest_id: "{{ os_short_names[(linux_distro_name|default('rhel_80'))].guest_id | default('rhel_8x64') }}"
qemu_cmdline_second_iso:
- -device
- ide-cd,bus={{ qemu_second_cdrom_device_bus_type }}.{{ qemu_second_cdrom_device_bus_id }},unit={{ qemu_second_cdrom_device_bus_unit }},drive=drive-ua-0001,id=ua-0001,bootindex=3
- -drive
- format=raw,if=none,id=drive-ua-0001,werror=report,rerror=report,readonly=on,file=/rhev/data-center/{{ ovirt_datacenter_id }}/{{ ovirt_datastore_id }}/images/{{ ks_iso_file_disk_id }}/{{ ks_iso_file_image_id }}
qemu_cmdline_efi:
- -drive
- if=pflash,format=raw,readonly,file={{ custom_efi_path }}
custom_properties:
- name: qemu_cmdline
value: "{{ ((qemu_cmdline_second_iso + qemu_cmdline_efi) | to_json) if (template_vm_efi|bool and custom_efi_enabled|bool) else (qemu_cmdline_second_iso | to_json) }}"
custom_properties_efi:
- name: qemu_cmdline
value: "{{ (qemu_cmdline_efi | to_json) if (template_vm_efi|bool and custom_efi_enabled|bool) else ('[]') }}"