Add role: engine_setup

build.sh

@@ -48,7 +48,7 @@ install() {
   mkdir -p $PKG_DATA_DIR/$COLLECTION_NAMESPACE/$COLLECTION_NAME
   mkdir -p $PKG_DOC_DIR
 
-  cp -pR plugins/ $PKG_DATA_DIR/$COLLECTION_NAMESPACE/$COLLECTION_NAME
+  cp -pR plugins/ roles/ $PKG_DATA_DIR/$COLLECTION_NAMESPACE/$COLLECTION_NAME
 
   if [[ $BUILD_TYPE = "rhv" ]]; then
     echo "Creating link to ovirt.ovirt"

changelogs/README.md

@@ -6,7 +6,7 @@
 
 ```yaml
 ---
-- minor_changes:
+minor_changes:
   - ovirt_disk - Add backup (https://github.com/oVirt/ovirt-ansible-collection/pull/57).
 
 ```

changelogs/fragments/add-engine_setup-role.yml

@@ -0,0 +1,3 @@
+---
+major_changes:
+  - engine_setup - Migrate role (https://github.com/oVirt/ovirt-ansible-collection/pull/69).

roles/engine_setup/README.md

@@ -0,0 +1,138 @@
+oVirt Engine Setup
+==================
+
+Installs required packages for oVirt Engine deployment, generates answerfile
+and runs engine_setup.
+Optionally the role updates oVirt engine packages.
+
+Role Variables
+--------------
+
+By default engine_setup uses an answer file specific for version of oVirt
+based on ``ovirt_engine_setup_version`` parameter. You can provide your own answer file
+to ``ovirt_engine_setup_answer_file_path`` variable.
+
+* Common options for role:
+
+| Name                            | Default value         |  Description                                              |
+|---------------------------------|-----------------------|-----------------------------------------------------------|
+| ovirt_engine_setup_answer_file_path   | UNDEF                 | Path to custom answerfile for `engine-setup`. |
+| ovirt_engine_setup_use_remote_answer_file | False             | If `True`, use answerfile's path on the remote machine. This option should be used if the installation occurs on the remote machine and the answerfile is located there as well. |
+| ovirt_engine_setup_update_setup_packages | False              | If `True`, setup packages will be updated before `engine-setup` is executed. It makes sense if Engine has already been installed. |
+| ovirt_engine_setup_perform_upgrade    | False                 | If `True`, this role is used to perform an upgrade. |
+| ovirt_engine_setup_product_type       | oVirt                 | One of ["oVirt", "RHV"], case insensitive. |
+| ovirt_engine_setup_offline            | False                 | If `True`, updates for all packages will be disabled. |
+
+* Common options for engine:
+
+| Name                            | Default value         |  Description                                              |
+|---------------------------------|-----------------------|-----------------------------------------------------------|
+| ovirt_engine_setup_version            | 4.4                   | Allowed versions: [4.1, 4.2, 4.3, 4.4]. |
+| ovirt_engine_setup_package_list       | []                    | List of extra packages to be installed on engine apart from `ovirt-engine` package. |
+| ovirt_engine_setup_fqdn               | UNDEF                 | Host fully qualified DNS name of the server. |
+| ovirt_engine_setup_organization       | UNDEF                 | Organization name for certificate. |
+| ovirt_engine_setup_firewall_manager   | firewalld             | Specify the type of firewall manager to configure on Engine host, following values are available: `firewalld`,`iptables` or empty value (`null`) to skip firewall configuration. |
+| ovirt_engine_setup_require_rollback   | UNDEF                 | If `True`, setup will require to be able to rollback new packages in case of a failure. If not specified, the default answer from `engine-setup` will be used. Valid for updating/upgrading. |
+| ovirt_engine_setup_admin_password     | UNDEF                 | Password for the automatically created administrative user of the oVirt Engine.
+| ovirt_engine_setup_wait_running_tasks | False                 | If `True`, engine-setup will wait for running tasks to finish. Valid for `ovirt_engine_setup_version` >= 4.2. |
+| ovirt_engine_cinderlib_enable         | False                 | If `True`, cinderlib is enabled. Valid for `ovirt_engine_setup_version` >= 4.3. |
+| ovirt_engine_setup_engine_configs     | []                    | List of dictionaries with keys `key`, `value` and `version`. The engine-config will be called with parametrs "-s `key`=`value`" when specified `version` it will append "--cver=`version`" to the config.  |
+
+* Engine Database:
+
+| Name                            | Default value         |  Description                                              |
+|---------------------------------|-----------------------|-----------------------------------------------------------|
+| ovirt_engine_setup_db_host            | localhost             | IP address or host name of a PostgreSQL server for Engine database. By default the database will be configured on the same host as the Engine. |
+| ovirt_engine_setup_db_port            | 5432                  | Engine database port. |
+| ovirt_engine_setup_db_name            | engine                | Engine database name. |
+| ovirt_engine_setup_db_user            | engine                | Engine database user. |
+| ovirt_engine_setup_db_password        | UNDEF                 | Engine database password. |
+| ovirt_engine_setup_engine_vacuum_full | False                 | Used only when upgrading. If `True`, engine database vacuum will be performed before upgrade. |
+
+* Engine Data Warehouse Database:
+
+| Name                            | Default value         |  Description                                              |
+|---------------------------------|-----------------------|-----------------------------------------------------------|
+| ovirt_engine_setup_dwh_db_configure   | True            | If `True`, the DWH Database will be configured manually. |
+| ovirt_engine_setup_dwh_db_host        | localhost             | IP address or host name of a PostgreSQL server for DWH database. By default the DWH database will be configured on the same host as the Engine. |
+| ovirt_engine_setup_dwh_db_port        | 5432                  | DWH database port. |
+| ovirt_engine_setup_dwh_db_name        | ovirt_engine_history  | DWH database name. |
+| ovirt_engine_setup_dwh_db_user        | ovirt_engine_history  | DWH database user. |
+| ovirt_engine_setup_dwh_db_password    | UNDEF                 | DWH database password. |
+| ovirt_engine_setup_dwh_vacuum_full    | False                 | Used only when upgrading. If `True`, DWH databse vacuum will be performed before upgrade. |
+
+* OVN related options:
+
+| Name                            | Default value         |  Description                                              |
+|---------------------------------|-----------------------|-----------------------------------------------------------|
+| ovirt_engine_setup_provider_ovn_configure| True               | If `True`, OVN provider will be configured. Valid for `ovirt_engine_setup_version` >= 4.2. |
+| ovirt_engine_setup_provider_ovn_username | admin@internal     | Username for OVN. |
+| ovirt_engine_setup_provider_ovn_password | UNDEF              | Password for OVN. |
+
+* Apache related options:
+
+| Name                            | Default value         |  Description                                              |
+|---------------------------------|-----------------------|-----------------------------------------------------------|
+| ovirt_engine_setup_apache_config_root_redirection | True               | If `True`, `engine-setup` will configure the default page in Apache to automatically redirect clients to ovirt-engine default page.   |
+| ovirt_engine_setup_apache_config_ssl | True     | If `False`, `engine-setup` will not configure Apache SSL settings and administrators will need to configure it manually. |
+
+Dependencies
+------------
+
+None
+
+Example Playbook
+----------------
+
+```yaml
+---
+# Example of oVirt setup:
+- name: Setup oVirt
+  hosts: engine
+  vars_files:
+    # Contains encrypted `ovirt_engine_setup_admin_password` variable using ansible-vault
+    - passwords.yml
+  vars:
+    ovirt_engine_setup_version: '4.4'
+    ovirt_engine_setup_organization: 'of.ovirt.engine.com'
+  roles:
+    - engine_setup
+  collections:
+    - ovirt.ovirt
+
+
+# Example of RHV setup:
+- name: Setup RHV
+  hosts: engine
+  vars_files:
+    # Contains encrypted `ovirt_engine_setup_admin_password` variable using ansible-vault
+    - passwords.yml
+  vars:
+    ovirt_engine_setup_version: '4.4'
+    ovirt_engine_setup_organization: 'rhv.redhat.com'
+    ovirt_engine_setup_product_type: 'rhv'
+  roles:
+    - engine_setup
+  collections:
+    - ovirt.ovirt
+
+
+# Example of oVirt setup with engine_configs:
+- name: Setup oVirt
+  hosts: engine
+  vars_files:
+    # Contains encrypted `ovirt_engine_setup_admin_password` variable using ansible-vault
+    - passwords.yml
+  vars:
+    ovirt_engine_setup_version: '4.4'
+    ovirt_engine_setup_organization: 'of.ovirt.engine.com'
+    ovirt_engine_setup_engine_configs:
+      - key: SpiceProxyDefault
+        value: prot://proxy
+        version: general
+
+  roles:
+    - engine_setup
+  collections:
+    - ovirt.ovirt
+```

roles/engine_setup/defaults/main.yml

@@ -0,0 +1,34 @@
+---
+ovirt_engine_setup_version: '4.4'
+
+ovirt_engine_setup_provider_ovn_configure: true
+ovirt_engine_setup_provider_ovn_username: 'admin@internal'
+
+ovirt_engine_setup_db_host: 'localhost'
+ovirt_engine_setup_db_port: 5432
+ovirt_engine_setup_db_name: 'engine'
+ovirt_engine_setup_db_user: 'engine'
+ovirt_engine_setup_engine_vacuum_full: false
+
+ovirt_engine_setup_dwh_db_configure: true
+ovirt_engine_setup_dwh_db_host: 'localhost'
+ovirt_engine_setup_dwh_db_port: 5432
+ovirt_engine_setup_dwh_db_name: 'ovirt_engine_history'
+ovirt_engine_setup_dwh_db_user: 'ovirt_engine_history'
+ovirt_engine_setup_dwh_vacuum_full: false
+
+ovirt_engine_setup_firewall_manager: 'firewalld'
+
+# This option is suggested from oVirt Documentation
+# https://www.ovirt.org/documentation/install-guide/chap-Installing_oVirt/
+ovirt_engine_setup_update_setup_packages: false
+ovirt_engine_setup_offline: false
+
+ovirt_engine_setup_product_type: oVirt
+ovirt_engine_setup_package_list: []
+ovirt_engine_setup_use_remote_answer_file: false
+
+ovirt_engine_setup_perform_upgrade: false
+
+ovirt_engine_apache_config_ssl: true
+ovirt_engine_apache_config_root_redirection: true

roles/engine_setup/examples/engine-deploy.yml

@@ -0,0 +1,19 @@
+---
+- name: Setup ovirt repositories and deploy oVirt Engine
+  hosts: engine
+  vars_files:
+    - passwords.yml
+  vars:
+    ovirt_engine_setup_product_type: 'ovirt'
+    ovirt_engine_setup_version: "4.4"
+    ovirt_engine_setup_hostname: "localhost"
+    ovirt_engine_setup_organization: "example.com"
+    ovirt_engine_setup_dwh_db_host: "localhost"
+    ovirt_engine_setup_configure_iso_domain: true
+    ovirt_engine_setup_firewall_manager: null
+    ovirt_repositories_ovirt_release_rpm: "http://plain.resources.ovirt.org/pub/yum-repo/ovirt-release44.rpm"
+  roles:
+    - role: repositories
+    - role: engine_setup
+  collections:
+    - ovirt.ovirt

roles/engine_setup/examples/engine-upgrade.yml

@@ -0,0 +1,20 @@
+---
+- name: Setup ovirt repositories, deploy oVirt Engine and then upgrade it
+  hosts: engine
+  vars_files:
+    - passwords.yml
+  vars:
+    ovirt_engine_setup_product_type: "ovirt"
+    ovirt_engine_setup_version: "{{ ovirt_engine_setup_version }}"
+    ovirt_engine_setup_hostname: "localhost"
+    ovirt_engine_setup_organization: "example.com"
+    ovirt_engine_setup_configure_iso_domain: true
+    ovirt_engine_setup_firewall_manager: null
+    ovirt_repositories_ovirt_release_rpm: "{{ ovirt_repositories_ovirt_release_rpm }}"
+  roles:
+    - role: repositories
+    - role: engine_setup
+      ovirt_engine_setup_update_packages: true
+      ovirt_engine_setup_answer_file_path: "answerfile_{{ ovirt_engine_setup_version }}_upgrade.txt.j2"
+  collections:
+    - ovirt.ovirt

roles/engine_setup/examples/passwords.yml

@@ -0,0 +1,12 @@
+---
+# As an example this file is keep in plaintext, if you want to
+# encrypt this file, please execute following command:
+#
+#  $ ansible-vault encrypt passwords.yml
+#
+# It will ask you for a password, which you must then pass to
+# ansible interactively when executing the playbook.
+#
+# $ ansible-playbook myplaybook.yml --ask-vault-pass
+#
+ovirt_engine_setup_admin_password: 123456

roles/engine_setup/tasks/engine_setup.yml

@@ -0,0 +1,88 @@
+---
+- block:
+  - name: Set answer file path
+    set_fact:
+      answer_file_path: "/tmp/answerfile-{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}.txt"
+
+  - name: Use the default answerfile
+    template:
+      src: answerfile_{{ ovirt_engine_setup_version }}_basic.txt.j2
+      dest: "{{ answer_file_path }}"
+      mode: 0600
+      owner: root
+      group: root
+    when: ovirt_engine_setup_answer_file_path is undefined
+    no_log: yes
+
+  - name: Copy custom answer file
+    template:
+      src: "{{ ovirt_engine_setup_answer_file_path }}"
+      dest: "{{ answer_file_path }}"
+      mode: 0600
+      owner: root
+      group: root
+    when: ovirt_engine_setup_answer_file_path is defined and (
+      ovirt_engine_setup_use_remote_answer_file is not defined or not
+      ovirt_engine_setup_use_remote_answer_file)
+    no_log: yes
+
+  - name: Use remote's answer file
+    set_fact:
+      answer_file_path: "{{ ovirt_engine_setup_answer_file_path }}"
+    when: ovirt_engine_setup_use_remote_answer_file|bool
+
+  - name: Update setup packages
+    yum:
+      name: "ovirt*setup*"
+      update_only: true
+      state: latest
+    when: ovirt_engine_setup_update_setup_packages or ovirt_engine_setup_perform_upgrade
+    tags:
+      - "skip_ansible_lint"  # ANSIBLE0006
+
+  - name: Update all packages
+    package:
+      name: "*"
+      state: latest
+    when: not ovirt_engine_setup_offline|bool
+    tags:
+      - "skip_ansible_lint"  # ANSIBLE0010
+
+  - name: Set offline parameter if variable is set
+    set_fact:
+      offline: "{{ '--offline' if ovirt_engine_setup_offline|bool else '' }}"
+
+  - name: Run engine-setup with answerfile
+    command: "engine-setup --accept-defaults --config-append={{ answer_file_path }} {{ offline }}"
+    tags:
+      - skip_ansible_lint
+
+  - name: Make sure `ovirt-engine` service is running
+    service:
+      name: ovirt-engine
+      state: started
+
+  - name: Check if Engine health page is up
+    uri:
+      url: "http://localhost/ovirt-engine/services/health"
+      status_code: 200
+    register: health_page
+    retries: 30
+    delay: 10
+    until: health_page is success
+
+  - name: Run engine-config
+    command: "engine-config -s {{ item.key }}='{{ item.value }}' {% if item.version is defined %} --cver={{ item.version }} {% endif %}"
+    loop: "{{ ovirt_engine_setup_engine_configs | default([]) }}"
+
+  - name: Restart engine after engine-config
+    service:
+      name: ovirt-engine
+      state: restarted
+    when: ovirt_engine_setup_engine_configs is defined
+
+  always:
+    - name: Clean temporary files
+      file:
+        path: "{{ answer_file_path }}"
+        state: 'absent'

roles/engine_setup/tasks/install_packages.yml

@@ -0,0 +1,25 @@
+---
+- name: Install oVirt Engine package
+  package:
+    name: "ovirt-engine"
+    state: present
+  when: ovirt_engine_setup_product_type | lower == 'ovirt'
+
+- name: Check if rhevm package is installed
+  yum:
+    list: "rhevm"
+  when: ovirt_engine_setup_product_type | lower == 'rhv' and ansible_os_family == 'RedHat'
+  register: rhevm_installed
+
+- name: Install RHV package
+  package:
+    name: "{{ 'rhevm' if ovirt_engine_setup_version is version('4.2', '<') else 'rhvm' }}"
+    state: present
+  when: ovirt_engine_setup_product_type | lower == 'rhv' and rhevm_installed.results | default([]) | selectattr(
+    'yumstate', 'match', 'installed') | list | length == 0
+
+- name: Install rest of the packages required for oVirt Engine deployment
+  package:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ ovirt_engine_setup_package_list }}"

roles/engine_setup/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+- block:
+  - name: Perform pre-install checks
+    include_tasks: pre_install_checks.yml
+
+  - name: Install required packages for oVirt Engine deployment
+    include_tasks: install_packages.yml
+    when: not ovirt_engine_setup_perform_upgrade
+
+  - name: Run engine setup
+    include_tasks: engine_setup.yml
+
+  collections:
+    - ansible.builtin

roles/engine_setup/tasks/pre_install_checks.yml

@@ -0,0 +1,12 @@
+---
+- name: Gather facts on installed packages
+  package_facts:
+    manager: rpm
+  no_log: true
+
+- name: Fail when firewall manager is not installed
+  fail:
+    msg: '{{ ovirt_engine_setup_firewall_manager }} was chosen as a firewall manager but is not installed'
+  when:
+    - ovirt_engine_setup_firewall_manager not in ansible_facts.packages
+    - ovirt_engine_setup_firewall_manager is not none

roles/engine_setup/templates/answerfile_4.1_basic.txt.j2

@@ -0,0 +1,3 @@
+{% include "./templates/basic_answerfile.txt.j2" %}
+OVESETUP_DB/engineVacuumFull=bool:{{ ovirt_engine_setup_engine_vacuum_full }}
+OVESETUP_DB/dwhVacuumFull=bool:{{ ovirt_engine_setup_dwh_vacuum_full }}

roles/engine_setup/templates/answerfile_4.1_upgrade.txt.j2

@@ -0,0 +1 @@
+{% include "./templates/basic_answerfile.txt.j2" %}