peppercorn: single server kvm deployment for cloudstack lab

Signed-off-by: Rohit Yadav <[email protected]>

README.md

@@ -1 +1,2 @@
-ansible-playbook -i hosts playbook.yml --ask-sudo-pass
+This ansible playbook repo sets up my home cloudstack lab for development and testing
+ansible-playbook -i hosts cloudstack.yml -K

cloudstack.yml

@@ -8,7 +8,7 @@
       sudo: yes
 
   roles:
-    - common
+    - { role: common, kvm_host: true}
     - kvm
     - nfs
     # - mysql ## cloudstack module has a dependency on mysql

hosts

@@ -5,14 +5,17 @@
 pi         ansible_ssh_user=pi ansible_ssh_host=192.168.1.5 ansible_ssh_port=1009
 
 [desktop]
-blackbox   ansible_ssh_user=bhaisaab ansible_ssh_host=192.168.1.10
+blackbox   ansible_ssh_user=bhaisaab ansible_ssh_host=192.168.1.10 ansible_ssh_port=1009
+
+[todos]
 orangebox  ansible_ssh_user=bhaisaab ansible_ssh_host=192.168.1.12
 
 [zbox]
 bluebox    ansible_ssh_user=bhaisaab ansible_ssh_host=192.168.1.11 ansible_ssh_port=1009
 
 [acsbox:children]
 zbox
+desktop
 
 [acsbox:vars]
 network_gateway=192.168.1.1

roles/cloudstack/tasks/main.yml

@@ -1,17 +1,96 @@
 ---
-- name: Setup ShapeBlue CloudStack repo
-  apt_repository: repo='deb http://packages.shapeblue.com/cloudstack/upstream/debian/4.3 ./' state=present
-  sudo: yes
-
 - name: Import ShapeBlue CloudStack Repo GPG key
   apt_key: id=584DF93F url=http://packages.shapeblue.com/release.asc state=present
   sudo: yes
 
+- name: Setup ShapeBlue CloudStack repo
+  apt_repository: repo='deb http://packages.shapeblue.com/cloudstack/upstream/debian/4.3 ./' state=present update_cache=true
+  sudo: yes
+
 - name: Install basic packages
   action: apt pkg={{item}} state=latest
+  register: cloudstackinstalled
   sudo: yes
   with_items:
     - cloudstack-management
     - cloudstack-usage
     - cloudstack-agent
     - cloudstack-common
+
+- name: Setup CloudStack database
+  shell: cloudstack-setup-databases cloud:cloudpassword@localhost --deploy-as=root:root -i {{ ansible_ssh_host }}
+  sudo: yes
+  when: cloudstackinstalled|success
+  run_once: true
+  args:
+    creates: /var/lib/mysql/cloud
+
+- name: Setup CloudStack management server
+  shell: cloudstack-setup-management
+  sudo: yes
+  run_once: true
+  args:
+    creates: /var/log/cloudstack/management/setupManagement.log
+
+- name: Setup KVM template
+  shell: cd /opt && wget http://packages.shapeblue.com/systemvmtemplate/4.3/4.3.1/systemvm64template-2014-11-04-4.3.1-kvm.qcow2.bz2 && /usr/share/cloudstack-common/scripts/storage/secondary/cloud-install-sys-tmplt -m /export/secondary -f /opt/systemvm64template-2014-11-04-4.3.1-kvm.qcow2.bz2 -h kvm -o localhost -r cloud -d cloudpassword
+  sudo: yes
+  when: cloudstackinstalled|success
+  run_once: true
+  args:
+    creates: /opt/systemvm64template-2014-11-04-4.3.1-kvm.qcow2.bz2
+
+- name: Stop tomcat6
+  service: name=tomcat6 state=stopped enabled=no
+  sudo: yes
+
+- name: Start CloudStack management server
+  service: name=cloudstack-management state=started enabled=yes
+  sudo: yes
+
+- name: Start CloudStack usage server
+  service: name=cloudstack-usage state=started enabled=yes
+  sudo: yes
+
+- name: Start CloudStack management server
+  service: name=cloudstack-agent state=started enabled=yes
+  sudo: yes
+
+- name: Disable apparmour for libvirtd
+  file: src=/etc/apparmor.d/usr.sbin.libvirtd dest=/etc/apparmor.d/disable/usr.sbin.libvirtd owner=root group=root state=link
+  sudo: yes
+
+- name: Disable apparmour for libvirtd aa-helper
+  file: src=/etc/apparmor.d/usr.lib.libvirt.virt-aa-helper dest=/etc/apparmor.d/disable/usr.lib.libvirt.virt-aa-helper owner=root group=root state=link
+  sudo: yes
+
+- name: Apparmour parser on libvirtd
+  shell: (apparmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd || true) && (apparmor_parser -R /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper || true)
+  sudo: yes
+
+- name: Fix iptables for udp traffic
+  shell: iptables -A INPUT -s {{ ansible_default_ipv4["network"] }}/16 -m state --state NEW -p udp --dport {{ item }} -j ACCEPT
+  sudo: yes
+  with_items: [111, 32769, 892, 875, 662]
+
+- name: Fix iptables for tcp traffic
+  shell: iptables -A INPUT -s {{ ansible_default_ipv4["network"] }}/16 -m state --state NEW -p tcp --dport {{ item }} -j ACCEPT
+  sudo: yes
+  with_items: [111, 2049, 32803, 892, 875, 662]
+
+- name: Install iptables-persistent
+  apt: pkg=iptables-persistent state=installed
+  sudo: yes
+
+- name: Have UFW allow ports for KVM
+  ufw: rule=allow proto=tcp from_ip=any to_ip=any port={{ item }}
+  sudo: yes
+  with_items:
+    - 22
+    - 1009
+    - 1798
+    - 16509
+    - 5900:6100
+    - 49152:49216
+
+

roles/common/templates/sshd_config.j2

@@ -1,4 +1,7 @@
 Port {{ ssh_port }}
+{% if kvm_host is defined %}
+Port 22
+{% endif %}
 #ListenAddress ::
 #ListenAddress 0.0.0.0
 Protocol 2

roles/mysql/tasks/main.yml

@@ -3,11 +3,15 @@
   shell: echo mysql-server mysql-server/root_password password {{ mysql_root_password }} | sudo debconf-set-selections
   sudo: yes
   run_once: true
+  args:
+    creates: /var/lib/mysql
 
 - name: Mysql | Set root repassword
   shell: echo mysql-server mysql-server/root_password_again password {{ mysql_root_password }} | sudo debconf-set-selections
   sudo: yes
   run_once: true
+  args:
+    creates: /var/lib/mysql
 
 - name: Install basic packages
   apt: pkg=mysql-server state=latest
@@ -21,3 +25,6 @@
   notify:
     - Restart MySQL server
 
+- name: Have UFW allow mysql
+  ufw: rule=allow port=3306 proto=any
+  sudo: yes

roles/nfs/tasks/main.yml

@@ -35,3 +35,4 @@
   run_once: true
   sudo: yes
 
+