---
+# Build-related directories
global_cache_dir: "{{ inventory_dir }}/.cache/"
global_artifacts_dir: "{{ inventory_dir }}/files/"
-user_groups:
- noc:
- - equinox
- - gebi
- - nicoo
- - bernhard
-
-users:
- equinox:
- email: equinox@realraum.at
- gpg: 0xD74907C9E64E6CED8FE3
- ssh:
- - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDj7AcnQZCRihToOI7/L5YslP4bkZlZwR2dg6hV8EfQ+37z1p0imhoqc2Oz/zIEgOVARBHkn5XmfR9Bu6e3YfKpXpJXC9O3jpRSw34Xac/8qXzWZsqVAXbtzvBlYA/G4j0NQM9XIVBa1ZzBZu87xeE4KUWzO80fnQ+G3GSBp28BM4TUiSOmX9y58chPZfUp2DE80fInoXv11ikLLCBDXfMkzFCZ4Gcexhr0TYcBUgLV7ufL0xqLg4yE+Z21PLtttvVYgZIers2nWetLPoREi5yDGKeCjJVyT00X2rp6h3eFkc/VaHfb5c2MY9/4BOt+cbFCx73sG0C1SnSzWd624K/8CEoJTsX4MazLLrxwi3hIwiYX1mCCfq4+S4PpSFvMUGdMWB52PkBRXulQislCVBA/lzma93xJr1jWVFSikjkvAUt8Zt33vHMRd7RMYDfsDVIEKpUT49cBj0v7zs6IVE858J33sUZoVXaiA2sjsap8RguNtjJMSYx8+nwkQAjxwlTiV2J6pHGQHJDyeVsqGlnMpEk32ZeSs/BQ7XWPG62FT3SN6E4C/fa8dawvs7RgY0cbZkhucECBu9Zto/KakIhzLtFzgDighPmK5SlAPoNEJLJYPo5ry2SBTysc4uV7xYZSQ6OVofeQeFXKL8oPe/ZAvKafn3Zk0mQcCtH0Z8q8iQ== equinox@realraum.at
-
- gebi:
- email: michael@mgeb.org
- gpg: 0x6E302CF4D98B9702
- ssh:
- - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAvjmZbqEQ9EpTcyTFoxqCJileq4dF//ye0JiPBP0kPvtoW33V3TUNon5btd28DzLnFeiU/3NEjTqkaHFRM+t8EoIj4kc/6lozjIlsZN7xoz6CnNrbbHPsgi3FvelyBcsi0sbunFEV2Qw1q1tTC93UcaPqL3hx01Cxfw0Dycs/6lyljvR4eW5O5nFnvtDAoDQYwq5i4U/VZs0Gz1XAOuAb4JQ0KzLeBhfdzvmhANSWIvybmb1V6UPtdK9pCxdo9FL5NwB8nkGloIa3kC4JAINC/Pvk0czZ80rXfIckBgZKxQVUCDVUKZUZ4GZYPI6azglQmZuslziAmiTmhiUkhSZ/m2m9EN1TnMEYEmcoscvrd97l0v2BzBZPkzqL7cSAoehpQsrIe/ceBNjZP1eotS3/fFY70GabW0o2+QFx1ZXGUqRVIwOZ2ZWRp4SoqMl+UtRZx6EMGO20H17etB1b5gF6xO1e8723FFXiS3oY9oUfS+lMX5BDgGUc5wJQ696jPK/pRYrasf6piKuyFpoF+nh/rOvIGSbwHSOOApxKZoj5R+fwfVyoD2uoxd0g5meKEfqB6RDGz+W4cLgS9Th6uEAXo+LLcinjMAJNr50rJFuXYRF1zpa7p4LG/97doq2hk8LXZuTqjB3WCnTUrLy59sHrmwdkRSs6bj7mLEdRRrI1TxU= secure key of gebi
-
- nicoo:
- email: nicolas@braud-santoni.eu
- gpg: 0x3F41B0739AAD91B7CDC0
- ssh:
- - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDirhW/XNWCDMBy9TAEZgrahGSMlYdddyc9bNAOBbLJ8TVDe0M7YAZ4kU5EYGZBmd4NGZ4Z2Vb+sc0xlJE1MYprL0hFoOSMmU17pa6uzXwAfWtiYAsm/Z8QssOVvyte629gCPUgw1oJM19N7/i8yZh+5j+iEpffbv66USpatLJqJgeM67VjcHPLHf75dEBwkqsWMvpIk3+8gtwXDR8t8YUuxJgHOLFUEWQ6wiXxBoIJTAvdzAzykIs/yJbsMpKjDNLfF0guaRDC5GnjwHqTkGegxBS3l/MzkOpXtWbbbhYX8yIvFkryBFbyB0oa/rnE2HnYbaq2riyZpcsKRXqIvvFFa80FqGE+8sQnMlHn2IaOlkmkBMBytL+6rP3feFWq+vGZLRMs7ezMs+o0ofe0svMhLjy79AJnRBfaFn350AnmqNGZ8HbS0A1vOpPJsJVMhcqx+0cPHfxIedNGs7BJZypmBiw6vZ0rzxm1YX7CZcpiIe2Ob9o/+ypwWVXlT1zcLMC6u5/2YXDCXea0QtiOnM9h4ahkRaBb8CUTMtDurOf9uPtwE8wzmq34baAOQMfY3Tb9uGvAlCcLbke5RDCLfvBx3C2g2KkaboFL/7V9YQ1DCpj+zpOEdr/Jr1wKoWBzgCfZcfXn954J2z2BjbHZRTpCW6EmaYXj4J2bRIX7FalKkw== nicoo@harbard
-
- bernhard:
- email: xro@realraum.at
- gpg: 0xE3468B9CE81EB4F91486
- ssh:
- - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDsT6W8Yz9iQ9FXuyrBmLC3o1j26ugzKfJDjvYAOehtjbYj+JjNrLoob1Evg5wWbDI9w+GiaBRKpfMw/66rMty8UXnYvpr28AsMdsxmvCp7k6eW55WcWNC26Nw3cWJo8MBxDaWDfjPdVzhKU7iFTCEVz/mUqUrbyg+Y6R1psqY84zXwelyPNPUVNBSaWMORmWR397v8UaEx2jsO4Nxaw1w4RnJSyq5feXResLigh6yelCNDWu3ISQrmZtjKRCPWlVzIDAT5m0UZzHjfGtixei8QNo3Y1sNUyFmrR0jcy6Uvkcl2ryGsUApCqaIGHz9zNvVJo7lGFH7yDVnaFx2XHnbDrZqhcvtvKK9kJkXwpTwASnSg7CB4VUFxdfzOlwnGUqMrePYqN5CaFKLNNQ5vIharK+iikvgkibrCSH69Tdb26IvBpXojuoIHDpBNcAAy5d66P+EoUXv7xWVmWiDLyJd66GvNzAzwel16KrjlgYZoKaj5rAB04qafSi6gRKJMuxQTBGGBc45JojDDZUEQht0/0N9GEWZDAO2z3eyB0lsODNvJBh9jAvwEOMcNnm59GYnYrk4bKLS1GEvq6a0aQvAxJDj0OxENNsx3SloYnP+ufHUZvWI9Ccu+9PMcoNqsFomiFg5nraL7NVaaOegVVYVGr4xZm9Yl/fnfnkH/lccsPw== xro@realraum.at
-
-noc_groups:
- - adm
- - sudo
-
-noc_ssh_keys: "{{ user_groups.noc | map('extract', users) | map(attribute='ssh') | flatten | list }}"
+# Default credentials
+## Root password; by default, undefined
+root_password: "{{ vault_root_password }}"
+## SSH keys for root, default to NOC's
+ssh_keys: "{{ noc_ssh_keys }}"
--- /dev/null
+---
+user_groups:
+ noc:
+ - equinox
+ - gebi
+ - nicoo
+ - bernhard
+
+users:
+ equinox:
+ email: equinox@realraum.at
+ gpg: 0xD74907C9E64E6CED8FE3
+ ssh:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDj7AcnQZCRihToOI7/L5YslP4bkZlZwR2dg6hV8EfQ+37z1p0imhoqc2Oz/zIEgOVARBHkn5XmfR9Bu6e3YfKpXpJXC9O3jpRSw34Xac/8qXzWZsqVAXbtzvBlYA/G4j0NQM9XIVBa1ZzBZu87xeE4KUWzO80fnQ+G3GSBp28BM4TUiSOmX9y58chPZfUp2DE80fInoXv11ikLLCBDXfMkzFCZ4Gcexhr0TYcBUgLV7ufL0xqLg4yE+Z21PLtttvVYgZIers2nWetLPoREi5yDGKeCjJVyT00X2rp6h3eFkc/VaHfb5c2MY9/4BOt+cbFCx73sG0C1SnSzWd624K/8CEoJTsX4MazLLrxwi3hIwiYX1mCCfq4+S4PpSFvMUGdMWB52PkBRXulQislCVBA/lzma93xJr1jWVFSikjkvAUt8Zt33vHMRd7RMYDfsDVIEKpUT49cBj0v7zs6IVE858J33sUZoVXaiA2sjsap8RguNtjJMSYx8+nwkQAjxwlTiV2J6pHGQHJDyeVsqGlnMpEk32ZeSs/BQ7XWPG62FT3SN6E4C/fa8dawvs7RgY0cbZkhucECBu9Zto/KakIhzLtFzgDighPmK5SlAPoNEJLJYPo5ry2SBTysc4uV7xYZSQ6OVofeQeFXKL8oPe/ZAvKafn3Zk0mQcCtH0Z8q8iQ== equinox@realraum.at
+
+ gebi:
+ email: michael@mgeb.org
+ gpg: 0x6E302CF4D98B9702
+ ssh:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAvjmZbqEQ9EpTcyTFoxqCJileq4dF//ye0JiPBP0kPvtoW33V3TUNon5btd28DzLnFeiU/3NEjTqkaHFRM+t8EoIj4kc/6lozjIlsZN7xoz6CnNrbbHPsgi3FvelyBcsi0sbunFEV2Qw1q1tTC93UcaPqL3hx01Cxfw0Dycs/6lyljvR4eW5O5nFnvtDAoDQYwq5i4U/VZs0Gz1XAOuAb4JQ0KzLeBhfdzvmhANSWIvybmb1V6UPtdK9pCxdo9FL5NwB8nkGloIa3kC4JAINC/Pvk0czZ80rXfIckBgZKxQVUCDVUKZUZ4GZYPI6azglQmZuslziAmiTmhiUkhSZ/m2m9EN1TnMEYEmcoscvrd97l0v2BzBZPkzqL7cSAoehpQsrIe/ceBNjZP1eotS3/fFY70GabW0o2+QFx1ZXGUqRVIwOZ2ZWRp4SoqMl+UtRZx6EMGO20H17etB1b5gF6xO1e8723FFXiS3oY9oUfS+lMX5BDgGUc5wJQ696jPK/pRYrasf6piKuyFpoF+nh/rOvIGSbwHSOOApxKZoj5R+fwfVyoD2uoxd0g5meKEfqB6RDGz+W4cLgS9Th6uEAXo+LLcinjMAJNr50rJFuXYRF1zpa7p4LG/97doq2hk8LXZuTqjB3WCnTUrLy59sHrmwdkRSs6bj7mLEdRRrI1TxU= secure key of gebi
+
+ nicoo:
+ email: nicolas@braud-santoni.eu
+ gpg: 0x3F41B0739AAD91B7CDC0
+ ssh:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDirhW/XNWCDMBy9TAEZgrahGSMlYdddyc9bNAOBbLJ8TVDe0M7YAZ4kU5EYGZBmd4NGZ4Z2Vb+sc0xlJE1MYprL0hFoOSMmU17pa6uzXwAfWtiYAsm/Z8QssOVvyte629gCPUgw1oJM19N7/i8yZh+5j+iEpffbv66USpatLJqJgeM67VjcHPLHf75dEBwkqsWMvpIk3+8gtwXDR8t8YUuxJgHOLFUEWQ6wiXxBoIJTAvdzAzykIs/yJbsMpKjDNLfF0guaRDC5GnjwHqTkGegxBS3l/MzkOpXtWbbbhYX8yIvFkryBFbyB0oa/rnE2HnYbaq2riyZpcsKRXqIvvFFa80FqGE+8sQnMlHn2IaOlkmkBMBytL+6rP3feFWq+vGZLRMs7ezMs+o0ofe0svMhLjy79AJnRBfaFn350AnmqNGZ8HbS0A1vOpPJsJVMhcqx+0cPHfxIedNGs7BJZypmBiw6vZ0rzxm1YX7CZcpiIe2Ob9o/+ypwWVXlT1zcLMC6u5/2YXDCXea0QtiOnM9h4ahkRaBb8CUTMtDurOf9uPtwE8wzmq34baAOQMfY3Tb9uGvAlCcLbke5RDCLfvBx3C2g2KkaboFL/7V9YQ1DCpj+zpOEdr/Jr1wKoWBzgCfZcfXn954J2z2BjbHZRTpCW6EmaYXj4J2bRIX7FalKkw== nicoo@harbard
+
+ bernhard:
+ email: xro@realraum.at
+ gpg: 0xE3468B9CE81EB4F91486
+ ssh:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDsT6W8Yz9iQ9FXuyrBmLC3o1j26ugzKfJDjvYAOehtjbYj+JjNrLoob1Evg5wWbDI9w+GiaBRKpfMw/66rMty8UXnYvpr28AsMdsxmvCp7k6eW55WcWNC26Nw3cWJo8MBxDaWDfjPdVzhKU7iFTCEVz/mUqUrbyg+Y6R1psqY84zXwelyPNPUVNBSaWMORmWR397v8UaEx2jsO4Nxaw1w4RnJSyq5feXResLigh6yelCNDWu3ISQrmZtjKRCPWlVzIDAT5m0UZzHjfGtixei8QNo3Y1sNUyFmrR0jcy6Uvkcl2ryGsUApCqaIGHz9zNvVJo7lGFH7yDVnaFx2XHnbDrZqhcvtvKK9kJkXwpTwASnSg7CB4VUFxdfzOlwnGUqMrePYqN5CaFKLNNQ5vIharK+iikvgkibrCSH69Tdb26IvBpXojuoIHDpBNcAAy5d66P+EoUXv7xWVmWiDLyJd66GvNzAzwel16KrjlgYZoKaj5rAB04qafSi6gRKJMuxQTBGGBc45JojDDZUEQht0/0N9GEWZDAO2z3eyB0lsODNvJBh9jAvwEOMcNnm59GYnYrk4bKLS1GEvq6a0aQvAxJDj0OxENNsx3SloYnP+ufHUZvWI9Ccu+9PMcoNqsFomiFg5nraL7NVaaOegVVYVGr4xZm9Yl/fnfnkH/lccsPw== xro@realraum.at
+
+noc_groups:
+ - adm
+ - sudo
+
+noc_ssh_keys: "{{ user_groups.noc | map('extract', users) | map(attribute='ssh') | flatten | list }}"
--- /dev/null
+preseed_path: /srv/preseed
+debian_installer_path: /srv/installer
vm_host:
installer:
net_if: br-mgmt
- preseed_path: /srv/preseed
- path: /srv/installer
- distros:
- - distro: debian
- codename: stretch
- arch:
- - amd64
- - i386
- - distro: ubuntu
- codename: xenial
- arch:
- - amd64
- - i386
network:
interface: br-mgmt
ip: "{{ net.mgmt.prefix | ipaddr(65) | ipaddr('address') }}"
--- /dev/null
+---
+network:
+ nameservers: "{{ net.mgmt.dns }}"
+ domain: realraum.at
+ primary:
+ interface: enp1s0
+ ip: "{{ net.mgmt.prefix | ipaddr(250) | ipaddr('address') }}"
+ mask: "{{ net.mgmt.prefix | ipaddr('netmask') }}"
+ gateway: "{{ net.mgmt.gw }}"
+
+install:
+ disks:
+ primary: sda
--- /dev/null
+$ANSIBLE_VAULT;1.1;AES256
+66323066353065353661346261313235333834343034313532343739343531373035366364303138
+6433663331336264613830643035363962346131353830640a376336363433653437306236656230
+39313361376130316464333566383533396663393863646333393536613230333233333335323938
+3662646635383161360a333661663063343862373638373933383362383164623039383763613036
+61346661346261306465393039343732343635326364306363653666343130383836343539336439
+34306462316666623665323239613561663730353933633663636631323063383164643937366334
+393864666635663237346434613264303532
---
-root_password: "{{ vault_root_password }}"
+network:
+ nameservers: "{{ net.mgmt.dns }}"
+ domain: realraum.at
+ primary:
+ interface: enp1s0
+ ip: "{{ net.mgmt.prefix | ipaddr(251) | ipaddr('address') }}"
+ mask: "{{ net.mgmt.prefix | ipaddr('netmask') }}"
+ gateway: "{{ net.mgmt.gw }}"
+
+install:
+ disks:
+ primary: sda
$ANSIBLE_VAULT;1.1;AES256
-66323066353065353661346261313235333834343034313532343739343531373035366364303138
-6433663331336264613830643035363962346131353830640a376336363433653437306236656230
-39313361376130316464333566383533396663393863646333393536613230333233333335323938
-3662646635383161360a333661663063343862373638373933383362383164623039383763613036
-61346661346261306465393039343732343635326364306363653666343130383836343539336439
-34306462316666623665323239613561663730353933633663636631323063383164643937366334
-393864666635663237346434613264303532
+31366163653363386462333866383263366435353838623965653035623138356339633866623932
+3538626561373636313833333434393434616366303633370a346364356161616662666164323063
+30333934663463383034623730366365386536373465383362353132386434396461353039363863
+3861333238386263620a613539393937383264346566613330666165623363313838326638623563
+64643233613539356337613435376130633466313261616235326430326161663263343363343361
+36373736303233333831316266633365306435646634643166663038326364323839386430373438
+373966366161613436646365346339316365
+++ /dev/null
----
-root_password: "{{ vault_root_password }}"
+++ /dev/null
-$ANSIBLE_VAULT;1.1;AES256
-31366163653363386462333866383263366435353838623965653035623138356339633866623932
-3538626561373636313833333434393434616366303633370a346364356161616662666164323063
-30333934663463383034623730366365386536373465383362353132386434396461353039363863
-3861333238386263620a613539393937383264346566613330666165623363313838326638623563
-64643233613539356337613435376130633466313261616235326430326161663263343363343361
-36373736303233333831316266633365306435646634643166663038326364323839386430373438
-373966366161613436646365346339316365
---
localconfig_ssh_config_user: root
-vm_install_host: alfred
+vm_host: alfred
-vm_install:
- host: "{{ vm_install_host }}"
+install:
+ host: "{{ vm_host }}"
mem: 1024
numcpu: 2
disks:
primary: vda
virtio:
vda:
- vg: alfred
+ vg: "{{ vm_host }}"
lv: "{{ inventory_hostname }}"
size: 10g
interfaces:
- - bridge: "{{ hostvars[vm_install_host].vm_host.network.interface }}"
+ - bridge: "{{ hostvars[vm_host].vm_host.network.interface }}"
name: mgmt0
- bridge: "br-svc"
name: svc0
autostart: True
-vm_network:
- nameservers: "{{ hostvars[vm_install_host].vm_host.network.nameservers }}"
+network:
+ nameservers: "{{ hostvars[vm_host].vm_host.network.nameservers }}"
domain: realraum.at
systemd_link:
- interfaces: "{{ vm_install.interfaces }}"
+ interfaces: "{{ install.interfaces }}"
primary:
interface: mgmt0
- ip: "{{ (hostvars[vm_install_host].vm_host.network.ip+'/'+hostvars[vm_install_host].vm_host.network.mask) | ipaddr(hostvars[vm_install_host].vm_host.network.indices[inventory_hostname]) | ipaddr('address') }}"
- mask: "{{ hostvars[vm_install_host].vm_host.network.mask }}"
- gateway: "{{ hostvars[vm_install_host].vm_host.network.gateway | default(hostvars[vm_install_host].vm_host.network.ip) }}"
+ ip: "{{ (hostvars[vm_host].vm_host.network.ip+'/'+hostvars[vm_host].vm_host.network.mask) | ipaddr(hostvars[vm_host].vm_host.network.indices[inventory_hostname]) | ipaddr('address') }}"
+ mask: "{{ hostvars[vm_host].vm_host.network.mask }}"
+ gateway: "{{ hostvars[vm_host].vm_host.network.gateway | default(hostvars[vm_host].vm_host.network.ip) }}"
hacksch
r3home
tickets
+gnocci[0:1]
+
## TODO: remove the variable once https://github.com/ansible/ansible/issues/39119 is fixed
metrics localconfig_ssh_config_user=root
testvm localconfig_ssh_config_user=root
[baremetalservers]
alfred
+gnocci[0:1]
[kvmhosts]
alfred
+gnocci[0:1]
[virtualservers]
#gw
#torwaechter
-#[apu]
-#gnocchi1
-#gnocchi2
+[apu]
+gnocchi[0:1]
set -eu
if [ $# -eq 0 ]; then
- echo "Usage: $0 vmname [vmname ...]" >&2
+ echo "Usage: $0 hostname [hostname ...]" >&2
exit 1
fi
cd "$(dirname "$0")"
-for vmname in "$@"; do
- ansible-playbook -e vmname="${vmname}" remove_known_hosts.yml
+for hostname in "$@"; do
+ ansible-playbook -e hostname="${hostname}" remove_known_hosts.yml
done
hosts: localhost
gather_facts: no
tasks:
- - command: ssh-keygen -f ~/.ssh/known_hosts -R [{{ item }}]:{{ hostvars[vmname].ansible_port }}
+ - command: ssh-keygen -f ~/.ssh/known_hosts -R [{{ item }}]:{{ hostvars[hostname].ansible_port }}
with_items:
- - "{{ hostvars[vmname].ansible_host }}"
- - r3-{{ vmname }}
- - r3g-{{ vmname }}
- - r3e-{{ vmname }}
- - "{{ hostvars[vmname].vm_network_cooked.primary.ip }}"
+ - "{{ hostvars[hostname].ansible_host }}"
+ - r3-{{ hostname }}
+ - r3g-{{ hostname }}
+ - r3e-{{ hostname }}
+ - "{{ hostvars[hostname].network_cooked.primary.ip }}"
- name: Set authorized keys for root user
authorized_key:
user: root
- key: "{{ noc_ssh_keys | join('\n') }}"
+ key: "{{ ssh_keys | join('\n') }}"
exclusive: yes
- name: disable apt suggests and recommends
--- /dev/null
+distros:
+ - distro: debian
+ codename: stretch
+ arch:
+ - amd64
+ - i386
+
+ - distro: ubuntu
+ codename: bionic
+ arch:
+ - amd64
+ - i386
+
+debian_installer_force_download: no
+
+debian_installer_url:
+ debian: "https://debian.ffgraz.net/debian"
+ ubuntu: "https://debian.ffgraz.net/ubuntu"
--- /dev/null
+- name: prepare directories for installer images
+ with_subelements:
+ - "{{ distros }}"
+ - arch
+ file:
+ name: "{{ debian_installer_path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}"
+ state: directory
+
+- name: download installer kernel images
+ with_subelements:
+ - "{{ distros }}"
+ - arch
+ get_url:
+ url: "{{ debian_installer_url[item.0.distro] }}/dists/{{ item.0.codename }}/main/installer-{{ item.1 }}/current/images/netboot/{{ item.0.distro }}-installer/{{ item.1 }}/linux"
+ dest: "{{ debian_installer_path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}/linux"
+ mode: 0644
+ force: "{{ debian_installer_force_download }}"
+
+- name: download installer initrd.gz
+ with_subelements:
+ - "{{ distros }}"
+ - arch
+ get_url:
+ url: "{{ debian_installer_url[item.0.distro] }}/dists/{{ item.0.codename }}/main/installer-{{ item.1 }}/current/images/netboot/{{ item.0.distro }}-installer/{{ item.1 }}/initrd.gz"
+ dest: "{{ debian_installer_path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}/initrd.gz"
+ mode: 0644
+ force: "{{ debian_installer_force_download }}"
--- /dev/null
+- name: Copy initramfs into position
+ copy:
+ remote_src: yes
+ src: "{{ debian_installer_path | mandatory }}/{{ install_distro }}-{{ install_codename }}/{{ hostvars[hostname].install_cooked.arch | default('amd64') }}/initrd.gz"
+ dest: "{{ preseed_tmpdir }}/initrd.preseed.gz"
+
+- name: Generate preseed file
+ template:
+ src: "preseed_{{ install_distro }}-{{ install_codename }}.cfg.j2"
+ dest: "{{ preseed_tmpdir }}/preseed.cfg"
+
+- name: Generate authorized_keys file
+ authorized_key:
+ user: root
+ manage_dir: no
+ path: "{{ preseed_tmpdir }}/authorized_keys"
+ key: "{{ ssh_keys | join('\n') }}"
+
+- name: Inject files into initramfs
+ shell: cpio -H newc -o | gzip -9 >> 'initrd.preseed.gz'
+ args:
+ chdir: "{{ preseed_tmpdir }}"
+ stdin: |
+ preseed.cfg
+ authorized_keys
--- /dev/null
+#########################################################################
+# realraum preseed file for Debian stretch based VMs
+#########################################################################
+
+d-i debian-installer/language string en
+d-i debian-installer/country string AT
+d-i debian-installer/locale string en_US.UTF-8
+d-i keyboard-configuration/xkb-keymap select us
+
+d-i netcfg/disable_dhcp boolean true
+d-i netcfg/choose_interface select {{ install_interface | default(hostvars[hostname].network_cooked.primary.interface) }}
+d-i netcfg/disable_autoconfig boolean false
+d-i netcfg/get_ipaddress string {{ hostvars[hostname].network_cooked.primary.ip }}
+d-i netcfg/get_netmask string {{ hostvars[hostname].network_cooked.primary.mask }}
+d-i netcfg/get_gateway string {{ hostvars[hostname].network_cooked.primary.gateway }}
+d-i netcfg/get_nameservers string {{ hostvars[hostname].network_cooked.nameservers | join(' ') }}
+d-i netcfg/confirm_static boolean true
+
+d-i netcfg/get_hostname string {{ hostname }}
+d-i netcfg/get_domain string {{ hostvars[hostname].network_cooked.domain }}
+d-i netcfg/wireless_wep string
+
+
+d-i mirror/country string manual
+d-i mirror/http/hostname string debian.ffgraz.net
+d-i mirror/http/directory string /debian
+d-i mirror/http/proxy string
+
+
+d-i passwd/make-user boolean false
+d-i passwd/root-password password this-very-very-secure-password-will-be-removed-by-latecommand
+d-i passwd/root-password-again password this-very-very-secure-password-will-be-removed-by-latecommand
+
+
+d-i clock-setup/utc boolean true
+d-i time/zone string Europe/Vienna
+d-i clock-setup/ntp boolean false
+
+
+d-i partman-auto/disk string /dev/{{ hostvars[hostname].install_cooked.disks.primary }}
+d-i partman-auto/method string lvm
+d-i partman-lvm/device_remove_lvm boolean true
+d-i partman-md/device_remove_md boolean true
+
+d-i partman-lvm/confirm boolean true
+d-i partman-lvm/confirm_nooverwrite boolean true
+
+d-i partman-auto/expert_recipe string \
+ boot-root :: \
+ 1000 10000 -1 ext4 \
+ $defaultignore{ } $primary{ } $bootable{ } \
+ method{ lvm } vg_name{ {{ hostname }} } \
+ . \
+ 2048 10000 2560 ext4 \
+ $lvmok{ } in_vg{ {{ hostname }} } \
+ method{ format } format{ } \
+ use_filesystem{ } filesystem{ ext4 } \
+ mountpoint{ / } \
+ . \
+ 1024 11000 1280 ext4 \
+ $lvmok{ } in_vg{ {{ hostname }} } \
+ method{ format } format{ } \
+ use_filesystem{ } filesystem{ ext4 } \
+ mountpoint{ /var } \
+ . \
+ 768 10000 768 ext4 \
+ $lvmok{ } in_vg{ {{ hostname }} } \
+ method{ format } format{ } \
+ use_filesystem{ } filesystem{ ext4 } \
+ mountpoint{ /var/log } \
+ options/nodev{ nodev } options/noatime{ noatime } \
+ options/noexec{ noexec } \
+ . \
+ 16 20000 -1 ext4 \
+ $lvmok{ } in_vg{ {{ hostname }} } \
+ method( keep } lv_name{ dummy } \
+ .
+
+d-i partman-auto-lvm/no_boot boolean true
+d-i partman-basicfilesystems/no_swap true
+d-i partman-partitioning/confirm_write_new_label boolean true
+d-i partman/choose_partition select finish
+d-i partman/confirm boolean true
+d-i partman/confirm_nooverwrite boolean true
+
+
+d-i base-installer/install-recommends boolean false
+d-i apt-setup/security_host string debian.ffgraz.net
+
+tasksel tasksel/first multiselect
+d-i pkgsel/include string openssh-server python
+d-i pkgsel/upgrade select safe-upgrade
+popularity-contest popularity-contest/participate boolean false
+
+d-i grub-installer/choose_bootdev string /dev/{{ hostvars[hostname].install_cooked.disks.primary }}
+d-i grub-installer/only_debian boolean true
+d-i grub-installer/with_other_os boolean false
+
+d-i finish-install/reboot_in_progress note
+
+
+d-i preseed/late_command string \
+ lvremove -f {{ hostname }}/dummy; \
+ in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \
+ in-target bash -c "passwd -d root && passwd -l root"; \
+ mkdir -p -m 0700 /target/root/.ssh; \
+ cp /authorized_keys /target/root/.ssh/; \
+{% if hostvars[hostname].ansible_port is defined %}
+ in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ hostvars[hostname].ansible_port }}/' -i /etc/ssh/sshd_config"
+{% endif %}
--- /dev/null
+#########################################################################
+# realraum preseed file for Ubuntu xenial based VMs
+#########################################################################
+
+d-i debian-installer/language string en
+d-i debian-installer/country string AT
+d-i debian-installer/locale string en_US.UTF-8
+d-i localechooser/preferred-locale string en_US.UTF-8
+d-i localechooser/supported-locales multiselect de_DE.UTF-8, de_AT.UTF-8
+d-i console-setup/ask_detect boolean false
+d-i keyboard-configuration/xkb-keymap select us
+d-i keyboard-configuration/layoutcode string us
+
+
+#d-i netcfg/choose_interface select enp1s1
+#d-i netcfg/disable_autoconfig boolean false
+#d-i netcfg/get_ipaddress string {{ hostvars[hostname].network_cooked.primary.ip }}
+#d-i netcfg/get_netmask string {{ hostvars[hostname].network_cooked.primary.mask }}
+#d-i netcfg/get_gateway string {{ hostvars[hostname].network_cooked.primary.gateway }}
+#d-i netcfg/get_nameservers string {{ hostvars[hostname].network_cooked.nameservers | join(' ') }}
+#d-i netcfg/confirm_static boolean true
+
+d-i netcfg/get_hostname string {{ hostname }}
+d-i netcfg/get_domain string {{ hostvars[hostname].network_cooked.domain }}
+d-i netcfg/wireless_wep string
+
+
+d-i mirror/country string manual
+d-i mirror/http/hostname string debian.ffgraz.net
+d-i mirror/http/directory string /ubuntu
+d-i mirror/http/proxy string
+
+
+d-i passwd/make-user boolean false
+d-i passwd/root-login boolean true
+d-i passwd/root-password password this-very-very-secure-password-will-be-removed-by-latecommand
+d-i passwd/root-password-again password this-very-very-secure-password-will-be-removed-by-latecommand
+
+
+d-i clock-setup/utc boolean true
+d-i time/zone string Europe/Vienna
+d-i clock-setup/ntp boolean false
+
+
+d-i partman-auto/disk string /dev/{{ hostvars[hostname].install_cooked.disks.primary }}
+d-i partman-auto/method string lvm
+d-i partman-auto/purge_lvm_from_device boolean true
+d-i partman-auto-lvm/new_vg_name string {{ hostname }}
+d-i partman-auto-lvm/guided_size string max
+
+d-i partman-lvm/device_remove_lvm boolean true
+d-i partman-lvm/confirm boolean true
+d-i partman-lvm/confirm_nooverwrite boolean true
+
+d-i partman-auto/expert_recipe string \
+ boot-root :: \
+ 1000 10000 -1 ext4 \
+ $defaultignore{ } $primary{ } $bootable{ } \
+ method{ lvm } vg_name{ {{ hostname }} } \
+ . \
+ 2048 10000 2560 ext4 \
+ $lvmok{ } in_vg{ {{ hostname }} } \
+ method{ format } format{ } \
+ use_filesystem{ } filesystem{ ext4 } \
+ mountpoint{ / } \
+ . \
+ 1024 11000 1280 ext4 \
+ $lvmok{ } in_vg{ {{ hostname }} } \
+ method{ format } format{ } \
+ use_filesystem{ } filesystem{ ext4 } \
+ mountpoint{ /var } \
+ . \
+ 768 10000 768 ext4 \
+ $lvmok{ } in_vg{ {{ hostname }} } \
+ method{ format } format{ } \
+ use_filesystem{ } filesystem{ ext4 } \
+ mountpoint{ /var/log } \
+ options/nodev{ nodev } options/noatime{ noatime } \
+ options/noexec{ noexec } \
+ . \
+ 16 20000 -1 ext4 \
+ $lvmok{ } in_vg{ {{ hostname }} } \
+ method( keep } lv_name{ dummy } \
+ .
+
+d-i partman-auto-lvm/no_boot boolean true
+d-i partman-basicfilesystems/no_swap true
+d-i partman-partitioning/confirm_write_new_label boolean true
+d-i partman/choose_partition select finish
+d-i partman/confirm boolean true
+d-i partman/confirm_nooverwrite boolean true
+
+
+d-i base-installer/install-recommends boolean false
+d-i apt-setup/security_host string debian.ffgraz.net
+
+tasksel tasksel/first multiselect
+d-i pkgsel/include string openssh-server python
+d-i pkgsel/upgrade select safe-upgrade
+popularity-contest popularity-contest/participate boolean false
+d-i pkgsel/update-policy select none
+
+d-i grub-installer/choose_bootdev string /dev/{{ hostvars[hostname].install_cooked.disks.primary }}
+d-i grub-installer/only_debian boolean true
+d-i grub-installer/with_other_os boolean false
+
+d-i finish-install/reboot_in_progress note
+
+
+d-i preseed/late_command string \
+ lvremove -f {{ hostname }}/dummy; \
+ in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \
+ in-target bash -c "passwd -d root; passwd -l root; umask 077; mkdir -p /root/.ssh/; echo -e '{{ noc_ssh_keys | join('\\n') }}' > /root/.ssh/authorized_keys"; \
+ in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port 22000/' -i /etc/ssh/sshd_config"
--- /dev/null
+dependencies:
+ - role: debian-installer
+ distros:
+ - distro: "{{ install_distro }}"
+ codename: "{{ install_codename }}"
+ arch: [ "{{ install.arch | default('amd64') }}" ]
--- /dev/null
+---
+- block:
+ - name: Create temporary workdir
+ command: mktemp -d
+ register: tmpdir
+
+ - import_role:
+ name: preseed
+ vars:
+ preseed_tmpdir: "{{ tmpdir.stdout }}"
+
+ - name: Copy the preseed initramfs to the artifacts directory
+ copy:
+ src: "{{ tmpdir.stdout }}/initrd.preseed.gz"
+ dest: "{{ artifacts_dir }}/"
+
+
+ always:
+ - name: Cleanup temporary workdir
+ file:
+ path: "{{ tmpdir.stdout }}"
+ state: absent
content: |
[Service]
ExecStart=
- ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 --noclear --autologin root --login-pause --host {{ vm_install_host }} %I $TERM
+ ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 --noclear --autologin root --login-pause --host {{ vm_host }} %I $TERM
+++ /dev/null
----
-vm_host_force_download_installer: False
-vm_host_installer_url:
- debian: "http://debian.mur.at/debian"
- ubuntu: "http://ubuntu.uni-klu.ac.at/ubuntu"
--- /dev/null
+---
+dependencies:
+ - role: debian-installer
apt:
name:
- qemu-kvm
- - libvirt-bin
+ - # configuration package, pulls in libvirt-clients and libvirt-daemon
+ libvirt-daemon-system
- python-libvirt
- haveged
state: present
- name: make sure installer directories exists
with_items:
- - "{{ vm_host.installer.path }}"
- - "{{ vm_host.installer.preseed_path }}"
+ - "{{ debian_installer_path }}"
+ - "{{ preseed_path }}"
file:
name: "{{ item }}"
state: directory
-
-- name: prepare directories for installer images
- with_subelements:
- - "{{ vm_host.installer.distros }}"
- - arch
- file:
- name: "{{ vm_host.installer.path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}"
- state: directory
-
-- name: download installer kernel images
- with_subelements:
- - "{{ vm_host.installer.distros }}"
- - arch
- get_url:
- url: "{{ vm_host_installer_url[item.0.distro] }}/dists/{{ item.0.codename }}/main/installer-{{ item.1 }}/current/images/netboot/{{ item.0.distro }}-installer/{{ item.1 }}/linux"
- dest: "{{ vm_host.installer.path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}/linux"
- mode: 0644
- force: "{{ vm_host_force_download_installer }}"
-
-- name: download installer initrd.gz
- with_subelements:
- - "{{ vm_host.installer.distros }}"
- - arch
- get_url:
- url: "{{ vm_host_installer_url[item.0.distro] }}/dists/{{ item.0.codename }}/main/installer-{{ item.1 }}/current/images/netboot/{{ item.0.distro }}-installer/{{ item.1 }}/initrd.gz"
- dest: "{{ vm_host.installer.path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}/initrd.gz"
- mode: 0644
- force: "{{ vm_host_force_download_installer }}"
--- /dev/null
+---
+dependencies:
+ - role: debian-installer
+ distros:
+ - distro: "{{ install_distro }}"
+ codename: "{{ install_codename }}"
+ arch: [ "{{ hostvars[hostname].install_cooked.arch | default('amd64') }}" ]
---
-- block:
- - name: Make a temporary directory
- command: mktemp -d
- register: tmpdir
-
- - set_fact:
- tmpdir: "{{ tmpdir.stdout }}"
- initramfs: "{{ vm_host.installer.preseed_path }}/vm-{{ vmname }}-{{ vmdistro }}-{{ vmdistcodename }}.initrd.gz"
-
- - name: Copy initramfs into position
- copy:
- remote_src: yes
- src: "{{ vm_host.installer.path }}/{{ vmdistro }}-{{ vmdistcodename }}/{{ hostvars[vmname].vm_install_cooked.arch | default('amd64') }}/initrd.gz"
- dest: "{{ initramfs }}"
-
- - name: generate preseed file
- template:
- src: "preseed_{{ vmdistro }}-{{ vmdistcodename }}.cfg.j2"
- dest: "{{ tmpdir }}/preseed.cfg"
-
- - name: generate authorized_keys file
- authorized_key:
- user: root
- path: "{{ tmpdir }}/authorized_keys"
- key: "{{ hostvars[vmname].ssh_keys | default(noc_ssh_keys) | join('\n') }}"
-
- - name: Inject files into initramfs
- shell: cpio -H newc -o | gzip -9 >> {{ initramfs }}
- args:
- chdir: "{{ tmpdir }}"
- stdin: |
- preseed.cfg
- authorized_keys
-
- always:
- - name: Delete temporary directory
- file:
- path: "{{ tmpdir }}"
- state: absent
-
- name: create disks for vm
- with_dict: "{{ hostvars[vmname].vm_install_cooked.disks.virtio | default({}) | combine(hostvars[vmname].vm_install_cooked.disks.scsi | default({})) }}"
+ with_dict: "{{ hostvars[hostname].install_cooked.disks.virtio | default({}) | combine(hostvars[hostname].install_cooked.disks.scsi | default({})) }}"
lvol:
vg: "{{ item.value.vg }}"
lv: "{{ item.value.lv }}"
- name: check if vm already exists
virt:
- name: "{{ vmname }}"
+ name: "{{ hostname }}"
command: info
register: vmhost_info
- block:
- name: destroy exisiting vm
virt:
- name: "{{ vmname }}"
+ name: "{{ hostname }}"
state: destroyed
- name: wait for vm to be destroyed
wait_for_virt:
- name: "{{ vmname }}"
+ name: "{{ hostname }}"
states: shutdown,crashed
timeout: 5
- name: undefining exisiting vm
virt:
- name: "{{ vmname }}"
+ name: "{{ hostname }}"
command: undefine
- when: vmname in vmhost_info
-
-- name: enable installer in VM config
- set_fact:
- run_installer: True
+ when: hostname in vmhost_info
-- name: define new installer vm
- virt:
- name: "{{ vmname }}"
- command: define
- xml: "{{ lookup('template', 'libvirt-domain.xml.j2') }}"
+- block:
+ - name: create a temporary workdir
+ command: mktemp -d
+ register: tmpdir
-- name: start vm
- virt:
- name: "{{ vmname }}"
- state: running
+ - import_role:
+ name: preseed
+ vars:
+ ssh_keys: "{{ hostvars[hostname].ssh_keys }}"
+ install_interface: enp1s1
+ preseed_tmpdir: "{{ tmpdir.stdout }}"
+
+ - name: Make preseed workdir readable by qemu
+ acl:
+ path: "{{ tmpdir.stdout }}"
+ state: present
+ entity: libvirt-qemu
+ etype: user
+ permissions: rx
+
+ - name: define new installer vm
+ virt:
+ name: "{{ hostname }}"
+ command: define
+ xml: "{{ lookup('template', 'libvirt-domain.xml.j2') }}"
+ vars:
+ run_installer: yes
+ preseed_tmpdir: "{{ tmpdir.stdout }}"
+
+ - name: start vm
+ virt:
+ name: "{{ hostname }}"
+ state: running
-- name: wait for installer to start
- wait_for_virt:
- name: "{{ vmname }}"
- states: running
- timeout: 10
+ - name: wait for installer to start
+ wait_for_virt:
+ name: "{{ hostname }}"
+ states: running
+ timeout: 10
-- debug:
- msg: "you can check on the status of the installer running this command 'virsh console {{ vmname }}' on host {{ inventory_hostname }}."
+ - debug:
+ msg: "you can check on the status of the installer running this command 'virsh console {{ hostname }}' on host {{ inventory_hostname }}."
-- name: wait for installer to finish or crash
- wait_for_virt:
- name: "{{ vmname }}"
- states: shutdown,crashed
- timeout: 1800
- register: installer_result
- failed_when: installer_result.failed or installer_result.state == "crashed"
+ - name: wait for installer to finish or crash
+ wait_for_virt:
+ name: "{{ hostname }}"
+ states: shutdown,crashed
+ timeout: 900
+ register: installer_result
+ failed_when: installer_result.failed or installer_result.state == "crashed"
-- name: undefining installer vm
- virt:
- name: "{{ vmname }}"
- command: undefine
+ - name: undefining installer vm
+ virt:
+ name: "{{ hostname }}"
+ command: undefine
-- name: disable installer in VM config
- set_fact:
- run_installer: False
+ always:
+ - name: cleanup temporary workdir
+ file:
+ path: "{{ tmpdir.stdout }}"
+ state: absent
- name: define new production vm
virt:
- name: "{{ vmname }}"
+ name: "{{ hostname }}"
command: define
xml: "{{ lookup('template', 'libvirt-domain.xml.j2') }}"
+ vars:
+ run_installer: no
- name: start vm
virt:
- name: "{{ vmname }}"
+ name: "{{ hostname }}"
state: running
- name: mark vm as autostarted
virt:
- name: "{{ vmname }}"
- autostart: "{{ hostvars[vmname].vm_install_cooked.autostart }}"
+ name: "{{ hostname }}"
+ autostart: "{{ hostvars[hostname].install_cooked.autostart }}"
command: info ## virt module needs either command or state
- when: hostvars[vmname].vm_install_cooked.autostart is defined
+ when: hostvars[hostname].install_cooked.autostart is defined
<domain type='kvm'>
- <name>{{ vmname }}</name>
- <memory>{{ hostvars[vmname].vm_install_cooked.mem * 1024 }}</memory>
- <currentMemory>{{ hostvars[vmname].vm_install_cooked.mem * 1024 }}</currentMemory>
- <vcpu>{{ hostvars[vmname].vm_install_cooked.numcpu }}</vcpu>
+ <name>{{ hostname }}</name>
+ <memory>{{ hostvars[hostname].install_cooked.mem * 1024 }}</memory>
+ <currentMemory>{{ hostvars[hostname].install_cooked.mem * 1024 }}</currentMemory>
+ <vcpu>{{ hostvars[hostname].install_cooked.numcpu }}</vcpu>
<os>
<type arch='x86_64' machine='pc-0.12'>hvm</type>
{% if run_installer %}
- <kernel>{{ vm_host.installer.path }}/{{ vmdistro }}-{{ vmdistcodename }}/{{ hostvars[vmname].vm_install_cooked.arch | default('amd64') }}/linux</kernel>
- <initrd>{{ vm_host.installer.preseed_path }}/vm-{{ vmname }}-{{ vmdistro }}-{{ vmdistcodename }}.initrd.gz</initrd>
+ <kernel>{{ debian_installer_path }}/{{ install_distro }}-{{ install_codename }}/{{ hostvars[hostname].install_cooked.arch | default('amd64') }}/linux</kernel>
+ <initrd>{{ preseed_tmpdir }}/initrd.preseed.gz</initrd>
<cmdline>console=ttyS0,115200n8</cmdline>
{% endif %}
<boot dev='hd'/>
<backend model='random'>/dev/urandom</backend>
</rng>
-{% if 'virtio' in hostvars[vmname].vm_install_cooked.disks %}
-{% for device, lv in hostvars[vmname].vm_install_cooked.disks.virtio.items() %}
+{% if 'virtio' in hostvars[hostname].install_cooked.disks %}
+{% for device, lv in hostvars[hostname].install_cooked.disks.virtio.items() %}
<disk type='block' device='disk'>
<driver name='qemu' type='raw' cache='none' discard='unmap'/>
<source dev='/dev/mapper/{{ lv.vg | replace('-', '--') }}-{{ lv.lv | replace('-', '--') }}'/>
{% endfor %}
{% endif %}
-{% if 'scsi' in hostvars[vmname].vm_install_cooked.disks %}
+{% if 'scsi' in hostvars[hostname].install_cooked.disks %}
<controller type='scsi' index='0' model='virtio-scsi'/>
-{% for device, lv in hostvars[vmname].vm_install_cooked.disks.scsi.items() %}
+{% for device, lv in hostvars[hostname].install_cooked.disks.scsi.items() %}
<disk type='block' device='disk'>
<driver name='qemu' type='raw' cache='none' discard='unmap'/>
<source dev='/dev/mapper/{{ lv.vg | replace('-', '--') }}-{{ lv.lv | replace('-', '--') }}'/>
{% endfor %}
{% endif %}
-{% if hostvars[vmname].vm_install_cooked.interfaces %}
-{% for if in hostvars[vmname].vm_install_cooked.interfaces %}
+{% if hostvars[hostname].install_cooked.interfaces %}
+{% for if in hostvars[hostname].install_cooked.interfaces %}
<interface type='bridge'>
<source bridge='{{ if.bridge }}'/>
<model type='virtio'/>
+++ /dev/null
-#########################################################################
-# realraum preseed file for Debian stretch based VMs
-#########################################################################
-
-d-i debian-installer/language string en
-d-i debian-installer/country string AT
-d-i debian-installer/locale string en_US.UTF-8
-d-i keyboard-configuration/xkb-keymap select us
-
-d-i netcfg/disable_dhcp boolean true
-d-i netcfg/choose_interface select enp1s1
-d-i netcfg/disable_autoconfig boolean false
-d-i netcfg/get_ipaddress string {{ hostvars[vmname].vm_network_cooked.primary.ip }}
-d-i netcfg/get_netmask string {{ hostvars[vmname].vm_network_cooked.primary.mask }}
-d-i netcfg/get_gateway string {{ hostvars[vmname].vm_network_cooked.primary.gateway }}
-d-i netcfg/get_nameservers string {{ hostvars[vmname].vm_network_cooked.nameservers | join(' ') }}
-d-i netcfg/confirm_static boolean true
-
-d-i netcfg/get_hostname string {{ vmname }}
-d-i netcfg/get_domain string {{ hostvars[vmname].vm_network_cooked.domain }}
-d-i netcfg/wireless_wep string
-
-
-d-i mirror/country string manual
-d-i mirror/http/hostname string debian.ffgraz.net
-d-i mirror/http/directory string /debian
-d-i mirror/http/proxy string
-
-
-d-i passwd/make-user boolean false
-d-i passwd/root-password password this-very-very-secure-password-will-be-removed-by-latecommand
-d-i passwd/root-password-again password this-very-very-secure-password-will-be-removed-by-latecommand
-
-
-d-i clock-setup/utc boolean true
-d-i time/zone string Europe/Vienna
-d-i clock-setup/ntp boolean false
-
-
-d-i partman-auto/disk string /dev/{{ hostvars[vmname].vm_install_cooked.disks.primary }}
-d-i partman-auto/method string lvm
-d-i partman-lvm/device_remove_lvm boolean true
-d-i partman-md/device_remove_md boolean true
-
-d-i partman-lvm/confirm boolean true
-d-i partman-lvm/confirm_nooverwrite boolean true
-
-d-i partman-auto/expert_recipe string \
- boot-root :: \
- 1000 10000 -1 ext4 \
- $defaultignore{ } $primary{ } $bootable{ } \
- method{ lvm } vg_name{ {{ vmname }} } \
- . \
- 2048 10000 2560 ext4 \
- $lvmok{ } in_vg{ {{ vmname }} } \
- method{ format } format{ } \
- use_filesystem{ } filesystem{ ext4 } \
- mountpoint{ / } \
- . \
- 1024 11000 1280 ext4 \
- $lvmok{ } in_vg{ {{ vmname }} } \
- method{ format } format{ } \
- use_filesystem{ } filesystem{ ext4 } \
- mountpoint{ /var } \
- . \
- 768 10000 768 ext4 \
- $lvmok{ } in_vg{ {{ vmname }} } \
- method{ format } format{ } \
- use_filesystem{ } filesystem{ ext4 } \
- mountpoint{ /var/log } \
- options/nodev{ nodev } options/noatime{ noatime } \
- options/noexec{ noexec } \
- . \
- 16 20000 -1 ext4 \
- $lvmok{ } in_vg{ {{ vmname }} } \
- method( keep } lv_name{ dummy } \
- .
-
-d-i partman-auto-lvm/no_boot boolean true
-d-i partman-basicfilesystems/no_swap true
-d-i partman-partitioning/confirm_write_new_label boolean true
-d-i partman/choose_partition select finish
-d-i partman/confirm boolean true
-d-i partman/confirm_nooverwrite boolean true
-
-
-d-i base-installer/install-recommends boolean false
-d-i apt-setup/security_host string debian.ffgraz.net
-
-tasksel tasksel/first multiselect
-d-i pkgsel/include string openssh-server python
-d-i pkgsel/upgrade select safe-upgrade
-popularity-contest popularity-contest/participate boolean false
-
-d-i grub-installer/choose_bootdev string /dev/{{ hostvars[vmname].vm_install_cooked.disks.primary }}
-d-i grub-installer/only_debian boolean true
-d-i grub-installer/with_other_os boolean false
-
-d-i finish-install/reboot_in_progress note
-
-
-d-i preseed/late_command string \
- lvremove -f {{ vmname }}/dummy; \
- in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \
- in-target bash -c "passwd -d root && passwd -l root"; \
- mkdir -p -m 0700 /target/root/.ssh; \
- cp /authorized_keys /target/root/.ssh/; \
-{% if hostvars[vmname].ansible_port is defined %}
- in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ hostvars[vmname].ansible_port }}/' -i /etc/ssh/sshd_config"
-{% endif %}
+++ /dev/null
-#########################################################################
-# realraum preseed file for Ubuntu xenial based VMs
-#########################################################################
-
-d-i debian-installer/language string en
-d-i debian-installer/country string AT
-d-i debian-installer/locale string en_US.UTF-8
-d-i localechooser/preferred-locale string en_US.UTF-8
-d-i localechooser/supported-locales multiselect de_DE.UTF-8, de_AT.UTF-8
-d-i console-setup/ask_detect boolean false
-d-i keyboard-configuration/xkb-keymap select us
-d-i keyboard-configuration/layoutcode string us
-
-
-#d-i netcfg/choose_interface select enp1s1
-#d-i netcfg/disable_autoconfig boolean false
-#d-i netcfg/get_ipaddress string {{ hostvars[vmname].vm_network_cooked.primary.ip }}
-#d-i netcfg/get_netmask string {{ hostvars[vmname].vm_network_cooked.primary.mask }}
-#d-i netcfg/get_gateway string {{ hostvars[vmname].vm_network_cooked.primary.gateway }}
-#d-i netcfg/get_nameservers string {{ hostvars[vmname].vm_network_cooked.nameservers | join(' ') }}
-#d-i netcfg/confirm_static boolean true
-
-d-i netcfg/get_hostname string {{ vmname }}
-d-i netcfg/get_domain string {{ hostvars[vmname].vm_network_cooked.domain }}
-d-i netcfg/wireless_wep string
-
-
-d-i mirror/country string manual
-d-i mirror/http/hostname string debian.ffgraz.net
-d-i mirror/http/directory string /ubuntu
-d-i mirror/http/proxy string
-
-
-d-i passwd/make-user boolean false
-d-i passwd/root-login boolean true
-d-i passwd/root-password password this-very-very-secure-password-will-be-removed-by-latecommand
-d-i passwd/root-password-again password this-very-very-secure-password-will-be-removed-by-latecommand
-
-
-d-i clock-setup/utc boolean true
-d-i time/zone string Europe/Vienna
-d-i clock-setup/ntp boolean false
-
-
-d-i partman-auto/disk string /dev/{{ hostvars[vmname].vm_install_cooked.disks.primary }}
-d-i partman-auto/method string lvm
-d-i partman-auto/purge_lvm_from_device boolean true
-d-i partman-auto-lvm/new_vg_name string {{ vmname }}
-d-i partman-auto-lvm/guided_size string max
-
-d-i partman-lvm/device_remove_lvm boolean true
-d-i partman-lvm/confirm boolean true
-d-i partman-lvm/confirm_nooverwrite boolean true
-
-d-i partman-auto/expert_recipe string \
- boot-root :: \
- 1000 10000 -1 ext4 \
- $defaultignore{ } $primary{ } $bootable{ } \
- method{ lvm } vg_name{ {{ vmname }} } \
- . \
- 2048 10000 2560 ext4 \
- $lvmok{ } in_vg{ {{ vmname }} } \
- method{ format } format{ } \
- use_filesystem{ } filesystem{ ext4 } \
- mountpoint{ / } \
- . \
- 1024 11000 1280 ext4 \
- $lvmok{ } in_vg{ {{ vmname }} } \
- method{ format } format{ } \
- use_filesystem{ } filesystem{ ext4 } \
- mountpoint{ /var } \
- . \
- 768 10000 768 ext4 \
- $lvmok{ } in_vg{ {{ vmname }} } \
- method{ format } format{ } \
- use_filesystem{ } filesystem{ ext4 } \
- mountpoint{ /var/log } \
- options/nodev{ nodev } options/noatime{ noatime } \
- options/noexec{ noexec } \
- . \
- 16 20000 -1 ext4 \
- $lvmok{ } in_vg{ {{ vmname }} } \
- method( keep } lv_name{ dummy } \
- .
-
-d-i partman-auto-lvm/no_boot boolean true
-d-i partman-basicfilesystems/no_swap true
-d-i partman-partitioning/confirm_write_new_label boolean true
-d-i partman/choose_partition select finish
-d-i partman/confirm boolean true
-d-i partman/confirm_nooverwrite boolean true
-
-
-d-i base-installer/install-recommends boolean false
-d-i apt-setup/security_host string debian.ffgraz.net
-
-tasksel tasksel/first multiselect
-d-i pkgsel/include string openssh-server python
-d-i pkgsel/upgrade select safe-upgrade
-popularity-contest popularity-contest/participate boolean false
-d-i pkgsel/update-policy select none
-
-d-i grub-installer/choose_bootdev string /dev/{{ hostvars[vmname].vm_install_cooked.disks.primary }}
-d-i grub-installer/only_debian boolean true
-d-i grub-installer/with_other_os boolean false
-
-d-i finish-install/reboot_in_progress note
-
-
-d-i preseed/late_command string \
- lvremove -f {{ vmname }}/dummy; \
- in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \
- in-target bash -c "passwd -d root; passwd -l root; umask 077; mkdir -p /root/.ssh/; echo -e '{{ noc_ssh_keys | join('\\n') }}' > /root/.ssh/authorized_keys"; \
- in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port 22000/' -i /etc/ssh/sshd_config"
state: absent
- name: install systemd network link units
- with_items: "{{ vm_network.systemd_link.interfaces }}"
+ with_items: "{{ network.systemd_link.interfaces }}"
loop_control:
index_var: interface_index
template:
dest: "/etc/systemd/network/{{ '%02d' | format(interface_index + 11) }}-{{ item.name }}.link"
notify: rebuild initramfs
- when: vm_network.systemd_link is defined
+ when: network.systemd_link is defined
- name: install basic interface config
template:
iface lo inet loopback
# The primary network interface
-auto {{ vm_network.primary.interface }}
-iface {{ vm_network.primary.interface }} inet static
- address {{ vm_network.primary.ip }}
- netmask {{ vm_network.primary.mask }}
- gateway {{ vm_network.primary.gateway }}
+auto {{ network.primary.interface }}
+iface {{ network.primary.interface }} inet static
+ address {{ network.primary.ip }}
+ netmask {{ network.primary.mask }}
+ gateway {{ network.primary.gateway }}
pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra
pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf
-{% for nsrv in vm_network.nameservers %}
+{% for nsrv in network.nameservers %}
nameserver {{ nsrv }}
{% endfor %}
-search {{ vm_network.domain }}
+search {{ network.domain }}
--- /dev/null
+vm-install.sh
\ No newline at end of file
--- /dev/null
+---
+- name: Fetch debian installer and bake initrd
+ hosts: "{{ hostname }}"
+ connection: local
+
+ vars_prompt:
+ - name: usbdrive_path
+ prompt: Where is the USB installation medium mounted to?
+ default: ""
+ private: no
+
+ pre_tasks:
+ - set_fact:
+ install_cooked: "{{ install }}"
+ network_cooked: "{{ network }}"
+ artifacts_dir: "{{ global_artifacts_dir }}/{{ hostname }}"
+ debian_installer_path: "{{ global_cache_dir }}/debian-installer"
+
+ - file:
+ state: directory
+ name: "{{ artifacts_dir }}"
+
+ roles:
+ - usb-install
+
+ tasks:
+ - stat:
+ path: "{{ usbdrive_path }}"
+ register: pathcheck
+
+ - when: pathcheck.stat.exists
+ block:
+ - name: Copy generated files to the USB drive
+ copy:
+ src: "{{ item }}"
+ dest: "{{ usbdrive_path }}/"
+ with_items:
+ - "{{ artifacts_dir }}/initrd.preseed.gz"
+ - "{{ global_cache_dir }}/debian-installer/{{ install_distro }}-{{ install_codename }}/{{ install.arch | default('amd64') }}/linux"
+ loop_control:
+ label: "{{ item | basename }}"
+
+ - name: Generate syslinux configuration
+ copy:
+ dest: "{{ usbdrive_path }}/syslinux.cfg"
+ content: |
+ DEFAULT linux
+ SAY SYSLINUX booting an automated installer for {{ hostname }}...
+ LABEL linux
+ KERNEL linux
+ INITRD initrd.preseed.gz
+ APPEND install vga=off console=ttyS0,115200n8
+
+ - name: Make the USB disk bootable
+ pause:
+ seconds: 0
+ prompt: |
+ You should make sure the USB disk is bootable and
+ has syslinux installed.
+
+ $ sudo apt install mbr syslinux
+ $ sudo install-mbr /dev/CHANGEME
+ $ sudo syslinux -i /dev/CHANGEME1
+ $ sudo fdisk /dev/CHANGEME
+ [Here, make sure partition 1 is marked bootable.]
+
+ This will NOT be done automatically.
#!/bin/bash
if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ]; then
- echo "$0 <vm> <distro> <codename>"
+ echo "$0 <hostname> <distro> <codename>"
exit 1
fi
codename=$1
shift
-echo "installing vm: $name with $distro/$codename"
+echo "installing $name with $distro/$codename"
echo ""
echo "######## running the install playbook ########"
-exec ansible-playbook -e "vmname=$name" -e "vmdistro=$distro" -e "vmdistcodename=$codename" $@ vm-install.yml
+exec ansible-playbook -e "hostname=$name" -e "install_distro=$distro" -e "install_codename=$codename" $@ $(basename "$0" .sh).yml
---
- name: preperations and sanity checks
- hosts: "{{ vmname }}"
+ hosts: "{{ hostname }}"
gather_facts: no
tasks:
- name: setup variables
set_fact:
- vm_network_cooked: "{{ vm_network }}"
- vm_install_cooked: "{{ vm_install }}"
+ network_cooked: "{{ network }}"
+ install_cooked: "{{ install }}"
- name: create temporary host group for vm host
add_host:
- name: "{{ vm_install.host }}"
+ name: "{{ vm_host }}"
inventory_dir: "{{inventory_dir}}"
group: _vmhost_
# TODO: add some sanity checks
- role: vm/install
- name: wait for new vm to start up
- hosts: "{{ vmname }}"
+ hosts: "{{ hostname }}"
gather_facts: no
tasks:
## TODO: find a better way to fetch host key of new VMs
ansible_ssh_extra_args: ""
- name: Apply VM configuration roles
- hosts: "{{ vmname }}"
+ hosts: "{{ hostname }}"
roles:
- role: vm/grub
- role: vm/network
- role: vm/guest
-- import_playbook: "host_playbooks/{{ vmname }}.yml"
+- import_playbook: "host_playbooks/{{ hostname }}.yml"
- name: reboot and wait for VM come back
- hosts: "{{ vmname }}"
+ hosts: "{{ hostname }}"
gather_facts: no
roles:
- role: reboot-and-wait
projects / noc.git / commitdiff