roles/vmm: Setup and create vms on openbsd

12 files changed, 198 insertions, 9 deletions

diff --git a/host_vars/stack0.yml b/host_vars/stack0.yml
index a6d0500..5d0791c 100644
--- a/host_vars/stack0.yml
+++ b/host_vars/stack0.yml
@@ -6,17 +6,14 @@ __vms:
   - name: stack0-dc1
     image: openbsd
     memory: 4G
-    disks:
-      - size: 8G
+    size: 8G
 
   - name: stack0-cld0
     image: openbsd
     memory: 4G
-    disks:
-      - size: 8G
+    size: 8G
 
   - name: stack0-git0
     image: openbsd
     memory: 2G
-    disks:
-      - size: 8G
+    size: 8G
diff --git a/playbooks/site.yml b/playbooks/site.yml
new file mode 100644
index 0000000..5030b79
--- /dev/null
+++ b/playbooks/site.yml
@@ -0,0 +1,11 @@
+- hosts: servers
+  roles:
+    - role: sshd
+      tags: role_sshd
+
+- hosts: stack0
+  roles:
+    - role: nfsd
+      tags: role_nfsd
+    - role: vmm
+      tags: role_vmm
diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml
index f9131e9..fcff3e9 100644
--- a/roles/sshd/tasks/main.yml
+++ b/roles/sshd/tasks/main.yml
@@ -6,7 +6,7 @@
     group: 0
     mode: 0644
 
-- name: enabled and restart sshd
+- name: enable and restart sshd
   service:
     name: sshd
     state: restarted
diff --git a/roles/vmm/.travis.yml b/roles/vmm/.travis.yml
new file mode 100644
index 0000000..36bbf62
--- /dev/null
+++ b/roles/vmm/.travis.yml
@@ -0,0 +1,29 @@
+---
+language: python
+python: "2.7"
+
+# Use the new container infrastructure
+sudo: false
+
+# Install ansible
+addons:
+  apt:
+    packages:
+    - python-pip
+
+install:
+  # Install ansible
+  - pip install ansible
+
+  # Check ansible version
+  - ansible --version
+
+  # Create ansible.cfg with correct roles_path
+  - printf '[defaults]\nroles_path=../' >ansible.cfg
+
+script:
+  # Basic role syntax check
+  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/
\ No newline at end of file
diff --git a/roles/vmm/defaults/main.yml b/roles/vmm/defaults/main.yml
new file mode 100644
index 0000000..1dcb012
--- /dev/null
+++ b/roles/vmm/defaults/main.yml
@@ -0,0 +1,22 @@
+vmm_root_dir: /data/vmm
+vmm_iso_dir: /data/vmm/iso.d
+vmm_disk_dir: /data/vmm/disk.d
+vmm_disk_format: qcow2
+vmm_configuration_file: /etc/vm.conf
+
+vmm_network_forwarded_ips: ["", 6]
+
+vmm_network_switch:
+  name: uplink
+  interface: bridge0
+
+vmm_iso:
+  - name: alpine
+    version: 3.15.0
+    url: https://dl-cdn.alpinelinux.org/alpine/v3.15/releases/x86_64/alpine-virt-3.15.0-x86_64.iso
+    checksum: sha256:e97eaedb3bff39a081d1d7e67629d5c0e8fb39677d6a9dd1eaf2752e39061e02
+
+  - name: openbsd
+    version: 6.8
+    url: https://cdn.openbsd.org/pub/OpenBSD/7.0/amd64/install70.img
+    checksum: sha256:6bc7f945c2709247d449892c33c0f1b9a31590528572c1e988fef4a7637210e6
diff --git a/roles/vmm/tasks/disk.yml b/roles/vmm/tasks/disk.yml
new file mode 100644
index 0000000..24dd491
--- /dev/null
+++ b/roles/vmm/tasks/disk.yml
@@ -0,0 +1,15 @@
+- name: create disks
+  command:
+    cmd: vmctl create -s "{{ item.size }}" "{{ item.name }}.{{ vmm_disk_format }}"
+    chdir: "{{ vmm_disk_dir }}"
+  loop: "{{ __vms }}"
+  register: result
+  changed_when: result.rc == 0
+  failed_when:
+    - result.rc != 0
+    - "'File exists' not in result.stderr"
+
+- name: retrieve existing disks
+  find:
+    path: "{{ vmm_disk_dir }}"
+    patterns: "*.{{ vmm_disk_format }}"
diff --git a/roles/vmm/tasks/facts.yml b/roles/vmm/tasks/facts.yml
new file mode 100644
index 0000000..7cf4f0c
--- /dev/null
+++ b/roles/vmm/tasks/facts.yml
@@ -0,0 +1,14 @@
+- name: generate lladdr variable for virtual machines
+  set_fact:
+    tmp_vms: >
+      {{ tmp_vms | default([]) + [ item | combine({
+        'lladdr': item.name
+          | hash('sha1')
+          | truncate(12, True, '')
+          | ansible.netcommon.hwaddr('unix')
+        }) ] }}
+  loop: "{{ __vms }}"
+
+- name: save variables
+  set_fact:
+    __vms: "{{ tmp_vms }}"
diff --git a/roles/vmm/tasks/iso.yml b/roles/vmm/tasks/iso.yml
new file mode 100644
index 0000000..0811ac1
--- /dev/null
+++ b/roles/vmm/tasks/iso.yml
@@ -0,0 +1,7 @@
+- name: download latest iso files
+  get_url:
+    url: "{{ item.url }}"
+    dest: "{{ vmm_iso_dir }}/{{ item.name }}-latest.iso"
+    checksum: "{{ item.checksum }}"
+  tags: task_iso
+  loop: "{{ vmm_iso }}"
diff --git a/roles/vmm/tasks/main.yml b/roles/vmm/tasks/main.yml
new file mode 100644
index 0000000..3c5a462
--- /dev/null
+++ b/roles/vmm/tasks/main.yml
@@ -0,0 +1,69 @@
+- name: create vmm directories
+  file:
+    path: "{{ item }}"
+    owner: 0
+    group: 0
+    mode: 0770
+    state: directory
+  loop:
+    - "{{ vmm_root_dir }}"
+    - "{{ vmm_iso_dir }}"
+    - "{{ vmm_disk_dir }}"
+
+- name: include facts generation
+  include_tasks: facts.yml
+
+- name: include iso management
+  include_tasks: iso.yml
+  tags: task_iso
+
+- name: include disk management
+  include_tasks: disk.yml
+  tags: task_disk
+
+- name: start ip forwarding
+  command: sysctl net.inet.ip{{ item }}.forwarding=1
+  loop: "{{ vmm_network_forwarded_ips }}"
+
+- name: enable ip forwarding
+  lineinfile:
+    path: /etc/sysctl.conf
+    regexp: "^net.inet.ip{{ item }}.forwarding="
+    line: "net.inet.ip{{ item }}.forwarding=1"
+    owner: 0
+    group: 0
+    mode: 0640
+    create: true
+  loop: "{{ vmm_network_forwarded_ips }}"
+
+- name: create network switch
+  lineinfile:
+    path: "/etc/hostname.{{ vmm_network_switch.interface }}"
+    regexp: &network_line "add {{ ansible_default_ipv4.interface }}"
+    line: *network_line
+    owner: 0
+    group: 0
+    mode: 0640
+    create: true
+
+- name: start network switch
+  command: "sh /etc/netstart {{ vmm_network_switch.interface }}"
+
+- name: generate vmm configuration
+  template:
+    src: vm.conf.j2
+    dest: "{{ vmm_configuration_file }}"
+    owner: 0
+    group: 0
+    mode: 0640
+  register: result
+
+- name: lint vmm configuration
+  command: "vmd -nf {{ vmm_configuration_file }}"
+  when: result.changed
+
+- name: restart and enable vmd
+  service:
+    name: vmd
+    state: restarted
+    enabled: true
diff --git a/roles/vmm/templates/hostname.j2 b/roles/vmm/templates/hostname.j2
new file mode 100644
index 0000000..68b989a
--- /dev/null
+++ b/roles/vmm/templates/hostname.j2
@@ -0,0 +1 @@
+add {{ vmm.switch.interface_host }}
diff --git a/roles/vmm/templates/vm.conf.j2 b/roles/vmm/templates/vm.conf.j2
new file mode 100644
index 0000000..d45c398
--- /dev/null
+++ b/roles/vmm/templates/vm.conf.j2
@@ -0,0 +1,22 @@
+# managed by Ansible
+
+# network
+switch "{{ vmm_network_switch.name }}" {
+	interface {{ vmm_network_switch.interface }}
+}
+
+# virtual machines
+{% for vm in __vms %}
+vm "{{ vm.name }}" {
+{% if vm.enabled is defined and not vm.enabled %}
+	disable
+{% endif %}
+	memory {{ vm.memory }}
+	disk "{{ vmm_disk_dir }}/{{ vm.name }}.{{ vmm_disk_format }}"
+	interface {
+		switch "{{ vmm_network_switch.name }}"
+		lladdr {{ vm.lladdr }}
+	}
+}
+
+{% endfor %}
diff --git a/roles/workstation/defaults/main.yml b/roles/workstation/defaults/main.yml
index 96d33e6..0097b11 100644
--- a/roles/workstation/defaults/main.yml
+++ b/roles/workstation/defaults/main.yml
@@ -5,6 +5,8 @@ workstation_yay_dir: /tmp/yay
 
 workstation_pkgs:
   common:
+    - ansible
+    - ansible-lint
     - calcurse
     - newsboat
     - dmenu
@@ -31,8 +33,6 @@ workstation_pkgs:
 
   archlinux:
     - acpi
-    - ansible
-    - ansible-lint
     - base-devel
     - bind
     - clang
@@ -47,6 +47,7 @@ workstation_pkgs:
     - pcsc-tools
     - pipewire
     - pipewire-pulse
+    - python-netaddr
     - python-poetry
     - signify
     - tar
@@ -62,4 +63,5 @@ workstation_pkgs:
     - pcsc-lite
     - pcsc-tools
     - py3-pip
+    - py3-netaddr
     - wireguard-tools