From 17447210485bbe379beb9c7e9a3034e900110ed9 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 1 Dec 2018 23:14:05 +0100 Subject: moved to multi environment repo structure --- roles/blackmagic-desktopvideo/defaults/main.yml | 4 ++++ roles/blackmagic-desktopvideo/tasks/main.yml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 roles/blackmagic-desktopvideo/defaults/main.yml (limited to 'roles') diff --git a/roles/blackmagic-desktopvideo/defaults/main.yml b/roles/blackmagic-desktopvideo/defaults/main.yml new file mode 100644 index 00000000..8dde7e4d --- /dev/null +++ b/roles/blackmagic-desktopvideo/defaults/main.yml @@ -0,0 +1,4 @@ +--- +blackmagic_desktopvideo_apt: + username: "change-me" +# password: "secret" diff --git a/roles/blackmagic-desktopvideo/tasks/main.yml b/roles/blackmagic-desktopvideo/tasks/main.yml index 632f36ea..5283b628 100644 --- a/roles/blackmagic-desktopvideo/tasks/main.yml +++ b/roles/blackmagic-desktopvideo/tasks/main.yml @@ -11,7 +11,7 @@ - name: add repository entry apt_repository: - repo: deb https://{{ vault_build_spreadspace_blackmagic.username }}:{{ vault_build_spreadspace_blackmagic.password }}@build.spreadspace.org/ {{ ansible_distribution_release }} blackmagic + repo: "deb https://{{ blackmagic_desktopvideo_apt.username }}:{{ blackmagic_desktopvideo_apt.password }}@build.spreadspace.org/ {{ ansible_distribution_release }} blackmagic" state: present filename: blackmagic mode: 0600 -- cgit v1.2.3 From b9b2f51bc8547f0cb4f9c354956650841941f119 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 2 Dec 2018 03:12:32 +0100 Subject: merge over installer roles from realraum repo --- elevate/sk2013.yml | 6 + elevate/sk2016.yml | 6 + host_playbooks/sk2013.yml | 6 - host_playbooks/sk2016.yml | 6 - inventory/host_vars/sk2013.yml | 13 -- inventory/host_vars/sk2016.yml | 13 -- inventory/hosts.ini | 2 +- roles/debian-installer/defaults/main.yml | 18 +++ roles/debian-installer/tasks/main.yml | 27 ++++ roles/preseed/defaults/main.yml | 0 roles/preseed/tasks/main.yml | 25 ++++ .../templates/preseed_debian-stretch.cfg.j2 | 115 +++++++++++++++ .../preseed/templates/preseed_ubuntu-bionic.cfg.j2 | 122 ++++++++++++++++ .../preseed/templates/preseed_ubuntu-xenial.cfg.j2 | 121 ++++++++++++++++ roles/usb-install/meta/main.yml | 6 + roles/usb-install/tasks/main.yml | 22 +++ roles/vm/grub/tasks/main.yml | 21 ++- roles/vm/guest/defaults/main.yml | 3 + roles/vm/guest/handlers/main.yml | 4 + roles/vm/guest/tasks/main.yml | 37 +++++ roles/vm/host/defaults/main.yml | 7 - roles/vm/host/handlers/main.yml | 4 +- roles/vm/host/meta/main.yml | 3 + roles/vm/host/tasks/main.yml | 50 ++----- roles/vm/install/meta/main.yml | 7 + roles/vm/install/tasks/main.yml | 160 ++++++++++++--------- roles/vm/install/templates/libvirt-domain.xml.j2 | 32 +++-- .../templates/preseed_debian-stretch.cfg.j2 | 105 -------------- .../install/templates/preseed_ubuntu-bionic.cfg.j2 | 122 ++++++++++++++++ .../install/templates/preseed_ubuntu-xenial.cfg.j2 | 113 --------------- roles/vm/network/tasks/main.yml | 19 ++- roles/vm/network/templates/interfaces.j2 | 10 +- roles/vm/network/templates/netplan.yaml.j2 | 10 ++ roles/vm/network/templates/resolv.conf.j2 | 4 +- 34 files changed, 810 insertions(+), 409 deletions(-) create mode 100644 elevate/sk2013.yml create mode 100644 elevate/sk2016.yml delete mode 100644 host_playbooks/sk2013.yml delete mode 100644 host_playbooks/sk2016.yml create mode 100644 roles/debian-installer/defaults/main.yml create mode 100644 roles/debian-installer/tasks/main.yml create mode 100644 roles/preseed/defaults/main.yml create mode 100644 roles/preseed/tasks/main.yml create mode 100644 roles/preseed/templates/preseed_debian-stretch.cfg.j2 create mode 100644 roles/preseed/templates/preseed_ubuntu-bionic.cfg.j2 create mode 100644 roles/preseed/templates/preseed_ubuntu-xenial.cfg.j2 create mode 100644 roles/usb-install/meta/main.yml create mode 100644 roles/usb-install/tasks/main.yml create mode 100644 roles/vm/guest/defaults/main.yml create mode 100644 roles/vm/guest/handlers/main.yml create mode 100644 roles/vm/guest/tasks/main.yml delete mode 100644 roles/vm/host/defaults/main.yml create mode 100644 roles/vm/host/meta/main.yml create mode 100644 roles/vm/install/meta/main.yml delete mode 100644 roles/vm/install/templates/preseed_debian-stretch.cfg.j2 create mode 100644 roles/vm/install/templates/preseed_ubuntu-bionic.cfg.j2 delete mode 100644 roles/vm/install/templates/preseed_ubuntu-xenial.cfg.j2 create mode 100644 roles/vm/network/templates/netplan.yaml.j2 (limited to 'roles') diff --git a/elevate/sk2013.yml b/elevate/sk2013.yml new file mode 100644 index 00000000..5caa6603 --- /dev/null +++ b/elevate/sk2013.yml @@ -0,0 +1,6 @@ +--- +- name: Basic Setup + hosts: sk2013 + roles: + - role: sshserver + - role: vm/host diff --git a/elevate/sk2016.yml b/elevate/sk2016.yml new file mode 100644 index 00000000..ef3d7c43 --- /dev/null +++ b/elevate/sk2016.yml @@ -0,0 +1,6 @@ +--- +- name: Basic Setup + hosts: sk2016 + roles: + - role: sshserver + - role: vm/host diff --git a/host_playbooks/sk2013.yml b/host_playbooks/sk2013.yml deleted file mode 100644 index 5caa6603..00000000 --- a/host_playbooks/sk2013.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Basic Setup - hosts: sk2013 - roles: - - role: sshserver - - role: vm/host diff --git a/host_playbooks/sk2016.yml b/host_playbooks/sk2016.yml deleted file mode 100644 index ef3d7c43..00000000 --- a/host_playbooks/sk2016.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Basic Setup - hosts: sk2016 - roles: - - role: sshserver - - role: vm/host diff --git a/inventory/host_vars/sk2013.yml b/inventory/host_vars/sk2013.yml index 920748c1..a8bb3ebd 100644 --- a/inventory/host_vars/sk2013.yml +++ b/inventory/host_vars/sk2013.yml @@ -7,19 +7,6 @@ sshserver_allowusers_host: vm_host: installer: net_if: virbr - preseed_path: /srv/preseed - path: /srv/installer - distros: - - distro: debian - codename: stretch - arch: - - amd64 - - i386 - - distro: ubuntu - codename: xenial - arch: - - amd64 - - i386 network: interface: virbr ip: 192.168.160.254 diff --git a/inventory/host_vars/sk2016.yml b/inventory/host_vars/sk2016.yml index 872223db..f8371cea 100644 --- a/inventory/host_vars/sk2016.yml +++ b/inventory/host_vars/sk2016.yml @@ -7,19 +7,6 @@ sshserver_allowusers_host: vm_host: installer: net_if: virbr - preseed_path: /srv/preseed - path: /srv/installer - distros: - - distro: debian - codename: stretch - arch: - - amd64 - - i386 - - distro: ubuntu - codename: xenial - arch: - - amd64 - - i386 network: interface: virbr ip: 192.168.216.254 diff --git a/inventory/hosts.ini b/inventory/hosts.ini index aba33ddd..34e12592 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -1,5 +1,5 @@ [all:vars] -ansible_host={{ inventory_hostname }}.{{ host_domain }} +#ansible_host={{ inventory_hostname }}.{{ host_domain }} ansible_user=root ansible_port=22000 diff --git a/roles/debian-installer/defaults/main.yml b/roles/debian-installer/defaults/main.yml new file mode 100644 index 00000000..94e8d6c2 --- /dev/null +++ b/roles/debian-installer/defaults/main.yml @@ -0,0 +1,18 @@ +distros: + - distro: debian + codename: stretch + arch: + - amd64 + - i386 + + - distro: ubuntu + codename: bionic + arch: + - amd64 + - i386 + +debian_installer_force_download: no + +debian_installer_url: + debian: "https://debian.ffgraz.net/debian" + ubuntu: "https://debian.ffgraz.net/ubuntu" diff --git a/roles/debian-installer/tasks/main.yml b/roles/debian-installer/tasks/main.yml new file mode 100644 index 00000000..eb32f6aa --- /dev/null +++ b/roles/debian-installer/tasks/main.yml @@ -0,0 +1,27 @@ +- name: prepare directories for installer images + with_subelements: + - "{{ distros }}" + - arch + file: + name: "{{ debian_installer_path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}" + state: directory + +- name: download installer kernel images + with_subelements: + - "{{ distros }}" + - arch + get_url: + url: "{{ debian_installer_url[item.0.distro] }}/dists/{{ item.0.codename }}/main/installer-{{ item.1 }}/current/images/netboot/{{ item.0.distro }}-installer/{{ item.1 }}/linux" + dest: "{{ debian_installer_path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}/linux" + mode: 0644 + force: "{{ debian_installer_force_download }}" + +- name: download installer initrd.gz + with_subelements: + - "{{ distros }}" + - arch + get_url: + url: "{{ debian_installer_url[item.0.distro] }}/dists/{{ item.0.codename }}/main/installer-{{ item.1 }}/current/images/netboot/{{ item.0.distro }}-installer/{{ item.1 }}/initrd.gz" + dest: "{{ debian_installer_path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}/initrd.gz" + mode: 0644 + force: "{{ debian_installer_force_download }}" diff --git a/roles/preseed/defaults/main.yml b/roles/preseed/defaults/main.yml new file mode 100644 index 00000000..e69de29b diff --git a/roles/preseed/tasks/main.yml b/roles/preseed/tasks/main.yml new file mode 100644 index 00000000..51471c56 --- /dev/null +++ b/roles/preseed/tasks/main.yml @@ -0,0 +1,25 @@ +- name: Copy initramfs into position + copy: + remote_src: yes + src: "{{ debian_installer_path | mandatory }}/{{ install_distro }}-{{ install_codename }}/{{ hostvars[hostname].install_cooked.arch | default('amd64') }}/initrd.gz" + dest: "{{ preseed_tmpdir }}/initrd.preseed.gz" + +- name: Generate preseed file + template: + src: "preseed_{{ install_distro }}-{{ install_codename }}.cfg.j2" + dest: "{{ preseed_tmpdir }}/preseed.cfg" + +- name: Generate authorized_keys file + authorized_key: + user: root + manage_dir: no + path: "{{ preseed_tmpdir }}/authorized_keys" + key: "{{ ssh_users_root | user_ssh_keys(users) | join('\n') }}" + +- name: Inject files into initramfs + shell: cpio -H newc -o | gzip -9 >> 'initrd.preseed.gz' + args: + chdir: "{{ preseed_tmpdir }}" + stdin: | + preseed.cfg + authorized_keys diff --git a/roles/preseed/templates/preseed_debian-stretch.cfg.j2 b/roles/preseed/templates/preseed_debian-stretch.cfg.j2 new file mode 100644 index 00000000..7a3511a5 --- /dev/null +++ b/roles/preseed/templates/preseed_debian-stretch.cfg.j2 @@ -0,0 +1,115 @@ +######################################################################### +# spreadspace preseed file for Debian stretch based VMs +######################################################################### + +d-i debian-installer/language string en +d-i debian-installer/country string AT +d-i debian-installer/locale string de_AT.UTF-8 +d-i keyboard-configuration/xkb-keymap select de + +d-i netcfg/disable_dhcp boolean true +d-i netcfg/choose_interface select {{ install_interface | default(hostvars[hostname].network_cooked.primary.interface) }} +d-i netcfg/disable_autoconfig boolean false +d-i netcfg/get_ipaddress string {{ hostvars[hostname].network_cooked.primary.ip }} +d-i netcfg/get_netmask string {{ hostvars[hostname].network_cooked.primary.mask }} +d-i netcfg/get_gateway string {{ hostvars[hostname].network_cooked.primary.gateway }} +d-i netcfg/get_nameservers string {{ hostvars[hostname].network_cooked.nameservers | join(' ') }} +d-i netcfg/confirm_static boolean true + +d-i netcfg/get_hostname string {{ hostname }} +d-i netcfg/get_domain string {{ hostvars[hostname].network_cooked.domain }} +d-i netcfg/wireless_wep string + + +d-i mirror/country string manual +d-i mirror/http/hostname string deb.debian.org +d-i mirror/http/directory string /debian +d-i mirror/http/proxy string + + +d-i passwd/make-user boolean false +d-i passwd/root-password password this-very-very-secure-password-will-be-removed-by-latecommand +d-i passwd/root-password-again password this-very-very-secure-password-will-be-removed-by-latecommand + + +d-i clock-setup/utc boolean true +d-i time/zone string Europe/Vienna +d-i clock-setup/ntp boolean false + + +d-i partman-auto/disk string /dev/{{ hostvars[hostname].install_cooked.disks.primary }} +d-i partman-auto/method string lvm +d-i partman-auto/purge_lvm_from_device boolean true +d-i partman-auto-lvm/new_vg_name string {{ hostname }} +d-i partman-auto-lvm/guided_size string max + +d-i partman-lvm/device_remove_lvm boolean true +d-i partman-md/device_remove_md boolean true + +d-i partman-lvm/confirm boolean true +d-i partman-lvm/confirm_nooverwrite boolean true + +d-i partman-auto/expert_recipe string \ + boot-root :: \ + 1000 10000 -1 ext4 \ + $defaultignore{ } $primary{ } $bootable{ } \ + method{ lvm } vg_name{ {{ hostname }} } \ + . \ + 2048 10000 2560 ext4 \ + $lvmok{ } in_vg{ {{ hostname }} } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ / } \ + . \ + 1024 11000 1280 ext4 \ + $lvmok{ } in_vg{ {{ hostname }} } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ /var } \ + . \ + 768 10000 768 ext4 \ + $lvmok{ } in_vg{ {{ hostname }} } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ /var/log } \ + options/nodev{ nodev } options/noatime{ noatime } \ + options/noexec{ noexec } \ + . \ + 16 20000 -1 ext4 \ + $lvmok{ } in_vg{ {{ hostname }} } \ + method( keep } lv_name{ dummy } \ + . + +d-i partman-auto-lvm/no_boot boolean true +d-i partman-basicfilesystems/no_swap true +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true + + +d-i base-installer/install-recommends boolean false +d-i apt-setup/security_host string deb.debian.org + +tasksel tasksel/first multiselect +d-i pkgsel/include string openssh-server python +d-i pkgsel/upgrade select safe-upgrade +popularity-contest popularity-contest/participate boolean false + +d-i grub-installer/choose_bootdev string /dev/{{ hostvars[hostname].install_cooked.disks.primary }} +d-i grub-installer/only_debian boolean true +d-i grub-installer/with_other_os boolean false + +d-i finish-install/reboot_in_progress note + + +d-i preseed/late_command string \ + lvremove -f {{ hostname }}/dummy; \ + in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \ + in-target bash -c "passwd -d root && passwd -l root"; \ + in-target bash -c "sed -e 's/^allow-hotplug/auto/' -i /etc/network/interfaces"; \ + mkdir -p -m 0700 /target/root/.ssh; \ + cp /authorized_keys /target/root/.ssh/; \ +{% if hostvars[hostname].ansible_port is defined %} + in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ hostvars[hostname].ansible_port }}/' -i /etc/ssh/sshd_config" +{% endif %} diff --git a/roles/preseed/templates/preseed_ubuntu-bionic.cfg.j2 b/roles/preseed/templates/preseed_ubuntu-bionic.cfg.j2 new file mode 100644 index 00000000..d6fbc5d7 --- /dev/null +++ b/roles/preseed/templates/preseed_ubuntu-bionic.cfg.j2 @@ -0,0 +1,122 @@ +######################################################################### +# spreadspace preseed file for Ubuntu bionic based VMs +######################################################################### + +d-i debian-installer/language string en +d-i debian-installer/country string AT +d-i debian-installer/locale string en_US.UTF-8 +d-i localechooser/preferred-locale string en_US.UTF-8 +d-i localechooser/supported-locales multiselect de_DE.UTF-8, de_AT.UTF-8 +d-i console-setup/ask_detect boolean false +d-i keyboard-configuration/xkb-keymap select us +d-i keyboard-configuration/layoutcode string us + +d-i netcfg/disable_dhcp boolean true +d-i netcfg/choose_interface select {{ install_interface | default(hostvars[hostname].network_cooked.primary.interface) }} +d-i netcfg/disable_autoconfig boolean false +d-i netcfg/get_ipaddress string {{ hostvars[hostname].network_cooked.primary.ip }} +d-i netcfg/get_netmask string {{ hostvars[hostname].network_cooked.primary.mask }} +d-i netcfg/get_gateway string {{ hostvars[hostname].network_cooked.primary.gateway }} +d-i netcfg/get_nameservers string {{ hostvars[hostname].network_cooked.nameservers | join(' ') }} +d-i netcfg/confirm_static boolean true + +d-i netcfg/get_hostname string {{ hostname }} +d-i netcfg/get_domain string {{ hostvars[hostname].network_cooked.domain }} +d-i netcfg/wireless_wep string + + +d-i mirror/country string manual +d-i mirror/http/hostname string archive.ubuntu.com +d-i mirror/http/directory string /ubuntu +d-i mirror/http/proxy string + + +d-i passwd/make-user boolean false +d-i passwd/root-login boolean true +d-i passwd/root-password password this-very-very-secure-password-will-be-removed-by-latecommand +d-i passwd/root-password-again password this-very-very-secure-password-will-be-removed-by-latecommand + + +d-i clock-setup/utc boolean true +d-i time/zone string Europe/Vienna +d-i clock-setup/ntp boolean false + + +d-i partman-auto/disk string /dev/{{ hostvars[hostname].install_cooked.disks.primary }} +d-i partman-auto/method string lvm +d-i partman-auto/purge_lvm_from_device boolean true +d-i partman-auto-lvm/new_vg_name string {{ hostname }} +d-i partman-auto-lvm/guided_size string max + +d-i partman-lvm/device_remove_lvm boolean true +d-i partman-md/device_remove_md boolean true + +d-i partman-lvm/confirm boolean true +d-i partman-lvm/confirm_nooverwrite boolean true + +d-i partman-auto/expert_recipe string \ + boot-root :: \ + 1000 10000 -1 ext4 \ + $defaultignore{ } $primary{ } $bootable{ } \ + method{ lvm } vg_name{ {{ hostname }} } \ + . \ + 2048 10000 2560 ext4 \ + $lvmok{ } in_vg{ {{ hostname }} } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ / } \ + . \ + 1024 11000 1280 ext4 \ + $lvmok{ } in_vg{ {{ hostname }} } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ /var } \ + . \ + 768 10000 768 ext4 \ + $lvmok{ } in_vg{ {{ hostname }} } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ /var/log } \ + options/nodev{ nodev } options/noatime{ noatime } \ + options/noexec{ noexec } \ + . \ + 16 20000 -1 ext4 \ + $lvmok{ } in_vg{ {{ hostname }} } \ + method( keep } lv_name{ dummy } \ + . + +d-i partman-auto-lvm/no_boot boolean true +d-i partman-basicfilesystems/no_swap true +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true + + +d-i base-installer/install-recommends boolean false +d-i apt-setup/security_host string archive.ubuntu.com + +tasksel tasksel/first multiselect +d-i pkgsel/include string openssh-server python +d-i pkgsel/upgrade select safe-upgrade +popularity-contest popularity-contest/participate boolean false +d-i pkgsel/update-policy select none + +d-i grub-installer/choose_bootdev string /dev/{{ hostvars[hostname].install_cooked.disks.primary }} +d-i grub-installer/only_debian boolean true +d-i grub-installer/with_other_os boolean false + +d-i finish-install/reboot_in_progress note + + +d-i preseed/late_command string \ + lvremove -f {{ hostname }}/dummy; \ + in-target bash -c "swapoff -a; sed -e '/^\/swapfile/d' -i /etc/fstab; rm -f /swapfile"; \ + in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \ + in-target bash -c "passwd -d root && passwd -l root"; \ + in-target bash -c "sed -e 's/^allow-hotplug/auto/' -i /etc/network/interfaces"; \ + mkdir -p -m 0700 /target/root/.ssh; \ + cp /authorized_keys /target/root/.ssh/; \ +{% if hostvars[hostname].ansible_port is defined %} + in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ hostvars[hostname].ansible_port }}/' -i /etc/ssh/sshd_config" +{% endif %} diff --git a/roles/preseed/templates/preseed_ubuntu-xenial.cfg.j2 b/roles/preseed/templates/preseed_ubuntu-xenial.cfg.j2 new file mode 100644 index 00000000..6f357133 --- /dev/null +++ b/roles/preseed/templates/preseed_ubuntu-xenial.cfg.j2 @@ -0,0 +1,121 @@ +######################################################################### +# spreadspace preseed file for Ubuntu xenial based VMs +######################################################################### + +d-i debian-installer/language string en +d-i debian-installer/country string AT +d-i debian-installer/locale string en_US.UTF-8 +d-i localechooser/preferred-locale string en_US.UTF-8 +d-i localechooser/supported-locales multiselect de_DE.UTF-8, de_AT.UTF-8 +d-i console-setup/ask_detect boolean false +d-i keyboard-configuration/xkb-keymap select us +d-i keyboard-configuration/layoutcode string us + +d-i netcfg/disable_dhcp boolean true +d-i netcfg/choose_interface select {{ install_interface | default(hostvars[hostname].network_cooked.primary.interface) }} +d-i netcfg/disable_autoconfig boolean false +d-i netcfg/get_ipaddress string {{ hostvars[hostname].network_cooked.primary.ip }} +d-i netcfg/get_netmask string {{ hostvars[hostname].network_cooked.primary.mask }} +d-i netcfg/get_gateway string {{ hostvars[hostname].network_cooked.primary.gateway }} +d-i netcfg/get_nameservers string {{ hostvars[hostname].network_cooked.nameservers | join(' ') }} +d-i netcfg/confirm_static boolean true + +d-i netcfg/get_hostname string {{ hostname }} +d-i netcfg/get_domain string {{ hostvars[hostname].network_cooked.domain }} +d-i netcfg/wireless_wep string + + +d-i mirror/country string manual +d-i mirror/http/hostname string archive.ubuntu.com +d-i mirror/http/directory string /ubuntu +d-i mirror/http/proxy string + + +d-i passwd/make-user boolean false +d-i passwd/root-login boolean true +d-i passwd/root-password password this-very-very-secure-password-will-be-removed-by-latecommand +d-i passwd/root-password-again password this-very-very-secure-password-will-be-removed-by-latecommand + + +d-i clock-setup/utc boolean true +d-i time/zone string Europe/Vienna +d-i clock-setup/ntp boolean false + + +d-i partman-auto/disk string /dev/{{ hostvars[hostname].install_cooked.disks.primary }} +d-i partman-auto/method string lvm +d-i partman-auto/purge_lvm_from_device boolean true +d-i partman-auto-lvm/new_vg_name string {{ hostname }} +d-i partman-auto-lvm/guided_size string max + +d-i partman-lvm/device_remove_lvm boolean true +d-i partman-md/device_remove_md boolean true + +d-i partman-lvm/confirm boolean true +d-i partman-lvm/confirm_nooverwrite boolean true + +d-i partman-auto/expert_recipe string \ + boot-root :: \ + 1000 10000 -1 ext4 \ + $defaultignore{ } $primary{ } $bootable{ } \ + method{ lvm } vg_name{ {{ hostname }} } \ + . \ + 2048 10000 2560 ext4 \ + $lvmok{ } in_vg{ {{ hostname }} } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ / } \ + . \ + 1024 11000 1280 ext4 \ + $lvmok{ } in_vg{ {{ hostname }} } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ /var } \ + . \ + 768 10000 768 ext4 \ + $lvmok{ } in_vg{ {{ hostname }} } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ /var/log } \ + options/nodev{ nodev } options/noatime{ noatime } \ + options/noexec{ noexec } \ + . \ + 16 20000 -1 ext4 \ + $lvmok{ } in_vg{ {{ hostname }} } \ + method( keep } lv_name{ dummy } \ + . + +d-i partman-auto-lvm/no_boot boolean true +d-i partman-basicfilesystems/no_swap true +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true + + +d-i base-installer/install-recommends boolean false +d-i apt-setup/security_host string archive.ubuntu.com + +tasksel tasksel/first multiselect +d-i pkgsel/include string openssh-server python +d-i pkgsel/upgrade select safe-upgrade +popularity-contest popularity-contest/participate boolean false +d-i pkgsel/update-policy select none + +d-i grub-installer/choose_bootdev string /dev/{{ hostvars[hostname].install_cooked.disks.primary }} +d-i grub-installer/only_debian boolean true +d-i grub-installer/with_other_os boolean false + +d-i finish-install/reboot_in_progress note + + +d-i preseed/late_command string \ + lvremove -f {{ hostname }}/dummy; \ + in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \ + in-target bash -c "passwd -d root && passwd -l root"; \ + in-target bash -c "sed -e 's/^allow-hotplug/auto/' -i /etc/network/interfaces"; \ + mkdir -p -m 0700 /target/root/.ssh; \ + cp /authorized_keys /target/root/.ssh/; \ +{% if hostvars[hostname].ansible_port is defined %} + in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ hostvars[hostname].ansible_port }}/' -i /etc/ssh/sshd_config" +{% endif %} diff --git a/roles/usb-install/meta/main.yml b/roles/usb-install/meta/main.yml new file mode 100644 index 00000000..bca7f83d --- /dev/null +++ b/roles/usb-install/meta/main.yml @@ -0,0 +1,6 @@ +dependencies: + - role: debian-installer + distros: + - distro: "{{ install_distro }}" + codename: "{{ install_codename }}" + arch: [ "{{ install.arch | default('amd64') }}" ] diff --git a/roles/usb-install/tasks/main.yml b/roles/usb-install/tasks/main.yml new file mode 100644 index 00000000..1523aedc --- /dev/null +++ b/roles/usb-install/tasks/main.yml @@ -0,0 +1,22 @@ +--- +- block: + - name: Create temporary workdir + command: mktemp -d + register: tmpdir + + - import_role: + name: preseed + vars: + preseed_tmpdir: "{{ tmpdir.stdout }}" + + - name: Copy the preseed initramfs to the artifacts directory + copy: + src: "{{ tmpdir.stdout }}/initrd.preseed.gz" + dest: "{{ artifacts_dir }}/" + + + always: + - name: Cleanup temporary workdir + file: + path: "{{ tmpdir.stdout }}" + state: absent diff --git a/roles/vm/grub/tasks/main.yml b/roles/vm/grub/tasks/main.yml index f751243a..eb868d38 100644 --- a/roles/vm/grub/tasks/main.yml +++ b/roles/vm/grub/tasks/main.yml @@ -1,16 +1,15 @@ --- - name: enable serial console in grub and for kernel - with_items: - - regexp: '^GRUB_TIMEOUT=' - line: 'GRUB_TIMEOUT=2' - - regexp: '^GRUB_CMDLINE_LINUX=' - line: 'GRUB_CMDLINE_LINUX="console=ttyS0,115200n8"' - - regexp: '^GRUB_TERMINAL=' - line: 'GRUB_TERMINAL=serial' - - regexp: '^GRUB_SERIAL_COMMAND=' - line: 'GRUB_SERIAL_COMMAND="serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1"' + with_dict: + GRUB_TIMEOUT: 2 + GRUB_CMDLINE_LINUX: '"console=ttyS0,115200n8"' + GRUB_TERMINAL: serial + GRUB_SERIAL_COMMAND: >- + "serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1" lineinfile: dest: /etc/default/grub - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" + regexp: "^{{ item.key }}=" + line: "{{ item.key }}={{ item.value }}" notify: update grub + loop_control: + label: "{{ item.key }}" diff --git a/roles/vm/guest/defaults/main.yml b/roles/vm/guest/defaults/main.yml new file mode 100644 index 00000000..b4deefa0 --- /dev/null +++ b/roles/vm/guest/defaults/main.yml @@ -0,0 +1,3 @@ +rngd_config: + HRNGDEVICE: /dev/hwrng + RNGDOPTIONS: '"-s 256 -W 80%"' diff --git a/roles/vm/guest/handlers/main.yml b/roles/vm/guest/handlers/main.yml new file mode 100644 index 00000000..5b57f3bc --- /dev/null +++ b/roles/vm/guest/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart rngd + service: + name: rng-tools + state: restarted diff --git a/roles/vm/guest/tasks/main.yml b/roles/vm/guest/tasks/main.yml new file mode 100644 index 00000000..4830d051 --- /dev/null +++ b/roles/vm/guest/tasks/main.yml @@ -0,0 +1,37 @@ +- name: Install rngd + apt: + name: rng-tools + state: present + +- name: Configure rngd [1/2] + lineinfile: + path: /etc/default/rng-tools + line: '{{ item.key }}={{ item.value }}' + regexp: '^#?{{ item.key }}=' + with_dict: '{{ rngd_config }}' + loop_control: + label: "{{ item.key }}" + notify: restart rngd + +- name: Configure rngd [2/2] + lineinfile: + path: /etc/default/rng-tools + regexp: '^{{ item.key }}=(?!{{ item.value }})' + state: absent + with_dict: '{{ rngd_config }}' + loop_control: + label: "{{ item.key }}" + notify: restart rngd + +- name: Provide a root shell on the VM console [1/2] + file: + path: /etc/systemd/system/serial-getty@ttyS0.service.d/ + state: directory + +- name: Provide a root shell on the VM console [2/2] + copy: + dest: /etc/systemd/system/serial-getty@ttyS0.service.d/autologon.conf + content: | + [Service] + ExecStart= + ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 --noclear --autologin root --login-pause --host {{ vm_host }} %I $TERM diff --git a/roles/vm/host/defaults/main.yml b/roles/vm/host/defaults/main.yml deleted file mode 100644 index 0e3cddf1..00000000 --- a/roles/vm/host/defaults/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -vm_host_force_download_installer: False -vm_host_installer_url: - # debian: "{{ debian_mirror.packages | default('http://deb.debian.org/debian') }}" - # ubuntu: "{{ ubuntu_mirror | default('http://archive.ubuntu.com/ubuntu') }}" - debian: "http://deb.debian.org/debian" - ubuntu: "http://archive.ubuntu.com/ubuntu" diff --git a/roles/vm/host/handlers/main.yml b/roles/vm/host/handlers/main.yml index 158f4dcd..6541dd80 100644 --- a/roles/vm/host/handlers/main.yml +++ b/roles/vm/host/handlers/main.yml @@ -1,5 +1,5 @@ --- -- name: restart inetd +- name: restart haveged service: - name: openbsd-inetd + name: haveged state: restarted diff --git a/roles/vm/host/meta/main.yml b/roles/vm/host/meta/main.yml new file mode 100644 index 00000000..40f6fcb3 --- /dev/null +++ b/roles/vm/host/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: debian-installer diff --git a/roles/vm/host/tasks/main.yml b/roles/vm/host/tasks/main.yml index 248f855c..010fdce4 100644 --- a/roles/vm/host/tasks/main.yml +++ b/roles/vm/host/tasks/main.yml @@ -1,53 +1,25 @@ --- -- name: install tftpd and python-libvirt +- name: install dependencies apt: name: - - atftpd - - openbsd-inetd - qemu-kvm - - libvirt-bin + - # configuration package, pulls in libvirt-clients and libvirt-daemon + libvirt-daemon-system - python-libvirt + - haveged state: present -- name: configure tftpd via inetd +- name: configure haveged lineinfile: - regexp: "^#?({{ vm_host.network.ip }}:)?tftp" - line: "{{ vm_host.network.ip }}:tftp dgram udp4 wait nobody /usr/sbin/tcpd /usr/sbin/in.tftpd --tftpd-timeout 300 --retry-timeout 5 --maxthread 10 --verbose=5 {{ vm_host.installer.preseed_path }}" - path: /etc/inetd.conf - notify: restart inetd + regexp: "^#?DAEMON_ARGS" + line: 'DAEMON_ARGS="-w 3072"' + path: /etc/default/haveged + notify: restart haveged - name: make sure installer directories exists with_items: - - "{{ vm_host.installer.path }}" - - "{{ vm_host.installer.preseed_path }}" + - "{{ debian_installer_path }}" + - "{{ preseed_path }}" file: name: "{{ item }}" state: directory - -- name: prepare directories for installer images - with_subelements: - - "{{ vm_host.installer.distros }}" - - arch - file: - name: "{{ vm_host.installer.path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}" - state: directory - -- name: download installer kernel images - with_subelements: - - "{{ vm_host.installer.distros }}" - - arch - get_url: - url: "{{ vm_host_installer_url[item.0.distro] }}/dists/{{ item.0.codename }}/main/installer-{{ item.1 }}/current/images/netboot/{{ item.0.distro }}-installer/{{ item.1 }}/linux" - dest: "{{ vm_host.installer.path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}/linux" - mode: 0644 - force: "{{ vm_host_force_download_installer }}" - -- name: download installer initrd.gz - with_subelements: - - "{{ vm_host.installer.distros }}" - - arch - get_url: - url: "{{ vm_host_installer_url[item.0.distro] }}/dists/{{ item.0.codename }}/main/installer-{{ item.1 }}/current/images/netboot/{{ item.0.distro }}-installer/{{ item.1 }}/initrd.gz" - dest: "{{ vm_host.installer.path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}/initrd.gz" - mode: 0644 - force: "{{ vm_host_force_download_installer }}" diff --git a/roles/vm/install/meta/main.yml b/roles/vm/install/meta/main.yml new file mode 100644 index 00000000..d5f95204 --- /dev/null +++ b/roles/vm/install/meta/main.yml @@ -0,0 +1,7 @@ +--- +dependencies: + - role: debian-installer + distros: + - distro: "{{ install_distro }}" + codename: "{{ install_codename }}" + arch: [ "{{ hostvars[hostname].install_cooked.arch | default('amd64') }}" ] diff --git a/roles/vm/install/tasks/main.yml b/roles/vm/install/tasks/main.yml index c4220434..b9201c01 100644 --- a/roles/vm/install/tasks/main.yml +++ b/roles/vm/install/tasks/main.yml @@ -1,11 +1,6 @@ --- -- name: generate preseed file - template: - src: "preseed_{{ vmdistro }}-{{ vmdistcodename }}.cfg.j2" - dest: "{{ vm_host.installer.preseed_path }}/vm-{{ vmname }}-{{ vmdistro }}-{{ vmdistcodename }}.cfg" - - name: create disks for vm - with_dict: "{{ hostvars[vmname].vm_install_cooked.disks.virtio | default({}) | combine(hostvars[vmname].vm_install_cooked.disks.scsi | default({})) }}" + with_dict: "{{ hostvars[hostname].install_cooked.disks.virtio | default({}) | combine(hostvars[hostname].install_cooked.disks.scsi | default({})) }}" lvol: vg: "{{ item.value.vg }}" lv: "{{ item.value.lv }}" @@ -13,84 +8,107 @@ - name: check if vm already exists virt: - name: "{{ vmname }}" + name: "{{ hostname }}" command: info register: vmhost_info -- name: destroy exisiting vm - virt: - name: "{{ vmname }}" - state: destroyed - when: vmname in vmhost_info - -- name: wait for vm to be destroyed - wait_for_virt: - name: "{{ vmname }}" - states: shutdown,crashed - timeout: 5 - when: vmname in vmhost_info - -- name: undefining exisiting vm - virt: - name: "{{ vmname }}" - command: undefine - when: vmname in vmhost_info - -- name: enable installer in VM config - set_fact: - run_installer: True - -- name: define new installer vm - virt: - name: "{{ vmname }}" - command: define - xml: "{{ lookup('template', 'libvirt-domain.xml.j2') }}" - -- name: start vm - virt: - name: "{{ vmname }}" - state: running - -- name: wait for installer to start - wait_for_virt: - name: "{{ vmname }}" - states: running - timeout: 10 - -- debug: - msg: "you can check on the status of the installer running this command 'virsh console {{ vmname }}' on host {{ inventory_hostname }}." - -- name: wait for installer to finish or crash - wait_for_virt: - name: "{{ vmname }}" - states: shutdown,crashed - timeout: 1200 - register: installer_result - failed_when: installer_result.failed or installer_result.state == "crashed" - -- name: undefining installer vm - virt: - name: "{{ vmname }}" - command: undefine - -- name: disable installer in VM config - set_fact: - run_installer: False +- block: + - name: destroy exisiting vm + virt: + name: "{{ hostname }}" + state: destroyed + + - name: wait for vm to be destroyed + wait_for_virt: + name: "{{ hostname }}" + states: shutdown,crashed + timeout: 5 + + - name: undefining exisiting vm + virt: + name: "{{ hostname }}" + command: undefine + + when: hostname in vmhost_info + +- block: + - name: create a temporary workdir + command: mktemp -d + register: tmpdir + + - import_role: + name: preseed + vars: + ssh_users_root: "{{ hostvars[hostname].ssh_users_root }}" + install_interface: enp1s1 + preseed_tmpdir: "{{ tmpdir.stdout }}" + + - name: Make preseed workdir readable by qemu + acl: + path: "{{ tmpdir.stdout }}" + state: present + entity: libvirt-qemu + etype: user + permissions: rx + + - name: define new installer vm + virt: + name: "{{ hostname }}" + command: define + xml: "{{ lookup('template', 'libvirt-domain.xml.j2') }}" + vars: + run_installer: yes + preseed_tmpdir: "{{ tmpdir.stdout }}" + + - name: start vm + virt: + name: "{{ hostname }}" + state: running + + - name: wait for installer to start + wait_for_virt: + name: "{{ hostname }}" + states: running + timeout: 10 + + - debug: + msg: "you can check on the status of the installer running this command 'virsh console {{ hostname }}' on host {{ inventory_hostname }}." + + - name: wait for installer to finish or crash + wait_for_virt: + name: "{{ hostname }}" + states: shutdown,crashed + timeout: 900 + register: installer_result + failed_when: installer_result.failed or installer_result.state == "crashed" + + - name: undefining installer vm + virt: + name: "{{ hostname }}" + command: undefine + + always: + - name: cleanup temporary workdir + file: + path: "{{ tmpdir.stdout }}" + state: absent - name: define new production vm virt: - name: "{{ vmname }}" + name: "{{ hostname }}" command: define xml: "{{ lookup('template', 'libvirt-domain.xml.j2') }}" + vars: + run_installer: no - name: start vm virt: - name: "{{ vmname }}" + name: "{{ hostname }}" state: running - name: mark vm as autostarted virt: - name: "{{ vmname }}" - autostart: "{{ hostvars[vmname].vm_install_cooked.autostart }}" + name: "{{ hostname }}" + autostart: "{{ hostvars[hostname].install_cooked.autostart }}" command: info ## virt module needs either command or state - when: hostvars[vmname].vm_install_cooked.autostart is defined + when: hostvars[hostname].install_cooked.autostart is defined diff --git a/roles/vm/install/templates/libvirt-domain.xml.j2 b/roles/vm/install/templates/libvirt-domain.xml.j2 index 2bf4b57b..9119f64f 100644 --- a/roles/vm/install/templates/libvirt-domain.xml.j2 +++ b/roles/vm/install/templates/libvirt-domain.xml.j2 @@ -1,14 +1,14 @@ - {{ vmname }} - {{ hostvars[vmname].vm_install_cooked.mem * 1024 }} - {{ hostvars[vmname].vm_install_cooked.mem * 1024 }} - {{ hostvars[vmname].vm_install_cooked.numcpu }} + {{ hostname }} + {{ hostvars[hostname].install_cooked.mem * 1024 }} + {{ hostvars[hostname].install_cooked.mem * 1024 }} + {{ hostvars[hostname].install_cooked.numcpu }} hvm {% if run_installer %} - {{ vm_host.installer.path }}/{{ vmdistro }}-{{ vmdistcodename }}/{{ hostvars[vmname].vm_install_cooked.arch | default('amd64') }}/linux - {{ vm_host.installer.path }}/{{ vmdistro }}-{{ vmdistcodename }}/{{ hostvars[vmname].vm_install_cooked.arch | default('amd64') }}/initrd.gz - console=ttyS0,115200n8 auto=true interface=auto url=tftp://{{ hostvars[inventory_hostname]['ansible_' + (vm_host.installer.net_if | replace('-', '_'))].ipv4.address }}/vm-{{ vmname }}-{{ vmdistro }}-{{ vmdistcodename }}.cfg netcfg/choose_interface=enp1s1 netcfg/disable_autoconfig=true netcfg/get_ipaddress={{ hostvars[vmname].vm_network_cooked.primary.ip }} netcfg/get_netmask={{ hostvars[vmname].vm_network_cooked.primary.mask }} netcfg/get_gateway={{ hostvars[vmname].vm_network_cooked.primary.gateway }} netcfg/get_nameservers="{{ hostvars[vmname].vm_network_cooked.nameservers | join(' ') }}" netcfg/confirm_static=true netcfg/get_hostname={{ vmname }} netcfg/get_domain={{ hostvars[vmname].vm_network_cooked.domain }} + {{ debian_installer_path }}/{{ install_distro }}-{{ install_codename }}/{{ hostvars[hostname].install_cooked.arch | default('amd64') }}/linux + {{ preseed_tmpdir }}/initrd.preseed.gz + console=ttyS0,115200n8 {% endif %} @@ -28,9 +28,15 @@ {% endif %} /usr/bin/kvm + + + + + /dev/urandom + -{% if 'virtio' in hostvars[vmname].vm_install_cooked.disks %} -{% for device, lv in hostvars[vmname].vm_install_cooked.disks.virtio.items() %} +{% if 'virtio' in hostvars[hostname].install_cooked.disks %} +{% for device, lv in hostvars[hostname].install_cooked.disks.virtio.items() %} @@ -39,9 +45,9 @@ {% endfor %} {% endif %} -{% if 'scsi' in hostvars[vmname].vm_install_cooked.disks %} +{% if 'scsi' in hostvars[hostname].install_cooked.disks %} -{% for device, lv in hostvars[vmname].vm_install_cooked.disks.scsi.items() %} +{% for device, lv in hostvars[hostname].install_cooked.disks.scsi.items() %} @@ -50,8 +56,8 @@ {% endfor %} {% endif %} -{% if hostvars[vmname].vm_install_cooked.interfaces %} -{% for if in hostvars[vmname].vm_install_cooked.interfaces %} +{% if hostvars[hostname].install_cooked.interfaces %} +{% for if in hostvars[hostname].install_cooked.interfaces %} diff --git a/roles/vm/install/templates/preseed_debian-stretch.cfg.j2 b/roles/vm/install/templates/preseed_debian-stretch.cfg.j2 deleted file mode 100644 index 8e221671..00000000 --- a/roles/vm/install/templates/preseed_debian-stretch.cfg.j2 +++ /dev/null @@ -1,105 +0,0 @@ -######################################################################### -# spreadspace preseed file for Debian stretch based VMs -######################################################################### - -d-i debian-installer/language string en -d-i debian-installer/country string AT -d-i debian-installer/locale string de_AT.UTF-8 -d-i keyboard-configuration/xkb-keymap select de - - -#d-i netcfg/choose_interface select enp1s1 -#d-i netcfg/disable_autoconfig boolean false -#d-i netcfg/get_ipaddress string {{ hostvars[vmname].vm_network_cooked.primary.ip }} -#d-i netcfg/get_netmask string {{ hostvars[vmname].vm_network_cooked.primary.mask }} -#d-i netcfg/get_gateway string {{ hostvars[vmname].vm_network_cooked.primary.gateway }} -#d-i netcfg/get_nameservers string {{ hostvars[vmname].vm_network_cooked.nameservers | join(' ') }} -#d-i netcfg/confirm_static boolean true - -d-i netcfg/get_hostname string {{ vmname }} -d-i netcfg/get_domain string {{ hostvars[vmname].vm_network_cooked.domain }} -d-i netcfg/wireless_wep string - - -d-i mirror/country string manual -d-i mirror/http/hostname string deb.debian.org -d-i mirror/http/directory string /debian -d-i mirror/http/proxy string - - -d-i passwd/make-user boolean false -d-i passwd/root-password password this-very-very-secure-password-will-be-removed-by-latecommand -d-i passwd/root-password-again password this-very-very-secure-password-will-be-removed-by-latecommand - - -d-i clock-setup/utc boolean true -d-i time/zone string Europe/Vienna -d-i clock-setup/ntp boolean false - - -d-i partman-auto/disk string /dev/{{ hostvars[vmname].vm_install_cooked.disks.primary }} -d-i partman-auto/method string lvm -d-i partman-lvm/device_remove_lvm boolean true -d-i partman-md/device_remove_md boolean true - -d-i partman-lvm/confirm boolean true -d-i partman-lvm/confirm_nooverwrite boolean true - -d-i partman-auto/expert_recipe string \ - boot-root :: \ - 1000 10000 -1 ext4 \ - $defaultignore{ } $primary{ } $bootable{ } \ - method{ lvm } vg_name{ {{ vmname }} } \ - . \ - 2048 10000 2560 ext4 \ - $lvmok{ } in_vg{ {{ vmname }} } \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ / } \ - . \ - 1024 11000 1280 ext4 \ - $lvmok{ } in_vg{ {{ vmname }} } \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /var } \ - . \ - 768 10000 768 ext4 \ - $lvmok{ } in_vg{ {{ vmname }} } \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /var/log } \ - options/nodev{ nodev } options/noatime{ noatime } \ - options/noexec{ noexec } \ - . \ - 16 20000 -1 ext4 \ - $lvmok{ } in_vg{ {{ vmname }} } \ - method( keep } lv_name{ dummy } \ - . - -d-i partman-auto-lvm/no_boot boolean true -d-i partman-basicfilesystems/no_swap true -d-i partman-partitioning/confirm_write_new_label boolean true -d-i partman/choose_partition select finish -d-i partman/confirm boolean true -d-i partman/confirm_nooverwrite boolean true - - -d-i base-installer/install-recommends boolean false -d-i apt-setup/security_host string deb.debian.org - -tasksel tasksel/first multiselect -d-i pkgsel/include string openssh-server python -d-i pkgsel/upgrade select safe-upgrade -popularity-contest popularity-contest/participate boolean false - -d-i grub-installer/choose_bootdev string /dev/{{ hostvars[vmname].vm_install_cooked.disks.primary }} -d-i grub-installer/only_debian boolean true -d-i grub-installer/with_other_os boolean false - -d-i finish-install/reboot_in_progress note - - -d-i preseed/late_command string \ - lvremove -f {{ vmname }}/dummy; \ - in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \ - in-target bash -c "passwd -d root; passwd -l root; umask 077; mkdir -p /root/.ssh/; echo -e '{{ sshserver_root_keys }}' > /root/.ssh/authorized_keys" diff --git a/roles/vm/install/templates/preseed_ubuntu-bionic.cfg.j2 b/roles/vm/install/templates/preseed_ubuntu-bionic.cfg.j2 new file mode 100644 index 00000000..d6fbc5d7 --- /dev/null +++ b/roles/vm/install/templates/preseed_ubuntu-bionic.cfg.j2 @@ -0,0 +1,122 @@ +######################################################################### +# spreadspace preseed file for Ubuntu bionic based VMs +######################################################################### + +d-i debian-installer/language string en +d-i debian-installer/country string AT +d-i debian-installer/locale string en_US.UTF-8 +d-i localechooser/preferred-locale string en_US.UTF-8 +d-i localechooser/supported-locales multiselect de_DE.UTF-8, de_AT.UTF-8 +d-i console-setup/ask_detect boolean false +d-i keyboard-configuration/xkb-keymap select us +d-i keyboard-configuration/layoutcode string us + +d-i netcfg/disable_dhcp boolean true +d-i netcfg/choose_interface select {{ install_interface | default(hostvars[hostname].network_cooked.primary.interface) }} +d-i netcfg/disable_autoconfig boolean false +d-i netcfg/get_ipaddress string {{ hostvars[hostname].network_cooked.primary.ip }} +d-i netcfg/get_netmask string {{ hostvars[hostname].network_cooked.primary.mask }} +d-i netcfg/get_gateway string {{ hostvars[hostname].network_cooked.primary.gateway }} +d-i netcfg/get_nameservers string {{ hostvars[hostname].network_cooked.nameservers | join(' ') }} +d-i netcfg/confirm_static boolean true + +d-i netcfg/get_hostname string {{ hostname }} +d-i netcfg/get_domain string {{ hostvars[hostname].network_cooked.domain }} +d-i netcfg/wireless_wep string + + +d-i mirror/country string manual +d-i mirror/http/hostname string archive.ubuntu.com +d-i mirror/http/directory string /ubuntu +d-i mirror/http/proxy string + + +d-i passwd/make-user boolean false +d-i passwd/root-login boolean true +d-i passwd/root-password password this-very-very-secure-password-will-be-removed-by-latecommand +d-i passwd/root-password-again password this-very-very-secure-password-will-be-removed-by-latecommand + + +d-i clock-setup/utc boolean true +d-i time/zone string Europe/Vienna +d-i clock-setup/ntp boolean false + + +d-i partman-auto/disk string /dev/{{ hostvars[hostname].install_cooked.disks.primary }} +d-i partman-auto/method string lvm +d-i partman-auto/purge_lvm_from_device boolean true +d-i partman-auto-lvm/new_vg_name string {{ hostname }} +d-i partman-auto-lvm/guided_size string max + +d-i partman-lvm/device_remove_lvm boolean true +d-i partman-md/device_remove_md boolean true + +d-i partman-lvm/confirm boolean true +d-i partman-lvm/confirm_nooverwrite boolean true + +d-i partman-auto/expert_recipe string \ + boot-root :: \ + 1000 10000 -1 ext4 \ + $defaultignore{ } $primary{ } $bootable{ } \ + method{ lvm } vg_name{ {{ hostname }} } \ + . \ + 2048 10000 2560 ext4 \ + $lvmok{ } in_vg{ {{ hostname }} } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ / } \ + . \ + 1024 11000 1280 ext4 \ + $lvmok{ } in_vg{ {{ hostname }} } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ /var } \ + . \ + 768 10000 768 ext4 \ + $lvmok{ } in_vg{ {{ hostname }} } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ /var/log } \ + options/nodev{ nodev } options/noatime{ noatime } \ + options/noexec{ noexec } \ + . \ + 16 20000 -1 ext4 \ + $lvmok{ } in_vg{ {{ hostname }} } \ + method( keep } lv_name{ dummy } \ + . + +d-i partman-auto-lvm/no_boot boolean true +d-i partman-basicfilesystems/no_swap true +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true + + +d-i base-installer/install-recommends boolean false +d-i apt-setup/security_host string archive.ubuntu.com + +tasksel tasksel/first multiselect +d-i pkgsel/include string openssh-server python +d-i pkgsel/upgrade select safe-upgrade +popularity-contest popularity-contest/participate boolean false +d-i pkgsel/update-policy select none + +d-i grub-installer/choose_bootdev string /dev/{{ hostvars[hostname].install_cooked.disks.primary }} +d-i grub-installer/only_debian boolean true +d-i grub-installer/with_other_os boolean false + +d-i finish-install/reboot_in_progress note + + +d-i preseed/late_command string \ + lvremove -f {{ hostname }}/dummy; \ + in-target bash -c "swapoff -a; sed -e '/^\/swapfile/d' -i /etc/fstab; rm -f /swapfile"; \ + in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \ + in-target bash -c "passwd -d root && passwd -l root"; \ + in-target bash -c "sed -e 's/^allow-hotplug/auto/' -i /etc/network/interfaces"; \ + mkdir -p -m 0700 /target/root/.ssh; \ + cp /authorized_keys /target/root/.ssh/; \ +{% if hostvars[hostname].ansible_port is defined %} + in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ hostvars[hostname].ansible_port }}/' -i /etc/ssh/sshd_config" +{% endif %} diff --git a/roles/vm/install/templates/preseed_ubuntu-xenial.cfg.j2 b/roles/vm/install/templates/preseed_ubuntu-xenial.cfg.j2 deleted file mode 100644 index dc53fd36..00000000 --- a/roles/vm/install/templates/preseed_ubuntu-xenial.cfg.j2 +++ /dev/null @@ -1,113 +0,0 @@ -######################################################################### -# spreadspace preseed file for Ubuntu xenial based VMs -######################################################################### - -d-i debian-installer/language string en -d-i debian-installer/country string AT -d-i debian-installer/locale string en_US.UTF-8 -d-i localechooser/preferred-locale string en_US.UTF-8 -d-i localechooser/supported-locales multiselect de_DE.UTF-8, de_AT.UTF-8 -d-i console-setup/ask_detect boolean false -d-i keyboard-configuration/xkb-keymap select us -d-i keyboard-configuration/layoutcode string us - - -#d-i netcfg/choose_interface select enp1s1 -#d-i netcfg/disable_autoconfig boolean false -#d-i netcfg/get_ipaddress string {{ hostvars[vmname].vm_network_cooked.primary.ip }} -#d-i netcfg/get_netmask string {{ hostvars[vmname].vm_network_cooked.primary.mask }} -#d-i netcfg/get_gateway string {{ hostvars[vmname].vm_network_cooked.primary.gateway }} -#d-i netcfg/get_nameservers string {{ hostvars[vmname].vm_network_cooked.nameservers | join(' ') }} -#d-i netcfg/confirm_static boolean true - -d-i netcfg/get_hostname string {{ vmname }} -d-i netcfg/get_domain string {{ hostvars[vmname].vm_network_cooked.domain }} -d-i netcfg/wireless_wep string - - -d-i mirror/country string manual -d-i mirror/http/hostname string archive.ubuntu.com -d-i mirror/http/directory string /ubuntu -d-i mirror/http/proxy string - - -d-i passwd/make-user boolean false -d-i passwd/root-login boolean true -d-i passwd/root-password password this-very-very-secure-password-will-be-removed-by-latecommand -d-i passwd/root-password-again password this-very-very-secure-password-will-be-removed-by-latecommand - - -d-i clock-setup/utc boolean true -d-i time/zone string Europe/Vienna -d-i clock-setup/ntp boolean false - - -d-i partman-auto/disk string /dev/{{ hostvars[vmname].vm_install_cooked.disks.primary }} -d-i partman-auto/method string lvm -d-i partman-auto/purge_lvm_from_device boolean true -d-i partman-auto-lvm/new_vg_name string {{ vmname }} -d-i partman-auto-lvm/guided_size string max - -d-i partman-lvm/device_remove_lvm boolean true -d-i partman-lvm/confirm boolean true -d-i partman-lvm/confirm_nooverwrite boolean true - -d-i partman-auto/expert_recipe string \ - boot-root :: \ - 1000 10000 -1 ext4 \ - $defaultignore{ } $primary{ } $bootable{ } \ - method{ lvm } vg_name{ {{ vmname }} } \ - . \ - 2048 10000 2560 ext4 \ - $lvmok{ } in_vg{ {{ vmname }} } \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ / } \ - . \ - 1024 11000 1280 ext4 \ - $lvmok{ } in_vg{ {{ vmname }} } \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /var } \ - . \ - 768 10000 768 ext4 \ - $lvmok{ } in_vg{ {{ vmname }} } \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /var/log } \ - options/nodev{ nodev } options/noatime{ noatime } \ - options/noexec{ noexec } \ - . \ - 16 20000 -1 ext4 \ - $lvmok{ } in_vg{ {{ vmname }} } \ - method( keep } lv_name{ dummy } \ - . - -d-i partman-auto-lvm/no_boot boolean true -d-i partman-basicfilesystems/no_swap true -d-i partman-partitioning/confirm_write_new_label boolean true -d-i partman/choose_partition select finish -d-i partman/confirm boolean true -d-i partman/confirm_nooverwrite boolean true - - -d-i base-installer/install-recommends boolean false -d-i apt-setup/security_host string archive.ubuntu.com - -tasksel tasksel/first multiselect -d-i pkgsel/include string openssh-server python -d-i pkgsel/upgrade select safe-upgrade -popularity-contest popularity-contest/participate boolean false -d-i pkgsel/update-policy select none - -d-i grub-installer/choose_bootdev string /dev/{{ hostvars[vmname].vm_install_cooked.disks.primary }} -d-i grub-installer/only_debian boolean true -d-i grub-installer/with_other_os boolean false - -d-i finish-install/reboot_in_progress note - - -d-i preseed/late_command string \ - lvremove -f {{ vmname }}/dummy; \ - in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \ - in-target bash -c "passwd -d root; passwd -l root; umask 077; mkdir -p /root/.ssh/; echo -e '{{ sshserver_root_keys }}' > /root/.ssh/authorized_keys" diff --git a/roles/vm/network/tasks/main.yml b/roles/vm/network/tasks/main.yml index 3d51fff2..9bef36ed 100644 --- a/roles/vm/network/tasks/main.yml +++ b/roles/vm/network/tasks/main.yml @@ -9,7 +9,7 @@ state: absent - name: install systemd network link units - with_items: "{{ vm_network.systemd_link.interfaces }}" + with_items: "{{ network.systemd_link.interfaces }}" loop_control: index_var: interface_index template: @@ -17,13 +17,28 @@ dest: "/etc/systemd/network/{{ '%02d' | format(interface_index + 11) }}-{{ item.name }}.link" notify: rebuild initramfs - when: vm_network.systemd_link is defined + when: network.systemd_link is defined - name: install basic interface config template: src: interfaces.j2 dest: /etc/network/interfaces mode: 0644 + when: ansible_distribution == "Debian" or (ansible_distribution == "Ubuntu" and (ansible_distribution_major_version | int) < 18) + +- block: + - name: remove default netplan config + file: + path: /etc/netplan/01-netcfg.yaml + state: absent + + - name: install basic netplan config + template: + src: netplan.yaml.j2 + dest: "/etc/netplan/01-{{ network.primary.interface }}.yaml" + mode: 0644 + + when: ansible_distribution == "Ubuntu" and (ansible_distribution_major_version | int) >= 18 - name: remove resolvconf package apt: diff --git a/roles/vm/network/templates/interfaces.j2 b/roles/vm/network/templates/interfaces.j2 index 542e18d6..829a3e7d 100644 --- a/roles/vm/network/templates/interfaces.j2 +++ b/roles/vm/network/templates/interfaces.j2 @@ -8,10 +8,10 @@ auto lo iface lo inet loopback # The primary network interface -auto {{ vm_network.primary.interface }} -iface {{ vm_network.primary.interface }} inet static - address {{ vm_network.primary.ip }} - netmask {{ vm_network.primary.mask }} - gateway {{ vm_network.primary.gateway }} +auto {{ network.primary.interface }} +iface {{ network.primary.interface }} inet static + address {{ network.primary.ip }} + netmask {{ network.primary.mask }} + gateway {{ network.primary.gateway }} pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf diff --git a/roles/vm/network/templates/netplan.yaml.j2 b/roles/vm/network/templates/netplan.yaml.j2 new file mode 100644 index 00000000..0d78ab46 --- /dev/null +++ b/roles/vm/network/templates/netplan.yaml.j2 @@ -0,0 +1,10 @@ +# This file describes the network interfaces available on your system +# For more information, see netplan(5). +network: + version: 2 + renderer: networkd + ethernets: + {{ network.primary.interface }}: + addresses: [ {{ (network.primary.ip + '/' + network.primary.mask) | ipaddr('address/prefix') }} ] + gateway4: {{ network.primary.gateway }} + accept-ra: false diff --git a/roles/vm/network/templates/resolv.conf.j2 b/roles/vm/network/templates/resolv.conf.j2 index 86d4201e..a32ec181 100644 --- a/roles/vm/network/templates/resolv.conf.j2 +++ b/roles/vm/network/templates/resolv.conf.j2 @@ -1,4 +1,4 @@ -{% for nsrv in vm_network.nameservers %} +{% for nsrv in network.nameservers %} nameserver {{ nsrv }} {% endfor %} -search {{ vm_network.domain }} +search {{ network.domain }} -- cgit v1.2.3 From 1e1f41eff500a80980c1af560306590b4efbe131 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 2 Dec 2018 17:56:09 +0100 Subject: some cleanups --- inventory/hosts.ini | 21 +++++++++------------ .../preseed/templates/preseed_debian-stretch.cfg.j2 | 4 ++-- 2 files changed, 11 insertions(+), 14 deletions(-) (limited to 'roles') diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 34e12592..9544202a 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -1,5 +1,6 @@ [all:vars] -#ansible_host={{ inventory_hostname }}.{{ host_domain }} +host_name={{ inventory_hostname }} +ansible_host={{ host_name }}.{{ host_domain }} ansible_user=root ansible_port=22000 @@ -18,7 +19,7 @@ mail stats auth atlas -pan +pan ansible_port=222 keyserver mimas @@ -31,7 +32,7 @@ host_domain=spreadspace.org environment_group=spreadspace [spreadspace] -build ansible_port=222 +build calypso telesto thetys @@ -63,9 +64,8 @@ host_domain=skillz.biz environment_group=elevate [skillz] -sk2013 -sk2016 -sktorrent +sk2013 host_name=2013 +sk2016 host_name=2016 [elevate:vars] @@ -73,10 +73,9 @@ host_domain=elevate.at environment_group=elevate [elevate] -elewolke -elestream -elemedia -elesearch +elewolke host_name=wolke +elemedia host_name=media +elesearch host_name=search ############################### @@ -94,9 +93,7 @@ sk2016 emc-stats emc-master mimas -sktorrent elewolke -elestream elesearch [hetzner:children] diff --git a/roles/preseed/templates/preseed_debian-stretch.cfg.j2 b/roles/preseed/templates/preseed_debian-stretch.cfg.j2 index 7a3511a5..74ab18e8 100644 --- a/roles/preseed/templates/preseed_debian-stretch.cfg.j2 +++ b/roles/preseed/templates/preseed_debian-stretch.cfg.j2 @@ -4,8 +4,8 @@ d-i debian-installer/language string en d-i debian-installer/country string AT -d-i debian-installer/locale string de_AT.UTF-8 -d-i keyboard-configuration/xkb-keymap select de +d-i debian-installer/locale string en_US.UTF-8 +d-i keyboard-configuration/xkb-keymap select us d-i netcfg/disable_dhcp boolean true d-i netcfg/choose_interface select {{ install_interface | default(hostvars[hostname].network_cooked.primary.interface) }} -- cgit v1.2.3 From c1aa0b8a405877fb6450b7c3a0792fa1161edacb Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 8 Dec 2018 21:17:19 +0100 Subject: improvments for preseed role --- roles/preseed/templates/preseed_debian-stretch.cfg.j2 | 4 ++++ roles/preseed/templates/preseed_ubuntu-bionic.cfg.j2 | 4 ++++ roles/preseed/templates/preseed_ubuntu-xenial.cfg.j2 | 4 ++++ 3 files changed, 12 insertions(+) (limited to 'roles') diff --git a/roles/preseed/templates/preseed_debian-stretch.cfg.j2 b/roles/preseed/templates/preseed_debian-stretch.cfg.j2 index 74ab18e8..36d221a1 100644 --- a/roles/preseed/templates/preseed_debian-stretch.cfg.j2 +++ b/roles/preseed/templates/preseed_debian-stretch.cfg.j2 @@ -7,6 +7,8 @@ d-i debian-installer/country string AT d-i debian-installer/locale string en_US.UTF-8 d-i keyboard-configuration/xkb-keymap select us +d-i hw-detect/load_firmware boolean false + d-i netcfg/disable_dhcp boolean true d-i netcfg/choose_interface select {{ install_interface | default(hostvars[hostname].network_cooked.primary.interface) }} d-i netcfg/disable_autoconfig boolean false @@ -16,7 +18,9 @@ d-i netcfg/get_gateway string {{ hostvars[hostname].network_cooked.primary.gatew d-i netcfg/get_nameservers string {{ hostvars[hostname].network_cooked.nameservers | join(' ') }} d-i netcfg/confirm_static boolean true +d-i netcfg/hostname string {{ hostname }} d-i netcfg/get_hostname string {{ hostname }} +d-i netcfg/domain string {{ hostvars[hostname].network_cooked.domain }} d-i netcfg/get_domain string {{ hostvars[hostname].network_cooked.domain }} d-i netcfg/wireless_wep string diff --git a/roles/preseed/templates/preseed_ubuntu-bionic.cfg.j2 b/roles/preseed/templates/preseed_ubuntu-bionic.cfg.j2 index d6fbc5d7..8c7093aa 100644 --- a/roles/preseed/templates/preseed_ubuntu-bionic.cfg.j2 +++ b/roles/preseed/templates/preseed_ubuntu-bionic.cfg.j2 @@ -11,6 +11,8 @@ d-i console-setup/ask_detect boolean false d-i keyboard-configuration/xkb-keymap select us d-i keyboard-configuration/layoutcode string us +d-i hw-detect/load_firmware boolean false + d-i netcfg/disable_dhcp boolean true d-i netcfg/choose_interface select {{ install_interface | default(hostvars[hostname].network_cooked.primary.interface) }} d-i netcfg/disable_autoconfig boolean false @@ -20,7 +22,9 @@ d-i netcfg/get_gateway string {{ hostvars[hostname].network_cooked.primary.gatew d-i netcfg/get_nameservers string {{ hostvars[hostname].network_cooked.nameservers | join(' ') }} d-i netcfg/confirm_static boolean true +d-i netcfg/hostname string {{ hostname }} d-i netcfg/get_hostname string {{ hostname }} +d-i netcfg/domain string {{ hostvars[hostname].network_cooked.domain }} d-i netcfg/get_domain string {{ hostvars[hostname].network_cooked.domain }} d-i netcfg/wireless_wep string diff --git a/roles/preseed/templates/preseed_ubuntu-xenial.cfg.j2 b/roles/preseed/templates/preseed_ubuntu-xenial.cfg.j2 index 6f357133..1be16ff8 100644 --- a/roles/preseed/templates/preseed_ubuntu-xenial.cfg.j2 +++ b/roles/preseed/templates/preseed_ubuntu-xenial.cfg.j2 @@ -11,6 +11,8 @@ d-i console-setup/ask_detect boolean false d-i keyboard-configuration/xkb-keymap select us d-i keyboard-configuration/layoutcode string us +d-i hw-detect/load_firmware boolean false + d-i netcfg/disable_dhcp boolean true d-i netcfg/choose_interface select {{ install_interface | default(hostvars[hostname].network_cooked.primary.interface) }} d-i netcfg/disable_autoconfig boolean false @@ -20,7 +22,9 @@ d-i netcfg/get_gateway string {{ hostvars[hostname].network_cooked.primary.gatew d-i netcfg/get_nameservers string {{ hostvars[hostname].network_cooked.nameservers | join(' ') }} d-i netcfg/confirm_static boolean true +d-i netcfg/hostname string {{ hostname }} d-i netcfg/get_hostname string {{ hostname }} +d-i netcfg/domain string {{ hostvars[hostname].network_cooked.domain }} d-i netcfg/get_domain string {{ hostvars[hostname].network_cooked.domain }} d-i netcfg/wireless_wep string -- cgit v1.2.3 From d131f5240dd124c2ea747ec7665e28e2daafb012 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 9 Dec 2018 01:50:05 +0100 Subject: vm installation works now again --- inventory/group_vars/all/main.yml | 4 +- inventory/group_vars/kvmhosts/main.yml | 3 + inventory/hosts.ini | 8 +- roles/preseed/tasks/main.yml | 2 +- roles/sshserver/tasks/main.yml | 2 +- roles/vm/install/tasks/main.yml | 2 +- roles/vm/install/templates/libvirt-domain.xml.j2 | 2 +- .../install/templates/preseed_ubuntu-bionic.cfg.j2 | 122 --------------------- run-host-playbook.sh | 16 +++ 9 files changed, 27 insertions(+), 134 deletions(-) create mode 100644 inventory/group_vars/kvmhosts/main.yml delete mode 100644 roles/vm/install/templates/preseed_ubuntu-bionic.cfg.j2 create mode 100755 run-host-playbook.sh (limited to 'roles') diff --git a/inventory/group_vars/all/main.yml b/inventory/group_vars/all/main.yml index d23e3952..4bb6c76c 100644 --- a/inventory/group_vars/all/main.yml +++ b/inventory/group_vars/all/main.yml @@ -1,5 +1,5 @@ --- -sshserver_root_keys: "{{ ssh_keys.equinox[env_group] | join('\n') }}" +ssh_keys_root: "{{ ssh_keys.equinox[env_group] }}" equinox_user: name: equinox @@ -11,7 +11,7 @@ ssh_keys: equinox: chaos-at-home: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDL8afqxWieebpxezBuLj2CIx/iAuTY9ziJt8JCJE0qYh+B2wXe9e+sPaKwz5yyS0X0MoEPHbYuVytxGQfGhdVR57gWWTYq5MBBFEqmu5MexAFKlNxad4TNQQwhs7rnI+lptKJO+rqeG/vaQBgao+61ZVwRR5Zr1zsXEoo5m4VB8VPo3TW0nSb97LdMyUmb1TaqDKJ5hrtrV6YcokXzE8FwHMK15oJsuJC7YUReijol3hGsRVw1H5S1zu4uDz7G32dPVxoLOPgupnf0SxnXdNVfNU50MHHSK68HzBXz4/rE1YLacRPloOhO7xegkWd5KGa09opEbUGzGu/lSXgHuAJpPgloy14cehDhLJ7F7SbXK4QBBtVgV+1CYXG2eJsRHIdkWiTWLuG+QZ4oEFLjQBjWpUYsEiDt9FEtSVCtKH2vBk26ps5yIoSCtYq6POvg9miGgcpQA6HHwh5ekVUaKRGWuMdAIvjvQSlCsFjYkxD1NpCgU1RhyWWTI3xTSKzTxcXiCWWZoBDJVoW46EpSvySsOpxL/hLxJwMR8ouc6cPRZZl3m51824Rv3LdEXNBmn3vnojzIvrOed3sxpD0+7+tbA4J1uTbAxtkOMhK94WXKiUAOD7e5bJYdzajvDD2T9tkj/Mqdo8z3iR2/yjkGMEAeWWVOQEh7QhQS7OFEAKK4fw== equinox@chaos-at-home.org - elevate: + dan: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwjCMiwyz7f0b1b6S5RjGbYXjd+hkTVsNzZ9xIkqqvdF8zCU6qZTqkhem13m6E1aPjALl0iyrmpb8N2pmASD7axUaTMTDd2tktkB3LULBbQCCApMnw5viZc9fm9dLBdbdiYyRtNrpk/b39V+9uViAbRtATBrYS5vV/14gT42WxPhpFiCz6A5JsKpmbBafS9vfexnqLTvKBtYLt+zhuS9eFovMHM5k7Qq4mRdKe+wdMBDeRls2z2G/ZjPrfHAkw2WctFUdSY+YAVzLB0SddVWnbOSZ19tsnzskyHpDD49LWb7wYl0OJ9fhxO02lnxW5Vdpwwwx8I7FVH83fDTQpzfSdr8tMY3F9rvCmi4noiTGDE2AAWqh73unKuydvBomNYX8HbuiJO9eTgwUIRAqsl8vHNU5rA10YF5r2SUqofrBNfINUH8x0NhpLGzNPIlazndaPY1no+XeQRQtgSU1bdDQzmySyyn5g9mlMSTU+jHfzyoK7yqlKE0W/R2ZTOEwr6+uRdFqn+mWmB0Mr20YavjVretseVs1AkmqaVClEO1juwb/CWI//Nd4uboD9zdZwkHmCjLlOmC+GkGrnLValaqQDh8iR8aKiVbaQVffl3ph1pD3BCn79KJy56YySLTbaI4lFDUHherkTdvgyMVmZJZMROzwuX7i4bi04TZ/GKTfDrw== equinox@elevate.at spreadspace: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtmysXjBidEwJek6hBgaENiyVOwroFi19xRZZw+cYYqi6asDfF6B/h6gYNkJGWo0rD5ZaLdau1O210O5Xu+TfK1e2bZbxuFIj2fguUkat9wN6IQIO2m2Wcf4k/eiTmtAE3dp0l5ThMqfxxE8dj76mOOrUHCfJUIVoATGs4X5TLcGcXroAcZ+DFFoDzjxjFYNmIuUNtXDwXTpPc63SAYmRvW0ZYZlvH1qZ6irLh+GtE1dZ1Q5lQZvp6xUYcjInbpcd5Ko3KbG/In7sNmUCI7iaTwC4DPDTcHFj99Ll1jruAbdaQqe+ClZv55dbQ+92RDF6fsuQBD8FeRz7nYChvCqNPT1KOvcVsDtbW0iJ1PZ05QdE27w23wJj9OE0JWM09P3AH3ttswHaJ+P4s7mSxxK2m6YZcqop3czLlWWoGna0ynd5eV6l/rtvAQUvBOXjKQ5fPQY5d9cF0Z87NBE54HM9a/IKZ2toU2MuYNUpI/DUoAA9ILS4bJm3AUz8wbaC5EiuIhbM6I/u0NANamaQKRrolGNP4ETaQvhABs+S3/NSSBy4DMjtwax2BxyenF6i89vyHPNY+LZzBOn842yUlEGn6Z11MxiE5fhIfMPUclSYi5bQJDf1fvAyAo59/AX8sPqRK+/OCLIgLwdtW6D4OZGXjqrBJe2j/5uZSJEsl6ROyKw== equinox@spreadspace.org diff --git a/inventory/group_vars/kvmhosts/main.yml b/inventory/group_vars/kvmhosts/main.yml new file mode 100644 index 00000000..7ae104b1 --- /dev/null +++ b/inventory/group_vars/kvmhosts/main.yml @@ -0,0 +1,3 @@ +--- +preseed_path: /srv/preseed +debian_installer_path: /srv/installer diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 6b1461de..0e83ecda 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -1,8 +1,8 @@ [all:vars] host_name={{ inventory_hostname }} #ansible_host={{ host_name }}.{{ host_domain }} -#ansible_user=root -#ansible_port=22000 +ansible_user=root +ansible_port=22000 ############################### @@ -12,8 +12,6 @@ host_name={{ inventory_hostname }} host_domain=chaos-at-home.org env_group=chaos-at-home ansible_host={{ host_name }}.{{ host_domain }} -ansible_user=root -ansible_port=22000 [chaos-at-home] #prometheus @@ -28,8 +26,6 @@ keyserver host_domain=spreadspace.org env_group=spreadspace ansible_host={{ host_name }}.{{ host_domain }} -ansible_user=root -ansible_port=22000 [spreadspace] build diff --git a/roles/preseed/tasks/main.yml b/roles/preseed/tasks/main.yml index 51471c56..7406154c 100644 --- a/roles/preseed/tasks/main.yml +++ b/roles/preseed/tasks/main.yml @@ -14,7 +14,7 @@ user: root manage_dir: no path: "{{ preseed_tmpdir }}/authorized_keys" - key: "{{ ssh_users_root | user_ssh_keys(users) | join('\n') }}" + key: "{{ ssh_keys_root | join('\n') }}" - name: Inject files into initramfs shell: cpio -H newc -o | gzip -9 >> 'initrd.preseed.gz' diff --git a/roles/sshserver/tasks/main.yml b/roles/sshserver/tasks/main.yml index 6d6cc59c..cd4c5043 100644 --- a/roles/sshserver/tasks/main.yml +++ b/roles/sshserver/tasks/main.yml @@ -29,7 +29,7 @@ - name: install ssh keys for root authorized_key: user: root - key: "{{ sshserver_root_keys }}" + key: "{{ ssh_keys_root | join('\n') }}" exclusive: yes - name: delete root password diff --git a/roles/vm/install/tasks/main.yml b/roles/vm/install/tasks/main.yml index b9201c01..973f44d1 100644 --- a/roles/vm/install/tasks/main.yml +++ b/roles/vm/install/tasks/main.yml @@ -39,7 +39,7 @@ - import_role: name: preseed vars: - ssh_users_root: "{{ hostvars[hostname].ssh_users_root }}" + ssh_keys_root: "{{ hostvars[hostname].ssh_keys_root }}" install_interface: enp1s1 preseed_tmpdir: "{{ tmpdir.stdout }}" diff --git a/roles/vm/install/templates/libvirt-domain.xml.j2 b/roles/vm/install/templates/libvirt-domain.xml.j2 index 9119f64f..f3bdeae1 100644 --- a/roles/vm/install/templates/libvirt-domain.xml.j2 +++ b/roles/vm/install/templates/libvirt-domain.xml.j2 @@ -32,7 +32,7 @@ - /dev/urandom + /dev/random {% if 'virtio' in hostvars[hostname].install_cooked.disks %} diff --git a/roles/vm/install/templates/preseed_ubuntu-bionic.cfg.j2 b/roles/vm/install/templates/preseed_ubuntu-bionic.cfg.j2 deleted file mode 100644 index d6fbc5d7..00000000 --- a/roles/vm/install/templates/preseed_ubuntu-bionic.cfg.j2 +++ /dev/null @@ -1,122 +0,0 @@ -######################################################################### -# spreadspace preseed file for Ubuntu bionic based VMs -######################################################################### - -d-i debian-installer/language string en -d-i debian-installer/country string AT -d-i debian-installer/locale string en_US.UTF-8 -d-i localechooser/preferred-locale string en_US.UTF-8 -d-i localechooser/supported-locales multiselect de_DE.UTF-8, de_AT.UTF-8 -d-i console-setup/ask_detect boolean false -d-i keyboard-configuration/xkb-keymap select us -d-i keyboard-configuration/layoutcode string us - -d-i netcfg/disable_dhcp boolean true -d-i netcfg/choose_interface select {{ install_interface | default(hostvars[hostname].network_cooked.primary.interface) }} -d-i netcfg/disable_autoconfig boolean false -d-i netcfg/get_ipaddress string {{ hostvars[hostname].network_cooked.primary.ip }} -d-i netcfg/get_netmask string {{ hostvars[hostname].network_cooked.primary.mask }} -d-i netcfg/get_gateway string {{ hostvars[hostname].network_cooked.primary.gateway }} -d-i netcfg/get_nameservers string {{ hostvars[hostname].network_cooked.nameservers | join(' ') }} -d-i netcfg/confirm_static boolean true - -d-i netcfg/get_hostname string {{ hostname }} -d-i netcfg/get_domain string {{ hostvars[hostname].network_cooked.domain }} -d-i netcfg/wireless_wep string - - -d-i mirror/country string manual -d-i mirror/http/hostname string archive.ubuntu.com -d-i mirror/http/directory string /ubuntu -d-i mirror/http/proxy string - - -d-i passwd/make-user boolean false -d-i passwd/root-login boolean true -d-i passwd/root-password password this-very-very-secure-password-will-be-removed-by-latecommand -d-i passwd/root-password-again password this-very-very-secure-password-will-be-removed-by-latecommand - - -d-i clock-setup/utc boolean true -d-i time/zone string Europe/Vienna -d-i clock-setup/ntp boolean false - - -d-i partman-auto/disk string /dev/{{ hostvars[hostname].install_cooked.disks.primary }} -d-i partman-auto/method string lvm -d-i partman-auto/purge_lvm_from_device boolean true -d-i partman-auto-lvm/new_vg_name string {{ hostname }} -d-i partman-auto-lvm/guided_size string max - -d-i partman-lvm/device_remove_lvm boolean true -d-i partman-md/device_remove_md boolean true - -d-i partman-lvm/confirm boolean true -d-i partman-lvm/confirm_nooverwrite boolean true - -d-i partman-auto/expert_recipe string \ - boot-root :: \ - 1000 10000 -1 ext4 \ - $defaultignore{ } $primary{ } $bootable{ } \ - method{ lvm } vg_name{ {{ hostname }} } \ - . \ - 2048 10000 2560 ext4 \ - $lvmok{ } in_vg{ {{ hostname }} } \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ / } \ - . \ - 1024 11000 1280 ext4 \ - $lvmok{ } in_vg{ {{ hostname }} } \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /var } \ - . \ - 768 10000 768 ext4 \ - $lvmok{ } in_vg{ {{ hostname }} } \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /var/log } \ - options/nodev{ nodev } options/noatime{ noatime } \ - options/noexec{ noexec } \ - . \ - 16 20000 -1 ext4 \ - $lvmok{ } in_vg{ {{ hostname }} } \ - method( keep } lv_name{ dummy } \ - . - -d-i partman-auto-lvm/no_boot boolean true -d-i partman-basicfilesystems/no_swap true -d-i partman-partitioning/confirm_write_new_label boolean true -d-i partman/choose_partition select finish -d-i partman/confirm boolean true -d-i partman/confirm_nooverwrite boolean true - - -d-i base-installer/install-recommends boolean false -d-i apt-setup/security_host string archive.ubuntu.com - -tasksel tasksel/first multiselect -d-i pkgsel/include string openssh-server python -d-i pkgsel/upgrade select safe-upgrade -popularity-contest popularity-contest/participate boolean false -d-i pkgsel/update-policy select none - -d-i grub-installer/choose_bootdev string /dev/{{ hostvars[hostname].install_cooked.disks.primary }} -d-i grub-installer/only_debian boolean true -d-i grub-installer/with_other_os boolean false - -d-i finish-install/reboot_in_progress note - - -d-i preseed/late_command string \ - lvremove -f {{ hostname }}/dummy; \ - in-target bash -c "swapoff -a; sed -e '/^\/swapfile/d' -i /etc/fstab; rm -f /swapfile"; \ - in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \ - in-target bash -c "passwd -d root && passwd -l root"; \ - in-target bash -c "sed -e 's/^allow-hotplug/auto/' -i /etc/network/interfaces"; \ - mkdir -p -m 0700 /target/root/.ssh; \ - cp /authorized_keys /target/root/.ssh/; \ -{% if hostvars[hostname].ansible_port is defined %} - in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ hostvars[hostname].ansible_port }}/' -i /etc/ssh/sshd_config" -{% endif %} diff --git a/run-host-playbook.sh b/run-host-playbook.sh new file mode 100755 index 00000000..e3b54f22 --- /dev/null +++ b/run-host-playbook.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +if [ -z "$1" ]; then + echo "$0 " + exit 1 +fi +host="$1" +shift + +cd "${BASH_SOURCE%/*}" +source common/utils.sh +ansible_variable__get env_group "$host" || exit 1 +vault_environment__set "$env_group" || exit 1 + +echo "######## running host playbook for host '$host' in environment '$env_group' ########" +exec ansible-playbook $@ "$env_group/$host.yml" -- cgit v1.2.3