Move all shared into this new repo

virt/opennebula-5.4-controller/tasks/configure-mariadb.yml

@@ -0,0 +1,38 @@
+---
+# Copy MariaDBs server config file
+- name: Writing /etc/mysql/mariadb.conf.d/50-server.cnf
+  template:
+    src: "files/mariadb/50-server.cnf"
+    dest: "/etc/mysql/mariadb.conf.d/50-server.cnf"
+    owner: root
+    group: root
+    mode: 0644 #-rw-r--r--
+  notify: restart mariadb # Only runs if file changed!
+
+# Set MySQL options defined in OpenNebula docs
+- name: Configuring MySQL isolation level for OpenNebula
+  command: mysql -e "SET GLOBAL TRANSACTION ISOLATION LEVEL READ COMMITTED;"
+
+# Create the opennebula MySQL database
+- name: Creating the OpenNebula database
+  mysql_db:
+    name: opennebula
+    state: present
+
+# Create oneadmin MySQL user
+- name: Creating MySQL oneadmin user
+  mysql_user:
+    name: oneadmin
+    host: localhost # This is local user, you cannot access MySQL on this user remotely (not '%' login), this is good
+    password: '{{ oneadmin_password }}'
+    priv: 'opennebula.*:ALL'
+    state: present # Verified if you change the PW and re-run, it DOES change properly!
+
+# Create MySQL accounts for employee mreschke
+- name: Creating MySQL account for mreschke
+  mysql_user:
+    name: mreschke
+    host: '%'
+    password: '{{ mreschke_password }}'
+    priv: '*.*:ALL'
+    state: present

virt/opennebula-5.4-controller/tasks/configure-redis.yml

@@ -0,0 +1,10 @@
+---
+# Copy Redis server config file
+- name: Writing /etc/redis/redis.conf
+  copy:
+    src: "files/redis/redis.conf"
+    dest: "/etc/redis/redis.conf"
+    owner: root
+    group: root
+    mode: 0644 # -rw-r--r--
+  notify: restart redis # Only runs if file changed!

virt/opennebula-5.4-controller/tasks/configure.yml

@@ -0,0 +1,74 @@
+---
+# Configure mariadb and redis
+- include_tasks: configure-mariadb.yml
+- include_tasks: configure-redis.yml
+
+# Configure OpenNebula /etc/one/oned.conf
+- name: Writing /etc/one/oned.conf configuration
+  template:
+    src: "files/oned.conf"
+    dest: "/etc/one/oned.conf"
+    owner: root
+    group: root
+    mode: 0644 #-rw-r--r--
+  notify: restart opennebula
+
+# Override sunstone CSS
+- name: Writing custom sunstone css file
+  copy:
+    src: 'files/sunstone/custom.css'
+    dest: '/usr/lib/one/sunstone/public/css/custom.css'
+    owner: 'oneadmin'
+    group: 'oneadmin'
+    mode: 0644
+  notify: restart sunstone
+
+# Set oneadmin password (not linux password, but OpenNebula software password)
+- lineinfile:
+    path: /var/lib/one/.one/one_auth
+    regexp: '^oneadmin:'
+    line: 'oneadmin:{{ oneadmin_password }}'
+  notify: restart opennebula
+
+# Installing OpenNebula automatically creates user oneadmin ID 9869
+# We just need to set the [linux user] password here
+- name: Setting oneadmin linux password
+  user:
+    name: 'oneadmin'
+    password: '{{ oneadmin_linux_password }}'
+    update_password: always
+
+# Copy ssh client config for oneadmin user
+- name: Copying oneadmin SSH client config
+  copy:
+    src: 'files/ssh.config'
+    dest: '/var/lib/one/.ssh/config'
+    owner: 'oneadmin'
+    group: 'oneadmin'
+    mode: 0644
+
+# Authorize oneadmin user to SSH into itself
+- name: Authorizing SSH keys for oneadmin
+  authorized_key:
+    user: 'oneadmin'
+    key: '{{ item }}'
+  with_file:
+    - '../../users/keys/oneadmin.key.pub'
+
+# Create oneadmin public key
+- name: Copying oneadmin SSH public key
+  copy:
+    src: '../../users/keys/oneadmin.key.pub'
+    dest: '/var/lib/one/.ssh/id_rsa.pub'
+    owner: 'oneadmin'
+    group: 'oneadmin'
+    mode: 0644
+
+# Create oneadmin private key
+- name: Copying oneadmin SSH private key
+  copy:
+    src: '../../../vault/oneadmin.key'
+    dest: '/var/lib/one/.ssh/id_rsa'
+    owner: 'oneadmin'
+    group: 'oneadmin'
+    mode: 0600

virt/opennebula-5.4-controller/tasks/install.yml

@@ -0,0 +1,24 @@
+---
+- name: Adding Debian 9 OpenNebula GPG key
+  apt_key: url='https://downloads.opennebula.org/repo/repo.key' state=present
+  #when: ansible_os_family == "Debian" and ansible_distribution_major_version == "9"
+
+- name: Adding Debian 9 OpenNebula repository
+  apt_repository: repo='deb https://downloads.opennebula.org/repo/5.4/Debian/9 stable opennebula' state=present
+  #when: ansible_os_family == "Debian" and ansible_distribution_major_version == "9"
+
+# Install OpenNebula
+- name: Installing OpenNebula controller applications
+  apt:
+    update_cache: yes
+    state: present
+    name:
+      - opennebula
+      - opennebula-sunstone
+      - opennebula-gate
+      - opennebula-flow
+
+# Install OpenNebula ruby gem dependencies (ONE TIME)
+- name: Installing OpenNebula ruby gem dependencies
+  command: '/usr/share/one/install_gems --yes'
+  run_once: true

virt/opennebula-5.4-controller/tasks/main.yml

@@ -0,0 +1,16 @@
+---
+# Install and Configure OpenNebula and Mysql
+- include_tasks: install.yml
+- include_tasks: configure.yml
+
+# Ensure opennebula service is running
+- name: Starting OpenNebula Service
+  service:
+    name: opennebula
+    state: started
+
+# Ensure opennebula-sunstone service is running
+- name: Starting OpenNebula Sunstone Service
+  service:
+    name: opennebula-sunstone
+    state: started

virt/opennebula-5.4-controller/tasks/user.yml

@@ -0,0 +1,44 @@
+---
+#OBSOLETE, you can delete when ready, afte review
+# but this is done in /controller.yml as part of role: users now
+
+# Create oneadmin group
+- name: Creating group oneadmin
+  group:
+    name: 'oneadmin'
+
+# Create oneadmin user
+- name: Create user oneadmin
+  user:
+    name: 'oneadmin'
+    comment: 'oneadmin'
+    group: 'oneadmin'
+    groups: [oneadmin,disk]
+    password: '{{ oneadmin_password }}'
+    shell: /bin/bash
+
+# Set oneadmin SSH keys
+- name: Copying oneadmin SSH public key
+  copy:
+    src: oneadmin.key.pub
+    dest: /var/lib/one/.ssh/id_rsa.pub
+    owner: oneadmin
+    group: oneadmin
+    mode: 0644
+
+- name: Copying oneadmin SSH private key
+  copy:
+    src: ../../../vault/oneadmin.key
+    dest: /var/lib/one/.ssh/id_rsa
+    owner: oneadmin
+    group: oneadmin
+    mode: 0600
+
+# Authorize oneadmin to SSH to self
+- name: Authorizing oneadmin SSH keys
+  authorized_key:
+    user: 'oneadmin'
+    key: '{{ item }}'
+    exclusive: true
+  with_file:
+    - 'files/oneadmin.key.pub'