This repository provides a site.yml playbook to configure a multi-OS datacenter (Ubuntu/CentOS/Debian and Windows).
- CI Status
- Linux OS Platform Molecule Tests
- Ansible Developer Environment
- Summary
- Prerequisites
- Running Ansible Site Plays
- Jenkins Ansible Jobs
- Image Build & Deployment Workflow
- Contributing & Support
Note: The badge above tracks the
mainbranch. To track a feature branch, update the URL to.../verify_all_green.yml/badge.svg?branch=<your-branch-name>.
Molecule is a testing framework designed to aid in the development and testing of Ansible roles. It allows you to automatically spin up instances (containers or VMs), run your playbooks against them, and verify that the system state is correct.
In this repo, Molecule is used to:
- Define multi-platform test scenarios in
molecule.yml. - Perform isolated testing of key orchestration roles like
bootstrap_linux. - Utilize systemd-enabled Docker images for realistic service testing.
For execution details, see the Molecule README.
To bootstrap a local development environment, use the provided installer script. This prepares your system to run playbooks and execute Molecule tests.
The installer performs the following:
- Creates
$HOME/repos/ansible. - Clones the
ansible-developerrepository. - Synchronizes your bash environment with pre-configured scripts.
# Install from public GitHub
INSTALL_REMOTE_SCRIPT="https://raw.githubusercontent.com/lj020326/ansible-developer/main/install.sh"
bash -c "$(curl -fsSL ${INSTALL_REMOTE_SCRIPT})"- Automation Architectures: Collection of roles, playbooks, and modules.
- Image Build Systems: Integration with Packer and vSphere.
- Lifecycle Management: From OS hardening to application deployment and maintenance.
- apply_common_groups — Core role
- apply_ping_test — Core role
- bootstrap_ansible_controller — Core role
- bootstrap_docker — Core role
- bootstrap_docker_stack — Core role
- bootstrap_gpu_drivers — Core role
- bootstrap_jenkins_agent — Core role
- bootstrap_kubernetes — Core role
- bootstrap_linux — Core role
- bootstrap_linux_core — Core role
- bootstrap_aibrix
- bootstrap_ansible
- bootstrap_ansible_controller
- bootstrap_ansible_user
- bootstrap_awstats
- bootstrap_awx
- bootstrap_awx_config
- bootstrap_awx_docker
- bootstrap_awx_resources
- bootstrap_bind
- bootstrap_ca_certs
- bootstrap_caddy2
- bootstrap_certs
- bootstrap_cfssl
- bootstrap_chronyclient
- bootstrap_chronyserver
- bootstrap_cloud_init
- bootstrap_cni
- bootstrap_dell_opscenter
- bootstrap_dell_racadm_host
- bootstrap_dhcp
- bootstrap_docker
- bootstrap_docker_stack
- bootstrap_epel_repo
- bootstrap_etcd
- bootstrap_fog
- bootstrap_git
- bootstrap_gitea_runner
- bootstrap_govc
- bootstrap_gpu_drivers
- bootstrap_hddtemp
- bootstrap_inspec
- bootstrap_ipa_client
- bootstrap_ipa_config
- bootstrap_ipa_krb5
- bootstrap_ipa_replica
- bootstrap_ipa_server
- bootstrap_ipa_sssd
- bootstrap_iscsi_client
- bootstrap_java
- bootstrap_jenkins
- bootstrap_jenkins_agent
- bootstrap_jenkins_swarm_agent
- bootstrap_kubernetes
- bootstrap_kubernetes_ca
- bootstrap_kubernetes_controller
- bootstrap_kubernetes_worker
- bootstrap_kvm
- bootstrap_kvm_infra
- bootstrap_ldap_client
- bootstrap_linux
- bootstrap_linux_core
- bootstrap_linux_cron
-
Clone the repository:
git clone https://github.com/lj020326/ansible-datacenter.git
-
Install requirements:
ansible-galaxy collection install -r ./collections/requirements.yml ansible-galaxy install -r ./roles/requirements.yml
-
Configure Ansible Vault: This repository uses a
vars/vault.ymlfile to store sensitive credentials and configuration data.To maintain clarity and prevent accidental exposure of plain-text variables, all variables stored within the vault MUST be prefixed with
vault__.Your
vars/vault.ymlshould include, but is not limited to, the following categories of data:- Infrastructure Credentials: SSH passwords for Linux, Administrator passwords for Windows, and iDRAC/IPMI credentials.
- Hypervisor Access: vCenter/ESXi passwords and associated license keys.
- Network Secrets: RNDC keys for DNS updates and OMAPI keys for DHCP failover.
- Cloud & API Integration: Cloudflare API keys and Google App passwords for SMTP relay.
- Service Authentication: MySQL root passwords, LDAP admin credentials, and Docker Registry authentication.
- Security Keys: Private RSA keys for admin access and JWT/OAuth secrets for application stacks (e.g., Gitea, Authelia).
# Create and encrypt the private variables file ansible-vault create vars/vault.ymlRefer to vars/README.md for a comprehensive list of required variables and an example schema.
-
Configure Inventory: Add host(s) to inventory hosts.yml and ping the host(s)
ansible -i inventory/hosts.yml all -m ping -b -vvvv
Detailed instructions on how to run and test the ansible-datacenter site plays can be found in the documentation link below:
The orchestration and execution of the datacenter site playbook tags can be managed via Jenkins pipelines. Detailed instructions on job configuration, parameter initialization, and command-line wrappers for Jenkins-led execution can be found in the documentation link below:
The infrastructure utilizes a standardized pipeline to move from code to a running virtual machine or container. This process is divided into two primary phases: Template Generation and Instance Deployment.
This phase creates a gold image or container base that is hardened and pre-configured.
- Orchestration: Packer initiates the build based on a specific spec, determining if the target is a Virtual Machine or a Container.
- Base OS Installation: For VMs, the pipeline performs a clean OS installation of Ubuntu, Debian, or CentOS.
- Ansible Provisioning: Once the base OS is ready, Ansible applies core roles (like
bootstrap_linux) to harden the security profile and install baseline software. - Jenkins Automation: The
buildVmTemplatefunction from thepipeline-automation-libautomates this entire process, handling the Packer execution and subsequent cleanup.
Once a template is verified and stored in the vSphere library or Docker registry, it is ready for deployment.
- Playbook Execution: The standard
site.ymlplaybook is utilized for deployment. - Targeting: Deployment is triggered using the
deploy-vmtag, which instructs Ansible to clone the previously built template into a functional VM instance. - Post-Deployment: Following the initial clone, the pipeline continues with application-specific deployment and ongoing maintenance roles as defined in the automation lifecycle.
- :
README.md- Outlines the role ofbootstrap_linuxand general architecture. - :
image-templates.md- Provides the Mermaid workflow diagram and repository links. - :
buildVmTemplate.groovy- Details the Jenkins function used to invoke Packer and build templates. - :
site.yml- Contains the primary orchestration logic and deployment tags.
The workflow to build a machine image (docker image or virtual machine template) leverages the Ansible bootstrap_linux role to set up the machine image before archival and distribution to the respective platform image manager (docker registry or VMware template library). It is custom to have this image build process performed regularly/periodically in order to enable an efficient provisioning process for creating container or virtual machine instances utilizing the most secure, modern versions and configuration:
- Reporting Issues: Please use the GitHub Issues tab to report bugs or request features.
- Pull Requests: Contributions are welcome. Please ensure all Molecule tests pass before submitting.
- Contact: Connect with Lee James Johnson on LinkedIn.