privazio/ansible-collection-vdc
2
0
Fork 0
Code Issues 63 Pull requests Projects Releases Packages Wiki Activity Actions
Privazio automation layers from Metal to Account
1,001 commits 13 branches 99 tags 989 KiB
  • Jinja 68.6%
  • Python 15.7%
  • Shell 15.2%
  • Dockerfile 0.5%
Find a file
Exact
Rafael del Valle 294a5a4dd1 added support for cryptinplace for jammy targets
2024-02-02 12:12:29 +01:00
bin allows for FQDN with roam hosts when SSH 2023-08-03 15:36:39 +02:00
ngine_io updated to 2.1.0 with inventory plugin 2021-04-19 09:13:15 +02:00
privazio/vdc added support for cryptinplace for jammy targets 2024-02-02 12:12:29 +01:00
.gitignore ignores iml IDE files 2023-08-03 15:35:54 +02:00
.gitlab-ci.yml vagrant version must also be in cleanup 2023-08-02 18:10:25 +02:00
.gitmodules using cloudstack repo for edge releases 2020-08-24 09:59:23 +02:00
.vdc.rev extended test tune to 2hours, 2020-06-03 12:42:50 +00:00
Dockerfile stable should use published dependencies 2021-04-20 17:34:07 +02:00
Readme.md typo [skip-ci] 2020-11-10 11:06:32 +01:00

Readme.md

Privazio Virtual Datacenter

VDC stands for virtual datacenter.

VDC is an opinionated way to run an Apache Cloudstack (ACS) private cloud.

How is VDC opinionated? what does privazio stand for?

Privazio's goal

Anybody should be able to manage cloud infrastructure directly from metal. Privazio aims to lower the barrier of entry to private clouds by lowering complexity and costs.

Privazio is mainly targeted at:

  • enthusiasts
  • small companies and/or startups
  • workgroups / development teams

Privazio does not target specifically hyper-scale and ultimate optimization of hardware resources.

Privazio's trade-offs

One can not have it all, sometimes trade offs are required. When making trade-offs VDC will favor:

  • High Automation versus ample feature set
  • Low cost hardware versus high end hardware/features
  • Privacy versus optimal performance
  • Flexibility versus optimal performance
  • Flexibility to manage multiple environments versus hyperscale

What VDC Provides

VDC is a tool to fully automate the deployment of ACS according to the trade-offs above.

VDC is delivered as a dockerized ansible distribution+collections+python dependencies tested against a particular version of ACS and underlying OS.

An VDC.sh script is also provided to facilitate the transparent usage of the VDC docker image against multiple environments

Architecture

Software Defined Core Network

VCD will setup your servers and deliver ACS over a Software Defined Network.

The SDNetwork is currently implemented by TincVPN.

As a result it is possible to use widely available unmanaged 1G switch across the whole installation, hosts require only one network card.

It is also possible to distribute the ACS deployment between your small office/home office or lab and your datacenter.

A typical deployment may include a dozen of hosts placed at your SOHO and a couple of hosts placed at your datacenter.

TincVPN allows to distribute L2 traffic between hosts in an encrypted manner.

The Software Defined Network is pretty independent from ACS and other implementations are possible.

In the era of fiber the network performance is adequate for most workloads, however distributed secondary storage is discouraged in favor of local storage. High availability is expected to be provided at higher levels (clustering, etc).

Main Modules

VDC is a set of playbooks split in two groups

  • VRack: Stands for virutal Rack and it is responsible for configuring the metal: OS, Storage, Firewall, and SD Network (sometimes referred as mesh)
  • cloudstack-*: Cloudstack playbooks that will install the compute nodes, manager, mysql and secondary nfs storage.
  • ca: A minimal Certificate generation tool is provided to generate certificates from an intermediate CA. This is meant to be used in conjuction with a certificate authority management software such as XCA or similar.

Hardware / Software requirments

The minim hardware you will require is:

  • A raspberry pi4 (4GB) to implement the management server
  • A x86 server as compute host with minim 4GB ram
  • A 1G switch

Software requirements:

Currently Ubuntu 18.04 is the reference OS (both for Compute and Management servers) both for x86 and arm. Centos 7 is also been tested but lags behind Ubuntu.

Recommended Additional HW Software

When delivery public traffic from the software defined network to the public network:

  • A switch with rudimentary handling of VLANs can help
  • A server with more than 1 interface can help

OPNSense is recommended as head router of the deployment.

For autmated installation of the base OS, MAAS on a raspberry pi is recommended.

Sourcing Affordable Hardware

When setting up a small cluster or lab, I found the following resources useful:

  • Raspberry pi 4GB (as manager node or maas)
  • PCEngines APU (as manager/router)
  • Hardkernel ODroid-H2 (as fanless 32GB capable compute node for SOHO/Lab)

Base OS configuration:

When installing your servers use:

  • LVM storage
  • root LV of 10GB
  • swap LV sized wisely according to your RAM
  • Leave free space int he VG.
  • Using LUKS full disk encryption is recommended and playbooks for remote SSH/unlock are provided.

Getting Started

VDC includes CD/CI testing, check the gitlab project and the test/ci directory where a sample environment is built and tested.

Feel free to ask for help as required.

Links and Resources

Author

Rafael del Valle (rvalle@privaz.io)