Ansible Playbook for BMI Installation (#153)

* Initial commit for ansible production install

* Translated necessary parts of install_packages to ansible

* Created Roles and added dhcp install

* Added pxe role and modified bmi install tasks

* Added lines for Ubuntu Installation

* Added to bmi main.yml and renamed iscsi to tgt

* Added tgt file, small changes to the other 3 roles

* Fixed DB issues with the install and added a README

* Removed pxe role and made changes to file paths

* Added more meaningful titles to tasks, updated README.

* Fixed Directory permissions issue and fixed small typo.

* Removed unecessary hosts file.

* Updated README to have code blocks and replaced iptables with firewalld

* Addressed Apoorve's review comments

Updated the README to include instructions on modifying the hosts file, the HIL
credentials and bashrc. Also modified firewalld and selinux.

scripts/install/production/README.md

@@ -0,0 +1,39 @@
+# Running Install Script
+
+
+To run the ansible-playbook to install BMI, the following steps need to be taken beforehand:
+
+1. Install ansible:  
+  a. For Ubuntu:
+      ```  
+      sudo apt-get update  
+      sudo apt-get install software-properties-common  
+      sudo apt-add-repository ppa:ansible/ansible  
+      sudo apt-get update  
+      sudo apt-get install ansible
+      ```  
+  b. For Centos/RHEL:
+      ```  
+      sudo yum install ansible
+      ```
+
+2. Add your hosts to the ansible hosts file (/etc/ansible/hosts), i.e:
+   # Ex 1: Ungrouped hosts, specify before any group headers.
+   192.168.122.76
+
+3. Modify bmi_config.cfg to match whatever your current HIL and Ceph setup is.
+
+4. Modify dnsmasq.conf within roles/dhcp/tasks/main.yml to match your requirements.
+
+5. Modify Ceph and HIL credentials in roles/bmi/tasks/main.yml to the correct username 
+   and password for your configuration. This includes the CEPH_ARGS and HIL_ENDPOINT.
+
+6. Modify the project and network from 'bmi_infra' and 'bmi_network' to the project and network
+   you created within HIL.
+
+7. Comment out any of the roles you don't want run in site.yml.
+
+8. Run "ansible-playbook site.yml".
+
+9. The install playbook modifies ~/.bashrc. Make sure to refresh your shell after it
+   is run.

scripts/install/production/roles/bmi/tasks/main.yml

@@ -0,0 +1,98 @@
+---
+#This role performs the steps to install BMI
+
+- name: Create log, pxelinux and ceph directories
+  file:
+    state: directory
+    group: "{{ lookup('env', 'USER') }}"
+    owner: "{{ lookup('env', 'USER') }}"
+    path: "{{ item }}"
+  become: true
+  with_items:
+    - "/var/log/bmi/logs"
+    - "/etc/bmi/pxelinux.cfg"
+    - "/etc/ceph"
+
+- name: Copy config, ipxe and mac templates to the correct directories
+  copy:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: "{{ lookup('env', 'USER') }}" 
+    group: "{{ lookup('env', 'USER') }}" 
+    mode: 0664
+  become: true
+  with_items:
+    - { src: '../../../bmi_config.cfg', dest: '/etc/bmi/bmiconfig.cfg' }
+    - { src: '../../../ims/ipxe.temp', dest: '/etc/bmi/ipxe_example.temp' }
+    - { src: '../../../ims/mac.temp', dest: '/etc/bmi/pxelinux.cfg/mac_example.temp' }
+    - { src: 'ceph.conf', dest: '/etc/ceph/ceph.conf' }
+    - { src: 'client.bmi.key', dest: '/etc/ceph/client.bmi.key' }
+
+- name: Install setup.py
+  command: "python setup.py install"
+  args:
+    chdir: "{{playbook_dir}}/../../.."
+  become: true
+
+- name: Install cephlibs
+  pip:
+    name: python-cephlibs
+  become: true
+
+- name: Install other dependencies for CentOS
+  pip: name={{ item }} state=latest
+  become: true
+  with_items:
+    - requests
+    - urllib3
+    - pyOpenSSL
+  when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
+
+- name: Install ceph-common
+  package:
+    name: ceph-common
+  become: true
+
+- name: Install sqlite3 for Ubuntu
+  package:
+    name: sqlite3
+  become: true
+  when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
+
+- name: Create database file
+  copy:
+    content: ""
+    dest: "/etc/bmi/bmi.db"
+    force: no
+    group: "{{ lookup('env', 'USER') }}"
+    owner: "{{ lookup('env', 'USER') }}"
+    mode: 0664
+  become: true
+
+#register the db to use as a check later to make sure the database is only bootstrapped if empty
+
+- stat:
+    path: "/etc/bmi/bmi.db"
+  register: db
+
+- name: Bootstrap the database
+  command: "{{ item }}"
+  environment:
+    HIL_USERNAME: hil
+    HIL_PASSWORD: admin
+  with_items:
+    - bmi db ls
+    - sqlite3 /etc/bmi/bmi.db "insert into project values (1, 'bmi_infra', 'bmi_network')"
+  when: db.stat.size == 0
+
+- name: Add Ceph and HIL credentials to bashrc
+  lineinfile:
+    path: ~/.bashrc
+    line: "{{ item }}"
+  become: true
+  with_items:
+      - 'export CEPH_ARGS="--keyring /etc/ceph/client.bmi.key --id bmi --pool bmi"' 
+      - 'export HIL_USERNAME=hil'
+      - 'export HIL_PASSWORD=admin'
+      - export HIL_ENDPOINT='http://192.168.100.210:80'
+      - 'export BMI_CONFIG=/etc/bmi/bmiconfig.cfg'

scripts/install/production/roles/dhcp/tasks/main.yml

@@ -0,0 +1,142 @@
+---
+#This role installs and configures the DHCP server
+
+- name: Install dependencies
+  package: name={{ item }} state=latest
+  with_items:
+    - gcc
+    - binutils
+    - make
+    - perl
+    - mtools
+    - mkisofs
+    - syslinux
+  become: true
+
+- name: Install liblzma for Ubuntu
+  package: name={{ item }} state=latest
+  with_items:
+    - liblzma-dev
+    - pxelinux
+  become: true
+  when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
+
+- name: Install xz headers for CentOS
+  package: name={{ item }} state=latest
+  with_items:
+    - xz
+    - xz-devel
+  become: true
+  when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
+
+- name: Create pxelinux directory for CentOS
+  file:
+    path: /var/lib/tftpboot/pxelinux.cfg
+    state: directory
+    group: "{{ lookup('env', 'USER') }}"
+    owner: "{{ lookup('env', 'USER') }}"
+    mode: 0777
+  become: true
+  when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
+
+- name: Create pxelinux directory for Ubuntu
+  file:
+    path: /tftpboot/pxelinux.cfg
+    state: directory
+    group: "{{ lookup('env', 'USER') }}"
+    owner: "{{ lookup('env', 'USER') }}"
+    mode: 0777
+  become: true
+  when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'  
+
+- name: Install iPXE
+  git:
+    repo: http://git.ipxe.org/ipxe.git
+    dest: "{{playbook_dir}}/ipxe"
+
+- name: Make iPXE
+  make:
+    chdir: "{{ playbook_dir }}/ipxe/src"
+
+- name: Copy ipxe.lkrn CentOS
+  copy:
+    src: "{{ playbook_dir }}/ipxe/src/bin/ipxe.lkrn"
+    dest: "/var/lib/tftpboot"
+  when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
+
+- name: Copy ipxe.lkrn for Ubuntu
+  copy:
+    src: "{{ playbook_dir }}/ipxe/src/bin/ipxe.lkrn"
+    dest: "/tftpboot"
+  when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
+
+- name: Copy files from syslinux for CentOS
+  copy:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: "{{ lookup('env', 'USER') }}"
+    group: "{{ lookup('env', 'USER') }}"
+    mode: 0777
+  become: true
+  with_items:
+    - { src: '/usr/share/syslinux/chain.c32', dest: '/var/lib/tftpboot/chain.c32' }
+    - { src: '/usr/share/syslinux/mboot.c32', dest: '/var/lib/tftpboot/mboot.c32' }
+    - { src: '/usr/share/syslinux/memdisk', dest: '/var/lib/tftpboot/memdisk' }
+    - { src: '/usr/share/syslinux/menu.c32', dest: '/var/lib/tftpboot/menu.c32' }
+    - { src: '/usr/share/syslinux/pxelinux.0', dest: '/var/lib/tftpboot/pxelinux.0' }
+  when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
+
+- name: Copy files from syslinux for Ubuntu
+  copy:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: "{{ lookup('env', 'USER') }}"
+    group: "{{ lookup('env', 'USER') }}"
+    mode: 0777
+  become: true
+  with_items:
+    - { src: '/usr/lib/syslinux/modules/bios/chain.c32', dest: '/tftpboot/chain.c32' }
+    - { src: '/usr/lib/syslinux/modules/bios/mboot.c32', dest: '/tftpboot/mboot.c32' }
+    - { src: '/usr/lib/syslinux/memdisk', dest: '/tftpboot/memdisk' }
+    - { src: '/usr/lib/syslinux/modules/bios/menu.c32', dest: '/tftpboot/menu.c32' }
+    - { src: '/usr/lib/PXELINUX/pxelinux.0', dest: '/tftpboot/pxelinux.0' }
+  when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
+
+- name: Install dnsmasq
+  package:
+    name: dnsmasq
+  become: true
+
+- name: Comment/uncomment options in dnsmasq.conf
+  lineinfile:
+    path: /etc/dnsmasq.conf
+    backrefs: yes
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+  become: true
+  with_items:
+    - { regexp: '#log-dhcp', line: 'log-dhcp' }
+    - { regexp: 'conf-dir=/etc/dnsmasq.d', line: '#conf-dir=/etc/dnsmasq.d' }
+
+# This is just an example configuration. Modify to match your requirements.
+
+- name: Add DHCP configuration to dnsmasq.conf
+  lineinfile:
+    path: /etc/dnsmasq.conf
+    line: "{{ item }}"
+  become: true
+  with_items:
+      - 'interface=eth2'
+      - 'dhcp-range=10.10.10.50,10.10.10.100,7d'
+      - 'dhcp-boot=pxelinux.0'
+      - 'enable-tftp'
+      - 'tftp-root=/var/lib/tftpboot'
+      - 'dhcp-userclass=set:ENH,iPXE'
+
+- name: Systemctl commands for dnsmasq
+  systemd:
+    name: dnsmasq
+    daemon-reload: yes
+    state: started
+    enabled: yes
+  become: true

scripts/install/production/roles/tgt/tasks/main.yml

@@ -0,0 +1,115 @@
+---
+#Install tgt and its necessary dependencies
+
+- name: Install packages for tgt CentOS installation
+  package: name={{ item }} state=latest
+  with_items:
+   - gcc
+   - cpan
+   - make
+   - firewalld
+  become: true
+  when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
+
+- name: Change SELinux to permissive for CentOS
+  selinux:
+    state: disabled
+  become: true
+  when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
+
+- name: Install EPEL repo for CentOS
+  yum:
+    name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
+    state: present
+  become: true
+  when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
+
+- name: Install git
+  package:
+    name: git 
+    state: present
+  become: true
+
+- name: Install pip
+  package:
+    name: python-pip
+    state: present
+  become: true
+
+- name: Install TGT for Ubuntu
+  apt: name={{ item }} state=latest
+  with_items:
+   - tgt
+   - tgt-rbd
+  become: true
+  when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
+
+- name: Install Perl General config for CentOS
+  yum: 
+    name: perl-Config-General.noarch
+    state: present
+  become: true
+  when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
+
+- name: Install headers for tgt source compilation for CentOS
+  yum: name={{ item }} state=latest
+  with_items:
+   - librbd1-devel
+   - librados2-devel
+   - libvirt
+  become: true
+  when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
+
+- name: Install tgt from source for CentOS
+  git: 
+    repo: https://github.com/fujita/tgt
+    dest: "{{playbook_dir}}/tgt"
+  when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
+
+- name: Make tgt for CentOS
+  command: "{{ item }}"
+  args:
+    chdir: "{{ playbook_dir }}/tgt"
+  with_items:
+    - "/usr/bin/make CEPH_RBD=1 clean"
+    - "/usr/bin/make CEPH_RBD=1"
+    - "/usr/bin/make CEPH_RBD=1 install"
+  become: true
+  when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
+
+- name: Copy tgtd.service to system folder for CentOS
+  copy:
+    src: "{{playbook_dir}}/tgt/scripts/tgtd.service"
+    dest: /usr/lib/systemd/system/
+  become: true
+  when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
+
+- name: Systemctl commands for firewalld for CentOS
+  systemd:
+    name: firewalld.service
+    daemon-reload: yes
+    state: started
+    enabled: yes
+  become: true
+  when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
+
+- name: Allow tcp via firewalld for CentOS
+  firewalld:
+    port: "{{ item }}"
+    permanent: true
+    immediate: true
+    state: enabled
+  with_items:
+   - 3260/tcp
+   - 67-68/udp
+  become: true
+  when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
+
+- name: Systemctl commands for tgtd for CentOS
+  systemd:
+    name: tgtd.service
+    daemon-reload: yes
+    state: started
+    enabled: yes
+  become: true
+  when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'