Add certificate generation

2019-08-31 19:22:32 -04:00
parent 1a207029eb
commit fa2d28367a
37 changed files with 2315 additions and 2 deletions
--- a/roles/ovirt.manageiq/tasks/cfme_add_disk.yml
+++ b/roles/ovirt.manageiq/tasks/cfme_add_disk.yml
@@ -0,0 +1,15 @@
+- name: Add {{ item }} disk for CFME
+  ovirt_disk:
+    auth: "{{ ovirt_auth }}"
+    name: "{{ miq_vm_disks[item].name | default(miq_vm_name ~ '_' ~ item) }}"
+    vm_name: "{{ miq_vm_name }}"
+    interface: "{{ miq_vm_disks[item].interface | default('virtio_scsi') }}"
+    size: "{{ miq_vm_disks[item].size | default(omit) }}"
+    format: "{{ miq_vm_disks[item].format | default(omit) }}"
+    timeout: "{{ miq_vm_disks[item].timeout | default(omit) }}"
+    storage_domain: "{{ miq_vm_disks[item].storage | default(disk_storage_domain.name if disk_storage_domain is defined else miq_vm_disk_storage) }}"
+
+- name: Add {{ item }} disk to CloudForms initialization command
+  no_log: "{{ not miq_debug_create }}"
+  set_fact:
+    miq_init_cmd2: "{{ miq_init_cmd2 }} {{ miq_init_cmd_options.disks[item] }} {{ miq_vm_disks_devices[item] }}"
--- a/roles/ovirt.manageiq/tasks/cfme_identify_disk_device.yml
+++ b/roles/ovirt.manageiq/tasks/cfme_identify_disk_device.yml
@@ -0,0 +1,73 @@
+- name: Set database disk to /dev/vdb if disk interface is virtio
+  set_fact:
+    miq_vm_disks_db_device: /dev/vdb
+  when: "miq_vm_disks.database.interface == 'virtio'"
+
+- name: Set database disk to /dev/sdb if disk interface is virtio_scsi
+  set_fact:
+    miq_vm_disks_db_device: /dev/sdb
+  when: "miq_vm_disks.database.interface == 'virtio_scsi'"
+
+- set_fact:
+    miq_vm_disks_devices:
+      database: "{{ miq_vm_disks_db_device }}"
+
+- block:
+
+  - name: Set log disk to /dev/vdc if disk interface is virtio
+    set_fact:
+      miq_vm_disks_log_device: /dev/vdc
+    when: "miq_vm_disks.log.interface == 'virtio'"
+
+  - name: Set log disk to /dev/sdc if disk interface is virtio_scsi
+    set_fact:
+      miq_vm_disks_log_device: /dev/sdc
+    when: "miq_vm_disks.log.interface == 'virtio_scsi'"
+
+  - set_fact:
+      miq_vm_disks_log_device_dict:
+        log: "{{ miq_vm_disks_log_device }}"
+
+  - set_fact:
+      miq_vm_disks_devices: "{{ miq_vm_disks_devices | combine(miq_vm_disks_log_device_dict) }}"
+
+  when: "'log' in miq_vm_disks"
+
+- block:
+
+  - block:
+
+    - name: Set tmp disk to /dev/vdc if disk interface is virtio
+      set_fact:
+        miq_vm_disks_tmp_device: /dev/vdc
+      when: "miq_vm_disks.tmp.interface == 'virtio'"
+
+    - name: Set tmp disk to /dev/sdc if disk interface is virtio_scsi
+      set_fact:
+        miq_vm_disks_tmp_device: /dev/sdc
+      when: "miq_vm_disks.tmp.interface == 'virtio_scsi'"
+
+    when: "'log' not in miq_vm_disks"
+
+  - block:
+
+    - name: Set tmp disk to /dev/vdd if disk interface is virtio
+      set_fact:
+        miq_vm_disks_tmp_device: /dev/vdd
+      when: "miq_vm_disks.tmp.interface == 'virtio'"
+
+    - name: Set tmp disk to /dev/sdd if disk interface is virtio_scsi
+      set_fact:
+        miq_vm_disks_tmp_device: /dev/sdd
+      when: "miq_vm_disks.tmp.interface == 'virtio_scsi'"
+
+    when: "'log' in miq_vm_disks"
+
+  - set_fact:
+      miq_vm_disks_tmp_device_dict:
+        tmp: "{{ miq_vm_disks_tmp_device }}"
+
+  - set_fact:
+      miq_vm_disks_devices: "{{ miq_vm_disks_devices | combine(miq_vm_disks_tmp_device_dict) }}"
+
+  when: "'tmp' in miq_vm_disks"
--- a/roles/ovirt.manageiq/tasks/deploy_qcow2.yml
+++ b/roles/ovirt.manageiq/tasks/deploy_qcow2.yml
@@ -0,0 +1,84 @@
+- name: Check if {{ miq_image_path }} is directory
+  stat:
+    path: "{{ miq_image_path }}"
+  register: image_path_st
+
+- name: Download the qcow image
+  get_url:
+    url: "{{ miq_qcow_url }}"
+    dest: "{{ image_path_st.stat.isdir | ternary( miq_image_path~'/'~miq_qcow_url.rpartition('/')[-1], miq_image_path) | regex_replace('//', '/') }}"
+    checksum: "{{ miq_image_checksum | default(omit) }}"
+  register: downloaded_file
+
+- name: Check file type
+  command: "/usr/bin/file {{ downloaded_file.dest | quote }}"
+  changed_when: false
+  register: filetype
+
+- name: Fail if image is not qcow
+  fail:
+    msg: "The downloaded file is not a valid QCOW file."
+  when: '"QCOW" not in filetype.stdout'
+
+- name: Calculate image size in GiB
+  set_fact:
+    miq_image_size_gib: "{{ filetype.stdout_lines[0].split()[5] | int // 2**30 }}"
+
+#
+# Find default disk size for miq disk:
+#
+- block:
+  - name: Extract integer from miq_vm_disk_size
+    set_fact:
+      miq_vm_disk_size_gib: "{{ miq_vm_disk_size | regex_replace('GiB$') }}"
+
+  - name: Fail if miq_vm_disk_size is less than  qcow size
+    fail:
+      msg: "Setting a disk size ({{ miq_vm_disk_size }}) lower than the image size ({{ miq_image_size_gib }}GiB) may result in disk corruption."
+    when: "miq_vm_disk_size_gib < miq_image_size_gib"
+  when: "miq_vm_disk_size is defined"
+
+#
+# Find default data storage domain for Miq disk:
+#
+- block:
+  - name: Fetch storages
+    ovirt_storage_domain_facts:
+      auth: "{{ ovirt_auth }}"
+      pattern: "Clusters.name={{ miq_vm_cluster }} and status=active"
+
+  - name: Find data domain
+    set_fact:
+      disk_storage_domain: "{{ ovirt_storage_domains | json_query(the_query) | list | first }}"
+    vars:
+      the_query: "[?type=='data']"
+  when: miq_vm_disk_storage is undefined
+
+- name: Check if VM already exists
+  ovirt_vm_facts:
+    auth: "{{ ovirt_auth }}"
+    pattern: "name={{ miq_vm_name }}"
+
+- block:
+  - name: Deploy the qcow image to oVirt engine
+    ovirt_disk:
+      auth: "{{ ovirt_auth }}"
+      name: "{{ miq_vm_disk_name | default(miq_vm_name) }}"
+      interface: "{{ miq_vm_disk_interface }}"
+      size: "{{ miq_vm_disk_size | default(miq_image_size_gib + 'GiB') }}"
+      format: "{{  miq_vm_disk_format }}"
+      image_path: "{{ downloaded_file.dest }}"
+      storage_domain: "{{ disk_storage_domain.name if disk_storage_domain is defined else miq_vm_disk_storage }}"
+      force: "{{ ovirt_vms | length == 0 }}"
+    register: ovirt_disk
+
+  rescue:
+    - name: Remove failed disk
+      ovirt_disk:
+        auth: "{{ ovirt_auth }}"
+        state: absent
+        name: "{{ miq_vm_disk_name | default(miq_vm_name) }}"
+
+    - name: Set miq_disk_deploy_failed
+      set_fact:
+        miq_disk_deploy_failed: true
--- a/roles/ovirt.manageiq/tasks/init_cfme.yml
+++ b/roles/ovirt.manageiq/tasks/init_cfme.yml
@@ -0,0 +1,57 @@
+- name: Add host alias of appliance
+  no_log: "{{ not miq_debug_create }}"
+  add_host:
+    hostname: "{{ miq_ip_addr }}"
+    ansible_host: "{{ miq_ip_addr }}"
+    ansible_user: root
+    ansible_password: smartvm
+    ansible_ssh_common_args: '-o StrictHostKeyChecking=no'
+  changed_when: false
+
+- name: Wait for SSH port of appliance
+  wait_for:
+    host: "{{ miq_ip_addr }}"
+    port: 22
+    delay: 10
+
+- name: Fetch info about appliance
+  command: "rpm -qi cfme"
+  args:
+    warn: no
+  register: cfme_rpm
+  ignore_errors: yes
+  changed_when: false
+  delegate_to: "{{ miq_ip_addr }}"
+
+- name: Check if ManageIQ/CloudForms was initilized
+  no_log: "{{ not miq_debug_create }}"
+  uri:
+    url: "https://{{ miq_ip_addr }}/api/"
+    validate_certs: no
+    user: "{{ miq_app_username }}"
+    password: smartvm
+  register: init_miq_vm
+  ignore_errors: yes
+
+- block:
+  - name: Set region id
+    set_fact:
+      miq_region_id: "{{ miq_region|int * 1000000000000  + 1 }}"
+
+  - name: Initialize CloudForms
+    command: "{{ miq_init_cmd2 }}"
+    delegate_to: "{{ miq_ip_addr }}"
+    when: "init_miq_vm.failed"
+
+  when: "cfme_rpm.rc == 0 and init_miq_vm.failed"
+
+- name: Set root password of appliance
+  no_log: "{{ not miq_debug_create }}"
+  shell: echo '{{ miq_vm_root_password }}' | passwd --stdin root
+  delegate_to: "{{ miq_ip_addr }}"
+
+- name: Disable cloud-init service
+  service:
+    enabled: no
+    name: cloud-init
+  delegate_to: "{{ miq_ip_addr }}"
--- a/roles/ovirt.manageiq/tasks/main.yml
+++ b/roles/ovirt.manageiq/tasks/main.yml
@@ -0,0 +1,108 @@
+---
+- block:
+  ## Initialize authentication parameters:
+  - set_fact:
+      engine_url: "{{ 'https://' ~engine_fqdn | default(lookup('env', 'OVIRT_HOSTNAME')) ~ '/ovirt-engine/api' }}"
+    when: engine_fqdn is defined or lookup('env', 'OVIRT_HOSTNAME')
+
+  - set_fact:
+      engine_user: "{{ engine_user | default(lookup('env', 'OVIRT_USERNAME')) }}"
+      engine_password: "{{ engine_password | default(lookup('env', 'OVIRT_PASSWORD')) }}"
+      engine_url: "{{ engine_url | default(lookup('env', 'OVIRT_URL')) }}"
+      engine_cafile: "{{ engine_cafile | default(lookup('env', 'OVIRT_CAFILE')) }}"
+
+  - name: Login to oVirt engine
+    ovirt_auth:
+      username: "{{ engine_user }}"
+      password: "{{ engine_password }}"
+      url: "{{ engine_url }}"
+      ca_file: "{{ engine_cafile }}"
+      insecure: "{{ engine_cafile == '' }}"
+    when: ovirt_auth is undefined or not ovirt_auth
+    register: loggedin
+    tags:
+      - always
+
+  - name: Deploy qcow disk
+    include_tasks: deploy_qcow2.yml
+
+  - block:
+    - name: Create ManageIQ virtual machine
+      ovirt_vm:
+        auth: "{{ ovirt_auth }}"
+        state: present
+        name: "{{ miq_vm_name }}"
+        cluster: "{{ miq_vm_cluster }}"
+        memory: "{{ miq_vm_memory }}"
+        memory_max: "{{ miq_vm_memory_max | default(omit) }}"
+        memory_guaranteed: "{{ miq_vm_memory_guaranteed | default(omit) }}"
+        cpu_cores: "{{ miq_vm_cpu }}"
+        cpu_shares: "{{ miq_vm_cpu_shares | default(omit) }}"
+        cpu_sockets: "{{ miq_vm_cpu_sockets | default(omit) }}"
+        cpu_threads: "{{ miq_vm_cpu_threads | default(omit) }}"
+        operating_system: "{{ miq_vm_os }}"
+        high_availability: "{{ miq_vm_high_availability }}"
+        high_availability_priority: "{{ miq_vm_high_availability_priority }}"
+        delete_protected: "{{ miq_vm_delete_protected }}"
+        type: server
+        disks:
+          - id: "{{ ovirt_disk.id }}"
+            bootable: true
+        nics: "{{ miq_vm_nics }}"
+      register: create_vm
+
+    - name: Duplicate miq_init_cmd variable to override it
+      set_fact:
+        miq_init_cmd2: "{{ miq_init_cmd }}"
+
+    - include_tasks: cfme_identify_disk_device.yml
+
+    - include_tasks: cfme_add_disk.yml
+      when: "item in miq_vm_disks"
+      with_items: "{{ miq_vm_disks_types }}"
+
+    - name: Ensure virtual machine is running
+      ovirt_vm:
+        auth: "{{ ovirt_auth }}"
+        state: running
+        name: "{{ miq_vm_name }}"
+        cloud_init: "{{ miq_vm_cloud_init | default(omit) }}"
+
+    - set_fact:
+        ip_cond: "ovirt_vms | ovirtvmip{{ miq_wait_for_ip_version }} | length > 0"
+
+    - name: Wait for VM IP
+      ovirt_vm_facts:
+        auth: "{{ ovirt_auth }}"
+        pattern: "name={{ miq_vm_name }}"
+        fetch_nested: true
+        nested_attributes: ips
+      until: "ip_cond"
+      retries: 10
+      delay: 10
+
+    - name: ManageIQ host IPv4 address
+      set_fact:
+        miq_ip_addr: "{{ ovirt_vms | ovirtvmipv4 }}"
+      when: miq_wait_for_ip_version == 'v4'
+
+    - name: ManageIQ host IPv6 address
+      set_fact:
+        miq_ip_addr: "{{ ovirt_vms | ovirtvmipv6 }}"
+      when: miq_wait_for_ip_version == 'v6'
+
+    - block:
+      - include: init_cfme.yml
+      - include: wait_for_api.yml
+
+      when: "miq_initialize"
+    when: "not miq_disk_deploy_failed"
+
+  always:
+    - name: Logout from oVirt engine
+      ovirt_auth:
+        state: absent
+        ovirt_auth: "{{ ovirt_auth }}"
+      when: not loggedin.skipped | default(false)
+      tags:
+        - always
--- a/roles/ovirt.manageiq/tasks/manage_appliance_roles.yml
+++ b/roles/ovirt.manageiq/tasks/manage_appliance_roles.yml
@@ -0,0 +1,33 @@
+---
+- name: Get the list of enabled roles
+  uri:
+    url: "https://{{ miq_ip_addr }}/api/servers/{{ miq_region_id }}/settings"
+    user: "{{ miq_app_username }}"
+    password: "{{ miq_app_password }}"
+    method: GET
+    validate_certs: no
+  register: miq_active_roles_json
+
+- name: Extracting the roles from the JSON output
+  set_fact:
+    miq_active_roles: "{{ miq_active_roles_json.json.server.role.split(',') }}"
+
+- name: Remove roles from the list of active roles
+  set_fact:
+    miq_active_roles: "{{ miq_active_roles | difference(miq_disabled_roles) }}"
+
+- name: Add extra roles to list of active roles
+  set_fact:
+    miq_active_roles: "{{ miq_active_roles | union(miq_enabled_roles) }}"
+
+- name: Update list of active roles
+  uri:
+    url: https://{{ miq_ip_addr }}/api/servers/{{ miq_region_id }}/settings
+    user: "{{ miq_app_username }}"
+    password: "{{ miq_app_password }}"
+    method: PATCH
+    validate_certs: no
+    body_format: json
+    body:
+      server:
+        role: "{{ miq_active_roles | join(',') }}"
--- a/roles/ovirt.manageiq/tasks/wait_for_api.yml
+++ b/roles/ovirt.manageiq/tasks/wait_for_api.yml
@@ -0,0 +1,68 @@
+- name: Wait for ManageIQ/CloudForms API
+  no_log: "{{ not miq_debug_create }}"
+  uri:
+    url: "https://{{ miq_ip_addr }}/api/"
+    validate_certs: no
+    user: "{{ miq_app_username }}"
+    password: smartvm
+  register: miq_vm
+  until: "miq_vm.status == 200"
+  retries: 50
+  delay: 20
+
+- name: Set application admin password
+  no_log: "{{ not miq_debug_create }}"
+  uri:
+    url: "https://{{ miq_ip_addr }}/api/users/{{ miq_region_id }}"
+    validate_certs: no
+    method: POST
+    user: "{{ miq_app_username }}"
+    password: smartvm
+    force_basic_auth: yes
+    body_format: json
+    body:
+      action: "edit"
+      resource:
+        password: "{{ miq_app_password | string }}"
+  register: miq_admin_password
+  changed_when: "miq_admin_password.status == 201 or miq_admin_password.status == 200"
+  failed_when:
+    - "miq_admin_password.json is defined and 'error' in miq_admin_password.json"
+
+- name: Update ManageIQ company name
+  uri:
+    url: "https://{{ miq_ip_addr }}/api/servers/{{ miq_region_id }}/settings"
+    user: "{{ miq_app_username }}"
+    password: "{{ miq_app_password }}"
+    method: PATCH
+    validate_certs: no
+    body_format: json
+    body:
+      server:
+        company: "{{ miq_company }}"
+  register: miq_update_company
+  changed_when: "miq_update_company.status == 201 or miq_update_company.status == 200"
+  failed_when:
+    - "miq_update_company.json is defined and 'error' in miq_update_company.json"
+
+- include_tasks: manage_appliance_roles.yml
+
+- name: Add oVirt/RHV provider to ManageIQ/CloudForms
+  no_log: "{{ not miq_debug_create }}"
+  uri:
+    url: "https://{{ miq_ip_addr }}/api/providers"
+    validate_certs: no
+    method: POST
+    user: "{{ miq_app_username }}"
+    password: "{{ miq_app_password }}"
+    body: "{{ lookup('template', 'add_rhv_provider.j2') }}"
+    force_basic_auth: yes
+    body_format: json
+  register: miq_rhv_provider
+  changed_when: "miq_rhv_provider.status == 201 or miq_rhv_provider.status == 200"
+  failed_when:
+    - "miq_rhv_provider.json is defined and 'error' in miq_rhv_provider.json"
+    - "miq_rhv_provider.json.error.message is defined and 'has already been taken' not in miq_rhv_provider.json.error.message"
+    # FIXME: If provider already exists with different name, don't fail, but we should change the name
+    # when there will exist any ansible module for managing providers:
+    - "miq_rhv_provider.json.error.message is defined and 'Host Name has to be unique per provider type' not in miq_rhv_provider.json.error.message"