oVirt Infra

The oVirt.infra role enables you to set up oVirt infrastructure including: mac pools, data centers, clusters, networks, hosts, users, and groups.

Requirements

• oVirt Python SDK version 4
• Ansible version 2.4

Role Variables

Datacenter

To setup/cleanup datacenter you can use following variables:

Name	Default value	Description
data_center_name	UNDEF	Name of the data center.
data_center_description	UNDEF	Description of the data center.
data_center_local	false	Specify whether the data center is shared or local.
compatibility_version	UNDEF	Compatibility version of data center.
data_center_state	present	Specify whether the datacenter should be present or absent.
recursive_cleanup	false	Specify whether to recursively remove all entities inside DC. Valid only when state == absent.
format_storages	false	Specify whether to format ALL the storages that are going to be removed as part of the DC. Valid only when data_center_state == absent and recursive_cleanup == true.

MAC pools

To setup MAC pools you can define list variable called mac_pools. The items in mac_pools list variable can contain the following parameters:

Name	Default value	Description
mac_pool_name	UNDEF	Name of the the MAC pool to manage.
mac_pool_ranges	UNDEF	List of MAC ranges. The from and to should be splitted by comma. For example: 00:1a:4a:16:01:51,00:1a:4a:16:01:61
mac_pool_allow_duplicates	UNDEF	If (true) allow a MAC address to be used multiple times in a pool. Default value is set by oVirt engine to false.

Clusters

To setup clusters you can define list variable called clusters. The items in clusters list variable can contain the following parameters:

Name	Default value	Description
name	UNDEF (Required)	Name of the cluster.
state	present	State of the cluster.
cpu_type	Intel Conroe Family	CPU type of the cluster.
profile	UNDEF	The cluster profile. You can choose a predefined cluster profile, see the tables below.
ballooning	UNDEF	If True enable memory balloon optimization. Memory balloon is used to re-distribute / reclaim the host memory based on VM needs in a dynamic way.
description	UNDEF	Description of the cluster.
ksm	UNDEF	I True MoM enables to run Kernel Same-page Merging KSM when necessary and when it can yield a memory saving benefit that outweighs its CPU cost.
ksm_numa	UNDEF	If True enables KSM ksm for best berformance inside NUMA nodes.
vm_reason	UNDEF	If True enable an optional reason field when a virtual machine is shut down from the Manager, allowing the administrator to provide an explanation for the maintenance.
host_reason	UNDEF	If True enable an optional reason field when a host is placed into maintenance mode from the Manager, allowing the administrator to provide an explanation for the maintenance.
memory_policy alias: performance_preset	UNDEF	disabled - Disables memory page sharing. server - Sets the memory page sharing threshold to 150% of the system memory on each host. desktop - Sets the memory page sharing threshold to 200% of the system memory on each host.
migration_policy	UNDEF	A migration policy defines the conditions for live migrating virtual machines in the event of host failure. Following policies are supported: legacy - Legacy behavior of 3.6 version. minimal_downtime - Virtual machines should not experience any significant downtime. suspend_workload - Virtual machines may experience a more significant downtime. post_copy - Virtual machines should not experience any significant downtime. If the VM migration is not converging for a long time, the migration will be switched to post-copy
scheduling_policy	UNDEF	The scheduling policy used by the cluster.
ha_reservation	UNDEF	If True enable the oVirt/RHV to monitor cluster capacity for highly available virtual machines.
fence_enabled	UNDEF	If True, enables fencing on the cluster.
fence_connectivity_threshold	UNDEF	The threshold used by fence_skip_if_connectivity_broken.
fence_skip_if_connectivity_broken	UNDEF	If True, fencing will be temporarily disabled if the percentage of hosts in the cluster that are experiencing connectivity issues is greater than or equal to the defined threshold.
fence_skip_if_sd_active	UNDEF	If True, any hosts in the cluster that are Non Responsive and still connected to storage will not be fenced.
mac_pool	UNDEF	Mac pool name.
comment	UNDEF	Comment of the cluster.
migration_bandwidth	UNDEF	The bandwidth settings define the maximum bandwidth of both outgoing and incoming migrations per host. Following bandwidth options are supported: auto - Bandwidth is copied from the rate limit [Mbps] setting in the data center host network QoS. hypervisor_default - Bandwidth is controlled by local VDSM setting on sending host. custom - Defined by user (in Mbps).
migration_bandwidth_limit	UNDEF	Set the custom migration bandwidth limit.
network	UNDEF	Management network of cluster to access cluster hosts.
resilience_policy	UNDEF	The resilience policy defines how the virtual machines are prioritized in the migration. Following values are supported: do_not_migrate - Prevents virtual machines from being migrated. migrate - Migrates all virtual machines in order of their defined priority. migrate_highly_available - Migrates only highly available virtual machines to prevent overloading other hosts.
rng_sources	UNDEF	List that specify the random number generator devices that all hosts in the cluster will use. Supported generators are: hwrng and random.
serial_policy	UNDEF	Specify a serial number policy for the virtual machines in the cluster. Following options are supported: vm - Sets the virtual machine's UUID as its serial number. host - Sets the host's UUID as the virtual machine's serial number. custom - Allows you to specify a custom serial number in serial_policy_value.
serial_policy_value	UNDEF	Allows you to specify a custom serial number. This parameter is used only when serial_policy is custom.
spice_proxy	UNDEF	The proxy by which the SPICE client will connect to virtual machines. The address must be in the following format: protocol://[host]:[port]
switch_type	UNDEF	Type of switch to be used by all networks in given cluster. Either legacy which is using linux brigde or ovs using Open vSwitch.
threads_as_cores	UNDEF	If True the exposed host threads would be treated as cores which can be utilized by virtual machines.
trusted_service	UNDEF	If True enable integration with an OpenAttestation server.
virt	UNDEF	If True, hosts in this cluster will be used to run virtual machines. Default is true.
gluster	UNDEF	If True, hosts in this cluster will be used as Gluster Storage server nodes, and not for running virtual machines.

More information about the parameters can be found in the ovirt_clusters module documentation.

Cluster Profile

Possible profile options of cluster are development and production, their default values are described below:

Development

The development profile of the cluster have predefined following vaules:

Parameter	Value
ballooning	true
ksm	true
host_reason	false
vm_reason	false
memory_policy	server
migration_policy	post_copy

Production

The production profile of the cluster have predefined following vaules:

Parameter	Value
ballooning	false
ksm	false
host_reason	true
vm_reason	true
memory_policy	disabled
migration_policy	suspend_workload
scheduling_policy	evenly_distributed
ha_reservation	true
fence_enabled	true
fence_skip_if_connectivity_broken	true
fence_skip_if_sd_active	true

Hosts

To setup hosts you can define list variable called hosts. The items in hosts list variable can contain the following parameters:

Name	Default value	Description
name	UNDEF (Required)	Name of the host.
state	present	Specifies whether the host is present or absent.
address	UNDEF (Required)	IP address or FQDN of the host.
password	UNDEF	The host's root password. Required if public_key is false.
public_key	UNDEF	If true the public key should be used to authenticate to host.
cluster	UNDEF (Required)	The cluster that the host must connect to.
timeout	1200	Maximum wait time for the host to be in an UP state.
poll_interval	20	Polling interval to check the host status.

Networks

Logical networks

To setup logical networks you can define list variable called logical_networks. The logical_networks list can contain following parameters:

Name	Default value	Description
name	UNDEF	Name of the network.
state	present	Specifies whether the network state is present or absent.
vlan_tag	UNDEF	IP address or FQDN of the host.
vm_network	UNDEF	Root password of the host.
mtu	UNDEF	Cluster which host should connect to.
description	1200	Maximum wait time for host to be in an UP state.
clusters	20	Polling interval to check the host status.

More information about the parameters can be found in the ovirt_networks module documentation.

Host networks

To setup host networks you can define list variable called host_networks. The host_networks list can contain following parameters:

Name	Default value	Description
name	UNDEF	Name of the host.
state	UNDEF	Specifies whether the network state is present or absent.
check	UNDEF	If true, verifies the connection between the host and engine.
save	UNDEF	If true, the network configuration will be persistent, by default it is temporary.
bond	UNDEF	Dictionary describing the network bond.
networks	UNDEF	Dictionary describing the networks to be attached to the interface or bond.
labels	UNDEF	List of names of the network label to be assigned to the bond or interface.
interface	UNDEF	Name of the network interface where the logical network should be attached.

More information about the parameters can be found in the ovirt_host_networks module documentation.

Storages

To setup storages you can define dictionary variable called storages. The value of item in storages dictionary can contain following parameters (the key is always a name of the storage):

Name	Default value	Description
master	false	If true, the storage will be added as the first storage, meaning it will be the master storage.
domain_function	data	The function of the storage domain. Possible values are: iso export data .
nfs	UNDEF	Dictionary defining NFS storage.
iscsi	UNDEF	Dictionary defining iSCSI storage.
posixfs	UNDEF	Dictionary defining PosixFS storage.
fcp	UNDEF	Dictionary defining FCP storage.
glusterfs	UNDEF	Dictionary defining glusterFS storage.

More information about the parameters can be found in the ovirt_storage_domains module documentation.

AAA JDBC

Users

To setup users in AAA JDBC provider you can define dictionary variable called users. The items in users list can contain the following parameters:

Name	Default value	Description
state	present	Specifies whether the user is present or absent.
name	UNDEF	Name of the user.
authz_name	UNDEF	Authorization provider of the user.
password	UNDEF	Password of the user.
valid_to	UNDEF	Specifies the date that the account remains valid.
attributes	UNDEF	A dict of attributes related to the user. Available attributes: department description displayName email firstName lasName title

User groups

To setup user groups in AAA JDBC provider you can define dictionary variable called user_groups. The items in user_groups list can contain the following parameters:

Name	Default value	Description
state	present	Specifies whether the group is present or absent.
name	UNDEF	Name of the group.
authz_name	UNDEF	Authorization provider of the group.
users	UNDEF	List of users that belong to this group.

Permissions

To setup permissions of users or groups you can define dictionary variable called permissions. The items in permissions list variable can contain following parameters:

Name	Default value	Description
state	present	Specifies whether the state of the permission is present or absent.
user_name	UNDEF	The user to manage the permission for.
group_name	UNDEF	Name of the group to manage the permission for.
authz_name	UNDEF	Name of the authorization provider of the group or user.
role	UNDEF	The role to be assigned to the user or group.
object_type	UNDEF	The object type which should be used to assign the permission. Possible object types are: data_center cluster host storage_domain network disk vm vm_pool template cpu_profile disk_profile vnic_profile system
object_name	UNDEF	Name of the object where the permission should be assigned.

External providers

To setup external providers you can define dictionary variable called external_providers. The items in external_providers list variable can contain following parameters:

Name	Default value	Description
name	UNDEF (Required)	Name of the external provider.
state	present	State of the external provider. Values can be: present absent
type	UNDEF (Required)	Type of the external provider. Values can be: os_image network os_volume foreman
url	UNDEF	URL where external provider is hosted. Required if state is present.
username	UNDEF	Username to be used for login to external provider. Applicable for all types.
password	UNDEF	Password of the user specified in username parameter. Applicable for all types.
tenant	UNDEF	Name of the tenant.
auth_url	UNDEF	Keystone authentication URL of the openstack provider. Required for: os_image network os_volume
data_center	UNDEF	Name of the data center where provider should be attached. Applicable for type os_volume.

More information about the parameters can be found in the ovirt_external_providers module documentation.

Example Playbook

---
- name: oVirt infra
  hosts: localhost
  connection: local
  gather_facts: false

  vars:
     engine_url: https://ovirt-engine.example.com/ovirt-engine/api
     engine_user: admin@internal
     engine_password: 123456
     engine_cafile: /etc/pki/ovirt-engine/ca.pem
     
     data_center_name: mydatacenter
     compatibility_version: 4.1

    mac_pools:
      - mac_pool_name: "Default"
        mac_pool_ranges:
          - "00:1a:4a:16:01:51,00:1a:4a:16:01:61"

     clusters:
      - name: production
        cpu_type: Intel Conroe Family
        profile: production
     
     hosts:
      - name: myhost
        address: 1.2.3.4
        cluster: production
        password: 123456
      - name: myhost1
        address: 5.6.7.8
        cluster: production
        password: 123456
     
     storages:
       mynfsstorage:
         master: true
         state: present
         nfs:
           address: 10.11.12.13
           path: /the_path
       myiscsistorage:
         state: present
         iscsi:
           target: iqn.2014-07.org.ovirt:storage
           port: 3260
           address: 100.101.102.103
           username: username
           password: password
           lun_id: 3600140551fcc8348ea74a99b6760fbb4
       mytemplates:
         domain_function: export
         nfs:
           address: 100.101.102.104
           path: /exports/nfs/exported
       myisostorage:
         domain_function: iso
         nfs:
           address: 100.101.102.105
           path: /exports/nfs/iso
     
     logical_networks:
       - name: mynetwork
         clusters:
           - name: development
             assigned: yes
             required: no
             display: no
             migration: yes
             gluster: no
     
     host_networks:
       - name: myhost1
         check: true
         save: true
         bond:
           name: bond0
           mode: 2
           interfaces:
             - eth2
             - eth3
         networks:
           - name: mynetwork
             boot_protocol: dhcp
     
     users:
      - name: john.doe
        authz_name: internal-authz
        password: 123456
        valid_to: "2018-01-01 00:00:00Z"
      - name: joe.doe
        authz_name: internal-authz
        password: 123456
        valid_to: "2018-01-01 00:00:00Z"
     
     user_groups:
      - name: admins
        authz_name: internal-authz
        users:
         - john.doe
         - joe.doe
     
     permissions:
      - state: present
        user_name: john.doe
        authz_name: internal-authz
        role: UserROle
        object_type: cluster
        object_name: production
     
      - state: present
        group_name: admins
        authz_name: internal-authz
        role: UserVmManager
        object_type: cluster
        object_name: production

     external_providers:
       - name: myglance
         type: os_image
         state: present
         url: http://externalprovider.example.com:9292
         username: admin
         password: secret
         tenant: admin
         auth_url: http://externalprovider.example.com:35357/v2.0/

  pre_tasks:
    - name: Login to oVirt
      ovirt_auth:
        url: "{{ engine_url }}"
        username: "{{ engine_user }}"
        password: "{{ engine_password }}"
        ca_file: "{{ engine_cafile | default(omit) }}"
        insecure: "{{ engine_insecure | default(true) }}"
      tags:
        - always

  roles:
    - oVirt.infra

  post_tasks:
    - name: Logout from oVirt
      ovirt_auth:
        state: absent
        ovirt_auth: "{{ ovirt_auth }}"
      tags:
        - always

License

Apache License 2.0