update vcn settings and tweak olvm engine deploy

Author: William Graef

olvm/create_instance.yml

@@ -103,9 +103,9 @@
     - name: Create a virtual cloud network
       oracle.oci.oci_network_vcn:
         compartment_id: "{{ my_compartment_id }}"
-        display_name: "Linuxvirt Virtual Cloud Network"
+        display_name: "OLV-VCN"
         cidr_blocks: "10.0.0.0/16"
-        dns_label: "vcn"
+        dns_label: "olv"
       register: result
       retries: 10
       delay: 30
@@ -115,12 +115,12 @@
       ansible.builtin.set_fact:
         my_vcn_id: "{{ result.vcn.id }}"
 
-    - name: Create internet_gateway
+    - name: Create internet gateway
       oracle.oci.oci_network_internet_gateway:
         compartment_id: "{{ my_compartment_id }}"
         vcn_id: "{{ my_vcn_id }}"
         is_enabled: true
-        display_name: "Linuxvirt Internet Gateway"
+        display_name: "Internet Gateway-OLV-VCN"
         state: 'present'
       register: result
       retries: 10
@@ -131,24 +131,51 @@
       ansible.builtin.set_fact:
         my_internet_gateway_id: "{{ result.internet_gateway.id }}"
 
-    - name: Create route_table
+    - name: Get list of services
+      oracle.oci.oci_network_service_facts:
+      register: result
+      retries: 10
+      delay: 30
+      until: result is not failed
+    
+    - name: Set service id
+      ansible.builtin.set_fact:
+        my_service_id: "{{ result[0].service.id }}"
+
+    - name: Create service gateway
+      oracle.oci.oci_network_service_gateway:
+        compartment_id: "{{ my_compartment_id }}"
+        services:
+        -
+          service_id: "{{ my_service_id }}" 
+        vcn_id: "{{ my_vcn_id }}"
+        display_name: "Service Gateway-OLV-VCN"
+        state: 'present'
+      register: result
+      retries: 10
+      delay: 30
+      until: result is not failed
+
+    - name: Set services gateway id
+      ansible.builtin.set_fact:
+        my_service_gateway_id: "{{ result.service_gateway.id }}"
+
+    - name: Create route table for private subnet
       oracle.oci.oci_network_route_table:
         compartment_id: "{{ my_compartment_id }}"
         vcn_id: "{{ my_vcn_id }}"
-        display_name: "Linuxvirt Route Table"
+        display_name: "Route Table for Private Subnet-OLV-VCN"
         route_rules:
-          - network_entity_id: "{{ my_internet_gateway_id }}"
-            cidr_block: "0.0.0.0/0"
-            destination_type: CIDR_BLOCK
+          - network_entity_id: "{{ my_service_gateway_id }}"
         state: 'present'
       register: result
       retries: 10
       delay: 30
       until: result is not failed
 
-    - name: Set route table id
+    - name: Set private subnet route table id
       ansible.builtin.set_fact:
-        my_rt_id: "{{ result.route_table.id }}"
+        my_private_rt_id: "{{ result.route_table.id }}"
 
     - name: Create ingress rules yaml list
       ansible.builtin.template:
@@ -184,7 +211,7 @@
 
     - name: Create security_list
       oracle.oci.oci_network_security_list:
-        display_name: "Linuxvirt Security List"
+        display_name: "Security List for "OLV-VCN"
         compartment_id: "{{ my_compartment_id }}"
         vcn_id: "{{ my_vcn_id }}"
         ingress_security_rules: "{{ loaded_ingress.instance_ingress_security_rules }}"
@@ -205,9 +232,7 @@
         cidr_block: "{{ subnet1_cidr_block }}"
         display_name: "Public Subnet-OLV-VCN"
         prohibit_public_ip_on_vnic: false
-        route_table_id: "{{ my_rt_id }}"
-        security_list_ids: "{{ my_security_list_id }}"
-        dns_label: "olvpub"
+        dns_label: "pub"
       register: result
       retries: 10
       delay: 30
@@ -228,9 +253,9 @@
         cidr_block: "{{ subnet2_cidr_block }}"
         display_name: "Private Subnet-OLV-VCN"
         prohibit_public_ip_on_vnic: true
-        route_table_id: "{{ my_rt_id }}"
+        route_table_id: "{{ my_private_rt_id }}"
         security_list_ids: "{{ my_security_list_id }}"
-        dns_label: "olvpriv"
+        dns_label: "priv"
       register: result
       retries: 10
       delay: 30
@@ -346,7 +371,7 @@
 
     - name: Delete network_security_group
       oracle.oci.oci_network_security_group:
-        network_security_group_id: "{{ my_nsg_id }}"
+        network_security_group_id: "{{ my_l2_vlan_nsg_id }}"
         state: absent
 
     - name: Delete the subnet2
@@ -366,9 +391,14 @@
 
     - name: Delete the route table
       oracle.oci.oci_network_route_table:
-        id: "{{ my_rt_id }}"
+        id: "{{ my_private_rt_id }}"
         state: absent
 
+    - name: Delete the Service Gateway
+      oracle.oci.oci_network_service_gateway:
+        id: "{{ my_service_gateway_id }}"
+        state: absent
+        
     - name: Delete the Internet Gateway
       oracle.oci.oci_network_internet_gateway:
         id: "{{ my_internet_gateway_id }}"

olvm/create_vlan.yml

@@ -8,19 +8,19 @@
   oracle.oci.oci_network_security_group:
     compartment_id: "{{ my_compartment_id }}"
     vcn_id: "{{ my_vcn_id }}"
-    display_name: "Linuxvirt VLAN NSG"
+    display_name: "L2 Network"
   register: result
   retries: 10
   delay: 30
   until: result is not failed
 
 - name: Set network_security_group id
   ansible.builtin.set_fact:
-    my_nsg_id: "{{ result.network_security_group.id }}"
+    my_l2_vlan_nsg_id: "{{ result.network_security_group.id }}"
 
 - name: Perform action add on network_security_group_security_rule
   oracle.oci.oci_network_security_group_security_rule_actions:
-    network_security_group_id: "{{ my_nsg_id }}"
+    network_security_group_id: "{{ my_l2_vlan_nsg_id }}"
     action: add
     security_rules:
       -
@@ -40,14 +40,11 @@
 
 - name: Create a vlan
   oracle.oci.oci_network_vlan:
-    availability_domain: "{{ my_availability_domain }}"
     cidr_block: "{{ vlan_cidr_block }}"
     compartment_id: "{{ my_compartment_id }}"
-    display_name: "VLAN VMs"
-    # route_table_id: "{{ rt_id }}"
-    # vlan_tag: "10"
+    display_name: "VLAN-VMs"
     nsg_ids:
-      - "{{ my_nsg_id }}"
+      - "{{ my_l2_vlan_nsg_id }}"
     vcn_id: "{{ my_vcn_id }}"
     vlan_tag: 1
   register: result

olvm/provision_olvm_engine.yml

@@ -107,5 +107,4 @@
         state: enabled
         immediate: true
       delegate_to: "{{ item[1] }}"
-      loop:
-        - "{{ ['libvirt', 'libvirt-tls', 'cockpit'] | product(groups['kvm']) | list }}"
+      loop: "{{ ['libvirt', 'libvirt-tls', 'cockpit'] | product(groups['kvm']) | list }}"

olvm/provision_olvm_engine_privatekey.yml

@@ -6,28 +6,29 @@
 
 - name: Copy OLVM engine private key to kvm host
   hosts: all
+  order: sorted
   vars_files:
     - default_vars.yml
     - oci_vars.yml
   become: true
 
   tasks:
 
-    - name: Get the engine public key
+    - name: Get the engine public key # noqa: run-once[task]
       community.crypto.openssl_publickey:
         path: /tmp/key.pub
         privatekey_path: "/etc/pki/ovirt-engine/keys/engine_id_rsa"
         format: OpenSSH
-      delegate_to: "{{ item }}"
-      loop: "{{ groups['engine'] }}"
+      delegate_to: "{{ groups['engine'][0] }}"
+      run_once: true
 
-    - name: Fetch engine public key file from server
+    - name: Fetch engine public key file from server # noqa: run-once[task]
       ansible.builtin.fetch:
         src: "/tmp/key.pub"
         dest: "buffer/engine-key.pub"
         flat: true
-      delegate_to: "{{ item }}"
-      loop: "{{ groups['engine'] }}"
+      delegate_to: "{{ groups['engine'][0] }}"
+      run_once: true
 
     - name: Copy public key to each destination
       ansible.posix.authorized_key:
@@ -37,7 +38,7 @@
       delegate_to: "{{ item }}"
       loop: "{{ groups['kvm'] }}"
 
-    - name: Download ol9 ova image
+    - name: Download ol9 ova image # noqa: run-once[task]
       ansible.builtin.get_url:
         url: "{{ base_image_url }}"
         dest: "/tmp/{{ base_image_name }}"
@@ -47,5 +48,5 @@
         base_image_name: OL9U5_x86_64-olvm-b253.ova
         base_image_url: https://yum.oracle.com/templates/OracleLinux/OL9/u5/x86_64/{{ base_image_name }}
         base_image_sha: dc5befa484c9aeb51fb0244d5926d53ab482453bd702512066734d8cb2c20600
-      delegate_to: "{{ item }}"
-      loop: "{{ groups['kvm'][0] }}"
+      delegate_to: "{{ groups['kvm'] | sort | first }}"
+      run_once: true