From f17ab3267b662ccb0c1ce0102b889bf8774bf4ce Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dbd@ehtrace.com>
Date: Fri, 19 Aug 2022 16:00:17 +0200
Subject: [PATCH] Update to 2022-08-19 16:00

---
 roles/drbd/defaults/main.yml                  |  5 +++
 roles/drbd/meta/main.yml                      |  4 +++
 roles/drbd/tasks/facts.yml                    | 10 ++++++
 roles/drbd/tasks/install.yml                  |  5 +++
 roles/drbd/tasks/iptables.yml                 |  9 +++++
 roles/drbd/tasks/main.yml                     |  7 ++++
 roles/drbd/vars/RedHat-8.yml                  |  6 ++++
 roles/drbd_reactor/defaults/main.yml          |  6 ++++
 roles/drbd_reactor/handlers/main.yml          |  5 +++
 roles/drbd_reactor/meta/main.yml              |  4 +++
 roles/drbd_reactor/tasks/conf.yml             |  6 ++++
 roles/drbd_reactor/tasks/facts.yml            | 11 ++++++
 roles/drbd_reactor/tasks/install.yml          | 18 ++++++++++
 roles/drbd_reactor/tasks/iptables.yml         |  8 +++++
 roles/drbd_reactor/tasks/main.yml             | 17 +++++++++
 roles/drbd_reactor/tasks/services.yml         | 10 ++++++
 .../templates/drbd-reactor-reload.path.j2     |  8 +++++
 .../templates/drbd-reactor-reload.service.j2  | 11 ++++++
 .../templates/drbd-reactor.toml.j2            |  9 +++++
 roles/drbd_reactor/vars/RedHat-8.yml          |  4 +++
 roles/linstor_gateway/defaults/main.yml       | 17 +++++++++
 roles/linstor_gateway/handlers/main.yml       |  6 ++++
 roles/linstor_gateway/meta/main.yml           |  5 +++
 roles/linstor_gateway/tasks/conf.yml          | 13 +++++++
 roles/linstor_gateway/tasks/directories.yml   |  6 ++++
 roles/linstor_gateway/tasks/facts.yml         | 35 +++++++++++++++++++
 roles/linstor_gateway/tasks/install.yml       | 22 ++++++++++++
 roles/linstor_gateway/tasks/iptables.yml      | 19 ++++++++++
 roles/linstor_gateway/tasks/main.yml          | 23 ++++++++++++
 roles/linstor_gateway/tasks/services.yml      | 10 ++++++
 roles/linstor_gateway/tasks/user.yml          |  8 +++++
 .../templates/linstor-gateway.service.j2      | 10 ++++++
 .../templates/linstor-gateway.toml.j2         |  6 ++++
 roles/linstor_gateway/vars/RedHat-8.yml       |  7 ++++
 roles/linstor_satellite/defaults/main.yml     | 23 ++++++++++++
 roles/linstor_satellite/handlers/main.yml     |  6 ++++
 roles/linstor_satellite/meta/main.yml         |  4 +++
 roles/linstor_satellite/tasks/conf.yml        |  7 ++++
 roles/linstor_satellite/tasks/directories.yml | 10 ++++++
 roles/linstor_satellite/tasks/facts.yml       | 10 ++++++
 roles/linstor_satellite/tasks/install.yml     | 20 +++++++++++
 roles/linstor_satellite/tasks/iptables.yml    |  9 +++++
 roles/linstor_satellite/tasks/main.yml        | 20 +++++++++++
 roles/linstor_satellite/tasks/services.yml    |  7 ++++
 .../templates/drbd-reactor-reload.path.j2     |  8 +++++
 .../templates/drbd-reactor-reload.service.j2  | 11 ++++++
 .../templates/linstor-gateway.service.j2      |  9 +++++
 .../templates/linstor-gateway.toml.j2         |  6 ++++
 .../templates/linstor_satellite.toml.j2       | 11 ++++++
 roles/linstor_satellite/vars/RedHat-8.yml     |  5 +++
 50 files changed, 516 insertions(+)
 create mode 100644 roles/drbd/defaults/main.yml
 create mode 100644 roles/drbd/meta/main.yml
 create mode 100644 roles/drbd/tasks/facts.yml
 create mode 100644 roles/drbd/tasks/install.yml
 create mode 100644 roles/drbd/tasks/iptables.yml
 create mode 100644 roles/drbd/tasks/main.yml
 create mode 100644 roles/drbd/vars/RedHat-8.yml
 create mode 100644 roles/drbd_reactor/defaults/main.yml
 create mode 100644 roles/drbd_reactor/handlers/main.yml
 create mode 100644 roles/drbd_reactor/meta/main.yml
 create mode 100644 roles/drbd_reactor/tasks/conf.yml
 create mode 100644 roles/drbd_reactor/tasks/facts.yml
 create mode 100644 roles/drbd_reactor/tasks/install.yml
 create mode 100644 roles/drbd_reactor/tasks/iptables.yml
 create mode 100644 roles/drbd_reactor/tasks/main.yml
 create mode 100644 roles/drbd_reactor/tasks/services.yml
 create mode 100644 roles/drbd_reactor/templates/drbd-reactor-reload.path.j2
 create mode 100644 roles/drbd_reactor/templates/drbd-reactor-reload.service.j2
 create mode 100644 roles/drbd_reactor/templates/drbd-reactor.toml.j2
 create mode 100644 roles/drbd_reactor/vars/RedHat-8.yml
 create mode 100644 roles/linstor_gateway/defaults/main.yml
 create mode 100644 roles/linstor_gateway/handlers/main.yml
 create mode 100644 roles/linstor_gateway/meta/main.yml
 create mode 100644 roles/linstor_gateway/tasks/conf.yml
 create mode 100644 roles/linstor_gateway/tasks/directories.yml
 create mode 100644 roles/linstor_gateway/tasks/facts.yml
 create mode 100644 roles/linstor_gateway/tasks/install.yml
 create mode 100644 roles/linstor_gateway/tasks/iptables.yml
 create mode 100644 roles/linstor_gateway/tasks/main.yml
 create mode 100644 roles/linstor_gateway/tasks/services.yml
 create mode 100644 roles/linstor_gateway/tasks/user.yml
 create mode 100644 roles/linstor_gateway/templates/linstor-gateway.service.j2
 create mode 100644 roles/linstor_gateway/templates/linstor-gateway.toml.j2
 create mode 100644 roles/linstor_gateway/vars/RedHat-8.yml
 create mode 100644 roles/linstor_satellite/defaults/main.yml
 create mode 100644 roles/linstor_satellite/handlers/main.yml
 create mode 100644 roles/linstor_satellite/meta/main.yml
 create mode 100644 roles/linstor_satellite/tasks/conf.yml
 create mode 100644 roles/linstor_satellite/tasks/directories.yml
 create mode 100644 roles/linstor_satellite/tasks/facts.yml
 create mode 100644 roles/linstor_satellite/tasks/install.yml
 create mode 100644 roles/linstor_satellite/tasks/iptables.yml
 create mode 100644 roles/linstor_satellite/tasks/main.yml
 create mode 100644 roles/linstor_satellite/tasks/services.yml
 create mode 100644 roles/linstor_satellite/templates/drbd-reactor-reload.path.j2
 create mode 100644 roles/linstor_satellite/templates/drbd-reactor-reload.service.j2
 create mode 100644 roles/linstor_satellite/templates/linstor-gateway.service.j2
 create mode 100644 roles/linstor_satellite/templates/linstor-gateway.toml.j2
 create mode 100644 roles/linstor_satellite/templates/linstor_satellite.toml.j2
 create mode 100644 roles/linstor_satellite/vars/RedHat-8.yml

diff --git a/roles/drbd/defaults/main.yml b/roles/drbd/defaults/main.yml
new file mode 100644
index 0000000..a0dfd32
--- /dev/null
+++ b/roles/drbd/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+
+# List of IP/CIDR for which ports 7000 to 8000 will be opened
+# if iptables_manage is True
+drbd_src_ip: []
diff --git a/roles/drbd/meta/main.yml b/roles/drbd/meta/main.yml
new file mode 100644
index 0000000..1af740a
--- /dev/null
+++ b/roles/drbd/meta/main.yml
@@ -0,0 +1,4 @@
+---
+
+dependencies:
+  - role: repo_elrepo
diff --git a/roles/drbd/tasks/facts.yml b/roles/drbd/tasks/facts.yml
new file mode 100644
index 0000000..f9f5c16
--- /dev/null
+++ b/roles/drbd/tasks/facts.yml
@@ -0,0 +1,10 @@
+---
+
+# Load distribution specific variables
+- include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_distribution }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}.yml"
+  tags: drbd
diff --git a/roles/drbd/tasks/install.yml b/roles/drbd/tasks/install.yml
new file mode 100644
index 0000000..8e3adf2
--- /dev/null
+++ b/roles/drbd/tasks/install.yml
@@ -0,0 +1,5 @@
+---
+
+- name: Install packages
+  package: name={{ drbd_packages }}
+  tags: drbd
diff --git a/roles/drbd/tasks/iptables.yml b/roles/drbd/tasks/iptables.yml
new file mode 100644
index 0000000..092389c
--- /dev/null
+++ b/roles/drbd/tasks/iptables.yml
@@ -0,0 +1,9 @@
+---
+
+- name: Handle DRBD ports
+  iptables_raw:
+    name: drbd_ports
+    state: "{{ (drbd_src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport 7000:8000 -s {{ drbd_src_ip | join(',') }} -j ACCEPT"
+  tags: firewall,drbd
+
diff --git a/roles/drbd/tasks/main.yml b/roles/drbd/tasks/main.yml
new file mode 100644
index 0000000..3e2dceb
--- /dev/null
+++ b/roles/drbd/tasks/main.yml
@@ -0,0 +1,7 @@
+---
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
diff --git a/roles/drbd/vars/RedHat-8.yml b/roles/drbd/vars/RedHat-8.yml
new file mode 100644
index 0000000..e924d56
--- /dev/null
+++ b/roles/drbd/vars/RedHat-8.yml
@@ -0,0 +1,6 @@
+---
+
+drbd_packages:
+  - kmod-drbd90
+  - drbd-utils
+  - drbd-udev
diff --git a/roles/drbd_reactor/defaults/main.yml b/roles/drbd_reactor/defaults/main.yml
new file mode 100644
index 0000000..09a7240
--- /dev/null
+++ b/roles/drbd_reactor/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+
+# Port on which the prometheus exporter will listen
+drbd_reactor_prom_port: 9942
+# List of IP/CIDR for which the prometheus port will be opened
+drbd_reactor_prom_src_ip: []
diff --git a/roles/drbd_reactor/handlers/main.yml b/roles/drbd_reactor/handlers/main.yml
new file mode 100644
index 0000000..772b85f
--- /dev/null
+++ b/roles/drbd_reactor/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+
+- name: restart drbd-reactor
+  service: name=drbd-reactor state=restarted
+  when: not drbd_reactor_started.changed
diff --git a/roles/drbd_reactor/meta/main.yml b/roles/drbd_reactor/meta/main.yml
new file mode 100644
index 0000000..5861233
--- /dev/null
+++ b/roles/drbd_reactor/meta/main.yml
@@ -0,0 +1,4 @@
+---
+
+dependencies:
+  - role: drbd
diff --git a/roles/drbd_reactor/tasks/conf.yml b/roles/drbd_reactor/tasks/conf.yml
new file mode 100644
index 0000000..d71d7d8
--- /dev/null
+++ b/roles/drbd_reactor/tasks/conf.yml
@@ -0,0 +1,6 @@
+---
+
+- name: Deploy DRBD Reactor configuration
+  template: src=drbd-reactor.toml.j2 dest=/etc/drbd-reactor.toml
+  notify: restart drbd-reactor
+  tags: drbd
diff --git a/roles/drbd_reactor/tasks/facts.yml b/roles/drbd_reactor/tasks/facts.yml
new file mode 100644
index 0000000..350ae7b
--- /dev/null
+++ b/roles/drbd_reactor/tasks/facts.yml
@@ -0,0 +1,11 @@
+---
+
+# Load distribution specific variables
+- include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_distribution }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}.yml"
+  tags: drbd
+
diff --git a/roles/drbd_reactor/tasks/install.yml b/roles/drbd_reactor/tasks/install.yml
new file mode 100644
index 0000000..eeeebc7
--- /dev/null
+++ b/roles/drbd_reactor/tasks/install.yml
@@ -0,0 +1,18 @@
+---
+
+- name: Install packages
+  package: name={{ drbd_reactor_packages }}
+  tags: drbd
+
+- name: Install drbd-reactor-reload units
+  template: src=drbd-reactor-reload.{{ item }}.j2 dest=/etc/systemd/system/drbd-reactor-reload.{{ item }}
+  loop:
+    - path
+    - service
+  register: drbd_reactor_reload_unit
+  tags: drbd
+
+- name: Reload systemd
+  systemd: daemon_realod=True
+  when: drbd_reactor_reload_unit.changed
+  tags: drbd
diff --git a/roles/drbd_reactor/tasks/iptables.yml b/roles/drbd_reactor/tasks/iptables.yml
new file mode 100644
index 0000000..57a0c68
--- /dev/null
+++ b/roles/drbd_reactor/tasks/iptables.yml
@@ -0,0 +1,8 @@
+---
+
+- name: Handle prometheus port ports
+  iptables_raw:
+    name: drbd_reactor_prom_port
+    state: "{{ (drbd_reactor_prom_src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ drbd_reactor_prom_port }} -s {{ drbd_reactor_prom_src_ip | join(',') }} -j ACCEPT"
+  tags: firewall,drbd
diff --git a/roles/drbd_reactor/tasks/main.yml b/roles/drbd_reactor/tasks/main.yml
new file mode 100644
index 0000000..d0cacaf
--- /dev/null
+++ b/roles/drbd_reactor/tasks/main.yml
@@ -0,0 +1,17 @@
+---
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: iptables.yml
+  when: iptables_manage | default(True)
+  tags: always
+
+- include_tasks: services.yml
+  tags: always
diff --git a/roles/drbd_reactor/tasks/services.yml b/roles/drbd_reactor/tasks/services.yml
new file mode 100644
index 0000000..b15e0e1
--- /dev/null
+++ b/roles/drbd_reactor/tasks/services.yml
@@ -0,0 +1,10 @@
+---
+
+- name: Start and enable the service
+  service: name=drbd-reactor state=started enabled=True
+  register: drbd_reactor_started
+  tags: drbd
+
+- name: Start drbd-reactor-reload
+  systemd: name=drbd-reactor-reload.path state=started enabled=True
+  tags: drbd
diff --git a/roles/drbd_reactor/templates/drbd-reactor-reload.path.j2 b/roles/drbd_reactor/templates/drbd-reactor-reload.path.j2
new file mode 100644
index 0000000..5b60b04
--- /dev/null
+++ b/roles/drbd_reactor/templates/drbd-reactor-reload.path.j2
@@ -0,0 +1,8 @@
+[Unit]
+Description=Reload drbd-reactor on plugin changes
+
+[Path]
+PathChanged=/etc/drbd-reactor.d
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/drbd_reactor/templates/drbd-reactor-reload.service.j2 b/roles/drbd_reactor/templates/drbd-reactor-reload.service.j2
new file mode 100644
index 0000000..1d6cbfb
--- /dev/null
+++ b/roles/drbd_reactor/templates/drbd-reactor-reload.service.j2
@@ -0,0 +1,11 @@
+[Unit]
+Description=Reload drbd-reactor on plugin changes
+After=drbd-reactor.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/systemctl reload drbd-reactor.service
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/roles/drbd_reactor/templates/drbd-reactor.toml.j2 b/roles/drbd_reactor/templates/drbd-reactor.toml.j2
new file mode 100644
index 0000000..2d3dce1
--- /dev/null
+++ b/roles/drbd_reactor/templates/drbd-reactor.toml.j2
@@ -0,0 +1,9 @@
+snippets = "/etc/drbd-reactor.d"
+statistics-poll-interval = 60
+
+[[log]]
+level = "info"
+
+[[promotheus]]
+enums = false
+address = "0.0.0.0:{{ drbd_reactor_prom_port }}"
diff --git a/roles/drbd_reactor/vars/RedHat-8.yml b/roles/drbd_reactor/vars/RedHat-8.yml
new file mode 100644
index 0000000..d2c68e7
--- /dev/null
+++ b/roles/drbd_reactor/vars/RedHat-8.yml
@@ -0,0 +1,4 @@
+---
+
+drbd_reactor_packages:
+  - drbd-reactor
diff --git a/roles/linstor_gateway/defaults/main.yml b/roles/linstor_gateway/defaults/main.yml
new file mode 100644
index 0000000..5a65038
--- /dev/null
+++ b/roles/linstor_gateway/defaults/main.yml
@@ -0,0 +1,17 @@
+---
+
+# Version of linstor-gateway to install
+lingw_version: 0.13.1
+# URL where linstor-gateway will be downloaded
+lingw_bin_url: https://github.com/LINBIT/linstor-gateway/releases/download/v{{ linsat_gateway_version }}/linstor-gateway-linux-amd64
+# Expected sha256 of the binary
+lingw_bin_sha256: 83d4d13154caeee79a0bec01db4a571cc417301fc001eb0ee9a6210279201934
+
+# List of Linstor controllers
+lingw_controllers: ['http://localhost:3370']
+
+# List of IP/CIDR for which NFS service will be opened in the firewall
+lingw_nfs_src_ip: []
+
+# Same for iSCSI
+lingw_iscsi_src_ip: []
diff --git a/roles/linstor_gateway/handlers/main.yml b/roles/linstor_gateway/handlers/main.yml
new file mode 100644
index 0000000..91a9258
--- /dev/null
+++ b/roles/linstor_gateway/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+
+- name: restart linstor-gateway
+  service: name=linstor-gateway state=restarted
+  when: not lingw_started.changed
+
diff --git a/roles/linstor_gateway/meta/main.yml b/roles/linstor_gateway/meta/main.yml
new file mode 100644
index 0000000..d598a0f
--- /dev/null
+++ b/roles/linstor_gateway/meta/main.yml
@@ -0,0 +1,5 @@
+---
+
+dependencies:
+  - role: drbd_reactor
+  - role: linstor_satellite
diff --git a/roles/linstor_gateway/tasks/conf.yml b/roles/linstor_gateway/tasks/conf.yml
new file mode 100644
index 0000000..4176693
--- /dev/null
+++ b/roles/linstor_gateway/tasks/conf.yml
@@ -0,0 +1,13 @@
+---
+
+- name: Configure Linstor Gateway
+  template: src=linstor-gateway.toml.j2 dest=/etc/linstor-gateway/linstor-gateway.toml
+  notify: restart linstor-gateway
+  tags: drbd
+
+- name: Install linstor-gateway completion
+  shell: linstor-gateway completion > /etc/bash_completion.d/linstor_gateway
+  args:
+    creates: /etc/bash_completion.d/linstor_gateway
+  tags: drbd
+
diff --git a/roles/linstor_gateway/tasks/directories.yml b/roles/linstor_gateway/tasks/directories.yml
new file mode 100644
index 0000000..9705506
--- /dev/null
+++ b/roles/linstor_gateway/tasks/directories.yml
@@ -0,0 +1,6 @@
+---
+
+- name: Create linstor-gateway conf dir
+  file: path=/etc/linstor-gateway state=directory
+  tags: drbd
+
diff --git a/roles/linstor_gateway/tasks/facts.yml b/roles/linstor_gateway/tasks/facts.yml
new file mode 100644
index 0000000..fc12440
--- /dev/null
+++ b/roles/linstor_gateway/tasks/facts.yml
@@ -0,0 +1,35 @@
+---
+
+# Load distribution specific variables
+- include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_distribution }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}.yml"
+  tags: drbd
+
+- set_fact: lingw_install_mode='none'
+  tags: drbd
+
+- name: Check if linstor-gateway is installed
+  stat: path=/usr/local/bin/linstor-gateway
+  register: lingw_bin
+  tags: drbd
+
+- when: not lingw_bin.stat.exists
+  set_fact: lingw_install_mode='install'
+  tags: drbd
+
+- when: lingw_bin.stat.exists
+  block:
+    - name: Detect installed version
+      shell: linstor-gateway version | perl -ne 'm/version (\d+(\.\d+)*)/ && print "$1\n"'
+      changed_when: False
+      register: lingw_current_version
+    - set_fact: lingw_current_version={{ lingw_current_version.stdout }}
+  tags: drbd
+
+- when: lingw_bin.stat.exists and lingw_current_version != lingw_version
+  set_fact: lingw_install_mode='upgrade'
+  tags: drbd
diff --git a/roles/linstor_gateway/tasks/install.yml b/roles/linstor_gateway/tasks/install.yml
new file mode 100644
index 0000000..a42e8ea
--- /dev/null
+++ b/roles/linstor_gateway/tasks/install.yml
@@ -0,0 +1,22 @@
+---
+
+- name: Install linstor-gateway
+  get_url:
+    url: "{{ linsat_gateway_url }}"
+    dest: /usr/local/bin/linstor-gateway
+    checksum: sha256:{{ linsat_gateway_sha256 }}
+    mode: 755
+  when: lingw_install_mode != 'none'
+  tags: drbd
+
+- name: Install linstor-gateway service unit
+  template: src=linstor-gateway.service.j2 dest=/etc/systemd/system/linstor-gateway.service
+  notify: restart linstor-gateway
+  register: lingw_unit
+  tags: drbd
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: lingw_unit.changed
+  tags: drbd
+
diff --git a/roles/linstor_gateway/tasks/iptables.yml b/roles/linstor_gateway/tasks/iptables.yml
new file mode 100644
index 0000000..99f5cc4
--- /dev/null
+++ b/roles/linstor_gateway/tasks/iptables.yml
@@ -0,0 +1,19 @@
+---
+
+- name: Handle NFS port
+  iptables_raw:
+    name: lingw_nfs_port
+    state: "{{ (lingw_nfs_src_ip | length > 0) | ternary('present','absent') }}"
+    rules: |
+      -A INPUT -m state --state NEW -p tcp --dport 2049 -s {{ lingw_nfs_src_ip | join(',') }} -j ACCEPT
+      -A INPUT -m state --state NEW -p tcp --dport 111 -s {{ lingw_nfs_src_ip | join(',') }} -j ACCEPT
+      -A INPUT -m state --state NEW -p udp --dport 111 -s {{ lingw_nfs_src_ip | join(',') }} -j ACCEPT
+  tags: firewall,drbd
+
+- name: Handle iSCSI port
+  iptables_raw:
+    name: lingw_iscsi_port
+    state: "{{ (lingw_iscsi_src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport 3260 -s {{ lingw_iscsi_src_ip | join(',') }} -j ACCEPT"
+  tags: firewall,drbd
+
diff --git a/roles/linstor_gateway/tasks/main.yml b/roles/linstor_gateway/tasks/main.yml
new file mode 100644
index 0000000..e02b793
--- /dev/null
+++ b/roles/linstor_gateway/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: user.yml
+  tags: drbd
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: iptables.yml
+  when: iptables_manage | default(True)
+  tags: always
+
+- include_tasks: services.yml
+  tags: always
diff --git a/roles/linstor_gateway/tasks/services.yml b/roles/linstor_gateway/tasks/services.yml
new file mode 100644
index 0000000..726dcda
--- /dev/null
+++ b/roles/linstor_gateway/tasks/services.yml
@@ -0,0 +1,10 @@
+---
+
+- name: Ensure NFS server is disabled
+  service: name=nfs-server enabled=False
+  tags: drbd
+
+- name: Start and enable linstor-gateway
+  service: name=linstor-gateway state=started enabled=True
+  register: lingw_started
+  tags: drbd
diff --git a/roles/linstor_gateway/tasks/user.yml b/roles/linstor_gateway/tasks/user.yml
new file mode 100644
index 0000000..d7c05ac
--- /dev/null
+++ b/roles/linstor_gateway/tasks/user.yml
@@ -0,0 +1,8 @@
+---
+
+- name: Create linstor-gateway user
+  user:
+    name: linstor-gateway
+    system: True
+    shell: /sbin/nologin
+  tags: drbd
diff --git a/roles/linstor_gateway/templates/linstor-gateway.service.j2 b/roles/linstor_gateway/templates/linstor-gateway.service.j2
new file mode 100644
index 0000000..6f3d17a
--- /dev/null
+++ b/roles/linstor_gateway/templates/linstor-gateway.service.j2
@@ -0,0 +1,10 @@
+[Unit]
+Description=LINSTOR Gateway
+After=network.target
+
+[Service]
+User=linstor-gateway
+ExecStart=/usr/local/bin/linstor-gateway server --addr "127.0.0.1:8080"
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/linstor_gateway/templates/linstor-gateway.toml.j2 b/roles/linstor_gateway/templates/linstor-gateway.toml.j2
new file mode 100644
index 0000000..7567911
--- /dev/null
+++ b/roles/linstor_gateway/templates/linstor-gateway.toml.j2
@@ -0,0 +1,6 @@
+[linstor]
+  controllers = [
+{% for url in lingw_controllers %}
+    "{{ url }}"
+{% endfor %}
+  ]
diff --git a/roles/linstor_gateway/vars/RedHat-8.yml b/roles/linstor_gateway/vars/RedHat-8.yml
new file mode 100644
index 0000000..d19c36c
--- /dev/null
+++ b/roles/linstor_gateway/vars/RedHat-8.yml
@@ -0,0 +1,7 @@
+---
+
+lingw_packages:
+  - nfs-utils
+  - targetcli
+  - resource-agents
+  - nvmetcli
diff --git a/roles/linstor_satellite/defaults/main.yml b/roles/linstor_satellite/defaults/main.yml
new file mode 100644
index 0000000..5bfec1f
--- /dev/null
+++ b/roles/linstor_satellite/defaults/main.yml
@@ -0,0 +1,23 @@
+---
+
+# Port on which the satellite will listen
+linsat_api_port: 3366
+
+# URL of the linstor-controller API (you can set several and they will be tried in order)
+linsat_controllers_url:
+  - http://localhost:3370
+
+# List of IP/CIDR which can reach the API of the satellite (only Linstor controller should reach it)
+linsat_api_src_ip: []
+
+# HA NFS Service
+linsat_nfs_src_ip: []
+# HA iSCSI Service
+linsat_iscsi_src_ip: []
+
+# Version of linstor-gateway to install
+linsat_gateway_version: 0.13.1
+# URL where linstor-gateway will be downloaded
+linsat_gateway_url: https://github.com/LINBIT/linstor-gateway/releases/download/v{{ linsat_gateway_version }}/linstor-gateway-linux-amd64
+# Expected sha256 of the binary
+linsat_gateway_sha256: 83d4d13154caeee79a0bec01db4a571cc417301fc001eb0ee9a6210279201934
diff --git a/roles/linstor_satellite/handlers/main.yml b/roles/linstor_satellite/handlers/main.yml
new file mode 100644
index 0000000..2005548
--- /dev/null
+++ b/roles/linstor_satellite/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+
+- name: restart linstor-satellite
+  service: name=linstor-satellite state=restarted
+  when: not linsat_started
+
diff --git a/roles/linstor_satellite/meta/main.yml b/roles/linstor_satellite/meta/main.yml
new file mode 100644
index 0000000..5861233
--- /dev/null
+++ b/roles/linstor_satellite/meta/main.yml
@@ -0,0 +1,4 @@
+---
+
+dependencies:
+  - role: drbd
diff --git a/roles/linstor_satellite/tasks/conf.yml b/roles/linstor_satellite/tasks/conf.yml
new file mode 100644
index 0000000..e6793c1
--- /dev/null
+++ b/roles/linstor_satellite/tasks/conf.yml
@@ -0,0 +1,7 @@
+---
+
+- name: Configure linstor-satellite
+  template: src=linstor_satellite.toml.j2 dest=/etc/linstor/linstor_satellite.toml
+  notify: restart linstor-satellite
+  tags: drbd
+
diff --git a/roles/linstor_satellite/tasks/directories.yml b/roles/linstor_satellite/tasks/directories.yml
new file mode 100644
index 0000000..fc6c1ed
--- /dev/null
+++ b/roles/linstor_satellite/tasks/directories.yml
@@ -0,0 +1,10 @@
+---
+
+- name: Create linstor-satellite unit snippet dir
+  file: path=/etc/systemd/system/linstor-satellite.service.d state=directory
+  tags: drbd
+
+- name: Create linstor conf dir
+  file: path=/etc/linstor state=directory
+  tags: drbd
+
diff --git a/roles/linstor_satellite/tasks/facts.yml b/roles/linstor_satellite/tasks/facts.yml
new file mode 100644
index 0000000..f9f5c16
--- /dev/null
+++ b/roles/linstor_satellite/tasks/facts.yml
@@ -0,0 +1,10 @@
+---
+
+# Load distribution specific variables
+- include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_distribution }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}.yml"
+  tags: drbd
diff --git a/roles/linstor_satellite/tasks/install.yml b/roles/linstor_satellite/tasks/install.yml
new file mode 100644
index 0000000..a868d6e
--- /dev/null
+++ b/roles/linstor_satellite/tasks/install.yml
@@ -0,0 +1,20 @@
+---
+
+- name: Install packages
+  package: name={{ linsat_packages }}
+  tags: drbd
+
+- name: Customize satellite service
+  copy:
+    content: |
+      [Service]
+      Type=notify
+    dest: /etc/systemd/system/linstor-satellite.service.d/99-ansible.conf
+  notify: restart linstor-satellite
+  register: linsat_unit
+  tags: drbd
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: linsat_unit.changed
+  tags: drbd
diff --git a/roles/linstor_satellite/tasks/iptables.yml b/roles/linstor_satellite/tasks/iptables.yml
new file mode 100644
index 0000000..9468b3a
--- /dev/null
+++ b/roles/linstor_satellite/tasks/iptables.yml
@@ -0,0 +1,9 @@
+---
+
+- name: Handle API ports
+  iptables_raw:
+    name: linsat_api_port
+    state: "{{ (linsat_api_src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ linsat_api_port }} -s {{ linsat_api_src_ip | join(',') }} -j ACCEPT"
+  tags: firewall,drbd
+
diff --git a/roles/linstor_satellite/tasks/main.yml b/roles/linstor_satellite/tasks/main.yml
new file mode 100644
index 0000000..e5bee59
--- /dev/null
+++ b/roles/linstor_satellite/tasks/main.yml
@@ -0,0 +1,20 @@
+---
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: iptables.yml
+  when: iptables_manage | default(True)
+  tags: always
+
+- include_tasks: services.yml
+  tags: always
diff --git a/roles/linstor_satellite/tasks/services.yml b/roles/linstor_satellite/tasks/services.yml
new file mode 100644
index 0000000..fda7b37
--- /dev/null
+++ b/roles/linstor_satellite/tasks/services.yml
@@ -0,0 +1,7 @@
+---
+
+- name: Start and enable the linstor-satellite
+  service: name=linstor-satellite state=started enabled=True
+  register: linsat_started
+  tags: drbd
+
diff --git a/roles/linstor_satellite/templates/drbd-reactor-reload.path.j2 b/roles/linstor_satellite/templates/drbd-reactor-reload.path.j2
new file mode 100644
index 0000000..5b60b04
--- /dev/null
+++ b/roles/linstor_satellite/templates/drbd-reactor-reload.path.j2
@@ -0,0 +1,8 @@
+[Unit]
+Description=Reload drbd-reactor on plugin changes
+
+[Path]
+PathChanged=/etc/drbd-reactor.d
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/linstor_satellite/templates/drbd-reactor-reload.service.j2 b/roles/linstor_satellite/templates/drbd-reactor-reload.service.j2
new file mode 100644
index 0000000..1d6cbfb
--- /dev/null
+++ b/roles/linstor_satellite/templates/drbd-reactor-reload.service.j2
@@ -0,0 +1,11 @@
+[Unit]
+Description=Reload drbd-reactor on plugin changes
+After=drbd-reactor.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/systemctl reload drbd-reactor.service
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/roles/linstor_satellite/templates/linstor-gateway.service.j2 b/roles/linstor_satellite/templates/linstor-gateway.service.j2
new file mode 100644
index 0000000..d6cc2d9
--- /dev/null
+++ b/roles/linstor_satellite/templates/linstor-gateway.service.j2
@@ -0,0 +1,9 @@
+[Unit]
+Description=LINSTOR Gateway
+After=network.target
+
+[Service]
+ExecStart=/usr/local/bin/linstor-gateway server --addr ":8080"
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/linstor_satellite/templates/linstor-gateway.toml.j2 b/roles/linstor_satellite/templates/linstor-gateway.toml.j2
new file mode 100644
index 0000000..c1d1435
--- /dev/null
+++ b/roles/linstor_satellite/templates/linstor-gateway.toml.j2
@@ -0,0 +1,6 @@
+[linstor]
+  controllers = [
+{% for url in linsat_controllers_url %}
+    "{{ url }}"
+{% endfor %}
+  ]
diff --git a/roles/linstor_satellite/templates/linstor_satellite.toml.j2 b/roles/linstor_satellite/templates/linstor_satellite.toml.j2
new file mode 100644
index 0000000..afb2689
--- /dev/null
+++ b/roles/linstor_satellite/templates/linstor_satellite.toml.j2
@@ -0,0 +1,11 @@
+[netcom]
+  type = "plain"
+  bind_address = "0.0.0.0"
+  port = {{ linsat_api_port }}
+
+[files]
+  allowExtFiles = [
+    "/etc/systemd/system",
+    "/etc/systemd/system/linstor-satellite.service.d",
+    "/etc/drbd-reactor.d"
+  ]
diff --git a/roles/linstor_satellite/vars/RedHat-8.yml b/roles/linstor_satellite/vars/RedHat-8.yml
new file mode 100644
index 0000000..164f4e1
--- /dev/null
+++ b/roles/linstor_satellite/vars/RedHat-8.yml
@@ -0,0 +1,5 @@
+---
+
+linsat_packages:
+  - linstor-satellite
+  - lvm2