From 9373fa2aaffe7dfc5d125195e9ca4b0f80ec0b1b Mon Sep 17 00:00:00 2001
From: Rohit Yadav <rohit@scaleninja.com>
Date: Thu, 6 Nov 2014 14:39:33 +0530
Subject: [PATCH] peppercorn: single server kvm deployment for cloudstack lab

Signed-off-by: Rohit Yadav <rohit@scaleninja.com>
---
 README.md                             |  3 +-
 cloudstack.yml                        |  2 +-
 hosts                                 |  5 +-
 roles/cloudstack/tasks/main.yml       | 87 +++++++++++++++++++++++++--
 roles/common/templates/sshd_config.j2 |  3 +
 roles/mysql/tasks/main.yml            |  7 +++
 roles/nfs/tasks/main.yml              |  1 +
 7 files changed, 101 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index c06ccd1..49e13c6 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,2 @@
-ansible-playbook -i hosts playbook.yml --ask-sudo-pass
+This ansible playbook repo sets up my home cloudstack lab for development and testing
+ansible-playbook -i hosts cloudstack.yml -K
diff --git a/cloudstack.yml b/cloudstack.yml
index e81d37f..989cd90 100644
--- a/cloudstack.yml
+++ b/cloudstack.yml
@@ -8,7 +8,7 @@
       sudo: yes
 
   roles:
-    - common
+    - { role: common, kvm_host: true}
     - kvm
     - nfs
     # - mysql ## cloudstack module has a dependency on mysql
diff --git a/hosts b/hosts
index 17afd5d..1ddac78 100644
--- a/hosts
+++ b/hosts
@@ -5,7 +5,9 @@
 pi         ansible_ssh_user=pi ansible_ssh_host=192.168.1.5 ansible_ssh_port=1009
 
 [desktop]
-blackbox   ansible_ssh_user=bhaisaab ansible_ssh_host=192.168.1.10
+blackbox   ansible_ssh_user=bhaisaab ansible_ssh_host=192.168.1.10 ansible_ssh_port=1009
+
+[todos]
 orangebox  ansible_ssh_user=bhaisaab ansible_ssh_host=192.168.1.12
 
 [zbox]
@@ -13,6 +15,7 @@ bluebox    ansible_ssh_user=bhaisaab ansible_ssh_host=192.168.1.11 ansible_ssh_p
 
 [acsbox:children]
 zbox
+desktop
 
 [acsbox:vars]
 network_gateway=192.168.1.1
diff --git a/roles/cloudstack/tasks/main.yml b/roles/cloudstack/tasks/main.yml
index 8899e8d..411a5f4 100644
--- a/roles/cloudstack/tasks/main.yml
+++ b/roles/cloudstack/tasks/main.yml
@@ -1,17 +1,96 @@
 ---
-- name: Setup ShapeBlue CloudStack repo
-  apt_repository: repo='deb http://packages.shapeblue.com/cloudstack/upstream/debian/4.3 ./' state=present
-  sudo: yes
-
 - name: Import ShapeBlue CloudStack Repo GPG key
   apt_key: id=584DF93F url=http://packages.shapeblue.com/release.asc state=present
   sudo: yes
 
+- name: Setup ShapeBlue CloudStack repo
+  apt_repository: repo='deb http://packages.shapeblue.com/cloudstack/upstream/debian/4.3 ./' state=present update_cache=true
+  sudo: yes
+
 - name: Install basic packages
   action: apt pkg={{item}} state=latest
+  register: cloudstackinstalled
   sudo: yes
   with_items:
     - cloudstack-management
     - cloudstack-usage
     - cloudstack-agent
     - cloudstack-common
+
+- name: Setup CloudStack database
+  shell: cloudstack-setup-databases cloud:cloudpassword@localhost --deploy-as=root:root -i {{ ansible_ssh_host }}
+  sudo: yes
+  when: cloudstackinstalled|success
+  run_once: true
+  args:
+    creates: /var/lib/mysql/cloud
+
+- name: Setup CloudStack management server
+  shell: cloudstack-setup-management
+  sudo: yes
+  run_once: true
+  args:
+    creates: /var/log/cloudstack/management/setupManagement.log
+
+- name: Setup KVM template
+  shell: cd /opt && wget http://packages.shapeblue.com/systemvmtemplate/4.3/4.3.1/systemvm64template-2014-11-04-4.3.1-kvm.qcow2.bz2 && /usr/share/cloudstack-common/scripts/storage/secondary/cloud-install-sys-tmplt -m /export/secondary -f /opt/systemvm64template-2014-11-04-4.3.1-kvm.qcow2.bz2 -h kvm -o localhost -r cloud -d cloudpassword
+  sudo: yes
+  when: cloudstackinstalled|success
+  run_once: true
+  args:
+    creates: /opt/systemvm64template-2014-11-04-4.3.1-kvm.qcow2.bz2
+
+- name: Stop tomcat6
+  service: name=tomcat6 state=stopped enabled=no
+  sudo: yes
+
+- name: Start CloudStack management server
+  service: name=cloudstack-management state=started enabled=yes
+  sudo: yes
+
+- name: Start CloudStack usage server
+  service: name=cloudstack-usage state=started enabled=yes
+  sudo: yes
+
+- name: Start CloudStack management server
+  service: name=cloudstack-agent state=started enabled=yes
+  sudo: yes
+
+- name: Disable apparmour for libvirtd
+  file: src=/etc/apparmor.d/usr.sbin.libvirtd dest=/etc/apparmor.d/disable/usr.sbin.libvirtd owner=root group=root state=link
+  sudo: yes
+
+- name: Disable apparmour for libvirtd aa-helper
+  file: src=/etc/apparmor.d/usr.lib.libvirt.virt-aa-helper dest=/etc/apparmor.d/disable/usr.lib.libvirt.virt-aa-helper owner=root group=root state=link
+  sudo: yes
+
+- name: Apparmour parser on libvirtd
+  shell: (apparmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd || true) && (apparmor_parser -R /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper || true)
+  sudo: yes
+
+- name: Fix iptables for udp traffic
+  shell: iptables -A INPUT -s {{ ansible_default_ipv4["network"] }}/16 -m state --state NEW -p udp --dport {{ item }} -j ACCEPT
+  sudo: yes
+  with_items: [111, 32769, 892, 875, 662]
+
+- name: Fix iptables for tcp traffic
+  shell: iptables -A INPUT -s {{ ansible_default_ipv4["network"] }}/16 -m state --state NEW -p tcp --dport {{ item }} -j ACCEPT
+  sudo: yes
+  with_items: [111, 2049, 32803, 892, 875, 662]
+
+- name: Install iptables-persistent
+  apt: pkg=iptables-persistent state=installed
+  sudo: yes
+
+- name: Have UFW allow ports for KVM
+  ufw: rule=allow proto=tcp from_ip=any to_ip=any port={{ item }}
+  sudo: yes
+  with_items:
+    - 22
+    - 1009
+    - 1798
+    - 16509
+    - 5900:6100
+    - 49152:49216
+
+
diff --git a/roles/common/templates/sshd_config.j2 b/roles/common/templates/sshd_config.j2
index 65ee424..5e99020 100644
--- a/roles/common/templates/sshd_config.j2
+++ b/roles/common/templates/sshd_config.j2
@@ -1,4 +1,7 @@
 Port {{ ssh_port }}
+{% if kvm_host is defined %}
+Port 22
+{% endif %}
 #ListenAddress ::
 #ListenAddress 0.0.0.0
 Protocol 2
diff --git a/roles/mysql/tasks/main.yml b/roles/mysql/tasks/main.yml
index c970435..71acbd7 100644
--- a/roles/mysql/tasks/main.yml
+++ b/roles/mysql/tasks/main.yml
@@ -3,11 +3,15 @@
   shell: echo mysql-server mysql-server/root_password password {{ mysql_root_password }} | sudo debconf-set-selections
   sudo: yes
   run_once: true
+  args:
+    creates: /var/lib/mysql
 
 - name: Mysql | Set root repassword
   shell: echo mysql-server mysql-server/root_password_again password {{ mysql_root_password }} | sudo debconf-set-selections
   sudo: yes
   run_once: true
+  args:
+    creates: /var/lib/mysql
 
 - name: Install basic packages
   apt: pkg=mysql-server state=latest
@@ -21,3 +25,6 @@
   notify:
     - Restart MySQL server
 
+- name: Have UFW allow mysql
+  ufw: rule=allow port=3306 proto=any
+  sudo: yes
diff --git a/roles/nfs/tasks/main.yml b/roles/nfs/tasks/main.yml
index 66c7c53..2771c5b 100644
--- a/roles/nfs/tasks/main.yml
+++ b/roles/nfs/tasks/main.yml
@@ -35,3 +35,4 @@
   run_once: true
   sudo: yes
 
+