From 67db0fd753e18532aab373851e85e791008b5384 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Mon, 27 Dec 2021 20:46:21 +0100
Subject: implement vm/guest/network role for OpenBSD

---
 common/vm-install.yml                              |  2 -
 inventory/host_vars/ch-router-obsd.yml             |  8 ++-
 roles/vm/guest/base/tasks/Debian.yml               | 61 ++++++++++++++++++++
 roles/vm/guest/base/tasks/OpenBSD.yml              |  2 +
 roles/vm/guest/base/tasks/main.yml                 | 67 +++-------------------
 .../guest/define/templates/libvirt-domain.xml.j2   |  2 +-
 roles/vm/guest/network/tasks/Debian.yml            | 40 +++++++++++++
 roles/vm/guest/network/tasks/OpenBSD.yml           | 15 +++++
 roles/vm/guest/network/tasks/main.yml              | 50 ++++------------
 9 files changed, 144 insertions(+), 103 deletions(-)
 create mode 100644 roles/vm/guest/base/tasks/Debian.yml
 create mode 100644 roles/vm/guest/base/tasks/OpenBSD.yml
 create mode 100644 roles/vm/guest/network/tasks/Debian.yml
 create mode 100644 roles/vm/guest/network/tasks/OpenBSD.yml

diff --git a/common/vm-install.yml b/common/vm-install.yml
index 414b614f..6c98ae73 100644
--- a/common/vm-install.yml
+++ b/common/vm-install.yml
@@ -45,9 +45,7 @@
 
   roles:
   - role: vm/guest/network
-    when: install_distro in ['debian', 'ubuntu']
   - role: vm/guest/base
-    when: install_distro in ['debian', 'ubuntu']
 
   post_tasks:
   - name: reenable StrictHostKeyChecking
diff --git a/inventory/host_vars/ch-router-obsd.yml b/inventory/host_vars/ch-router-obsd.yml
index cf2b7784..7827cf99 100644
--- a/inventory/host_vars/ch-router-obsd.yml
+++ b/inventory/host_vars/ch-router-obsd.yml
@@ -10,9 +10,8 @@ install:
     primary: /dev/sda
     virtio:
       vda:
-        type: lvm
-        vg: "{{ hostvars[vm_host.name].host_name }}"
-        lv: "{{ inventory_hostname }}"
+        type: zfs
+        name: root
         size: 10g
   interfaces:
   - bridge: br-svc
@@ -25,5 +24,8 @@ network:
     name: vio0
     address: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
     gateway: "{{ network_zones.svc.gateway }}"
+    static_routes:
+    - destination: "{{ network_zones.lan.prefix }}"
+      gateway: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ipaddr('address') }}"
   interfaces:
   - *_network_primary_
diff --git a/roles/vm/guest/base/tasks/Debian.yml b/roles/vm/guest/base/tasks/Debian.yml
new file mode 100644
index 00000000..7a383fe1
--- /dev/null
+++ b/roles/vm/guest/base/tasks/Debian.yml
@@ -0,0 +1,61 @@
+---
+- name: install rngd
+  apt:
+    name: rng-tools5
+    state: present
+    force_apt_get: yes
+
+- name: get size of entropy pool
+  check_mode: no
+  command: cat /proc/sys/kernel/random/poolsize
+  changed_when: false
+  register: entropy_pool_size
+
+- name: create systemd override directory for rngd
+  file:
+    path: /etc/systemd/system/rngd.service.d
+    state: directory
+
+- name: configure rngd
+  copy:
+    content: |
+      [Service]
+      ExecStart=
+      ExecStart=/usr/sbin/rngd -f -r /dev/hwrng -s 256 -W {{ ((entropy_pool_size.stdout_lines | first | int) * 0.8) | int }}
+    dest: /etc/systemd/system/rngd.service.d/hwrng-device.conf
+  notify: restart rngd
+
+
+- name: provide a root shell on the VM serial console
+  when: vm_guest_autologin_on_serial
+  block:
+  - name: create systemd override directory for gettyS0
+    file:
+      path: /etc/systemd/system/serial-getty@ttyS0.service.d/
+      state: directory
+
+  - name: create autologin config for gettyS0
+    copy:
+      dest: /etc/systemd/system/serial-getty@ttyS0.service.d/autologon.conf
+      content: |
+        [Service]
+        ExecStart=
+        ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 --noclear --autologin root --login-pause --host {{ vm_host_cooked.name }} %I $TERM
+
+
+- name: enable serial console in grub and for kernel
+  vars:
+    grub_options:
+      GRUB_TIMEOUT: 2
+      GRUB_CMDLINE_LINUX: '"console=ttyS0,115200n8"'
+      GRUB_TERMINAL: serial
+      GRUB_SERIAL_COMMAND: >-
+        "serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1"
+  loop: "{{ grub_options | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  lineinfile:
+    dest: /etc/default/grub
+    regexp: "^{{ item.key }}="
+    line: "{{ item.key }}={{ item.value }}"
+  notify: update grub
diff --git a/roles/vm/guest/base/tasks/OpenBSD.yml b/roles/vm/guest/base/tasks/OpenBSD.yml
new file mode 100644
index 00000000..94832c38
--- /dev/null
+++ b/roles/vm/guest/base/tasks/OpenBSD.yml
@@ -0,0 +1,2 @@
+---
+## nothing to do here
diff --git a/roles/vm/guest/base/tasks/main.yml b/roles/vm/guest/base/tasks/main.yml
index 7a383fe1..410a07cb 100644
--- a/roles/vm/guest/base/tasks/main.yml
+++ b/roles/vm/guest/base/tasks/main.yml
@@ -1,61 +1,12 @@
 ---
-- name: install rngd
-  apt:
-    name: rng-tools5
-    state: present
-    force_apt_get: yes
-
-- name: get size of entropy pool
-  check_mode: no
-  command: cat /proc/sys/kernel/random/poolsize
-  changed_when: false
-  register: entropy_pool_size
-
-- name: create systemd override directory for rngd
-  file:
-    path: /etc/systemd/system/rngd.service.d
-    state: directory
-
-- name: configure rngd
-  copy:
-    content: |
-      [Service]
-      ExecStart=
-      ExecStart=/usr/sbin/rngd -f -r /dev/hwrng -s 256 -W {{ ((entropy_pool_size.stdout_lines | first | int) * 0.8) | int }}
-    dest: /etc/systemd/system/rngd.service.d/hwrng-device.conf
-  notify: restart rngd
-
-
-- name: provide a root shell on the VM serial console
-  when: vm_guest_autologin_on_serial
-  block:
-  - name: create systemd override directory for gettyS0
-    file:
-      path: /etc/systemd/system/serial-getty@ttyS0.service.d/
-      state: directory
-
-  - name: create autologin config for gettyS0
-    copy:
-      dest: /etc/systemd/system/serial-getty@ttyS0.service.d/autologon.conf
-      content: |
-        [Service]
-        ExecStart=
-        ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 --noclear --autologin root --login-pause --host {{ vm_host_cooked.name }} %I $TERM
-
-
-- name: enable serial console in grub and for kernel
+- name: load os/distrubtion/version specific tasks
   vars:
-    grub_options:
-      GRUB_TIMEOUT: 2
-      GRUB_CMDLINE_LINUX: '"console=ttyS0,115200n8"'
-      GRUB_TERMINAL: serial
-      GRUB_SERIAL_COMMAND: >-
-        "serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1"
-  loop: "{{ grub_options | dict2items }}"
+    params:
+      files:
+      - "{{ ansible_distribution_release }}.yml"
+      - "{{ ansible_distribution }}.yml"
+      - "{{ ansible_os_family }}.yml"
+  loop: "{{ q('first_found', params) }}"
   loop_control:
-    label: "{{ item.key }}"
-  lineinfile:
-    dest: /etc/default/grub
-    regexp: "^{{ item.key }}="
-    line: "{{ item.key }}={{ item.value }}"
-  notify: update grub
+    loop_var: tasks_file
+  include_tasks: "{{ tasks_file }}"
diff --git a/roles/vm/guest/define/templates/libvirt-domain.xml.j2 b/roles/vm/guest/define/templates/libvirt-domain.xml.j2
index 41671f73..d329a7de 100644
--- a/roles/vm/guest/define/templates/libvirt-domain.xml.j2
+++ b/roles/vm/guest/define/templates/libvirt-domain.xml.j2
@@ -4,7 +4,7 @@
   <currentMemory>{{ ((install_cooked.vm.memory | human_to_bytes) / 1024) | int }}</currentMemory>
   <vcpu>{{ install_cooked.vm.numcpus }}</vcpu>
   <os>
-    <type arch='x86_64' machine='pc-0.12'>hvm</type>
+    <type arch='x86_64' machine='pc'>hvm</type>
 {% if vm_define_installer %}
 {%   if install_distro == 'debian' or install_distro == 'ubuntu' %}
     <kernel>{{ installer_tmpdir }}/linux</kernel>
diff --git a/roles/vm/guest/network/tasks/Debian.yml b/roles/vm/guest/network/tasks/Debian.yml
new file mode 100644
index 00000000..27a7682a
--- /dev/null
+++ b/roles/vm/guest/network/tasks/Debian.yml
@@ -0,0 +1,40 @@
+---
+- name: configure systemd link units
+  when: network_cooked.systemd_link is defined
+  block:
+  - name: remove legacy systemd.link units
+    loop:
+      - 50-virtio-kernel-names.link
+      - 99-default.link
+    file:
+      name: "/etc/systemd/network/{{ item }}"
+      state: absent
+
+  - name: install systemd network link units
+    loop: "{{ network_cooked.systemd_link.interfaces }}"
+    loop_control:
+      label: "{{ item.name }}"
+      index_var: interface_index
+    template:
+      src: systemd.link.j2
+      dest: "/etc/systemd/network/{{ '%02d' | format(interface_index + 11) }}-{{ item.name }}.link"
+    notify: rebuild initramfs
+
+
+- name: install basic interface config
+  template:
+    src: interfaces.j2
+    dest: /etc/network/interfaces
+    mode: 0644
+
+- name: remove resolvconf package
+  apt:
+    name: resolvconf
+    state: absent
+    force_apt_get: yes
+    purge: yes
+
+- name: generate resolv.conf
+  template:
+    src: resolv.conf.j2
+    dest: /etc/resolv.conf
diff --git a/roles/vm/guest/network/tasks/OpenBSD.yml b/roles/vm/guest/network/tasks/OpenBSD.yml
new file mode 100644
index 00000000..4357ea4e
--- /dev/null
+++ b/roles/vm/guest/network/tasks/OpenBSD.yml
@@ -0,0 +1,15 @@
+---
+- name: generate network interface configs
+  loop: "{{ network_cooked.interfaces }}"
+  loop_control:
+    loop_var: interface
+    label: "{{ interface.name }}"
+  copy:
+    dest: "/etc/hostname.{{ interface.name }}"
+    content: |
+      inet {{ interface.address | ipaddr('address') }} {{ interface.address | ipaddr('netmask') }}
+      {% for route in interface.static_routes | default([]) %}
+      !route add -net {{ route.destination }} {{ route.gateway }}
+      {% endfor %}
+
+## TODO: configure default gateway - for now we rely on installer to do the right thing
diff --git a/roles/vm/guest/network/tasks/main.yml b/roles/vm/guest/network/tasks/main.yml
index 27a7682a..410a07cb 100644
--- a/roles/vm/guest/network/tasks/main.yml
+++ b/roles/vm/guest/network/tasks/main.yml
@@ -1,40 +1,12 @@
 ---
-- name: configure systemd link units
-  when: network_cooked.systemd_link is defined
-  block:
-  - name: remove legacy systemd.link units
-    loop:
-      - 50-virtio-kernel-names.link
-      - 99-default.link
-    file:
-      name: "/etc/systemd/network/{{ item }}"
-      state: absent
-
-  - name: install systemd network link units
-    loop: "{{ network_cooked.systemd_link.interfaces }}"
-    loop_control:
-      label: "{{ item.name }}"
-      index_var: interface_index
-    template:
-      src: systemd.link.j2
-      dest: "/etc/systemd/network/{{ '%02d' | format(interface_index + 11) }}-{{ item.name }}.link"
-    notify: rebuild initramfs
-
-
-- name: install basic interface config
-  template:
-    src: interfaces.j2
-    dest: /etc/network/interfaces
-    mode: 0644
-
-- name: remove resolvconf package
-  apt:
-    name: resolvconf
-    state: absent
-    force_apt_get: yes
-    purge: yes
-
-- name: generate resolv.conf
-  template:
-    src: resolv.conf.j2
-    dest: /etc/resolv.conf
+- name: load os/distrubtion/version specific tasks
+  vars:
+    params:
+      files:
+      - "{{ ansible_distribution_release }}.yml"
+      - "{{ ansible_distribution }}.yml"
+      - "{{ ansible_os_family }}.yml"
+  loop: "{{ q('first_found', params) }}"
+  loop_control:
+    loop_var: tasks_file
+  include_tasks: "{{ tasks_file }}"
-- 
cgit v1.2.3