Roles¶
Warning
This chapter is only for advanced users who need to modify the host configuration process significantly. Unless the configuration process doesn’t meet your requirements, you don’t need to be familiar with this part.
The following roles are shipped with the OpenNebula provision tool and installed into /usr/share/one/oneprovision/ansible/roles/.
Role ceph-opennebula-facts¶
This role is used to make ceph_oneadmin_key and ceph_oneadmin_keyring
facts accessible for used on ceph-opennebula-osd
No parameters.
Role ceph-opennebula-mon¶
Creates OpenNebula Ceph pools
Parameter |
Default |
Description |
|---|---|---|
|
|
Ceph pools definition |
|
default |
Role ceph-opennebula-osd¶
Creates rbd client directories, configures libvirts secrets, disables Docker if installed by ceph-ansible.
Parameter |
Default |
Description |
|---|---|---|
|
true |
Enables libvirt configuraion (not used for LXC) |
Role ceph-slice¶
Creates systemd ceph.slice which encapsulates all Ceph services so they can be later isolated from machine.slice to manage host resources.
No parameters.
Role ddc¶
This is a set of internal clean-up and check tasks. E.g. check if the target host operating system is supported, or network configuration cleanups.
No parameters.
Role frr¶
Installs FRR (https://frrouting.org/) and configured BGP EVPN extensions for VXLAN networks
To use this role you need to install netaddr Python library on the frontend, e.g.: pip install netaddr
Parameter |
Default |
Description |
|---|---|---|
|
frr-7 |
frr-stable will be the latest official stable release |
|
1 |
Number of route reflectors in the cluster |
|
|
Network interface name to route VXLAN traffic |
|
65000 |
The AS number used for BGP |
|
16 |
Prefix length for the BGP network |
|
false |
Configure Zebra |
|
false |
Install and configure with ipcalc |
|
20 |
Default netmask for ipcalc |
Role iptables¶
Creates the basic set of IPv4 and IPv6 packet filter rules to ensure only the specified traffic is allowed. Masquerading (NAT) with IP port forwarding can be enabled.
Parameter |
Default |
Description |
|---|---|---|
|
true |
Enable IP forwarding |
|
true |
Manage persistent configuration |
|
true |
Create a set of base rules |
|
NULL |
Particular network interface to limit the base rules |
|
true |
Include the rules to drop any other traffic |
|
|
List of whitelisted services |
|
false |
Enable NAT |
|
ansible_default_ipv4.interface |
NAT output interface |
Role opennebula-node-firecracker¶
Installs the opennebula-node-firecracker package, optionally configures the KVM module for the nested virtualization, and ensures libvirt is enabled and running.
Parameter |
Default |
Description |
|---|---|---|
|
elastic, vxlan |
Virtual network drivers to be enabled to work with Firecracker |
|
clean, pre |
Required virtual network types |
Role opennebula-node-kvm¶
Installs the opennebula-node-kvm package, optionally configures the KVM module for the nested virtualization, and ensures libvirt is enabled and running.
Parameter |
Default |
Description |
|---|---|---|
|
False |
Whether to use the EV package for KVM |
|
False |
Enable nested KVM virtualization |
|
True |
Enable KVM configuration |
|
True |
Name of Red Hat EV repository |
|
|
SELinux booleans to configure |
Role opennebula-node-lxc¶
Installs the opennebula-node-lxc package.
No parameters.
Role opennebula-repository¶
Configures the OpenNebula package repository for the particular version.
Parameter |
Default |
Description |
|---|---|---|
|
6.4 |
OpenNebula repository version |
|
|
Repository of the OpenNebula packages |
|
yes |
Enable GPG check for the packages |
|
yes |
Enable GPG check for the repos (RHEL/AlmaLinux only) |
Role opennebula-ssh¶
Handles the SSH configuration and SSH keys distribution on the OpenNebula front-end/hosts.
Parameter |
Default |
Description |
|---|---|---|
|
True |
Manage SSH server configuration |
|
no |
SSH server option for Password Authentication |
|
|
SSH server option for PermitRootLogin |
|
True |
Deploy local oneadmin’s SSH key to remote host |