Move all shared into this new repo

virt/opennebula-5.4-controller/files/backups/opennebula-5.4.1-fresh-install-db.txt

@@ -0,0 +1,8 @@
+This opennebula-5.4.1-fresh-install-db file is a dump right after opennebula was installed.
+A fresh install using ansible exactly as described in the documentation
+I did however, visit sunstone and login as oneadmin just once.  I did nothing in the GUI, just logged in.
+Perhaps login identifies an empty db and stubs it out.  Or it was stubbed upon initial installation
+
+If resetting opennebula to fresh install is as simple as a fresh created db, then this file is it.
+But I am not sure if that is all it takes.  Could have stuff elsewhere.  To reset, you can also use the root
+LVM snapshot created on the controller node, then re-run ansible!

virt/opennebula-5.4-controller/files/mariadb/50-server.cnf

@@ -0,0 +1,138 @@
+#
+# These groups are read by MariaDB server.
+# Use it for options that only the server (but not clients) should see
+#
+# See the examples of server my.cnf files in /usr/share/mysql/
+#
+
+# this is read by the standalone daemon and embedded servers
+[server]
+
+# this is only for the mysqld standalone daemon
+[mysqld]
+
+#
+# * Basic Settings
+#
+user		= mysql
+pid-file	= /var/run/mysqld/mysqld.pid
+socket		= /var/run/mysqld/mysqld.sock
+port		= 3306
+basedir		= /usr
+datadir		= /var/lib/mysql
+tmpdir		= /tmp
+lc-messages-dir	= /usr/share/mysql
+skip-external-locking
+
+# Instead of skip-networking the default is now to listen only on
+# localhost which is more compatible and is not less secure.
+#bind-address		= 127.0.0.1
+
+#
+# * Fine Tuning
+#
+key_buffer_size		= 16M
+max_allowed_packet	= 16M
+thread_stack		= 192K
+thread_cache_size       = 8
+# This replaces the startup script and checks MyISAM tables if needed
+# the first time they are touched
+myisam_recover_options  = BACKUP
+#max_connections        = 100
+#table_cache            = 64
+#thread_concurrency     = 10
+
+#
+# * Query Cache Configuration
+#
+query_cache_limit	= 1M
+query_cache_size = 16M
+
+#
+# * Logging and Replication
+#
+# Both location gets rotated by the cronjob.
+# Be aware that this log type is a performance killer.
+# As of 5.1 you can enable the log at runtime!
+#general_log_file        = /var/log/mysql/mysql.log
+#general_log             = 1
+#
+# Error log - should be very few entries.
+#
+log_error = /var/log/mysql/error.log
+#
+# Enable the slow query log to see queries with especially long duration
+#slow_query_log_file	= /var/log/mysql/mariadb-slow.log
+#long_query_time = 10
+#log_slow_rate_limit	= 1000
+#log_slow_verbosity	= query_plan
+#log-queries-not-using-indexes
+#
+# The following can be used as easy to replay backup logs or for replication.
+# note: if you are setting up a replication slave, see README.Debian about
+#       other settings you may need to change.
+#server-id		= 1
+#log_bin			= /var/log/mysql/mysql-bin.log
+expire_logs_days	= 10
+max_binlog_size   = 100M
+#binlog_do_db		= include_database_name
+#binlog_ignore_db	= exclude_database_name
+
+#
+# * InnoDB
+#
+# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
+# Read the manual for more InnoDB related options. There are many!
+
+innodb_buffer_pool_size = 1G
+innodb_flush_log_at_trx_commit = 2
+
+
+#
+# * Security Features
+#
+# Read the manual, too, if you want chroot!
+# chroot = /var/lib/mysql/
+#
+# For generating SSL certificates you can use for example the GUI tool "tinyca".
+#
+# ssl-ca=/etc/mysql/cacert.pem
+# ssl-cert=/etc/mysql/server-cert.pem
+# ssl-key=/etc/mysql/server-key.pem
+#
+# Accept only connections using the latest and most secure TLS protocol version.
+# ..when MariaDB is compiled with OpenSSL:
+# ssl-cipher=TLSv1.2
+# ..when MariaDB is compiled with YaSSL (default in Debian):
+# ssl=on
+
+#
+# * Character sets
+#
+# MySQL/MariaDB default is Latin1, but in Debian we rather default to the full
+# utf8 4-byte character set. See also client.cnf
+#
+character-set-server  = utf8mb4
+collation-server      = utf8mb4_general_ci
+
+#
+# * Unix socket authentication plugin is built-in since 10.0.22-6
+#
+# Needed so the root database user can authenticate without a password but
+# only when running as the unix root user.
+#
+# Also available for other users if required.
+# See https://mariadb.com/kb/en/unix_socket-authentication-plugin/
+
+# this is only for embedded server
+[embedded]
+
+# This group is only read by MariaDB servers, not by MySQL.
+# If you use the same .cnf file for MySQL and MariaDB,
+# you can put MariaDB-only options here
+[mariadb]
+
+# This group is only read by MariaDB-10.1 servers.
+# If you use the same .cnf file for MariaDB of different versions,
+# use this group for options that older servers don't understand
+[mariadb-10.1]

virt/opennebula-5.4-controller/files/mariadb/original-debian9-mariadb-10.1.26--50-server.cnf

@@ -0,0 +1,134 @@
+#
+# These groups are read by MariaDB server.
+# Use it for options that only the server (but not clients) should see
+#
+# See the examples of server my.cnf files in /usr/share/mysql/
+#
+
+# this is read by the standalone daemon and embedded servers
+[server]
+
+# this is only for the mysqld standalone daemon
+[mysqld]
+
+#
+# * Basic Settings
+#
+user		= mysql
+pid-file	= /var/run/mysqld/mysqld.pid
+socket		= /var/run/mysqld/mysqld.sock
+port		= 3306
+basedir		= /usr
+datadir		= /var/lib/mysql
+tmpdir		= /tmp
+lc-messages-dir	= /usr/share/mysql
+skip-external-locking
+
+# Instead of skip-networking the default is now to listen only on
+# localhost which is more compatible and is not less secure.
+bind-address		= 127.0.0.1
+
+#
+# * Fine Tuning
+#
+key_buffer_size		= 16M
+max_allowed_packet	= 16M
+thread_stack		= 192K
+thread_cache_size       = 8
+# This replaces the startup script and checks MyISAM tables if needed
+# the first time they are touched
+myisam_recover_options  = BACKUP
+#max_connections        = 100
+#table_cache            = 64
+#thread_concurrency     = 10
+
+#
+# * Query Cache Configuration
+#
+query_cache_limit	= 1M
+query_cache_size        = 16M
+
+#
+# * Logging and Replication
+#
+# Both location gets rotated by the cronjob.
+# Be aware that this log type is a performance killer.
+# As of 5.1 you can enable the log at runtime!
+#general_log_file        = /var/log/mysql/mysql.log
+#general_log             = 1
+#
+# Error log - should be very few entries.
+#
+log_error = /var/log/mysql/error.log
+#
+# Enable the slow query log to see queries with especially long duration
+#slow_query_log_file	= /var/log/mysql/mariadb-slow.log
+#long_query_time = 10
+#log_slow_rate_limit	= 1000
+#log_slow_verbosity	= query_plan
+#log-queries-not-using-indexes
+#
+# The following can be used as easy to replay backup logs or for replication.
+# note: if you are setting up a replication slave, see README.Debian about
+#       other settings you may need to change.
+#server-id		= 1
+#log_bin			= /var/log/mysql/mysql-bin.log
+expire_logs_days	= 10
+max_binlog_size   = 100M
+#binlog_do_db		= include_database_name
+#binlog_ignore_db	= exclude_database_name
+
+#
+# * InnoDB
+#
+# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
+# Read the manual for more InnoDB related options. There are many!
+
+#
+# * Security Features
+#
+# Read the manual, too, if you want chroot!
+# chroot = /var/lib/mysql/
+#
+# For generating SSL certificates you can use for example the GUI tool "tinyca".
+#
+# ssl-ca=/etc/mysql/cacert.pem
+# ssl-cert=/etc/mysql/server-cert.pem
+# ssl-key=/etc/mysql/server-key.pem
+#
+# Accept only connections using the latest and most secure TLS protocol version.
+# ..when MariaDB is compiled with OpenSSL:
+# ssl-cipher=TLSv1.2
+# ..when MariaDB is compiled with YaSSL (default in Debian):
+# ssl=on
+
+#
+# * Character sets
+#
+# MySQL/MariaDB default is Latin1, but in Debian we rather default to the full
+# utf8 4-byte character set. See also client.cnf
+#
+character-set-server  = utf8mb4
+collation-server      = utf8mb4_general_ci
+
+#
+# * Unix socket authentication plugin is built-in since 10.0.22-6
+#
+# Needed so the root database user can authenticate without a password but
+# only when running as the unix root user.
+#
+# Also available for other users if required.
+# See https://mariadb.com/kb/en/unix_socket-authentication-plugin/
+
+# this is only for embedded server
+[embedded]
+
+# This group is only read by MariaDB servers, not by MySQL.
+# If you use the same .cnf file for MySQL and MariaDB,
+# you can put MariaDB-only options here
+[mariadb]
+
+# This group is only read by MariaDB-10.1 servers.
+# If you use the same .cnf file for MariaDB of different versions,
+# use this group for options that older servers don't understand
+[mariadb-10.1]

virt/opennebula-5.4-controller/files/ssh.config

@@ -0,0 +1,3 @@
+# So ansible does not have to add each hypervisor node to known_hosts
+StrictHostKeyChecking=no
+UserKnownHostsFile=/dev/null

virt/opennebula-5.4-controller/files/sunstone/custom.css

@@ -0,0 +1,151 @@
+/*
+.primary-color {
+  color: #4DBBD3;
+}
+.secondary-color {
+  color: #8a8a8a;
+}
+.success-color {
+  color: #3adb76;
+}
+.warning-color {
+  color: #ffae00;
+}
+.alert-color {
+  color: #ec5840;
+}*/
+
+/*-----APP----*/
+
+body{
+	padding:0;margin:0;
+	font-family:"Lato","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif;
+	font-weight:300;
+	line-height:1.5;
+	color:#0a0a0a;
+	background:#fefefe;
+}
+
+h1,
+h2,
+h3,
+h4,
+h5,
+h6 {
+  font-weight: bold;
+  color: #555;
+}
+
+.thin-font {
+  color: #333;
+}
+
+label.secondary.is-invalid-label {
+  background-color: #ec5840;
+}
+
+.log-tab {
+  background: #6f6f6f;
+  color: #f2f2f2;
+}
+
+fieldset legend {
+    border-bottom: .1538461538rem solid #4DBBD3;
+    color: #555;
+}
+
+
+/*----BUTTONS----*/
+.button {
+    font-weight: bold;
+    margin-right: 0.2rem;
+    box-shadow: 0 2px 5px 1px rgba(0,0,0,0.1);
+    font-size: 1rem;
+    background-color: #4DBBD3;
+    color: #fefefe;
+}
+.button.secondary {
+    background-color: #8a8a8a;
+    color: #fefefe;
+}
+.button.success {
+    background-color: #3adb76;
+    color: #fefefe;
+}
+.button.alert {
+    background-color: #ec5840;
+    color: #fefefe;
+}
+
+/*----MENU----*/
+
+#menu-wrapper {
+  border: 1px solid #dfdfdf;
+  background: #f8f8f8;
+}
+
+#menu #li_support-tab a {
+    border: 1px solid #dfdfdf;
+    background: #fff;
+}
+
+/*----LAYOUT---*/
+
+#footer {
+  font-size: 0.8rem;
+  color:#8a8a8a;
+}
+
+#footer a{
+    color: #8a8a8a;
+}
+
+.provision-logo img {
+    height: 3rem;
+}
+
+/* mReschke */
+.row {
+	max-width: 100%;
+}
+
+#top-row .user-zone-info a{
+	font-weight:bold;
+	color:#555;
+}
+#top-row .user-zone-info .submenu a{
+	color:#8a8a8a;
+}
+#top-row .user-zone-info .submenu a:hover{
+	color:#0a0a0a;
+}
+
+.labels-tree li .labeltree-line{
+	color:#8a8a8a;
+}
+.labels-tree li .labeltree-line:hover{
+	color:#0a0a0a;
+}
+.labels-tree li .labeltree-line .active{
+	color:#333;
+	font-weight:bold;
+}
+.labels-tree .tree-toggle:hover{
+	color:#0a0a0a;
+}
+
+/*----TABLE----*/
+
+table tbody{
+	border-top:1px solid #f4f4f4;
+	/*color: #fff;
+	background: #4DBBD3;*/
+	border-bottom:1px solid #f4f4f4;
+}
+table thead th{
+	color:#555;
+}
+table .markrow,table .markrowchecked{
+	background-color:#f4f4f4;
+	font-weight:normal;
+}

virt/opennebula-5.4-controller/files/sunstone/original--custom.css

@@ -0,0 +1,146 @@
+/*
+.primary-color {
+  color: #4DBBD3;
+}
+.secondary-color {
+  color: #8a8a8a;
+}
+.success-color {
+  color: #3adb76;
+}
+.warning-color {
+  color: #ffae00;
+}
+.alert-color {
+  color: #ec5840;
+}*/
+
+/*-----APP----*/
+
+body{
+	padding:0;margin:0;
+	font-family:"Lato","Helvetica Neue",Helvetica,Roboto,Arial,sans-serif;
+	font-weight:300;
+	line-height:1.5;
+	color:#0a0a0a;
+	background:#fefefe;
+}
+
+h1,
+h2,
+h3,
+h4,
+h5,
+h6 {
+  font-weight: bold;
+  color: #555;
+}
+
+.thin-font {
+  color: #333;
+}
+
+label.secondary.is-invalid-label {
+  background-color: #ec5840;
+}
+
+.log-tab {
+  background: #6f6f6f;
+  color: #f2f2f2;
+}
+
+fieldset legend {
+    border-bottom: .1538461538rem solid #4DBBD3;
+    color: #555;
+}
+
+
+/*----BUTTONS----*/
+.button {
+    font-weight: bold;
+    margin-right: 0.2rem;
+    box-shadow: 0 2px 5px 1px rgba(0,0,0,0.1);
+    font-size: 1rem;
+    background-color: #4DBBD3;
+    color: #fefefe;
+}
+.button.secondary {
+    background-color: #8a8a8a;
+    color: #fefefe;
+}
+.button.success {
+    background-color: #3adb76;
+    color: #fefefe;
+}
+.button.alert {
+    background-color: #ec5840;
+    color: #fefefe;
+}
+
+/*----MENU----*/
+
+#menu-wrapper {
+  border: 1px solid #dfdfdf;
+  background: #f8f8f8;
+}
+
+#menu #li_support-tab a {
+    border: 1px solid #dfdfdf;
+    background: #fff;
+}
+
+/*----LAYOUT---*/
+
+#footer {
+  font-size: 0.8rem;
+  color:#8a8a8a;
+}
+
+#footer a{
+    color: #8a8a8a;
+}
+
+.provision-logo img {
+    height: 3rem;
+}
+
+#top-row .user-zone-info a{
+	font-weight:bold;
+	color:#555;
+}
+#top-row .user-zone-info .submenu a{
+	color:#8a8a8a;
+}
+#top-row .user-zone-info .submenu a:hover{
+	color:#0a0a0a;
+}
+
+.labels-tree li .labeltree-line{
+	color:#8a8a8a;
+}
+.labels-tree li .labeltree-line:hover{
+	color:#0a0a0a;
+}
+.labels-tree li .labeltree-line .active{
+	color:#333;
+	font-weight:bold;
+}
+.labels-tree .tree-toggle:hover{
+	color:#0a0a0a;
+}
+
+/*----TABLE----*/
+
+table tbody{
+	border-top:1px solid #f4f4f4;
+	/*color: #fff;
+	background: #4DBBD3;*/
+	border-bottom:1px solid #f4f4f4;
+}
+table thead th{
+	color:#555;
+}
+table .markrow,table .markrowchecked{
+	background-color:#f4f4f4;
+	font-weight:normal;
+}

virt/opennebula-5.4-controller/handlers/main.yml

@@ -0,0 +1,12 @@
+---
+- name: restart mariadb
+  service: name=mariadb state=restarted
+
+- name: restart redis
+  service: name=redis-server state=restarted
+
+- name: restart opennebula
+  service: name=opennebula state=restarted
+
+- name: restart sunstone
+  service: name=opennebula-sunstone state=restarted

virt/opennebula-5.4-controller/tasks/configure-mariadb.yml

@@ -0,0 +1,38 @@
+---
+# Copy MariaDBs server config file
+- name: Writing /etc/mysql/mariadb.conf.d/50-server.cnf
+  template:
+    src: "files/mariadb/50-server.cnf"
+    dest: "/etc/mysql/mariadb.conf.d/50-server.cnf"
+    owner: root
+    group: root
+    mode: 0644 #-rw-r--r--
+  notify: restart mariadb # Only runs if file changed!
+
+# Set MySQL options defined in OpenNebula docs
+- name: Configuring MySQL isolation level for OpenNebula
+  command: mysql -e "SET GLOBAL TRANSACTION ISOLATION LEVEL READ COMMITTED;"
+
+# Create the opennebula MySQL database
+- name: Creating the OpenNebula database
+  mysql_db:
+    name: opennebula
+    state: present
+
+# Create oneadmin MySQL user
+- name: Creating MySQL oneadmin user
+  mysql_user:
+    name: oneadmin
+    host: localhost # This is local user, you cannot access MySQL on this user remotely (not '%' login), this is good
+    password: '{{ oneadmin_password }}'
+    priv: 'opennebula.*:ALL'
+    state: present # Verified if you change the PW and re-run, it DOES change properly!
+
+# Create MySQL accounts for employee mreschke
+- name: Creating MySQL account for mreschke
+  mysql_user:
+    name: mreschke
+    host: '%'
+    password: '{{ mreschke_password }}'
+    priv: '*.*:ALL'
+    state: present

virt/opennebula-5.4-controller/tasks/configure-redis.yml

@@ -0,0 +1,10 @@
+---
+# Copy Redis server config file
+- name: Writing /etc/redis/redis.conf
+  copy:
+    src: "files/redis/redis.conf"
+    dest: "/etc/redis/redis.conf"
+    owner: root
+    group: root
+    mode: 0644 # -rw-r--r--
+  notify: restart redis # Only runs if file changed!

virt/opennebula-5.4-controller/tasks/configure.yml

@@ -0,0 +1,74 @@
+---
+# Configure mariadb and redis
+- include_tasks: configure-mariadb.yml
+- include_tasks: configure-redis.yml
+
+# Configure OpenNebula /etc/one/oned.conf
+- name: Writing /etc/one/oned.conf configuration
+  template:
+    src: "files/oned.conf"
+    dest: "/etc/one/oned.conf"
+    owner: root
+    group: root
+    mode: 0644 #-rw-r--r--
+  notify: restart opennebula
+
+# Override sunstone CSS
+- name: Writing custom sunstone css file
+  copy:
+    src: 'files/sunstone/custom.css'
+    dest: '/usr/lib/one/sunstone/public/css/custom.css'
+    owner: 'oneadmin'
+    group: 'oneadmin'
+    mode: 0644
+  notify: restart sunstone
+
+# Set oneadmin password (not linux password, but OpenNebula software password)
+- lineinfile:
+    path: /var/lib/one/.one/one_auth
+    regexp: '^oneadmin:'
+    line: 'oneadmin:{{ oneadmin_password }}'
+  notify: restart opennebula
+
+# Installing OpenNebula automatically creates user oneadmin ID 9869
+# We just need to set the [linux user] password here
+- name: Setting oneadmin linux password
+  user:
+    name: 'oneadmin'
+    password: '{{ oneadmin_linux_password }}'
+    update_password: always
+
+# Copy ssh client config for oneadmin user
+- name: Copying oneadmin SSH client config
+  copy:
+    src: 'files/ssh.config'
+    dest: '/var/lib/one/.ssh/config'
+    owner: 'oneadmin'
+    group: 'oneadmin'
+    mode: 0644
+
+# Authorize oneadmin user to SSH into itself
+- name: Authorizing SSH keys for oneadmin
+  authorized_key:
+    user: 'oneadmin'
+    key: '{{ item }}'
+  with_file:
+    - '../../users/keys/oneadmin.key.pub'
+
+# Create oneadmin public key
+- name: Copying oneadmin SSH public key
+  copy:
+    src: '../../users/keys/oneadmin.key.pub'
+    dest: '/var/lib/one/.ssh/id_rsa.pub'
+    owner: 'oneadmin'
+    group: 'oneadmin'
+    mode: 0644
+
+# Create oneadmin private key
+- name: Copying oneadmin SSH private key
+  copy:
+    src: '../../../vault/oneadmin.key'
+    dest: '/var/lib/one/.ssh/id_rsa'
+    owner: 'oneadmin'
+    group: 'oneadmin'
+    mode: 0600

virt/opennebula-5.4-controller/tasks/install.yml

@@ -0,0 +1,24 @@
+---
+- name: Adding Debian 9 OpenNebula GPG key
+  apt_key: url='https://downloads.opennebula.org/repo/repo.key' state=present
+  #when: ansible_os_family == "Debian" and ansible_distribution_major_version == "9"
+
+- name: Adding Debian 9 OpenNebula repository
+  apt_repository: repo='deb https://downloads.opennebula.org/repo/5.4/Debian/9 stable opennebula' state=present
+  #when: ansible_os_family == "Debian" and ansible_distribution_major_version == "9"
+
+# Install OpenNebula
+- name: Installing OpenNebula controller applications
+  apt:
+    update_cache: yes
+    state: present
+    name:
+      - opennebula
+      - opennebula-sunstone
+      - opennebula-gate
+      - opennebula-flow
+
+# Install OpenNebula ruby gem dependencies (ONE TIME)
+- name: Installing OpenNebula ruby gem dependencies
+  command: '/usr/share/one/install_gems --yes'
+  run_once: true

virt/opennebula-5.4-controller/tasks/main.yml

@@ -0,0 +1,16 @@
+---
+# Install and Configure OpenNebula and Mysql
+- include_tasks: install.yml
+- include_tasks: configure.yml
+
+# Ensure opennebula service is running
+- name: Starting OpenNebula Service
+  service:
+    name: opennebula
+    state: started
+
+# Ensure opennebula-sunstone service is running
+- name: Starting OpenNebula Sunstone Service
+  service:
+    name: opennebula-sunstone
+    state: started

virt/opennebula-5.4-controller/tasks/user.yml

@@ -0,0 +1,44 @@
+---
+#OBSOLETE, you can delete when ready, afte review
+# but this is done in /controller.yml as part of role: users now
+
+# Create oneadmin group
+- name: Creating group oneadmin
+  group:
+    name: 'oneadmin'
+
+# Create oneadmin user
+- name: Create user oneadmin
+  user:
+    name: 'oneadmin'
+    comment: 'oneadmin'
+    group: 'oneadmin'
+    groups: [oneadmin,disk]
+    password: '{{ oneadmin_password }}'
+    shell: /bin/bash
+
+# Set oneadmin SSH keys
+- name: Copying oneadmin SSH public key
+  copy:
+    src: oneadmin.key.pub
+    dest: /var/lib/one/.ssh/id_rsa.pub
+    owner: oneadmin
+    group: oneadmin
+    mode: 0644
+
+- name: Copying oneadmin SSH private key
+  copy:
+    src: ../../../vault/oneadmin.key
+    dest: /var/lib/one/.ssh/id_rsa
+    owner: oneadmin
+    group: oneadmin
+    mode: 0600
+
+# Authorize oneadmin to SSH to self
+- name: Authorizing oneadmin SSH keys
+  authorized_key:
+    user: 'oneadmin'
+    key: '{{ item }}'
+    exclusive: true
+  with_file:
+    - 'files/oneadmin.key.pub'