├── Ansible ├── group_vars │ └── .gitkeep ├── roles │ ├── cloudstack-manager │ │ ├── templates │ │ │ ├── hosts │ │ │ ├── cloudstack.repo.j2 │ │ │ ├── CentOS-AppStream.repo.j2 │ │ │ └── CentOS-Base.repo.j2 │ │ ├── tasks │ │ │ ├── upgrade_debian_mgmt.yaml │ │ │ ├── upgrade_ubuntu_mgmt.yaml │ │ │ ├── additional_post-restart_upgrade_steps.yaml │ │ │ ├── wait-for-template.yml │ │ │ ├── upgrade_mgmt.yaml │ │ │ ├── wait-for-environment.yml │ │ │ ├── el9-acs.yml │ │ │ ├── centos8-acs.yml │ │ │ ├── additional_pre-restart_upgrade_steps.yaml │ │ │ ├── centos-shortname.yml │ │ │ ├── suse-acs.yml │ │ │ ├── setup-mgmt.yml │ │ │ ├── upgrade_centos_mgmt.yaml │ │ │ ├── centos.yml │ │ │ ├── migrate_databases.yml │ │ │ ├── centos-ccp.yml │ │ │ ├── centos-acs.yml │ │ │ └── suse.yml │ │ └── files │ │ │ ├── ipmitool-C3 │ │ │ └── update_db_410_to_411.sql │ ├── marvin │ │ ├── files │ │ │ ├── marvin_lib │ │ │ │ └── .gitkeep │ │ │ ├── smoke │ │ │ │ └── README │ │ │ ├── nose-json.zip │ │ │ ├── collate_results.sh │ │ │ └── upload_to_es.sh │ │ ├── templates │ │ │ ├── testuuid.j2 │ │ │ ├── additional_test_data.json.j2 │ │ │ ├── cloudstack.repo.j2 │ │ │ └── marvin.repo.j2 │ │ └── tasks │ │ │ ├── fix_tests.yml │ │ │ ├── setup_iscsi_target.yml │ │ │ └── install_marvin_prereqs.yml │ ├── hyper-v │ │ └── tasks │ │ │ └── main.yaml │ ├── kvm │ │ ├── templates │ │ │ ├── libvirtd.j2 │ │ │ ├── bridge-blacklist.j2 │ │ │ ├── resolv.conf.j2 │ │ │ ├── netplan.j2 │ │ │ ├── kvm-suse-eth1.j2 │ │ │ ├── kvm-suse-eth0.j2 │ │ │ ├── cloudstack.repo.j2 │ │ │ ├── kvm-eth1-basic.j2 │ │ │ ├── kvm-suse-eth1-basic-vlan.j2 │ │ │ ├── kvm-cloudbr1.j2 │ │ │ ├── kvm-eth1.j2 │ │ │ ├── kvm-eth_PXE_phys_host.j2 │ │ │ ├── kvm-eth0.j2 │ │ │ ├── kvm-suse-cloudbr0.j2 │ │ │ ├── kvm-trunked_phys_host.j2 │ │ │ ├── kvm-eth_mgmt_phys_host.j2 │ │ │ ├── kvm-cloudbr0.j2 │ │ │ ├── kvm-eth1-basic-vlan.j2 │ │ │ ├── configure_centos8_bridges.sh.j2 │ │ │ ├── kvm-ovs-eth.j2 │ │ │ ├── kvm-suse-cloudbr1.j2 │ │ │ ├── kvm-cloudbr0_phys_host.j2 │ │ │ ├── elrepo.repo.j2 │ │ │ ├── interfaces.j2 │ │ │ ├── kvm-suse-ovs-bridges.j2 │ │ │ ├── interfaces-ovs.j2 │ │ │ ├── yum.conf.j2 │ │ │ └── kvm-ovs-bridges.j2 │ │ ├── files │ │ │ ├── cloud-qemu-img │ │ │ ├── uefi.properties.Ubuntu │ │ │ └── uefi.properties.EL │ │ └── tasks │ │ │ ├── add_local_storage.yml │ │ │ ├── upgrade_kvm.yaml │ │ │ ├── ubuntu_custom_kernel.yml │ │ │ ├── upgrade_centos_kvm.yaml │ │ │ ├── centos_qemuimg.yml │ │ │ ├── kvm_networking_bridge_suse.yml │ │ │ ├── suse-acs.yml │ │ │ ├── centos-ccp.yml │ │ │ ├── kvm_networking_bridge.yml │ │ │ ├── centos-acs.yml │ │ │ ├── kvm_networking_phys_host.yml │ │ │ ├── centos_elrepokernel.yml │ │ │ └── kvm_networking_ovs.yml │ ├── cloudstack-config │ │ ├── files │ │ │ └── sslcertsplaceholder │ │ └── tasks │ │ │ ├── ssljetty.yml │ │ │ └── seedstorage.yml │ ├── timezone │ │ └── tasks │ │ │ ├── centos6.yml │ │ │ ├── centos8.yml │ │ │ ├── centos7.yml │ │ │ ├── suse.yml │ │ │ ├── ubuntu.yml │ │ │ ├── el9.yml │ │ │ └── main.yml │ ├── cloudstack-iscsiluns │ │ └── tasks │ │ │ ├── main.yml │ │ │ └── removeluns.yml │ ├── active-directory │ │ └── tasks │ │ │ └── main.yaml │ ├── slack_client │ │ └── tasks │ │ │ └── main.yml │ ├── mysql │ │ ├── handlers │ │ │ └── main.yml │ │ ├── templates │ │ │ ├── my-debian.cnf.j2 │ │ │ ├── my.cnf.j2 │ │ │ ├── mariadb-my.cnf.j2 │ │ │ ├── mariadb-suse-my.cnf.j2 │ │ │ ├── my-centos8.cnf.j2 │ │ │ └── my.ubuntu.cnf.j2 │ │ └── tasks │ │ │ ├── secure_mysql.yml │ │ │ ├── main.yml │ │ │ └── centos.yml │ ├── xenserver │ │ └── tasks │ │ │ ├── add_local_storage.yml │ │ │ └── main.yml │ ├── vsphere │ │ ├── tasks │ │ │ ├── add_local_storage.yml │ │ │ ├── add_iscsivmfs_storage.yml │ │ │ └── main.yml │ │ └── files │ │ │ └── esxi-dvs-mgmt.ps1 │ ├── hipchat_client │ │ ├── templates │ │ │ └── hipchat.sh.j2 │ │ ├── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── cloudstack-nfsshares │ │ └── tasks │ │ │ ├── main.yml │ │ │ ├── removeshares.yml │ │ │ └── addshares.yml │ └── cloudmonkey │ │ └── tasks │ │ ├── main.yml │ │ ├── suse.yml │ │ ├── centos8.yml │ │ ├── ubuntu.yml │ │ └── centos.yml ├── localhost ├── documentation │ ├── trillianprocflow.png │ ├── TrillianNetworking.png │ ├── TrillianProcflow.xml │ └── TrillianNetworking.xml ├── updateprojectstate.yml ├── tasks │ ├── looped_vm_start.yaml │ ├── configure_cks.yaml │ ├── set_java.yml │ ├── set_centos_repos.yml │ ├── updateproject.yml │ ├── builtintemplate_hack.yml │ └── add_dvfilter.yml ├── templates │ ├── cloudstack.ini.j2 │ ├── webhook_client.j2 │ ├── epel.repo.j2 │ ├── CentOS-AppStream.repo.j2 │ ├── CentOS8-Base.repo.j2 │ ├── configure_cks.sh.j2 │ ├── CentOS-Base.repo.j2 │ └── sources.list-u18.j2 ├── library │ ├── package_available │ ├── acs_mysql_update │ ├── os_facts │ ├── get_downloaded_hotfix_facts │ ├── get_db_facts │ ├── cloudmonkey_config │ ├── get_xenserver_facts │ ├── reconcile_db │ ├── cs_version_facts │ └── reconciledb_reportonly ├── test-test.pub └── stopstartvms.yml ├── .gitignore ├── todo.md └── utils ├── evalansiblevars.sh ├── install_ansible.sh └── install_ansible - Ubuntu.sh /Ansible/group_vars/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-manager/templates/hosts: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Ansible/roles/marvin/files/marvin_lib/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Ansible/roles/hyper-v/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | -------------------------------------------------------------------------------- /Ansible/roles/marvin/templates/testuuid.j2: -------------------------------------------------------------------------------- 1 | {{ env_uuid }} -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | Ansible/group_vars/all 2 | *.pyc 3 | .vscode/* 4 | -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-manager/tasks/upgrade_debian_mgmt.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-manager/tasks/upgrade_ubuntu_mgmt.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/libvirtd.j2: -------------------------------------------------------------------------------- 1 | LIBVIRTD_ARGS="--listen" 2 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/bridge-blacklist.j2: -------------------------------------------------------------------------------- 1 | install bridge /bin/false 2 | -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-manager/tasks/additional_post-restart_upgrade_steps.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-manager/files/ipmitool-C3: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | /usr/share/cloudstack-common/ipmitool -C3 $@ 3 | -------------------------------------------------------------------------------- /Ansible/localhost: -------------------------------------------------------------------------------- 1 | [local] 2 | ll-acsmgmt-01.london.shapeblue.com ansible_connection=ll-acsmgmt-01.london.shapeblue.com 3 | -------------------------------------------------------------------------------- /Ansible/roles/marvin/files/smoke/README: -------------------------------------------------------------------------------- 1 | drop any tests here in case you want to override behaviour of the ACS smoke tests 2 | -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-config/files/sslcertsplaceholder: -------------------------------------------------------------------------------- 1 | # Placeholder for files folder to be populated with SSL certificates 2 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/files/cloud-qemu-img: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/shapeblue/Trillian/HEAD/Ansible/roles/kvm/files/cloud-qemu-img -------------------------------------------------------------------------------- /Ansible/documentation/trillianprocflow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/shapeblue/Trillian/HEAD/Ansible/documentation/trillianprocflow.png -------------------------------------------------------------------------------- /Ansible/roles/marvin/files/nose-json.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/shapeblue/Trillian/HEAD/Ansible/roles/marvin/files/nose-json.zip -------------------------------------------------------------------------------- /Ansible/documentation/TrillianNetworking.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/shapeblue/Trillian/HEAD/Ansible/documentation/TrillianNetworking.png -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/resolv.conf.j2: -------------------------------------------------------------------------------- 1 | search sblab.local 2 | namserver {{ env_zone_intdns1 }} 3 | namserver {{ env_zone_intdns2 }} 4 | nameserver 8.8.8.8 -------------------------------------------------------------------------------- /Ansible/updateprojectstate.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - hosts: localhost 4 | connection: local 5 | gather_facts: no 6 | tasks: 7 | - name: update Tag project 8 | include: tasks/updateproject.yml project_tag={{ tag }} 9 | -------------------------------------------------------------------------------- /Ansible/tasks/looped_vm_start.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - debug: msg="clusterid={{ lowestclusterid }} vmid={{ item.id }}" 4 | 5 | - name: Start VM 6 | shell: "cmk startVirtualMachine id={{ item.id }} clusterid={{ lowestclusterid }}" 7 | -------------------------------------------------------------------------------- /Ansible/templates/cloudstack.ini.j2: -------------------------------------------------------------------------------- 1 | [cloudstack] 2 | endpoint = http://{{ hostvars[groups['primary_cs_manager'][0]]['ansible_ssh_host'] }}:8080/client/api 3 | key = {{ cm_apikey }} 4 | secret = {{ cm_secretkey }} 5 | timeout = 60 6 | -------------------------------------------------------------------------------- /Ansible/roles/timezone/tasks/centos6.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: remove old link 4 | file: path=/etc/localtime state=absent 5 | 6 | - name: set new timezone 7 | file: src="/usr/share/zoneinfo/{{ env_timezone }}" dest=/etc/localtime state=link 8 | -------------------------------------------------------------------------------- /Ansible/templates/webhook_client.j2: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # data should be formated as markdown. headings do not work. 4 | # < > and & must be urlencoded 5 | 6 | curl -X POST -H 'Content-type: application/json' --data "{\"text\": \"$1\"}" {{ marvin_notifi_webhook_url }} 7 | -------------------------------------------------------------------------------- /Ansible/tasks/configure_cks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Copy configure_cks script to mgmt server 4 | template: 5 | src: "../templates/configure_cks.sh.j2" 6 | dest: "/tmp/configure_cks.sh" 7 | mode: 0744 8 | 9 | - name: Configure CKS (Run CKS configuration script) 10 | shell: /tmp/configure_cks.sh 11 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/files/uefi.properties.Ubuntu: -------------------------------------------------------------------------------- 1 | guest.nvram.template.secure=/usr/share/OVMF/OVMF_VARS_4M.ms.fd 2 | guest.nvram.template.legacy=/usr/share/OVMF/OVMF_VARS_4M.fd 3 | guest.nvram.path=/var/lib/libvirt/qemu/nvram/ 4 | guest.loader.secure=/usr/share/OVMF/OVMF_CODE_4M.secboot.fd 5 | guest.loader.legacy=/usr/share/OVMF/OVMF_CODE_4M.fd 6 | -------------------------------------------------------------------------------- /Ansible/templates/epel.repo.j2: -------------------------------------------------------------------------------- 1 | [epel] 2 | name=Extra Packages for Enterprise Linux - $basearch 3 | baseurl={{ os_repo }}/epel/$releasever/$basearch 4 | #mirrorlist=http://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch 5 | failovermethod=priority 6 | enabled=1 7 | gpgcheck=0 8 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever 9 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/files/uefi.properties.EL: -------------------------------------------------------------------------------- 1 | guest.nvram.template.secure=/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd 2 | guest.nvram.template.legacy=/usr/share/edk2/ovmf/OVMF_VARS.fd 3 | guest.nvram.path=/var/lib/libvirt/qemu/nvram/ 4 | guest.loader.secure=/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd 5 | guest.loader.legacy=/usr/share/edk2/ovmf/OVMF_CODE.cc.fd 6 | -------------------------------------------------------------------------------- /Ansible/roles/timezone/tasks/centos8.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: "set Timezone to {{ env_timezone }}" 4 | command: "timedatectl set-timezone {{ env_timezone }}" 5 | 6 | - name: Install chrony 7 | dnf: 8 | name: chrony 9 | state: present 10 | 11 | - name: Start chrony CentOS 12 | service: 13 | name: chronyd 14 | state: started 15 | enabled: yes 16 | -------------------------------------------------------------------------------- /Ansible/roles/marvin/templates/additional_test_data.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "testrun_uuid": "", 3 | "testrun_name": "{{ env_name_clean }} -- {{ env_comment }}", 4 | "base_cloudstack_version": "{{ env_numversion }}", 5 | "pr_id": "null", 6 | "rc_num": "null", 7 | "marvin_tags": "advanced", 8 | "marvin_hypervisor": "{{ env_hv }}", 9 | "hypervisor_version": "", 10 | "testrun_date": "" 11 | } 12 | -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-iscsiluns/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Add iSCSI primary storage luns 3 | include: ./addluns.yml 4 | when: ( storage_action == "addprimary" ) and ( "primary_storage_hosts_iscsi" in group_names ) 5 | 6 | - name: Remove iSCSI primary storage luns 7 | include: ./removeluns.yml 8 | when: ( storage_action == "removeprimary" ) and ( "primary_storage_hosts_iscsi" in group_names ) 9 | -------------------------------------------------------------------------------- /Ansible/roles/timezone/tasks/centos7.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: "set Timezone to {{ env_timezone }}" 4 | command: "timedatectl set-timezone {{ env_timezone }}" 5 | 6 | - include: ../../../tasks/set_centos_repos.yml 7 | 8 | - name: Install chrony 9 | yum: 10 | name: chrony 11 | state: present 12 | 13 | - name: Start chrony CentOS 14 | service: 15 | name: chronyd 16 | state: started 17 | enabled: yes 18 | -------------------------------------------------------------------------------- /Ansible/library/package_available: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ARGS="(`cat $1`)" 4 | 5 | PACKAGE=`echo $ARGS | tr " " "\n"| awk -F= '$1=="PACKAGE"{print $2}'| tr -d '"' | sed -e 's/[[:space:]]*$//'` 6 | 7 | yum list $PACKAGE 8 | if [ $? -ne 0 ]; then 9 | AVAILABILITY="false" 10 | else 11 | AVAILABILITY="true" 12 | fi 13 | echo " 14 | { 15 | \"ansible_facts\": { 16 | \"mypackage_available\": \"${AVAILABILITY}\" 17 | } 18 | } 19 | " 20 | -------------------------------------------------------------------------------- /Ansible/roles/active-directory/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - hosts: winclient 4 | gather_facts: no 5 | tasks: 6 | - win_domain_controller: 7 | dns_domain_name: ansible.vagrant 8 | domain_admin_user: testguy@ansible.vagrant 9 | domain_admin_password: password123! 10 | safe_mode_password: password123! 11 | state: domain_controller 12 | log_path: c:\ansible_win_domain_controller.txt 13 | 14 | - win_reboot: -------------------------------------------------------------------------------- /Ansible/roles/marvin/files/collate_results.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | RESULTSFILE="/marvin/collated_results.txt" 4 | LOGDIR="/marvin/MarvinLogs" 5 | 6 | echo "Collated results from $HOSTNAME 7 | 8 | " > $RESULTSFILE 9 | for dir in $LOGDIR/*/; do 10 | 11 | rm -f /tmp/tmpres1 12 | 13 | sed -e '/=================================/,$d' $dir/results.txt > /tmp/tmpres1 14 | sed -e '/begin captured logging/,$d' /tmp/tmpres1 >> $RESULTSFILE 15 | 16 | done 17 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/netplan.j2: -------------------------------------------------------------------------------- 1 | network: 2 | ethernets: 3 | eth0: 4 | dhcp4: no 5 | eth1: 6 | dhcp4: no 7 | bridges: 8 | cloudbr0: 9 | dhcp4: yes 10 | interfaces: 11 | - eth0 12 | macaddress: {{ ansible_eth0.macaddress }} 13 | 14 | cloudbr1: 15 | dhcp4: no 16 | interfaces: 17 | - eth1 18 | version: 2 19 | -------------------------------------------------------------------------------- /todo.md: -------------------------------------------------------------------------------- 1 | ## Planned Enhancements 2 | 3 | We still have work to do, to avoid pull requests for features we're already working on please see the list of whats coming below :) 4 | 5 | * Migrate zone create shell script to a native j2 template [WIP] 6 | * Migrate Trillian database updates to native Ansible task rather than shell scripts [WIP] 7 | * Add ssh key option to Trillian command line. [TODO] 8 | * Add ability to receive Jenkins triggers and args and then pass back relevant data to Jenkins [TODO] 9 | * Secure passwords [TODO] 10 | * .... 11 | 12 | -------------------------------------------------------------------------------- /Ansible/tasks/set_java.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - debug: msg="Java version required is {{ java_ver }}" 4 | 5 | - name: ensure that above Java version is present 6 | yum: name="{{ java_path }}" state=latest enablerepo=base 7 | # when: ("{{ java_type}}" == "openjdk") 8 | 9 | - debug: msg="register oracle java with alternatives (TODO)" 10 | 11 | - name: "set {{ java_ver }} as default version - NOTE: This will appear to fail is already default" 12 | shell: "alternatives --set java `alternatives --list | grep {{ java_ver }} | awk -F ' ' '{print $NF}'`" 13 | ignore_errors: yes 14 | -------------------------------------------------------------------------------- /Ansible/roles/slack_client/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: wait for VM to be alive 4 | shell: "ping {{ ansible_ssh_host }} -c 1" 5 | register: pong 6 | until: pong.rc == 0 7 | retries: "{{ ssh_retries }}" 8 | 9 | - name: Wait for SSH 10 | local_action: wait_for port=22 host="{{ ansible_ssh_host }}" timeout={{ ssh_retries }} connect_timeout=5 11 | 12 | - name: install slack cli client dist 13 | get_url: 14 | url: "{{ slackcli_url }}" 15 | dest: "/usr/bin/slack" 16 | mode: 0777 17 | 18 | - name: add token to /etc/environment 19 | lineinfile: 20 | path: /etc/environment 21 | regexp: '^SLACK_CLI_TOKEN=' 22 | line: "SLACK_CLI_TOKEN='{{ slack_token }}'" 23 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/kvm-suse-eth1.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016-2021 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | 17 | BOOTPROTO='none' 18 | STARTMODE='auto' 19 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/kvm-suse-eth0.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016-2021 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | 17 | BOOTPROTO='none' 18 | STARTMODE='auto' 19 | MTU='1500' 20 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/tasks/add_local_storage.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Create new partition 4 | shell: parted /dev/sdb mklabel gpt mkpart primary 1 100% -s 5 | ignore_errors: true 6 | tags: 7 | - kvm 8 | - local_storage 9 | 10 | - name: Format new partition 11 | shell: mkfs.ext4 /dev/sdb1 12 | tags: 13 | - kvm 14 | - local_storage 15 | 16 | - name: Create local storage mount point 17 | file: path="{{ kvm_localstorage_mount }}" state=directory 18 | tags: 19 | - kvm 20 | - local_storage 21 | 22 | - name: update FSTAB 23 | mount: 24 | name: "{{ kvm_localstorage_mount }}" 25 | src: /dev/sdb1 26 | fstype: ext4 27 | state: mounted 28 | tags: 29 | - kvm 30 | - local_storage 31 | 32 | 33 | -------------------------------------------------------------------------------- /utils/evalansiblevars.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Evaluates Ansible jinja template files againsts variable files. 3 | # Extracts all Ansible variables from the jinja template and 4 | # does an ansible ad-hoc debug against each var individually rather 5 | # than processing all in one go. 6 | # Input: 7 | # $1 is the template file 8 | # $2 is the ansible hostfile 9 | # $3 is the ansible hostname 10 | # 11 | IFS=$'\n'; 12 | echo -e "\nTemplate file: $1\nHost file: $2\nHost: $3\n"; 13 | for i in `grep -ho '{{[^}]*}}' $1 | sort | uniq`; 14 | do 15 | cleanvarname=`echo ${i} | sed 's/{*//' | sed 's/}}//' | sed 's/^\ *//' | sed 's/\ *$//' | sed 's/|\ lower//'`; 16 | ansible -m debug -a "var=${cleanvarname}" -i $2 $3 | awk 'NR==2'; 17 | done 18 | -------------------------------------------------------------------------------- /Ansible/test-test.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8hXcROWo5g4btUtcJZ6npbgHHFnAGcqsmzlksnP5+ydj9GvuaS1GnsxdpWvjIEVUzkk1PT39OMoZGGF8mTnV+FF7MoWh2P4uFwHdk8XXbz/cdO2XdbswsSHrGH4dXEA6ztDPHw2hKKTqzvDqy9sOZT+PlFGd1OzHseCys13mTHaJLmxA4RWYQ0JTbMfg3qMFTd5O/NQ5FWdHlIRsd9sSIHHWbykloTbQvaee72fF4B07uZqYGGOczULCsVJrH8tCChKTOMHteTgVsX9Zim9+hcuBOZj1Gs9wzsIZ7SNqy7O4nL13mwTk6nSa0ayc789BAhnan9kp/YWuBEuRIUtfsZx2BvYohQo5Ygeb5oHiP2g/A/7fA0EJCsuMTlBUJPyVgkhhEjZOzIFHcMUY+zlmuHz/npPgm3LzIggXLd4cOlb4DFERHLElOwoA3e2k/+Mo6h9YJy0uIRYeyBbdqEvGMw8Inrwdil6SO+jVq5nBJoD51pwacGKrHsqGadOX9OXJ8a6wTMIyHCUDaGbO4h2gIl7ugwyohkQrpCOTEQA1LQqb4BwimsVUjZScH+XIJPYqwwnr76HTA4Jyxo9YscB7QCur9jhrea3EWr8Aocu4NPECZ6tGpwZehFRFPRLQj8i+xLMq7N2ZAFPDMFguI0ejc98WIf72jquGr8nxm4p1/DQ== pearl@pearl-XPS-15-7590 2 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/cloudstack.repo.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | 17 | [cloudstack] 18 | name=cloudstack 19 | baseurl={{ baseurl_kvm }} 20 | enabled=1 21 | gpgcheck=0 22 | -------------------------------------------------------------------------------- /Ansible/templates/CentOS-AppStream.repo.j2: -------------------------------------------------------------------------------- 1 | # CentOS-AppStream.repo 2 | # 3 | # The mirror system uses the connecting IP address of the client and the 4 | # update status of each mirror to pick mirrors that are updated to and 5 | # geographically close to the client. You should use this for CentOS updates 6 | # unless you are manually picking other mirrors. 7 | # 8 | # If the mirrorlist= does not work for you, as a fall back you can try the 9 | # remarked out baseurl= line instead. 10 | # 11 | # 12 | 13 | [AppStream] 14 | name=CentOS-$releasever - AppStream 15 | #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=AppStream&infra=$infra 16 | baseurl={{ os_repo }}/centos/$releasever/AppStream/$basearch/os/ 17 | gpgcheck=0 18 | enabled=1 19 | 20 | -------------------------------------------------------------------------------- /Ansible/roles/marvin/templates/cloudstack.repo.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | 17 | [cloudstack] 18 | name=cloudstack 19 | baseurl={{ baseurl_marvin }} 20 | enabled=1 21 | gpgcheck=0 22 | -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-manager/templates/cloudstack.repo.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | 17 | [cloudstack] 18 | name=cloudstack 19 | baseurl={{ baseurl_cloudstack }} 20 | enabled=1 21 | gpgcheck=0 22 | -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-manager/tasks/wait-for-template.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - debug: msg="Mgmt UI on {{ inventory_hostname['ansible_ssh_host'] }}{{":"}}8080/client " 4 | tags: 5 | - waitfortemplate 6 | 7 | - name: test for API on 8080 8 | shell: "curl http://127.0.0.1:8080/client/api --connect-timeout 5" 9 | register: result 10 | until: result.stdout.find("unable to verify user") != -1 11 | retries: 50 12 | tags: 13 | - waitfortemplate 14 | 15 | - name: Wait for default template to be ready before returning 16 | shell: cloudmonkey list templates listall=true templatefilter=all | jq '.template[]| select(.templatetype=="BUILTIN") | .isready' | sort | uniq 17 | register: result 18 | until: result.stdout == "true" 19 | retries: 400 20 | tags: 21 | - waitfortemplate 22 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/tasks/upgrade_kvm.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: wait for VM to be alive 4 | shell: "ping {{ ansible_ssh_host }} -c 1" 5 | register: pong 6 | until: pong.rc == 0 7 | retries: "{{ ssh_retries }}" 8 | 9 | - name: Wait for SSH 10 | local_action: wait_for port=22 host="{{ ansible_ssh_host }}" timeout={{ ssh_retries }} connect_timeout=5 11 | tags: 12 | - kvm 13 | 14 | - name: Now I'm connected, get facts 15 | setup: 16 | tags: 17 | - kvm 18 | 19 | - include: upgrade_centos_kvm.yaml 20 | when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' 21 | 22 | - include: upgrade_ubuntu_kvm.yaml 23 | when: ansible_distribution == 'Ubuntu' 24 | 25 | - include: upgrade_debian_kvm.yaml 26 | when: ansible_distribution == 'Debian' 27 | -------------------------------------------------------------------------------- /Ansible/roles/marvin/templates/marvin.repo.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | 17 | [cloudstack-marvin] 18 | name=cloudstack-marvin 19 | baseurl={{ fallback_marvin_test_repo }} 20 | enabled=1 21 | gpgcheck=0 22 | -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-manager/templates/CentOS-AppStream.repo.j2: -------------------------------------------------------------------------------- 1 | # CentOS-AppStream.repo 2 | # 3 | # The mirror system uses the connecting IP address of the client and the 4 | # update status of each mirror to pick mirrors that are updated to and 5 | # geographically close to the client. You should use this for CentOS updates 6 | # unless you are manually picking other mirrors. 7 | # 8 | # If the mirrorlist= does not work for you, as a fall back you can try the 9 | # remarked out baseurl= line instead. 10 | # 11 | # 12 | 13 | [AppStream] 14 | name=CentOS-$releasever - AppStream 15 | #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=AppStream&infra=$infra 16 | baseurl=http://{{ os_repo }}/centos/$releasever/AppStream/$basearch/os/ 17 | gpgcheck=0 18 | enabled=1 19 | 20 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/kvm-eth1-basic.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | 17 | DEVICE=eth1 18 | ONBOOT=yes 19 | HOTPLUG=yes 20 | BOOTPROTO=none 21 | TYPE=Ethernet 22 | NM_CONTROLLED=no 23 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/kvm-suse-eth1-basic-vlan.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016-2021 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | BOOTPROTO='none' 17 | STARTMODE='auto' 18 | VLAN_ID='{{ hostvars['localhost']['env_guestnetvlan'] }}' 19 | ETHERDEVICE='eth1' 20 | -------------------------------------------------------------------------------- /Ansible/roles/mysql/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | - name: restart iptables 18 | service: name=iptables state=restarted 19 | 20 | - name: restart mysql 21 | command: service mysqld restart -------------------------------------------------------------------------------- /Ansible/templates/CentOS8-Base.repo.j2: -------------------------------------------------------------------------------- 1 | # CentOS-Base.repo 2 | # 3 | # The mirror system uses the connecting IP address of the client and the 4 | # update status of each mirror to pick mirrors that are updated to and 5 | # geographically close to the client. You should use this for CentOS updates 6 | # unless you are manually picking other mirrors. 7 | # 8 | # If the mirrorlist= does not work for you, as a fall back you can try the 9 | # remarked out baseurl= line instead. 10 | # 11 | # 12 | 13 | [base] 14 | name=CentOS-$releasever - Base 15 | #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os 16 | baseurl={{ os_repo }}/centos/$releasever/os/$basearch/ 17 | gpgcheck=0 18 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-$releasever 19 | enabled = {{ base_repo_enabled }} 20 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/kvm-cloudbr1.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | 17 | DEVICE={{ kvm_guest_network_label }} 18 | TYPE=Bridge 19 | ONBOOT=yes 20 | BOOTPROTO=none 21 | IPV6INIT=no 22 | IPV6_AUTOCONF=no 23 | STP=off 24 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/kvm-eth1.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | 17 | DEVICE=eth1 18 | ONBOOT=yes 19 | HOTPLUG=no 20 | BOOTPROTO=none 21 | TYPE=Ethernet 22 | BRIDGE={{ kvm_guest_network_label }} 23 | NM_CONTROLLED=no 24 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/kvm-eth_PXE_phys_host.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | 17 | DEVICE={{ phys_host_PXE_if }} 18 | ONBOOT=no 19 | HOTPLUG=no 20 | BOOTPROTO=none 21 | TYPE=Ethernet 22 | NM_CONTROLLED=no 23 | MTU=1500 -------------------------------------------------------------------------------- /Ansible/templates/configure_cks.sh.j2: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | cmk sync 3 | 4 | # assumes presence of jq and cloudmonkey 5 | # and template names set and CKS API enabled 6 | 7 | # add min CKS service offering 8 | 9 | cmk create serviceoffering cpunumber={{ min_cks_service_offering.cpunumber }} cpuspeed={{ min_cks_service_offering.cpuspeed }} displaytext='{{ min_cks_service_offering.displaytext }}' memory={{ min_cks_service_offering.memory }} name='{{ min_cks_service_offering.name }}' offerha={{ min_cks_service_offering.offerha }} 10 | 11 | 12 | # upload versions 13 | {% for item in cks_version %} 14 | cmk add kubernetessupportedversion semanticversion={{ item.semantic_version }} url={{ item.url }} mincpunumber={{ min_cks_service_offering.cpunumber }} minmemory={{ min_cks_service_offering.memory }} 15 | {% endfor %} 16 | 17 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/kvm-eth0.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | 17 | DEVICE=eth0 18 | ONBOOT=yes 19 | HOTPLUG=no 20 | BOOTPROTO=none 21 | TYPE=Ethernet 22 | BRIDGE={{ kvm_mgmt_network_label }} 23 | NM_CONTROLLED=no 24 | MTU=1500 -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/kvm-suse-cloudbr0.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016-2021 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | BOOTPROTO='dhcp' 17 | STARTMODE='auto' 18 | BRIDGE='yes' 19 | BRIDGE_PORTS='eth0' 20 | BRIDGE_STP='off' 21 | BRIDGE_FORWARDDELAY='15' 22 | MTU='1500' 23 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/kvm-trunked_phys_host.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | 17 | DEVICE={{ phys_host_trunked_if }} 18 | ONBOOT=yes 19 | HOTPLUG=no 20 | BOOTPROTO=none 21 | TYPE=Ethernet 22 | BRIDGE={{ kvm_guest_network_label }} 23 | NM_CONTROLLED=no 24 | -------------------------------------------------------------------------------- /Ansible/roles/xenserver/tasks/add_local_storage.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Check for existing local storage 3 | shell: 'xe sr-list name-label=\"Local Storage\" params=PBDs --minimal' 4 | register: localstoragepbd 5 | 6 | - name: Confirm local storage PBD found 7 | debug: msg="Local storage PBD found {{ localstoragepbd.stdout }}" 8 | 9 | - name: unplug existing storage 10 | shell: 'xe pbd-unplug uuid=`xe sr-list name-label="Local Storage" params=PBDs --minimal`' 11 | when: localstoragepbd.stdout != "" 12 | 13 | - name: forget existing local storage SR 14 | shell: 'xe sr-forget uuid=`xe sr-list name-label="Local Storage" --minimal`' 15 | when: localstoragepbd.stdout != "" 16 | 17 | - name: add local storage SR using new disk (/dev/sdb) 18 | shell: 'xe sr-create type=lvm name-label="Local Storage" content-type=user device-config:device=/dev/sdb' 19 | -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-manager/tasks/upgrade_mgmt.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Ensure VM is alive 4 | shell: "ping {{ ansible_ssh_host }} -c 1" 5 | register: pong 6 | until: pong.rc == 0 7 | retries: "{{ ssh_retries }}" 8 | 9 | - name: wait for ssh 10 | local_action: wait_for port=22 host="{{ ansible_ssh_host }}" timeout={{ ssh_retries }} connect_timeout=5 11 | 12 | - name: now i'm connected, get facts 13 | setup: 14 | tags: 15 | - "global_settings" 16 | - "rename_browser" 17 | tags: 18 | - extra_steps 19 | 20 | - include: upgrade_centos_mgmt.yaml 21 | when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' 22 | 23 | - include: upgrade_ubuntu_mgmt.yaml 24 | when: ansible_distribution == 'Ubuntu' 25 | 26 | - include: upgrade_debian_mgmt.yaml 27 | when: ansible_distribution == 'Debian' 28 | -------------------------------------------------------------------------------- /Ansible/roles/marvin/files/upload_to_es.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | ES_IP="elk.lab.lon" 5 | RESULTS_INDEX="test_results" 6 | ENV_TEST_DATA="./test_run.json" 7 | JSON_OUTPUT_DIR="/marvin/json_results" 8 | TESTRUN_INDEX="test_runs" 9 | metafile="$JSON_OUTPUT_DIR/additional_test_data.json" 10 | 11 | cd /marvin 12 | 13 | echo " -- Upload test results -- " 14 | for file in $JSON_OUTPUT_DIR/*.json; do 15 | if [[ "$(basename $file)" != "additional_test_data.json" ]] && [[ "$(basename $file)" != "env_cfg_file.json" ]]; then 16 | echo " Uploading $(basename $file)" 17 | curl -XPOST "$ES_IP:9200/$RESULTS_INDEX/external?pretty" -H 'Content-Type: application/json' -d @$file 18 | fi 19 | done 20 | 21 | 22 | echo " -- Upload test metadata" 23 | curl -XPOST "$ES_IP:9200/$TESTRUN_INDEX/external?pretty" -H 'Content-Type: application/json' -d @$metafile 24 | 25 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/kvm-eth_mgmt_phys_host.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | 17 | DEVICE={{ phys_host_mgmt_if }} 18 | ONBOOT=yes 19 | HOTPLUG=yes 20 | VLAN=yes 21 | BOOTPROTO=none 22 | TYPE=Ethernet 23 | BRIDGE={{ kvm_mgmt_network_label }} 24 | NM_CONTROLLED=no 25 | MTU=1500 -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/kvm-cloudbr0.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | 17 | DEVICE={{ kvm_mgmt_network_label }} 18 | TYPE=Bridge 19 | ONBOOT=yes 20 | BOOTPROTO=dhcp 21 | IPV6INIT=no 22 | IPV6_AUTOCONF=no 23 | STP=off 24 | PEERDNS=yes 25 | PEERROUTES=yes 26 | DEFROUTE=yes 27 | MTU=1500 28 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/kvm-eth1-basic-vlan.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | 17 | DEVICE=eth1.{{ hostvars['localhost']['env_guestnetvlan'] }} 18 | VLAN=yes 19 | ONBOOT=yes 20 | HOTPLUG=yes 21 | BOOTPROTO=none 22 | TYPE=Ethernet 23 | BRIDGE={{ kvm_guest_network_label }} 24 | NM_CONTROLLED=no 25 | -------------------------------------------------------------------------------- /Ansible/library/acs_mysql_update: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ARGS="(`cat $1`)" 4 | 5 | echo $ARGS > /tmp/args 6 | DBHOST=`echo $ARGS | tr " " "\n"| awk -F= '$1=="DBHOST"{print $2}'| tr -d '"' | sed -e 's/[[:space:]]*$//'` 7 | DBUSER=`echo $ARGS | tr " " "\n"| awk -F= '$1=="DBUSER"{print $2}'| tr -d '"' | sed -e 's/[[:space:]]*$//'` 8 | DBPASS=`echo $ARGS | tr " " "\n"| awk -F= '$1=="DBPASS"{print $2}'| tr -d '"' | sed -e 's/[[:space:]]*$//' | tr -d "'"` 9 | MYSQL_STATEMENT=`echo $ARGS | sed 's#.*MYSQL_STATEMENT=\(\)#\1#' | tr -d ')'| sed "s/'\"'\"'/'/g"| tr -d '"' | sed "s/^'//" | sed -e 's/[[:space:]]*$//' | sed s'/.$//'` 10 | echo $MYSQL_STATEMENT > /tmp/mysql 11 | mysql -h ${DBHOST} -u ${DBUSER} -p${DBPASS} -e \ "$MYSQL_STATEMENT" 12 | 13 | echo "mysql -h ${DBHOST} -u ${DBUSER} -p${DBPASS} -e \ \"$MYSQL_STATEMENT\"" > /tmp/theargs 14 | 15 | echo '{ 16 | "ansible_facts": { 17 | "reponse": "Attempted" 18 | } 19 | }' 20 | -------------------------------------------------------------------------------- /Ansible/roles/vsphere/tasks/add_local_storage.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: rescan HBAs (RAW for compatibility) 4 | raw: 'esxcli storage core adapter rescan --all' 5 | tags: 6 | - local_storage 7 | 8 | - name: Label and partition new disk 9 | raw: "DEVICE='/vmfs/devices/disks/mpx.vmhba1:C0:T1:L0';partedUtil mklabel ${DEVICE} msdos;SECTOR_DATA=$(partedUtil getptbl ${DEVICE} | tail -1);x=$(echo $SECTOR_DATA | awk '{print $1}');y=$(echo $SECTOR_DATA | awk '{print $2}');z=$(echo $SECTOR_DATA | awk '{print $3}');END_SECTOR=`expr $x \\* $y \\* $z - 1`;/sbin/partedUtil \"setptbl\" \"${DEVICE}\" \"gpt\" \"1 2048 ${END_SECTOR} AA31E02A400F11DB9590000C2911D1B8 0\"" 10 | tags: 11 | - local_storage 12 | 13 | - name: add New disk to as DataStore 14 | raw: "DEVICE='/vmfs/devices/disks/mpx.vmhba1:C0:T1:L0';/sbin/vmkfstools -C vmfs5 -b 1m -S $(hostname -s)-local-datastore ${DEVICE}:1" 15 | tags: 16 | - local_storage -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/configure_centos8_bridges.sh.j2: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | nmcli con add ifname {{ kvm_mgmt_network_label }} type bridge con-name {{ kvm_mgmt_network_label }} autoconnect yes 4 | nmcli con add type bridge-slave ifname eth0 master {{ kvm_mgmt_network_label }} autoconnect yes con-name br-eth0 5 | nmcli connection up {{ kvm_mgmt_network_label }} 6 | ETH0_NAME=`nmcli device show eth0 | grep 'GENERAL.CONNECTION' | awk -F ':' '{print $2}' | sed 's/^ *//'` 7 | nmcli connection delete '${ETH0_NAME}' 8 | ETH1_NAME=`nmcli device show eth1 | grep 'GENERAL.CONNECTION' | awk -F ':' '{print $2}' | sed 's/^ *//'` 9 | nmcli connection delete '${ETH1_NAME}' 10 | nmcli con add ifname {{ kvm_guest_network_label }} type bridge con-name {{ kvm_guest_network_label }} autoconnect yes ipv4.method disabled 11 | nmcli con add type bridge-slave ifname eth1 master {{ kvm_guest_network_label }} autoconnect yes con-name br-eth1 12 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/tasks/ubuntu_custom_kernel.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Download kernel DEB packages 4 | shell: /usr/bin/wget "{{ custom_kernel_repo }}"/custom-kernels/{{ item }} -P /tmp 5 | with_items: 6 | - linux-headers-5.9.0-050900_5.9.0-050900.202010112230_all.deb 7 | - linux-headers-5.9.0-050900-generic_5.9.0-050900.202010112230_amd64.deb 8 | - linux-image-unsigned-5.9.0-050900-generic_5.9.0-050900.202010112230_amd64.deb 9 | - linux-modules-5.9.0-050900-generic_5.9.0-050900.202010112230_amd64.deb 10 | 11 | - name: Install kernel DEB packages 12 | shell: /usr/bin/dpkg -i /tmp/linux-*.deb 13 | 14 | - name: Reboot KVM host to load new kernel 15 | shell: /sbin/reboot 16 | async: 0 17 | poll: 0 18 | ignore_errors: true 19 | 20 | - name: wait for ssh 21 | local_action: wait_for port=22 host="{{ ansible_ssh_host }}" timeout={{ ssh_retries }} connect_timeout=5 22 | when: (not use_phys_hosts) 23 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/kvm-ovs-eth.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | DEVICE={{ item.interface }} 16 | NAME={{ item.interface }} 17 | DEVICETYPE=ovs 18 | TYPE=OVSPort 19 | OVS_BRIDGE={{ item.bridge }} 20 | BOOTPROTO=none 21 | ONBOOT=yes 22 | NM_CONTROLLED=no 23 | HOTPLUG=no 24 | {% if item.interface == "eth0" %} 25 | MTU=1500 26 | {% endif %} 27 | -------------------------------------------------------------------------------- /Ansible/roles/hipchat_client/templates/hipchat.sh.j2: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Comments 4 | # - Customize for your installation, for instance you might want to add default parameters like the following: 5 | # - To gain access to the server, you must obtain an authorization token (40 characters) from HipChat. 6 | # - Obtain the token by going to HipChat 'Account Settings' then 'API access'. 7 | # - Use the token on the token parameter. An example of what it looks like is below. 8 | # - Avoid rate limiting problems with autoWait - see https://bobswift.atlassian.net/wiki/display/HCLI/Rate+Limiting 9 | # java -jar `dirname $0`/lib/hipchat-cli-5.4.0.jar --server http://my-server --autoWait --token X1Xt096Pb9wyEf3EOsKkhc91wJ4MYYP0FcRcDFrx "$@" 10 | 11 | java -jar /opt/atlassian-cli-{{ hipchat_cli_client_version }}/lib/hipchat-cli-{{ hipchat_cli_client_version }}.jar --server {{ hipchat_server }} --autoWait --token {{ hipchat_token }} "$@" 12 | -------------------------------------------------------------------------------- /Ansible/roles/hipchat_client/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: wait for VM to be alive 4 | shell: "ping {{ ansible_ssh_host }} -c 1" 5 | register: pong 6 | until: pong.rc == 0 7 | retries: "{{ ssh_retries }}" 8 | 9 | - name: Wait for SSH 10 | local_action: wait_for port=22 host="{{ ansible_ssh_host }}" timeout={{ ssh_retries }} connect_timeout=5 11 | 12 | - name: install java 13 | yum: name: java-1.8.0-openjdk.x86_64 state=present 14 | 15 | #- name: retrieve hipchat cli client dist 16 | # get_url: url="{{ marvin_cli_client_location }}" dest="/tmp/hipchapcli.zip" 17 | 18 | - name: unpack files 19 | unarchive: src="{{ marvin_cli_client_location }}" dest=/tmp/hipchatcli/ 20 | 21 | - name: configure client 22 | template: src="hipchat.sh.j2" dest="/tmp/hipchatcli/hipchat.sh" mode=0744 23 | 24 | - name: create symlink to improve compatibility 25 | file: path=/usr/bin/hipchat src="/tmp/hipchatcli/hipchat.sh" state=link 26 | 27 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/kvm-suse-cloudbr1.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016-2021 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | BOOTPROTO='none' 17 | STARTMODE='auto' 18 | BRIDGE='yes' 19 | {% if env_zonetype | lower == "advanced" %} 20 | BRIDGE_PORTS='eth1' 21 | {% else %} 22 | BRIDGE_PORTS='eth1.{{ hostvars['localhost']['env_guestnetvlan'] }}' 23 | {% endif %} 24 | BRIDGE_STP='off' 25 | BRIDGE_FORWARDDELAY='15' 26 | -------------------------------------------------------------------------------- /Ansible/roles/timezone/tasks/suse.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016-2021 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | - name: "set Timezone to {{ env_timezone }}" 18 | command: "timedatectl set-timezone {{ env_timezone }}" 19 | 20 | - name: Install chrony 21 | shell: zypper install -y chrony 22 | 23 | - name: Start chrony SUSE 24 | service: 25 | name: chronyd 26 | state: started 27 | enabled: yes 28 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/tasks/upgrade_centos_kvm.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: stop services 4 | service: 5 | name: cloudstack-agent 6 | state: stopped 7 | 8 | 9 | # set upgrade repo 'fact' 10 | - set_fact: 11 | baseurl_cloudstack: "{{ upgrade_baseurl_kvm }}" 12 | 13 | - name: decode version string 14 | cs_version_facts: 15 | versionstring: "{{ upgrade_cloudstack_ver }}" 16 | isupgrade: true 17 | register: cs_upgrade_data 18 | 19 | - debug: 20 | msg: "Installing {{upgrade_baseurl_kvm}}cloudstack-agent-{{ upgrade_cs_numeric_version }}" 21 | 22 | - name: update cloudstack repo 23 | template: 24 | src: "{{ inventory_dir }}/roles/cloudstack-manager/templates/cloudstack.repo.j2" 25 | dest: /etc/yum.repos.d/cloudstack.repo 26 | 27 | - name: upgrade cloudstack binaries 28 | yum: 29 | name: "cloudstack-agent-{{ upgrade_cs_numeric_version }}*" 30 | state: latest 31 | 32 | - name: start services 33 | service: 34 | name: cloudstack-agent 35 | state: started -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/kvm-cloudbr0_phys_host.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | 17 | DEVICE={{ kvm_mgmt_network_label }} 18 | TYPE=Bridge 19 | ONBOOT=yes 20 | BOOTPROTO=none 21 | IPV6INIT=no 22 | IPV6_AUTOCONF=no 23 | DELAY=5 24 | STP=off 25 | IPADDR={{ hostvars[inventory_hostname]['ansible_ssh_host'] }} 26 | PREFIX=16 27 | GATEWAY=10.2.254.254 28 | DNS1={{ env_zone_intdns1 }} 29 | DEFROUTE=yes 30 | MTU=1500 -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-nfsshares/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Add primary storage shares 3 | include: ./addshares.yml 4 | vars: 5 | nfs_rootpath: "{{ env_pripath }}" 6 | nfs_subfolders: "{{ env_pripools }}" 7 | when: ( storage_action == "addprimary" ) and ( "primary_storage_hosts" in group_names ) 8 | 9 | - name: Add secondary storage shares 10 | include: ./addshares.yml 11 | vars: 12 | nfs_rootpath: "{{ env_secpath }}" 13 | nfs_subfolders: "{{ env_secpools }}" 14 | when: ( storage_action == "addsecondary" ) and ( "secondary_storage_hosts" in group_names ) 15 | 16 | - name: Remove primary storage 17 | include: ./removeshares.yml 18 | vars: 19 | nfs_rootpath: "{{ env_pripath }}" 20 | when: ( storage_action == "removeprimary" ) and ( "primary_storage_hosts" in group_names ) 21 | 22 | - name: Remove secondary storage 23 | include: ./removeshares.yml 24 | vars: 25 | nfs_rootpath: "{{ env_secpath }}" 26 | when: ( storage_action == "removesecondary" ) and ( "secondary_storage_hosts" in group_names ) 27 | -------------------------------------------------------------------------------- /Ansible/templates/CentOS-Base.repo.j2: -------------------------------------------------------------------------------- 1 | # CentOS-Base.repo 2 | # 3 | # The mirror system uses the connecting IP address of the client and the 4 | # update status of each mirror to pick mirrors that are updated to and 5 | # geographically close to the client. You should use this for CentOS updates 6 | # unless you are manually picking other mirrors. 7 | # 8 | # If the mirrorlist= does not work for you, as a fall back you can try the 9 | # remarked out baseurl= line instead. 10 | # 11 | # 12 | 13 | [base] 14 | name=CentOS-$releasever - Base 15 | #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os 16 | baseurl={{ os_repo }}/centos/$releasever/os/$basearch/ 17 | gpgcheck=0 18 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-$releasever 19 | enabled = {{ base_repo_enabled | default(1) }} 20 | 21 | #released updates 22 | [updates] 23 | name=CentOS-$releasever - Updates 24 | #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates 25 | baseurl={{ os_repo }}/centos/$releasever/updates/$basearch/ 26 | gpgcheck=0 27 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-$releasever 28 | enabled = {{ update_repo_enabled | default(1) }} 29 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/tasks/centos_qemuimg.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | # Copyright (C) ShapeBlue Ltd - All Rights Reserved 17 | # Unauthorized copying of this file, via any medium is strictly prohibited 18 | # Proprietary and confidential 19 | # Released by ShapeBlue , April 2014 20 | 21 | 22 | - name: Copy CentOS6.4 qemu-img to /usr/bin/cloud-qemu-img 23 | copy: src=cloud-qemu-img dest=/usr/bin/ mode=0775 24 | when: 25 | - ansible_distribution == 'CentOS' 26 | - ansible_distribution_version | version_compare('6.4', '>=') 27 | - ansible_distribution_version | version_compare('7.0', '<') 28 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/elrepo.repo.j2: -------------------------------------------------------------------------------- 1 | #Copyright 2016 ShapeBlue 2 | # 3 | #Licensed under the Apache License, Version 2.0 (the "License"); 4 | #you may not use this file except in compliance with the License. 5 | #You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | #Unless required by applicable law or agreed to in writing, software 10 | #distributed under the License is distributed on an "AS IS" BASIS, 11 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | #See the License for the specific language governing permissions and 13 | #limitations under the License. 14 | 15 | [elrepo-kernel] 16 | name=ELRepo.org Community Enterprise Linux Kernel Repository 17 | baseurl=http://elrepo.org/linux/kernel/el$releasever/$basearch/ 18 | http://mirrors.coreix.net/elrepo/kernel/el$releasever/$basearch/ 19 | http://mirror.rackspace.com/elrepo/kernel/el$releasever/$basearch/ 20 | http://repos.lax-noc.com/elrepo/kernel/el$releasever/$basearch/ 21 | http://mirror.ventraip.net.au/elrepo/kernel/el$releasever/$basearch/ 22 | mirrorlist=http://mirrors.elrepo.org/mirrors-elrepo-kernel.el$releasever 23 | enabled=0 24 | gpgcheck=0 25 | protect=0 -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-config/tasks/ssljetty.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Copy SSL keystore to management host 3 | copy: 4 | src: "{{ ssl_keystore }}" 5 | dest: "/etc/cloudstack/management/keystore.pkcs12" 6 | mode: 0755 7 | 8 | - name: Configure SSL for Jetty 9 | lineinfile: 10 | dest="/etc/cloudstack/management/server.properties" 11 | regexp="{{ item.regexpression }}" 12 | line="{{ item.newline }}" 13 | with_items: 14 | - { regexpression: "^https.enable=.*$", newline: "https.enable=true" } 15 | - { regexpression: "^https.keystore=.*$", newline: "https.keystore=/etc/cloudstack/management/keystore.pkcs12" } 16 | - { regexpression: "^https.keystore.password=.*$", newline: "https.keystore.password={{ ssl_keystore_password }}" } 17 | - { regexpression: "^https.port=.*$", newline: "https.port={{ ssl_port }}" } 18 | 19 | - name: restart mgmt service 20 | service: name=cloudstack-management state=restarted 21 | ignore_errors: true 22 | 23 | - name: "wait for ACS Management Service to come up" 24 | shell: "curl http://127.0.0.1:8080/client/api --connect-timeout 5" 25 | register: result 26 | until: result.stdout.find("unable to verify user") != -1 27 | retries: 36 28 | tags: 29 | - buildzone 30 | -------------------------------------------------------------------------------- /Ansible/roles/cloudmonkey/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | 18 | - include: ./centos.yml 19 | when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( ansible_distribution_major_version|int < 8 ) 20 | 21 | - include: ./centos8.yml 22 | when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( ansible_distribution_major_version|int >= 8 ) 23 | 24 | - include: ./ubuntu.yml 25 | when: ansible_distribution == 'Ubuntu' 26 | 27 | - include: ./ubuntu.yml 28 | when: ansible_distribution == 'Debian' 29 | 30 | - include: ./suse.yml 31 | when: ansible_distribution == 'SUSE' 32 | -------------------------------------------------------------------------------- /Ansible/roles/marvin/tasks/fix_tests.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: remove compiled code/tests 4 | command: rm -f "{{ item }}"/*.pyc 5 | with_items: 6 | - "/marvin/tests/smoke" 7 | - "/marvin/tests/component" 8 | - "/usr/lib/python2.7/site-packages/marvin/lib" 9 | - "/usr/local/lib/python3.6/site-packages/marvin/lib" 10 | tags: 11 | - marvin 12 | - marvin_cfg 13 | - marvin_fix_tests 14 | 15 | - name: copy locally fixed tests 16 | copy: 17 | src: "{{ item }}" 18 | dest: /usr/lib/python2.7/site-packages/marvin/lib/ 19 | mode: 0755 20 | with_fileglob: 21 | - ../files/marvin_lib/* 22 | tags: 23 | - marvin 24 | - marvin_cfg 25 | - marvin_fix_tests 26 | 27 | - name: copy locally fixed tests to python3 marvin 28 | copy: 29 | src: "{{ item }}" 30 | dest: /usr/local/lib/python3.6/site-packages/marvin/lib/ 31 | mode: 0755 32 | with_fileglob: 33 | - ../files/marvin_lib/* 34 | tags: 35 | - marvin 36 | - marvin_cfg 37 | - marvin_fix_tests 38 | 39 | - name: Copy files to /marvin/tests/smoke/ 40 | copy: 41 | src: "{{ item }}" 42 | dest: /marvin/tests/smoke/ 43 | mode: 0755 44 | with_fileglob: 45 | - ../files/smoke/*.py 46 | tags: 47 | - marvin 48 | - marvin_cfg 49 | - marvin_fix_tests 50 | -------------------------------------------------------------------------------- /Ansible/library/os_facts: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | OS_DIST="NotFound" 4 | OS_VER="NotFound" 5 | if [ -e "/etc/redhat-release" ]; then 6 | OS_DIST="CentOS" 7 | if [ "`cat /etc/*-release | grep 'VERSION_ID='`" == "" ]; then 8 | OS_VER=`cat /etc/*-release | grep -i 'centos' | awk -F ' ' '{print $3}' | sed 's/\"//g' | head -1` 9 | else 10 | OS_VER=`cat /etc/*-release | grep 'VERSION_ID=' | awk -F '=' '{print $2}' | sed 's/\"//g'` 11 | fi 12 | else 13 | if [ "`cat /etc/os-release | grep 'ID=debian'`" ] ; then 14 | OS_DIST="Debian" 15 | OS_VER=`cat /etc/os-release | grep 'VERSION_ID=' | awk -F '=' '{print $2}' | sed 's/\"//g'` 16 | else 17 | OS_DIST="Ubuntu" 18 | OS_VER=`cat /etc/*-release | grep 'DISTRIB_RELEASE=' | awk -F '=' '{print $2}' | sed 's/\"//g'` 19 | fi 20 | fi 21 | OS_VER_MAJOR=`echo $OS_VER | awk -F '.' '{print $1}'` 22 | 23 | ETH0_MAC="`cat /sys/class/net/eth0/address`" 24 | 25 | cat << EOF 26 | { 27 | "ansible_facts": { 28 | "ansible_distribution": "${OS_DIST}", 29 | "ansible_distribution_version": "${OS_VER}", 30 | "ansible_distribution_major_version": "${OS_VER_MAJOR}", 31 | "ansible_eth0": { "macaddress": "${ETH0_MAC}"}, 32 | "env_return": "success", 33 | "env_retmsg": "Data successfully returned." 34 | } 35 | } 36 | EOF 37 | 38 | exit 39 | -------------------------------------------------------------------------------- /Ansible/roles/timezone/tasks/ubuntu.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | 4 | - name: remove old link 5 | file: path=/etc/localtime state=absent 6 | 7 | - name: set new timezone 8 | file: src="/usr/share/zoneinfo/{{ env_timezone }}" dest=/etc/localtime state=link 9 | 10 | - name: update /etc/timezone 11 | shell: "DEBIAN_FRONTEND=noninteractive dpkg-reconfigure tzdata" 12 | 13 | - name: Stop service unattended-upgrades 14 | shell: systemctl stop unattended-upgrades 15 | ignore_errors: yes 16 | 17 | - name: Remove package unattended-upgrades 18 | apt: 19 | pkg: "{{ item }}" 20 | state: absent 21 | force: true 22 | with_items: 23 | - unattended-upgrades 24 | ignore_errors: yes 25 | 26 | - name: Use nl.archive.ubuntu.com instead of bg.archive.ubuntu.com (ubuntu 22) 27 | shell: "sed -i 's/bg.archive.ubuntu.com/nl.archive.ubuntu.com/g' /etc/apt/sources.list" 28 | ignore_errors: yes 29 | 30 | - name: Use nl.archive.ubuntu.com instead of bg.archive.ubuntu.com (ubuntu 24) 31 | shell: "sed -i 's/bg.archive.ubuntu.com/nl.archive.ubuntu.com/g' /etc/apt/sources.list.d/ubuntu.sources" 32 | ignore_errors: yes 33 | 34 | - name: Install chrony 35 | apt: 36 | pkg: chrony 37 | state: latest 38 | update_cache: yes 39 | 40 | - name: Start chrony 41 | systemd: 42 | name: chrony 43 | state: started 44 | enabled: yes 45 | -------------------------------------------------------------------------------- /Ansible/tasks/set_centos_repos.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Cleanup centos repo files 4 | file: 5 | path: "{{ item }}" 6 | state: absent 7 | with_items: 8 | - /etc/yum.repos.d/epel.repo 9 | - /etc/yum.repos.d/CentOS-Base.repo 10 | 11 | - name: Add epel repo 12 | yum_repository: 13 | name: epel 14 | description: Extra Packages for Enterprise Linux - $basearch 15 | file: epel 16 | baseurl: "{{ os_repo }}/epel/$releasever/$basearch" 17 | failovermethod: priority 18 | gpgcheck: no 19 | enabled: true 20 | gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever 21 | 22 | - name: Add CentOS-Base repo 23 | yum_repository: 24 | name: base 25 | description: CentOS-$releasever - Base 26 | file: CentOS-Base 27 | baseurl: "{{ os_repo }}/centos/$releasever/os/$basearch/" 28 | gpgcheck: no 29 | enabled: "{{ update_repo_enabled | default(1) }}" 30 | gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-$releasever 31 | 32 | - name: Add CentOS-Base repo for updates 33 | yum_repository: 34 | name: updates 35 | description: CentOS-$releasever - Updates 36 | file: CentOS-Base 37 | baseurl: "{{ os_repo }}/centos/$releasever/updates/$basearch/" 38 | gpgcheck: no 39 | enabled: "{{ update_repo_enabled | default(1) }}" 40 | gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-$releasever 41 | 42 | -------------------------------------------------------------------------------- /Ansible/roles/timezone/tasks/el9.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | - name: "set Timezone to {{ env_timezone }}" 18 | command: "timedatectl set-timezone {{ env_timezone }}" 19 | 20 | - name: Find repo files on remote 21 | find: 22 | paths: 23 | - /etc/yum.repos.d 24 | patterns: "*.repo" 25 | file_type: file 26 | register: repo_files 27 | failed_when: false 28 | become: true 29 | 30 | - name: Remove $rltype from mirrorlist entries 31 | replace: 32 | path: "{{ item.path }}" 33 | regexp: '\$rltype' 34 | replace: '' 35 | backup: yes 36 | with_items: "{{ repo_files.files | default([]) }}" 37 | when: (repo_files.matched | default(0)) > 0 38 | become: true 39 | 40 | - name: Install chrony 41 | dnf: 42 | name: chrony 43 | state: present 44 | 45 | - name: Start chrony CentOS 46 | shell: systemctl start chronyd 47 | -------------------------------------------------------------------------------- /Ansible/roles/vsphere/files/esxi-dvs-mgmt.ps1: -------------------------------------------------------------------------------- 1 | param( 2 | [String] $vchost, 3 | [String] $vcuser, 4 | [String] $vcpass, 5 | [String] $esxihosts, 6 | [String] $dvswitchname 7 | ) 8 | 9 | # Stop spam 10 | Set-PowerCLIConfiguration -Scope User -ParticipateInCEIP $false 11 | 12 | # Ignore certs 13 | Set-PowerCLIConfiguration -InvalidCertificateAction ignore -confirm:$false 14 | 15 | # VC connectivity 16 | Write-Host "Connecting to VC host " $vchost 17 | Connect-VIServer -Server $vchost -User $vcuser -Pass $vcpass 18 | 19 | # Array of esxi hosts 20 | $esxihostarray = $esxihosts -split ',' 21 | foreach ($esxihost in $esxihostarray) { 22 | $dvswitch = Get-VDSwitch $dvswitchname 23 | 24 | # Add ESXi host to dvSwitch 25 | Write-Host "Adding" $esxihost "to" $dvswitchname 26 | Add-VDSwitchVMHost -VMHost $esxihost -VDSwitch $dvswitch 27 | $management_vmkernel = Get-VMHostNetworkAdapter -VMHost $esxihost -Name "vmk0" 28 | $management_vmkernel_portgroup = Get-VDPortgroup -name "Management Network" -VDSwitch $dvswitchname 29 | 30 | # Migration esxi host networking to dvSwitch 31 | Write-Host "Adding vmnic0 to" $dvswitchname 32 | $esxihostnic = Get-VMHost $esxihost | Get-VMHostNetworkAdapter -Physical -Name vmnic0 33 | Add-VDSwitchPhysicalNetworkAdapter -VMHostPhysicalNic $esxihostnic -DistributedSwitch $dvswitch -VMHostVirtualNic $management_vmkernel -VirtualNicPortgroup $management_vmkernel_portgroup -Confirm:$false 34 | } 35 | Disconnect-VIServer -Server $global:DefaultVIServers -Force -Confirm:$false 36 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/interfaces.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | auto lo 17 | iface lo inet loopback 18 | 19 | # The primary network interface 20 | auto eth0 21 | iface eth0 inet manual 22 | mtu 1500 23 | auto eth1 24 | {% if env_zonetype | lower == "advanced" %} 25 | iface eth1 inet manual 26 | {% else %} 27 | iface eth1.{{ hostvars['localhost']['env_guestnetvlan'] }} inet manual 28 | {% endif %} 29 | 30 | # Private network 31 | auto cloudbr0 32 | iface cloudbr0 inet dhcp 33 | bridge_ports eth0 34 | bridge_fd 5 35 | bridge_stp off 36 | bridge_maxwait 1 37 | mtu 1500 38 | 39 | # Public network 40 | auto cloudbr1 41 | iface cloudbr1 inet manual 42 | {% if env_zonetype | lower == "advanced" %} 43 | bridge_ports eth1 44 | {% else %} 45 | bridge_ports eth1.{{ hostvars['localhost']['env_guestnetvlan'] }} 46 | {% endif %} 47 | bridge_fd 5 48 | bridge_stp off 49 | bridge_maxwait 1 50 | 51 | -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-manager/tasks/wait-for-environment.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - debug: msg="Mgmt UI on {{ inventory_hostname['ansible_ssh_host'] }}{{":"}}8080/client " 4 | 5 | - name: test for API on 8080 6 | shell: "curl http://127.0.0.1:8080/client/api --connect-timeout 5" 7 | register: result 8 | until: result.stdout.find("unable to verify user") != -1 9 | retries: 25 10 | tags: 11 | - waitforenv 12 | 13 | - name: get wait for state of system VMs to be Running 14 | shell: cloudmonkey list systemvms | jq '.systemvm[]| select(.systemvmtype=="consoleproxy")|.state' 15 | register: result 16 | until: result.stdout.find("Running") != -1 17 | retries: 200 18 | tags: 19 | - waitforenv 20 | 21 | - name: get wait for state of system VMs to be Running 22 | shell: cloudmonkey list systemvms | jq '.systemvm[]| select(.systemvmtype=="secondarystoragevm")|.state' 23 | register: result 24 | until: result.stdout.find("Running") != -1 25 | retries: 200 26 | tags: 27 | - waitforenv 28 | 29 | - name: get wait for state of system VMs to be Up 30 | shell: cloudmonkey list hosts type=ConsoleProxy | jq '.host[] | .state' 31 | register: result 32 | until: result.stdout.find("Up") != -1 33 | retries: 200 34 | tags: 35 | - waitforenv 36 | 37 | - name: get wait for state of system VMs to be Up 38 | shell: cloudmonkey list hosts type=SecondaryStorageVM | jq '.host[] | .state' 39 | register: result 40 | until: result.stdout.find("Up") != -1 41 | retries: 200 42 | tags: 43 | - waitforenv 44 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/tasks/kvm_networking_bridge_suse.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016-2021 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | - name: Configure eth0 18 | template: src=kvm-suse-eth0.j2 dest=/etc/sysconfig/network/ifcfg-eth0 19 | 20 | - name: Configure bridge 1 21 | template: src=kvm-suse-cloudbr0.j2 dest="/etc/sysconfig/network/ifcfg-{{ kvm_mgmt_network_label }}" 22 | 23 | - name: Configure eth1 24 | template: src=kvm-suse-eth1.j2 dest=/etc/sysconfig/network/ifcfg-eth1 25 | 26 | - name: Configure eth1.vlan (Basic Networking) 27 | template: src=kvm-suse-eth1-basic-vlan.j2 dest=/etc/sysconfig/network/ifcfg-eth1.{{ hostvars['localhost']['env_guestnetvlan'] }} 28 | when: ("{{ env_zonetype | lower }}" == "basic") 29 | 30 | - name: Configure bridge 2 31 | template: src=kvm-suse-cloudbr1.j2 dest="/etc/sysconfig/network/ifcfg-{{ kvm_guest_network_label }}" 32 | 33 | - name: restart networking 34 | service: name=network state=restarted 35 | ignore_errors: true 36 | -------------------------------------------------------------------------------- /Ansible/roles/cloudmonkey/tasks/suse.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016-2021 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | - name: install jq 18 | shell: "zypper install -y jq" 19 | 20 | - name: ensure cm config is removed 21 | file: path=/root/.cloudmonkey/config state=absent 22 | 23 | - name: copy CloudMonkey to host 24 | get_url: 25 | url: "{{ def_linux_cm_url }}" 26 | dest: /usr/bin/cmk 27 | mode: 0755 28 | timeout: 30 29 | 30 | - name: link cmk to cloudmonkey 31 | file: 32 | src: /usr/bin/cmk 33 | dest: /usr/bin/cloudmonkey 34 | state: link 35 | 36 | - name: create .cmk directory 37 | file: 38 | path: /root/.cmk 39 | state: directory 40 | mode: 0755 41 | 42 | - name: base configuration 43 | shell: "cmk set prompt 'cmk-SB>' ; cmk set log_file /var/log/cloud-cli.log ; cmk set apikey {{ cm_apikey }} ; cmk set secretkey {{ cm_secretkey }} ; cmk set url http://{{ hostvars[groups['primary_cs_manager'][0]]['ansible_ssh_host'] }}:8080/client/api ; cmk sync" 44 | ignore_errors: true 45 | -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-nfsshares/tasks/removeshares.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Report action 3 | debug: msg="Storage action {{storage_action}}, folder {{ nfs_rootpath }}{{ env_name_clean }}." 4 | 5 | - name: Check if environments folder exists 6 | stat: path="{{ nfs_rootpath }}{{ env_name_clean }}" 7 | register: pathretval 8 | 9 | - name: Report environment path found 10 | debug: msg="Storage path {{ nfs_rootpath }}{{ env_name_clean }} found{{":"}} {{ pathretval.stat.exists }}" 11 | 12 | - name: Check if fingerprint file exists 13 | stat: path="{{ nfs_rootpath }}{{ env_name_clean }}/{{ env_uuid }}" 14 | register: fprintretval 15 | 16 | - name: Report fingerprint file 17 | debug: msg="Fingerprint file {{ nfs_rootpath }}{{ env_name_clean }}/{{ env_uuid }} found{{":"}} {{ fprintretval.stat.exists }}" 18 | 19 | - name: Fail if folder exists but is not owned by this environment 20 | debug: msg="Folder {{ nfs_rootpath }}{{ env_name_clean }} exists but is owned by a different environment." 21 | when: ( pathretval.stat.exists | trim == "True" ) and ( fprintretval.stat.exists | trim =="False" ) 22 | 23 | - block: 24 | 25 | - name: Delete fingerprint file 26 | file: path={{ nfs_rootpath }}{{ env_name_clean }}/{{ env_uuid }} state=absent 27 | 28 | - name: Delete environments folder 29 | file: state=absent path={{ nfs_rootpath }}{{ env_name_clean }} 30 | 31 | - name: Report deleted folder 32 | debug: msg="Folder {{ nfs_rootpath }}{{ env_name_clean }} removed." 33 | 34 | when: ( pathretval.stat.exists | trim == "True" ) and ( fprintretval.stat.exists | trim =="True" ) 35 | -------------------------------------------------------------------------------- /Ansible/tasks/updateproject.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | # Create project if not present, update tags if present 18 | - name: Update project 19 | local_action: 20 | module: cs_project 21 | name: "{{ build_project }}" 22 | display_text: "{{ env_comment }}" 23 | state: present 24 | api_timeout: 120 25 | tags: 26 | - { key: env_name, value: "{{ env_name_clean }}" } 27 | - { key: env_uuid, value: "{{ env_uuid }}" } 28 | - { key: env_user, value: "{{ env_user }}" } 29 | - { key: state, value: "{{ project_tag }}" } 30 | - { key: created, value: "{{ env_builddate }}" } 31 | - { key: comment, value: "{{ env_comment | regex_replace(' ', '_') }}" } 32 | - { key: updated, value: "{{lookup('pipe','date +%d/%m/%y_%H:%M')}}" } 33 | - { key: sensitive_data, value: "{{lookup('pipe', 'echo ${SENSITIVE_DATA:-false}')}}" } 34 | - { key: long_running, value: "{{lookup('pipe', 'echo ${LONG_RUNNING:-false}')}}" } 35 | ignore_errors: true 36 | -------------------------------------------------------------------------------- /Ansible/library/get_downloaded_hotfix_facts: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | list_downloaded_hotfixes=`ls /var/www/html/xenserver_hotfixes/ | grep xsupdate` 18 | 19 | # ---------- Create JSON ------------------------ 20 | 21 | # output opening section of JSON output 22 | echo '{ 23 | "ansible_facts": { 24 | "ansible_downloaded_xenserver_hotfixes": {' 25 | 26 | if [ -n "$list_downloaded_hotfixes" ]; then 27 | # split comma separated list into an array 28 | downloaded_hotfixes=${list_downloaded_hotfixes// /$'\n'} 29 | 30 | # loop through uploaded patches and output to a temp file 31 | for hotfix in $downloaded_hotfixes 32 | do 33 | if [[ -n $list_downloaded_hotfixes ]]; then 34 | echo " \"$hotfix\": \"installed\"," >> /tmp/ansi_answ_file 35 | fi 36 | done 37 | 38 | # remove training comma on last entry in file (then output contents) 39 | sed '$s/.$//' /tmp/ansi_answ_file 40 | 41 | # remove file 42 | rm -f /tmp/ansi_answ_file 43 | 44 | fi 45 | echo " } 46 | 47 | } 48 | }" 49 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/kvm-suse-ovs-bridges.j2: -------------------------------------------------------------------------------- 1 | #Copyright 2016-2021 ShapeBlue 2 | # 3 | #Licensed under the Apache License, Version 2.0 (the "License"); 4 | #you may not use this file except in compliance with the License. 5 | #You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | #Unless required by applicable law or agreed to in writing, software 10 | #distributed under the License is distributed on an "AS IS" BASIS, 11 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | #See the License for the specific language governing permissions and 13 | #limitations under the License. 14 | # 15 | # Note: during testing of OVS version 2.9.2 on CentOS7 it was found that bridges 16 | # can not simply request DHCP address based on the uplink NIC MAC address. 17 | # Forcing the bridge to use the MAC of uplink NIC caused DHCP leases on both 18 | # interfaces - bridge and uplink. As a result the correct OVS configuration 19 | # is included but commented out below for future use, whilst the configuration 20 | # used uses static IP address based on the DHCP lease at Trillian build time. 21 | # 22 | # 23 | 24 | BOOTPROTO='{{ item.bootproto }}' 25 | STARTMODE='auto' 26 | OVS_BRIDGE='yes' 27 | {% if item.port is defined %} 28 | OVS_BRIDGE_PORT_DEVICE='{{ item.port }}' 29 | {% endif %} 30 | {% if item.bootproto == "static" %} 31 | {% if item.bridge == "cloud0" %} 32 | IPADDR=169.254.0.1 33 | NETMASK=255.255.0.0 34 | {% else %} 35 | IPADDR={{ ansible_eth0.ipv4.address }} 36 | NETMASK={{ ansible_eth0.ipv4.netmask }} 37 | {% endif %} 38 | {% endif %} 39 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/tasks/suse-acs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016-2021 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | # Copyright (C) ShapeBlue Ltd - All Rights Reserved 17 | # Unauthorized copying of this file, via any medium is strictly prohibited 18 | # Proprietary and confidential 19 | # Released by ShapeBlue , April 2014 20 | 21 | - name: Ensure the Apache Cloudstack Repo file is configured 22 | template: src=cloudstack.repo.j2 dest=/etc/zypp/repos.d/cloudstack.repo 23 | tags: 24 | - kvm 25 | - kvm-agent 26 | 27 | - name: Ensure CloudStack packages are installed 28 | shell: "zypper install -y {{ cloudstack_agent_package }}* {{ cloudstack_common_package }}*" 29 | tags: 30 | - kvm 31 | - kvm-agent 32 | 33 | - name: Configure agent.properties for OVS 34 | lineinfile: 35 | path: /etc/cloudstack/agent/agent.properties 36 | line: "{{ item }}" 37 | with_items: 38 | - "network.bridge.type=openvswitch" 39 | - "libvirt.vif.driver=com.cloud.hypervisor.kvm.resource.OvsVifDriver" 40 | when: kvm_network_mode == "ovs" 41 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/interfaces-ovs.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | # The loopback network interface 17 | auto lo 18 | iface lo inet loopback 19 | 20 | # The primary network interface 21 | iface eth0 inet manual 22 | iface eth1 inet manual 23 | 24 | auto {{ kvm_mgmt_network_label }} 25 | allow-ovs {{ kvm_mgmt_network_label }} 26 | iface {{ kvm_mgmt_network_label }} inet static 27 | address {{ ansible_eth0.ipv4.address }} 28 | netmask {{ ansible_eth0.ipv4.netmask }} 29 | gateway {{ ansible_default_ipv4.gateway }} 30 | ovs_type OVSBridge 31 | ovs_ports eth0 32 | 33 | allow-{{ kvm_mgmt_network_label }} eth0 34 | iface eth0 inet manual 35 | ovs_bridge {{ kvm_mgmt_network_label }} 36 | ovs_type OVSPort 37 | 38 | auto {{ kvm_guest_network_label }} 39 | allow-ovs {{ kvm_guest_network_label }} 40 | iface {{ kvm_guest_network_label }} inet manual 41 | ovs_type OVSBridge 42 | ovs_ports eth1 43 | 44 | allow-{{ kvm_guest_network_label }} eth1 45 | iface eth1 inet manual 46 | ovs_bridge {{ kvm_guest_network_label }} 47 | ovs_type OVSPort 48 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/tasks/centos-ccp.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | # Copyright (C) ShapeBlue Ltd - All Rights Reserved 17 | # Unauthorized copying of this file, via any medium is strictly prohibited 18 | # Proprietary and confidential 19 | # Released by ShapeBlue , April 2014 20 | 21 | 22 | - name: download installer 23 | get_url: url="{{ sb_repo }}/ccp/{{ccp_install_tarball}}.tar.gz" dest="/tmp/{{ ccp_install_tarball }}.tar.gz" 24 | 25 | - name: extract tarball 26 | unarchive: src="/tmp/{{ ccp_install_tarball }}.tar.gz" dest=/tmp copy=no 27 | 28 | - name: run installer -- THIS IS VERY FRAGILE 29 | shell: "cd /tmp/{{ ccp_install_tarball }} && ./install.sh -a" 30 | 31 | - name: Configure agent.properties for OVS 32 | lineinfile: 33 | path: /etc/cloudstack/agent/agent.properties 34 | line: "{{ item }}" 35 | with_items: 36 | - "network.bridge.type=openvswitch" 37 | - "libvirt.vif.driver=com.cloud.hypervisor.kvm.resource.OvsVifDriver" 38 | when: kvm_network_mode == "ovs" 39 | 40 | - include: ./centos_qemuimg.yml 41 | -------------------------------------------------------------------------------- /Ansible/roles/xenserver/tasks/main.yml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | 4 | #Copyright 2016 ShapeBlue 5 | # 6 | #Licensed under the Apache License, Version 2.0 (the "License"); 7 | #you may not use this file except in compliance with the License. 8 | #You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | #Unless required by applicable law or agreed to in writing, software 13 | #distributed under the License is distributed on an "AS IS" BASIS, 14 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | #See the License for the specific language governing permissions and 16 | #limitations under the License. 17 | 18 | - name: wait for VM to be alive 19 | shell: "ping {{ ansible_ssh_host }} -c 1" 20 | register: pong 21 | until: pong.rc == 0 22 | retries: "{{ ssh_retries }}" 23 | delay: 1 24 | ignore_errors: yes 25 | 26 | - name: Wait for SSH 27 | local_action: wait_for port=22 host="{{ ansible_ssh_host }}" timeout={{ ssh_retries }} connect_timeout=5 28 | ignore_errors: yes 29 | 30 | - name: Wait for XenServer completion 31 | wait_for: path=/tmp/state-built 32 | retries: "{{ ssh_retries }}" 33 | when: not use_external_hv_hosts 34 | ignore_errors: yes 35 | 36 | - name: Apply license to XenServer 37 | shell: "xe host-apply-edition edition={{ xs_license_edition }} license-server-address={{ xs_license_server }} host-uuid=`xe host-list --minimal` license-server-port={{ xs_license_server_port }}" 38 | when: xs_apply_license and ( xs_ver == "xs73" or xs_ver == "xs74" ) 39 | 40 | 41 | - include: ./xsbasic.yml 42 | when: env_zonetype | lower == "basic" 43 | 44 | - include: ./xsadvanced.yml 45 | when: env_zonetype | lower == "advanced" 46 | -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-manager/tasks/el9-acs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | - name: Ensure python pre-req mysql repo is installed for el9 18 | dnf: 19 | name: http://repo.mysql.com/mysql80-community-release-el9.rpm 20 | state: present 21 | 22 | - name: "Setup Apache Cloudstack Repo file. baseurl={{ baseurl_cloudstack }} " 23 | template: src=cloudstack.repo.j2 dest=/etc/yum.repos.d/cloudstack.repo 24 | 25 | - name: Ensure CloudStack packages are installed 26 | dnf: 27 | name: 28 | - "{{ cloudstack_management_package }}*" 29 | - "{{ cloudstack_common_package }}*" 30 | - tzdata-java 31 | state: present 32 | enablerepo: base 33 | 34 | - name: Ensure vhd-util is present 35 | get_url: url="{{ vhdutil_url }}" dest=/usr/share/cloudstack-common/scripts/vm/hypervisor/xenserver/vhd-util mode=0755 36 | 37 | - name: Ensure CloudStack Usage Service is installed 38 | dnf: name="{{ cloudstack_usage_package }}*" state=present 39 | 40 | - include: ./setupdb.yml 41 | 42 | - name: Start cloudstack-usage service 43 | shell: systemctl enable cloudstack-usage && systemctl start cloudstack-usage 44 | 45 | -------------------------------------------------------------------------------- /Ansible/roles/cloudmonkey/tasks/centos8.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | 18 | - name: Ensure selinux python bindings are installed (Ansible requirement) 19 | dnf: 20 | name: python3-libselinux 21 | state: present 22 | tags: services 23 | 24 | - name: install jq 25 | dnf: 26 | name: jq 27 | state: latest 28 | 29 | - name: ensure cm config is removed 30 | file: path=/root/.cloudmonkey/config state=absent 31 | 32 | - name: copy CloudMonkey to host 33 | get_url: 34 | url: "{{ def_linux_cm_url }}" 35 | dest: /usr/bin/cmk 36 | mode: 0755 37 | timeout: 30 38 | 39 | - name: link cmk to cloudmonkey 40 | file: 41 | src: /usr/bin/cmk 42 | dest: /usr/bin/cloudmonkey 43 | state: link 44 | 45 | - name: create .cmk directory 46 | file: 47 | path: /root/.cmk 48 | state: directory 49 | mode: 0755 50 | 51 | - name: base configuration 52 | shell: "cmk set prompt 'cmk-SB>' ; cmk set log_file /var/log/cloud-cli.log ; cmk set apikey {{ cm_apikey }} ; cmk set secretkey {{ cm_secretkey }} ; cmk set url http://{{ hostvars[groups['primary_cs_manager'][0]]['ansible_ssh_host'] }}:8080/client/api ; cmk sync" 53 | ignore_errors: true -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/yum.conf.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | 17 | [main] 18 | cachedir=/var/cache/yum/$basearch/$releasever 19 | keepcache=0 20 | debuglevel=2 21 | logfile=/var/log/yum.log 22 | exactarch=1 23 | obsoletes=1 24 | gpgcheck=1 25 | plugins=1 26 | installonly_limit=5 27 | bugtracker_url=http://bugs.centos.org/set_project.php?project_id=16&ref=http://bugs.centos.org/bug_report_page.php?category=yum 28 | distroverpkg=centos-release 29 | proxy=http://{{ deployment_server_ip }}:{{ squid_port }} 30 | 31 | # This is the default, if you make this bigger yum won't see if the metadata 32 | # is newer on the remote and so you'll "gain" the bandwidth of not having to 33 | # download the new metadata and "pay" for it by yum not having correct 34 | # information. 35 | # It is esp. important, to have correct metadata, for distributions like 36 | # Fedora which don't keep old packages around. If you don't like this checking 37 | # interupting your command line usage, it's much better to have something 38 | # manually check the metadata once an hour (yum-updatesd will do this). 39 | # metadata_expire=90m 40 | 41 | # PUT YOUR REPOS HERE OR IN separate files named file.repo 42 | # in /etc/yum.repos.d 43 | -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-manager/tasks/centos8-acs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | - name: Ensure python pre-req mysql repo is installed 18 | dnf: 19 | name: http://repo.mysql.com/mysql80-community-release-el8.rpm 20 | state: present 21 | 22 | - name: "Setup Apache Cloudstack Repo file. baseurl={{ baseurl_cloudstack }} " 23 | template: src=cloudstack.repo.j2 dest=/etc/yum.repos.d/cloudstack.repo 24 | 25 | - name: Ensure CloudStack packages are installed 26 | dnf: 27 | name: 28 | - "{{ cloudstack_management_package }}*" 29 | - "{{ cloudstack_common_package }}*" 30 | - tzdata-java 31 | state: present 32 | enablerepo: base 33 | 34 | - name: Ensure MySQL Client is present 35 | dnf: 36 | name: mysql 37 | state: present 38 | 39 | - name: Ensure vhd-util is present 40 | get_url: url="{{ vhdutil_url }}" dest=/usr/share/cloudstack-common/scripts/vm/hypervisor/xenserver/vhd-util mode=0755 41 | 42 | - name: Ensure CloudStack Usage Service is installed 43 | dnf: name="{{ cloudstack_usage_package }}*" state=present 44 | 45 | - include: ./setupdb.yml 46 | 47 | - name: Start cloudstack-usage service 48 | service: name=cloudstack-usage state=started enabled=yes 49 | 50 | -------------------------------------------------------------------------------- /Ansible/roles/cloudmonkey/tasks/ubuntu.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | - name: update apt-get 18 | command: apt-get update 19 | 20 | - name: install setup tools and jq 21 | apt: pkg={{ item }} state=present 22 | with_items: 23 | - jq 24 | 25 | - name: ensure cm config is removed 26 | file: path=/root/.cloudmonkey/config state=absent 27 | 28 | - name: copy CloudMonkey to host 29 | get_url: 30 | url: "{{ def_linux_cm_url }}" 31 | dest: /usr/bin/cmk 32 | mode: 0755 33 | timeout: 30 34 | 35 | - name: link cmk to cloudmonkey 36 | file: 37 | src: /usr/bin/cmk 38 | dest: /usr/bin/cloudmonkey 39 | state: link 40 | 41 | - name: create .cmk directory 42 | file: 43 | path: /root/.cmk 44 | state: directory 45 | mode: 0755 46 | 47 | - name: base configuration 48 | shell: "cloudmonkey set prompt 'SBCM5>' ; cloudmonkey set history_file /tmp/cloudmonkey_history ; cloudmonkey set log_file /var/log/cloud-cli.log ; cloudmonkey set display json ; cloudmonkey set apikey {{ cm_apikey }} ; cloudmonkey set secretkey {{ cm_secretkey }} ; cloudmonkey set url http://{{ hostvars[groups['primary_cs_manager'][0]]['ansible_ssh_host'] }}:8080/client/api ; cloudmonkey sync" 49 | ignore_errors: true -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-manager/tasks/additional_pre-restart_upgrade_steps.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: determine number of db hosts 3 | set_fact: num_db_hosts="{{ groups['mysql_hosts'] | length }}" 4 | tags: 5 | - extra_steps 6 | 7 | - name: set mysql_master_ip 8 | set_fact: mysql_master_ip={{ (num_db_hosts | int == 0) | ternary("{{ hostvars[groups['primary_cs_manager'][0]]['ansible_ssh_host'] }}","{{ hostvars[groups['mysql_master_host'][0]]['ansible_ssh_host'] }}") }} 9 | tags: 10 | - extra_steps 11 | 12 | - name: get upgrade version facts 13 | cs_version_facts: 14 | versionstring: "{{ upgrade_cloudstack_ver }}" 15 | isupgrade: true 16 | register: cs_upgrade_data 17 | 18 | - debug: msg="upgrade_cs_subminor_version {{ upgrade_cs_subminor_version }}" 19 | 20 | - debug: msg="upgrade_cs_minor_version {{ upgrade_cs_minor_version }}" 21 | 22 | - debug: msg="old_cs_minor_version {{ old_cs_minor_version }}" 23 | 24 | - name: copy upgrade script to mgmt. 25 | block: 26 | - copy: 27 | src: "{{ inventory_dir }}/roles/cloudstack-manager/files/update_db_410_to_411.sql" 28 | dest: /tmp/update_db_410_to_411.sql 29 | - shell: "mysql -h'{{ mysql_master_ip }}' -u'root' -p{{ mysql_root_password }} < /tmp/update_db_410_to_411.sql" 30 | when: upgrade_cs_subminor_version is version_compare('4.11.0', '==') and old_cs_minor_version is version_compare('4.10', '==') 31 | 32 | 33 | - name: preset some global settings 34 | acs_mysql_update: DBHOST="{{ mysql_master_ip }}" DBUSER="cloud" DBPASS={{ mysql_cloud_password }} MYSQL_STATEMENT="UPDATE cloud.configuration SET value='8096' WHERE name='integration.api.port';" 35 | 36 | - name: reload cloudstack.unit 37 | shell: systemctl daemon-reload 38 | when: upgrade_cs_minor_version is version_compare('4.11','==') 39 | tags: 40 | - extra_steps -------------------------------------------------------------------------------- /Ansible/roles/cloudmonkey/tasks/centos.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | 18 | - name: Ensure selinux python bindings are installed 19 | yum: name=libselinux-python state=present 20 | 21 | - name: install jq 22 | yum: name=jq state=latest 23 | 24 | - name: ensure cm config is removed 25 | file: path=/root/.cloudmonkey/config state=absent 26 | 27 | - name: copy CloudMonkey to host 28 | get_url: 29 | url: "{{ def_linux_cm_url }}" 30 | dest: /usr/bin/cmk 31 | mode: 0755 32 | timeout: 30 33 | 34 | - name: link cmk to cloudmonkey 35 | file: 36 | src: /usr/bin/cmk 37 | dest: /usr/bin/cloudmonkey 38 | state: link 39 | 40 | - name: create .cmk directory 41 | file: 42 | path: /root/.cmk 43 | state: directory 44 | mode: 0755 45 | 46 | 47 | - name: base configuration 48 | shell: "cloudmonkey set prompt 'SBCM5>' ; cloudmonkey set history_file /tmp/cloudmonkey_history ; cloudmonkey set log_file /var/log/cloud-cli.log ; cloudmonkey set display json ; cloudmonkey set apikey {{ cm_apikey }} ; cloudmonkey set secretkey {{ cm_secretkey }} ; cloudmonkey set url http://{{ hostvars[groups['primary_cs_manager'][0]]['ansible_ssh_host'] }}:8080/client/api ; cloudmonkey sync" 49 | ignore_errors: true -------------------------------------------------------------------------------- /Ansible/roles/kvm/templates/kvm-ovs-bridges.j2: -------------------------------------------------------------------------------- 1 | #Copyright 2016 ShapeBlue 2 | # 3 | #Licensed under the Apache License, Version 2.0 (the "License"); 4 | #you may not use this file except in compliance with the License. 5 | #You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | #Unless required by applicable law or agreed to in writing, software 10 | #distributed under the License is distributed on an "AS IS" BASIS, 11 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | #See the License for the specific language governing permissions and 13 | #limitations under the License. 14 | # 15 | # Note: during testing of OVS version 2.9.2 on CentOS7 it was found that bridges 16 | # can not simply request DHCP address based on the uplink NIC MAC address. 17 | # Forcing the bridge to use the MAC of uplink NIC caused DHCP leases on both 18 | # interfaces - bridge and uplink. As a result the correct OVS configuration 19 | # is included but commented out below for future use, whilst the configuration 20 | # used uses static IP address based on the DHCP lease at Trillian build time. 21 | # 22 | # DEVICE={{ item.bridge }} 23 | # ONBOOT=yes 24 | # DEVICETYPE=ovs 25 | # TYPE=OVSBridge 26 | # OVSBOOTPROTO=dhcp 27 | # OVSDHCPINTERFACE=eth0 28 | # BRMAC=06:05:04:03:02:01 29 | # OVS_EXTRA="set bridge $DEVICE other-config:hwaddr=$BRMAC 30 | # HOTPLUG=no 31 | # 32 | DEVICE={{ item.bridge }} 33 | ONBOOT=yes 34 | DEVICETYPE=ovs 35 | TYPE=OVSBridge 36 | BOOTPROTO={{ item.bootproto }} 37 | {% if item.bootproto == "static" %} 38 | {% if item.bridge == "cloud0" %} 39 | IPADDR=169.254.0.1 40 | NETMASK=255.255.0.0 41 | {% else %} 42 | IPADDR={{ ansible_eth0.ipv4.address }} 43 | NETMASK={{ ansible_eth0.ipv4.netmask }} 44 | GATEWAY={{ ansible_default_ipv4.gateway }} 45 | {% endif %} 46 | {% endif %} 47 | HOTPLUG=no -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-manager/tasks/centos-shortname.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | # The following was put in place as CCP has an issue with service startup 18 | # and encryption if the hostname is too long - like it can be in some 19 | # Trillian environments. Please note this short hostname is local to the 20 | # server only, it is not used by the overlying Ansible instance. 21 | 22 | - name: New short hostname 23 | set_fact: host_shortname="mgmt{{ play_hosts.index(inventory_hostname) | int + 1 }}" 24 | 25 | - name: Debug new hostname 26 | debug: msg="New hostname is {{ host_shortname }}" 27 | 28 | - name: Update hostname in /etc/sysconfig/network 29 | lineinfile: 30 | dest="/etc/sysconfig/network" 31 | insertafter=EOF 32 | line="HOSTNAME={{ host_shortname }}" 33 | 34 | - name: Update hosts file 35 | lineinfile: 36 | dest="/etc/hosts" 37 | insertafter=EOF 38 | line="{{ ansible_ssh_host }} {{ host_shortname }}" 39 | 40 | - name: Reboot 41 | shell: /sbin/reboot 42 | 43 | - name: Wait for SSH to shut down 44 | local_action: wait_for port=22 host="{{ ansible_ssh_host }}" timeout=900 state=stopped 45 | 46 | - name: Wait for SSH to come back online 47 | local_action: wait_for port=22 host="{{ ansible_ssh_host }}" timeout=900 48 | -------------------------------------------------------------------------------- /Ansible/documentation/TrillianProcflow.xml: -------------------------------------------------------------------------------- 1 | 7VpNc+I4E/41HJMCDCR7TMhM3j28W1ubrdqdo7CFUY0suWQZwvz66bbV/oalwEBIDRdQ66vVTz/d+mDgzaP3V8Pi1f91wOVgPAzeB97LYDweTbwJfKFkm0seJ8NcEBoRuEal4E384E5IzVIR8KTW0GotrYjrQl8rxX1bkzFj9KbebKllfdaYhTRjKXjzmWxL/xGBXblVjGel/H9chCuaeTT7La9ZMP97aHSq3HyDsbfMPnl1xGgst9BkxQK9qYi8L2BXozWMjL+i9zmXaFsyW97v647aQm/DldNtfwcv77BmMnVLH4xnEro+JzFT8DvE338bIaXA8pCrtTBaRTg+4MuXQgkrtBp4T9QTZqt2JnEg1k1Rtdn8dxhPm8xIKmWg5N7RQFwbMDOm3RKAGQQcFzmC6s1KWP4WMx9rN+CyIFvZSLrqWDKh7hZogtwa3FhOvty2aCZy5nzlOuLWbKGJ60Ce7jyfipvSjcZDJ1tVXGjmZMx5blgMXKIHPxyA3WA60lXADLnihll+50udBsCWpQjvt7jwAq0OWBaAwn5rt7q+uokSmP9JJWIBQGT0hAlTqEAPQR4ivoonFqAZD+eo1JsFytQd6/58IIeGc9Ckb5RHk+nlYHZT1TjbsAxXwROGQSj5kiWJ8OvGgFWa7b9QGN5PqfgNi1h4F7ZSBSWswV75NDxoxc6G1UAVnZoMhzLEWGZC7lpljtq2bcV40w7bkcxwCQ61rivRZVA3w59aZMGKsK5D10QkV931qUbOxjDUjzygMUy+3NYwGbbFkg+C2+WcCtwBj6XerqPkLFQu6QuU2S60RnZajcktFZBHYY2Q3UpyY8tPSOnxoZR+6IHSD7dFaZdoqpTOvPQXpQ+D+7EF9x+dBBIqsUyB1XPuwbQw9BCyrBUqRArCXldk3XSKFDudTHFqYuR+79ug6QXZ5PbiJ7FpJ2P28ew4NrkAX2XTKEuaN06nlg/Qoad/QpHGtSSZWHONLBlwX0eRAJ/K9ryfMDVOySMuQeaR0/ZWcqOL7TU2lyf767N51Fd2PF96HDmEu/JjYrXByxvahSpuN9p8z/MhWIqzhAe9pMLQsNxRe+XOjDhxiZNinkYO2GjUb3WKnT222whQsxLG9gKgYzzpJxjSWIRWVYsEvz4uHh6x7CKxrH1D86FjGflPNZhl8e3XRv9AwG/sroYsUctemcofBPGCmqdCTuqdAfP2hU25WewOtMX9qJDZDarbu/aUyM5zsf34eMlEdmMXJLSDqfJol3mvwiMC70QaeWdjEZ0VbwXx4pmyGjmveik2ITJSsmwevw/F3CNnoeMfvUCcAfWOnT+cqRu4QwzDE3IFacMT8YNhiM3RjVGXTLvp82D6AhImRQiPlC8+gMgNCDAWCnjxfXIVkQgC7P8s2YLL5+Idd64lvFrhvPSSSy7SEU3de7TTpHzmrTpP5Z23K8zeDe89MjCx7DR/oCZ6uUzANU9EqH0c/4vTw4CGZ+5hwqJmpvO+tvPYSkeLFDS75ub/4dCLjGa4PCaHdb61HxvRikIWz4oYVlS5eJbX9BfRPtItv9fcth+Zw1oblB3hDIBBHyyauRizU12PyF+k3MZfMf6jPTld6V65Bkczt334/Ia7zc8VXHdcnJfBdTql9wE6CvTinHeT+qgPjtynBF8olv8EypuXf7fyvvwE -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-nfsshares/tasks/addshares.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Report action 3 | debug: msg="Storage action {{storage_action}}, folder {{ nfs_rootpath }}{{ env_name_clean }}." 4 | 5 | - name: Check if environments folder exists 6 | stat: path="{{ nfs_rootpath }}{{ env_name_clean }}" 7 | register: pathretval 8 | 9 | - name: Report environment path found 10 | debug: msg="Storage path {{ nfs_rootpath }}{{ env_name_clean }} found{{":"}} {{ pathretval.stat.exists }}" 11 | 12 | - name: Check if fingerprint file exists 13 | stat: path="{{ nfs_rootpath }}{{ env_name_clean }}/{{ env_uuid }}" 14 | register: fprintretval 15 | 16 | - name: Report fingerprint file 17 | debug: msg="Fingerprint file {{ nfs_rootpath }}{{ env_name_clean }}/{{ env_uuid }} found{{":"}} {{ fprintretval.stat.exists }}" 18 | 19 | - name: Fail if folder exists but is not owned by this environment 20 | fail: msg="Folder {{ nfs_rootpath }}{{ env_name_clean }} exists but is owned by a different environment." 21 | when: ( pathretval.stat.exists | trim == "True" ) and ( fprintretval.stat.exists | trim =="False" ) 22 | 23 | - block: 24 | 25 | - name: Create environments folder if this doesn't exist 26 | file: state=directory path={{ nfs_rootpath }}{{ env_name_clean }} mode=0755 27 | 28 | - name: Create fingerprint file 29 | file: path={{ nfs_rootpath }}{{ env_name_clean }}/{{ env_uuid }} state=touch 30 | 31 | when: pathretval.stat.exists | trim == "False" 32 | 33 | - name: Create subfolders 34 | file: state=directory path={{ nfs_rootpath }}{{ env_name_clean }}/{{ item }} mode=0755 35 | with_items: 36 | - "{{ nfs_subfolders }}" 37 | 38 | - name: Create subfolders for test pools 39 | file: state=directory path={{ env_pripath }}{{ env_name_clean }}/{{ item }} mode=0755 40 | with_items: 41 | - "{{ env_pripoolsmarvin }}" 42 | when: ( storage_action == "addprimary" ) and build_marvin 43 | -------------------------------------------------------------------------------- /Ansible/roles/mysql/templates/my-debian.cnf.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | 17 | [mysqld] 18 | {% if inventory_hostname in groups["mysql_hosts"] %} 19 | server-id={{ hostvars[inventory_hostname]['serverid'] }} 20 | {% endif %} 21 | datadir=/var/lib/mysql 22 | max_connections={{ mysql_max_connections }} 23 | skip_name_resolve 24 | 25 | innodb_buffer_pool_size={{ mysql_innodb_buffer_pool_size }} 26 | innodb_file_per_table=1 27 | innodb_log_buffer_size=16MB 28 | innodb_flush_log_at_trx_commit=2 29 | innodb_rollback_on_timeout=1 30 | innodb_lock_wait_timeout=600 31 | 32 | max_allowed_packet=16M 33 | 34 | log_error=/var/log/mysql/error.log 35 | 36 | slow_query_log_file=slow.log 37 | slow_query_log=0 38 | log_queries_not_using_indexes=1 39 | long_query_time=0.5 40 | min_examined_row_limit=100 41 | sort_buffer_size=2M 42 | tmp_table_size=32M 43 | 44 | max_heap_table_size=64M 45 | 46 | log-bin=mysql-bin 47 | binlog_cache_size=1M 48 | max_binlog_size=128M 49 | 50 | sync_binlog=1 51 | binlog_expire_logs_seconds=86400 52 | binlog-format=ROW 53 | 54 | user=mysql 55 | socket=/var/run/mysqld/mysqld.sock 56 | pid-file=/var/run/mysqld/mysqld.pid 57 | 58 | 59 | [mysqld_safe] 60 | log-error=/var/log/mysql/mysql.log 61 | pid-file=/var/run/mysqld/mysqld.pid 62 | 63 | 64 | [client] 65 | socket=/var/run/mysqld/mysqld.sock 66 | -------------------------------------------------------------------------------- /Ansible/roles/mysql/templates/my.cnf.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | 17 | [mysqld] 18 | {% if inventory_hostname in groups["mysql_hosts"] %} 19 | server-id={{ hostvars[inventory_hostname]['serverid'] }} 20 | {% endif %} 21 | datadir=/var/lib/mysql 22 | max_connections={{ mysql_max_connections }} 23 | skip_name_resolve 24 | 25 | innodb_buffer_pool_size={{ mysql_innodb_buffer_pool_size }} 26 | innodb_file_per_table=1 27 | innodb_additional_mem_pool_size=20M 28 | innodb_log_buffer_size=16MB 29 | innodb_flush_log_at_trx_commit=2 30 | innodb_rollback_on_timeout=1 31 | innodb_lock_wait_timeout=600 32 | 33 | table_cache=512 34 | thread_cache=16 35 | query_cache_size=32M 36 | max_allowed_packet=16M 37 | 38 | log_error=error.log 39 | log_warnings=2 40 | 41 | slow_query_log_file=slow.log 42 | slow_query_log=0 43 | log_queries_not_using_indexes=1 44 | long_query_time=0.5 45 | min_examined_row_limit=100 46 | sort_buffer_size=2M 47 | tmp_table_size=32M 48 | 49 | max_heap_table_size=64M 50 | 51 | log-bin=mysql-bin 52 | binlog_cache_size=1M 53 | max_binlog_size=128M 54 | 55 | sync_binlog=1 56 | expire_logs_days=5 57 | binlog-format=ROW 58 | 59 | socket=/var/lib/mysql/mysql.sock 60 | user=mysql 61 | 62 | # Disabling symbolic-links is recommended to prevent assorted security risks 63 | symbolic-links=0 64 | 65 | [mysqld_safe] 66 | log-error=/var/log/mysql.log 67 | pid-file=/var/run/mysqld/mysqld.pid -------------------------------------------------------------------------------- /Ansible/roles/timezone/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: wait for ssh 4 | local_action: wait_for port=22 host="{{ ansible_ssh_host }}" timeout={{ ssh_retries }} connect_timeout=5 5 | 6 | - name: symlink /usr/bin/python -> /usr/bin/python3 7 | raw: | 8 | if [ -f /usr/bin/python3 ] && [ ! -f /usr/bin/python ]; then 9 | ln --symbolic /usr/bin/python3 /usr/bin/python; 10 | fi 11 | 12 | - name: Now I'm connected, get facts 13 | os_facts: 14 | 15 | # For some weird reason, it thinks SUSE is Ubuntu 16 | - name: Check if SUSE 17 | shell: cat /etc/os-release | grep -i suse 18 | register: result 19 | when: ansible_distribution == 'Ubuntu' 20 | ignore_errors: yes 21 | 22 | - name: Set distro as SUSE 23 | set_fact: 24 | ansible_distribution: "SUSE" 25 | when: ansible_distribution == 'Ubuntu' and result is succeeded 26 | 27 | - include: ./centos6.yml 28 | when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( ansible_distribution_major_version == "6" ) 29 | 30 | - include: ./centos7.yml 31 | when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( ansible_distribution_major_version|int == 7 ) 32 | 33 | - include: ./centos8.yml 34 | when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( ansible_distribution_major_version|int == 8 ) 35 | 36 | - include: ./el9.yml 37 | when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( ansible_distribution_major_version|int >= 9 ) 38 | 39 | - include: ./ubuntu.yml 40 | when: ansible_distribution == 'Ubuntu' 41 | 42 | - include: ./ubuntu.yml 43 | when: ansible_distribution == 'Debian' 44 | 45 | - include: ./suse.yml 46 | when: ansible_distribution == 'SUSE' 47 | 48 | - name: Get timestamp from the system 49 | shell: "date" 50 | register: tstamp 51 | 52 | - name: Display system date 53 | debug: 54 | msg: "tstamp" 55 | -------------------------------------------------------------------------------- /Ansible/roles/mysql/templates/mariadb-my.cnf.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | 17 | [mysqld] 18 | {% if inventory_hostname in groups["mysql_hosts"] %} 19 | server-id={{ hostvars[inventory_hostname]['serverid'] }} 20 | {% endif %} 21 | datadir=/var/lib/mysql 22 | socket=/var/lib/mysql/mysql.sock 23 | user=mysql 24 | skip_name_resolve 25 | 26 | max_connections={{ mysql_max_connections }} 27 | 28 | innodb_buffer_pool_size={{ mysql_innodb_buffer_pool_size }} 29 | innodb_file_per_table=1 30 | innodb_additional_mem_pool_size=20M 31 | innodb_log_buffer_size=16MB 32 | innodb_flush_log_at_trx_commit=2 33 | innodb_rollback_on_timeout=1 34 | innodb_lock_wait_timeout=600 35 | 36 | table_cache=512 37 | thread_cache=16 38 | query_cache_size=32M 39 | max_allowed_packet=16M 40 | 41 | log_error=error.log 42 | log_warnings=2 43 | 44 | slow_query_log_file=slow.log 45 | slow_query_log=0 46 | log_queries_not_using_indexes=1 47 | long_query_time=0.5 48 | min_examined_row_limit=100 49 | sort_buffer_size=2M 50 | tmp_table_size=32M 51 | 52 | max_heap_table_size=64M 53 | 54 | log-bin=mysql-bin 55 | binlog_cache_size=1M 56 | max_binlog_size=128M 57 | 58 | sync_binlog=1 59 | expire_logs_days=5 60 | binlog-format=ROW 61 | 62 | # Disabling symbolic-links is recommended to prevent assorted security risks 63 | symbolic-links=0 64 | 65 | [mysqld_safe] 66 | log-error=/var/log/mariadb/mariadb.log 67 | pid-file=/var/run/mariadb/mariadb.pid 68 | -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-manager/tasks/suse-acs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016-2021 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | - name: "Setup Apache Cloudstack Repo file. baseurl={{ baseurl_cloudstack }} " 18 | template: src=cloudstack.repo.j2 dest=/etc/zypp/repos.d/cloudstack.repo 19 | 20 | - name: Ensure CloudStack packages are installed 21 | shell: "zypper install -y {{ cloudstack_management_package }}* {{ cloudstack_common_package }}*" 22 | 23 | - name: Ensure MySQL Client is present 24 | shell: "zypper install -y mysql" 25 | 26 | - name: Fix messed up python mysql ssl libs 27 | copy: 28 | src: /usr/lib64/libssl.so.1.1 29 | dest: /usr/lib64/python3.6/site-packages/mysql-vendor/libssl.so.1.1 30 | remote_src: yes 31 | ignore_errors: yes 32 | 33 | - name: Fix messed up python mysql crypto libs 34 | copy: 35 | src: /usr/lib64/libcrypto.so.1.1 36 | dest: /usr/lib64/python3.6/site-packages/mysql-vendor/libcrypto.so.1.1 37 | remote_src: yes 38 | ignore_errors: yes 39 | 40 | - name: Ensure vhd-util is present 41 | get_url: url="{{ vhdutil_url }}" dest=/usr/share/cloudstack-common/scripts/vm/hypervisor/xenserver/vhd-util mode=0755 42 | 43 | - name: Ensure CloudStack Usage Service is installed 44 | shell: "zypper install -y {{ cloudstack_usage_package }}*" 45 | 46 | - include: ./setupdb.yml 47 | 48 | - name: Start cloudstack-usage service 49 | service: name=cloudstack-usage state=started enabled=yes 50 | 51 | -------------------------------------------------------------------------------- /Ansible/roles/mysql/templates/mariadb-suse-my.cnf.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016-2021 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | [client] 17 | socket=/var/lib/mysql/mysql.sock 18 | 19 | [mysqld] 20 | {% if inventory_hostname in groups["mysql_hosts"] %} 21 | server-id={{ hostvars[inventory_hostname]['serverid'] }} 22 | {% endif %} 23 | datadir=/var/lib/mysql 24 | socket=/var/lib/mysql/mysql.sock 25 | user=mysql 26 | skip_name_resolve 27 | 28 | max_connections={{ mysql_max_connections }} 29 | 30 | innodb_buffer_pool_size={{ mysql_innodb_buffer_pool_size }} 31 | innodb_file_per_table=1 32 | innodb_log_buffer_size=16MB 33 | innodb_flush_log_at_trx_commit=2 34 | innodb_rollback_on_timeout=1 35 | innodb_lock_wait_timeout=600 36 | 37 | table_cache=512 38 | thread_cache=16 39 | query_cache_size=32M 40 | max_allowed_packet=16M 41 | 42 | log_error=error.log 43 | log_warnings=2 44 | 45 | slow_query_log_file=slow.log 46 | slow_query_log=0 47 | log_queries_not_using_indexes=1 48 | long_query_time=0.5 49 | min_examined_row_limit=100 50 | sort_buffer_size=2M 51 | tmp_table_size=32M 52 | 53 | max_heap_table_size=64M 54 | 55 | log-bin=mysql-bin 56 | binlog_cache_size=1M 57 | max_binlog_size=128M 58 | 59 | sync_binlog=1 60 | expire_logs_days=5 61 | binlog-format=ROW 62 | 63 | # Disabling symbolic-links is recommended to prevent assorted security risks 64 | symbolic-links=0 65 | 66 | [mysqld_safe] 67 | log-error=/var/log/mariadb/mariadb.log 68 | pid-file=/var/run/mariadb/mariadb.pid 69 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/tasks/kvm_networking_bridge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | - name: stop and disable networkmanager (CentOS7) 18 | service: 19 | name: NetworkManager 20 | state: stopped 21 | enabled: false 22 | when: ansible_distribution_major_version == "7" 23 | ignore_errors: true 24 | 25 | - name: Configure eth0 26 | template: src=kvm-eth0.j2 dest=/etc/sysconfig/network-scripts/ifcfg-eth0 27 | 28 | - name: Configure bridge 1 29 | template: src=kvm-cloudbr0.j2 dest="/etc/sysconfig/network-scripts/ifcfg-{{ kvm_mgmt_network_label }}" 30 | 31 | - name: Configure eth1 (Advanced Networking) 32 | template: src=kvm-eth1.j2 dest=/etc/sysconfig/network-scripts/ifcfg-eth1 33 | when: ("{{ env_zonetype | lower }}" == "advanced") 34 | 35 | - name: Configure eth1 (Basic Networking) 36 | template: src=kvm-eth1-basic.j2 dest=/etc/sysconfig/network-scripts/ifcfg-eth1 37 | when: ("{{ env_zonetype | lower }}" == "basic") 38 | 39 | - name: Configure eth1.vlan (Basic Networking) 40 | template: src=kvm-eth1-basic-vlan.j2 dest=/etc/sysconfig/network-scripts/ifcfg-eth1.{{ hostvars['localhost']['env_guestnetvlan'] }} 41 | when: ("{{ env_zonetype | lower }}" == "basic") 42 | 43 | - name: Configure bridge 2 44 | template: src=kvm-cloudbr1.j2 dest="/etc/sysconfig/network-scripts/ifcfg-{{ kvm_guest_network_label }}" 45 | 46 | - name: restart networking 47 | service: name=network state=restarted 48 | ignore_errors: true 49 | -------------------------------------------------------------------------------- /Ansible/roles/mysql/templates/my-centos8.cnf.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | 17 | [mysqld] 18 | {% if inventory_hostname in groups["mysql_hosts"] %} 19 | server-id={{ hostvars[inventory_hostname]['serverid'] }} 20 | {% endif %} 21 | datadir=/var/lib/mysql 22 | max_connections={{ mysql_max_connections }} 23 | skip_name_resolve 24 | 25 | {% if ansible_distribution_major_version|int < 10 %} 26 | default_authentication_plugin=mysql_native_password 27 | {% endif %} 28 | 29 | innodb_buffer_pool_size={{ mysql_innodb_buffer_pool_size }} 30 | innodb_file_per_table=1 31 | innodb_log_buffer_size=16MB 32 | innodb_flush_log_at_trx_commit=2 33 | innodb_rollback_on_timeout=1 34 | innodb_lock_wait_timeout=600 35 | 36 | max_allowed_packet=16M 37 | 38 | log_error=/var/log/mysql/error.log 39 | 40 | slow_query_log_file=slow.log 41 | slow_query_log=0 42 | log_queries_not_using_indexes=1 43 | long_query_time=0.5 44 | min_examined_row_limit=100 45 | sort_buffer_size=2M 46 | tmp_table_size=32M 47 | 48 | max_heap_table_size=64M 49 | 50 | log-bin=mysql-bin 51 | binlog_cache_size=1M 52 | max_binlog_size=128M 53 | 54 | sync_binlog=1 55 | binlog_expire_logs_seconds=86400 56 | binlog-format=ROW 57 | 58 | user=mysql 59 | socket=/var/run/mysqld/mysqld.sock 60 | pid-file=/var/run/mysqld/mysqld.pid 61 | 62 | 63 | [mysqld_safe] 64 | log-error=/var/log/mysql/mysql.log 65 | pid-file=/var/run/mysqld/mysqld.pid 66 | 67 | 68 | [client] 69 | socket=/var/run/mysqld/mysqld.sock 70 | -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-manager/tasks/setup-mgmt.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Sleep has been added to stagger management server startups. 4 | 5 | - name: test for cloud or cloudstack usage 6 | stat: path=/usr/bin/cloudstack-setup-databases 7 | register: path_is_cloudstack 8 | tags: 9 | - setup_mgmt 10 | 11 | - debug: 12 | msg: "cloudstack not cloud is {{ path_is_cloudstack.stat.exists }} and the OS version is {{ ansible_distribution_major_version }}" 13 | 14 | - name: Setup CloudStack Manager (centos/rhel8+/suse/ubuntu/debian or centos/rhel7 ACS < 4.6) 15 | shell: sleep {{ play_hosts.index(inventory_hostname) | int * 15 }} && /usr/bin/cloudstack-setup-management 16 | when: > 17 | ((ansible_distribution_major_version|int == 6) and (path_is_cloudstack.stat.exists|bool == True)) or 18 | ((ansible_distribution_major_version == "7") and (env_numversion | version_compare('4.6','<'))) or 19 | (ansible_distribution in ["SUSE", "Ubuntu", "Debian"] or ansible_distribution_major_version|int >= 8) 20 | tags: 21 | - setup_mgmt 22 | 23 | - name: Setup CloudStack Manager (centos/rhel6) 24 | shell: sleep {{ play_hosts.index(inventory_hostname) | int * 15 }} && /usr/bin/cloud-setup-management 25 | when: (ansible_distribution_major_version|int == 6) and (path_is_cloudstack.stat.exists|bool == False) 26 | tags: 27 | - setup_mgmt 28 | 29 | - name: Setup CloudStack Manager (centos/rhel7 ACS >= 4.11) 30 | shell: sleep {{ play_hosts.index(inventory_hostname) | int * 15 }} && /usr/bin/cloudstack-setup-management --tomcat7 31 | when: (ansible_distribution_major_version == "7") and (env_numversion | version_compare('4.11','>=')) 32 | tags: 33 | - setup_mgmt 34 | 35 | - name: Setup CloudStack Manager (centos/rhel7 ACS 4.6-4.10) 36 | shell: sleep {{ play_hosts.index(inventory_hostname) | int * 15 }} && /usr/bin/cloudstack-setup-management --tomcat7 37 | when: (ansible_distribution_major_version == "7") and (env_numversion | version_compare('4.6','>=')) and (env_numversion | version_compare('4.11','<')) 38 | tags: 39 | - setup_mgmt 40 | -------------------------------------------------------------------------------- /Ansible/stopstartvms.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | #################################################################### 18 | # Stop / start VMs 19 | # 20 | - hosts: localhost 21 | connection: local 22 | gather_facts: no 23 | tasks: 24 | - name: Stop / start VMs 25 | local_action: 26 | module: cs_instance 27 | name: "{{ item }}" 28 | project: "{{ build_project }}" 29 | state: "{{ stopstartaction }}" 30 | with_items: 31 | - "{{ groups['cloudstack_manager_hosts'] }}" 32 | - "{{ groups['mysql_hosts'] }}" 33 | - "{{ groups['hypervisor_hosts'] }}" 34 | - "{{ groups['vc_hosts'] }}" 35 | 36 | - hosts: cloudstack_manager_hosts 37 | gather_facts: no 38 | tasks: 39 | - name: wait for VM to be alive 40 | shell: "ping {{ ansible_ssh_host }} -c 1" 41 | register: pong 42 | until: pong.rc == 0 43 | retries: "{{ ssh_retries }}" 44 | when: stopstartaction == "started" 45 | 46 | - name: wait for ssh 47 | local_action: wait_for port=22 host="{{ ansible_ssh_host }}" timeout={{ ssh_retries }} connect_timeout=5 48 | when: stopstartaction == "started" 49 | 50 | - name: "wait for ACS Management Service to come up before appying additional global settings" 51 | shell: "curl http://127.0.0.1:8080/client/api --connect-timeout 5" 52 | register: result 53 | until: result.stdout.find("unable to verify user") != -1 54 | retries: 48 55 | when: ("primary_cs_manager" in group_names) and (stopstartaction == "started") 56 | -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-manager/templates/CentOS-Base.repo.j2: -------------------------------------------------------------------------------- 1 | # CentOS-Base.repo 2 | # 3 | # The mirror system uses the connecting IP address of the client and the 4 | # update status of each mirror to pick mirrors that are updated to and 5 | # geographically close to the client. You should use this for CentOS updates 6 | # unless you are manually picking other mirrors. 7 | # 8 | # If the mirrorlist= does not work for you, as a fall back you can try the 9 | # remarked out baseurl= line instead. 10 | # 11 | # 12 | 13 | [base] 14 | name=CentOS-$releasever - Base 15 | #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os 16 | baseurl=http://{{ os_repo }}/centos/$releasever/os/$basearch/ 17 | gpgcheck=0 18 | enabled = {{ base_repo_enabled }} 19 | 20 | #released updates 21 | [updates] 22 | name=CentOS-$releasever - Updates 23 | #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates 24 | baseurl=http://{{ os_repo }}/centos/$releasever/updates/$basearch/ 25 | gpgcheck=0 26 | enabled = {{ update_repo_enabled }} 27 | 28 | #additional packages that may be useful 29 | [extras] 30 | name=CentOS-$releasever - Extras 31 | mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras 32 | #baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/ 33 | gpgcheck=1 34 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 35 | enabled = 0 36 | 37 | #additional packages that extend functionality of existing packages 38 | [centosplus] 39 | name=CentOS-$releasever - Plus 40 | mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus 41 | #baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/ 42 | gpgcheck=1 43 | enabled=0 44 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 45 | 46 | #contrib - packages by Centos Users 47 | [contrib] 48 | name=CentOS-$releasever - Contrib 49 | mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib 50 | #baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/ 51 | gpgcheck=1 52 | enabled=0 53 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 54 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/tasks/centos-acs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | # Copyright (C) ShapeBlue Ltd - All Rights Reserved 17 | # Unauthorized copying of this file, via any medium is strictly prohibited 18 | # Proprietary and confidential 19 | # Released by ShapeBlue , April 2014 20 | 21 | - name: Ensure the Apache Cloudstack Repo file is configured 22 | template: src=cloudstack.repo.j2 dest=/etc/yum.repos.d/cloudstack.repo 23 | tags: 24 | - kvm 25 | - kvm-agent 26 | 27 | - name: Ensure CloudStack packages are installed (EL7 or lower) 28 | yum: 29 | name: 30 | - "{{ cloudstack_agent_package }}*" 31 | - "{{ cloudstack_common_package }}*" 32 | - tzdata-java 33 | state: present 34 | enablerepo: base 35 | when: ansible_distribution_major_version|int < 8 36 | tags: 37 | - kvm 38 | - kvm-agent 39 | 40 | - name: Ensure CloudStack packages are installed (EL8 or higher) 41 | dnf: 42 | name: 43 | - "{{ cloudstack_agent_package }}*" 44 | - "{{ cloudstack_common_package }}*" 45 | - tzdata-java 46 | state: present 47 | when: ansible_distribution_major_version|int >= 8 48 | tags: 49 | - kvm 50 | - kvm-agent 51 | 52 | - name: Configure agent.properties for OVS 53 | lineinfile: 54 | path: /etc/cloudstack/agent/agent.properties 55 | line: "{{ item }}" 56 | with_items: 57 | - "network.bridge.type=openvswitch" 58 | - "libvirt.vif.driver=com.cloud.hypervisor.kvm.resource.OvsVifDriver" 59 | when: kvm_network_mode == "ovs" 60 | 61 | - include: ./centos_qemuimg.yml 62 | -------------------------------------------------------------------------------- /Ansible/roles/hipchat_client/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #Copyright 2016 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | - debug: msg="Connecting to host {{ ansible_ssh_host }}" 17 | tags: 18 | - "hipchat" 19 | 20 | - name: wait for ssh 21 | local_action: wait_for port=22 host="{{ ansible_ssh_host }}" timeout=300 connect_timeout=5 22 | tags: 23 | - "hipchat" 24 | 25 | - name: Ensure selinux python bindings are installed (Ansible requirement) 26 | yum: name=libselinux-python state=present 27 | tags: 28 | - "hipchat" 29 | 30 | - name: Install Other Dependancies 31 | yum: name={{ item }} state=installed 32 | with_items: 33 | - bzip2-devel 34 | - unzip 35 | 36 | 37 | - name: install java 38 | yum: name=java-1.8.0-openjdk.x86_64 state=present 39 | tags: 40 | - "hipchat" 41 | 42 | - name: retrieve hipchat cli client dist 43 | get_url: url="{{ hipchat_cli_client_location }}" dest="/tmp/hipchapcli.zip" 44 | tags: 45 | - "hipchat" 46 | 47 | - name: unpack files 48 | unarchive: src="/tmp/hipchapcli.zip" dest=/opt copy=no 49 | tags: 50 | - "hipchat" 51 | 52 | - name: clean up files 53 | file: path="{{ item }}" state=absent 54 | with_items: 55 | - "/tmp/hipchapcli.zip" 56 | tags: 57 | - "hipchat" 58 | 59 | - name: configure client 60 | template: src="hipchat.sh.j2" dest="/opt/atlassian-cli-{{ hipchat_cli_client_version }}/hipchat.sh" mode=0744 61 | tags: 62 | - "hipchat" 63 | 64 | - name: create symlink for hipchat 65 | file: src="/opt/atlassian-cli-{{ hipchat_cli_client_version }}/hipchat.sh" dest=/usr/bin/hipchat state=link 66 | tags: 67 | - "hipchat" -------------------------------------------------------------------------------- /utils/install_ansible.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | 18 | yum install -y epel-release wget git libselinux-python 19 | yum install -y python-setuptools jq 20 | yum install -y mysql 21 | yum install -y python-crypto sshpass ansible screen 22 | easy_install pip 23 | pip install pyvmomi 24 | pip install pysphere 25 | pip install cs 26 | 27 | INVDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )"/../Ansible && pwd )" 28 | echo "ansible-playbook $INVDIR/generate-cloudconfig.yml -i $INVDIR/localhost --extra-vars \"\$1\"" > /usr/bin/generate-config && chmod 0755 /usr/bin/generate-config 29 | echo "ansible-playbook $INVDIR/erase-env.yml -i $INVDIR/localhost --extra-vars \"env_name=\$1\"" > /usr/bin/erase-env && chmod 0755 /usr/bin/erase-env 30 | sed -i "/^library /c\library = /usr/share/ansible:$INVDIR/library" $INVDIR/ansible.cfg 31 | 32 | echo '!/bin/bash 33 | 34 | EXTRAVARS=$1 35 | ansible-playbook ./generate-cloudconfig.yml -i ./localhost --extra-vars "$EXTRAVARS" 36 | ENVNAME=`echo ${EXTRAVARS%$env_name=*} | head -n1 | cut -d " " -f1|cut -d "=" -f 2` 37 | ansible-playbook ./deployvms.yml -i ./hosts_"$ENVNAME" 38 | ' > /usr/bin/build-env 39 | 40 | chmod 0755 /usr/bin/build-env 41 | 42 | echo ' 43 | #!/bin/bash 44 | 45 | if [[ -z `echo $1 | grep "^hosts_"` ]]; then 46 | ansible-playbook ./destroyvms.yml -i ./hosts_$1 --extra-vars "expunge=yes removeconfig=yes removeproject=yes" 47 | else 48 | ansible-playbook ./destroyvms.yml -i ./$1 --extra-vars "expunge=yes removeconfig=yes removeproject=yes" 49 | fi 50 | 51 | ' > /usr/bin/erase-env 52 | chmod 0755 /usr/bin/erase-env -------------------------------------------------------------------------------- /utils/install_ansible - Ubuntu.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | 18 | apt-get install -y python-setuptools jq wget git mysql-client 19 | apt-get install -y python-crypto sshpass 20 | apt-get install -y python-pip 21 | easy_install pip 22 | pip install paramiko PyYAML Jinja2 httplib2 six markupsafe python-dev 23 | pip install pyvmomi 24 | pip install pysphere 25 | pip install cs 26 | 27 | INVDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )"/../Ansible && pwd )" 28 | echo "ansible-playbook $INVDIR/generate-cloudconfig.yml -i $INVDIR/localhost --extra-vars \"\$1\"" > /usr/bin/generate-config && chmod 0755 /usr/bin/generate-config 29 | echo "ansible-playbook $INVDIR/erase-env.yml -i $INVDIR/localhost --extra-vars \"env_name=\$1\"" > /usr/bin/erase-env && chmod 0755 /usr/bin/erase-env 30 | sed -i "/^library /c\library = /usr/share/ansible:$INVDIR/library" $INVDIR/ansible.cfg 31 | 32 | echo '!/bin/bash 33 | 34 | EXTRAVARS=$1 35 | ansible-playbook ./generate-cloudconfig.yml -i ./localhost --extra-vars "$EXTRAVARS" 36 | ENVNAME=`echo ${EXTRAVARS%$env_name=*} | head -n1 | cut -d " " -f1|cut -d "=" -f 2` 37 | ansible-playbook ./deployvms.yml -i ./hosts_"$ENVNAME" 38 | ' > /usr/bin/build-env 39 | 40 | chmod 0755 /usr/bin/build-env 41 | 42 | echo ' 43 | #!/bin/bash 44 | 45 | if [[ -z `echo $1 | grep "^hosts_"` ]]; then 46 | ansible-playbook ./destroyvms.yml -i ./hosts_$1 --extra-vars "expunge=yes removeconfig=yes removeproject=yes" 47 | else 48 | ansible-playbook ./destroyvms.yml -i ./$1 --extra-vars "expunge=yes removeconfig=yes removeproject=yes" 49 | fi 50 | 51 | ' > /usr/bin/erase-env 52 | chmod 0755 /usr/bin/erase-env -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-manager/tasks/upgrade_centos_mgmt.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: get pre-upgrade CloudStack version from server 4 | shell: "cloudmonkey list capabilities | jq -r '.capability | .cloudstackversion'" 5 | register: CloudStack_original_version 6 | 7 | - name: set get original version vars 8 | cs_version_facts: 9 | versionstring: "cs{{ CloudStack_original_version.stdout }}" 10 | isupgrade: false 11 | register: cs_orginal_version 12 | 13 | - debug: 14 | msg: "{{ cs_orginal_version }} " 15 | 16 | - name: stop services 17 | service: 18 | name: "{{ item }}" 19 | state: stopped 20 | with_items: 21 | - cloudstack-management 22 | - cloudstack-usage 23 | 24 | - name: determine number of db hosts 25 | set_fact: num_db_hosts="{{ groups['mysql_hosts'] | length }}" 26 | 27 | - name: set mysql_master_ip 28 | set_fact: mysql_master_ip={{ (num_db_hosts | int == 0) | ternary("{{ hostvars[groups['primary_cs_manager'][0]]['ansible_ssh_host'] }}","{{ hostvars[groups['mysql_master_host'][0]]['ansible_ssh_host'] }}") }} 29 | 30 | - name: backup database 31 | shell: mysqldump -h'{{ mysql_master_ip }}' -u'root' -p{{ mysql_root_password }} --databases cloud cloud_usage > /root/db_backup.sql 32 | 33 | - debug: 34 | msg: "{{upgrade_baseurl_mgmt}}" 35 | 36 | # set upgrade repo 'fact' 37 | - set_fact: 38 | baseurl_cloudstack: "{{ upgrade_baseurl_mgmt }}" 39 | 40 | - name: update cloudstack repo 41 | template: 42 | src: "{{ inventory_dir }}/roles/cloudstack-manager/templates/cloudstack.repo.j2" 43 | dest: /etc/yum.repos.d/cloudstack.repo 44 | 45 | - name: upgrade cloudstack binaries 46 | yum: 47 | name: "cloudstack-management-{{ upgrade_cs_numeric_version }}*" 48 | state: latest 49 | update_cache: yes 50 | 51 | 52 | - name: Perform any additional pre-restart upgrade steps 53 | include: additional_pre-restart_upgrade_steps.yaml 54 | vars: 55 | old_cs_minor_version: "{{ env_cs_minor_version }}" 56 | run_once: yes 57 | 58 | - name: start services 59 | service: 60 | name: "{{ item }}" 61 | state: started 62 | with_items: 63 | - cloudstack-management 64 | - cloudstack-usage 65 | 66 | - name: Perform any additional post-restart upgrade steps 67 | include: additional_post-restart_upgrade_steps.yaml 68 | 69 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/tasks/kvm_networking_phys_host.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | 18 | - name: Configure PXE interface (Disable PXE interface) 19 | template: src=kvm-eth_PXE_phys_host.j2 dest="/etc/sysconfig/network-scripts/ifcfg-{{ phys_host_PXE_if }}" 20 | 21 | - name: remove old interface files 22 | shell: rm -f /etc/sysconfig/network-scripts/ifcfg-enp* 23 | 24 | - name: remove old interface files 25 | shell: rm -f /etc/sysconfig/network-scripts/ifcfg-p55* 26 | 27 | - name: Configure mgmt interface (Physical host) 28 | template: src=kvm-eth_mgmt_phys_host.j2 dest="/etc/sysconfig/network-scripts/ifcfg-{{ phys_host_mgmt_if }}" 29 | 30 | - name: Configure mgmt/storage bridge (Physical host) 31 | template: src=kvm-cloudbr0_phys_host.j2 dest="/etc/sysconfig/network-scripts/ifcfg-{{ kvm_mgmt_network_label }}" 32 | 33 | - name: Configure guest/pub (Advanced Networking) (Physical host) 34 | template: src=kvm-trunked_phys_host.j2 dest="/etc/sysconfig/network-scripts/ifcfg-{{ phys_host_trunked_if }}" 35 | when: ("{{ env_zonetype | lower }}" == "advanced") 36 | 37 | - name: Configure guest (Basic Networking) (Physical host) 38 | template: src=kvm-eth2-basic.j2 dest="/etc/sysconfig/network-scripts/ifcfg-{{ phys_host_trunked_if }}.11" 39 | when: ("{{ env_zonetype | lower }}" == "basic") 40 | 41 | - name: Configure guest/public bridge (Physical host) 42 | template: src=kvm-cloudbr1.j2 dest="/etc/sysconfig/network-scripts/ifcfg-{{ kvm_guest_network_label }}" 43 | 44 | - name: Add resolv.conf (Physical host) 45 | template: src=resolv.conf.j2 dest=/etc/resolv.conf 46 | 47 | - name: restart networking 48 | service: 49 | name: network 50 | state: restarted 51 | ignore_errors: true 52 | -------------------------------------------------------------------------------- /Ansible/tasks/builtintemplate_hack.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Report hv counts before template hack 4 | debug: msg="HV count is {{ num_xen_hosts }} XS, {{ num_kvm_hosts }} KVM, {{ num_esxi_hosts }} ESXi" 5 | 6 | - name: create builtin xenserver template_dir 7 | file: 8 | path: "/acs/secondary/{{ env_name_clean }}/{{ env_name_clean }}-sec1/template/tmpl/1/5" 9 | state: directory 10 | mode: 0755 11 | when: num_xen_hosts | int > 0 12 | 13 | - name: copy template and properties.template files 14 | get_url: 15 | url: "{{ custom_repo }}/builtin_templates/xenserver/{{ item }}" 16 | dest: "/acs/secondary/{{ env_name_clean }}/{{ env_name_clean }}-sec1/template/tmpl/1/5/{{ item }}" 17 | with_items: 18 | - "b418e433-4ecd-3a1d-a90e-183157a165d5.vhd" 19 | - "template.properties" 20 | when: num_xen_hosts | int > 0 21 | 22 | - name: create builtin kvm template_dir 23 | file: 24 | path: "/acs/secondary/{{ env_name_clean }}/{{ env_name_clean }}-sec1/template/tmpl/1/4" 25 | state: directory 26 | mode: 0755 27 | when: num_kvm_hosts | int > 0 28 | 29 | - name: copy template and properties.template files 30 | get_url: 31 | url: "{{ custom_repo }}/builtin_templates/kvm/{{ item }}" 32 | dest: "/acs/secondary/{{ env_name_clean }}/{{ env_name_clean }}-sec1/template/tmpl/1/4/{{ item }}" 33 | with_items: 34 | - "0c364cce-8288-3a92-9234-4ffde372aec7.qcow2" 35 | - "template.properties" 36 | when: num_kvm_hosts | int > 0 37 | 38 | - name: create builtin esxi template_dir 39 | file: 40 | path: "/acs/secondary/{{ env_name_clean }}/{{ env_name_clean }}-sec1/template/tmpl/1/7" 41 | state: directory 42 | mode: 0755 43 | when: num_esxi_hosts | int > 0 44 | 45 | - name: copy template and properties.template files 46 | get_url: 47 | url: "{{ custom_repo }}/builtin_templates/esxi/{{ item }}" 48 | dest: "/acs/secondary/{{ env_name_clean }}/{{ env_name_clean }}-sec1/template/tmpl/1/7/{{ item }}" 49 | with_items: 50 | - "0654e777-1660-3d44-a937-431b53f15ed7.ova" 51 | - "CentOS5.3-x86_64.mf" 52 | - "CentOS5.3-x86_64.ovf" 53 | - "CentOS5.3-x86_64.ovf.orig" 54 | - "CentOS5.3-x86_64-disk1.vmdk" 55 | - "centos53-x64.ova" 56 | - "centos53-x64.ova.meta" 57 | - "template.properties" 58 | when: num_esxi_hosts | int > 0 59 | -------------------------------------------------------------------------------- /Ansible/roles/marvin/tasks/setup_iscsi_target.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | - name: Install iSCSI target packages 18 | dnf: 19 | name: "{{ item }}" 20 | state: present 21 | with_items: 22 | - targetcli 23 | - iscsi-initiator-utils 24 | tags: 25 | - marvin 26 | - marvin_iscsi 27 | 28 | - name: Ensure iSCSI target service is enabled and started 29 | systemd: 30 | name: target 31 | state: started 32 | enabled: true 33 | tags: 34 | - marvin 35 | - marvin_iscsi 36 | 37 | - name: Create iSCSI backstore directory 38 | file: 39 | path: /var/iscsi_disks 40 | state: directory 41 | mode: 0755 42 | 43 | - name: Create iSCSI backstore file if it does not exist 44 | command: "dd if=/dev/zero of=/var/iscsi_disks/disk01.img bs=1M count=1024" 45 | tags: 46 | - marvin 47 | - marvin_iscsi 48 | 49 | - name: Parse iSCSI target IQN (strip /LUN suffix if present) 50 | set_fact: 51 | iscsi_target_iqn: "{{ env_iscsi_test_target | regex_replace('/[0-9]+$', '') }}" 52 | tags: 53 | - marvin 54 | - marvin_iscsi 55 | 56 | - name: Setup iSCSI target configuration 57 | shell: > 58 | targetcli backstores/fileio create disk01 /var/iscsi_disks/disk01.img 1G && 59 | targetcli /iscsi create {{ iscsi_target_iqn }} && 60 | targetcli /iscsi/{{ iscsi_target_iqn }}/tpg1/luns/ create /backstores/fileio/disk01 && 61 | targetcli /iscsi/{{ iscsi_target_iqn }}/tpg1/acls/ create iqn.2016-10.local.client:node01 && 62 | targetcli /iscsi/{{ iscsi_target_iqn }}/tpg1 set attribute authentication=0 && 63 | targetcli /iscsi/{{ iscsi_target_iqn }}/tpg1 set attribute demo_mode_write_protect=0 && 64 | targetcli /iscsi/{{ iscsi_target_iqn }}/tpg1 set attribute generate_node_acls=1 && 65 | targetcli saveconfig 66 | tags: 67 | - marvin 68 | - marvin_iscsi 69 | -------------------------------------------------------------------------------- /Ansible/library/get_db_facts: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | ARGS="(`cat $1`)" 17 | DBHOST=`echo $ARGS | tr " " "\n"| awk -F= '$1=="DBHOST"{print $2}'| tr -d '"' | sed -e 's/[[:space:]]*$//'` 18 | DBUSER=`echo $ARGS | tr " " "\n"| awk -F= '$1=="DBUSER"{print $2}'| tr -d '"' | sed -e 's/[[:space:]]*$//'` 19 | DBPASS=`echo $ARGS | tr " " "\n"| awk -F= '$1=="DBPASSWORD"{print $2}'| tr -d '"' | sed -e 's/[[:space:]]*$//'` 20 | 21 | master_status=`mysql -h $DBHOST -u $DBUSER -p$DBPASS -e \ "show master status;"` 22 | master_file=`echo $master_status | awk -F ' ' '{print $5}'` 23 | master_pos=`echo $master_status | awk -F ' ' '{print $6}'` 24 | clouddb_test=`mysql -h $DBHOST -u $DBUSER -p$DBPASS -e \ "SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = 'cloud';"` 25 | if [[ -n $clouddb_test ]]; then 26 | registered_mgmt_servers=`mysql -h $DBHOST -u $DBUSER -p$DBPASS -e \ "SELECT service_ip FROM cloud.mshost where removed is null;" | grep -vE service_ip` 27 | else 28 | registered_mgmt_servers="" 29 | fi 30 | 31 | echo "{ 32 | \"ansible_facts\": { 33 | \"master_file\": \"$master_file\", 34 | \"master_pos\": \"$master_pos\"," 35 | if [[ -z $clouddb_test ]]; then 36 | echo " \"cloudbd_exists\": \"no\"," 37 | else 38 | echo " \"cloudbd_exists\": \"yes\"," 39 | fi 40 | echo " \"registered_mgmt_ips\": {" 41 | # loop through uploaded patches and output to a temp file 42 | if [[ -n $registered_mgmt_servers ]]; then 43 | for mgmt_server_ip in $registered_mgmt_servers 44 | do 45 | echo " \"mgmt_ip\": \"$mgmt_server_ip\"," >> /tmp/ansi_mgmt_ip_file 46 | done 47 | # remove training comma on last entry in file (then output contents) 48 | sed '$s/.$//' /tmp/ansi_mgmt_ip_file 49 | # remove file 50 | rm -f /tmp/ansi_mgmt_ip_file 51 | else 52 | echo " \"mgmt_ip\": \"\"" 53 | fi 54 | echo " } 55 | } 56 | }" -------------------------------------------------------------------------------- /Ansible/tasks/add_dvfilter.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: get local facts 4 | local_action: setup 5 | tags: 6 | - vc_config 7 | 8 | - name: add dvfilter to Nested Host interfaces (hypervisors) 9 | vsphere_guest: 10 | vcenter_hostname: "{{ parent_vcenter_hostname }}" 11 | username: "{{ parent_vcenter_username }}" 12 | password: "{{ parent_vcenter_password }}" 13 | guest: "{{ hostvars[item]['instance_name'] }}" 14 | state: reconfigured 15 | vm_extra_config: 16 | ethernet0.filter4.name: "dvfilter-maclearn" 17 | ethernet0.filter4.onFailure: "failOpen" 18 | ethernet1.filter4.name: "dvfilter-maclearn" 19 | ethernet1.filter4.onFailure: "failOpen" 20 | esxi: 21 | datacenter_name: "{{ parent_vcenter_dc }}" 22 | validate_certs: no 23 | with_items: 24 | - "{{ groups['hypervisor_hosts'] }}" 25 | tags: 26 | - add_dvfilter 27 | 28 | - name: add dvfilter to Nested Host interfaces (marvin and vCenter) 29 | vsphere_guest: 30 | vcenter_hostname: "{{ parent_vcenter_hostname }}" 31 | username: "{{ parent_vcenter_username }}" 32 | password: "{{ parent_vcenter_password }}" 33 | guest: "{{ hostvars[item]['instance_name'] }}" 34 | state: reconfigured 35 | vm_extra_config: 36 | ethernet0.filter4.name: "dvfilter-maclearn" 37 | ethernet0.filter4.onFailure: "failOpen" 38 | esxi: 39 | datacenter_name: "{{ parent_vcenter_dc }}" 40 | validate_certs: no 41 | with_items: 42 | - "{{ groups['vc_hosts'] }}" 43 | - "{{ groups['marvin_host'] }}" 44 | tags: 45 | - add_dvfilter 46 | 47 | - name: add dvfilter to Nested Host interfaces (management server) 48 | vsphere_guest: 49 | vcenter_hostname: "{{ parent_vcenter_hostname }}" 50 | username: "{{ parent_vcenter_username }}" 51 | password: "{{ parent_vcenter_password }}" 52 | guest: "{{ hostvars[item]['instance_name'] }}" 53 | state: reconfigured 54 | vm_extra_config: 55 | ethernet0.filter4.name: "dvfilter-maclearn" 56 | ethernet0.filter4.onFailure: "failOpen" 57 | esxi: 58 | datacenter_name: "{{ parent_vcenter_dc }}" 59 | validate_certs: no 60 | with_items: 61 | - "{{ groups['cloudstack_manager_hosts'] }}" 62 | when: (additional_zone|bool == False) and (additional_pod|bool == False) 63 | tags: 64 | - add_dvfilter 65 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/tasks/centos_elrepokernel.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | # Copyright (C) ShapeBlue Ltd - All Rights Reserved 17 | # Unauthorized copying of this file, via any medium is strictly prohibited 18 | # Proprietary and confidential 19 | # Released by ShapeBlue , April 2014 20 | 21 | - name: Setup ELrepo-kernel yum repository 22 | template: src=elrepo.repo.j2 dest=/etc/yum.repos.d/elrepo.repo 23 | 24 | - name: Install ELrepo kernel 6/7 25 | shell: "yum --enablerepo=elrepo-kernel install {{ kvm_elrepo_kernel_version }} -y" 26 | when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( ansible_distribution_major_version|int < 8 ) 27 | 28 | - name: Install ELrepo kernel 8 29 | shell: "dnf --enablerepo=elrepo-kernel install {{ kvm_elrepo_kernel_version }} -y" 30 | when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( ansible_distribution_major_version|int == 8 ) 31 | 32 | - name: Set ELrepo kernel as the default (CentOS 6) 33 | shell: sed -i '/default=1/c\default=0' /boot/grub/grub.conf 34 | when: (ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux') and (ansible_distribution_major_version == "6") 35 | 36 | - name: Set ELrepo kernel as the default one (CentOS 7) 37 | shell: grub2-set-default 0 38 | when: (ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux') and (ansible_distribution_major_version == "7") 39 | 40 | # centos8 - kernel is set as default, by default 41 | 42 | - name: Reboot KVM host to load ELrepo kernel 43 | shell: /sbin/reboot 44 | async: 0 45 | poll: 0 46 | ignore_errors: true 47 | 48 | - name: wait for ssh 49 | local_action: wait_for port=22 host="{{ ansible_ssh_host }}" timeout={{ ssh_retries }} connect_timeout=5 50 | when: (not use_phys_hosts) 51 | -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-iscsiluns/tasks/removeluns.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Report action 3 | debug: msg="Storage action {{storage_action}}, iSCSI folder {{ env_pripath_iscsi }}." 4 | 5 | - name: Check if environments folder exists 6 | stat: path="{{ env_pripath_iscsi }}{{ env_name_clean }}" 7 | register: pathretval 8 | 9 | - name: Report environment path found 10 | debug: msg="Storage path {{ env_pripath_iscsi }}{{ env_name_clean }} found{{":"}} {{ pathretval.stat.exists }}" 11 | 12 | - name: Check if fingerprint file exists 13 | stat: path="{{ env_pripath_iscsi }}{{ env_name_clean }}/{{ env_uuid }}" 14 | register: fprintretval 15 | 16 | - name: Report fingerprint file 17 | debug: msg="Fingerprint file {{ env_pripath_iscsi }}{{ env_name_clean }}/{{ env_uuid }} found{{":"}} {{ fprintretval.stat.exists }}" 18 | 19 | - name: Fail if folder exists but is not owned by this environment 20 | fail: msg="Folder {{ env_pripath_iscsi }}{{ env_name_clean }} exists but is owned by a different environment." 21 | when: ( pathretval.stat.exists | trim == "True" ) and ( fprintretval.stat.exists | trim =="False" ) 22 | 23 | - block: 24 | 25 | - name: Targetcli - remove iscsi target 26 | shell: targetcli iscsi/ delete {{ env_iscsi_target }}:{{ env_uuid }} 27 | 28 | - name: Targetcli - remove backstores 29 | shell: targetcli backstores/fileio/ delete {{ item }} 30 | with_items: 31 | - "{{ env_pripools }}" 32 | 33 | - name: Targetcli - remove quorum 34 | shell: targetcli backstores/fileio/ delete {{ env_name_clean }}-quorum 35 | when: env_hv == "kvm" 36 | ignore_errors: true 37 | 38 | - name: Targetcli - save config 39 | shell: targetcli saveconfig 40 | 41 | - name: Targetcli - check config - expected to fail 42 | shell: targetcli iscsi/{{ env_iscsi_target }}:{{ env_uuid }} ls 43 | register: targetconfig 44 | ignore_errors: true 45 | 46 | - name: Report targetcli configuration - reporting stderr from above check 47 | debug: msg={{ targetconfig.stderr }} 48 | 49 | - name: Delete fingerprint file 50 | file: path={{ env_pripath_iscsi }}{{ env_name_clean }}/{{ env_uuid }} state=absent 51 | 52 | - name: Delete environments folder 53 | file: state=absent path={{ env_pripath_iscsi }}{{ env_name_clean }} 54 | 55 | - name: Report deleted folder 56 | debug: msg="Folder {{ env_pripath_iscsi }}{{ env_name_clean }} removed." 57 | 58 | when: ( pathretval.stat.exists | trim == "True" ) and ( fprintretval.stat.exists | trim =="True" ) 59 | -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-manager/tasks/centos.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - include: ../../../tasks/set_centos_repos.yml 4 | 5 | - name: Ensure selinux python bindings are installed 6 | yum: name=libselinux-python state=present 7 | 8 | - name: CentOS 7 hostname fixup 9 | file: path=/etc/hostname state=absent 10 | when: ansible_distribution_major_version == "7" 11 | 12 | - name: Clear all yum cache 13 | command: yum clean all 14 | 15 | - name: Set selinux to permissive 16 | command: setenforce permissive 17 | changed_when: false 18 | 19 | - name: Ensure selinux is set permanently 20 | selinux: policy=targeted state=permissive 21 | 22 | - name: Ensure CA Certs are latest 23 | yum: name=ca-certificates state=latest enablerepo=base 24 | 25 | - name: install rng-tools to get entropy 26 | yum: name=haveged state=present 27 | 28 | - name: update lvm2 as fix for bugzilla.redhat.com/show_bug.cgi?id=1294128 29 | yum: name=lvm2 state=latest 30 | 31 | - name: install qemu-img 32 | yum: name=qemu-img state=present 33 | 34 | - debug: msg="Set Java on VM" 35 | - set_fact: java_ver="{{ mgmt_java_ver }}" 36 | - set_fact: java_path="{{ mgmt_java_path }}" 37 | - include: ../../../tasks/set_java.yml 38 | when: force_java 39 | 40 | 41 | - debug: 42 | msg: "env_cs_distribution - {{ env_cs_distribution }}" 43 | - include: ./centos-acs.yml 44 | when: env_cs_distribution == "cs" 45 | 46 | - include: ./centos-shortname.yml 47 | when: env_cs_distribution == "ccp" and setshortname|bool 48 | 49 | - include: ./centos-ccp.yml 50 | when: env_cs_distribution == "ccp" 51 | 52 | - name: ensure rpcbind in installed 53 | yum: 54 | name: rpcbind 55 | state: present 56 | 57 | - name: ensure rpcbind in started 58 | service: 59 | name: rpcbind 60 | state: started 61 | enabled: yes 62 | 63 | - debug: msg="Some Marvin Stuff" 64 | when: (num_marv_hosts > 0) 65 | 66 | - name: Ensure sshpass is installed (CentOS 7) 67 | yum: name=sshpass state=present 68 | when: (num_marv_hosts > 0) 69 | 70 | - name: Open 8096 when Marvin is required (CentOS 6) 71 | shell: "iptables -I INPUT -p tcp -m tcp --dport 8096 -j ACCEPT && iptables-save > /etc/sysconfig/iptables" 72 | when: (num_marv_hosts > 0) 73 | # and (ansible_distribution_major_version == "6") 74 | 75 | #- name: Open 8096 when Marvin is required (CentOS 7) 76 | # shell: firewall-cmd --permanent --zone=public --add-port=8096/tcp && firewall-cmd --reload 77 | # when: (num_marv_hosts > 0) and (ansible_distribution_major_version == "7") 78 | -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-manager/tasks/migrate_databases.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: stop mgmt service before db.properties update or database migration 4 | shell: "systemctl stop cloudstack-management && sleep 5 && systemctl stop cloudstack-management && systemctl stop cloudstack-usage && sleep 10" 5 | when: encryptor_version in ["V1_UPGRADE_TO_V2", "V2_AND_V1", "V1_UPGRADE_TO_V2_ENV"] 6 | 7 | - name: update db.properties and perform database migration 8 | shell: /usr/bin/cloudstack-migrate-databases -m password -d password -n newmgmtkey -e newdbpassword --force-database-migration --version V2 9 | when: ("primary_cs_manager" in group_names) and (encryptor_version == "V1_UPGRADE_TO_V2") 10 | 11 | - name: update db.properties on secondary management servers 12 | shell: /usr/bin/cloudstack-migrate-databases -m password -d password -n newmgmtkey -e newdbpassword --skip-database-migration --version V2 13 | when: ("secondary_cs_manager" in group_names) and (encryptor_version == "V1_UPGRADE_TO_V2") 14 | 15 | - name: update db.properties only if encryptor version is V2_AND_V1 16 | shell: /usr/bin/cloudstack-migrate-databases -m password -d password -n password -e password --skip-database-migration --version V1 17 | when: encryptor_version == "V2_AND_V1" 18 | 19 | - name: add CLOUD_SECRET_KEY_NEW to /etc/environment 20 | lineinfile: 21 | path: /etc/environment 22 | regexp: '^CLOUD_SECRET_KEY_NEW=' 23 | line: "CLOUD_SECRET_KEY_NEW=newmgmtkey" 24 | when: encryptor_version == "V1_UPGRADE_TO_V2_ENV" 25 | 26 | - name: update db.properties and perform database migration 27 | shell: /usr/bin/cloudstack-migrate-databases -m password -d password -l -e newdbpassword --force-database-migration --version V2 28 | when: ("primary_cs_manager" in group_names) and (encryptor_version == "V1_UPGRADE_TO_V2_ENV") 29 | 30 | - name: update db.properties on secondary management servers 31 | shell: /usr/bin/cloudstack-migrate-databases -m password -d password -l -e newdbpassword --skip-database-migration --version V2 32 | when: ("secondary_cs_manager" in group_names) and (encryptor_version == "V1_UPGRADE_TO_V2_ENV") 33 | 34 | - name: restart mgmt service after db.properties update or database migration 35 | shell: "systemctl restart cloudstack-management && systemctl restart cloudstack-usage" 36 | when: encryptor_version in ["V1_UPGRADE_TO_V2", "V2_AND_V1", "V1_UPGRADE_TO_V2_ENV"] 37 | 38 | - name: test for API on 8080 39 | shell: "curl http://127.0.0.1:8080/client/api --connect-timeout 5" 40 | register: result 41 | until: result.stdout.find("unable to verify user") != -1 42 | retries: 25 43 | -------------------------------------------------------------------------------- /Ansible/library/cloudmonkey_config: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | # configure cloudmonkey 18 | 19 | # Define our functions 20 | function fatal 21 | { 22 | echo -e "FATAL: $1" 23 | exit 1 24 | } 25 | 26 | function error 27 | { 28 | echo -e "ERROR: $1" 29 | } 30 | 31 | function info 32 | { 33 | echo -e "INFO: $1" 34 | } 35 | 36 | function set_arg_val 37 | { 38 | argnm=${1} 39 | argval=${2} 40 | reqd=${3} 41 | 42 | if [[ "${argval}" == "" ]]; 43 | then 44 | if [[ ${reqd} == 1 ]]; 45 | then 46 | fatal "${argnm} must be set" 47 | fi 48 | fi 49 | export "${argnm}=${argval}" 50 | } 51 | 52 | 53 | 54 | 55 | # Index of next arg 56 | OPTIND=1 57 | # Holds option argument 58 | OPTARG="" 59 | 60 | # Default variables 61 | cookie_store=/tmp/cs-cookies 62 | cm_bin=`which cloudmonkey` 63 | cm_prompt="ansimonkey>" 64 | cs_url= 65 | cs_secret_key= 66 | cs_api_key= 67 | cs_user_id= 68 | cs_username= 69 | 70 | 71 | while getopts "h:s:a:p:u:c:j:" arg_val; do 72 | case $arg_val in 73 | h) 74 | set_arg_val cs_url ${OPTARG} 1 75 | echo $cs_url 76 | ;; 77 | s) 78 | set_arg_val cs_secret_key ${OPTARG} 0 79 | ;; 80 | a) 81 | set_arg_val cs_api_key ${OPTARG} 0 82 | ;; 83 | u) 84 | set_arg_val cs_username ${OPTARG} 0 85 | ;; 86 | p) 87 | set_arg_val cs_pass ${OPTARG} 0 88 | ;; 89 | c) 90 | #set_arg_val cm_command ${OPTARG} 1 91 | ;; 92 | j) 93 | set_arg_val postproc ${OPTARG} 0 94 | ;; 95 | esac 96 | done 97 | 98 | sed -i -e "/^username/ c\username = $cs_username" -e "/^url/ c\url = $cs_url" -e "/^secretkey/ c\secretkey = $cs_secret_key" -e "/^apikey/ c\apikey = $cs_api_key" -e "/^password/ c\password = $cs_pass" -e "/^display/ c\display = json" -e "/^color/ c\color = false" ~/.cloudmonkey/config 99 | 100 | cloudmonkey sync -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-manager/tasks/centos-ccp.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | - name: install Java 1.6 when running cs4.3 or earlier 18 | yum: name=java-1.6.0-openjdk state=present 19 | when: env_numversion | version_compare('4.3','<=') 20 | 21 | - name: set host to use Java 1.6 22 | shell: alternatives --set java /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/java 23 | when: env_numversion | version_compare('4.3','<=') 24 | 25 | - name: Ensure MySQL Client is present (centos/rhel6) 26 | yum: name=mysql state=present 27 | when: ansible_distribution_major_version == "6" 28 | 29 | - name: download installer 30 | get_url: url="{{ sb_repo }}/ccp/{{ccp_install_tarball}}.tar.gz" dest="/tmp/{{ ccp_install_tarball }}.tar.gz" 31 | 32 | - name: extract tarball 33 | unarchive: src="/tmp/{{ ccp_install_tarball }}.tar.gz" dest=/tmp copy=no 34 | 35 | #- name: enable base repo 36 | # set_fact: base_repo_enabled=1 37 | #- template: src=CentOS-Base.repo.j2 dest=/etc/yum.repos.d/CentOS-Base.repo 38 | 39 | - name: run installer -- THIS IS VERY FRAGILE 40 | shell: "cd /tmp/{{ ccp_install_tarball }} && bash ./install.sh -m -s" 41 | when: env_numversion | version_compare('4.11','<') 42 | 43 | - name: run installer -- THIS IS VERY FRAGILE 44 | shell: "cd /tmp/Rovius-CloudPlatform* && bash ./install.sh -m -s" 45 | when: env_numversion | version_compare('4.11','>=') 46 | 47 | 48 | 49 | 50 | #- name: disable base repo 51 | # set_fact: base_repo_enabled=0 52 | #- template: src=CentOS-Base.repo.j2 dest=/etc/yum.repos.d/CentOS-Base.repo 53 | 54 | #- name: rename CloudStack title in browser 55 | # shell: sed -i "/document.title =/ c\ document.title = \"{{ env_name_clean }}\";" /usr/share/cloudstack-management/webapps/client/scripts/cloudStack.js 56 | # tags: 57 | # - "rename_browser" 58 | 59 | #- name: re-gzip file 60 | # shell: gzip -cf /usr/share/cloudstack-management/webapps/client/scripts/cloudStack.js > /usr/share/cloudstack-management/webapps/client/scripts/cloudStack.js.gz 61 | # tags: 62 | # - "rename_browser" 63 | 64 | - include: ./setupdb.yml 65 | -------------------------------------------------------------------------------- /Ansible/library/get_xenserver_facts: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | # create a JSON compatible Ansible 'Fact' of patches installed on a XenServer 18 | 19 | XENVERSION=`cat /etc/redhat-release | awk -F ' ' '{print $3}' | awk -F '-' '{print $1}'` 20 | VER=${XENVERSION//./_} 21 | # run xe command to return applied patch UUIDs 22 | #listAppliedPatches=`xe patch-list --minimal` 23 | THIS_HOST=`xe host-list --minimal name-label=$HOSTNAME` 24 | POOLMASTER=`xe pool-list params=master --minimal` 25 | 26 | if [[ "$POOLMASTER" == "$THIS_HOST" ]]; then 27 | POOLHOSTTYPE="master" 28 | else 29 | POOLHOSTTYPE="slave" 30 | fi 31 | 32 | 33 | listUploadedPatches=`xe patch-list --minimal` 34 | 35 | POOLNAME=`xe pool-list params=name-label --minimal` 36 | 37 | 38 | 39 | 40 | # ---------- Create JSON ------------------------ 41 | 42 | # output opening section of JSON output 43 | echo '{ 44 | "ansible_facts": {' 45 | 46 | # output XenServer version 47 | echo " \"ansible_xenserver_version\": \"$VER\"," 48 | echo ' "ansible_xenserver_patches": {' 49 | 50 | if [ -n "$listUploadedPatches" ]; then 51 | # split comma separated list into an array 52 | UploadedPatches=${listUploadedPatches//,/$'\n'} 53 | 54 | # loop through uploaded patches and output to a temp file 55 | for uploaded_patch in $UploadedPatches 56 | do 57 | if [[ -n `xe patch-list hosts=$THIS_HOST uuid=$uploaded_patch --minimal` ]]; then 58 | echo " \"`xe patch-param-get param-name=name-label uuid=$uploaded_patch`\": \"installed\"," >> /tmp/ansi_answ_file 59 | else 60 | echo " \"`xe patch-param-get param-name=name-label uuid=$uploaded_patch`\": \"uploaded\"," >> /tmp/ansi_answ_file 61 | fi 62 | done 63 | 64 | # remove training comma on last entry in file (then output contents) 65 | sed '$s/.$//' /tmp/ansi_answ_file 66 | 67 | # remove file 68 | rm -f /tmp/ansi_answ_file 69 | 70 | fi 71 | 72 | # output closing part of JSON output 73 | echo " }, 74 | \"ansible_host_uuid\": \"$THIS_HOST\", 75 | \"ansible_host_type\": \"$POOLHOSTTYPE\", 76 | \"ansible_pool_name\": \"$POOLNAME\" 77 | 78 | } 79 | }" 80 | -------------------------------------------------------------------------------- /Ansible/roles/mysql/tasks/secure_mysql.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | 18 | - name: update mysql root password for localhost root accounts 19 | mysql_user: user="root" password="{{ mysql_root_password }}" host=localhost login_user="root" login_password="{{ old_mysql_root_password }}" 20 | tags: 21 | - mysql 22 | - mysqlconf 23 | 24 | - name: remove the MySQL test database 25 | mysql_db: db=test state=absent login_user="root" login_password="{{ mysql_root_password }}" 26 | ignore_errors: true 27 | tags: 28 | - mysql 29 | - mysqlconf 30 | 31 | - name: update mysql root password for all other root accounts 32 | mysql_user: user="root" password="{{ mysql_root_password }}" host="{{ item }}" login_user="root" login_password="{{ mysql_root_password }}" 33 | with_items: 34 | - 127.0.0.1 35 | - "%" 36 | - "::1" 37 | tags: 38 | - mysql 39 | - mysqlconf 40 | 41 | - name: remove empty users 42 | mysql_user: login_user=root login_password={{ mysql_root_password }} name='' host={{ item }} state=absent 43 | with_items: 44 | - 127.0.0.1 45 | - localhost 46 | - "{{ ansible_hostname }}" 47 | - "%" 48 | ignore_errors: true 49 | tags: 50 | - mysql 51 | - mysqlconf 52 | 53 | - name: delete anonymous MySQL server user for ansible_hostname 54 | mysql_user: user='' host="{{ item }}" state="absent" login_user="root" login_password="{{ mysql_root_password }}" 55 | with_items: 56 | - localhost 57 | - "{{ ansible_hostname }}" 58 | - "%" 59 | - 127.0.0.1 60 | - "::1" 61 | ignore_errors: true 62 | tags: 63 | - mysql 64 | - mysqlconf 65 | 66 | - name: remove IPv6 root user 67 | mysql_user: login_user=root login_password={{ mysql_root_password }} name='root' host={{ item }} state=absent 68 | with_items: 69 | - "::1" 70 | ignore_errors: true 71 | tags: 72 | - mysql 73 | - mysqlconf 74 | 75 | - name: Ensure root access privileges are granted 76 | mysql_user: login_user=root login_password={{ mysql_root_password }} user=root host="%" password={{ mysql_root_password }} priv=*.*:GRANT,ALL state=present 77 | tags: 78 | - mysql 79 | - mysqlconf -------------------------------------------------------------------------------- /Ansible/documentation/TrillianNetworking.xml: -------------------------------------------------------------------------------- 1 | 7Vtbc+I6Ev41qTrnAcoXbOAxMJnZh0xO9rA1O/s0ZbADOjEWJZskzK+fltWy5SsXKyQ7gQew2nJbVn/9qdW0r+zp+uUL8zarr9QPwivL8F+u7E9XlmWaYwd+uGQnJO54JARLRnzslAtm5GeAQgOlW+IHcaFjQmmYkE1RuKBRFCySgsxjjD4Xuz3QsHjXjbeUd8wFs4UXVqX/JX6yEtKR5ebyfwVkuZJ3Nt2xODP3Fo9LRrcR3u/Ksh/Sjzi99qQufNB45fn0WRHZNzCvjFLQzI/WL9Mg5HMrp01c97nhbDZuFkQ4tvYLLBvHkezkswc+TAU2KUtWdEkjL7zJpZP0+QKuwYTWKlmHeAg3Zbvv0DBk43+80Xdk8z5gZB0kAcM+/wRJskPze9uEgii/5S2lm0yxf83NCs2IRnwMIPlM4FGEngVdkwUeZ1OaDuKFJOmA+hyCoi3GZA5gstN2eVBiRvg0NE4qimK6ZQvsBe0Uph5bBrJXOrk48V8CCjdhO+gj3WSEXoJOMrAQRB6id5ldkmm5pwTGkKuQOJIqDGxLFWKEeJWKgz2KMk+UisRzVRSBVTz+SLLbhneImwc8cIr3sUcCgE3jKve3XOGC2B8OxAhkS5nnXJRivgH/QvuTF27RjrMV2NkH2VcvAjdfc5tbxl2QPFP2CEd/IA4sYxrSrT9LwOOFI4vLItlzslntYgKc8mfFxRSXWTLPJ6DvE2FAZIRGKcTBBziSE0YfMwLicIW7bLiO9Qtct1n18WZxf74FA2TKpjSkHM3oK233eKB595ys7MlGcQpOanNQpTjKRMrQeQE+cE3okai32bINPKiY14AlgYRYgxs1+segDBVsP+eM7IxRtlLYWEK5zo0U4LTiwsT1qoEXcWKLRKiSkEqKGQWlNCgJqIF89jHdoYwpkRKS6PFkTsPFQeW01P2qJmNB6CXkqai9iwFs5EbFM//DttEj9zE3hMFMfPIEh0t++O32+g5IR8hBs3KqYkbAI5crBmJBTH5687RDCmPBYdDbmVw5n0DihWTJnWYBk5Win+Oau/Y1nlgT30+XxtCbB+EkCwLqPKvRMzCYwZHkMULBSCkuG10GljUbtaHX9AaiebCB6nlYqkGtpevpw0MMACmb9zgqRrApBq+x9F0QJynNpuQLvzCSOrN/2UJHOM2RMePdDKOXrnEVjffbeQhuK7rCzxgW4YOAVGJOw3Dd6bQGGwn3yUx6ywFyT2OCPDynSULXEjnKiQxrFfDpXz2eCEu2XvgjDhiMM2Ny6CV8thuPw9wX13AJUYXITRlvqEQ+1EHkktaOIPKTyfs1wtnTmBvZU2XuNNQ5A3NXifteRkzfvj7DYY0T3sy+E278HYQdTySm7FA2/42csOJ8QRDpj6IGsq04X10QlTltFyjgdlmBQsbf2WIuQ2uw+KGx9fkD6vNEzpR5Ebi5dpubNTZ3ZDStGt3WYPNhs/urRq1QQGG7NWNc/sEIIPLiHw8kfAUOMB30xBYSGGGEV8ADcnkXPOBGqhDHw0pHPHgw11tzq0TzmP/UgWI3+/ctN7jgxgskenM+jd0RYfMwd9+ygFp1IwLvXI+IMgKuo5jwDREMg/KI/oIATQiwhuiZbQjA9JhuBJgIgY+dXTFrUsZnS69UQ7NLekUCsy29YkirvU5+RWtGRQ71yJRK1mlPSsUye2lkeUmpnD2lYsk/WN8ipZL9d/mx2fstk+PVTdaFvSUwG52mZ/SNwbC4E+qh+lPpWy9fn5YCh6sO4usB8LV74eu34OuBTLG9CV/jWtGhxmMffRcqKySVV+lbVof0x6O0GCOvEIFdRUOJSLGcQ9MKcGKJBwZpOrPqJ1VRuO1VEXv72yOxgGirosCJUdejv/4GAb8F526e9AesJ4sVVHVxMVjAAIiBmbOlSSGa29QYjEKdFcwiuHQDHVUvBC5M9ZJo+X/EYbDBD5UxTNNPxl/KGXc0Mif2aZUeR5ChsEzbcnw49bky0Syx6tRQn/yzQXcyWmaj35r63h2JNZvLxiBE/nfgtuR7GtimtNhVVBxalObKKhypyCntkjUVpXWlU9MRD9jYv/x/zNH9xXNro+v24qYjiz7PWMNpDzj3HVLDeXQlqr6iz4aIQG5C0PaVqrbD/Qsixb6rfIbF2hzbtvsj+JKfE53PKjuFgTsnzc5ngU2Lwy+AfW9/q+hM3Z2jPTf97pzjzYDeXtzcG5RwLheFI3DuWPAYRSWWFmiXs2eu01e02jK9onuZed1SZrmlLGQPNOXp3lH8IsPCwiasIabRn3jDm7fN8TuO6xdpxqi5dEVLuF/0rbrak7p6I7nadLLOCYCvfXslZ88sHX2ut1e00XPKYc0VITImz14cGdXGFEe8ilLW6EC81p2rjx1oA1efwqftr0Z9LDS1/y9qDktGMjujqazR1YOmIweqEU2o+YPVIeNO84CMaeNLcZ2hVNY41AIlZ1Cqn+GvIrwSdjrV0N195v/+XCroNNdPOeVXLw8MdHTUT9kn1E/9BmQi/eAINint9AZ2VzZxjFcJcypqjXFBrSyl70wu0MzfLhfd81f47Ztf -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-config/tasks/seedstorage.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create secondary storage mount 3 | file: path=/mnt/secstoragetmp state=directory 4 | tags: 5 | - seed_sec_storage 6 | 7 | - name: Mount NFS storage template 8 | mount: name=/mnt/secstoragetmp src={{ hostvars[groups['secondary_storage_hosts'][0]]['ansible_ssh_host'] }}:{{ env_secpath }}{{ env_name_clean }}/{{ env_secpools[0] }} fstype=nfs state=mounted opts=nolock 9 | tags: 10 | - seed_sec_storage 11 | 12 | - name: detect cloud or cloudstack usage 13 | stat: path=/usr/lib64/cloud/agent/scripts/storage/secondary/cloud-install-sys-tmplt 14 | register: path_is_cloud 15 | tags: 16 | - seed_sec_storage 17 | 18 | # - name: Install System VM templates 19 | # command: /usr/share/cloudstack-common/scripts/storage/secondary/cloud-install-sys-tmplt -m /mnt/secstoragetmp -u {{ env_zone_systemplate }} -h {{ env_hv }} -F 20 | # when: path_is_cloud.stat.exists == False 21 | # ignore_errors: true 22 | # changed_when: false 23 | # tags: 24 | # - seed_sec_storage 25 | 26 | - name: Install System VM templates 27 | command: "/usr/share/cloudstack-common/scripts/storage/secondary/cloud-install-sys-tmplt -m /mnt/secstoragetmp {{ item }}" 28 | with_items: 29 | - "{{ env_zone_systemplate_str }}" 30 | when: path_is_cloud.stat.exists == False and ((env_numversion | version_compare('4.17','<')) or (env_zone_systemplate != 'na')) 31 | ignore_errors: true 32 | changed_when: false 33 | tags: 34 | - seed_sec_storage 35 | 36 | 37 | # - name: Install System VM templates 38 | # command: /usr/lib64/cloud/agent/scripts/storage/secondary/cloud-install-sys-tmplt -m /mnt/secstoragetmp -u {{ env_zone_systemplate }} -h {{ env_hv }} -F 39 | # when: path_is_cloud.stat.exists == True 40 | # ignore_errors: true 41 | # changed_when: false 42 | # tags: 43 | # - seed_sec_storage 44 | 45 | - name: Install System VM templates 46 | command: "/usr/lib64/cloud/agent/scripts/storage/secondary/cloud-install-sys-tmplt -m /mnt/secstoragetmp {{ item }}" 47 | with_items: 48 | - "{{ env_zone_systemplate_str }}" 49 | when: path_is_cloud.stat.exists == True 50 | ignore_errors: true 51 | changed_when: false 52 | tags: 53 | - seed_sec_storage 54 | 55 | 56 | - name: update permissions on vmware template 57 | file: dest="/mnt/secstoragetmp/template/tmpl/1/8" owner=root group=root recurse=yes 58 | when: ("{{ env_hv }}" == "vmware") 59 | ignore_errors: true 60 | tags: 61 | - seed_sec_storage 62 | 63 | - name: Un-mount NFS storage 1 template 64 | mount: name=/mnt/secstoragetmp src={{ hostvars[groups['secondary_storage_hosts'][0]]['ansible_ssh_host'] }}:{{ env_secpath }}{{ env_name_clean }}/{{ env_secpools[0] }} fstype=nfs state=unmounted 65 | ignore_errors: true 66 | tags: 67 | - seed_sec_storage 68 | -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-manager/files/update_db_410_to_411.sql: -------------------------------------------------------------------------------- 1 | use cloud; 2 | 3 | CREATE TABLE IF NOT EXISTS `cloud`.`netscaler_servicepackages` ( 4 | `id` bigint unsigned NOT NULL AUTO_INCREMENT COMMENT 'id', 5 | `uuid` varchar(255) UNIQUE, 6 | `name` varchar(255) UNIQUE COMMENT 'name of the service package', 7 | `description` varchar(255) COMMENT 'description of the service package', 8 | PRIMARY KEY (`id`) 9 | ) ENGINE=InnoDB DEFAULT CHARSET=utf8; 10 | 11 | 12 | CREATE TABLE IF NOT EXISTS `cloud`.`external_netscaler_controlcenter` ( 13 | `id` bigint unsigned NOT NULL AUTO_INCREMENT COMMENT 'id', 14 | `uuid` varchar(255) UNIQUE, 15 | `username` varchar(255) COMMENT 'username of the NCC', 16 | `password` varchar(255) COMMENT 'password of NCC', 17 | `ncc_ip` varchar(255) COMMENT 'IP of NCC Manager', 18 | `num_retries` bigint unsigned NOT NULL default 2 COMMENT 'Number of retries in 19 | ncc for command failure', 20 | PRIMARY KEY (`id`) 21 | ) ENGINE=InnoDB DEFAULT CHARSET=utf8; 22 | 23 | 24 | ALTER TABLE `cloud`.`sslcerts` ADD COLUMN `name` varchar(255) NULL default NULL 25 | COMMENT 'Name of the Certificate'; 26 | ALTER TABLE `cloud`.`network_offerings` ADD COLUMN `service_package_id` 27 | varchar(255) NULL default NULL COMMENT 'Netscaler ControlCenter Service 28 | Package'; 29 | 30 | 31 | DROP VIEW IF EXISTS `cloud`.`user_view`; 32 | CREATE VIEW `cloud`.`user_view` AS 33 | select 34 | user.id, 35 | user.uuid, 36 | user.username, 37 | user.password, 38 | user.firstname, 39 | user.lastname, 40 | user.email, 41 | user.state, 42 | user.api_key, 43 | user.secret_key, 44 | user.created, 45 | user.removed, 46 | user.timezone, 47 | user.registration_token, 48 | user.is_registered, 49 | user.incorrect_login_attempts, 50 | user.source, 51 | user.default, 52 | account.id account_id, 53 | account.uuid account_uuid, 54 | account.account_name account_name, 55 | account.type account_type, 56 | account.role_id account_role_id, 57 | domain.id domain_id, 58 | domain.uuid domain_uuid, 59 | domain.name domain_name, 60 | domain.path domain_path, 61 | async_job.id job_id, 62 | async_job.uuid job_uuid, 63 | async_job.job_status job_status, 64 | async_job.account_id job_account_id 65 | from 66 | `cloud`.`user` 67 | inner join 68 | `cloud`.`account` ON user.account_id = account.id 69 | inner join 70 | `cloud`.`domain` ON account.domain_id = domain.id 71 | left join 72 | `cloud`.`async_job` ON async_job.instance_id = user.id 73 | and async_job.instance_type = 'User' 74 | and async_job.job_status = 0; 75 | 76 | -------------------------------------------------------------------------------- /Ansible/roles/vsphere/tasks/add_iscsivmfs_storage.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Find SW iSCSI adapter name - not always vmhba33 4 | raw: esxcli storage core adapter list | grep -i iscsi | awk '{print $1}' 5 | register: iscsihba 6 | ignore_errors: true 7 | 8 | - name: Add iSCSI target 9 | raw: esxcli iscsi adapter discovery sendtarget add --adapter {{ iscsihba.stdout | regex_replace('\s+$', '') }} --address {{ env_prihost_iscsi }} 10 | ignore_errors: true 11 | 12 | - name: rescan HBAs (RAW for compatibility) 13 | raw: esxcli storage core adapter rescan --all 14 | ignore_errors: true 15 | 16 | - name: detect all iSCSI HBA paths 17 | raw: esxcli storage core path list | grep -i runtime | grep -i {{ iscsihba.stdout | regex_replace('\s+$', '') }} | awk '{print $3}' 18 | register: iscsihbapaths 19 | ignore_errors: true 20 | run_once: true 21 | 22 | - name: Find all partitions 23 | raw: esxcli storage core path list -p {{ item }} | grep -i device{{ ":" }} | awk '{print $2}' 24 | register: iscsipartitions 25 | with_items: "{{ iscsihbapaths.stdout_lines }}" 26 | ignore_errors: true 27 | run_once: true 28 | 29 | - name: List found partitions 30 | debug: msg="Formatting partitions {{ item.0 }} > {{ item.1.stdout | regex_replace('\s+$', '') }}" 31 | with_together: 32 | - "{{ iscsihbapaths.stdout_lines }}" 33 | - "{{ iscsipartitions.results }}" 34 | ignore_errors: true 35 | run_once: true 36 | 37 | - name: Label and partition new disk 38 | raw: "DEVICE='/vmfs/devices/disks/{{ item.stdout | regex_replace('\\s+$', '') }}';partedUtil mklabel ${DEVICE} msdos;SECTOR_DATA=$(partedUtil getptbl ${DEVICE} | tail -1);x=$(echo $SECTOR_DATA | awk '{print $1}');y=$(echo $SECTOR_DATA | awk '{print $2}');z=$(echo $SECTOR_DATA | awk '{print $3}');END_SECTOR=`expr $x \\* $y \\* $z - 1`;/sbin/partedUtil \"setptbl\" \"${DEVICE}\" \"gpt\" \"1 2048 ${END_SECTOR} AA31E02A400F11DB9590000C2911D1B8 0\"" 39 | ignore_errors: true 40 | with_items: 41 | - "{{ iscsipartitions.results }}" 42 | run_once: true 43 | 44 | - name: add New disk to as DataStore 45 | raw: "DEVICE='/vmfs/devices/disks/{{ item.0.stdout | regex_replace('\\s+$', '') }}';/sbin/vmkfstools -C vmfs5 -b 1m -S {{ item.1 }} ${DEVICE}:1" 46 | ignore_errors: true 47 | with_together: 48 | - "{{ iscsipartitions.results }}" 49 | - "{{ env_pripools }}" 50 | run_once: true 51 | 52 | - name: rescan HBAs (RAW for compatibility) 53 | raw: esxcli storage core adapter rescan --all 54 | ignore_errors: true 55 | 56 | - name: rescan filesystems 57 | raw: esxcli storage filesystem rescan 58 | 59 | - name: mount newly created VMFS volumes - not always required 60 | raw: esxcli storage filesystem mount --volume-label {{ item }} 61 | ignore_errors: true 62 | with_items: 63 | - "{{ env_pripools }}" 64 | when: inventory_hostname != "{{ groups['esxi_hosts'][0] }}" 65 | -------------------------------------------------------------------------------- /Ansible/roles/mysql/templates/my.ubuntu.cnf.j2: -------------------------------------------------------------------------------- 1 | 2 | #Copyright 2016 ShapeBlue 3 | # 4 | #Licensed under the Apache License, Version 2.0 (the "License"); 5 | #you may not use this file except in compliance with the License. 6 | #You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | #Unless required by applicable law or agreed to in writing, software 11 | #distributed under the License is distributed on an "AS IS" BASIS, 12 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | #See the License for the specific language governing permissions and 14 | #limitations under the License. 15 | 16 | [client] 17 | port = 3306 18 | socket = /var/run/mysqld/mysqld.sock 19 | 20 | [mysqld_safe] 21 | socket = /var/run/mysqld/mysqld.sock 22 | nice = 0 23 | 24 | [mysqld] 25 | user = mysql 26 | pid-file = /var/run/mysqld/mysqld.pid 27 | socket = /var/run/mysqld/mysqld.sock 28 | port = 3306 29 | basedir = /usr 30 | datadir = /var/lib/mysql 31 | tmpdir = /tmp 32 | lc-messages-dir = /usr/share/mysql 33 | 34 | {% if inventory_hostname in groups["mysql_hosts"] %} 35 | server-id={{ hostvars[inventory_hostname]['serverid'] }} 36 | {% elif '{{ db_type }}' == 'mysql-masterslave' %} 37 | server-id={{ hostvars[inventory_hostname]['serverid'] }} 38 | {% else %} 39 | server-id=1 40 | {% endif %} 41 | 42 | 43 | skip_name_resolve 44 | 45 | innodb_rollback_on_timeout=1 46 | innodb_lock_wait_timeout=600 47 | max_connections={{ mysql_max_connections }} 48 | log-bin=mysql-bin 49 | binlog-format = 'ROW' 50 | bind-address = 0.0.0.0 51 | 52 | innodb_buffer_pool_size={{ mysql_innodb_buffer_pool_size }} 53 | innodb_file_per_table=1 54 | #innodb_additional_mem_pool_size=20M 55 | innodb_log_buffer_size=16MB 56 | innodb_flush_log_at_trx_commit=2 57 | 58 | min_examined_row_limit=100 59 | sort_buffer_size=2M 60 | tmp_table_size=32M 61 | 62 | max_heap_table_size=64M 63 | 64 | sync_binlog=1 65 | 66 | #key_buffer=16M 67 | max_allowed_packet = 16M 68 | thread_stack=192K 69 | thread_cache_size=8 70 | 71 | query_cache_size=32M 72 | 73 | log_error = /var/log/mysql/error.log 74 | log_warnings=2 75 | 76 | slow_query_log_file=slow.log 77 | slow_query_log=0 78 | log_queries_not_using_indexes=1 79 | long_query_time=0.5 80 | 81 | 82 | 83 | log_bin=/var/log/mysql/mysql-bin.log 84 | expire_logs_days=5 85 | max_binlog_size=128M 86 | 87 | symbolic-links=0 88 | 89 | 90 | [mysqldump] 91 | quick 92 | quote-names 93 | max_allowed_packet = 16M 94 | 95 | [mysql] 96 | #no-auto-rehash # faster start of mysql but no tab completition 97 | 98 | [isamchk] 99 | key_buffer = 16M 100 | 101 | !includedir /etc/mysql/conf.d/ 102 | -------------------------------------------------------------------------------- /Ansible/library/reconcile_db: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | DBHOST= 4 | DBUSER=root 5 | DBPASS="" 6 | DBNAME="trillian_envs" 7 | ENVTBL="environments" 8 | PODTBL="podnetworks" 9 | PUBTBL="pubnetworks" 10 | 11 | projectnames=`cloudmonkey list projects | jq '.project[] | .name' | grep -i nestedclouds` 12 | echo " -- The following projects are in the Lab: 13 | $projectnames" 14 | #DBHOST=`echo $ARGS | tr " " "\n"| awk -F= '$1=="DBHOST"{print $2}'| tr -d '"' | sed -e 's/[[:space:]]*$//'` 15 | #DBUSER=`echo $ARGS | tr " " "\n"| awk -F= '$1=="DBUSER"{print $2}'| tr -d '"' | sed -e 's/[[:space:]]*$//'` 16 | #DBPASS=`echo $ARGS | tr " " "\n"| awk -F= '$1=="DBPASS"{print $2}'| tr -d '"' | sed -e 's/[[:space:]]*$//' | tr -d "'"` 17 | MYSQLCOMMAND="mysql -h${DBHOST} -u${DBUSER} -p${DBPASS} -s -N -e"; 18 | 19 | active_ids="" 20 | for project in $projectnames; do 21 | env_name=`echo $project | sed 's\-NestedClouds\\\'` 22 | activeid=`${MYSQLCOMMAND} "SELECT id FROM ${DBNAME}.${ENVTBL} WHERE name='${env_name}' and removed is NULL"` 23 | if [[ -n $activeid ]]; then 24 | active_ids="$active_ids, ${activeid:3}" 25 | fi 26 | done 27 | 28 | all_active_ids=`echo "${active_ids:2}"` 29 | echo " -- The following are the IDs of projects not in the LAB but in the DB $all_active_ids" 30 | 31 | 32 | if [[ -n $all_active_ids ]]; then 33 | echo "" 34 | echo " -- These rows will be maked as available" 35 | ${MYSQLCOMMAND} "SELECT * FROM ${DBNAME}.${ENVTBL} WHERE id not in ($all_active_ids) AND removed IS NULL" 36 | ${MYSQLCOMMAND} "SELECT * FROM ${DBNAME}.${PODTBL} WHERE envid not in ($all_active_ids)" 37 | ${MYSQLCOMMAND} "SELECT * FROM ${DBNAME}.${PUBTBL} WHERE envid not in ($all_active_ids)" 38 | 39 | ${MYSQLCOMMAND} "UPDATE ${DBNAME}.${ENVTBL} set removed=now() WHERE id not in ($all_active_ids) AND removed IS NULL"; 40 | ${MYSQLCOMMAND} "UPDATE ${DBNAME}.${PODTBL} SET inuse='FALSE', envid=NULL, updated=now(), removed=now(), comment=NULL, environmentname=NULL WHERE envid not in ($all_active_ids)"; 41 | ${MYSQLCOMMAND} "UPDATE ${DBNAME}.${PUBTBL} SET inuse='FALSE', envid=NULL, updated=now(), removed=now(), comment=NULL, environmentname=NULL WHERE envid not in ($all_active_ids)"; 42 | else 43 | echo "" 44 | echo " -- No DB rows need marking as AVAILABLE" 45 | 46 | fi 47 | for project in $projectnames; do 48 | activeid=`${MYSQLCOMMAND} "SELECT id FROM ${DBNAME}.${ENVTBL} WHERE name='${env_name}'"` 49 | if [[ -n $activeid ]]; then 50 | echo " -- updating id in DB with projects in use in LAB" 51 | ${MYSQLCOMMAND} "UPDATE ${DBNAME}.${PODTBL} SET inuse='TRUE', updated=now(), removed=NULL, comment='reconciled', environmentname='${project}' WHERE envid='${activeid}'"; 52 | ${MYSQLCOMMAND} "UPDATE ${DBNAME}.${PUBTBL} SET inuse='TRUE', updated=now(), removed=NULL, comment='reconciled', environmentname='${project}' WHERE envid='${activeid}'"; 53 | fi 54 | done 55 | -------------------------------------------------------------------------------- /Ansible/roles/kvm/tasks/kvm_networking_ovs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | - name: get OS facts 18 | setup: 19 | 20 | - name: stop and disable networkmanager (CentOS7) 21 | service: 22 | name: NetworkManager 23 | state: stopped 24 | enabled: false 25 | when: ansible_distribution_major_version == "7" 26 | ignore_errors: true 27 | 28 | - name: Blacklist bridge module 29 | template: src=bridge-blacklist.j2 dest="/etc/modprobe.d/bridge-blacklist.conf" 30 | 31 | - name: Install OVS RPM 32 | yum: name={{ kvm_centos_ovsrpm }} state=present validate_certs=no 33 | 34 | - name: Start OVS 35 | systemd: 36 | name: openvswitch 37 | state: started 38 | enabled: yes 39 | 40 | - name: Configure eths 41 | template: src=kvm-ovs-eth.j2 dest=/etc/sysconfig/network-scripts/ifcfg-{{ item.interface }} 42 | with_items: 43 | - { interface: eth0, bridge: "{{ kvm_mgmt_network_label }}" } 44 | - { interface: eth1, bridge: "{{ kvm_guest_network_label }}" } 45 | 46 | - name: Configure bridges - advanced networking 47 | template: src=kvm-ovs-bridges.j2 dest=/etc/sysconfig/network-scripts/ifcfg-{{ item.bridge }} 48 | with_items: 49 | - { bridge: "{{ kvm_mgmt_network_label }}", bootproto: static } 50 | - { bridge: "{{ kvm_guest_network_label }}", bootproto: none } 51 | - { bridge: "cloud0", bootproto: static } 52 | 53 | - name: Set static hostname 54 | shell: /usr/bin/hostnamectl set-hostname --static --transient --pretty {{ inventory_hostname }} 55 | 56 | - name: Configure sysctl.conf for OVS 57 | lineinfile: 58 | path: /etc/sysctl.conf 59 | line: "{{ item }}" 60 | with_items: 61 | - "net.ipv4.ip_forward=1" 62 | - "net.ipv4.conf.default.rp_filter=0" 63 | - "net.ipv4.conf.all.rp_filter=0" 64 | - "net.ipv6.conf.all.disable_ipv6=1" 65 | - "net.ipv6.conf.default.disable_ipv6=1" 66 | 67 | #- name: restart networking 68 | # service: name=network state=restarted 69 | # ignore_errors: true 70 | 71 | - name: Reboot KVM host to implement new networking (reboot scheduled in 1min) 72 | command: /sbin/shutdown -r +1 "Ansible-triggered Reboot" 73 | async: 0 74 | poll: 0 75 | 76 | - name: Reboot KVM host to implement new networking (wait for server to restart) 77 | wait_for_connection: 78 | delay: 120 79 | sleep: 5 80 | timeout: 900 81 | connect_timeout: 2 82 | -------------------------------------------------------------------------------- /Ansible/library/cs_version_facts: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ARGS="(`cat $1`)" 4 | INPUTSTRING=`echo $ARGS | tr " " "\n"| awk -F= '$1=="versionstring"{print $2}'| tr -d '"' | sed -e 's/[[:space:]]*$//'` 5 | ISUPGRADE=`echo $ARGS | tr " " "\n"| awk -F= '$1=="isupgrade"{print $2}'| tr -d '"' | sed -e 's/[[:space:]]*$//'` 6 | 7 | if [[ "${ISUPGRADE,,}" == "true" ]] || [[ "${ISUPGRADE,,}" == "yes" ]]; then 8 | PREFIX_STR="upgrade" 9 | else 10 | PREFIX_STR="env" 11 | fi 12 | 13 | if [ -z $INPUTSTRING ]; then 14 | echo "nothing to do" 15 | else 16 | if [[ "${INPUTSTRING}" == *"-"* ]]; then 17 | VERSIONSTRING="$INPUTSTRING" 18 | else 19 | VERSIONSTRING=`echo $INPUTSTRING | awk -F "-" '{print $1}'` 20 | fi 21 | 22 | re='[a-zA-Z]' 23 | if [[ "${VERSIONSTRING:1}" =~ $re ]]; then 24 | if [[ "${VERSIONSTRING}" = "CCP"* ]] || [[ "${VERSIONSTRING}" == "ACP"* ]] || [[ "${VERSIONSTRING}" = "ccp"* ]] || [[ "${VERSIONSTRING}" == "acp"* ]]; then 25 | DISTRIBUTION="ccp" 26 | VERSIONNUM="${VERSIONSTRING:3}" 27 | else 28 | DISTRIBUTION="cs" 29 | if [[ "${VERSIONSTRING,,}" == "cs"* ]]; then 30 | VERSIONNUM="${VERSIONSTRING:2}" 31 | else 32 | VERSIONNUM="${VERSIONSTRING:3}" 33 | fi 34 | fi 35 | else 36 | DISTRIBUTION="cs" 37 | VERSIONNUM=${VERSIONSTRING} 38 | fi 39 | 40 | VERSIONDEPTH=$((`echo "${VERSIONNUM}" | awk -F "." '{print NF-1}'`)) 41 | L_ONE=`echo $VERSIONNUM | awk -F "." '{print $1}'` 42 | L_TWO=`echo $VERSIONNUM | awk -F "." '{print $2}'` 43 | NUMERIC_VERSION=`echo $L_ONE.$L_TWO` 44 | DOT_THREE="" 45 | L_THREE="" 46 | L_FOUR="" 47 | 48 | if [[ "$VERSIONDEPTH" == "2" ]]; then 49 | L_THREE=`echo $VERSIONNUM | awk -F "." '{print $3}'` 50 | L_FOUR="" 51 | NUMERIC_VERSION=`echo $L_ONE.$L_TWO.$L_THREE` 52 | DOT_THREE="." 53 | DOT_FOUR="" 54 | fi 55 | 56 | if [[ "$VERSIONDEPTH" == "3" ]]; then 57 | L_THREE=`echo $VERSIONNUM | awk -F "." '{print $3}'` 58 | L_FOUR=`echo $VERSIONNUM | awk -F "." '{print $4}'` 59 | NUMERIC_VERSION=`echo $L_ONE.$L_TWO.$L_THREE.$L_FOUR` 60 | DOT_THREE="." 61 | DOT_FOUR="." 62 | fi 63 | fi 64 | 65 | cat << EOF 66 | { 67 | "ansible_facts": { 68 | "${PREFIX_STR}_cs_distribution": "${DISTRIBUTION}", 69 | "${PREFIX_STR}_cs_numeric_version": "${NUMERIC_VERSION}", 70 | "${PREFIX_STR}_cs_major_version": "${L_ONE}", 71 | "${PREFIX_STR}_cs_minor_version": "${L_ONE}.${L_TWO}", 72 | "${PREFIX_STR}_cs_subminor_version": "${L_ONE}.${L_TWO}${DOT_THREE}${L_THREE}", 73 | "${PREFIX_STR}_cs_security_version": "${L_ONE}.${L_TWO}${DOT_THREE}${L_THREE}${DOT_FOUR}${L_FOUR}", 74 | "${PREFIX_STR}_version": "${DISTRIBUTION}${L_ONE}${L_TWO}${L_THREE}${L_FOUR}", 75 | "${PREFIX_STR}_repo_version_var": "${L_ONE}.${L_TWO}", 76 | "${PREFIX_STR}_cs_minor_version_string": "${DISTRIBUTION}${L_ONE}${L_TWO}", 77 | "env_return": "success", 78 | "env_retmsg": "Data successfully returned." 79 | } 80 | } 81 | EOF 82 | 83 | exit 84 | -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-manager/tasks/centos-acs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | 18 | - name: "Setup Apache Cloudstack Repo file. baseurl={{ baseurl_cloudstack }} " 19 | template: src=cloudstack.repo.j2 dest=/etc/yum.repos.d/cloudstack.repo 20 | 21 | - name: Ensure CloudStack packages are installed 22 | yum: 23 | name: 24 | - "{{ cloudstack_management_package }}*" 25 | - "{{ cloudstack_common_package }}*" 26 | - tzdata-java 27 | state: present 28 | enablerepo: base 29 | 30 | - name: Ensure MySQL Client is present (centos/rhel6) 31 | yum: name=mysql state=present 32 | when: ansible_distribution_major_version == "6" 33 | 34 | - name: Ensure MariaDB Client is present (centos/rhel7) 35 | yum: name=mysql state=present 36 | when: ansible_distribution_major_version == "7" 37 | 38 | - name: Ensure vhd-util is present 39 | get_url: url="{{ vhdutil_url }}" dest=/usr/share/cloudstack-common/scripts/vm/hypervisor/xenserver/vhd-util mode=0755 40 | 41 | - name: Ensure CloudStack Usage Service is installed 42 | yum: name="{{ cloudstack_usage_package }}*" state=present 43 | 44 | - name: rename CloudStack title in browser (pre 4.11 location) 45 | shell: sed -i "/document.title =/ c\ document.title = \"{{ env_name_clean }}\";" /usr/share/cloudstack-management/webapps/client/scripts/cloudStack.js || true 46 | when: use_custom_browser_title 47 | tags: 48 | - "rename_browser" 49 | 50 | - name: rename CloudStack title in browser (post 4.11 location) 51 | shell: sed -i "/document.title =/ c\ document.title = \"{{ env_comment }}\";" /usr/share/cloudstack-management/webapp/scripts/cloudStack.js || true 52 | when: use_custom_browser_title 53 | tags: 54 | - "rename_browser" 55 | 56 | - name: re-gzip file (pre 4.11) 57 | shell: gzip -cf /usr/share/cloudstack-management/webapps/client/scripts/cloudStack.js > /usr/share/cloudstack-management/webapps/client/scripts/cloudStack.js.gz || true 58 | tags: 59 | - "rename_browser" 60 | 61 | - include: ./setupdb.yml 62 | 63 | - name: test for cloud or cloudstack Usage 64 | stat: path=/etc/cloudstack/management/db.properties 65 | register: path_is_cloudstack 66 | 67 | - name: Start cloud-usage service (older builds) 68 | service: name=cloud-usage state=started enabled=yes 69 | when: (path_is_cloudstack.stat.exists == False) 70 | 71 | - name: Start cloudstack-usage service 72 | service: name=cloudstack-usage state=started enabled=yes 73 | when: (path_is_cloudstack.stat.exists == True) 74 | -------------------------------------------------------------------------------- /Ansible/templates/sources.list-u18.j2: -------------------------------------------------------------------------------- 1 | #deb cdrom:[Ubuntu 18.04 LTS _Bionic Beaver_ - Release amd64 (20180426)]/ bionic main restricted 2 | 3 | # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to 4 | # newer versions of the distribution. 5 | deb http://us.archive.ubuntu.com/ubuntu/ bionic main restricted 6 | # deb-src http://us.archive.ubuntu.com/ubuntu/ bionic main restricted 7 | 8 | ## Major bug fix updates produced after the final release of the 9 | ## distribution. 10 | deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates main restricted 11 | # deb-src http://us.archive.ubuntu.com/ubuntu/ bionic-updates main restricted 12 | 13 | ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu 14 | ## team. Also, please note that software in universe WILL NOT receive any 15 | ## review or updates from the Ubuntu security team. 16 | deb http://us.archive.ubuntu.com/ubuntu/ bionic universe 17 | # deb-src http://us.archive.ubuntu.com/ubuntu/ bionic universe 18 | deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates universe 19 | # deb-src http://us.archive.ubuntu.com/ubuntu/ bionic-updates universe 20 | 21 | ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu 22 | ## team, and may not be under a free licence. Please satisfy yourself as to 23 | ## your rights to use the software. Also, please note that software in 24 | ## multiverse WILL NOT receive any review or updates from the Ubuntu 25 | ## security team. 26 | deb http://us.archive.ubuntu.com/ubuntu/ bionic multiverse 27 | # deb-src http://us.archive.ubuntu.com/ubuntu/ bionic multiverse 28 | deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates multiverse 29 | # deb-src http://us.archive.ubuntu.com/ubuntu/ bionic-updates multiverse 30 | 31 | ## N.B. software from this repository may not have been tested as 32 | ## extensively as that contained in the main release, although it includes 33 | ## newer versions of some applications which may provide useful features. 34 | ## Also, please note that software in backports WILL NOT receive any review 35 | ## or updates from the Ubuntu security team. 36 | # deb http://us.archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse 37 | # deb-src http://us.archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse 38 | 39 | ## Uncomment the following two lines to add software from Canonical's 40 | ## 'partner' repository. 41 | ## This software is not part of Ubuntu, but is offered by Canonical and the 42 | ## respective vendors as a service to Ubuntu users. 43 | # deb http://archive.canonical.com/ubuntu bionic partner 44 | # deb-src http://archive.canonical.com/ubuntu bionic partner 45 | 46 | deb http://security.ubuntu.com/ubuntu bionic-security main restricted 47 | # deb-src http://security.ubuntu.com/ubuntu bionic-security main restricted 48 | deb http://security.ubuntu.com/ubuntu bionic-security universe 49 | # deb-src http://security.ubuntu.com/ubuntu bionic-security universe 50 | deb http://security.ubuntu.com/ubuntu bionic-security multiverse 51 | # deb-src http://security.ubuntu.com/ubuntu bionic-security multiverse -------------------------------------------------------------------------------- /Ansible/library/reconciledb_reportonly: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | DBHOST= 4 | DBUSER=root 5 | DBPASS="" 6 | DBNAME="trillian_envs" 7 | ENVTBL="environments" 8 | PODTBL="podnetworks" 9 | PUBTBL="pubnetworks" 10 | 11 | projectnames=`cloudmonkey list projects | jq '.project[] | .name' | grep -i nestedclouds` 12 | echo " -- The following projects are in the Lab: 13 | $projectnames" 14 | #DBHOST=`echo $ARGS | tr " " "\n"| awk -F= '$1=="DBHOST"{print $2}'| tr -d '"' | sed -e 's/[[:space:]]*$//'` 15 | #DBUSER=`echo $ARGS | tr " " "\n"| awk -F= '$1=="DBUSER"{print $2}'| tr -d '"' | sed -e 's/[[:space:]]*$//'` 16 | #DBPASS=`echo $ARGS | tr " " "\n"| awk -F= '$1=="DBPASS"{print $2}'| tr -d '"' | sed -e 's/[[:space:]]*$//' | tr -d "'"` 17 | MYSQLCOMMAND="mysql -h${DBHOST} -u${DBUSER} -p${DBPASS} -s -N -e"; 18 | 19 | active_ids="" 20 | for project in $projectnames; do 21 | env_name=`echo $project | sed 's\-NestedClouds\\\'` 22 | PROJECTNAME=`echo $project | sed 's/-NestedClouds//g'| sed 's/"//g'` 23 | activeid=`${MYSQLCOMMAND} "SELECT id FROM ${DBNAME}.${ENVTBL} WHERE name='${PROJECTNAME}' and removed is NULL"` 24 | if [[ -n $activeid ]]; then 25 | active_ids="$active_ids, $activeid" 26 | fi 27 | done 28 | 29 | all_active_ids=`echo "${active_ids:2}"` 30 | echo " -- The following are the IDs of projects in the LAB $all_active_ids" 31 | 32 | if [[ -n $all_active_ids ]]; then 33 | echo "" 34 | echo " -- These rows from the ENVIRONMENTS table will be marked as available" 35 | ${MYSQLCOMMAND} "SELECT * FROM ${DBNAME}.${ENVTBL} WHERE id not in ($all_active_ids) AND removed IS NULL" 36 | echo " -- These rows from the POD table will be marked as available" 37 | ${MYSQLCOMMAND} "SELECT * FROM ${DBNAME}.${PODTBL} WHERE envid not in ($all_active_ids)" 38 | echo " -- These rows from the PUBLIC table will be marked as available" 39 | ${MYSQLCOMMAND} "SELECT * FROM ${DBNAME}.${PUBTBL} WHERE envid not in ($all_active_ids)" 40 | 41 | #### ${MYSQLCOMMAND} "UPDATE ${DBNAME}.${ENVTBL} set removed=now() WHERE id not in ($all_active_ids) AND removed IS NULL"; 42 | #### ${MYSQLCOMMAND} "UPDATE ${DBNAME}.${PODTBL} SET inuse='FALSE', envid=NULL, updated=now(), removed=now(), comment=NULL, environmentname=NULL WHERE envid not in ($all_active_ids)"; 43 | #### ${MYSQLCOMMAND} "UPDATE ${DBNAME}.${PUBTBL} SET inuse='FALSE', envid=NULL, updated=now(), removed=now(), comment=NULL, environmentname=NULL WHERE envid not in ($all_active_ids)"; 44 | else 45 | echo "" 46 | echo " -- No DB rows need marking as AVAILABLE" 47 | fi 48 | #for project in $projectnames; do 49 | # activeid=`${MYSQLCOMMAND} "SELECT id FROM ${DBNAME}.${ENVTBL} WHERE name='${env_name}'"` 50 | # if [[ -n $activeid ]]; then 51 | # echo " -- updating id in DB with projects in use in LAB" 52 | # ${MYSQLCOMMAND} "UPDATE ${DBNAME}.${PODTBL} SET inuse='TRUE', updated=now(), removed=NULL, comment='reconciled', environmentname='${project}' WHERE envid='${activeid}'"; 53 | # ${MYSQLCOMMAND} "UPDATE ${DBNAME}.${PUBTBL} SET inuse='TRUE', updated=now(), removed=NULL, comment='reconciled', environmentname='${project}' WHERE envid='${activeid}'"; 54 | # fi 55 | #done 56 | -------------------------------------------------------------------------------- /Ansible/roles/cloudstack-manager/tasks/suse.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016-2021 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | - debug: 18 | msg: "SUSE Specific Management Server Build" 19 | 20 | - name: Ensure selinux python bindings are installed (Ansible requirement) 21 | shell: "zypper install -y python3-selinux" 22 | ignore_errors: yes 23 | 24 | - name: Set selinux to permissive 25 | command: setenforce permissive 26 | changed_when: false 27 | ignore_errors: yes 28 | 29 | - name: Ensure selinux is set permanently 30 | selinux: policy=targeted state=permissive 31 | ignore_errors: yes 32 | 33 | - name: Allow connections on management server required ports with firewall 34 | shell: "firewall-cmd --zone=public --add-port={{ item }}/tcp --permanent" 35 | with_items: 36 | - "3306" 37 | - "8080" 38 | - "8096" 39 | - "8250" 40 | - "8443" 41 | - "9090" 42 | ignore_errors: yes 43 | 44 | - name: Stop firewalld SUSE 45 | service: 46 | name: firewalld 47 | state: stopped 48 | enabled: no 49 | when: use_firewalld|bool == False 50 | 51 | - name: Ensure CA Certs are latest 52 | shell: "zypper install -y ca-certificates" 53 | 54 | - name: install rng-tools to get entropy 55 | shell: "zypper install -y haveged" 56 | 57 | - name: determine number of db hosts 58 | set_fact: num_xen_hosts="{{ groups['xenserver_hosts'] | length }}" 59 | 60 | - name: update lvm2 as fix for bugzilla.redhat.com/show_bug.cgi?id=1294128 61 | shell: "zypper install -y lvm2" 62 | 63 | - name: install qemu-tools 64 | shell: "zypper install -y qemu-tools" 65 | 66 | - debug: msg="Set Java on VM" 67 | - set_fact: java_ver="{{ mgmt_java_ver }}" 68 | - set_fact: java_path="{{ mgmt_java_path }}" 69 | - include: ../../../tasks/set_java.yml 70 | when: force_java 71 | 72 | - debug: 73 | msg: "env_cs_distribution - {{ env_cs_distribution }}" 74 | - include: ./suse-acs.yml 75 | when: env_cs_distribution == "cs" 76 | 77 | # Don't really need suse support for ccp 78 | 79 | - name: ensure rpcbind in installed 80 | shell: "zypper install -y rpcbind" 81 | 82 | - name: ensure rpcbind in started 83 | service: 84 | name: rpcbind 85 | state: started 86 | enabled: yes 87 | 88 | - debug: msg="Some Marvin Stuff" 89 | when: (num_marv_hosts > 0) 90 | 91 | - name: Ensure sshpass is installed 92 | shell: "zypper install -y sshpass" 93 | when: (num_marv_hosts > 0) 94 | 95 | - name: Open 8096 when Marvin is required 96 | shell: "iptables -I INPUT -p tcp -m tcp --dport 8096 -j ACCEPT && iptables-save > /etc/sysconfig/iptables" 97 | when: (num_marv_hosts > 0) 98 | -------------------------------------------------------------------------------- /Ansible/roles/marvin/tasks/install_marvin_prereqs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | 18 | - debug: msg="Connecting to Marvin host {{ ansible_ssh_host }}" 19 | tags: 20 | - marvin 21 | - marvin_cfg 22 | - marvin_install 23 | 24 | - name: wait for ssh 25 | local_action: wait_for port=22 host="{{ ansible_ssh_host }}" timeout={{ ssh_retries }} connect_timeout=5 26 | tags: 27 | - marvin 28 | - marvin_cfg 29 | - marvin_install 30 | 31 | - name: Install newest openssh dependencies 32 | dnf: name={{ item }} state=installed 33 | with_items: 34 | - openssh 35 | - openssh-askpass 36 | - openssh-server 37 | - openssh-clients 38 | tags: 39 | - marvin 40 | - marvin_install 41 | 42 | - name: Install Dev Tools Group 43 | dnf: name="@Development tools" state=installed 44 | tags: 45 | - marvin 46 | - marvin_cfg 47 | - marvin_install 48 | 49 | - name: Install other dependancies 50 | dnf: name={{ item }} state=installed 51 | with_items: 52 | - at 53 | - bzip2-devel 54 | - git 55 | - jq 56 | - libffi-devel 57 | - libxslt-devel 58 | - mariadb 59 | - ncurses-devel 60 | - openssl-devel 61 | - python3-devel 62 | - python3-pip 63 | - screen 64 | - sqlite 65 | - sqlite-devel 66 | - sshpass 67 | - tmux 68 | - vim 69 | - wget 70 | - xz-libs 71 | - zlib-devel 72 | tags: 73 | - marvin 74 | - marvin_install 75 | 76 | - name: remove yum openSSL package 77 | dnf: 78 | name: "{{ item }}" 79 | state: absent 80 | with_items: 81 | - python3-pyOpenSSL 82 | - python3-six 83 | - python3-urllib3 84 | - python3-requests 85 | 86 | - name: Update pip3 and components 87 | pip: 88 | name: "{{ item }}" 89 | executable: pip3 90 | extra_args: '--upgrade' 91 | with_items: 92 | - pip 93 | - six 94 | - pyOpenSSL 95 | - paramiko 96 | - wheel 97 | - kubernetes 98 | - pyasn1 99 | - wget 100 | - texttable 101 | - lxml 102 | - pycparser 103 | - mysql-connector-python==8.0.30 104 | - netaddr 105 | - pyvmomi 106 | tags: 107 | - marvin 108 | - marvin_install 109 | 110 | - name: Clear all yum cache 111 | command: dnf clean all 112 | 113 | - name: Ensure CA-Certificates are up to date 114 | dnf: 115 | name: ca-certificates 116 | state: latest 117 | tags: 118 | - marvin 119 | - marvin_install 120 | 121 | - name: ensure atd is running to schedule jobs 122 | systemd: 123 | name: atd 124 | state: started 125 | enabled: true 126 | -------------------------------------------------------------------------------- /Ansible/roles/mysql/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | - name: determine number of db hosts 18 | set_fact: num_db_hosts="{{ groups['mysql_hosts'] | length }}" 19 | tags: 20 | - mysql 21 | - mysqlconf 22 | 23 | - name: wait for VM to be alive 24 | shell: "ping {{ ansible_ssh_host }} -c 1" 25 | register: pong 26 | until: pong.rc == 0 27 | retries: "{{ ssh_retries }}" 28 | delegate_to: localhost 29 | tags: 30 | - mysql 31 | - mysqlconf 32 | 33 | - name: wait for ssh 34 | local_action: wait_for port=22 host="{{ ansible_ssh_host }}" timeout={{ ssh_retries }} connect_timeout=5 35 | tags: 36 | - mysql 37 | - mysqlconf 38 | 39 | - name: symlink /usr/bin/python -> /usr/bin/python3 40 | raw: | 41 | if [ -f /usr/bin/python3 ] && [ ! -f /usr/bin/python ]; then 42 | ln --symbolic /usr/bin/python3 /usr/bin/python; 43 | fi 44 | become: true 45 | tags: 46 | - mysql 47 | - mysqlconf 48 | 49 | - name: now i'm connected, get facts 50 | os_facts: 51 | tags: 52 | - mysql 53 | - mysqlconf 54 | 55 | # For some weird reason, it thinks SUSE is Ubuntu 56 | - name: Check if SUSE 57 | shell: cat /etc/os-release | grep -i suse 58 | register: result 59 | when: ansible_distribution == 'Ubuntu' 60 | ignore_errors: yes 61 | 62 | - name: Set distro as SUSE 63 | set_fact: 64 | ansible_distribution: "SUSE" 65 | when: ansible_distribution == 'Ubuntu' and result is succeeded 66 | 67 | - include: ./centos.yml 68 | when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( ansible_distribution_major_version|int < 8 ) 69 | tags: 70 | - mysql 71 | - mysqlconf 72 | 73 | - include: ./centos8.yml 74 | when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( ansible_distribution_major_version|int == 8 ) 75 | tags: 76 | - mysql 77 | - mysqlconf 78 | 79 | - include: ./el9.yml 80 | when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( ansible_distribution_major_version|int >= 9 ) 81 | tags: 82 | - mysql 83 | - mysqlconf 84 | 85 | - include: ./suse.yml 86 | when: ansible_distribution == 'SUSE' 87 | tags: 88 | - mysql 89 | - mysqlconf 90 | 91 | - include: ./ubuntu.yml 92 | when: ansible_distribution == 'Ubuntu' 93 | tags: 94 | - mysql 95 | - mysqlconf 96 | 97 | - include: ./debian.yml 98 | when: ansible_distribution == 'Debian' 99 | tags: 100 | - mysql 101 | - mysqlconf 102 | 103 | - include: ./mysql_replication.yml 104 | when: num_db_hosts | int > 1 105 | tags: 106 | - mysql_replication 107 | - mysql 108 | - mysqlconf 109 | -------------------------------------------------------------------------------- /Ansible/roles/vsphere/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | - name: Wait for SSH 18 | local_action: wait_for port=22 host="{{ ansible_ssh_host }}" timeout={{ ssh_retries }} connect_timeout=5 19 | 20 | - name: enable vMotion on VMKernel 21 | raw: vim-cmd hostsvc/vmotion/vnic_set vmk0 22 | ignore_errors: true 23 | 24 | - name: Add vSwitch1 (raw used for pre 6.0 compatibility) 25 | raw: esxcli network vswitch standard add --vswitch-name=vSwitch1 --ports=1024 26 | ignore_errors: true 27 | when: not esxi_use_dvswitch 28 | 29 | - name: Add interface to vSwitch1 (raw used for pre 6.0 compatibility) 30 | raw: esxcli network vswitch standard uplink add --uplink-name=vmnic1 --vswitch-name=vSwitch1 31 | ignore_errors: true 32 | when: not esxi_use_dvswitch 33 | 34 | - name: make nic active (raw used for pre 6.0 compatibility) 35 | raw: esxcli network vswitch standard policy failover set --vswitch-name=vSwitch1 --active-uplinks=vmnic1 36 | ignore_errors: true 37 | when: not esxi_use_dvswitch 38 | 39 | - name: Set MTU on vSwitch 0 to 1500 40 | raw: esxcfg-vswitch -m 1500 vSwitch0 41 | ignore_errors: true 42 | 43 | - name: Set MTU on vmk0 to 1500 44 | raw: esxcli network ip interface set -m 1500 -i vmk0 45 | ignore_errors: true 46 | 47 | - name: Enable software iSCSI 48 | raw: esxcli iscsi software set --enabled=true 49 | ignore_errors: true 50 | 51 | - name: Find SW iSCSI adapter name - not always vmhba33 52 | raw: esxcli storage core adapter list | grep -i iscsi | awk '{print $1}' 53 | register: iscsihba 54 | ignore_errors: true 55 | 56 | - name: Set iSCSI initiator name 57 | raw: esxcli iscsi adapter set --adapter {{ iscsihba.stdout | regex_replace('\s+$', '') }} --name={{ env_iscsi_target }}.{{ inventory_hostname }}:{{ env_uuid }} 58 | ignore_errors: true 59 | 60 | - name: Check initiator name 61 | raw: esxcli iscsi adapter get --adapter {{ iscsihba.stdout | regex_replace('\s+$', '') }} | grep -i name | grep -vi driver | awk '{print $2}' 62 | register: iscsiininame 63 | ignore_errors: true 64 | 65 | - name: Report iSCSI HBA 66 | debug: msg="Software iSCSI adapter detected{{ ":" }} {{ iscsihba.stdout | regex_replace('\s+$', '') }}" 67 | 68 | - name: Report iSCSI initiator name 69 | debug: msg="Software iSCSI initiator{{ ":" }} {{ iscsiininame.stdout | regex_replace('\s+$', '') }}" 70 | 71 | - name: Bind software iSCSI adapter 72 | raw: esxcli iscsi networkportal add --adapter {{ iscsihba.stdout | regex_replace('\s+$', '') }} --nic vmk0 73 | ignore_errors: true 74 | 75 | #- name: Reset Evaluation Timer for new deployment 76 | # shell: "rm -r /etc/vmware/license.cfg && cp /etc/vmware/.#license.cfg /etc/vmware/license.cfg && /etc/init.d/vpxa restart" 77 | # ignore_errors: true 78 | 79 | - include: ./add_local_storage.yml 80 | when: use_local_storage 81 | -------------------------------------------------------------------------------- /Ansible/roles/mysql/tasks/centos.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | #Copyright 2016 ShapeBlue 4 | # 5 | #Licensed under the Apache License, Version 2.0 (the "License"); 6 | #you may not use this file except in compliance with the License. 7 | #You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | #Unless required by applicable law or agreed to in writing, software 12 | #distributed under the License is distributed on an "AS IS" BASIS, 13 | #WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | #See the License for the specific language governing permissions and 15 | #limitations under the License. 16 | 17 | - name: wait for ssh 18 | local_action: wait_for port=22 host="{{ ansible_ssh_host }}" timeout=300 connect_timeout=5 19 | 20 | - name: now i'm connected, get facts 21 | setup: 22 | tags: 23 | - mysqlconf 24 | 25 | - name: Ensure selinux python bindings are installed (Ansible requirement) 26 | yum: name=libselinux-python state=present 27 | tags: services 28 | 29 | - name: Ensure mysql python are installed (Ansible requirement) 30 | yum: name=MySQL-python state=present 31 | tags: services 32 | 33 | - name: Set selinux to permissive 34 | command: setenforce permissive 35 | changed_when: false 36 | 37 | - name: Ensure selinux is set permanently 38 | selinux: policy=targeted state=permissive 39 | 40 | - name: Ensure mysql server is installed (centos/rhel6) 41 | yum: name=mysql-server state=present 42 | register: mysqlinstalled 43 | tags: services 44 | when: ansible_distribution_major_version == "6" 45 | 46 | - name: Ensure mariadb server is installed (centos/rhel7) 47 | yum: name=mariadb-server state=present 48 | register: mysqlinstalled 49 | tags: services 50 | when: ansible_distribution_major_version == "7" 51 | 52 | - name: Ridiculous fix for mysql permissions 53 | file: path=/var/lib/mysql state=directory mode=0666 54 | when: mysqlinstalled.changed 55 | 56 | - name: replace MySQL my.cnf using Template (centos/rhel6) 57 | action: template src=my.cnf.j2 dest=/etc/my.cnf 58 | when: ansible_distribution_major_version == "6" and mysqlinstalled.changed 59 | tags: 60 | - mysqlconf 61 | 62 | - name: replace MySQL my.cnf using Template (centos/rhel7) 63 | action: template src=mariadb-my.cnf.j2 dest=/etc/my.cnf 64 | when: ansible_distribution_major_version == "7" and mysqlinstalled.changed 65 | 66 | # - name: Nuke everything since it's starting from scratch 67 | # shell: rm -rf /var/lib/mysql/* 68 | 69 | - name: Ensure MySQL service is started and set to start on boot (centos/rhel6) 70 | service: name=mysqld state=restarted enabled=yes 71 | tags: services 72 | when: ansible_distribution_major_version == "6" and mysqlinstalled.changed 73 | 74 | - name: Ensure MySQL service is started and set to start on boot (centos/rhel7) 75 | service: name=mariadb state=restarted enabled=yes 76 | tags: services 77 | when: ansible_distribution_major_version == "7" and mysqlinstalled.changed 78 | 79 | - include: ./secure_mysql.yml 80 | when: ansible_distribution_major_version == "6" or mysqlinstalled.changed 81 | 82 | - name: Ensure Firewall Rules are in place for MySQL 83 | shell: "iptables -I INPUT -p tcp -m tcp --dport 3306 -j ACCEPT" 84 | when: ansible_distribution_major_version == "6" 85 | 86 | - name: IPtables save config 87 | shell: "iptables-save > /etc/sysconfig/iptables" 88 | when: ansible_distribution_major_version == "6" 89 | --------------------------------------------------------------------------------