From d9687ede9928eb8ec6a7b3ff238f7b9fd319a670 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 23 Aug 2020 01:56:46 +0200 Subject: revamp installer playbooks and add ch-apps vm --- chaos-at-home/iso-install.yml | 10 +++ common/cloud-install.yml | 31 ++++----- common/iso-install.yml | 74 ++++++++++++++++++++++ common/usb-install.yml | 29 +++++++-- common/vm-install.yml | 32 ++++------ dan/iso-install.yml | 10 +++ inventory/group_vars/chaos-at-home/network.yml | 3 +- inventory/host_vars/ch-apps.yml | 33 ++++++++++ inventory/host_vars/ch-nic.yml | 2 + inventory/hosts.ini | 15 +++-- iso-install.sh | 1 + .../templates/interfaces/multihomed-base.j2 | 4 +- .../guest/network/templates/interfaces/overlay.j2 | 4 +- .../guest/network/templates/interfaces/simple.j2 | 4 +- .../guest/network/templates/interfaces/simple6.j2 | 4 +- .../vm/host/network/templates/interfaces/simple.j2 | 4 +- .../host/network/templates/interfaces/simple6.j2 | 4 +- spreadspace/iso-install.yml | 10 +++ 18 files changed, 207 insertions(+), 67 deletions(-) create mode 100644 chaos-at-home/iso-install.yml create mode 100644 common/iso-install.yml create mode 100644 dan/iso-install.yml create mode 100644 inventory/host_vars/ch-apps.yml create mode 120000 iso-install.sh create mode 100644 spreadspace/iso-install.yml diff --git a/chaos-at-home/iso-install.yml b/chaos-at-home/iso-install.yml new file mode 100644 index 00000000..0ae125a2 --- /dev/null +++ b/chaos-at-home/iso-install.yml @@ -0,0 +1,10 @@ +--- +- name: cook variables for host + hosts: "{{ install_hostname }}" + gather_facts: no + tasks: + - set_fact: + install_cooked: "{{ install }}" + network_cooked: "{{ network }}" + +- import_playbook: ../common/iso-install.yml diff --git a/common/cloud-install.yml b/common/cloud-install.yml index db3d3faf..fbe0dd4f 100644 --- a/common/cloud-install.yml +++ b/common/cloud-install.yml @@ -6,45 +6,36 @@ - role: cloud/install -- name: wait for newly installed machine to start up +- name: wait for new machine to start up, apply early roles and reboot hosts: "{{ install_hostname }}" gather_facts: no - tasks: + pre_tasks: ## TODO: find a better way to fetch host key of new VMs - name: disable ssh StrictHostKeyChecking for the next step set_fact: - ansible_ssh_extra_args: -o StrictHostKeyChecking=no + ansible_ssh_extra_args: "-o StrictHostKeyChecking=no{% if install_jumphost is defined %} -o 'ProxyCommand ssh -q -a {{ install_jumphost }} -W %h:%p'{% endif %}" - name: clear all gathered facts meta: clear_facts - - - name: wait for newly installed machine to start up + - name: wait for host to start up wait_for_connection: delay: 5 timeout: 240 - - - name: reenable StrictHostKeyChecking - set_fact: - ansible_ssh_extra_args: "" - - -- name: run post install roles - hosts: "{{ install_hostname }}" - pre_tasks: - name: make sure to update cached facts setup: - roles: - - role: cloud/post-install - -- name: reboot and wait for machine come back - hosts: "{{ install_hostname }}" - gather_facts: no roles: + - role: cloud/post-install - role: reboot-and-wait reboot_delay: 10 reboot_timeout: 120 + post_tasks: + - name: reenable StrictHostKeyChecking + set_fact: + ansible_ssh_extra_args: "" + + - name: run host playbook vars: params: diff --git a/common/iso-install.yml b/common/iso-install.yml new file mode 100644 index 00000000..2eb5d049 --- /dev/null +++ b/common/iso-install.yml @@ -0,0 +1,74 @@ +--- +- name: preparations and sanity checks + hosts: "{{ install_hostname }}" + connection: local + gather_facts: no + roles: + - role: installer/debian/iso + installer_base_path: "{{ global_cache_dir }}/debian-installer" + installer_keyrings_path: "{{ global_files_dir }}/common/keyrings" + post_tasks: + - set_fact: + iso_install_image_path: "{{ iso_install_target_dir }}/{{ install_hostname }}.iso" + + +- name: basic installation + hosts: "{{ install_hostname }}" + gather_facts: no + tasks: + - pause: + prompt: | + The generated image can be found at: + + {{ iso_install_image_path }} + + Please load the image into the machine and boot from it. + {% if install_distro == "debian" and install_cooked.efi is defined and install_cooked.efi %} + + Mind that debian mini.iso based installers have a bug that prevents grub from loading the correct + config file on EFI systems. In case you only see a grub shell prompt ('grub>') after booting the + iso image you can load the correct config file using this command: + + grub> (cd0)/boot/grub/grub.cfg + + {% endif %} + Once the installation is done press enter to continue or Ctrl-C + 'A' to abort. + + +- name: wait for new machine to start up, apply early roles and reboot + hosts: "{{ install_hostname }}" + gather_facts: no + pre_tasks: + ## TODO: find a better way to fetch host key of new VMs + - name: disable ssh StrictHostKeyChecking for the next step + set_fact: + ansible_ssh_extra_args: "-o StrictHostKeyChecking=no{% if install_jumphost is defined %} -o 'ProxyCommand ssh -q -a {{ install_jumphost }} -W %h:%p'{% endif %}" + + - name: clear all gathered facts + meta: clear_facts + - name: wait for host to start up + wait_for_connection: + delay: 5 + timeout: 120 + - name: make sure to update cached facts + setup: + + # roles: + # ### TODO: add role that configures networking + # - role: reboot-and-wait + # reboot_delay: 10 + # reboot_timeout: 120 + + post_tasks: + - name: reenable StrictHostKeyChecking + set_fact: + ansible_ssh_extra_args: "" + + +- name: run host playbook + vars: + params: + files: + - "../{{ install_environment }}/{{ install_hostname }}.yml" + - "../{{ install_environment }}/{{ install_playbook | default('common') }}.yml" + import_playbook: "{{ q('first_found', params) | first }}" diff --git a/common/usb-install.yml b/common/usb-install.yml index f24e0fb8..bacb781f 100644 --- a/common/usb-install.yml +++ b/common/usb-install.yml @@ -1,9 +1,8 @@ --- -- name: fetch debian installer and bake initrd +- name: preparations and sanity checks hosts: "{{ install_hostname }}" connection: local gather_facts: no - vars_prompt: - name: usb_install_path prompt: Where is the USB installation medium mounted to? @@ -14,32 +13,48 @@ installer_base_path: "{{ global_cache_dir }}/debian-installer" installer_keyrings_path: "{{ global_files_dir }}/common/keyrings" -- name: wait for new machine to start up + +- name: basic installation hosts: "{{ install_hostname }}" gather_facts: no tasks: - pause: prompt: | - Please plug the stick into the machine and boot from it. - When the installation is done press enter to continue or Ctrl-C + 'A' to abort. + Please unmount the USB the stick, plug it into the machine and boot from it. + + Once the installation is done press enter to continue or Ctrl-C + 'A' to abort. + +- name: wait for new machine to start up, apply early roles and reboot + hosts: "{{ install_hostname }}" + gather_facts: no + pre_tasks: ## TODO: find a better way to fetch host key of new VMs - name: disable ssh StrictHostKeyChecking for the next step set_fact: - ansible_ssh_extra_args: -o StrictHostKeyChecking=no + ansible_ssh_extra_args: "-o StrictHostKeyChecking=no{% if install_jumphost is defined %} -o 'ProxyCommand ssh -q -a {{ install_jumphost }} -W %h:%p'{% endif %}" - name: clear all gathered facts meta: clear_facts - - name: wait for host to start up wait_for_connection: delay: 5 timeout: 120 + - name: make sure to update cached facts + setup: + # roles: + # ### TODO: add role that configures networking + # - role: reboot-and-wait + # reboot_delay: 10 + # reboot_timeout: 120 + + post_tasks: - name: reenable StrictHostKeyChecking set_fact: ansible_ssh_extra_args: "" + - name: run host playbook vars: params: diff --git a/common/vm-install.yml b/common/vm-install.yml index 64f4d696..5084ba0b 100644 --- a/common/vm-install.yml +++ b/common/vm-install.yml @@ -1,5 +1,5 @@ --- -- name: preperations and sanity checks +- name: preparations and sanity checks hosts: "{{ install_hostname }}" gather_facts: no tasks: @@ -30,47 +30,39 @@ - role: vm/guest/install -- name: wait for new vm to start up +- name: wait for new machine to start up, apply early roles and reboot hosts: "{{ install_hostname }}" gather_facts: no - tasks: + pre_tasks: ## TODO: find a better way to fetch host key of new VMs - name: disable ssh StrictHostKeyChecking for the next step set_fact: - ansible_ssh_extra_args: -o StrictHostKeyChecking=no + ansible_ssh_extra_args: "-o StrictHostKeyChecking=no{% if install_jumphost is defined %} -o 'ProxyCommand ssh -q -a {{ install_jumphost }} -W %h:%p'{% endif %}" - name: clear all gathered facts meta: clear_facts - - - name: wait for vm to start up + - name: wait for host to start up wait_for_connection: delay: 5 timeout: 120 - - - name: reenable StrictHostKeyChecking - set_fact: - ansible_ssh_extra_args: "" - - -- name: apply basic VM configuration roles - hosts: "{{ install_hostname }}" - pre_tasks: - name: make sure to update cached facts setup: + roles: - role: vm/guest/network when: install_distro in ['debian', 'ubuntu'] - role: vm/guest/base when: install_distro in ['debian', 'ubuntu'] - -- name: reboot and wait for VM to come back - hosts: "{{ install_hostname }}" - gather_facts: no - roles: - role: reboot-and-wait reboot_delay: 10 reboot_timeout: 120 + post_tasks: + - name: reenable StrictHostKeyChecking + set_fact: + ansible_ssh_extra_args: "" + + - name: run host playbook vars: params: diff --git a/dan/iso-install.yml b/dan/iso-install.yml new file mode 100644 index 00000000..0ae125a2 --- /dev/null +++ b/dan/iso-install.yml @@ -0,0 +1,10 @@ +--- +- name: cook variables for host + hosts: "{{ install_hostname }}" + gather_facts: no + tasks: + - set_fact: + install_cooked: "{{ install }}" + network_cooked: "{{ network }}" + +- import_playbook: ../common/iso-install.yml diff --git a/inventory/group_vars/chaos-at-home/network.yml b/inventory/group_vars/chaos-at-home/network.yml index b21074ff..769c6291 100644 --- a/inventory/group_vars/chaos-at-home/network.yml +++ b/inventory/group_vars/chaos-at-home/network.yml @@ -43,9 +43,10 @@ network_zones: # - 192.168.32.254 - 9.9.9.9 offsets: + ch-stats: 10 ch-jump: 22 ch-gw-lan: 28 - ch-stats: 10 + ch-apps: 32 ch-nic: 53 ch-web: 80 ch-mail: 143 diff --git a/inventory/host_vars/ch-apps.yml b/inventory/host_vars/ch-apps.yml new file mode 100644 index 00000000..1f2e02bc --- /dev/null +++ b/inventory/host_vars/ch-apps.yml @@ -0,0 +1,33 @@ +--- +install_jumphost: ch-jump + +install: + vm: + memory: 8G + numcpus: 6 + autostart: True + disks: + primary: /dev/sda + scsi: + sda: + type: zfs + name: root + size: 10g + interfaces: + - bridge: br-svc + name: svc0 + +network: + nameservers: "{{ network_zones.svc.dns }}" + domain: "{{ host_domain }}" + systemd_link: + interfaces: "{{ install.interfaces }}" + primary: &_network_primary_ + name: svc0 + address: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets[inventory_hostname]) | ipaddr('address/prefix') }}" + gateway: "{{ network_zones.svc.gateway }}" + static_routes: + - destination: "{{ network_zones.lan.prefix }}" + gateway: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ipaddr('address') }}" + interfaces: + - *_network_primary_ diff --git a/inventory/host_vars/ch-nic.yml b/inventory/host_vars/ch-nic.yml index 60c68f57..4a323853 100644 --- a/inventory/host_vars/ch-nic.yml +++ b/inventory/host_vars/ch-nic.yml @@ -1,4 +1,6 @@ --- +install_jumphost: ch-jump + install: vm: memory: 768M diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 0e1431bf..7bc1ae64 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -14,20 +14,21 @@ host_domain=chaos-at-home.org env_group=chaos-at-home [chaos-at-home] +ch-gnocchi host_name=gnocchi +ch-router host_name=router +ch-router-obsd host_name=router +ch-gw-lan host_name=gw-lan +ch-jump host_name=jump ansible_port=2342 ansible_host=ch-jump +ch-nic host_name=nic ch-equinox-ws host_name=equinox-ws ch-prometheus host_name=prometheus +ch-apps host_name=apps ch-atlas host_name=atlas ch-pan host_name=pan ch-keyserver host_name=keyserver ch-testvm host_name=testvm ch-mimas host_name=mimas ch-mimas2 host_name=mimas -ch-gnocchi host_name=gnocchi -ch-router host_name=router -ch-router-obsd host_name=router -ch-gw-lan host_name=gw-lan -ch-jump host_name=jump ansible_port=2342 ansible_host=ch-jump -ch-nic host_name=nic ch-oulu host_name=oulu host_domain=helsinki.at ch-oulu-vm1 host_name=oulu-vm1 host_domain=helsinki.at @@ -257,7 +258,7 @@ ch-gnocchi vmhost-ch-gnocchi-guests [vmhost-ch-prometheus-guests] -ch-dummy +ch-apps [vmhost-ch-prometheus] ch-prometheus [vmhost-ch-prometheus:children] diff --git a/iso-install.sh b/iso-install.sh new file mode 120000 index 00000000..61e71e22 --- /dev/null +++ b/iso-install.sh @@ -0,0 +1 @@ +install.sh \ No newline at end of file diff --git a/roles/vm/guest/network/templates/interfaces/multihomed-base.j2 b/roles/vm/guest/network/templates/interfaces/multihomed-base.j2 index db16d15f..3420dcf0 100644 --- a/roles/vm/guest/network/templates/interfaces/multihomed-base.j2 +++ b/roles/vm/guest/network/templates/interfaces/multihomed-base.j2 @@ -1,7 +1,7 @@ address {{ interface.address | ipaddr('address') }} netmask {{ interface.address | ipaddr('netmask') }} {% for route in interface.static_routes | default([]) %} - up /bin/ip route add {{ route.destination }} via {{ route.gateway }}{% if 'source' in route %} src {{ route.source }}{% endif %}{% if 'table' in route %} table {{ route.table }}{% endif %} + up /bin/ip route add {{ route.destination }} via {{ route.gateway }}{% if 'source' in route %} src {{ route.source }}{% endif %}{% if 'table' in route %} table {{ route.table }}{% endif %}{{ '' }} {% endfor %} {% if 'gateway' in interface %} up /bin/ip route add default via {{ interface.gateway }} table default @@ -14,5 +14,5 @@ down /bin/ip route del default via {{ interface.gateway }} table default {% endif %} {% for route in interface.static_routes | default([]) | reverse %} - down /bin/ip route del {{ route.destination }} via {{ route.gateway }}{% if 'source' in route %} src {{ route.source }}{% endif %}{% if 'table' in route %} table {{ route.table }}{% endif %} + down /bin/ip route del {{ route.destination }} via {{ route.gateway }}{% if 'source' in route %} src {{ route.source }}{% endif %}{% if 'table' in route %} table {{ route.table }}{% endif %}{{ '' }} {% endfor %} diff --git a/roles/vm/guest/network/templates/interfaces/overlay.j2 b/roles/vm/guest/network/templates/interfaces/overlay.j2 index 0524c5df..b2ef11a9 100644 --- a/roles/vm/guest/network/templates/interfaces/overlay.j2 +++ b/roles/vm/guest/network/templates/interfaces/overlay.j2 @@ -2,13 +2,13 @@ netmask {{ interface.address | ipaddr('netmask') }} up /bin/ip addr add dev $IFACE {{ interface.overlay }}/32 {% for route in interface.static_routes | default([]) %} - up /bin/ip route add {{ route.destination }} via {{ route.gateway }}{% if 'source' in route %} src {{ route.source }}{% endif %} + up /bin/ip route add {{ route.destination }} via {{ route.gateway }}{% if 'source' in route %} src {{ route.source }}{% endif %}{{ '' }} {% endfor %} {% if 'gateway' in interface %} up /bin/ip route add default via {{ interface.gateway }} src {{ interface.overlay }} down /bin/ip route del default via {{ interface.gateway }} src {{ interface.overlay }} {% endif %} {% for route in interface.static_routes | default([]) | reverse %} - down /bin/ip route del {{ route.destination }} via {{ route.gateway }}{% if 'source' in route %} src {{ route.source }}{% endif %} + down /bin/ip route del {{ route.destination }} via {{ route.gateway }}{% if 'source' in route %} src {{ route.source }}{% endif %}{{ '' }} {% endfor %} down /bin/ip addr del dev $IFACE {{ interface.overlay }}/32 diff --git a/roles/vm/guest/network/templates/interfaces/simple.j2 b/roles/vm/guest/network/templates/interfaces/simple.j2 index c5b7dadc..8d1bb83e 100644 --- a/roles/vm/guest/network/templates/interfaces/simple.j2 +++ b/roles/vm/guest/network/templates/interfaces/simple.j2 @@ -4,8 +4,8 @@ gateway {{ interface.gateway }} {% endif %} {% for route in interface.static_routes | default([]) %} - up /bin/ip route add {{ route.destination }} via {{ route.gateway }}{% if 'source' in route %} src {{ route.source }}{% endif %} + up /bin/ip route add {{ route.destination }} via {{ route.gateway }}{% if 'source' in route %} src {{ route.source }}{% endif %}{{ '' }} {% endfor %} {% for route in interface.static_routes | default([]) | reverse %} - down /bin/ip route del {{ route.destination }} via {{ route.gateway }}{% if 'source' in route %} src {{ route.source }}{% endif %} + down /bin/ip route del {{ route.destination }} via {{ route.gateway }}{% if 'source' in route %} src {{ route.source }}{% endif %}{{ '' }} {% endfor %} diff --git a/roles/vm/guest/network/templates/interfaces/simple6.j2 b/roles/vm/guest/network/templates/interfaces/simple6.j2 index 37fda07a..aa10070a 100644 --- a/roles/vm/guest/network/templates/interfaces/simple6.j2 +++ b/roles/vm/guest/network/templates/interfaces/simple6.j2 @@ -3,8 +3,8 @@ gateway {{ interface.gateway6 }} {% endif %} {% for route in interface.static_routes6 | default([]) %} - up /bin/ip -6 route add {{ route.destination }} via {{ route.gateway }}{% if 'source' in route %} src {{ route.source }}{% endif %} + up /bin/ip -6 route add {{ route.destination }} via {{ route.gateway }}{% if 'source' in route %} src {{ route.source }}{% endif %}{{ '' }} {% endfor %} {% for route in interface.static_routes6 | default([]) | reverse %} - down /bin/ip -6 route del {{ route.destination }} via {{ route.gateway }}{% if 'source' in route %} src {{ route.source }}{% endif %} + down /bin/ip -6 route del {{ route.destination }} via {{ route.gateway }}{% if 'source' in route %} src {{ route.source }}{% endif %}{{ '' }} {% endfor %} diff --git a/roles/vm/host/network/templates/interfaces/simple.j2 b/roles/vm/host/network/templates/interfaces/simple.j2 index c5b7dadc..8d1bb83e 100644 --- a/roles/vm/host/network/templates/interfaces/simple.j2 +++ b/roles/vm/host/network/templates/interfaces/simple.j2 @@ -4,8 +4,8 @@ gateway {{ interface.gateway }} {% endif %} {% for route in interface.static_routes | default([]) %} - up /bin/ip route add {{ route.destination }} via {{ route.gateway }}{% if 'source' in route %} src {{ route.source }}{% endif %} + up /bin/ip route add {{ route.destination }} via {{ route.gateway }}{% if 'source' in route %} src {{ route.source }}{% endif %}{{ '' }} {% endfor %} {% for route in interface.static_routes | default([]) | reverse %} - down /bin/ip route del {{ route.destination }} via {{ route.gateway }}{% if 'source' in route %} src {{ route.source }}{% endif %} + down /bin/ip route del {{ route.destination }} via {{ route.gateway }}{% if 'source' in route %} src {{ route.source }}{% endif %}{{ '' }} {% endfor %} diff --git a/roles/vm/host/network/templates/interfaces/simple6.j2 b/roles/vm/host/network/templates/interfaces/simple6.j2 index 37fda07a..aa10070a 100644 --- a/roles/vm/host/network/templates/interfaces/simple6.j2 +++ b/roles/vm/host/network/templates/interfaces/simple6.j2 @@ -3,8 +3,8 @@ gateway {{ interface.gateway6 }} {% endif %} {% for route in interface.static_routes6 | default([]) %} - up /bin/ip -6 route add {{ route.destination }} via {{ route.gateway }}{% if 'source' in route %} src {{ route.source }}{% endif %} + up /bin/ip -6 route add {{ route.destination }} via {{ route.gateway }}{% if 'source' in route %} src {{ route.source }}{% endif %}{{ '' }} {% endfor %} {% for route in interface.static_routes6 | default([]) | reverse %} - down /bin/ip -6 route del {{ route.destination }} via {{ route.gateway }}{% if 'source' in route %} src {{ route.source }}{% endif %} + down /bin/ip -6 route del {{ route.destination }} via {{ route.gateway }}{% if 'source' in route %} src {{ route.source }}{% endif %}{{ '' }} {% endfor %} diff --git a/spreadspace/iso-install.yml b/spreadspace/iso-install.yml new file mode 100644 index 00000000..0ae125a2 --- /dev/null +++ b/spreadspace/iso-install.yml @@ -0,0 +1,10 @@ +--- +- name: cook variables for host + hosts: "{{ install_hostname }}" + gather_facts: no + tasks: + - set_fact: + install_cooked: "{{ install }}" + network_cooked: "{{ network }}" + +- import_playbook: ../common/iso-install.yml -- cgit v1.2.3