diff options
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | ansible.cfg | 4 | ||||
-rw-r--r-- | host_vars/kube2016.yaml | 26 | ||||
-rw-r--r-- | host_vars/sk2016.yaml | 14 | ||||
-rw-r--r-- | hosts.ini | 5 | ||||
-rw-r--r-- | playbooks/kube2016.yaml | 9 | ||||
-rw-r--r-- | playbooks/sk2016.yaml (renamed from playbooks/sk2013.yaml) | 2 | ||||
-rwxr-xr-x | remove-known-host.sh | 2 | ||||
-rw-r--r-- | roles/sshserver/tasks/main.yaml | 2 | ||||
-rw-r--r-- | roles/vm-host/handlers/main.yaml | 5 | ||||
-rw-r--r-- | roles/vm-host/tasks/main.yaml | 26 | ||||
-rw-r--r-- | roles/vm-install/tasks/main.yaml | 6 | ||||
-rw-r--r-- | roles/vm-install/templates/libvirt-domain.xml.j2 | 6 | ||||
-rw-r--r-- | roles/vm-install/templates/preseed_stretch.cfg.j2 | 12 | ||||
-rw-r--r-- | roles/vm-network/tasks/main.yaml | 6 | ||||
-rw-r--r-- | vminstall.yaml | 2 |
16 files changed, 107 insertions, 21 deletions
@@ -3,3 +3,4 @@ *.pyc *.retry .*.sw? +/facts/ diff --git a/ansible.cfg b/ansible.cfg index 9dc1f0d3..ce2d8dd5 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -8,6 +8,10 @@ nocows=1 vault_password_file = ./gpg/get-vault-pass.sh gathering = smart +fact_caching = jsonfile +fact_caching_connection = ./facts +fact_caching_timeout = 7200 + var_compression_level = 9 [ssh_connection] diff --git a/host_vars/kube2016.yaml b/host_vars/kube2016.yaml new file mode 100644 index 00000000..49d6f976 --- /dev/null +++ b/host_vars/kube2016.yaml @@ -0,0 +1,26 @@ +vm_install: + host: sk2016 + mem: 8192 + numcpu: 6 + disks: + primary: vda + virtio: + vda: + vg: storage + lv: "{{ inventory_hostname }}" + size: 100g + interfaces: + - idx: 1 + bridge: virbr + name: internet0 + autostart: True +vm_network: + systemd_link: + interfaces: "{{ vm_install.interfaces }}" + internet: + interface: internet0 + ip: 192.168.216.200 + mask: 255.255.255.0 + gateway: 192.168.216.254 + nameservers: 9.9.9.9 + domain: spreadspace.org diff --git a/host_vars/sk2016.yaml b/host_vars/sk2016.yaml new file mode 100644 index 00000000..16aae79e --- /dev/null +++ b/host_vars/sk2016.yaml @@ -0,0 +1,14 @@ +sshserver_allowusers_host: +- backuppc +- equinox +- dan +vm_host: + installer: + net_if: virbr + preseed_path: /srv/preseed + path: /srv/installer + distros: + debian: + - stretch + ubunt: + - xenial @@ -13,7 +13,6 @@ mimas ssbuild - [skillz] sk2013 sk2016 @@ -32,3 +31,7 @@ prometheus atlas sk2013 sk2016 + + +[k8s-stream] +kube2016 diff --git a/playbooks/kube2016.yaml b/playbooks/kube2016.yaml new file mode 100644 index 00000000..469c848d --- /dev/null +++ b/playbooks/kube2016.yaml @@ -0,0 +1,9 @@ +--- +- name: Basic Setup + hosts: kube2016 + roles: + - role: sshserver + - role: vm-grub + - role: vm-network + - role: base + - role: zsh diff --git a/playbooks/sk2013.yaml b/playbooks/sk2016.yaml index 454c1002..f1be1491 100644 --- a/playbooks/sk2013.yaml +++ b/playbooks/sk2016.yaml @@ -1,6 +1,6 @@ --- - name: Basic Setup - hosts: sk2013 + hosts: sk2016 roles: - role: sshserver - role: vm-host diff --git a/remove-known-host.sh b/remove-known-host.sh index 9aecb8e7..d681f0e6 100755 --- a/remove-known-host.sh +++ b/remove-known-host.sh @@ -23,7 +23,7 @@ fi for name in $IP $IP6 $HOST $HOST6 $SHORT; do - ssh-keygen -f "/home/rhadmin/.ssh/known_hosts" -R "$name" + ssh-keygen -f "$HOME/.ssh/known_hosts" -R "$name" done exit 0 diff --git a/roles/sshserver/tasks/main.yaml b/roles/sshserver/tasks/main.yaml index 0c776816..52a36343 100644 --- a/roles/sshserver/tasks/main.yaml +++ b/roles/sshserver/tasks/main.yaml @@ -21,5 +21,5 @@ lineinfile: dest: /etc/ssh/sshd_config regexp: "^AllowUsers" - line: "AllowUsers {{ ' '.join([ 'root', 'rhadmin' ] | union(sshserver_allowusers_group | default([])) | union(sshserver_allowusers_host | default([]))) }}" + line: "AllowUsers {{ ' '.join([ 'root' ] | union(sshserver_allowusers_group | default([])) | union(sshserver_allowusers_host | default([]))) }}" notify: restart ssh diff --git a/roles/vm-host/handlers/main.yaml b/roles/vm-host/handlers/main.yaml new file mode 100644 index 00000000..158f4dcd --- /dev/null +++ b/roles/vm-host/handlers/main.yaml @@ -0,0 +1,5 @@ +--- +- name: restart inetd + service: + name: openbsd-inetd + state: restarted diff --git a/roles/vm-host/tasks/main.yaml b/roles/vm-host/tasks/main.yaml new file mode 100644 index 00000000..4c216d27 --- /dev/null +++ b/roles/vm-host/tasks/main.yaml @@ -0,0 +1,26 @@ +--- +- name: install tftpd and python-libvirt + with_items: + - atftpd + - openbsd-inetd + - python-libvirt + apt: + name: "{{ item }}" + state: present + +- name: configure tftpd via inetd + lineinfile: + regexp: "^#?tftp" + line: "tftp dgram udp4 wait nobody /usr/sbin/tcpd /usr/sbin/in.tftpd --tftpd-timeout 300 --retry-timeout 5 --maxthread 10 --verbose=5 {{ vm_host.installer.preseed_path }}" + path: /etc/inetd.conf + notify: restart inetd + +- name: make sure installer directories exists + with_items: + - "{{ vm_host.installer.path }}" + - "{{ vm_host.installer.preseed_path }}" + file: + name: "{{ item }}" + state: directory + +# TODO: download installer images diff --git a/roles/vm-install/tasks/main.yaml b/roles/vm-install/tasks/main.yaml index 214db25a..ef5af38e 100644 --- a/roles/vm-install/tasks/main.yaml +++ b/roles/vm-install/tasks/main.yaml @@ -2,10 +2,8 @@ - name: generate preseed file template: src: "preseed_{{ vmdistro }}.cfg.j2" - dest: "/home/rhadmin/ansible/preseed/vm-{{ inventory_hostname }}-{{ vmdistro }}.cfg" - owner: rhadmin - group: rhadmin - delegate_to: ansible + dest: "{{ hostvars[vm_install.host].vm_host.installer.preseed_path }}/vm-{{ inventory_hostname }}-{{ vmdistro }}.cfg" + delegate_to: "{{ vm_install.host }}" - name: create disks for vm with_dict: "{{ vm_install.disks.virtio | default({}) | combine(vm_install.disks.scsi | default({})) }}" diff --git a/roles/vm-install/templates/libvirt-domain.xml.j2 b/roles/vm-install/templates/libvirt-domain.xml.j2 index c95019eb..da09dca2 100644 --- a/roles/vm-install/templates/libvirt-domain.xml.j2 +++ b/roles/vm-install/templates/libvirt-domain.xml.j2 @@ -6,9 +6,9 @@ <os> <type arch='x86_64' machine='pc-0.12'>hvm</type> {% if run_installer %} - <kernel>/home/rhadmin/installer/{{ vmdistro }}/{{ vm_install.arch | default('amd64') }}/linux</kernel> - <initrd>/home/rhadmin/installer/{{ vmdistro }}/{{ vm_install.arch | default('amd64') }}/initrd.gz</initrd> - <cmdline>console=ttyS0,115200n8 auto=true interface=auto url=http://ansible.helsinki.at/preseed/vm-{{ inventory_hostname }}-{{ vmdistro }}.cfg netcfg/choose_interface=enp1s1 netcfg/disable_autoconfig=true netcfg/get_ipaddress={{ srv_network.internal.ip }} netcfg/get_netmask=255.255.255.0 netcfg/get_gateway=192.168.1.254 netcfg/get_nameservers=192.168.1.254 netcfg/confirm_static=true netcfg/get_hostname={{ inventory_hostname }} netcfg/get_domain=helsinki.at</cmdline> + <kernel>{{ hostvars[vm_install.host].vm_host.installer.path }}/{{ vmdistro }}/{{ vm_install.arch | default('amd64') }}/linux</kernel> + <initrd>{{ hostvars[vm_install.host].vm_host.installer.path }}/{{ vmdistro }}/{{ vm_install.arch | default('amd64') }}/initrd.gz</initrd> + <cmdline>console=ttyS0,115200n8 auto=true interface=auto url=tftp://{{ hostvars[vm_install.host]['ansible_' + hostvars[vm_install.host].vm_host.installer.net_if].ipv4.address }}/vm-{{ inventory_hostname }}-{{ vmdistro }}.cfg netcfg/choose_interface=enp1s1 netcfg/disable_autoconfig=true netcfg/get_ipaddress={{ vm_network.internet.ip }} netcfg/get_netmask={{ vm_network.internet.mask }} netcfg/get_gateway={{ vm_network.internet.gateway }} netcfg/get_nameservers={{ vm_network.internet.nameservers }} netcfg/confirm_static=true netcfg/get_hostname={{ inventory_hostname }} netcfg/get_domain={{ vm_network.internet.domain }}</cmdline> {% endif %} <boot dev='hd'/> </os> diff --git a/roles/vm-install/templates/preseed_stretch.cfg.j2 b/roles/vm-install/templates/preseed_stretch.cfg.j2 index b197395e..1d91b8c7 100644 --- a/roles/vm-install/templates/preseed_stretch.cfg.j2 +++ b/roles/vm-install/templates/preseed_stretch.cfg.j2 @@ -10,14 +10,14 @@ d-i keyboard-configuration/xkb-keymap select de #d-i netcfg/choose_interface select enp1s1 #d-i netcfg/disable_autoconfig boolean false -#d-i netcfg/get_ipaddress string {{ srv_network.internal.ip }} -#d-i netcfg/get_netmask string 255.255.255.0 -#d-i netcfg/get_gateway string 192.168.1.254 -#d-i netcfg/get_nameservers string 192.168.1.254 +#d-i netcfg/get_ipaddress string {{ vm_network.internet.ip }} +#d-i netcfg/get_netmask string {{ vm_network.internet.mask }} +#d-i netcfg/get_gateway string {{ vm_network.internet.gateway }} +#d-i netcfg/get_nameservers string {{ vm_network.internet.nameservers }} #d-i netcfg/confirm_static boolean true d-i netcfg/get_hostname string {{ inventory_hostname }} -d-i netcfg/get_domain string helsinki.at +d-i netcfg/get_domain string {{ vm_network.internet.domain }} d-i netcfg/wireless_wep string @@ -98,4 +98,4 @@ d-i grub-installer/with_other_os boolean false d-i finish-install/reboot_in_progress note -d-i preseed/late_command string in-target bash -c "passwd -d root; passwd -l root; umask 077; mkdir -p /root/.ssh/; echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDSWnaaAe6PwzB+XaU4kLUnc7BaUbg6wtgLv3M9JkUix ansible config-management' > /root/.ssh/authorized_keys" +d-i preseed/late_command string in-target bash -c "passwd -d root; passwd -l root; umask 077; mkdir -p /root/.ssh/; echo '{{ root_ssh_keys | default('') }}' > /root/.ssh/authorized_keys" diff --git a/roles/vm-network/tasks/main.yaml b/roles/vm-network/tasks/main.yaml index d41f6eb2..1052f134 100644 --- a/roles/vm-network/tasks/main.yaml +++ b/roles/vm-network/tasks/main.yaml @@ -1,9 +1,9 @@ --- -- include: systemd-link.yaml +- import_tasks: systemd-link.yaml when: srv_network.systemd_link is defined -- include: public.yaml +- import_tasks: public.yaml when: srv_network.public is defined -- include: lan.yaml +- import_tasks: lan.yaml when: srv_network.public is not defined diff --git a/vminstall.yaml b/vminstall.yaml index c8872b63..7db24d67 100644 --- a/vminstall.yaml +++ b/vminstall.yaml @@ -5,7 +5,7 @@ roles: - role: vm-install -- include: "playbooks/{{ vmname }}.yaml" +- import_playbook: "playbooks/{{ vmname }}.yaml" - name: Reboot and wait for VM come back hosts: "{{ vmname }}" |