diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2021-12-28 10:27:23 +0100 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2021-12-28 10:27:23 +0100 |
| commit | 55d87ecd459ad550069cf5f5473379ae9c3a0b8e (patch) | |
| tree | 600ff74ae7330590afb87fb2b8a1909ef1022778 | |
| parent | add signing key for next openbsd release (diff) | |
| parent | add testvm for phoebe and fix switch port configs (diff) | |
Merge branch 'topic/revamp-vmguest-roles'
| -rw-r--r-- | common/vm-install.yml | 2 | ||||
| -rw-r--r-- | inventory/group_vars/chaos-at-home/network.yml | 2 | ||||
| -rw-r--r-- | inventory/host_vars/ch-router-obsd.yml | 8 | ||||
| -rw-r--r-- | inventory/host_vars/ch-sw0.yml | 10 | ||||
| -rw-r--r-- | inventory/host_vars/ch-testvm-phoebe.yml | 37 | ||||
| -rw-r--r-- | inventory/hosts.ini | 2 | ||||
| -rw-r--r-- | roles/vm/guest/base/tasks/Debian.yml | 61 | ||||
| -rw-r--r-- | roles/vm/guest/base/tasks/OpenBSD.yml | 2 | ||||
| -rw-r--r-- | roles/vm/guest/base/tasks/main.yml | 67 | ||||
| -rw-r--r-- | roles/vm/guest/define/templates/libvirt-domain.xml.j2 | 2 | ||||
| -rw-r--r-- | roles/vm/guest/network/tasks/Debian.yml | 40 | ||||
| -rw-r--r-- | roles/vm/guest/network/tasks/OpenBSD.yml | 15 | ||||
| -rw-r--r-- | roles/vm/guest/network/tasks/main.yml | 50 |
13 files changed, 190 insertions, 108 deletions
diff --git a/common/vm-install.yml b/common/vm-install.yml index 414b614f..6c98ae73 100644 --- a/common/vm-install.yml +++ b/common/vm-install.yml @@ -45,9 +45,7 @@ roles: - role: vm/guest/network - when: install_distro in ['debian', 'ubuntu'] - role: vm/guest/base - when: install_distro in ['debian', 'ubuntu'] post_tasks: - name: reenable StrictHostKeyChecking diff --git a/inventory/group_vars/chaos-at-home/network.yml b/inventory/group_vars/chaos-at-home/network.yml index ac46f005..2832ec59 100644 --- a/inventory/group_vars/chaos-at-home/network.yml +++ b/inventory/group_vars/chaos-at-home/network.yml @@ -47,6 +47,7 @@ network_zones: ch-sensors0: 10 ch-sensors1: 11 ch-sensors2: 12 + ch-testvm-phoebe: 43 ch-mon: 230 ch-iot: 254 @@ -68,6 +69,7 @@ network_zones: ch-gw-lan: 28 ch-iot: 30 ch-testvm-prometheus: 42 + ch-testvm-phoebe: 43 ch-nic: 53 __svc_http__: 80 __svc_imap__: 143 diff --git a/inventory/host_vars/ch-router-obsd.yml b/inventory/host_vars/ch-router-obsd.yml index cf2b7784..7827cf99 100644 --- a/inventory/host_vars/ch-router-obsd.yml +++ b/inventory/host_vars/ch-router-obsd.yml @@ -10,9 +10,8 @@ install: primary: /dev/sda virtio: vda: - type: lvm - vg: "{{ hostvars[vm_host.name].host_name }}" - lv: "{{ inventory_hostname }}" + type: zfs + name: root size: 10g interfaces: - bridge: br-svc @@ -25,5 +24,8 @@ network: name: vio0 address: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets[inventory_hostname]) | ipaddr('address/prefix') }}" gateway: "{{ network_zones.svc.gateway }}" + static_routes: + - destination: "{{ network_zones.lan.prefix }}" + gateway: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ipaddr('address') }}" interfaces: - *_network_primary_ diff --git a/inventory/host_vars/ch-sw0.yml b/inventory/host_vars/ch-sw0.yml index f244c6c3..c914d3c4 100644 --- a/inventory/host_vars/ch-sw0.yml +++ b/inventory/host_vars/ch-sw0.yml @@ -35,23 +35,23 @@ switch_interfaces_yaml: | - spec: Gi1/0/19 description: "phoebe-eno2" - vlan: {{ network_zones.lan.vlan }} + vlan: {{ network_zones.svc.vlan }} - spec: Gi1/0/20 description: "phoebe-eno1" - vlan: {{ network_zones.svc.vlan }} + vlan: {{ network_zones.lan.vlan }} - spec: Gi1/0/21 description: "phoebe-eno4" switchport_mode: general tagged_only: true allowed_vlans_tagged: - - {{ network_zones.iot.vlan }} - - {{ network_zones.mgmt.vlan }} + - {{ network_zones.magenta.vlan }} - spec: Gi1/0/22 description: "phoebe-eno3" switchport_mode: general tagged_only: true allowed_vlans_tagged: - - {{ network_zones.magenta.vlan }} + - {{ network_zones.iot.vlan }} + - {{ network_zones.mgmt.vlan }} - spec: Gi1/0/23 vlan: {{ network_zones.svc.vlan }} diff --git a/inventory/host_vars/ch-testvm-phoebe.yml b/inventory/host_vars/ch-testvm-phoebe.yml new file mode 100644 index 00000000..880b4e06 --- /dev/null +++ b/inventory/host_vars/ch-testvm-phoebe.yml @@ -0,0 +1,37 @@ +--- +install_jumphost: ch-jump + +install: + vm: + memory: 1G + numcpus: 1 + autostart: False + disks: + primary: /dev/sda + scsi: + sda: + type: zfs + name: root + size: 15g + interfaces: + - bridge: br-svc + name: svc0 + - bridge: br-iot + name: iot0 + +network: + nameservers: "{{ network_zones.svc.dns }}" + domain: "{{ host_domain }}" + systemd_link: + interfaces: "{{ install.interfaces }}" + primary: &_network_primary_ + name: svc0 + address: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets[inventory_hostname]) | ipaddr('address/prefix') }}" + gateway: "{{ network_zones.svc.gateway }}" + static_routes: + - destination: "{{ network_zones.lan.prefix }}" + gateway: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ipaddr('address') }}" + interfaces: + - *_network_primary_ + - name: iot0 + address: "{{ network_zones.iot.prefix | ipaddr(network_zones.iot.offsets[inventory_hostname]) | ipaddr('address/prefix') }}" diff --git a/inventory/hosts.ini b/inventory/hosts.ini index a159aaf3..6b54c33a 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -15,6 +15,7 @@ env_group=chaos-at-home [chaos-at-home] ch-gnocchi host_name=gnocchi ch-phoebe host_name=phoebe +ch-testvm-phoebe host_name=testvm-phoebe ch-router host_name=router ch-router-obsd host_name=router ch-gw-lan host_name=gw-lan @@ -334,6 +335,7 @@ ch-gnocchi vmhost-ch-gnocchi-guests [vmhost-ch-phoebe-guests] +ch-testvm-phoebe #ch-router ch-router-obsd #ch-jump diff --git a/roles/vm/guest/base/tasks/Debian.yml b/roles/vm/guest/base/tasks/Debian.yml new file mode 100644 index 00000000..7a383fe1 --- /dev/null +++ b/roles/vm/guest/base/tasks/Debian.yml @@ -0,0 +1,61 @@ +--- +- name: install rngd + apt: + name: rng-tools5 + state: present + force_apt_get: yes + +- name: get size of entropy pool + check_mode: no + command: cat /proc/sys/kernel/random/poolsize + changed_when: false + register: entropy_pool_size + +- name: create systemd override directory for rngd + file: + path: /etc/systemd/system/rngd.service.d + state: directory + +- name: configure rngd + copy: + content: | + [Service] + ExecStart= + ExecStart=/usr/sbin/rngd -f -r /dev/hwrng -s 256 -W {{ ((entropy_pool_size.stdout_lines | first | int) * 0.8) | int }} + dest: /etc/systemd/system/rngd.service.d/hwrng-device.conf + notify: restart rngd + + +- name: provide a root shell on the VM serial console + when: vm_guest_autologin_on_serial + block: + - name: create systemd override directory for gettyS0 + file: + path: /etc/systemd/system/serial-getty@ttyS0.service.d/ + state: directory + + - name: create autologin config for gettyS0 + copy: + dest: /etc/systemd/system/serial-getty@ttyS0.service.d/autologon.conf + content: | + [Service] + ExecStart= + ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 --noclear --autologin root --login-pause --host {{ vm_host_cooked.name }} %I $TERM + + +- name: enable serial console in grub and for kernel + vars: + grub_options: + GRUB_TIMEOUT: 2 + GRUB_CMDLINE_LINUX: '"console=ttyS0,115200n8"' + GRUB_TERMINAL: serial + GRUB_SERIAL_COMMAND: >- + "serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1" + loop: "{{ grub_options | dict2items }}" + loop_control: + label: "{{ item.key }}" + lineinfile: + dest: /etc/default/grub + regexp: "^{{ item.key }}=" + line: "{{ item.key }}={{ item.value }}" + notify: update grub diff --git a/roles/vm/guest/base/tasks/OpenBSD.yml b/roles/vm/guest/base/tasks/OpenBSD.yml new file mode 100644 index 00000000..94832c38 --- /dev/null +++ b/roles/vm/guest/base/tasks/OpenBSD.yml @@ -0,0 +1,2 @@ +--- +## nothing to do here diff --git a/roles/vm/guest/base/tasks/main.yml b/roles/vm/guest/base/tasks/main.yml index 7a383fe1..410a07cb 100644 --- a/roles/vm/guest/base/tasks/main.yml +++ b/roles/vm/guest/base/tasks/main.yml @@ -1,61 +1,12 @@ --- -- name: install rngd - apt: - name: rng-tools5 - state: present - force_apt_get: yes - -- name: get size of entropy pool - check_mode: no - command: cat /proc/sys/kernel/random/poolsize - changed_when: false - register: entropy_pool_size - -- name: create systemd override directory for rngd - file: - path: /etc/systemd/system/rngd.service.d - state: directory - -- name: configure rngd - copy: - content: | - [Service] - ExecStart= - ExecStart=/usr/sbin/rngd -f -r /dev/hwrng -s 256 -W {{ ((entropy_pool_size.stdout_lines | first | int) * 0.8) | int }} - dest: /etc/systemd/system/rngd.service.d/hwrng-device.conf - notify: restart rngd - - -- name: provide a root shell on the VM serial console - when: vm_guest_autologin_on_serial - block: - - name: create systemd override directory for gettyS0 - file: - path: /etc/systemd/system/serial-getty@ttyS0.service.d/ - state: directory - - - name: create autologin config for gettyS0 - copy: - dest: /etc/systemd/system/serial-getty@ttyS0.service.d/autologon.conf - content: | - [Service] - ExecStart= - ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 --noclear --autologin root --login-pause --host {{ vm_host_cooked.name }} %I $TERM - - -- name: enable serial console in grub and for kernel +- name: load os/distrubtion/version specific tasks vars: - grub_options: - GRUB_TIMEOUT: 2 - GRUB_CMDLINE_LINUX: '"console=ttyS0,115200n8"' - GRUB_TERMINAL: serial - GRUB_SERIAL_COMMAND: >- - "serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1" - loop: "{{ grub_options | dict2items }}" + params: + files: + - "{{ ansible_distribution_release }}.yml" + - "{{ ansible_distribution }}.yml" + - "{{ ansible_os_family }}.yml" + loop: "{{ q('first_found', params) }}" loop_control: - label: "{{ item.key }}" - lineinfile: - dest: /etc/default/grub - regexp: "^{{ item.key }}=" - line: "{{ item.key }}={{ item.value }}" - notify: update grub + loop_var: tasks_file + include_tasks: "{{ tasks_file }}" diff --git a/roles/vm/guest/define/templates/libvirt-domain.xml.j2 b/roles/vm/guest/define/templates/libvirt-domain.xml.j2 index 41671f73..d329a7de 100644 --- a/roles/vm/guest/define/templates/libvirt-domain.xml.j2 +++ b/roles/vm/guest/define/templates/libvirt-domain.xml.j2 @@ -4,7 +4,7 @@ <currentMemory>{{ ((install_cooked.vm.memory | human_to_bytes) / 1024) | int }}</currentMemory> <vcpu>{{ install_cooked.vm.numcpus }}</vcpu> <os> - <type arch='x86_64' machine='pc-0.12'>hvm</type> + <type arch='x86_64' machine='pc'>hvm</type> {% if vm_define_installer %} {% if install_distro == 'debian' or install_distro == 'ubuntu' %} <kernel>{{ installer_tmpdir }}/linux</kernel> diff --git a/roles/vm/guest/network/tasks/Debian.yml b/roles/vm/guest/network/tasks/Debian.yml new file mode 100644 index 00000000..27a7682a --- /dev/null +++ b/roles/vm/guest/network/tasks/Debian.yml @@ -0,0 +1,40 @@ +--- +- name: configure systemd link units + when: network_cooked.systemd_link is defined + block: + - name: remove legacy systemd.link units + loop: + - 50-virtio-kernel-names.link + - 99-default.link + file: + name: "/etc/systemd/network/{{ item }}" + state: absent + + - name: install systemd network link units + loop: "{{ network_cooked.systemd_link.interfaces }}" + loop_control: + label: "{{ item.name }}" + index_var: interface_index + template: + src: systemd.link.j2 + dest: "/etc/systemd/network/{{ '%02d' | format(interface_index + 11) }}-{{ item.name }}.link" + notify: rebuild initramfs + + +- name: install basic interface config + template: + src: interfaces.j2 + dest: /etc/network/interfaces + mode: 0644 + +- name: remove resolvconf package + apt: + name: resolvconf + state: absent + force_apt_get: yes + purge: yes + +- name: generate resolv.conf + template: + src: resolv.conf.j2 + dest: /etc/resolv.conf diff --git a/roles/vm/guest/network/tasks/OpenBSD.yml b/roles/vm/guest/network/tasks/OpenBSD.yml new file mode 100644 index 00000000..4357ea4e --- /dev/null +++ b/roles/vm/guest/network/tasks/OpenBSD.yml @@ -0,0 +1,15 @@ +--- +- name: generate network interface configs + loop: "{{ network_cooked.interfaces }}" + loop_control: + loop_var: interface + label: "{{ interface.name }}" + copy: + dest: "/etc/hostname.{{ interface.name }}" + content: | + inet {{ interface.address | ipaddr('address') }} {{ interface.address | ipaddr('netmask') }} + {% for route in interface.static_routes | default([]) %} + !route add -net {{ route.destination }} {{ route.gateway }} + {% endfor %} + +## TODO: configure default gateway - for now we rely on installer to do the right thing diff --git a/roles/vm/guest/network/tasks/main.yml b/roles/vm/guest/network/tasks/main.yml index 27a7682a..410a07cb 100644 --- a/roles/vm/guest/network/tasks/main.yml +++ b/roles/vm/guest/network/tasks/main.yml @@ -1,40 +1,12 @@ --- -- name: configure systemd link units - when: network_cooked.systemd_link is defined - block: - - name: remove legacy systemd.link units - loop: - - 50-virtio-kernel-names.link - - 99-default.link - file: - name: "/etc/systemd/network/{{ item }}" - state: absent - - - name: install systemd network link units - loop: "{{ network_cooked.systemd_link.interfaces }}" - loop_control: - label: "{{ item.name }}" - index_var: interface_index - template: - src: systemd.link.j2 - dest: "/etc/systemd/network/{{ '%02d' | format(interface_index + 11) }}-{{ item.name }}.link" - notify: rebuild initramfs - - -- name: install basic interface config - template: - src: interfaces.j2 - dest: /etc/network/interfaces - mode: 0644 - -- name: remove resolvconf package - apt: - name: resolvconf - state: absent - force_apt_get: yes - purge: yes - -- name: generate resolv.conf - template: - src: resolv.conf.j2 - dest: /etc/resolv.conf +- name: load os/distrubtion/version specific tasks + vars: + params: + files: + - "{{ ansible_distribution_release }}.yml" + - "{{ ansible_distribution }}.yml" + - "{{ ansible_os_family }}.yml" + loop: "{{ q('first_found', params) }}" + loop_control: + loop_var: tasks_file + include_tasks: "{{ tasks_file }}" |