From b9b2f51bc8547f0cb4f9c354956650841941f119 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 2 Dec 2018 03:12:32 +0100 Subject: merge over installer roles from realraum repo --- roles/preseed/tasks/main.yml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 roles/preseed/tasks/main.yml (limited to 'roles/preseed/tasks/main.yml') diff --git a/roles/preseed/tasks/main.yml b/roles/preseed/tasks/main.yml new file mode 100644 index 00000000..51471c56 --- /dev/null +++ b/roles/preseed/tasks/main.yml @@ -0,0 +1,25 @@ +- name: Copy initramfs into position + copy: + remote_src: yes + src: "{{ debian_installer_path | mandatory }}/{{ install_distro }}-{{ install_codename }}/{{ hostvars[hostname].install_cooked.arch | default('amd64') }}/initrd.gz" + dest: "{{ preseed_tmpdir }}/initrd.preseed.gz" + +- name: Generate preseed file + template: + src: "preseed_{{ install_distro }}-{{ install_codename }}.cfg.j2" + dest: "{{ preseed_tmpdir }}/preseed.cfg" + +- name: Generate authorized_keys file + authorized_key: + user: root + manage_dir: no + path: "{{ preseed_tmpdir }}/authorized_keys" + key: "{{ ssh_users_root | user_ssh_keys(users) | join('\n') }}" + +- name: Inject files into initramfs + shell: cpio -H newc -o | gzip -9 >> 'initrd.preseed.gz' + args: + chdir: "{{ preseed_tmpdir }}" + stdin: | + preseed.cfg + authorized_keys -- cgit v1.2.3 From d131f5240dd124c2ea747ec7665e28e2daafb012 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 9 Dec 2018 01:50:05 +0100 Subject: vm installation works now again --- inventory/group_vars/all/main.yml | 4 +- inventory/group_vars/kvmhosts/main.yml | 3 + inventory/hosts.ini | 8 +- roles/preseed/tasks/main.yml | 2 +- roles/sshserver/tasks/main.yml | 2 +- roles/vm/install/tasks/main.yml | 2 +- roles/vm/install/templates/libvirt-domain.xml.j2 | 2 +- .../install/templates/preseed_ubuntu-bionic.cfg.j2 | 122 --------------------- run-host-playbook.sh | 16 +++ 9 files changed, 27 insertions(+), 134 deletions(-) create mode 100644 inventory/group_vars/kvmhosts/main.yml delete mode 100644 roles/vm/install/templates/preseed_ubuntu-bionic.cfg.j2 create mode 100755 run-host-playbook.sh (limited to 'roles/preseed/tasks/main.yml') diff --git a/inventory/group_vars/all/main.yml b/inventory/group_vars/all/main.yml index d23e3952..4bb6c76c 100644 --- a/inventory/group_vars/all/main.yml +++ b/inventory/group_vars/all/main.yml @@ -1,5 +1,5 @@ --- -sshserver_root_keys: "{{ ssh_keys.equinox[env_group] | join('\n') }}" +ssh_keys_root: "{{ ssh_keys.equinox[env_group] }}" equinox_user: name: equinox @@ -11,7 +11,7 @@ ssh_keys: equinox: chaos-at-home: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDL8afqxWieebpxezBuLj2CIx/iAuTY9ziJt8JCJE0qYh+B2wXe9e+sPaKwz5yyS0X0MoEPHbYuVytxGQfGhdVR57gWWTYq5MBBFEqmu5MexAFKlNxad4TNQQwhs7rnI+lptKJO+rqeG/vaQBgao+61ZVwRR5Zr1zsXEoo5m4VB8VPo3TW0nSb97LdMyUmb1TaqDKJ5hrtrV6YcokXzE8FwHMK15oJsuJC7YUReijol3hGsRVw1H5S1zu4uDz7G32dPVxoLOPgupnf0SxnXdNVfNU50MHHSK68HzBXz4/rE1YLacRPloOhO7xegkWd5KGa09opEbUGzGu/lSXgHuAJpPgloy14cehDhLJ7F7SbXK4QBBtVgV+1CYXG2eJsRHIdkWiTWLuG+QZ4oEFLjQBjWpUYsEiDt9FEtSVCtKH2vBk26ps5yIoSCtYq6POvg9miGgcpQA6HHwh5ekVUaKRGWuMdAIvjvQSlCsFjYkxD1NpCgU1RhyWWTI3xTSKzTxcXiCWWZoBDJVoW46EpSvySsOpxL/hLxJwMR8ouc6cPRZZl3m51824Rv3LdEXNBmn3vnojzIvrOed3sxpD0+7+tbA4J1uTbAxtkOMhK94WXKiUAOD7e5bJYdzajvDD2T9tkj/Mqdo8z3iR2/yjkGMEAeWWVOQEh7QhQS7OFEAKK4fw== equinox@chaos-at-home.org - elevate: + dan: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwjCMiwyz7f0b1b6S5RjGbYXjd+hkTVsNzZ9xIkqqvdF8zCU6qZTqkhem13m6E1aPjALl0iyrmpb8N2pmASD7axUaTMTDd2tktkB3LULBbQCCApMnw5viZc9fm9dLBdbdiYyRtNrpk/b39V+9uViAbRtATBrYS5vV/14gT42WxPhpFiCz6A5JsKpmbBafS9vfexnqLTvKBtYLt+zhuS9eFovMHM5k7Qq4mRdKe+wdMBDeRls2z2G/ZjPrfHAkw2WctFUdSY+YAVzLB0SddVWnbOSZ19tsnzskyHpDD49LWb7wYl0OJ9fhxO02lnxW5Vdpwwwx8I7FVH83fDTQpzfSdr8tMY3F9rvCmi4noiTGDE2AAWqh73unKuydvBomNYX8HbuiJO9eTgwUIRAqsl8vHNU5rA10YF5r2SUqofrBNfINUH8x0NhpLGzNPIlazndaPY1no+XeQRQtgSU1bdDQzmySyyn5g9mlMSTU+jHfzyoK7yqlKE0W/R2ZTOEwr6+uRdFqn+mWmB0Mr20YavjVretseVs1AkmqaVClEO1juwb/CWI//Nd4uboD9zdZwkHmCjLlOmC+GkGrnLValaqQDh8iR8aKiVbaQVffl3ph1pD3BCn79KJy56YySLTbaI4lFDUHherkTdvgyMVmZJZMROzwuX7i4bi04TZ/GKTfDrw== equinox@elevate.at spreadspace: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtmysXjBidEwJek6hBgaENiyVOwroFi19xRZZw+cYYqi6asDfF6B/h6gYNkJGWo0rD5ZaLdau1O210O5Xu+TfK1e2bZbxuFIj2fguUkat9wN6IQIO2m2Wcf4k/eiTmtAE3dp0l5ThMqfxxE8dj76mOOrUHCfJUIVoATGs4X5TLcGcXroAcZ+DFFoDzjxjFYNmIuUNtXDwXTpPc63SAYmRvW0ZYZlvH1qZ6irLh+GtE1dZ1Q5lQZvp6xUYcjInbpcd5Ko3KbG/In7sNmUCI7iaTwC4DPDTcHFj99Ll1jruAbdaQqe+ClZv55dbQ+92RDF6fsuQBD8FeRz7nYChvCqNPT1KOvcVsDtbW0iJ1PZ05QdE27w23wJj9OE0JWM09P3AH3ttswHaJ+P4s7mSxxK2m6YZcqop3czLlWWoGna0ynd5eV6l/rtvAQUvBOXjKQ5fPQY5d9cF0Z87NBE54HM9a/IKZ2toU2MuYNUpI/DUoAA9ILS4bJm3AUz8wbaC5EiuIhbM6I/u0NANamaQKRrolGNP4ETaQvhABs+S3/NSSBy4DMjtwax2BxyenF6i89vyHPNY+LZzBOn842yUlEGn6Z11MxiE5fhIfMPUclSYi5bQJDf1fvAyAo59/AX8sPqRK+/OCLIgLwdtW6D4OZGXjqrBJe2j/5uZSJEsl6ROyKw== equinox@spreadspace.org diff --git a/inventory/group_vars/kvmhosts/main.yml b/inventory/group_vars/kvmhosts/main.yml new file mode 100644 index 00000000..7ae104b1 --- /dev/null +++ b/inventory/group_vars/kvmhosts/main.yml @@ -0,0 +1,3 @@ +--- +preseed_path: /srv/preseed +debian_installer_path: /srv/installer diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 6b1461de..0e83ecda 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -1,8 +1,8 @@ [all:vars] host_name={{ inventory_hostname }} #ansible_host={{ host_name }}.{{ host_domain }} -#ansible_user=root -#ansible_port=22000 +ansible_user=root +ansible_port=22000 ############################### @@ -12,8 +12,6 @@ host_name={{ inventory_hostname }} host_domain=chaos-at-home.org env_group=chaos-at-home ansible_host={{ host_name }}.{{ host_domain }} -ansible_user=root -ansible_port=22000 [chaos-at-home] #prometheus @@ -28,8 +26,6 @@ keyserver host_domain=spreadspace.org env_group=spreadspace ansible_host={{ host_name }}.{{ host_domain }} -ansible_user=root -ansible_port=22000 [spreadspace] build diff --git a/roles/preseed/tasks/main.yml b/roles/preseed/tasks/main.yml index 51471c56..7406154c 100644 --- a/roles/preseed/tasks/main.yml +++ b/roles/preseed/tasks/main.yml @@ -14,7 +14,7 @@ user: root manage_dir: no path: "{{ preseed_tmpdir }}/authorized_keys" - key: "{{ ssh_users_root | user_ssh_keys(users) | join('\n') }}" + key: "{{ ssh_keys_root | join('\n') }}" - name: Inject files into initramfs shell: cpio -H newc -o | gzip -9 >> 'initrd.preseed.gz' diff --git a/roles/sshserver/tasks/main.yml b/roles/sshserver/tasks/main.yml index 6d6cc59c..cd4c5043 100644 --- a/roles/sshserver/tasks/main.yml +++ b/roles/sshserver/tasks/main.yml @@ -29,7 +29,7 @@ - name: install ssh keys for root authorized_key: user: root - key: "{{ sshserver_root_keys }}" + key: "{{ ssh_keys_root | join('\n') }}" exclusive: yes - name: delete root password diff --git a/roles/vm/install/tasks/main.yml b/roles/vm/install/tasks/main.yml index b9201c01..973f44d1 100644 --- a/roles/vm/install/tasks/main.yml +++ b/roles/vm/install/tasks/main.yml @@ -39,7 +39,7 @@ - import_role: name: preseed vars: - ssh_users_root: "{{ hostvars[hostname].ssh_users_root }}" + ssh_keys_root: "{{ hostvars[hostname].ssh_keys_root }}" install_interface: enp1s1 preseed_tmpdir: "{{ tmpdir.stdout }}" diff --git a/roles/vm/install/templates/libvirt-domain.xml.j2 b/roles/vm/install/templates/libvirt-domain.xml.j2 index 9119f64f..f3bdeae1 100644 --- a/roles/vm/install/templates/libvirt-domain.xml.j2 +++ b/roles/vm/install/templates/libvirt-domain.xml.j2 @@ -32,7 +32,7 @@ - /dev/urandom + /dev/random {% if 'virtio' in hostvars[hostname].install_cooked.disks %} diff --git a/roles/vm/install/templates/preseed_ubuntu-bionic.cfg.j2 b/roles/vm/install/templates/preseed_ubuntu-bionic.cfg.j2 deleted file mode 100644 index d6fbc5d7..00000000 --- a/roles/vm/install/templates/preseed_ubuntu-bionic.cfg.j2 +++ /dev/null @@ -1,122 +0,0 @@ -######################################################################### -# spreadspace preseed file for Ubuntu bionic based VMs -######################################################################### - -d-i debian-installer/language string en -d-i debian-installer/country string AT -d-i debian-installer/locale string en_US.UTF-8 -d-i localechooser/preferred-locale string en_US.UTF-8 -d-i localechooser/supported-locales multiselect de_DE.UTF-8, de_AT.UTF-8 -d-i console-setup/ask_detect boolean false -d-i keyboard-configuration/xkb-keymap select us -d-i keyboard-configuration/layoutcode string us - -d-i netcfg/disable_dhcp boolean true -d-i netcfg/choose_interface select {{ install_interface | default(hostvars[hostname].network_cooked.primary.interface) }} -d-i netcfg/disable_autoconfig boolean false -d-i netcfg/get_ipaddress string {{ hostvars[hostname].network_cooked.primary.ip }} -d-i netcfg/get_netmask string {{ hostvars[hostname].network_cooked.primary.mask }} -d-i netcfg/get_gateway string {{ hostvars[hostname].network_cooked.primary.gateway }} -d-i netcfg/get_nameservers string {{ hostvars[hostname].network_cooked.nameservers | join(' ') }} -d-i netcfg/confirm_static boolean true - -d-i netcfg/get_hostname string {{ hostname }} -d-i netcfg/get_domain string {{ hostvars[hostname].network_cooked.domain }} -d-i netcfg/wireless_wep string - - -d-i mirror/country string manual -d-i mirror/http/hostname string archive.ubuntu.com -d-i mirror/http/directory string /ubuntu -d-i mirror/http/proxy string - - -d-i passwd/make-user boolean false -d-i passwd/root-login boolean true -d-i passwd/root-password password this-very-very-secure-password-will-be-removed-by-latecommand -d-i passwd/root-password-again password this-very-very-secure-password-will-be-removed-by-latecommand - - -d-i clock-setup/utc boolean true -d-i time/zone string Europe/Vienna -d-i clock-setup/ntp boolean false - - -d-i partman-auto/disk string /dev/{{ hostvars[hostname].install_cooked.disks.primary }} -d-i partman-auto/method string lvm -d-i partman-auto/purge_lvm_from_device boolean true -d-i partman-auto-lvm/new_vg_name string {{ hostname }} -d-i partman-auto-lvm/guided_size string max - -d-i partman-lvm/device_remove_lvm boolean true -d-i partman-md/device_remove_md boolean true - -d-i partman-lvm/confirm boolean true -d-i partman-lvm/confirm_nooverwrite boolean true - -d-i partman-auto/expert_recipe string \ - boot-root :: \ - 1000 10000 -1 ext4 \ - $defaultignore{ } $primary{ } $bootable{ } \ - method{ lvm } vg_name{ {{ hostname }} } \ - . \ - 2048 10000 2560 ext4 \ - $lvmok{ } in_vg{ {{ hostname }} } \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ / } \ - . \ - 1024 11000 1280 ext4 \ - $lvmok{ } in_vg{ {{ hostname }} } \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /var } \ - . \ - 768 10000 768 ext4 \ - $lvmok{ } in_vg{ {{ hostname }} } \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /var/log } \ - options/nodev{ nodev } options/noatime{ noatime } \ - options/noexec{ noexec } \ - . \ - 16 20000 -1 ext4 \ - $lvmok{ } in_vg{ {{ hostname }} } \ - method( keep } lv_name{ dummy } \ - . - -d-i partman-auto-lvm/no_boot boolean true -d-i partman-basicfilesystems/no_swap true -d-i partman-partitioning/confirm_write_new_label boolean true -d-i partman/choose_partition select finish -d-i partman/confirm boolean true -d-i partman/confirm_nooverwrite boolean true - - -d-i base-installer/install-recommends boolean false -d-i apt-setup/security_host string archive.ubuntu.com - -tasksel tasksel/first multiselect -d-i pkgsel/include string openssh-server python -d-i pkgsel/upgrade select safe-upgrade -popularity-contest popularity-contest/participate boolean false -d-i pkgsel/update-policy select none - -d-i grub-installer/choose_bootdev string /dev/{{ hostvars[hostname].install_cooked.disks.primary }} -d-i grub-installer/only_debian boolean true -d-i grub-installer/with_other_os boolean false - -d-i finish-install/reboot_in_progress note - - -d-i preseed/late_command string \ - lvremove -f {{ hostname }}/dummy; \ - in-target bash -c "swapoff -a; sed -e '/^\/swapfile/d' -i /etc/fstab; rm -f /swapfile"; \ - in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \ - in-target bash -c "passwd -d root && passwd -l root"; \ - in-target bash -c "sed -e 's/^allow-hotplug/auto/' -i /etc/network/interfaces"; \ - mkdir -p -m 0700 /target/root/.ssh; \ - cp /authorized_keys /target/root/.ssh/; \ -{% if hostvars[hostname].ansible_port is defined %} - in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ hostvars[hostname].ansible_port }}/' -i /etc/ssh/sshd_config" -{% endif %} diff --git a/run-host-playbook.sh b/run-host-playbook.sh new file mode 100755 index 00000000..e3b54f22 --- /dev/null +++ b/run-host-playbook.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +if [ -z "$1" ]; then + echo "$0 " + exit 1 +fi +host="$1" +shift + +cd "${BASH_SOURCE%/*}" +source common/utils.sh +ansible_variable__get env_group "$host" || exit 1 +vault_environment__set "$env_group" || exit 1 + +echo "######## running host playbook for host '$host' in environment '$env_group' ########" +exec ansible-playbook $@ "$env_group/$host.yml" -- cgit v1.2.3