This role provisions virtual machines on a SmartOS host using Ansible.
NOTE: This role is under heavy development. It is not recommended for production systems at this time. There is currently no chance of virtual machine deletions since that functionality hasn't been included yet.
Your ssh key must be installed on an admin user (generally root: /root/.ssh/authorized_keys) on your SmartOS global zone.
NOTE: Python on the SmartOS global zone is now a requirement.
While it is strongly recommended setting hypervisor_install_python
to true (file checksumming is done before install to be safe), you can still install it manually using pkgin in python27
after installing bootstrap-YYYYQ#-tools.tar.gz
.
https://pkgsrc.joyent.com/install-on-illumos/ has the manual instructions. Ensure you use the bootstrap-2016Q4-tools.tar.gz
file.
Set ansible_user
and ansible_python_interpreter
for SmartOS global zone under your inventory file like so:
[smartos]
smartos.local
[smartos:vars]
ansible_user=root
ansible_python_interpreter=/opt/tools/bin/python2
Most of these can be understood in the man vmadm PROPERTIES section.
hypervisor_host [REQUIRED] IP or hostname of the SmartOS global zone
hypervisor_install_python [OPTIONAL] Tells Ansible to install python on SmartOS global zone (options: true or false. default: false)
provision_mode [OPTIONAL] Whether to provision virtual machine or not (options: true or false. default: false)
autoboot [OPTIONAL] (options: "true" or "false". default: "true")
image_uuid: `imgadm avail` from SmartOS global zone has possible values.
Listed here: https://docs.joyent.com/public-cloud/instances/infrastructure/images as well.
image_name: `imgadm avail` from SmartOS global zone will show possible values. (i.e. debian-8 or base-64-lts)
NOTE: This should be used instead of image_uuid when the latest
version of an image is desired. If image_uuid is also set,
image_name will be ignored.
alias [REQUIRED] Synonymous with virtual machine hostname
cpu_cap [OPTIONAL] (default: 100)
max_phy_mem [OPTIONAL] (default: 512)
quota [OPTIONAL] (default: 10)
brand [OPTIONAL] (options: joyent or lx. default: joyent)
kernel_version [OPTIONAL] (Automatically detected based on image metadata. fallback: 3.16.0)
domain [OPTIONAL] (default: local)
user_script [OPTIONAL] (default script below)
It's common to use a script such as this one to copy the root_authorized_keys variable into `root` and `admin` on the newly created virtual machine:
"/usr/sbin/mdata-get root_authorized_keys > ~root/.ssh/authorized_keys ; /usr/sbin/mdata-get root_authorized_keys > ~admin/.ssh/authorized_keys"
root_authorized_keys [REQUIRED]
Populate this with public ssh-key that the ansible client can connect with.
resolvers [REQUIRED] Minimum of 1 resolver.
example:
resolvers:
- 8.8.8.8
- 8.8.4.4
nics [REQUIRED]
Each listed nic has the following options:
- interface [REQUIRED]
- nic_tag [REQUIRED]
- vlan_id [OPTIONAL] (default: no vlan)
- ip [REQUIRED]
- netmask [REQUIRED]
- gateway [OPTIONAL]
example:
nics:
- {interface: "net0", nic_tag: "external", vlan_id: "4", ip: "10.0.4.10", netmask: "255.255.255.0", gateway: "10.0.4.1"}
filesystems [OPTIONAL]
The filesystem source must exist on the global zone before it can be shared to the virtual machine. A `zfs create zones/data/somedata` should be ran once before adding a filesystem to a virtual machine.
Each filesystem listed has the following variables:
- source [REQUIRED] Mount point from global zone.
- target [REQUIRED] Where to mount inside virtual machine.
- read_only [REQUIRED] true or false.
example:
filesystems:
- {source: "/zones/data/somedata", target: "/export/somedata", read_only: false}
- hosts: example
gather_facts: no
remote_user: root
roles:
- smartos_provision
vars:
hypervisor_host: smartos.local
hypervisor_install_python: true
provision_mode: false # default
autoboot: "true" # default
image_uuid: c540b62c-beb2-11e5-8512-8b1694a57f84
image_name: minimal-64-lts # this will be ignored since image_uuid is used
cpu_cap: 100 # default
max_phy_mem: 512 # default
quota: 10 # default
brand: joyent # default
alias: example
domain: local # default
user_script: "/usr/sbin/mdata-get root_authorized_keys > ~root/.ssh/authorized_keys ; /usr/sbin/mdata-get root_authorized_keys > ~admin/.ssh/authorized_keys"
root_authorized_keys: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCX5NmP23FhXZ+YiV3unu/Bz6h5oaeJyx3J5EaJOi4de0im3MV1aXZlpYnF0MfpmRxYl2S2pUEJXjW/toA48A+zYjHI7xReKZ9MpCsDBlW4Vfl6EjaoZqN3Hc4P5wK/BiMkSIgURFRJukus1ajRvV+YZiAaRyTwgkhmF20ZdOOIAPiugaoEYg+6iQ5CJZURw1VLJ+UViCC7cBcC4AOjKcbEaLf9RzjISzAs78fN7G60+P5fyAsIinDhKC2VJE/AkxjFtQAdBlt3HNhWnLfd2jmClRNA24Ob/gL3i3OWecWdEsERSypDiOFZI/sRHDKih1mkESbiZiHHMiZRCO34Fqpx precurse"
resolvers:
- 8.8.8.8
- 8.8.4.4
nics:
- {interface: "net0", nic_tag: "external", vlan_id: "4", ip: "10.0.4.10", netmask: "255.255.255.0", gateway: "10.0.4.1"}
- {interface: "net1", nic_tag: "stub0", ip: "10.0.1.3", netmask: "255.255.255.0"}
filesystems:
- {source: "/zones/data/somedata", target: "/export/somedata", read_only: false}
- {source: "/zones/data/moredata", target: "/export/moredata", read_only: false}
https://github.com/precurse/playbooks
You must have ssh-key access to your SmartOS hypervisor in order for this to provision properly. If your ssh-key is password protected you must use ssh-agent to decrypt it in memory:
ssh-agent bash
ssh-add ~/.ssh/id_rsa
ansible-playbook -i example.hosts example.yml
Because there's currently no way of telling if the Virtual Machine is already proisioned, it's advised to keep provision_mode
set to false
and having a provision_vm.yml
playbook to handle provisioning and running it like
ansible-playbook provision_vm.yml --limit=host
Example provision_vm.yml playbook:
- hosts: all
gather_facts: false
roles:
- role: smartos_provision
vars:
- provision_mode: true
- smartos_python_path: /opt/local/bin/python2
post_tasks:
# Install python on joyent zones
- block:
- name: Upgrading pkgin packages
raw: /opt/local/bin/pkgin -y update; /opt/local/bin/pkgin -y upgrade
- name: Installing python
raw: /opt/local/bin/pkgin -y install python27
- set_fact: ansible_python_interpreter={{ smartos_python_path }}
- name: Test python install
setup:
rescue:
- debug: msg="Unable to install python on joyent zone"
when: brand == 'joyent'
become: yes
- VMs cannot currently be deleted or re-provisioned. If you are overwriting a currently running machine, you must manually run
vmadm destroy UUID
from SmartOS. - If a virtual machine has is listed
~/.ssh/known_hosts
it must be removed or else it can cause errors while trying to manage the virtual machine. - Only Zones (joyent/lx) are tested for provisioning at this time.
BSD
Andrew Klaus (andrewklaus@gmail.com)