OpenNebula Ansible Deployment (Technology Preview)

Initial set of optimized OpenNebula deployment playbooks dedicated for public use.
Included features:
  - Ansible Galaxy collection structure
  - Debian / RedHat-like Linux distros
  - CE / EE OpenNebula
  - MariaDB / PostgreSQL
  - Single / HA Front-end
  - OneGate Server / Proxy
  - OneFlow Server
  - Sunstone and FireEdge Servers
  - Prometheus Server / Exporters (EE-only)
  - Grafana Server (EE-only)
  - OpenNebula KVM Node management (including fixes for Libvirt instances)
  - Semi-automated Datastore configuration
  - Semi-automated Datastore symlink management
  - Semi-automated Networking configuration
  - Semi-automated Networking IP / bridging management
  - Auto-generated SSH jumphost / bastion config
  - Auto-generated SSH keys (password-less login)
  - Predefined easy-to-use Ansible tags
  - Markdown documentation for each role
  - Simple Makefile for handling common tasks
  - Apache-2.0 License

Author: Michal Opala <mopala@opennebula.io>

Author: rsmontero

.gitignore

@@ -0,0 +1,10 @@
+*.swp
+*.tar.gz
+__pycache__/
+/ansible_collections/*
+!/ansible_collections/opennebula/deploy
+/inventory/.one-deploy/
+/inventory/*.yml
+!/inventory/example.yml
+!/inventory/shared.yml
+!/inventory/shared-generic.yml

Makefile

@@ -0,0 +1,42 @@
+SHELL := $(shell which bash)
+SELF  := $(patsubst %/,%,$(dir $(abspath $(firstword $(MAKEFILE_LIST)))))
+
+I         ?= $(SELF)/inventory/example.yml
+INVENTORY ?= $(I)
+
+T    ?=
+TAGS ?= $(T)
+
+S         ?=
+SKIP_TAGS ?= $(S)
+
+V       ?= vv
+VERBOSE ?= $(V)
+
+export
+
+.PHONY: all
+
+all: main
+
+.PHONY: pre site main
+
+pre site main: _TAGS      := $(if $(TAGS),-t $(TAGS),)
+pre site main: _SKIP_TAGS := $(if $(SKIP_TAGS),--skip-tags $(SKIP_TAGS),)
+pre site main: _VERBOSE   := $(if $(VERBOSE),-$(VERBOSE),)
+pre site main:
+	cd $(SELF)/ && ansible-playbook $(_VERBOSE) -i $(INVENTORY) $(_TAGS) $(_SKIP_TAGS) opennebula.deploy.$@
+
+.PHONY: requirements build publish
+
+requirements: $(SELF)/requirements.yml
+	ansible-galaxy collection install --requirements-file $<
+
+build:
+	ansible-galaxy collection build --force --verbose
+
+publish: build
+	shopt -qs failglob && \
+	ansible-galaxy collection publish \
+	"$$(ls -1 $(SELF)/opennebula-deploy-[0-9].[0-9].[0-9].tar.gz | sort --version-sort | tail -n1)" \
+	--api-key="$$(cat $(SELF)/.galaxy-key)"

README.md

@@ -1 +1,28 @@
-# one-deploy
+# OpenNebula Ansible Playbooks
+
+The OpenNebula Ansible project consists of a set of playbooks and roles that let you deploy an OpenNebula cloud in a simple and convenient way.
+
+The documentation is organized based on three distinct architectures. We will start with the most straightforward architecture and gradually move towards more complex scenarios. For each scenario, we will provide concise explanations of the configurations implemented on both the platform and OpenNebula.
+
+## Contents
+
+* [Requirements & Platform Notes](../../wiki/sys_reqs)
+* [Using the playbooks](../../wiki/sys_use)
+* Deployments
+  * [Local storage](../../wiki/arch_single_local)
+  * [Shared storage](../../wiki/arch_single_shared)
+  * [High availability front-ends](../../wiki/arch_ha)
+  * [Connect through a bastion host](../../wiki/arch_bastion)
+  * [Other configurations](../../wiki/arch_other)
+* [Verifying the installation](../../wiki/sys_verify)
+* [Playbook reference](../../wiki/sys_reference)
+
+## License
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
+
+## Author Information
+
+Copyright 2002-2023, OpenNebula Project, OpenNebula Systems

ansible.cfg

@@ -0,0 +1,22 @@
+[defaults]
+collections_paths=./ansible_collections/
+inventory=./inventory/example.yml
+gathering=explicit
+host_key_checking=false
+display_skipped_hosts=true
+retry_files_enabled=false
+any_errors_fatal=true
+callbacks_enabled=profile_tasks
+stdout_callback=yaml
+timeout=30
+
+[privilege_escalation]
+become=true
+become_user=root
+
+[ssh_connection]
+pipelining=true
+# Uncomment to disable bastion:
+ssh_args=-q -o ControlMaster=auto -o ControlPersist=60s
+# Uncomment to enable bastion:
+#ssh_args=-q -o ControlMaster=auto -o ControlPersist=60s -F inventory/.one-deploy/bastion

ansible_collections/opennebula/deploy

@@ -0,0 +1 @@
+../../

galaxy.yml

@@ -0,0 +1,27 @@
+---
+namespace: opennebula
+name: deploy
+version: 0.0.1
+
+readme: README.md
+
+authors:
+- http://opennebula.io <contact@opennebula.io>
+description: HA DEPLOYMENT FOR OPENNEBULA (ANSIBLE)
+
+license: []
+license_file: LICENSE
+
+tags: []
+dependencies: {}
+
+repository: https://github.com/OpenNebula/one-deploy
+documentation: https://github.com/OpenNebula/one-deploy
+homepage: https://github.com/OpenNebula/one-deploy
+issues: https://github.com/OpenNebula/one-deploy/issues
+
+build_ignore:
+- .gitignore
+- .galaxy-key
+- inventory
+- ansible_collections

inventory/example.yml

@@ -0,0 +1,67 @@
+---
+all:
+  vars:
+    env_name: example
+    ansible_user: example
+    ensure_keys_for: [example, root]
+    one_version: '6.6'
+    one_token: example:example
+    features:
+      gateproxy: true
+      prometheus: false
+    one_vip: 10.11.12.69
+    one_vip_cidr: 24
+    one_vip_if: eth0
+    vn:
+      service:
+        managed: true
+        template:
+          VN_MAD: bridge
+          PHYDEV: eth0
+          BRIDGE: br0
+          AR:
+            TYPE: IP4
+            IP: 10.11.12.200
+            SIZE: 48
+          NETWORK_ADDRESS: 10.11.12.0
+          NETWORK_MASK: 255.255.255.0
+          GATEWAY: 10.11.12.1
+          DNS: 1.1.1.1
+      vm:
+        managed: true
+        template:
+          VN_MAD: bridge
+          PHYDEV: eth1
+          AR:
+            TYPE: IP4
+            IP: 192.168.150.200
+            SIZE: 48
+          NETWORK_ADDRESS: 192.168.150.0
+          NETWORK_MASK: 255.255.255.0
+    ds:
+      mode: ssh
+      config:
+        mounts:
+          - type: image
+            path: /opt/nfs0/1/
+          - type: file
+            path: /opt/nfs0/2/
+
+bastion:
+  hosts:
+    b1: { ansible_host: 10.11.12.10 }
+
+frontend:
+  hosts:
+    f1: { ansible_host: 10.11.12.10 }
+    f2: { ansible_host: 10.11.12.20 }
+    f3: { ansible_host: 10.11.12.30 }
+
+node:
+  hosts:
+    n1: { ansible_host: 10.11.12.40 }
+    n2: { ansible_host: 10.11.12.50 }
+
+grafana:
+  hosts:
+    f1: { ansible_host: 10.11.12.10 }

inventory/group_vars/all.yml

@@ -0,0 +1,2 @@
+---
+ansible_python_interpreter: /usr/bin/python3

inventory/local.yml

@@ -0,0 +1,32 @@
+---
+all:
+  vars:
+    ansible_user: root
+    one_version: '6.6'
+    one_pass: opennebulapass
+    ds:
+      mode: ssh
+    vn:
+      admin_net:
+        managed: true
+        template:
+          VN_MAD: bridge
+          PHYDEV: eth0
+          BRIDGE: br0
+          AR:
+            TYPE: IP4
+            IP: 172.20.0.100
+            SIZE: 48
+          NETWORK_ADDRESS: 172.20.0.0
+          NETWORK_MASK: 255.255.255.0
+          GATEWAY: 172.20.0.1
+          DNS: 1.1.1.1
+
+frontend:
+  hosts:
+    f1: { ansible_host: 172.20.0.6 }
+
+node:
+  hosts:
+    n1: { ansible_host: 172.20.0.7 }
+    n2: { ansible_host: 172.20.0.8 }

inventory/shared-generic.yml

@@ -0,0 +1,72 @@
+---
+all:
+  vars:
+    env_name: shared
+    ansible_python_interpreter: /usr/bin/python3
+    ansible_user: example
+    ensure_keys_for: [example, root]
+    one_version: '6.6'
+    one_token: example:example
+    one_vip: 10.11.12.69
+    one_vip_cidr: 24
+    one_vip_if: eth0
+    ds:
+      mode: generic
+      config:
+        SYSTEM_DS:
+          system:
+            enabled: false
+          system1:
+            id: 100
+            managed: true
+            enabled: true
+            symlink:
+              groups: [node]
+              src: /opt/nfs1/100/
+            template: &template
+              TYPE: SYSTEM_DS
+              TM_MAD: shared
+              BRIDGE_LIST: "{{ groups.node | map('extract', hostvars, ['ansible_host']) | join(' ') }}"
+          system2:
+            id: 101
+            managed: true
+            enabled: true
+            symlink:
+              groups: [node]
+              src: /opt/nfs2/101/
+            template: *template
+          system3:
+            id: 102
+            managed: true
+            enabled: true
+            symlink:
+              groups: [node]
+              src: /opt/nfs3/102/
+            template: *template
+        IMAGE_DS:
+          default:
+            symlink: { src: /opt/nfs0/1/ }
+            template:
+              TM_MAD: shared
+        FILE_DS:
+          files:
+            symlink: { src: /opt/nfs0/2/ }
+
+bastion:
+  hosts:
+    b1: { ansible_host: 10.11.12.10 }
+
+frontend:
+  hosts:
+    f1: { ansible_host: 10.11.12.10 }
+    f2: { ansible_host: 10.11.12.20 }
+    f3: { ansible_host: 10.11.12.30 }
+
+node:
+  hosts:
+    n1: { ansible_host: 10.11.12.40 }
+    n2: { ansible_host: 10.11.12.50 }
+
+grafana:
+  hosts:
+    f1: { ansible_host: 10.11.12.10 }