Initial commit of PVC Ansible role

roles/pvc/tasks/ceph.yml

@@ -0,0 +1,48 @@
+---
+- name: create ceph group
+  group:
+    name: ceph
+    gid: 64046
+    state: present
+
+- name: install packages
+  apt:
+    name:
+      - ceph-osd
+      - ceph-mds
+      - ceph-mon
+      - ceph-mgr
+      - radosgw
+      - libjemalloc2
+    state: latest
+
+- name: install sysctl tweaks
+  template:
+    src: ceph/sysctl.conf.j2
+    dest: /etc/sysctl.d/pvc-ceph.conf
+
+- name: activate sysctl tweaks
+  command: sysctl -p /etc/sysctl.d/pvc-ceph.conf
+
+- name: install user limits overrides
+  template:
+    src: ceph/limits.conf.j2
+    dest: /etc/security/limits.d/99-pvc-ceph.conf
+
+- name: install ceph default config
+  template:
+    src: ceph/default.conf.j2
+    dest: /etc/default/ceph
+
+- name: create ceph configuration directory
+  file:
+    dest: /etc/ceph
+    state: directory
+
+- name: install ceph cluster configurations
+  template:
+    src: ceph/{{ item }}.j2
+    dest: /etc/ceph/{{ item }}
+  with_items:
+    - ceph.conf
+    - ceph.client.admin.keyring

roles/pvc/tasks/frr.yml

@@ -0,0 +1,23 @@
+---
+- name: install frr packages
+  apt:
+    name:
+      - frr
+    state: latest
+
+- name: install frr configuration
+  template:
+    src: frr/{{ item }}.j2
+    dest: /etc/frr/{{ item }}
+  with_items:
+    - daemons
+    - frr.conf
+  notify: restart frr
+  ignore_errors: true
+
+- name: disable services
+  service:
+    name: "{{ item }}"
+    enabled: no
+  with_items:
+    - frr

roles/pvc/tasks/libvirt.yml

@@ -0,0 +1,43 @@
+---
+- name: install libvirt packages
+  apt:
+    name:
+      - libvirt-daemon-system
+      - qemu-kvm
+      - qemu-utils
+      - qemu-block-extra
+      - vhostmd
+      - ceph-common
+      - libjemalloc2
+    state: latest
+
+- name: install libvirt configuration
+  template:
+    src: libvirt/{{ item }}.j2
+    dest: /etc/libvirt/{{ item }}
+  with_items:
+    - libvirtd.conf
+    - ceph-secret.xml
+  notify: restart libvirtd
+
+- name: define ceph secret
+  command: virsh secret-define /etc/libvirt/ceph-secret.xml
+  ignore_errors: true
+
+- name: set ceph secret value
+  command: virsh secret-set-value --secret {{ ceph_storage_secret_uuid }} --base64 {{ ceph_storage_secret_key }}
+  ignore_errors: true
+
+- name: configure libvirt for listening
+  replace:
+    dest: /etc/default/libvirtd
+    regexp: '#libvirtd_opts=""'
+    replace: 'libvirtd_opts="--listen"'
+  notify: restart libvirtd
+
+- name: disable services
+  service:
+    name: "{{ item }}"
+    enabled: no
+  with_items:
+    - libvirtd

roles/pvc/tasks/main.yml

@@ -0,0 +1,26 @@
+---
+- name: add module blacklist
+  template:
+    src: system/blacklist.j2
+    dest: /etc/modprobe.d/blacklist.conf
+
+- include_tasks: ceph.yml
+  tags: pvc-ceph
+
+- include_tasks: zookeeper.yml
+  tags: pvc-zookeeper
+
+- include_tasks: libvirt.yml
+  tags: pvc-libvirt
+
+- include_tasks: frr.yml
+  tags: pvc-frr
+
+- include_tasks: patroni.yml
+  tags: pvc-patroni
+
+- include_tasks: pvc.yml
+  tags: pvc-pvc
+  run_once: true
+  delegate_to: "{{ item }}"
+  with_items: "{{ play_hosts }}"

roles/pvc/tasks/patroni.yml

@@ -0,0 +1,128 @@
+---
+- name: install patroni packages via apt
+  apt:
+    name:
+      - python-psycopg2
+      - python3-kazoo
+      - patroni
+      - postgresql-11
+    state: latest
+    update-cache: yes
+
+- name: first run check
+  shell: "echo 'bootstrapped' > /etc/postgresql/pvc"
+  register: newinstance
+  args:
+    creates: /etc/postgresql/pvc
+
+- name: stop and disable postgresql
+  service:
+    name: "{{ item }}"
+    state: stopped
+    enabled: no
+  with_items:
+    - postgresql
+    - postgresql@11-main
+  when: newinstance.changed
+
+- name: remove obsolete database directories
+  file:
+    dest: "{{ item }}"
+    state: absent
+  with_items:
+    - /etc/postgresql/11
+    - /var/lib/postgresql/11
+  when: newinstance.changed
+
+- name: create patroni database directory
+  file:
+    dest: /var/lib/postgresql/patroni/pvc
+    state: directory
+    owner: postgres
+    mode: 0700
+  when: newinstance.changed
+
+- name: install postgresql customization configuration file
+  template:
+    src: patroni/postgresql.pvc.conf.j2
+    dest: /etc/postgresql/postgresql.pvc.conf
+    owner: postgres
+    group: sudo
+    mode: 0640
+  notify: restart patroni
+
+- name: install patroni configuration file
+  template:
+    src: patroni/patroni.yml.j2
+    dest: /etc/patroni/config.yml
+    owner: postgres
+    group: postgres
+    mode: 0640
+  notify: restart patroni
+
+- name: install check_mk agent check
+  copy:
+    src: patroni/postgres
+    dest: /usr/lib/check_mk_agent/plugins/postgres
+    mode: 0755
+
+- name: ensure patroni services are enabled and started
+  service:
+    name: "{{ item }}.service"
+    state: started
+    enabled: yes
+  with_items:
+    - patroni
+
+- name: install initial schema files
+  copy:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: postgres
+    group: sudo
+    mode: 0640
+  with_items:
+    - { src: "patroni/powerdns-schema.sql", dest: "/etc/postgresql/powerdns-schema.sql" }
+
+- name: set up PVC DNS database on first host
+  block:
+    - name: wait 15s for cluster to initialize
+      pause:
+        seconds: 15
+
+    - name: create user for role
+      postgresql_user:
+        name: "{{ pvc_dns_database_user }}"
+        password: "{{ pvc_dns_database_password }}"
+        state: present
+        login_host: /run/postgresql
+  
+    - name: create database for role
+      postgresql_db:
+        name: "{{ pvc_dns_database_name }}"
+        owner: "{{ pvc_dns_database_user }}"
+        encoding: utf8
+        state: present
+        login_host: /run/postgresql
+  
+    - name: set user privs for role
+      postgresql_user:
+        name: "{{ pvc_dns_database_user }}"
+        db: "{{ pvc_dns_database_name }}"
+        priv: ALL
+        login_host: /run/postgresql
+  
+    - name: create extensions
+      postgresql_ext:
+        name: "{{ item }}"
+        db: "{{ pvc_dns_database_name }}"
+        login_host: /run/postgresql
+      with_items: "{{ extensions }}"
+      when: extensions is defined
+
+    - name: import dns database schema
+      command: "psql -U {{ pvc_dns_database_user }} -f /etc/postgresql/powerdns-schema.sql {{ pvc_dns_database_name }}"
+
+  become: yes
+  become_user: postgres
+  when: newinstance.changed and ansible_local.host_id == '1'

roles/pvc/tasks/pvc.yml

@@ -0,0 +1,43 @@
+---
+- name: install pvc packages
+  apt:
+    name:
+      - pvc-daemon
+      - pvc-client-cli
+      - pvc-client-common
+    state: latest
+
+- name: install pvc configuration
+  template:
+    src: pvc/{{ item }}.j2
+    dest: /etc/pvc/{{ item }}
+  with_items:
+    - pvcd.yaml
+  notify: restart pvcd
+
+- name: verify if cluster has been started
+  shell: "/usr/share/zookeeper/bin/zkCli.sh stat /nodes 2>&1 | grep -q 'Node does not exist'"
+  register: cluster_init
+  failed_when: no
+
+- name: bootstrap a fresh cluster
+  shell: /usr/bin/pvc init
+  when: cluster_init.rc == 0 and ansible_local.host_id == 1
+
+- name: stop and disable unneccessary services
+  service:
+    name: "{{ item }}"
+    state: stopped
+    enabled: no
+  with_items:
+    - pdns.service
+
+- name: start and enable services
+  service:
+    name: "{{ item }}"
+    state: started
+    enabled: yes
+  with_items:
+    - pvc-flush.service
+    - pvcd.service
+    - pvcd.target

roles/pvc/tasks/zookeeper.yml

@@ -0,0 +1,26 @@
+---
+- name: install zookeeper packages
+  apt:
+    name:
+      - zookeeperd
+      - zookeeper-bin
+    state: latest
+
+- name: install zookeeper configuration
+  template:
+    src: zookeeper/{{ item }}.j2
+    dest: /etc/zookeeper/conf/{{ item }}
+  with_items:
+    - configuration.xsl
+    - environment
+    - log4j.properties
+    - myid
+    - zoo.cfg
+  notify: restart zookeeper
+
+- name: disable services
+  service:
+    name: "{{ item }}"
+    enabled: no
+  with_items:
+    - zookeeper