From: Christian Pointner Date: Sun, 25 Nov 2018 00:45:41 +0000 (+0100) Subject: Merge pull request #22 from realraum/gnocci/setup X-Git-Url: https://git.realraum.at/?a=commitdiff_plain;h=38e9ff658530f4caf4be96dbffaa09c8d5f2f5b7;hp=2fb00147adff89fa701ef21a4f6d0da696d27488;p=noc.git Merge pull request #22 from realraum/gnocci/setup WiP: (Semi-)automated gnocci installation --- diff --git a/ansible/group_vars/all/main.yml b/ansible/group_vars/all/main.yml index fc912bc..1301aef 100644 --- a/ansible/group_vars/all/main.yml +++ b/ansible/group_vars/all/main.yml @@ -1,41 +1,10 @@ --- +# Build-related directories global_cache_dir: "{{ inventory_dir }}/.cache/" global_artifacts_dir: "{{ inventory_dir }}/files/" -user_groups: - noc: - - equinox - - gebi - - nicoo - - bernhard - -users: - equinox: - email: equinox@realraum.at - gpg: 0xD74907C9E64E6CED8FE3 - ssh: - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDj7AcnQZCRihToOI7/L5YslP4bkZlZwR2dg6hV8EfQ+37z1p0imhoqc2Oz/zIEgOVARBHkn5XmfR9Bu6e3YfKpXpJXC9O3jpRSw34Xac/8qXzWZsqVAXbtzvBlYA/G4j0NQM9XIVBa1ZzBZu87xeE4KUWzO80fnQ+G3GSBp28BM4TUiSOmX9y58chPZfUp2DE80fInoXv11ikLLCBDXfMkzFCZ4Gcexhr0TYcBUgLV7ufL0xqLg4yE+Z21PLtttvVYgZIers2nWetLPoREi5yDGKeCjJVyT00X2rp6h3eFkc/VaHfb5c2MY9/4BOt+cbFCx73sG0C1SnSzWd624K/8CEoJTsX4MazLLrxwi3hIwiYX1mCCfq4+S4PpSFvMUGdMWB52PkBRXulQislCVBA/lzma93xJr1jWVFSikjkvAUt8Zt33vHMRd7RMYDfsDVIEKpUT49cBj0v7zs6IVE858J33sUZoVXaiA2sjsap8RguNtjJMSYx8+nwkQAjxwlTiV2J6pHGQHJDyeVsqGlnMpEk32ZeSs/BQ7XWPG62FT3SN6E4C/fa8dawvs7RgY0cbZkhucECBu9Zto/KakIhzLtFzgDighPmK5SlAPoNEJLJYPo5ry2SBTysc4uV7xYZSQ6OVofeQeFXKL8oPe/ZAvKafn3Zk0mQcCtH0Z8q8iQ== equinox@realraum.at - - gebi: - email: michael@mgeb.org - gpg: 0x6E302CF4D98B9702 - ssh: - - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAvjmZbqEQ9EpTcyTFoxqCJileq4dF//ye0JiPBP0kPvtoW33V3TUNon5btd28DzLnFeiU/3NEjTqkaHFRM+t8EoIj4kc/6lozjIlsZN7xoz6CnNrbbHPsgi3FvelyBcsi0sbunFEV2Qw1q1tTC93UcaPqL3hx01Cxfw0Dycs/6lyljvR4eW5O5nFnvtDAoDQYwq5i4U/VZs0Gz1XAOuAb4JQ0KzLeBhfdzvmhANSWIvybmb1V6UPtdK9pCxdo9FL5NwB8nkGloIa3kC4JAINC/Pvk0czZ80rXfIckBgZKxQVUCDVUKZUZ4GZYPI6azglQmZuslziAmiTmhiUkhSZ/m2m9EN1TnMEYEmcoscvrd97l0v2BzBZPkzqL7cSAoehpQsrIe/ceBNjZP1eotS3/fFY70GabW0o2+QFx1ZXGUqRVIwOZ2ZWRp4SoqMl+UtRZx6EMGO20H17etB1b5gF6xO1e8723FFXiS3oY9oUfS+lMX5BDgGUc5wJQ696jPK/pRYrasf6piKuyFpoF+nh/rOvIGSbwHSOOApxKZoj5R+fwfVyoD2uoxd0g5meKEfqB6RDGz+W4cLgS9Th6uEAXo+LLcinjMAJNr50rJFuXYRF1zpa7p4LG/97doq2hk8LXZuTqjB3WCnTUrLy59sHrmwdkRSs6bj7mLEdRRrI1TxU= secure key of gebi - - nicoo: - email: nicolas@braud-santoni.eu - gpg: 0x3F41B0739AAD91B7CDC0 - ssh: - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDirhW/XNWCDMBy9TAEZgrahGSMlYdddyc9bNAOBbLJ8TVDe0M7YAZ4kU5EYGZBmd4NGZ4Z2Vb+sc0xlJE1MYprL0hFoOSMmU17pa6uzXwAfWtiYAsm/Z8QssOVvyte629gCPUgw1oJM19N7/i8yZh+5j+iEpffbv66USpatLJqJgeM67VjcHPLHf75dEBwkqsWMvpIk3+8gtwXDR8t8YUuxJgHOLFUEWQ6wiXxBoIJTAvdzAzykIs/yJbsMpKjDNLfF0guaRDC5GnjwHqTkGegxBS3l/MzkOpXtWbbbhYX8yIvFkryBFbyB0oa/rnE2HnYbaq2riyZpcsKRXqIvvFFa80FqGE+8sQnMlHn2IaOlkmkBMBytL+6rP3feFWq+vGZLRMs7ezMs+o0ofe0svMhLjy79AJnRBfaFn350AnmqNGZ8HbS0A1vOpPJsJVMhcqx+0cPHfxIedNGs7BJZypmBiw6vZ0rzxm1YX7CZcpiIe2Ob9o/+ypwWVXlT1zcLMC6u5/2YXDCXea0QtiOnM9h4ahkRaBb8CUTMtDurOf9uPtwE8wzmq34baAOQMfY3Tb9uGvAlCcLbke5RDCLfvBx3C2g2KkaboFL/7V9YQ1DCpj+zpOEdr/Jr1wKoWBzgCfZcfXn954J2z2BjbHZRTpCW6EmaYXj4J2bRIX7FalKkw== nicoo@harbard - - bernhard: - email: xro@realraum.at - gpg: 0xE3468B9CE81EB4F91486 - ssh: - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDsT6W8Yz9iQ9FXuyrBmLC3o1j26ugzKfJDjvYAOehtjbYj+JjNrLoob1Evg5wWbDI9w+GiaBRKpfMw/66rMty8UXnYvpr28AsMdsxmvCp7k6eW55WcWNC26Nw3cWJo8MBxDaWDfjPdVzhKU7iFTCEVz/mUqUrbyg+Y6R1psqY84zXwelyPNPUVNBSaWMORmWR397v8UaEx2jsO4Nxaw1w4RnJSyq5feXResLigh6yelCNDWu3ISQrmZtjKRCPWlVzIDAT5m0UZzHjfGtixei8QNo3Y1sNUyFmrR0jcy6Uvkcl2ryGsUApCqaIGHz9zNvVJo7lGFH7yDVnaFx2XHnbDrZqhcvtvKK9kJkXwpTwASnSg7CB4VUFxdfzOlwnGUqMrePYqN5CaFKLNNQ5vIharK+iikvgkibrCSH69Tdb26IvBpXojuoIHDpBNcAAy5d66P+EoUXv7xWVmWiDLyJd66GvNzAzwel16KrjlgYZoKaj5rAB04qafSi6gRKJMuxQTBGGBc45JojDDZUEQht0/0N9GEWZDAO2z3eyB0lsODNvJBh9jAvwEOMcNnm59GYnYrk4bKLS1GEvq6a0aQvAxJDj0OxENNsx3SloYnP+ufHUZvWI9Ccu+9PMcoNqsFomiFg5nraL7NVaaOegVVYVGr4xZm9Yl/fnfnkH/lccsPw== xro@realraum.at - -noc_groups: - - adm - - sudo - -noc_ssh_keys: "{{ user_groups.noc | map('extract', users) | map(attribute='ssh') | flatten | list }}" +# Default credentials +## Root password; by default, undefined +root_password: "{{ vault_root_password }}" +## SSH keys for root, default to NOC's +ssh_keys: "{{ noc_ssh_keys }}" diff --git a/ansible/group_vars/all/users.yml b/ansible/group_vars/all/users.yml new file mode 100644 index 0000000..ac2b99b --- /dev/null +++ b/ansible/group_vars/all/users.yml @@ -0,0 +1,38 @@ +--- +user_groups: + noc: + - equinox + - gebi + - nicoo + - bernhard + +users: + equinox: + email: equinox@realraum.at + gpg: 0xD74907C9E64E6CED8FE3 + ssh: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDj7AcnQZCRihToOI7/L5YslP4bkZlZwR2dg6hV8EfQ+37z1p0imhoqc2Oz/zIEgOVARBHkn5XmfR9Bu6e3YfKpXpJXC9O3jpRSw34Xac/8qXzWZsqVAXbtzvBlYA/G4j0NQM9XIVBa1ZzBZu87xeE4KUWzO80fnQ+G3GSBp28BM4TUiSOmX9y58chPZfUp2DE80fInoXv11ikLLCBDXfMkzFCZ4Gcexhr0TYcBUgLV7ufL0xqLg4yE+Z21PLtttvVYgZIers2nWetLPoREi5yDGKeCjJVyT00X2rp6h3eFkc/VaHfb5c2MY9/4BOt+cbFCx73sG0C1SnSzWd624K/8CEoJTsX4MazLLrxwi3hIwiYX1mCCfq4+S4PpSFvMUGdMWB52PkBRXulQislCVBA/lzma93xJr1jWVFSikjkvAUt8Zt33vHMRd7RMYDfsDVIEKpUT49cBj0v7zs6IVE858J33sUZoVXaiA2sjsap8RguNtjJMSYx8+nwkQAjxwlTiV2J6pHGQHJDyeVsqGlnMpEk32ZeSs/BQ7XWPG62FT3SN6E4C/fa8dawvs7RgY0cbZkhucECBu9Zto/KakIhzLtFzgDighPmK5SlAPoNEJLJYPo5ry2SBTysc4uV7xYZSQ6OVofeQeFXKL8oPe/ZAvKafn3Zk0mQcCtH0Z8q8iQ== equinox@realraum.at + + gebi: + email: michael@mgeb.org + gpg: 0x6E302CF4D98B9702 + ssh: + - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAvjmZbqEQ9EpTcyTFoxqCJileq4dF//ye0JiPBP0kPvtoW33V3TUNon5btd28DzLnFeiU/3NEjTqkaHFRM+t8EoIj4kc/6lozjIlsZN7xoz6CnNrbbHPsgi3FvelyBcsi0sbunFEV2Qw1q1tTC93UcaPqL3hx01Cxfw0Dycs/6lyljvR4eW5O5nFnvtDAoDQYwq5i4U/VZs0Gz1XAOuAb4JQ0KzLeBhfdzvmhANSWIvybmb1V6UPtdK9pCxdo9FL5NwB8nkGloIa3kC4JAINC/Pvk0czZ80rXfIckBgZKxQVUCDVUKZUZ4GZYPI6azglQmZuslziAmiTmhiUkhSZ/m2m9EN1TnMEYEmcoscvrd97l0v2BzBZPkzqL7cSAoehpQsrIe/ceBNjZP1eotS3/fFY70GabW0o2+QFx1ZXGUqRVIwOZ2ZWRp4SoqMl+UtRZx6EMGO20H17etB1b5gF6xO1e8723FFXiS3oY9oUfS+lMX5BDgGUc5wJQ696jPK/pRYrasf6piKuyFpoF+nh/rOvIGSbwHSOOApxKZoj5R+fwfVyoD2uoxd0g5meKEfqB6RDGz+W4cLgS9Th6uEAXo+LLcinjMAJNr50rJFuXYRF1zpa7p4LG/97doq2hk8LXZuTqjB3WCnTUrLy59sHrmwdkRSs6bj7mLEdRRrI1TxU= secure key of gebi + + nicoo: + email: nicolas@braud-santoni.eu + gpg: 0x3F41B0739AAD91B7CDC0 + ssh: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDirhW/XNWCDMBy9TAEZgrahGSMlYdddyc9bNAOBbLJ8TVDe0M7YAZ4kU5EYGZBmd4NGZ4Z2Vb+sc0xlJE1MYprL0hFoOSMmU17pa6uzXwAfWtiYAsm/Z8QssOVvyte629gCPUgw1oJM19N7/i8yZh+5j+iEpffbv66USpatLJqJgeM67VjcHPLHf75dEBwkqsWMvpIk3+8gtwXDR8t8YUuxJgHOLFUEWQ6wiXxBoIJTAvdzAzykIs/yJbsMpKjDNLfF0guaRDC5GnjwHqTkGegxBS3l/MzkOpXtWbbbhYX8yIvFkryBFbyB0oa/rnE2HnYbaq2riyZpcsKRXqIvvFFa80FqGE+8sQnMlHn2IaOlkmkBMBytL+6rP3feFWq+vGZLRMs7ezMs+o0ofe0svMhLjy79AJnRBfaFn350AnmqNGZ8HbS0A1vOpPJsJVMhcqx+0cPHfxIedNGs7BJZypmBiw6vZ0rzxm1YX7CZcpiIe2Ob9o/+ypwWVXlT1zcLMC6u5/2YXDCXea0QtiOnM9h4ahkRaBb8CUTMtDurOf9uPtwE8wzmq34baAOQMfY3Tb9uGvAlCcLbke5RDCLfvBx3C2g2KkaboFL/7V9YQ1DCpj+zpOEdr/Jr1wKoWBzgCfZcfXn954J2z2BjbHZRTpCW6EmaYXj4J2bRIX7FalKkw== nicoo@harbard + + bernhard: + email: xro@realraum.at + gpg: 0xE3468B9CE81EB4F91486 + ssh: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDsT6W8Yz9iQ9FXuyrBmLC3o1j26ugzKfJDjvYAOehtjbYj+JjNrLoob1Evg5wWbDI9w+GiaBRKpfMw/66rMty8UXnYvpr28AsMdsxmvCp7k6eW55WcWNC26Nw3cWJo8MBxDaWDfjPdVzhKU7iFTCEVz/mUqUrbyg+Y6R1psqY84zXwelyPNPUVNBSaWMORmWR397v8UaEx2jsO4Nxaw1w4RnJSyq5feXResLigh6yelCNDWu3ISQrmZtjKRCPWlVzIDAT5m0UZzHjfGtixei8QNo3Y1sNUyFmrR0jcy6Uvkcl2ryGsUApCqaIGHz9zNvVJo7lGFH7yDVnaFx2XHnbDrZqhcvtvKK9kJkXwpTwASnSg7CB4VUFxdfzOlwnGUqMrePYqN5CaFKLNNQ5vIharK+iikvgkibrCSH69Tdb26IvBpXojuoIHDpBNcAAy5d66P+EoUXv7xWVmWiDLyJd66GvNzAzwel16KrjlgYZoKaj5rAB04qafSi6gRKJMuxQTBGGBc45JojDDZUEQht0/0N9GEWZDAO2z3eyB0lsODNvJBh9jAvwEOMcNnm59GYnYrk4bKLS1GEvq6a0aQvAxJDj0OxENNsx3SloYnP+ufHUZvWI9Ccu+9PMcoNqsFomiFg5nraL7NVaaOegVVYVGr4xZm9Yl/fnfnkH/lccsPw== xro@realraum.at + +noc_groups: + - adm + - sudo + +noc_ssh_keys: "{{ user_groups.noc | map('extract', users) | map(attribute='ssh') | flatten | list }}" diff --git a/ansible/group_vars/kvmhosts/main.yml b/ansible/group_vars/kvmhosts/main.yml new file mode 100644 index 0000000..79c3bd7 --- /dev/null +++ b/ansible/group_vars/kvmhosts/main.yml @@ -0,0 +1,2 @@ +preseed_path: /srv/preseed +debian_installer_path: /srv/installer diff --git a/ansible/host_vars/alfred/main.yml b/ansible/host_vars/alfred/main.yml index 5c0682a..ab6ad85 100644 --- a/ansible/host_vars/alfred/main.yml +++ b/ansible/host_vars/alfred/main.yml @@ -2,19 +2,6 @@ vm_host: installer: net_if: br-mgmt - preseed_path: /srv/preseed - path: /srv/installer - distros: - - distro: debian - codename: stretch - arch: - - amd64 - - i386 - - distro: ubuntu - codename: xenial - arch: - - amd64 - - i386 network: interface: br-mgmt ip: "{{ net.mgmt.prefix | ipaddr(65) | ipaddr('address') }}" diff --git a/ansible/host_vars/gnocci0/main.yml b/ansible/host_vars/gnocci0/main.yml new file mode 100644 index 0000000..623ef3c --- /dev/null +++ b/ansible/host_vars/gnocci0/main.yml @@ -0,0 +1,13 @@ +--- +network: + nameservers: "{{ net.mgmt.dns }}" + domain: realraum.at + primary: + interface: enp1s0 + ip: "{{ net.mgmt.prefix | ipaddr(250) | ipaddr('address') }}" + mask: "{{ net.mgmt.prefix | ipaddr('netmask') }}" + gateway: "{{ net.mgmt.gw }}" + +install: + disks: + primary: sda diff --git a/ansible/host_vars/gnocci0/vault.yml b/ansible/host_vars/gnocci0/vault.yml new file mode 100644 index 0000000..df5d4ac --- /dev/null +++ b/ansible/host_vars/gnocci0/vault.yml @@ -0,0 +1,8 @@ +$ANSIBLE_VAULT;1.1;AES256 +66323066353065353661346261313235333834343034313532343739343531373035366364303138 +6433663331336264613830643035363962346131353830640a376336363433653437306236656230 +39313361376130316464333566383533396663393863646333393536613230333233333335323938 +3662646635383161360a333661663063343862373638373933383362383164623039383763613036 +61346661346261306465393039343732343635326364306363653666343130383836343539336439 +34306462316666623665323239613561663730353933633663636631323063383164643937366334 +393864666635663237346434613264303532 diff --git a/ansible/host_vars/gnocci1/main.yml b/ansible/host_vars/gnocci1/main.yml index 954c9c7..537e7d5 100644 --- a/ansible/host_vars/gnocci1/main.yml +++ b/ansible/host_vars/gnocci1/main.yml @@ -1,2 +1,13 @@ --- -root_password: "{{ vault_root_password }}" +network: + nameservers: "{{ net.mgmt.dns }}" + domain: realraum.at + primary: + interface: enp1s0 + ip: "{{ net.mgmt.prefix | ipaddr(251) | ipaddr('address') }}" + mask: "{{ net.mgmt.prefix | ipaddr('netmask') }}" + gateway: "{{ net.mgmt.gw }}" + +install: + disks: + primary: sda diff --git a/ansible/host_vars/gnocci1/vault.yml b/ansible/host_vars/gnocci1/vault.yml index df5d4ac..ab3ecca 100644 --- a/ansible/host_vars/gnocci1/vault.yml +++ b/ansible/host_vars/gnocci1/vault.yml @@ -1,8 +1,8 @@ $ANSIBLE_VAULT;1.1;AES256 -66323066353065353661346261313235333834343034313532343739343531373035366364303138 -6433663331336264613830643035363962346131353830640a376336363433653437306236656230 -39313361376130316464333566383533396663393863646333393536613230333233333335323938 -3662646635383161360a333661663063343862373638373933383362383164623039383763613036 -61346661346261306465393039343732343635326364306363653666343130383836343539336439 -34306462316666623665323239613561663730353933633663636631323063383164643937366334 -393864666635663237346434613264303532 +31366163653363386462333866383263366435353838623965653035623138356339633866623932 +3538626561373636313833333434393434616366303633370a346364356161616662666164323063 +30333934663463383034623730366365386536373465383362353132386434396461353039363863 +3861333238386263620a613539393937383264346566613330666165623363313838326638623563 +64643233613539356337613435376130633466313261616235326430326161663263343363343361 +36373736303233333831316266633365306435646634643166663038326364323839386430373438 +373966366161613436646365346339316365 diff --git a/ansible/host_vars/gnocci2/main.yml b/ansible/host_vars/gnocci2/main.yml deleted file mode 100644 index 954c9c7..0000000 --- a/ansible/host_vars/gnocci2/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -root_password: "{{ vault_root_password }}" diff --git a/ansible/host_vars/gnocci2/vault.yml b/ansible/host_vars/gnocci2/vault.yml deleted file mode 100644 index ab3ecca..0000000 --- a/ansible/host_vars/gnocci2/vault.yml +++ /dev/null @@ -1,8 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -31366163653363386462333866383263366435353838623965653035623138356339633866623932 -3538626561373636313833333434393434616366303633370a346364356161616662666164323063 -30333934663463383034623730366365386536373465383362353132386434396461353039363863 -3861333238386263620a613539393937383264346566613330666165623363313838326638623563 -64643233613539356337613435376130633466313261616235326430326161663263343363343361 -36373736303233333831316266633365306435646634643166663038326364323839386430373438 -373966366161613436646365346339316365 diff --git a/ansible/host_vars/testvm/main.yml b/ansible/host_vars/testvm/main.yml index 80a95ad..1d0c62a 100644 --- a/ansible/host_vars/testvm/main.yml +++ b/ansible/host_vars/testvm/main.yml @@ -1,33 +1,33 @@ --- localconfig_ssh_config_user: root -vm_install_host: alfred +vm_host: alfred -vm_install: - host: "{{ vm_install_host }}" +install: + host: "{{ vm_host }}" mem: 1024 numcpu: 2 disks: primary: vda virtio: vda: - vg: alfred + vg: "{{ vm_host }}" lv: "{{ inventory_hostname }}" size: 10g interfaces: - - bridge: "{{ hostvars[vm_install_host].vm_host.network.interface }}" + - bridge: "{{ hostvars[vm_host].vm_host.network.interface }}" name: mgmt0 - bridge: "br-svc" name: svc0 autostart: True -vm_network: - nameservers: "{{ hostvars[vm_install_host].vm_host.network.nameservers }}" +network: + nameservers: "{{ hostvars[vm_host].vm_host.network.nameservers }}" domain: realraum.at systemd_link: - interfaces: "{{ vm_install.interfaces }}" + interfaces: "{{ install.interfaces }}" primary: interface: mgmt0 - ip: "{{ (hostvars[vm_install_host].vm_host.network.ip+'/'+hostvars[vm_install_host].vm_host.network.mask) | ipaddr(hostvars[vm_install_host].vm_host.network.indices[inventory_hostname]) | ipaddr('address') }}" - mask: "{{ hostvars[vm_install_host].vm_host.network.mask }}" - gateway: "{{ hostvars[vm_install_host].vm_host.network.gateway | default(hostvars[vm_install_host].vm_host.network.ip) }}" + ip: "{{ (hostvars[vm_host].vm_host.network.ip+'/'+hostvars[vm_host].vm_host.network.mask) | ipaddr(hostvars[vm_host].vm_host.network.indices[inventory_hostname]) | ipaddr('address') }}" + mask: "{{ hostvars[vm_host].vm_host.network.mask }}" + gateway: "{{ hostvars[vm_host].vm_host.network.gateway | default(hostvars[vm_host].vm_host.network.ip) }}" diff --git a/ansible/hosts.ini b/ansible/hosts.ini index b3a1721..8591a15 100644 --- a/ansible/hosts.ini +++ b/ansible/hosts.ini @@ -13,6 +13,8 @@ galley hacksch r3home tickets +gnocci[0:1] + ## TODO: remove the variable once https://github.com/ansible/ansible/issues/39119 is fixed metrics localconfig_ssh_config_user=root testvm localconfig_ssh_config_user=root @@ -24,9 +26,11 @@ host_domain=mgmt.realraum.at [baremetalservers] alfred +gnocci[0:1] [kvmhosts] alfred +gnocci[0:1] [virtualservers] @@ -70,6 +74,5 @@ localconfig_ssh_config_user=root #gw #torwaechter -#[apu] -#gnocchi1 -#gnocchi2 +[apu] +gnocchi[0:1] diff --git a/ansible/remove_known_hosts.sh b/ansible/remove_known_hosts.sh index ee4a0fb..81d8de2 100755 --- a/ansible/remove_known_hosts.sh +++ b/ansible/remove_known_hosts.sh @@ -2,12 +2,12 @@ set -eu if [ $# -eq 0 ]; then - echo "Usage: $0 vmname [vmname ...]" >&2 + echo "Usage: $0 hostname [hostname ...]" >&2 exit 1 fi cd "$(dirname "$0")" -for vmname in "$@"; do - ansible-playbook -e vmname="${vmname}" remove_known_hosts.yml +for hostname in "$@"; do + ansible-playbook -e hostname="${hostname}" remove_known_hosts.yml done diff --git a/ansible/remove_known_hosts.yml b/ansible/remove_known_hosts.yml index 5491342..abde3f5 100644 --- a/ansible/remove_known_hosts.yml +++ b/ansible/remove_known_hosts.yml @@ -2,10 +2,10 @@ hosts: localhost gather_facts: no tasks: - - command: ssh-keygen -f ~/.ssh/known_hosts -R [{{ item }}]:{{ hostvars[vmname].ansible_port }} + - command: ssh-keygen -f ~/.ssh/known_hosts -R [{{ item }}]:{{ hostvars[hostname].ansible_port }} with_items: - - "{{ hostvars[vmname].ansible_host }}" - - r3-{{ vmname }} - - r3g-{{ vmname }} - - r3e-{{ vmname }} - - "{{ hostvars[vmname].vm_network_cooked.primary.ip }}" + - "{{ hostvars[hostname].ansible_host }}" + - r3-{{ hostname }} + - r3g-{{ hostname }} + - r3e-{{ hostname }} + - "{{ hostvars[hostname].network_cooked.primary.ip }}" diff --git a/ansible/roles/base/tasks/main.yml b/ansible/roles/base/tasks/main.yml index a0545df..c155be4 100644 --- a/ansible/roles/base/tasks/main.yml +++ b/ansible/roles/base/tasks/main.yml @@ -47,7 +47,7 @@ - name: Set authorized keys for root user authorized_key: user: root - key: "{{ noc_ssh_keys | join('\n') }}" + key: "{{ ssh_keys | join('\n') }}" exclusive: yes - name: disable apt suggests and recommends diff --git a/ansible/roles/debian-installer/defaults/main.yml b/ansible/roles/debian-installer/defaults/main.yml new file mode 100644 index 0000000..94e8d6c --- /dev/null +++ b/ansible/roles/debian-installer/defaults/main.yml @@ -0,0 +1,18 @@ +distros: + - distro: debian + codename: stretch + arch: + - amd64 + - i386 + + - distro: ubuntu + codename: bionic + arch: + - amd64 + - i386 + +debian_installer_force_download: no + +debian_installer_url: + debian: "https://debian.ffgraz.net/debian" + ubuntu: "https://debian.ffgraz.net/ubuntu" diff --git a/ansible/roles/debian-installer/tasks/main.yml b/ansible/roles/debian-installer/tasks/main.yml new file mode 100644 index 0000000..eb32f6a --- /dev/null +++ b/ansible/roles/debian-installer/tasks/main.yml @@ -0,0 +1,27 @@ +- name: prepare directories for installer images + with_subelements: + - "{{ distros }}" + - arch + file: + name: "{{ debian_installer_path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}" + state: directory + +- name: download installer kernel images + with_subelements: + - "{{ distros }}" + - arch + get_url: + url: "{{ debian_installer_url[item.0.distro] }}/dists/{{ item.0.codename }}/main/installer-{{ item.1 }}/current/images/netboot/{{ item.0.distro }}-installer/{{ item.1 }}/linux" + dest: "{{ debian_installer_path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}/linux" + mode: 0644 + force: "{{ debian_installer_force_download }}" + +- name: download installer initrd.gz + with_subelements: + - "{{ distros }}" + - arch + get_url: + url: "{{ debian_installer_url[item.0.distro] }}/dists/{{ item.0.codename }}/main/installer-{{ item.1 }}/current/images/netboot/{{ item.0.distro }}-installer/{{ item.1 }}/initrd.gz" + dest: "{{ debian_installer_path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}/initrd.gz" + mode: 0644 + force: "{{ debian_installer_force_download }}" diff --git a/ansible/roles/preseed/defaults/main.yml b/ansible/roles/preseed/defaults/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/preseed/tasks/main.yml b/ansible/roles/preseed/tasks/main.yml new file mode 100644 index 0000000..8289eb6 --- /dev/null +++ b/ansible/roles/preseed/tasks/main.yml @@ -0,0 +1,25 @@ +- name: Copy initramfs into position + copy: + remote_src: yes + src: "{{ debian_installer_path | mandatory }}/{{ install_distro }}-{{ install_codename }}/{{ hostvars[hostname].install_cooked.arch | default('amd64') }}/initrd.gz" + dest: "{{ preseed_tmpdir }}/initrd.preseed.gz" + +- name: Generate preseed file + template: + src: "preseed_{{ install_distro }}-{{ install_codename }}.cfg.j2" + dest: "{{ preseed_tmpdir }}/preseed.cfg" + +- name: Generate authorized_keys file + authorized_key: + user: root + manage_dir: no + path: "{{ preseed_tmpdir }}/authorized_keys" + key: "{{ ssh_keys | join('\n') }}" + +- name: Inject files into initramfs + shell: cpio -H newc -o | gzip -9 >> 'initrd.preseed.gz' + args: + chdir: "{{ preseed_tmpdir }}" + stdin: | + preseed.cfg + authorized_keys diff --git a/ansible/roles/preseed/templates/preseed_debian-stretch.cfg.j2 b/ansible/roles/preseed/templates/preseed_debian-stretch.cfg.j2 new file mode 100644 index 0000000..f39e3f3 --- /dev/null +++ b/ansible/roles/preseed/templates/preseed_debian-stretch.cfg.j2 @@ -0,0 +1,110 @@ +######################################################################### +# realraum preseed file for Debian stretch based VMs +######################################################################### + +d-i debian-installer/language string en +d-i debian-installer/country string AT +d-i debian-installer/locale string en_US.UTF-8 +d-i keyboard-configuration/xkb-keymap select us + +d-i netcfg/disable_dhcp boolean true +d-i netcfg/choose_interface select {{ install_interface | default(hostvars[hostname].network_cooked.primary.interface) }} +d-i netcfg/disable_autoconfig boolean false +d-i netcfg/get_ipaddress string {{ hostvars[hostname].network_cooked.primary.ip }} +d-i netcfg/get_netmask string {{ hostvars[hostname].network_cooked.primary.mask }} +d-i netcfg/get_gateway string {{ hostvars[hostname].network_cooked.primary.gateway }} +d-i netcfg/get_nameservers string {{ hostvars[hostname].network_cooked.nameservers | join(' ') }} +d-i netcfg/confirm_static boolean true + +d-i netcfg/get_hostname string {{ hostname }} +d-i netcfg/get_domain string {{ hostvars[hostname].network_cooked.domain }} +d-i netcfg/wireless_wep string + + +d-i mirror/country string manual +d-i mirror/http/hostname string debian.ffgraz.net +d-i mirror/http/directory string /debian +d-i mirror/http/proxy string + + +d-i passwd/make-user boolean false +d-i passwd/root-password password this-very-very-secure-password-will-be-removed-by-latecommand +d-i passwd/root-password-again password this-very-very-secure-password-will-be-removed-by-latecommand + + +d-i clock-setup/utc boolean true +d-i time/zone string Europe/Vienna +d-i clock-setup/ntp boolean false + + +d-i partman-auto/disk string /dev/{{ hostvars[hostname].install_cooked.disks.primary }} +d-i partman-auto/method string lvm +d-i partman-lvm/device_remove_lvm boolean true +d-i partman-md/device_remove_md boolean true + +d-i partman-lvm/confirm boolean true +d-i partman-lvm/confirm_nooverwrite boolean true + +d-i partman-auto/expert_recipe string \ + boot-root :: \ + 1000 10000 -1 ext4 \ + $defaultignore{ } $primary{ } $bootable{ } \ + method{ lvm } vg_name{ {{ hostname }} } \ + . \ + 2048 10000 2560 ext4 \ + $lvmok{ } in_vg{ {{ hostname }} } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ / } \ + . \ + 1024 11000 1280 ext4 \ + $lvmok{ } in_vg{ {{ hostname }} } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ /var } \ + . \ + 768 10000 768 ext4 \ + $lvmok{ } in_vg{ {{ hostname }} } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ /var/log } \ + options/nodev{ nodev } options/noatime{ noatime } \ + options/noexec{ noexec } \ + . \ + 16 20000 -1 ext4 \ + $lvmok{ } in_vg{ {{ hostname }} } \ + method( keep } lv_name{ dummy } \ + . + +d-i partman-auto-lvm/no_boot boolean true +d-i partman-basicfilesystems/no_swap true +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true + + +d-i base-installer/install-recommends boolean false +d-i apt-setup/security_host string debian.ffgraz.net + +tasksel tasksel/first multiselect +d-i pkgsel/include string openssh-server python +d-i pkgsel/upgrade select safe-upgrade +popularity-contest popularity-contest/participate boolean false + +d-i grub-installer/choose_bootdev string /dev/{{ hostvars[hostname].install_cooked.disks.primary }} +d-i grub-installer/only_debian boolean true +d-i grub-installer/with_other_os boolean false + +d-i finish-install/reboot_in_progress note + + +d-i preseed/late_command string \ + lvremove -f {{ hostname }}/dummy; \ + in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \ + in-target bash -c "passwd -d root && passwd -l root"; \ + mkdir -p -m 0700 /target/root/.ssh; \ + cp /authorized_keys /target/root/.ssh/; \ +{% if hostvars[hostname].ansible_port is defined %} + in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ hostvars[hostname].ansible_port }}/' -i /etc/ssh/sshd_config" +{% endif %} diff --git a/ansible/roles/preseed/templates/preseed_ubuntu-xenial.cfg.j2 b/ansible/roles/preseed/templates/preseed_ubuntu-xenial.cfg.j2 new file mode 100644 index 0000000..5f4c49e --- /dev/null +++ b/ansible/roles/preseed/templates/preseed_ubuntu-xenial.cfg.j2 @@ -0,0 +1,114 @@ +######################################################################### +# realraum preseed file for Ubuntu xenial based VMs +######################################################################### + +d-i debian-installer/language string en +d-i debian-installer/country string AT +d-i debian-installer/locale string en_US.UTF-8 +d-i localechooser/preferred-locale string en_US.UTF-8 +d-i localechooser/supported-locales multiselect de_DE.UTF-8, de_AT.UTF-8 +d-i console-setup/ask_detect boolean false +d-i keyboard-configuration/xkb-keymap select us +d-i keyboard-configuration/layoutcode string us + + +#d-i netcfg/choose_interface select enp1s1 +#d-i netcfg/disable_autoconfig boolean false +#d-i netcfg/get_ipaddress string {{ hostvars[hostname].network_cooked.primary.ip }} +#d-i netcfg/get_netmask string {{ hostvars[hostname].network_cooked.primary.mask }} +#d-i netcfg/get_gateway string {{ hostvars[hostname].network_cooked.primary.gateway }} +#d-i netcfg/get_nameservers string {{ hostvars[hostname].network_cooked.nameservers | join(' ') }} +#d-i netcfg/confirm_static boolean true + +d-i netcfg/get_hostname string {{ hostname }} +d-i netcfg/get_domain string {{ hostvars[hostname].network_cooked.domain }} +d-i netcfg/wireless_wep string + + +d-i mirror/country string manual +d-i mirror/http/hostname string debian.ffgraz.net +d-i mirror/http/directory string /ubuntu +d-i mirror/http/proxy string + + +d-i passwd/make-user boolean false +d-i passwd/root-login boolean true +d-i passwd/root-password password this-very-very-secure-password-will-be-removed-by-latecommand +d-i passwd/root-password-again password this-very-very-secure-password-will-be-removed-by-latecommand + + +d-i clock-setup/utc boolean true +d-i time/zone string Europe/Vienna +d-i clock-setup/ntp boolean false + + +d-i partman-auto/disk string /dev/{{ hostvars[hostname].install_cooked.disks.primary }} +d-i partman-auto/method string lvm +d-i partman-auto/purge_lvm_from_device boolean true +d-i partman-auto-lvm/new_vg_name string {{ hostname }} +d-i partman-auto-lvm/guided_size string max + +d-i partman-lvm/device_remove_lvm boolean true +d-i partman-lvm/confirm boolean true +d-i partman-lvm/confirm_nooverwrite boolean true + +d-i partman-auto/expert_recipe string \ + boot-root :: \ + 1000 10000 -1 ext4 \ + $defaultignore{ } $primary{ } $bootable{ } \ + method{ lvm } vg_name{ {{ hostname }} } \ + . \ + 2048 10000 2560 ext4 \ + $lvmok{ } in_vg{ {{ hostname }} } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ / } \ + . \ + 1024 11000 1280 ext4 \ + $lvmok{ } in_vg{ {{ hostname }} } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ /var } \ + . \ + 768 10000 768 ext4 \ + $lvmok{ } in_vg{ {{ hostname }} } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ /var/log } \ + options/nodev{ nodev } options/noatime{ noatime } \ + options/noexec{ noexec } \ + . \ + 16 20000 -1 ext4 \ + $lvmok{ } in_vg{ {{ hostname }} } \ + method( keep } lv_name{ dummy } \ + . + +d-i partman-auto-lvm/no_boot boolean true +d-i partman-basicfilesystems/no_swap true +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true + + +d-i base-installer/install-recommends boolean false +d-i apt-setup/security_host string debian.ffgraz.net + +tasksel tasksel/first multiselect +d-i pkgsel/include string openssh-server python +d-i pkgsel/upgrade select safe-upgrade +popularity-contest popularity-contest/participate boolean false +d-i pkgsel/update-policy select none + +d-i grub-installer/choose_bootdev string /dev/{{ hostvars[hostname].install_cooked.disks.primary }} +d-i grub-installer/only_debian boolean true +d-i grub-installer/with_other_os boolean false + +d-i finish-install/reboot_in_progress note + + +d-i preseed/late_command string \ + lvremove -f {{ hostname }}/dummy; \ + in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \ + in-target bash -c "passwd -d root; passwd -l root; umask 077; mkdir -p /root/.ssh/; echo -e '{{ noc_ssh_keys | join('\\n') }}' > /root/.ssh/authorized_keys"; \ + in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port 22000/' -i /etc/ssh/sshd_config" diff --git a/ansible/roles/usb-install/meta/main.yml b/ansible/roles/usb-install/meta/main.yml new file mode 100644 index 0000000..bca7f83 --- /dev/null +++ b/ansible/roles/usb-install/meta/main.yml @@ -0,0 +1,6 @@ +dependencies: + - role: debian-installer + distros: + - distro: "{{ install_distro }}" + codename: "{{ install_codename }}" + arch: [ "{{ install.arch | default('amd64') }}" ] diff --git a/ansible/roles/usb-install/tasks/main.yml b/ansible/roles/usb-install/tasks/main.yml new file mode 100644 index 0000000..1523aed --- /dev/null +++ b/ansible/roles/usb-install/tasks/main.yml @@ -0,0 +1,22 @@ +--- +- block: + - name: Create temporary workdir + command: mktemp -d + register: tmpdir + + - import_role: + name: preseed + vars: + preseed_tmpdir: "{{ tmpdir.stdout }}" + + - name: Copy the preseed initramfs to the artifacts directory + copy: + src: "{{ tmpdir.stdout }}/initrd.preseed.gz" + dest: "{{ artifacts_dir }}/" + + + always: + - name: Cleanup temporary workdir + file: + path: "{{ tmpdir.stdout }}" + state: absent diff --git a/ansible/roles/vm/guest/tasks/main.yml b/ansible/roles/vm/guest/tasks/main.yml index e328026..4830d05 100644 --- a/ansible/roles/vm/guest/tasks/main.yml +++ b/ansible/roles/vm/guest/tasks/main.yml @@ -34,4 +34,4 @@ content: | [Service] ExecStart= - ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 --noclear --autologin root --login-pause --host {{ vm_install_host }} %I $TERM + ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 --noclear --autologin root --login-pause --host {{ vm_host }} %I $TERM diff --git a/ansible/roles/vm/host/defaults/main.yml b/ansible/roles/vm/host/defaults/main.yml deleted file mode 100644 index deaa50a..0000000 --- a/ansible/roles/vm/host/defaults/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -vm_host_force_download_installer: False -vm_host_installer_url: - debian: "http://debian.mur.at/debian" - ubuntu: "http://ubuntu.uni-klu.ac.at/ubuntu" diff --git a/ansible/roles/vm/host/meta/main.yml b/ansible/roles/vm/host/meta/main.yml new file mode 100644 index 0000000..40f6fcb --- /dev/null +++ b/ansible/roles/vm/host/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: debian-installer diff --git a/ansible/roles/vm/host/tasks/main.yml b/ansible/roles/vm/host/tasks/main.yml index dc9a0a3..010fdce 100644 --- a/ansible/roles/vm/host/tasks/main.yml +++ b/ansible/roles/vm/host/tasks/main.yml @@ -3,7 +3,8 @@ apt: name: - qemu-kvm - - libvirt-bin + - # configuration package, pulls in libvirt-clients and libvirt-daemon + libvirt-daemon-system - python-libvirt - haveged state: present @@ -17,36 +18,8 @@ - name: make sure installer directories exists with_items: - - "{{ vm_host.installer.path }}" - - "{{ vm_host.installer.preseed_path }}" + - "{{ debian_installer_path }}" + - "{{ preseed_path }}" file: name: "{{ item }}" state: directory - -- name: prepare directories for installer images - with_subelements: - - "{{ vm_host.installer.distros }}" - - arch - file: - name: "{{ vm_host.installer.path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}" - state: directory - -- name: download installer kernel images - with_subelements: - - "{{ vm_host.installer.distros }}" - - arch - get_url: - url: "{{ vm_host_installer_url[item.0.distro] }}/dists/{{ item.0.codename }}/main/installer-{{ item.1 }}/current/images/netboot/{{ item.0.distro }}-installer/{{ item.1 }}/linux" - dest: "{{ vm_host.installer.path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}/linux" - mode: 0644 - force: "{{ vm_host_force_download_installer }}" - -- name: download installer initrd.gz - with_subelements: - - "{{ vm_host.installer.distros }}" - - arch - get_url: - url: "{{ vm_host_installer_url[item.0.distro] }}/dists/{{ item.0.codename }}/main/installer-{{ item.1 }}/current/images/netboot/{{ item.0.distro }}-installer/{{ item.1 }}/initrd.gz" - dest: "{{ vm_host.installer.path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}/initrd.gz" - mode: 0644 - force: "{{ vm_host_force_download_installer }}" diff --git a/ansible/roles/vm/install/meta/main.yml b/ansible/roles/vm/install/meta/main.yml new file mode 100644 index 0000000..d5f9520 --- /dev/null +++ b/ansible/roles/vm/install/meta/main.yml @@ -0,0 +1,7 @@ +--- +dependencies: + - role: debian-installer + distros: + - distro: "{{ install_distro }}" + codename: "{{ install_codename }}" + arch: [ "{{ hostvars[hostname].install_cooked.arch | default('amd64') }}" ] diff --git a/ansible/roles/vm/install/tasks/main.yml b/ansible/roles/vm/install/tasks/main.yml index 034cf1d..f14ea50 100644 --- a/ansible/roles/vm/install/tasks/main.yml +++ b/ansible/roles/vm/install/tasks/main.yml @@ -1,46 +1,6 @@ --- -- block: - - name: Make a temporary directory - command: mktemp -d - register: tmpdir - - - set_fact: - tmpdir: "{{ tmpdir.stdout }}" - initramfs: "{{ vm_host.installer.preseed_path }}/vm-{{ vmname }}-{{ vmdistro }}-{{ vmdistcodename }}.initrd.gz" - - - name: Copy initramfs into position - copy: - remote_src: yes - src: "{{ vm_host.installer.path }}/{{ vmdistro }}-{{ vmdistcodename }}/{{ hostvars[vmname].vm_install_cooked.arch | default('amd64') }}/initrd.gz" - dest: "{{ initramfs }}" - - - name: generate preseed file - template: - src: "preseed_{{ vmdistro }}-{{ vmdistcodename }}.cfg.j2" - dest: "{{ tmpdir }}/preseed.cfg" - - - name: generate authorized_keys file - authorized_key: - user: root - path: "{{ tmpdir }}/authorized_keys" - key: "{{ hostvars[vmname].ssh_keys | default(noc_ssh_keys) | join('\n') }}" - - - name: Inject files into initramfs - shell: cpio -H newc -o | gzip -9 >> {{ initramfs }} - args: - chdir: "{{ tmpdir }}" - stdin: | - preseed.cfg - authorized_keys - - always: - - name: Delete temporary directory - file: - path: "{{ tmpdir }}" - state: absent - - name: create disks for vm - with_dict: "{{ hostvars[vmname].vm_install_cooked.disks.virtio | default({}) | combine(hostvars[vmname].vm_install_cooked.disks.scsi | default({})) }}" + with_dict: "{{ hostvars[hostname].install_cooked.disks.virtio | default({}) | combine(hostvars[hostname].install_cooked.disks.scsi | default({})) }}" lvol: vg: "{{ item.value.vg }}" lv: "{{ item.value.lv }}" @@ -48,84 +8,107 @@ - name: check if vm already exists virt: - name: "{{ vmname }}" + name: "{{ hostname }}" command: info register: vmhost_info - block: - name: destroy exisiting vm virt: - name: "{{ vmname }}" + name: "{{ hostname }}" state: destroyed - name: wait for vm to be destroyed wait_for_virt: - name: "{{ vmname }}" + name: "{{ hostname }}" states: shutdown,crashed timeout: 5 - name: undefining exisiting vm virt: - name: "{{ vmname }}" + name: "{{ hostname }}" command: undefine - when: vmname in vmhost_info - -- name: enable installer in VM config - set_fact: - run_installer: True + when: hostname in vmhost_info -- name: define new installer vm - virt: - name: "{{ vmname }}" - command: define - xml: "{{ lookup('template', 'libvirt-domain.xml.j2') }}" +- block: + - name: create a temporary workdir + command: mktemp -d + register: tmpdir -- name: start vm - virt: - name: "{{ vmname }}" - state: running + - import_role: + name: preseed + vars: + ssh_keys: "{{ hostvars[hostname].ssh_keys }}" + install_interface: enp1s1 + preseed_tmpdir: "{{ tmpdir.stdout }}" + + - name: Make preseed workdir readable by qemu + acl: + path: "{{ tmpdir.stdout }}" + state: present + entity: libvirt-qemu + etype: user + permissions: rx + + - name: define new installer vm + virt: + name: "{{ hostname }}" + command: define + xml: "{{ lookup('template', 'libvirt-domain.xml.j2') }}" + vars: + run_installer: yes + preseed_tmpdir: "{{ tmpdir.stdout }}" + + - name: start vm + virt: + name: "{{ hostname }}" + state: running -- name: wait for installer to start - wait_for_virt: - name: "{{ vmname }}" - states: running - timeout: 10 + - name: wait for installer to start + wait_for_virt: + name: "{{ hostname }}" + states: running + timeout: 10 -- debug: - msg: "you can check on the status of the installer running this command 'virsh console {{ vmname }}' on host {{ inventory_hostname }}." + - debug: + msg: "you can check on the status of the installer running this command 'virsh console {{ hostname }}' on host {{ inventory_hostname }}." -- name: wait for installer to finish or crash - wait_for_virt: - name: "{{ vmname }}" - states: shutdown,crashed - timeout: 1800 - register: installer_result - failed_when: installer_result.failed or installer_result.state == "crashed" + - name: wait for installer to finish or crash + wait_for_virt: + name: "{{ hostname }}" + states: shutdown,crashed + timeout: 900 + register: installer_result + failed_when: installer_result.failed or installer_result.state == "crashed" -- name: undefining installer vm - virt: - name: "{{ vmname }}" - command: undefine + - name: undefining installer vm + virt: + name: "{{ hostname }}" + command: undefine -- name: disable installer in VM config - set_fact: - run_installer: False + always: + - name: cleanup temporary workdir + file: + path: "{{ tmpdir.stdout }}" + state: absent - name: define new production vm virt: - name: "{{ vmname }}" + name: "{{ hostname }}" command: define xml: "{{ lookup('template', 'libvirt-domain.xml.j2') }}" + vars: + run_installer: no - name: start vm virt: - name: "{{ vmname }}" + name: "{{ hostname }}" state: running - name: mark vm as autostarted virt: - name: "{{ vmname }}" - autostart: "{{ hostvars[vmname].vm_install_cooked.autostart }}" + name: "{{ hostname }}" + autostart: "{{ hostvars[hostname].install_cooked.autostart }}" command: info ## virt module needs either command or state - when: hostvars[vmname].vm_install_cooked.autostart is defined + when: hostvars[hostname].install_cooked.autostart is defined diff --git a/ansible/roles/vm/install/templates/libvirt-domain.xml.j2 b/ansible/roles/vm/install/templates/libvirt-domain.xml.j2 index c39b904..9119f64 100644 --- a/ansible/roles/vm/install/templates/libvirt-domain.xml.j2 +++ b/ansible/roles/vm/install/templates/libvirt-domain.xml.j2 @@ -1,13 +1,13 @@ - {{ vmname }} - {{ hostvars[vmname].vm_install_cooked.mem * 1024 }} - {{ hostvars[vmname].vm_install_cooked.mem * 1024 }} - {{ hostvars[vmname].vm_install_cooked.numcpu }} + {{ hostname }} + {{ hostvars[hostname].install_cooked.mem * 1024 }} + {{ hostvars[hostname].install_cooked.mem * 1024 }} + {{ hostvars[hostname].install_cooked.numcpu }} hvm {% if run_installer %} - {{ vm_host.installer.path }}/{{ vmdistro }}-{{ vmdistcodename }}/{{ hostvars[vmname].vm_install_cooked.arch | default('amd64') }}/linux - {{ vm_host.installer.preseed_path }}/vm-{{ vmname }}-{{ vmdistro }}-{{ vmdistcodename }}.initrd.gz + {{ debian_installer_path }}/{{ install_distro }}-{{ install_codename }}/{{ hostvars[hostname].install_cooked.arch | default('amd64') }}/linux + {{ preseed_tmpdir }}/initrd.preseed.gz console=ttyS0,115200n8 {% endif %} @@ -35,8 +35,8 @@ /dev/urandom -{% if 'virtio' in hostvars[vmname].vm_install_cooked.disks %} -{% for device, lv in hostvars[vmname].vm_install_cooked.disks.virtio.items() %} +{% if 'virtio' in hostvars[hostname].install_cooked.disks %} +{% for device, lv in hostvars[hostname].install_cooked.disks.virtio.items() %} @@ -45,9 +45,9 @@ {% endfor %} {% endif %} -{% if 'scsi' in hostvars[vmname].vm_install_cooked.disks %} +{% if 'scsi' in hostvars[hostname].install_cooked.disks %} -{% for device, lv in hostvars[vmname].vm_install_cooked.disks.scsi.items() %} +{% for device, lv in hostvars[hostname].install_cooked.disks.scsi.items() %} @@ -56,8 +56,8 @@ {% endfor %} {% endif %} -{% if hostvars[vmname].vm_install_cooked.interfaces %} -{% for if in hostvars[vmname].vm_install_cooked.interfaces %} +{% if hostvars[hostname].install_cooked.interfaces %} +{% for if in hostvars[hostname].install_cooked.interfaces %} diff --git a/ansible/roles/vm/install/templates/preseed_debian-stretch.cfg.j2 b/ansible/roles/vm/install/templates/preseed_debian-stretch.cfg.j2 deleted file mode 100644 index d802418..0000000 --- a/ansible/roles/vm/install/templates/preseed_debian-stretch.cfg.j2 +++ /dev/null @@ -1,110 +0,0 @@ -######################################################################### -# realraum preseed file for Debian stretch based VMs -######################################################################### - -d-i debian-installer/language string en -d-i debian-installer/country string AT -d-i debian-installer/locale string en_US.UTF-8 -d-i keyboard-configuration/xkb-keymap select us - -d-i netcfg/disable_dhcp boolean true -d-i netcfg/choose_interface select enp1s1 -d-i netcfg/disable_autoconfig boolean false -d-i netcfg/get_ipaddress string {{ hostvars[vmname].vm_network_cooked.primary.ip }} -d-i netcfg/get_netmask string {{ hostvars[vmname].vm_network_cooked.primary.mask }} -d-i netcfg/get_gateway string {{ hostvars[vmname].vm_network_cooked.primary.gateway }} -d-i netcfg/get_nameservers string {{ hostvars[vmname].vm_network_cooked.nameservers | join(' ') }} -d-i netcfg/confirm_static boolean true - -d-i netcfg/get_hostname string {{ vmname }} -d-i netcfg/get_domain string {{ hostvars[vmname].vm_network_cooked.domain }} -d-i netcfg/wireless_wep string - - -d-i mirror/country string manual -d-i mirror/http/hostname string debian.ffgraz.net -d-i mirror/http/directory string /debian -d-i mirror/http/proxy string - - -d-i passwd/make-user boolean false -d-i passwd/root-password password this-very-very-secure-password-will-be-removed-by-latecommand -d-i passwd/root-password-again password this-very-very-secure-password-will-be-removed-by-latecommand - - -d-i clock-setup/utc boolean true -d-i time/zone string Europe/Vienna -d-i clock-setup/ntp boolean false - - -d-i partman-auto/disk string /dev/{{ hostvars[vmname].vm_install_cooked.disks.primary }} -d-i partman-auto/method string lvm -d-i partman-lvm/device_remove_lvm boolean true -d-i partman-md/device_remove_md boolean true - -d-i partman-lvm/confirm boolean true -d-i partman-lvm/confirm_nooverwrite boolean true - -d-i partman-auto/expert_recipe string \ - boot-root :: \ - 1000 10000 -1 ext4 \ - $defaultignore{ } $primary{ } $bootable{ } \ - method{ lvm } vg_name{ {{ vmname }} } \ - . \ - 2048 10000 2560 ext4 \ - $lvmok{ } in_vg{ {{ vmname }} } \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ / } \ - . \ - 1024 11000 1280 ext4 \ - $lvmok{ } in_vg{ {{ vmname }} } \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /var } \ - . \ - 768 10000 768 ext4 \ - $lvmok{ } in_vg{ {{ vmname }} } \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /var/log } \ - options/nodev{ nodev } options/noatime{ noatime } \ - options/noexec{ noexec } \ - . \ - 16 20000 -1 ext4 \ - $lvmok{ } in_vg{ {{ vmname }} } \ - method( keep } lv_name{ dummy } \ - . - -d-i partman-auto-lvm/no_boot boolean true -d-i partman-basicfilesystems/no_swap true -d-i partman-partitioning/confirm_write_new_label boolean true -d-i partman/choose_partition select finish -d-i partman/confirm boolean true -d-i partman/confirm_nooverwrite boolean true - - -d-i base-installer/install-recommends boolean false -d-i apt-setup/security_host string debian.ffgraz.net - -tasksel tasksel/first multiselect -d-i pkgsel/include string openssh-server python -d-i pkgsel/upgrade select safe-upgrade -popularity-contest popularity-contest/participate boolean false - -d-i grub-installer/choose_bootdev string /dev/{{ hostvars[vmname].vm_install_cooked.disks.primary }} -d-i grub-installer/only_debian boolean true -d-i grub-installer/with_other_os boolean false - -d-i finish-install/reboot_in_progress note - - -d-i preseed/late_command string \ - lvremove -f {{ vmname }}/dummy; \ - in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \ - in-target bash -c "passwd -d root && passwd -l root"; \ - mkdir -p -m 0700 /target/root/.ssh; \ - cp /authorized_keys /target/root/.ssh/; \ -{% if hostvars[vmname].ansible_port is defined %} - in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ hostvars[vmname].ansible_port }}/' -i /etc/ssh/sshd_config" -{% endif %} diff --git a/ansible/roles/vm/install/templates/preseed_ubuntu-xenial.cfg.j2 b/ansible/roles/vm/install/templates/preseed_ubuntu-xenial.cfg.j2 deleted file mode 100644 index aaae381..0000000 --- a/ansible/roles/vm/install/templates/preseed_ubuntu-xenial.cfg.j2 +++ /dev/null @@ -1,114 +0,0 @@ -######################################################################### -# realraum preseed file for Ubuntu xenial based VMs -######################################################################### - -d-i debian-installer/language string en -d-i debian-installer/country string AT -d-i debian-installer/locale string en_US.UTF-8 -d-i localechooser/preferred-locale string en_US.UTF-8 -d-i localechooser/supported-locales multiselect de_DE.UTF-8, de_AT.UTF-8 -d-i console-setup/ask_detect boolean false -d-i keyboard-configuration/xkb-keymap select us -d-i keyboard-configuration/layoutcode string us - - -#d-i netcfg/choose_interface select enp1s1 -#d-i netcfg/disable_autoconfig boolean false -#d-i netcfg/get_ipaddress string {{ hostvars[vmname].vm_network_cooked.primary.ip }} -#d-i netcfg/get_netmask string {{ hostvars[vmname].vm_network_cooked.primary.mask }} -#d-i netcfg/get_gateway string {{ hostvars[vmname].vm_network_cooked.primary.gateway }} -#d-i netcfg/get_nameservers string {{ hostvars[vmname].vm_network_cooked.nameservers | join(' ') }} -#d-i netcfg/confirm_static boolean true - -d-i netcfg/get_hostname string {{ vmname }} -d-i netcfg/get_domain string {{ hostvars[vmname].vm_network_cooked.domain }} -d-i netcfg/wireless_wep string - - -d-i mirror/country string manual -d-i mirror/http/hostname string debian.ffgraz.net -d-i mirror/http/directory string /ubuntu -d-i mirror/http/proxy string - - -d-i passwd/make-user boolean false -d-i passwd/root-login boolean true -d-i passwd/root-password password this-very-very-secure-password-will-be-removed-by-latecommand -d-i passwd/root-password-again password this-very-very-secure-password-will-be-removed-by-latecommand - - -d-i clock-setup/utc boolean true -d-i time/zone string Europe/Vienna -d-i clock-setup/ntp boolean false - - -d-i partman-auto/disk string /dev/{{ hostvars[vmname].vm_install_cooked.disks.primary }} -d-i partman-auto/method string lvm -d-i partman-auto/purge_lvm_from_device boolean true -d-i partman-auto-lvm/new_vg_name string {{ vmname }} -d-i partman-auto-lvm/guided_size string max - -d-i partman-lvm/device_remove_lvm boolean true -d-i partman-lvm/confirm boolean true -d-i partman-lvm/confirm_nooverwrite boolean true - -d-i partman-auto/expert_recipe string \ - boot-root :: \ - 1000 10000 -1 ext4 \ - $defaultignore{ } $primary{ } $bootable{ } \ - method{ lvm } vg_name{ {{ vmname }} } \ - . \ - 2048 10000 2560 ext4 \ - $lvmok{ } in_vg{ {{ vmname }} } \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ / } \ - . \ - 1024 11000 1280 ext4 \ - $lvmok{ } in_vg{ {{ vmname }} } \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /var } \ - . \ - 768 10000 768 ext4 \ - $lvmok{ } in_vg{ {{ vmname }} } \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /var/log } \ - options/nodev{ nodev } options/noatime{ noatime } \ - options/noexec{ noexec } \ - . \ - 16 20000 -1 ext4 \ - $lvmok{ } in_vg{ {{ vmname }} } \ - method( keep } lv_name{ dummy } \ - . - -d-i partman-auto-lvm/no_boot boolean true -d-i partman-basicfilesystems/no_swap true -d-i partman-partitioning/confirm_write_new_label boolean true -d-i partman/choose_partition select finish -d-i partman/confirm boolean true -d-i partman/confirm_nooverwrite boolean true - - -d-i base-installer/install-recommends boolean false -d-i apt-setup/security_host string debian.ffgraz.net - -tasksel tasksel/first multiselect -d-i pkgsel/include string openssh-server python -d-i pkgsel/upgrade select safe-upgrade -popularity-contest popularity-contest/participate boolean false -d-i pkgsel/update-policy select none - -d-i grub-installer/choose_bootdev string /dev/{{ hostvars[vmname].vm_install_cooked.disks.primary }} -d-i grub-installer/only_debian boolean true -d-i grub-installer/with_other_os boolean false - -d-i finish-install/reboot_in_progress note - - -d-i preseed/late_command string \ - lvremove -f {{ vmname }}/dummy; \ - in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \ - in-target bash -c "passwd -d root; passwd -l root; umask 077; mkdir -p /root/.ssh/; echo -e '{{ noc_ssh_keys | join('\\n') }}' > /root/.ssh/authorized_keys"; \ - in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port 22000/' -i /etc/ssh/sshd_config" diff --git a/ansible/roles/vm/network/tasks/main.yml b/ansible/roles/vm/network/tasks/main.yml index 3d51fff..39f4ff4 100644 --- a/ansible/roles/vm/network/tasks/main.yml +++ b/ansible/roles/vm/network/tasks/main.yml @@ -9,7 +9,7 @@ state: absent - name: install systemd network link units - with_items: "{{ vm_network.systemd_link.interfaces }}" + with_items: "{{ network.systemd_link.interfaces }}" loop_control: index_var: interface_index template: @@ -17,7 +17,7 @@ dest: "/etc/systemd/network/{{ '%02d' | format(interface_index + 11) }}-{{ item.name }}.link" notify: rebuild initramfs - when: vm_network.systemd_link is defined + when: network.systemd_link is defined - name: install basic interface config template: diff --git a/ansible/roles/vm/network/templates/interfaces.j2 b/ansible/roles/vm/network/templates/interfaces.j2 index 542e18d..829a3e7 100644 --- a/ansible/roles/vm/network/templates/interfaces.j2 +++ b/ansible/roles/vm/network/templates/interfaces.j2 @@ -8,10 +8,10 @@ auto lo iface lo inet loopback # The primary network interface -auto {{ vm_network.primary.interface }} -iface {{ vm_network.primary.interface }} inet static - address {{ vm_network.primary.ip }} - netmask {{ vm_network.primary.mask }} - gateway {{ vm_network.primary.gateway }} +auto {{ network.primary.interface }} +iface {{ network.primary.interface }} inet static + address {{ network.primary.ip }} + netmask {{ network.primary.mask }} + gateway {{ network.primary.gateway }} pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf diff --git a/ansible/roles/vm/network/templates/resolv.conf.j2 b/ansible/roles/vm/network/templates/resolv.conf.j2 index 86d4201..a32ec18 100644 --- a/ansible/roles/vm/network/templates/resolv.conf.j2 +++ b/ansible/roles/vm/network/templates/resolv.conf.j2 @@ -1,4 +1,4 @@ -{% for nsrv in vm_network.nameservers %} +{% for nsrv in network.nameservers %} nameserver {{ nsrv }} {% endfor %} -search {{ vm_network.domain }} +search {{ network.domain }} diff --git a/ansible/usb-install.sh b/ansible/usb-install.sh new file mode 120000 index 0000000..bd4a66a --- /dev/null +++ b/ansible/usb-install.sh @@ -0,0 +1 @@ +vm-install.sh \ No newline at end of file diff --git a/ansible/usb-install.yml b/ansible/usb-install.yml new file mode 100644 index 0000000..7469fe2 --- /dev/null +++ b/ansible/usb-install.yml @@ -0,0 +1,67 @@ +--- +- name: Fetch debian installer and bake initrd + hosts: "{{ hostname }}" + connection: local + + vars_prompt: + - name: usbdrive_path + prompt: Where is the USB installation medium mounted to? + default: "" + private: no + + pre_tasks: + - set_fact: + install_cooked: "{{ install }}" + network_cooked: "{{ network }}" + artifacts_dir: "{{ global_artifacts_dir }}/{{ hostname }}" + debian_installer_path: "{{ global_cache_dir }}/debian-installer" + + - file: + state: directory + name: "{{ artifacts_dir }}" + + roles: + - usb-install + + tasks: + - stat: + path: "{{ usbdrive_path }}" + register: pathcheck + + - when: pathcheck.stat.exists + block: + - name: Copy generated files to the USB drive + copy: + src: "{{ item }}" + dest: "{{ usbdrive_path }}/" + with_items: + - "{{ artifacts_dir }}/initrd.preseed.gz" + - "{{ global_cache_dir }}/debian-installer/{{ install_distro }}-{{ install_codename }}/{{ install.arch | default('amd64') }}/linux" + loop_control: + label: "{{ item | basename }}" + + - name: Generate syslinux configuration + copy: + dest: "{{ usbdrive_path }}/syslinux.cfg" + content: | + DEFAULT linux + SAY SYSLINUX booting an automated installer for {{ hostname }}... + LABEL linux + KERNEL linux + INITRD initrd.preseed.gz + APPEND install vga=off console=ttyS0,115200n8 + + - name: Make the USB disk bootable + pause: + seconds: 0 + prompt: | + You should make sure the USB disk is bootable and + has syslinux installed. + + $ sudo apt install mbr syslinux + $ sudo install-mbr /dev/CHANGEME + $ sudo syslinux -i /dev/CHANGEME1 + $ sudo fdisk /dev/CHANGEME + [Here, make sure partition 1 is marked bootable.] + + This will NOT be done automatically. diff --git a/ansible/vm-install.sh b/ansible/vm-install.sh index 49d3e16..4e93d2c 100755 --- a/ansible/vm-install.sh +++ b/ansible/vm-install.sh @@ -1,7 +1,7 @@ #!/bin/bash if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ]; then - echo "$0 " + echo "$0 " exit 1 fi @@ -12,8 +12,8 @@ shift codename=$1 shift -echo "installing vm: $name with $distro/$codename" +echo "installing $name with $distro/$codename" echo "" echo "######## running the install playbook ########" -exec ansible-playbook -e "vmname=$name" -e "vmdistro=$distro" -e "vmdistcodename=$codename" $@ vm-install.yml +exec ansible-playbook -e "hostname=$name" -e "install_distro=$distro" -e "install_codename=$codename" $@ $(basename "$0" .sh).yml diff --git a/ansible/vm-install.yml b/ansible/vm-install.yml index 507906f..32166e7 100644 --- a/ansible/vm-install.yml +++ b/ansible/vm-install.yml @@ -1,15 +1,15 @@ --- - name: preperations and sanity checks - hosts: "{{ vmname }}" + hosts: "{{ hostname }}" gather_facts: no tasks: - name: setup variables set_fact: - vm_network_cooked: "{{ vm_network }}" - vm_install_cooked: "{{ vm_install }}" + network_cooked: "{{ network }}" + install_cooked: "{{ install }}" - name: create temporary host group for vm host add_host: - name: "{{ vm_install.host }}" + name: "{{ vm_host }}" inventory_dir: "{{inventory_dir}}" group: _vmhost_ # TODO: add some sanity checks @@ -22,7 +22,7 @@ - role: vm/install - name: wait for new vm to start up - hosts: "{{ vmname }}" + hosts: "{{ hostname }}" gather_facts: no tasks: ## TODO: find a better way to fetch host key of new VMs @@ -38,16 +38,16 @@ ansible_ssh_extra_args: "" - name: Apply VM configuration roles - hosts: "{{ vmname }}" + hosts: "{{ hostname }}" roles: - role: vm/grub - role: vm/network - role: vm/guest -- import_playbook: "host_playbooks/{{ vmname }}.yml" +- import_playbook: "host_playbooks/{{ hostname }}.yml" - name: reboot and wait for VM come back - hosts: "{{ vmname }}" + hosts: "{{ hostname }}" gather_facts: no roles: - role: reboot-and-wait