diff options
24 files changed, 135 insertions, 81 deletions
diff --git a/chaos-at-home/cloud-install.yml b/chaos-at-home/cloud-install.yml index 24d8d9c2..9b5bbee9 100644 --- a/chaos-at-home/cloud-install.yml +++ b/chaos-at-home/cloud-install.yml @@ -1,6 +1,10 @@ --- -- name: basic installation +- name: setup variables hosts: "{{ hostname }}" gather_facts: no - roles: - - role: cloud-install + tasks: + - set_fact: + install_cooked: "{{ install }}" + network_cooked: "{{ network }}" + +- import_playbook: ../common/cloud-install.yml diff --git a/common/cloud-install.yml b/common/cloud-install.yml new file mode 100644 index 00000000..79e22378 --- /dev/null +++ b/common/cloud-install.yml @@ -0,0 +1,40 @@ +--- +- name: basic installation + hosts: "{{ hostname }}" + gather_facts: no + roles: + - role: cloud/install + +- name: wait for new vm to start up + hosts: "{{ hostname }}" + gather_facts: no + tasks: + ## TODO: find a better way to fetch host key of new VMs + - name: disable ssh StrictHostKeyChecking for the next step + set_fact: + ansible_ssh_extra_args: -o StrictHostKeyChecking=no + - name: wait for vm to start up + wait_for_connection: + delay: 5 + timeout: 120 + - name: reenable StrictHostKeyChecking + set_fact: + ansible_ssh_extra_args: "" + +- name: Apply VM configuration roles + hosts: "{{ hostname }}" + pre_tasks: + - name: make sure to update cached facts + setup: + roles: + - role: cloud/post-install + +- import_playbook: "../{{ hostenv }}/{{ hostname }}.yml" + +- name: reboot and wait for VM come back + hosts: "{{ hostname }}" + gather_facts: no + roles: + - role: reboot-and-wait + reboot_delay: 10 + reboot_timeout: 120 diff --git a/dan/cloud-install.yml b/dan/cloud-install.yml index 24d8d9c2..9b5bbee9 100644 --- a/dan/cloud-install.yml +++ b/dan/cloud-install.yml @@ -1,6 +1,10 @@ --- -- name: basic installation +- name: setup variables hosts: "{{ hostname }}" gather_facts: no - roles: - - role: cloud-install + tasks: + - set_fact: + install_cooked: "{{ install }}" + network_cooked: "{{ network }}" + +- import_playbook: ../common/cloud-install.yml diff --git a/dan/host_vars/sk-2019vm.yml b/dan/host_vars/sk-2019vm.yml new file mode 100644 index 00000000..53629208 --- /dev/null +++ b/dan/host_vars/sk-2019vm.yml @@ -0,0 +1,10 @@ +$ANSIBLE_VAULT;1.2;AES256;dan +64313638393461613535643731303830343539313333643462633232303936346665636536313630 +6261376532663565343434376633613930613331626530380a633235326261306166356166636363 +32636530656665303633373331353565626534646466666336636561376638323834646262633636 +3633656465366263640a653837613439363438653366643763323933366361323938326439373138 +36323638633530323630323133386332303965353866353831383961333363613933373132353663 +35393938326630356261336136633763316436366435313965306166656138393032306434363861 +62383632636239653233626535316361376637646564333861323936343833383030303139346135 +39303735623038633661626238616638373061643762336339366434303162633731646432626364 +3432 diff --git a/dan/host_vars/sk-cloudia.yml b/dan/host_vars/sk-cloudia.yml index 53629208..7bb3860d 100644 --- a/dan/host_vars/sk-cloudia.yml +++ b/dan/host_vars/sk-cloudia.yml @@ -1,10 +1,10 @@ $ANSIBLE_VAULT;1.2;AES256;dan -64313638393461613535643731303830343539313333643462633232303936346665636536313630 -6261376532663565343434376633613930613331626530380a633235326261306166356166636363 -32636530656665303633373331353565626534646466666336636561376638323834646262633636 -3633656465366263640a653837613439363438653366643763323933366361323938326439373138 -36323638633530323630323133386332303965353866353831383961333363613933373132353663 -35393938326630356261336136633763316436366435313965306166656138393032306434363861 -62383632636239653233626535316361376637646564333861323936343833383030303139346135 -39303735623038633661626238616638373061643762336339366434303162633731646432626364 -3432 +66326237393963643938383265396133366166376563616436303365353661366232616539373163 +6139613939613033626635616564613463663333376130350a386262326435303164346234666536 +31373463396433366661356461663439303437393738336331346465333530373332623530656561 +6464656633633865620a323839386230626532303639356164613264333565633863306438363866 +37393234656630333034346233653730333837323833313838653536343161623963643162633936 +31636264356664613236313439616630366133653038396165613561613237656534353839666135 +36396133306565343861323237316237383330383734666164343766306130373233373930653738 +63393363653863613137613637313030353765643966343132363230636536303163663262326234 +3237 diff --git a/dan/sk-2019vm.yml b/dan/sk-2019vm.yml new file mode 100644 index 00000000..10a633b0 --- /dev/null +++ b/dan/sk-2019vm.yml @@ -0,0 +1,7 @@ +--- +- name: Basic Setup + hosts: sk-2019vm + roles: + - role: base + - role: sshd + - role: zsh diff --git a/inventory/group_vars/hcloud/main.yml b/inventory/group_vars/hcloud/main.yml index 83219510..564ce6e1 100644 --- a/inventory/group_vars/hcloud/main.yml +++ b/inventory/group_vars/hcloud/main.yml @@ -1,4 +1,2 @@ --- cloud_provider: hcloud - -hcloud_api_token: "{{ vault_hcloud_api_token }}" diff --git a/inventory/group_vars/hroot/main.yml b/inventory/group_vars/hroot/main.yml index 828a3720..7802f3ad 100644 --- a/inventory/group_vars/hroot/main.yml +++ b/inventory/group_vars/hroot/main.yml @@ -1,4 +1,2 @@ --- cloud_provider: hroot - -hroot_robot_account: "{{ vault_hroot_robot_account }}" diff --git a/inventory/host_vars/sk-2019vm.yml b/inventory/host_vars/sk-2019vm.yml new file mode 100644 index 00000000..34a43bb6 --- /dev/null +++ b/inventory/host_vars/sk-2019vm.yml @@ -0,0 +1,8 @@ +--- +install: + cloud_credentials: "{{ vault_hroot_robot_account }}" + disks: + layout: nvme_raid + root_lvm_size: 10G + +network: {} diff --git a/inventory/host_vars/sk-cloudia.yml b/inventory/host_vars/sk-cloudia.yml index d6664d4d..b169d5b5 100644 --- a/inventory/host_vars/sk-cloudia.yml +++ b/inventory/host_vars/sk-cloudia.yml @@ -1,2 +1,8 @@ --- -hetzner_root_lvm_size: 15G +install: + cloud_credentials: "{{ vault_hroot_robot_account }}" + disks: + layout: nvme_raid + root_lvm_size: 15G + +network: {} diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 8681ba99..6b26014a 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -119,6 +119,7 @@ ansible_port=222 sk2013 host_name=2013 ansible_port=22000 sk2016 host_name=2016 ansible_port=22000 sk-cloudia host_name=cloudia +sk-2019vm host_name=2019vm [ele-ap] @@ -195,6 +196,7 @@ r3-cccamp19-av sk2013 sk2016 sk-cloudia +sk-2019vm [hcloud] emc-00 diff --git a/roles/cloud-install/defaults/main.yml b/roles/cloud-install/defaults/main.yml deleted file mode 100644 index 75e47612..00000000 --- a/roles/cloud-install/defaults/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -hetzner_disk_setup: "{% if cloud_provider == 'hroot' %}nvme_raid{% elif cloud_provider == 'hcloud' %}hcloud{% endif %}" -hetzner_root_lvm_size: all diff --git a/roles/cloud-install/tasks/main.yml b/roles/cloud-install/tasks/main.yml deleted file mode 100644 index 6d9eb96e..00000000 --- a/roles/cloud-install/tasks/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- include_tasks: "install_{{ cloud_provider }}.yml" - -- name: force facts cache to get updated - setup: - -- when: lookup('first_found', ['post_' + cloud_provider + '.yml'], errors='ignore') - include_tasks: "post_{{ cloud_provider }}.yml" diff --git a/roles/cloud-install/filter_plugins/hroot.py b/roles/cloud/install/filter_plugins/hroot.py index d2abff1b..d2abff1b 100644 --- a/roles/cloud-install/filter_plugins/hroot.py +++ b/roles/cloud/install/filter_plugins/hroot.py diff --git a/roles/cloud-install/tasks/install_hcloud.yml b/roles/cloud/install/tasks/hcloud.yml index 68e8db60..ca5435b8 100644 --- a/roles/cloud-install/tasks/install_hcloud.yml +++ b/roles/cloud/install/tasks/hcloud.yml @@ -4,7 +4,7 @@ url: "https://api.hetzner.cloud/v1/ssh_keys" method: GET headers: - Authorization: "Bearer {{ hcloud_api_token }}" + Authorization: "Bearer {{ install_cooked.cloud_credentials.token }}" status_code: 200 register: sshkeys delegate_to: localhost @@ -14,7 +14,7 @@ url: "https://api.hetzner.cloud/v1/servers?name={{ inventory_hostname }}" method: GET headers: - Authorization: "Bearer {{ hcloud_api_token }}" + Authorization: "Bearer {{ install_cooked.cloud_credentials.token }}" status_code: 200 register: serverstatus delegate_to: localhost @@ -33,7 +33,7 @@ method: POST body: "{{ {'type': 'linux64', 'ssh_keys': (sshkeys.json.ssh_keys | map(attribute='id') | list) } | to_nice_json }}" headers: - Authorization: "Bearer {{ hcloud_api_token }}" + Authorization: "Bearer {{ install_cooked.cloud_credentials.token }}" Content-Type: "application/json" status_code: 201 delegate_to: localhost @@ -43,7 +43,7 @@ url: "https://api.hetzner.cloud/v1/servers/{{ serverstatus.json.servers[0].id }}/actions/reset" method: POST headers: - Authorization: "Bearer {{ hcloud_api_token }}" + Authorization: "Bearer {{ install_cooked.cloud_credentials.token }}" status_code: 201 delegate_to: localhost @@ -66,18 +66,3 @@ poll: 0 ignore_errors: True changed_when: True - -### TODO: SSH host key handling needs to be improved -- name: automatically accept new ssh host key - set_fact: - ansible_ssh_extra_args: "{{ old_ansible_ssh_extra_args }} -o StrictHostKeyChecking=no" - -- name: wait for host to start up - wait_for_connection: - delay: 15 - timeout: 120 - -### TODO: SSH host key handling needs to be improved -- name: re-enable ssh host key checking - set_fact: - ansible_ssh_extra_args: "{{ old_ansible_ssh_extra_args }}" diff --git a/roles/cloud-install/tasks/hetzner_installimage.yml b/roles/cloud/install/tasks/hetzner_installimage.yml index f54a785b..f54a785b 100644 --- a/roles/cloud-install/tasks/hetzner_installimage.yml +++ b/roles/cloud/install/tasks/hetzner_installimage.yml diff --git a/roles/cloud-install/tasks/install_hroot.yml b/roles/cloud/install/tasks/hroot.yml index 6c57d874..606df5f6 100644 --- a/roles/cloud-install/tasks/install_hroot.yml +++ b/roles/cloud/install/tasks/hroot.yml @@ -3,8 +3,8 @@ uri: url: "https://robot-ws.your-server.de/key" method: GET - user: "{{ hroot_robot_account.username }}" - password: "{{ hroot_robot_account.password }}" + user: "{{ install_cooked.cloud_credentials.username }}" + password: "{{ install_cooked.cloud_credentials.password }}" force_basic_auth: yes status_code: 200 register: sshkeys @@ -22,8 +22,8 @@ uri: url: "https://robot-ws.your-server.de/server" method: GET - user: "{{ hroot_robot_account.username }}" - password: "{{ hroot_robot_account.password }}" + user: "{{ install_cooked.cloud_credentials.username }}" + password: "{{ install_cooked.cloud_credentials.password }}" force_basic_auth: yes status_code: 200 register: servers @@ -48,8 +48,8 @@ uri: url: "https://robot-ws.your-server.de/boot/{{ hetzner_main_ip }}/rescue" method: GET - user: "{{ hroot_robot_account.username }}" - password: "{{ hroot_robot_account.password }}" + user: "{{ install_cooked.cloud_credentials.username }}" + password: "{{ install_cooked.cloud_credentials.password }}" force_basic_auth: yes status_code: 200 register: rescuestatus @@ -62,8 +62,8 @@ uri: url: "https://robot-ws.your-server.de/boot/{{ hetzner_main_ip }}/rescue" method: POST - user: "{{ hroot_robot_account.username }}" - password: "{{ hroot_robot_account.password }}" + user: "{{ install_cooked.cloud_credentials.username }}" + password: "{{ install_cooked.cloud_credentials.password }}" force_basic_auth: yes body: "os=linux&arch=64&authorized_key[]={{ sshkeys.json | hroot_extract_ssh_key_fingerprints | join('&authorized_key[]=') }}" status_code: 200 @@ -79,8 +79,8 @@ uri: url: "https://robot-ws.your-server.de/reset/{{ hetzner_main_ip }}" method: POST - user: "{{ hroot_robot_account.username }}" - password: "{{ hroot_robot_account.password }}" + user: "{{ install_cooked.cloud_credentials.username }}" + password: "{{ install_cooked.cloud_credentials.password }}" force_basic_auth: yes body: "type=hw" status_code: 200 @@ -107,18 +107,3 @@ poll: 0 ignore_errors: True changed_when: True - -### TODO: SSH host key handling needs to be improved -- name: automatically accept new ssh host key - set_fact: - ansible_ssh_extra_args: "{{ old_ansible_ssh_extra_args }} -o StrictHostKeyChecking=no" - -- name: wait for host to start up - wait_for_connection: - delay: 15 - timeout: 120 - -### TODO: SSH host key handling needs to be improved -- name: re-enable ssh host key checking - set_fact: - ansible_ssh_extra_args: "{{ old_ansible_ssh_extra_args }}" diff --git a/roles/cloud/install/tasks/main.yml b/roles/cloud/install/tasks/main.yml new file mode 100644 index 00000000..c5cc046f --- /dev/null +++ b/roles/cloud/install/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- include_tasks: "{{ cloud_provider }}.yml" diff --git a/roles/cloud-install/templates/hetzner_installimage.conf.j2 b/roles/cloud/install/templates/hetzner_installimage.conf.j2 index 801d448f..a30fb94a 100644 --- a/roles/cloud-install/templates/hetzner_installimage.conf.j2 +++ b/roles/cloud/install/templates/hetzner_installimage.conf.j2 @@ -1,21 +1,23 @@ HOSTNAME {{ host_name }} -{% if hetzner_disk_setup == "nvme_raid" %} +{% if cloud_provider == "hroot" %} +{% if install_cooked.disks.layout == "nvme_raid" %} DRIVE1 /dev/nvme0n1 DRIVE2 /dev/nvme1n1 SWRAID 1 SWRAIDLEVEL 1 -{% elif hetzner_disk_setup == "sata_raid" %} +{% elif install_cooked.disks.layout == "sata_raid" %} DRIVE1 /dev/sda DRIVE2 /dev/sdb SWRAID 1 SWRAIDLEVEL 1 -{% elif hetzner_disk_setup == "hcloud" %} +{% endif %} +{% elif cloud_provider == "hcloud" %} DRIVE1 /dev/sda {% endif %} BOOTLOADER grub PART /boot ext4 512M -PART lvm {{ host_name }} {{ hetzner_root_lvm_size }} -{% if hetzner_root_lvm_size != "all" %} +PART lvm {{ host_name }} {{ install_cooked.disks.root_lvm_size }} +{% if install_cooked.disks.root_lvm_size != "all" %} PART /dummy ext4 all {% endif %} LV {{ host_name }} root / ext4 2560M diff --git a/roles/cloud-install/templates/hetzner_postinst.sh.j2 b/roles/cloud/install/templates/hetzner_postinst.sh.j2 index 660c0ea5..271e51b7 100644 --- a/roles/cloud-install/templates/hetzner_postinst.sh.j2 +++ b/roles/cloud/install/templates/hetzner_postinst.sh.j2 @@ -25,7 +25,7 @@ swapoff -a sed -e '/^\/swapfile/d' -i /etc/fstab rm -f /swapfile -{% if hetzner_root_lvm_size != "all" %} +{% if install_cooked.disks.root_lvm_size != "all" %} umount /dummy sed -e '/\/dummy/d' -i /etc/fstab rm -rf /dummy diff --git a/roles/cloud-install/tasks/post_hcloud.yml b/roles/cloud/post-install/tasks/hcloud.yml index 96108c58..96108c58 100644 --- a/roles/cloud-install/tasks/post_hcloud.yml +++ b/roles/cloud/post-install/tasks/hcloud.yml diff --git a/roles/cloud/post-install/tasks/hroot.yml b/roles/cloud/post-install/tasks/hroot.yml new file mode 100644 index 00000000..51315101 --- /dev/null +++ b/roles/cloud/post-install/tasks/hroot.yml @@ -0,0 +1,2 @@ +--- +# nothing to do here. diff --git a/roles/cloud/post-install/tasks/main.yml b/roles/cloud/post-install/tasks/main.yml new file mode 100644 index 00000000..c5cc046f --- /dev/null +++ b/roles/cloud/post-install/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- include_tasks: "{{ cloud_provider }}.yml" diff --git a/spreadspace/cloud-install.yml b/spreadspace/cloud-install.yml new file mode 100644 index 00000000..9b5bbee9 --- /dev/null +++ b/spreadspace/cloud-install.yml @@ -0,0 +1,10 @@ +--- +- name: setup variables + hosts: "{{ hostname }}" + gather_facts: no + tasks: + - set_fact: + install_cooked: "{{ install }}" + network_cooked: "{{ network }}" + +- import_playbook: ../common/cloud-install.yml |