Automated installation of OpenVZ on CentOS using ansible

From Notes_Wiki

Home > CentOS > CentOS 6.x > Virtualization tools > OpenvZ > Automated installation of OpenVZ on CentOS using ansible

Home > CentOS > CentOS 6.x > System administration tools > ansible > Ansible-playbooks > Automated installation of OpenVZ on CentOS using ansible


For automated installation of OpenVZ using ansible use following playbook: 

---
- name: This script installs OpenVZ on base machines
  hosts: base_machines
  user: root
  
  vars:
    default_container_conf_file: /etc/vz/conf/ve-vswap-256m.conf-sample
    container_files_dir: /mnt/data1/openvz_files/
    centos_template_url: http://download.openvz.org/template/precreated/centos-6-x86_64.tar.gz

  tasks:
  - name: Copy openvz repository file to /etc/yum.repos.d folder
    copy: src=openvz.repo dest=/etc/yum.repos.d/openvz.repo owner=root group=root mode=644

  - name: Install required packages (vzkernel, vzctl, vzquota, ploop)
    yum: name={{item}} state=present
    with_items:
      - vzkernel.x86_64 
      - vzctl.x86_64 
      - vzquota.x86_64 
      - ploop

  - name: Disable SELinux in configuration file
    lineinfile: dest=/etc/selinux/config regexp=^SELINUX= line=SELINUX=disabled

  - name: Disable SELinux for current boot
    shell: setenforce 0

  - name: Set correct firewall rules
    template: src=iptables dest=/etc/sysconfig/iptables
    notify:
    - restart iptables

  - name: Enable packet forwarding in sysctl.conf file
    lineinfile: dest=/etc/sysctl.conf regexp="^net.ipv4.ip_forward"  line="net.ipv4.ip_forward = 1"

  - name: Enable packet forwarding for current run
    shell: sysctl net.ipv4.ip_forward=1

  - name: Configure OpenVZ to automatically add or remove bridged interfaces to corresponding bridges 
    lineinfile: dest=/etc/vz/vznet.conf line='EXTERNAL_SCRIPT="/usr/sbin/vznetaddbr"' create=yes

  - name: Configure default OpenVZ layout as simfs instead of ploop
    lineinfile: dest=/etc/vz/vz.conf regexp="^VE_LAYOUT="  line="VE_LAYOUT=simfs"

  - name: Configure default OpenVZ template to use 64-bit version
    lineinfile: dest=/etc/vz/vz.conf regexp="^DEF_OSTEMPLATE="  line='DEF_OSTEMPLATE="centos-6-x86_64"'
    
  - name: Enable various IP tables state modules in base machine
    lineinfile: dest=/etc/modprobe.d/openvz.conf regexp="^options" line="options nf_conntrack ip_conntrack_disable_ve0=0"

  - name: Set default NETFILTER for new containers to full
    lineinfile: dest={{default_container_conf_file}} regexp="^NETFILTER"  line='NETFILTER="full"'

  - name: Delete xguest user
    user: name=xguest state=absent remove=yes

  - name: Create container files dir
    file: path={{container_files_dir}} state=directory mode=700 owner=root group=root
    notify:  
    - move_openvz_files

  - name: Stop unwanted service and disable them
    service: name={{item}} state=stopped enabled=no
    with_items:
    - abrtd
    - abrt-ccpp
    - auditd
    - bluetooth
    - cgdcbxd
    - fcoe
    - fcoe-target
    - hypervfcopyd
    - hypervkvpd
    - hypervvssd
    - ibacm
    - ipmidetectd
    - iscsi
    - iscsid
    - isdn
    - lldpad
    - nfslock
    - pcscd
    - rpcbind
    - rpcgssd
    - sandbox
    - spice-vdagentd
    - tog-pegasus
    - trace-cmd
    ignore_errors: yes

  - name: Download OpenVZ template for CentOS-6-x86_64
    get_url: url={{centos_template_url}} dest=/vz/template/cache/centos-6-x86_64.tar.gz force=no

  - name: Reboot machine for changes to take effect
    shell: shutdown -r now

  handlers:
  - name: restart iptables
    service: name=iptables state=restarted

  - name: move_openvz_files
    shell: 'mv /vz/* {{container_files_dir}} ; rmdir /vz;  ln -s {{container_files_dir}} /vz'

The playbook assumes openvz.repo file is present in current folder. This file can be downloaded from http://download.openvz.org/openvz.repo

The playbook also assumes file with name 'iptables' with following contents is present in same folder: 

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -j ACCEPT 
COMMIT


Home > CentOS > CentOS 6.x > Virtualization tools > OpenvZ > Automated installation of OpenVZ on CentOS using ansible

Home > CentOS > CentOS 6.x > System administration tools > ansible > Ansible-playbooks > Automated installation of OpenVZ on CentOS using ansible

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Automated_installation_of_OpenVZ_on_CentOS_using_ansible&oldid=6878"