Roles

Variables:

Name Description
output=(long,short) output format stdout (long,short)
localaction=(create,show,update,list,delete) action on the role

Functions:

os-client-config

OTC role for generate os-clientconfig

Variables:

Name Description
occ_profile_name cloud profile name, e.g. otc
occ_auth_url IAM auth url (version 3 is default)
occ_region_name cloud region name
occ_username cloud username
occ_password cloud password
occ_project_name cloud project name, e.g. eu-de
occ_project_domain_name cloud project domain name, e.g. Default
occ_user_domain_name cloud user domain, e.g. OTC-eu-de-0012345

Functions:

Create:

ansible-playbook os-client-config.yml

Read:

n/a

Update:

n/a

Delete:

n/a

otc_auth

OTC role for authentification.

Supports:

  • os-client-config
  • env variables

Variables:

Name Description
USERNAME cloud username env variable or content of os-client config
PASSWORD cloud password env variable or content of os-client config
PROJECTNAME cloud project name, e.g. eu-de env variable or content of os-client config
DOMAIN cloud user domain, e.g. OTC-eu-de-0012345 env variable or content of os-client config

Functions:

Create:

role otc_auth

Read:

n/a

Update:

n/a

Delete:

n/a

otc_dns

OTC role for DNS. This role creates zones, zone records and reverse entries (PTR records). With as transfer option it’s possible to fetch zone information from existing DNS and write an OTC DNS config file in ini, yml, or json format. This action required xfer rights on the source DNS server.

Variables:

Name Description
zone_name name of DNS zone
zone_id id of DNS zone
zone_description Description of DNS zone
zone_type DNS zone type (public/private)
zone_email Email address of SOA
zone_ttl DNS zone TTL in sec
zone_records List of zone records
ptr_name FQDN for PTR record
config Format for Zonetransfer (ini,yml,json)

Functions:

create (public):

ansible-playbook dns_yml.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "localaction=create"

ansible-playbook dns_ini.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "localaction=create"

ansible-playbook dns_json.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "localaction=create"

create (internal):

ansible-playbook dns_yml.yml -e "zone_name=ansible.internal.corp" -e "vpc_name=ansible-vpc01" -e "localaction=create"

ansible-playbook dns_ini.yml -e "zone_name=ansible.internal.corp" -e "vpc_name=ansible-vpc01" -e "localaction=create"

ansible-playbook dns_json.yml -e "zone_name=ansible.internal.corp" -e "vpc_name=ansible-vpc01" -e "localaction=create"

ptrcreate:

ansible-playbook tenant_yml.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "ecs_name=ansible-test01" -e "localaction=ptrcreate"

ptrdelete:

ansible-playbook tenant_yml.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "ecs_name=ansible-test01" -e "localaction=ptrdelete"

show:

./grole otc_dns; ansible-playbook roles.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "localaction=show"

./grole otc_vpc otc_dns; ansible-playbook roles.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "vpc_name=ansible-vpc01" -e "localaction=show"

list:

./grole otc_dns; ansible-playbook roles.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "localaction=list"

./grole otc_vpc otc_dns; ansible-playbook roles.yml -e "zone_name=ansible.internal.corp" -e "vpc_name=ansible-vpc01" -e "localaction=list"

delete:

./grole otc_dns; ansible-playbook roles.yml ansible-playbook tenant_yml.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "localaction=delete"

./grole otc_vpc otc_dns; ansible-playbook roles.yml  -e "zone_name=ansible.internal.corp" -e "vpc_name=ansible-vpc01" -e "localaction=delete"

transfer:

ansible-playbook dns_ini.yml -e "config=ini" -e "localaction=transfer" -e "dns_server=192.168.0.1" -e "zone_name=example.com" -e "zone_type=public" -e "zone_email=nobody@localhost" -e "zone_ttl=86400"

ansible-playbook dns_yml.yml -e "config=yml" -e "localaction=transfer" -e "dns_server=192.168.0.1" -e "zone_name=example.com" -e "zone_type=public" -e "zone_email=nobody@localhost" -e "zone_ttl=86400"

ansible-playbook dns_json.yml -e "config=json" -e "localaction=transfer" -e "dns_server=192.168.0.1" -e "zone_name=example.com" -e "zone_type=public" -e "zone_email=nobody@localhost" -e "zone_ttl=86400"

otc_ecs

OTC role for ECS.

Variables:

Name Description
localaction=flavors show flavors
ecs_name name of ECS
ecs_id id of ECS
ecs_volumetype Volume type of ECS (SATA,SSD,SAS)
ecs_volumesize Size of ECS volume in GB (or image default)
ecs_ram RAM size of ECS
ecs_vcpus CPU core of ECS
ecs_ipaddress IP address of ECS
ecs_fileinject_[1-5] Personal data (file injection) up to 5 files example: ansible-playbook -e “ecs_fileinject_1=/etc/hosts ecs_fileinject_data_1=$(base64 -w 0 hosts.txt)”
ecs_fileinject_data_[1-5] Personal data (file injection)
ecs_user_data cloud-init user data file example […] -e “ecs_user_data=$(base64 -w 0 user-data.txt)”
ecs_adminpass Admin password ECS
ecs_adminkey SSH key name of ECS

Functions:

Create:

ansible-playbook tenant_yml.yml -e "ecs_name=ansible-test01" -e "localaction=create"

ansible-playbook tenant_ini.yml -e "ecs_name=ansible-test01" -e "localaction=create"

ansible-playbook tenant_json.yml -e "ecs_name=ansible-test01" -e "localaction=create"

Show:

./grole otc_ecs; ansible-playbook roles.yml -e "ecs_name=ansible-test01" -e "localaction=show"

List:

./grole otc_ecs; ansible-playbook roles.yml -e "localaction=list"

Delete:

./grole otc_ecs; ansible-playbook roles.yml -e "ecs_name=ansible-test01" -e "localaction=delete"

otc_eip

OTC role for floating ip (EIP).

Variables:

Name Description
public_ip_address Public ip address (alreay allocated or new
eip_id id of EIP
eip_bandwidth_name Bandwith name of EIP
eip_bandwidth_size Bandwith size of EIP (5-500 Mbit/s

Functions:

Create:

ansible-playbook tenant_yml.yml -e "public_ip_address=0.0.0.0" -e "localaction=create"

Show:

./grole otc_eip; ansible-playbook roles.yml -e "public_ip_address=160.44.1.1" -e "localaction=show"

List:

./grole otc_eip; ansible-playbook roles.yml -e "localaction=list"

Delete:

./grole otc_eip; ansible-playbook roles.yml -e "public_ip_address=160.44.1.1" -e "localaction=delete"

otc_elb

OTC role for Elastic Load Balancer (ELB).

Variables:

Name Description
localaction=”list” List ELB
localaction=”create” Create ELB
localaction=”show” Show ELB resources
localaction=”listenercreate” Create ELB Listener
localaction=”listenershow” Show ELB Listener resources
localaction=”healthcheckcreate” Create ELB Healthcheck
localaction=”certificatecreate” Create ELB Certificate
localaction=”backendcreate” Create ELB Backend
localaction=”backenddelete” Delete ELB Backend
localaction=”delete” Delete ELB
localaction=”listenerdelete” Delete ELB Listener
localaction=”healthcheckdelete” Delete ELB Healthcheck
localaction=”certificatedelete” Delete ELB certificate
localaction=”backenddelete” Delete ELB Backend
elb_name name of ELB
elb_id id of ELB
admin_state_up state of the ELB
elb_availability_zone Availability zone where ELB is located
elb_bandwidth Bandwidth of the ELB
elb_type Typ of ELB (internal or external
elb_secgroup_name Security Group bound on ELB
elb_subnet_name Subnet of ELB
elb_vpc_name VPC of ELB
listener_protocol Listener protocol (HTTP, HTTPS, TCP)
listener_port Listener Port
listener_backend_protocol Listener Backend Protocol (HTTP, HTTPS, TCP)
listener_backend_port Listener Backend Port
listener_lb_algorithm Listener Algorithm (source, roundrobin, leastconn)
listener_certificate_name Listener SSL Certificate Name
listener_tcp_timeout Listener TCP timeout
listener_cookie_timeout Listener Timeout for Cookies
listener_sticky_session_type Listener Sticky Session Type (insert if Cookie used)
listener_session_sticky Listener Session Sticky (true or false)
healthcheck_connect_port Connect Port for the health check
healthcheck_interval Interval for the health check
healthcheck_protocol Protocol for the health check
healthcheck_timeout Timeout for the health check
healthcheck_uri URI for the health check (HTTP/HTTPS)
unhealthy_threshold Treshold for unhealthy state
backend_members Backend member for the ELB Listener

Functions:

Create:

ansible-playbook tenant_yml.yml -e "elb_name=ansible-elb01" -e "localaction=create"

ansible-playbook tenant_yml.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener01" -e "localaction=listenercreate"

ansible-playbook tenant_yml.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener01" -e "localaction=healthcheckcreate"

ansible-playbook tenant_yml.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener01" -e "localaction=backendcreate"

./grole otc_elb; ansible-playbook roles.yml -e "localaction=certificatecreate" -e "elb_certificate_name=ansible-cert01" -e "elb_certificate_certificate_file=cert.pem" -e "elb_certificate_key_file=key.pem"

note: similar with ini, and json conf

Show:

./grole otc_elb; ansible-playbook roles.yml -e "elb_name=ansible-elb01" -e "localaction=show"

./grole otc_elb; ansible-playbook roles.yml -e "elb_name=ansible-elb01" -e "localaction=listenershow"

List:

./grole otc_elb; ansible-playbook roles.yml -e "localaction=list"

Delete:

./grole otc_elb; ansible-playbook roles.yml -e "elb_name=ansible-elb01" -e "localaction=delete"

ansible-playbook tenant_yml.yml -e "elb_name=ansible-elb01" -e "localaction=delete"

ansible-playbook tenant_yml.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener01" -e "localaction=listenerdelete"

ansible-playbook tenant_yml.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener01" -e "localaction=healthcheckdelete"

ansible-playbook tenant_yml.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener01" -e "localaction=backenddelete" -e "ecs_name=ansible-test02"

./grole otc_elb; ansible-playbook roles.yml -e "localaction=certificatedelete" -e "elb_certificate_name=ansible-cert01"

otc_evs

OTC role for Elastic Volume Service (EVS).

Variables:

Name Description
evs_availability_zone Availability Zone for EVS
evs_id id of EVS
evs_name name of EVS
evs_volume_type Volume type of EVS (SATA,SSD,SAS)
evs_size Volume size in GB
evs_ims_id ims_id from which the volume should created
evs_backup_id backup_id from which the volume should created
evs_scsi hw passthrough enabled
evs_multiattach multi attache enabled

Functions:

Create:

ansible-playbook tenant_yml.yml -e "evs_name=ansible-evs01" -e "localaction=create"

Show:

./grole otc_evs; ansible-playbook roles.yml -e "evs_name=ansible-evs01" -e "localaction=show"

List:

./grole otc_evs; ansible-playbook roles.yml -e "localaction=list"

Delete:

./grole otc_evs; ansible-playbook roles.yml -e "evs_name=ansible-evs01" -e "localaction=delete"

otc_ims

OTC role for Image.

Variables:

Name Description
image_name name of image
image_id id of image
image_url s3 source url for image upload <bucket>:<file> ansible1:/xenial-server-cloudimg-amd64-disk1.vmdk
ecs_id ecs_id as source for image creation (ECS must be stopped)
image_min_disk minimal disk size for image creation (in GB)
image_os_version os_version of the created image

Functions:

Create:

ansible-playbook tenant_yml.yml -e "image_name=ansible-image01" -e "image_url=ansible1:/xenial-server-cloudimg-amd64-disk1.vmdk" -e "image_min_disk=12" "localaction=create"

ansible-playbook tenant_yml.yml -e "image_name=ansible-image01" -e "ecs_id=12345678901234567890" -e "image_min_disk=12" "localaction=create"

Show:

./grole otc_evs; ansible-playbook roles.yml -e "image_name=Community_Ubuntu_16.04_TSI_latest" -e "localaction=show"

List:

./grole otc_evs; ansible-playbook roles.yml -e "localaction=list"

Delete:

./grole otc_evs; ansible-playbook roles.yml -e "image_name=ansible-image01" -e "localaction=delete"

otc_job

OTC role for Job Control. Print out the status and some messages about OTC jobs, e.g. building ECS.

Variables:

Name Description
job_id Job ID to lookup

Functions:

Create:

n/a

Read:

ansible-playbook -e "job_id=1234567890" job.yml

./ajob "1234567890"

Update:

n/a

Delete:

n/a

otc_keypair

OTC role for ssh keys.

Variables:

Name Description
ecs_adminkey Name of the ssh key (to upload)
ecs_adminkey_name Lookup name of ssh key
keypair_file File to upload as ssh key

Functions:

Create:

./grole otc_keypair; ansible-playbook roles.yml -e "ecs_adminkey=ansible-key01" -e "keypair_file=.ssh/authorized_keys" -e "localaction=create"

ansible-playbook tenant_yml.yml -e "ecs_adminkey=ansible-key01" -e "keypair_file=.ssh/authorized_keys" -e "localaction=create"

note: keypair will be created during ECS creating worklflow

Show:

./grole otc_keypair; ansible-playbook roles.yml -e "ecs_adminkey=ansible-key01" -e "localaction=show"

List:

./grole otc_keypair; ansible-playbook roles.yml -e "localaction=list"

Delete:

./grole otc_keypair; ansible-playbook roles.yml -e "ecs_adminkey=ansible-key01" -e "localaction=delete"

otc_obs

OTC role for Object Storage Service (OBS). This role requires curl, libxml2-utils, and openssl installed.

Authentification will be done with environment variables (e.g. EC2…) or ansible-vault file in ‘vars/_secrets.yml’ or ‘vars/secrets.yml’. Dependly on that ansible-playbook must be called with vault param.

Variables:

Name Description
EC2_ACCESS_KEY OBS access key
EC2_SECRET_KEY OBS secret key
EC2_URL OBS URL (default https://obs.otc.t-systems.com)
bucket s3 bucket name
object data to upload

Functions:

list OBS buckets:

ansible-playbook s3.yml -e "localaction=list" --vault-password-file vars/vaultpass.txt

create OBS bucket:

ansible-playbook s3.yml -e "bucket=mybucket" -e "localaction=create" --vault-password-file vars/vaultpass.txt

delete OBS bucket:

ansible-playbook s3.yml -e "bucket=mybucket" -e "localaction=delete" --vault-password-file vars/vaultpass.txt

upload files in OBS (VHD, ZVHD, VMDK, QCOW2 are supported for otc image service):

ansible-playbook s3.yml -e "bucket=mybucket" -e "object=xenial-server-cloudimg-amd64-disk1.vmdk" -e "localaction=upload" --vault-password-file vars/vaultpass.txt

otc_rds (WIP)

OTC role for RDS.

Variables:

Name Description
rds_version_id ID of the RDS version (to use to fetch flavor

Functions:

Version:

ansible-playbook rds.yml -e "localaction=version"

Flavor:

ansible-playbook rds.yml -e "localaction=flavor" -e "rds_version_id=fb6d2f7d-b431-41ec-a73f-b6bead3e73f0"

otc_secgroup

OTC role for security groups. This role creates security groups defined for an ECS and creates the rules. The rules are defined in an extra section. Standard rules will be removed before the defined rules are created.

Variables:

Name Description
secgroup_name name of Secgroup
secgroup_id id of Secgroup
secgroup_ids list of secgroup_ids (to bind on ECS
secgroups list of secgroups in ecs section
secgrouprules list of rules for a security group
secgrouprule_id id of a secgroup rule

Functions:

Create:

ansible-playbook tenant_yml.yml -e "ecs_name=ansible-test01" -e "localaction=create"

ansible-playbook tenant_ini.yml -e "ecs_name=ansible-test01" -e "localaction=create"

ansible-playbook tenant_json.yml -e "ecs_name=ansible-test01" -e "localaction=create"

note: subnet will create during ECS creating workflow

Show:

./grole otc_secgroup; ansible-playbook roles.yml -e "secgroup_name=ansible-secgroup01" -e "localaction=show"

List:

./grole otc_secgroup; ansible-playbook roles.yml -e "localaction=list"

./grole otc_secgroup; ansible-playbook roles.yml -e "vpc_id=1234567891234567890" -e "localaction=list"

./grole otc_vpc otc_secgroup; ansible-playbook roles.yml -e "vpc_name=ansible-vpc01" -e "localaction=list"

Delete:

./grole otc_secgroup; ansible-playbook roles.yml -e "secgroup_name=ansible-secgroup01" -e "localaction=delete"

otc_subnet

OTC role for Subnet.

Variables:

Name Description
subnet_name name of Subnet
subnet_id id of Subnet

Functions:

Create:

ansible-playbook tenant_yml.yml -e "ecs_name=ansible-test01" -e "localaction=create"

ansible-playbook tenant_ini.yml -e "ecs_name=ansible-test01" -e "localaction=create"

ansible-playbook tenant_json.yml -e "ecs_name=ansible-test01" -e "localaction=create"

note: subnet will create during ECS creating workflow

Show:

./grole otc_subnet; ansible-playbook roles.yml -e "subnet_name=ansible-subnet01" -e "localaction=show"

List:

./grole otc_subnet; ansible-playbook roles.yml -e "localaction=list"

Delete:

./grole otc_subnet; ansible-playbook roles.yml -e "subnet_name=ansible-subnet01" -e "localaction=delete"

otc_vpc

OTC role for VPC.

Variables:

Name Description
localaction=router Information about VPC Router as fact
localaction=snat Configure SNAT on VPC
enable_snat=true|false Enable or disable SNAT
vpc_name name of VPC
vpc_id id of VPC

Functions:

Create:

ansible-playbook tenant_yml.yml -e "ecs_name=ansible-test01" -e "localaction=create"

ansible-playbook tenant_ini.yml -e "ecs_name=ansible-test01" -e "localaction=create"

ansible-playbook tenant_json.yml -e "ecs_name=ansible-test01" -e "localaction=create"

note: VPC will create during ECS creating workflow

Show:

./grole otc_vpc; ansible-playbook roles.yml -e "vpc_name=ansible-vpc01" -e "localaction=show"

List:

./grole otc_vpc; ansible-playbook roles.yml -e "localaction=list"

Delete:

./grole otc_vpc; ansible-playbook roles.yml -e "vpc_name=ansible-vpc01" -e "localaction=delete"