Roles¶
Variables:¶
Name | Description |
---|---|
output=(long,short) | output format stdout (long,short) |
localaction=(create,show,update,list,delete) | action on the role |
Functions:¶
os-client-config¶
OTC role for generate os-clientconfig
Variables:¶
Name | Description |
---|---|
occ_profile_name | cloud profile name, e.g. otc |
occ_auth_url | IAM auth url (version 3 is default) |
occ_region_name | cloud region name |
occ_username | cloud username |
occ_password | cloud password |
occ_project_name | cloud project name, e.g. eu-de |
occ_project_domain_name | cloud project domain name, e.g. Default |
occ_user_domain_name | cloud user domain, e.g. OTC-eu-de-0012345 |
otc_auth¶
OTC role for authentification.
Supports:
- os-client-config
- env variables
Variables:¶
Name | Description |
---|---|
USERNAME | cloud username env variable or content of os-client config |
PASSWORD | cloud password env variable or content of os-client config |
PROJECTNAME | cloud project name, e.g. eu-de env variable or content of os-client config |
DOMAIN | cloud user domain, e.g. OTC-eu-de-0012345 env variable or content of os-client config |
otc_dns¶
OTC role for DNS. This role creates zones, zone records and reverse entries (PTR records). With as transfer option it’s possible to fetch zone information from existing DNS and write an OTC DNS config file in ini, yml, or json format. This action required xfer rights on the source DNS server.
Variables:¶
Name | Description |
---|---|
zone_name | name of DNS zone |
zone_id | id of DNS zone |
zone_description | Description of DNS zone |
zone_type | DNS zone type (public/private) |
zone_email | Email address of SOA |
zone_ttl | DNS zone TTL in sec |
zone_records | List of zone records |
ptr_name | FQDN for PTR record |
config | Format for Zonetransfer (ini,yml,json) |
Functions:¶
create (public):
ansible-playbook dns_yml.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "localaction=create"
ansible-playbook dns_ini.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "localaction=create"
ansible-playbook dns_json.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "localaction=create"
create (internal):
ansible-playbook dns_yml.yml -e "zone_name=ansible.internal.corp" -e "vpc_name=ansible-vpc01" -e "localaction=create"
ansible-playbook dns_ini.yml -e "zone_name=ansible.internal.corp" -e "vpc_name=ansible-vpc01" -e "localaction=create"
ansible-playbook dns_json.yml -e "zone_name=ansible.internal.corp" -e "vpc_name=ansible-vpc01" -e "localaction=create"
ptrcreate:
ansible-playbook tenant_yml.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "ecs_name=ansible-test01" -e "localaction=ptrcreate"
ptrdelete:
ansible-playbook tenant_yml.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "ecs_name=ansible-test01" -e "localaction=ptrdelete"
show:
./grole otc_dns; ansible-playbook roles.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "localaction=show"
./grole otc_vpc otc_dns; ansible-playbook roles.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "vpc_name=ansible-vpc01" -e "localaction=show"
list:
./grole otc_dns; ansible-playbook roles.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "localaction=list"
./grole otc_vpc otc_dns; ansible-playbook roles.yml -e "zone_name=ansible.internal.corp" -e "vpc_name=ansible-vpc01" -e "localaction=list"
delete:
./grole otc_dns; ansible-playbook roles.yml ansible-playbook tenant_yml.yml -e "zone_name=ansible.otc.telekomcloud99.com" -e "localaction=delete"
./grole otc_vpc otc_dns; ansible-playbook roles.yml -e "zone_name=ansible.internal.corp" -e "vpc_name=ansible-vpc01" -e "localaction=delete"
transfer:
ansible-playbook dns_ini.yml -e "config=ini" -e "localaction=transfer" -e "dns_server=192.168.0.1" -e "zone_name=example.com" -e "zone_type=public" -e "zone_email=nobody@localhost" -e "zone_ttl=86400"
ansible-playbook dns_yml.yml -e "config=yml" -e "localaction=transfer" -e "dns_server=192.168.0.1" -e "zone_name=example.com" -e "zone_type=public" -e "zone_email=nobody@localhost" -e "zone_ttl=86400"
ansible-playbook dns_json.yml -e "config=json" -e "localaction=transfer" -e "dns_server=192.168.0.1" -e "zone_name=example.com" -e "zone_type=public" -e "zone_email=nobody@localhost" -e "zone_ttl=86400"
otc_ecs¶
OTC role for ECS.
Variables:¶
Name | Description |
---|---|
localaction=flavors | show flavors |
ecs_name | name of ECS |
ecs_id | id of ECS |
ecs_volumetype | Volume type of ECS (SATA,SSD,SAS) |
ecs_volumesize | Size of ECS volume in GB (or image default) |
ecs_ram | RAM size of ECS |
ecs_vcpus | CPU core of ECS |
ecs_ipaddress | IP address of ECS |
ecs_fileinject_[1-5] | Personal data (file injection) up to 5 files example: ansible-playbook -e “ecs_fileinject_1=/etc/hosts ecs_fileinject_data_1=$(base64 -w 0 hosts.txt)” |
ecs_fileinject_data_[1-5] | Personal data (file injection) |
ecs_user_data | cloud-init user data file example […] -e “ecs_user_data=$(base64 -w 0 user-data.txt)” |
ecs_adminpass | Admin password ECS |
ecs_adminkey | SSH key name of ECS |
Functions:¶
Create:
ansible-playbook tenant_yml.yml -e "ecs_name=ansible-test01" -e "localaction=create"
ansible-playbook tenant_ini.yml -e "ecs_name=ansible-test01" -e "localaction=create"
ansible-playbook tenant_json.yml -e "ecs_name=ansible-test01" -e "localaction=create"
Show:
./grole otc_ecs; ansible-playbook roles.yml -e "ecs_name=ansible-test01" -e "localaction=show"
List:
./grole otc_ecs; ansible-playbook roles.yml -e "localaction=list"
Delete:
./grole otc_ecs; ansible-playbook roles.yml -e "ecs_name=ansible-test01" -e "localaction=delete"
otc_eip¶
OTC role for floating ip (EIP).
Variables:¶
Name | Description |
---|---|
public_ip_address | Public ip address (alreay allocated or new |
eip_id | id of EIP |
eip_bandwidth_name | Bandwith name of EIP |
eip_bandwidth_size | Bandwith size of EIP (5-500 Mbit/s |
Functions:¶
Create:
ansible-playbook tenant_yml.yml -e "public_ip_address=0.0.0.0" -e "localaction=create"
Show:
./grole otc_eip; ansible-playbook roles.yml -e "public_ip_address=160.44.1.1" -e "localaction=show"
List:
./grole otc_eip; ansible-playbook roles.yml -e "localaction=list"
Delete:
./grole otc_eip; ansible-playbook roles.yml -e "public_ip_address=160.44.1.1" -e "localaction=delete"
otc_elb¶
OTC role for Elastic Load Balancer (ELB).
Variables:¶
Name | Description |
---|---|
localaction=”list” | List ELB |
localaction=”create” | Create ELB |
localaction=”show” | Show ELB resources |
localaction=”listenercreate” | Create ELB Listener |
localaction=”listenershow” | Show ELB Listener resources |
localaction=”healthcheckcreate” | Create ELB Healthcheck |
localaction=”certificatecreate” | Create ELB Certificate |
localaction=”backendcreate” | Create ELB Backend |
localaction=”backenddelete” | Delete ELB Backend |
localaction=”delete” | Delete ELB |
localaction=”listenerdelete” | Delete ELB Listener |
localaction=”healthcheckdelete” | Delete ELB Healthcheck |
localaction=”certificatedelete” | Delete ELB certificate |
localaction=”backenddelete” | Delete ELB Backend |
elb_name | name of ELB |
elb_id | id of ELB |
admin_state_up | state of the ELB |
elb_availability_zone | Availability zone where ELB is located |
elb_bandwidth | Bandwidth of the ELB |
elb_type | Typ of ELB (internal or external |
elb_secgroup_name | Security Group bound on ELB |
elb_subnet_name | Subnet of ELB |
elb_vpc_name | VPC of ELB |
listener_protocol | Listener protocol (HTTP, HTTPS, TCP) |
listener_port | Listener Port |
listener_backend_protocol | Listener Backend Protocol (HTTP, HTTPS, TCP) |
listener_backend_port | Listener Backend Port |
listener_lb_algorithm | Listener Algorithm (source, roundrobin, leastconn) |
listener_certificate_name | Listener SSL Certificate Name |
listener_tcp_timeout | Listener TCP timeout |
listener_cookie_timeout | Listener Timeout for Cookies |
listener_sticky_session_type | Listener Sticky Session Type (insert if Cookie used) |
listener_session_sticky | Listener Session Sticky (true or false) |
healthcheck_connect_port | Connect Port for the health check |
healthcheck_interval | Interval for the health check |
healthcheck_protocol | Protocol for the health check |
healthcheck_timeout | Timeout for the health check |
healthcheck_uri | URI for the health check (HTTP/HTTPS) |
unhealthy_threshold | Treshold for unhealthy state |
backend_members | Backend member for the ELB Listener |
Functions:¶
Create:
ansible-playbook tenant_yml.yml -e "elb_name=ansible-elb01" -e "localaction=create"
ansible-playbook tenant_yml.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener01" -e "localaction=listenercreate"
ansible-playbook tenant_yml.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener01" -e "localaction=healthcheckcreate"
ansible-playbook tenant_yml.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener01" -e "localaction=backendcreate"
./grole otc_elb; ansible-playbook roles.yml -e "localaction=certificatecreate" -e "elb_certificate_name=ansible-cert01" -e "elb_certificate_certificate_file=cert.pem" -e "elb_certificate_key_file=key.pem"
note: similar with ini, and json conf
Show:
./grole otc_elb; ansible-playbook roles.yml -e "elb_name=ansible-elb01" -e "localaction=show"
./grole otc_elb; ansible-playbook roles.yml -e "elb_name=ansible-elb01" -e "localaction=listenershow"
List:
./grole otc_elb; ansible-playbook roles.yml -e "localaction=list"
Delete:
./grole otc_elb; ansible-playbook roles.yml -e "elb_name=ansible-elb01" -e "localaction=delete"
ansible-playbook tenant_yml.yml -e "elb_name=ansible-elb01" -e "localaction=delete"
ansible-playbook tenant_yml.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener01" -e "localaction=listenerdelete"
ansible-playbook tenant_yml.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener01" -e "localaction=healthcheckdelete"
ansible-playbook tenant_yml.yml -e "elb_name=ansible-elb01" -e "listener_name=ansible-listener01" -e "localaction=backenddelete" -e "ecs_name=ansible-test02"
./grole otc_elb; ansible-playbook roles.yml -e "localaction=certificatedelete" -e "elb_certificate_name=ansible-cert01"
otc_evs¶
OTC role for Elastic Volume Service (EVS).
Variables:¶
Name | Description |
---|---|
evs_availability_zone | Availability Zone for EVS |
evs_id | id of EVS |
evs_name | name of EVS |
evs_volume_type | Volume type of EVS (SATA,SSD,SAS) |
evs_size | Volume size in GB |
evs_ims_id | ims_id from which the volume should created |
evs_backup_id | backup_id from which the volume should created |
evs_scsi | hw passthrough enabled |
evs_multiattach | multi attache enabled |
Functions:¶
Create:
ansible-playbook tenant_yml.yml -e "evs_name=ansible-evs01" -e "localaction=create"
Show:
./grole otc_evs; ansible-playbook roles.yml -e "evs_name=ansible-evs01" -e "localaction=show"
List:
./grole otc_evs; ansible-playbook roles.yml -e "localaction=list"
Delete:
./grole otc_evs; ansible-playbook roles.yml -e "evs_name=ansible-evs01" -e "localaction=delete"
otc_ims¶
OTC role for Image.
Variables:¶
Name | Description |
---|---|
image_name | name of image |
image_id | id of image |
image_url | s3 source url for image upload <bucket>:<file> ansible1:/xenial-server-cloudimg-amd64-disk1.vmdk |
ecs_id | ecs_id as source for image creation (ECS must be stopped) |
image_min_disk | minimal disk size for image creation (in GB) |
image_os_version | os_version of the created image |
Functions:¶
Create:
ansible-playbook tenant_yml.yml -e "image_name=ansible-image01" -e "image_url=ansible1:/xenial-server-cloudimg-amd64-disk1.vmdk" -e "image_min_disk=12" "localaction=create"
ansible-playbook tenant_yml.yml -e "image_name=ansible-image01" -e "ecs_id=12345678901234567890" -e "image_min_disk=12" "localaction=create"
Show:
./grole otc_evs; ansible-playbook roles.yml -e "image_name=Community_Ubuntu_16.04_TSI_latest" -e "localaction=show"
List:
./grole otc_evs; ansible-playbook roles.yml -e "localaction=list"
Delete:
./grole otc_evs; ansible-playbook roles.yml -e "image_name=ansible-image01" -e "localaction=delete"
otc_job¶
OTC role for Job Control. Print out the status and some messages about OTC jobs, e.g. building ECS.
Variables:¶
Name | Description |
---|---|
job_id | Job ID to lookup |
Functions:¶
Create:
n/a
Read:
ansible-playbook -e "job_id=1234567890" job.yml
./ajob "1234567890"
Update:
n/a
Delete:
n/a
otc_keypair¶
OTC role for ssh keys.
Variables:¶
Name | Description |
---|---|
ecs_adminkey | Name of the ssh key (to upload) |
ecs_adminkey_name | Lookup name of ssh key |
keypair_file | File to upload as ssh key |
Functions:¶
Create:
./grole otc_keypair; ansible-playbook roles.yml -e "ecs_adminkey=ansible-key01" -e "keypair_file=.ssh/authorized_keys" -e "localaction=create"
ansible-playbook tenant_yml.yml -e "ecs_adminkey=ansible-key01" -e "keypair_file=.ssh/authorized_keys" -e "localaction=create"
note: keypair will be created during ECS creating worklflow
Show:
./grole otc_keypair; ansible-playbook roles.yml -e "ecs_adminkey=ansible-key01" -e "localaction=show"
List:
./grole otc_keypair; ansible-playbook roles.yml -e "localaction=list"
Delete:
./grole otc_keypair; ansible-playbook roles.yml -e "ecs_adminkey=ansible-key01" -e "localaction=delete"
otc_obs¶
OTC role for Object Storage Service (OBS). This role requires curl, libxml2-utils, and openssl installed.
Authentification will be done with environment variables (e.g. EC2…) or ansible-vault file in ‘vars/_secrets.yml’ or ‘vars/secrets.yml’. Dependly on that ansible-playbook must be called with vault param.
Variables:¶
Name | Description |
---|---|
EC2_ACCESS_KEY | OBS access key |
EC2_SECRET_KEY | OBS secret key |
EC2_URL | OBS URL (default https://obs.otc.t-systems.com) |
bucket | s3 bucket name |
object | data to upload |
Functions:¶
list OBS buckets:
ansible-playbook s3.yml -e "localaction=list" --vault-password-file vars/vaultpass.txt
create OBS bucket:
ansible-playbook s3.yml -e "bucket=mybucket" -e "localaction=create" --vault-password-file vars/vaultpass.txt
delete OBS bucket:
ansible-playbook s3.yml -e "bucket=mybucket" -e "localaction=delete" --vault-password-file vars/vaultpass.txt
upload files in OBS (VHD, ZVHD, VMDK, QCOW2 are supported for otc image service):
ansible-playbook s3.yml -e "bucket=mybucket" -e "object=xenial-server-cloudimg-amd64-disk1.vmdk" -e "localaction=upload" --vault-password-file vars/vaultpass.txt
otc_rds (WIP)¶
OTC role for RDS.
Variables:¶
Name | Description |
---|---|
rds_version_id | ID of the RDS version (to use to fetch flavor |
Functions:¶
Version:
ansible-playbook rds.yml -e "localaction=version"
Flavor:
ansible-playbook rds.yml -e "localaction=flavor" -e "rds_version_id=fb6d2f7d-b431-41ec-a73f-b6bead3e73f0"
otc_secgroup¶
OTC role for security groups. This role creates security groups defined for an ECS and creates the rules. The rules are defined in an extra section. Standard rules will be removed before the defined rules are created.
Variables:¶
Name | Description |
---|---|
secgroup_name | name of Secgroup |
secgroup_id | id of Secgroup |
secgroup_ids | list of secgroup_ids (to bind on ECS |
secgroups | list of secgroups in ecs section |
secgrouprules | list of rules for a security group |
secgrouprule_id | id of a secgroup rule |
Functions:¶
Create:
ansible-playbook tenant_yml.yml -e "ecs_name=ansible-test01" -e "localaction=create"
ansible-playbook tenant_ini.yml -e "ecs_name=ansible-test01" -e "localaction=create"
ansible-playbook tenant_json.yml -e "ecs_name=ansible-test01" -e "localaction=create"
note: subnet will create during ECS creating workflow
Show:
./grole otc_secgroup; ansible-playbook roles.yml -e "secgroup_name=ansible-secgroup01" -e "localaction=show"
List:
./grole otc_secgroup; ansible-playbook roles.yml -e "localaction=list"
./grole otc_secgroup; ansible-playbook roles.yml -e "vpc_id=1234567891234567890" -e "localaction=list"
./grole otc_vpc otc_secgroup; ansible-playbook roles.yml -e "vpc_name=ansible-vpc01" -e "localaction=list"
Delete:
./grole otc_secgroup; ansible-playbook roles.yml -e "secgroup_name=ansible-secgroup01" -e "localaction=delete"
otc_subnet¶
OTC role for Subnet.
Variables:¶
Name | Description |
---|---|
subnet_name | name of Subnet |
subnet_id | id of Subnet |
Functions:¶
Create:
ansible-playbook tenant_yml.yml -e "ecs_name=ansible-test01" -e "localaction=create"
ansible-playbook tenant_ini.yml -e "ecs_name=ansible-test01" -e "localaction=create"
ansible-playbook tenant_json.yml -e "ecs_name=ansible-test01" -e "localaction=create"
note: subnet will create during ECS creating workflow
Show:
./grole otc_subnet; ansible-playbook roles.yml -e "subnet_name=ansible-subnet01" -e "localaction=show"
List:
./grole otc_subnet; ansible-playbook roles.yml -e "localaction=list"
Delete:
./grole otc_subnet; ansible-playbook roles.yml -e "subnet_name=ansible-subnet01" -e "localaction=delete"
otc_vpc¶
OTC role for VPC.
Variables:¶
Name | Description |
---|---|
localaction=router | Information about VPC Router as fact |
localaction=snat | Configure SNAT on VPC |
enable_snat=true|false | Enable or disable SNAT |
vpc_name | name of VPC |
vpc_id | id of VPC |
Functions:¶
Create:
ansible-playbook tenant_yml.yml -e "ecs_name=ansible-test01" -e "localaction=create"
ansible-playbook tenant_ini.yml -e "ecs_name=ansible-test01" -e "localaction=create"
ansible-playbook tenant_json.yml -e "ecs_name=ansible-test01" -e "localaction=create"
note: VPC will create during ECS creating workflow
Show:
./grole otc_vpc; ansible-playbook roles.yml -e "vpc_name=ansible-vpc01" -e "localaction=show"
List:
./grole otc_vpc; ansible-playbook roles.yml -e "localaction=list"
Delete:
./grole otc_vpc; ansible-playbook roles.yml -e "vpc_name=ansible-vpc01" -e "localaction=delete"