diff options
author | Romain Gonçalves <me@rgoncalves.se> | 2021-12-06 20:10:25 +0000 |
---|---|---|
committer | Romain Gonçalves <me@rgoncalves.se> | 2021-12-07 20:24:51 +0000 |
commit | 333eff6a0aeefcbf573bbf5e725fc27b5b4cb9f6 (patch) | |
tree | 1f06800c26e23bb272af02d45fe4d73f4f2a091e | |
parent | 4e542a8e15596421a9120cf700f0d4d12dbf6688 (diff) | |
download | rules-333eff6a0aeefcbf573bbf5e725fc27b5b4cb9f6.tar.gz |
roles/vmm: Setup and create vms on openbsd
-rw-r--r-- | host_vars/stack0.yml | 9 | ||||
-rw-r--r-- | playbooks/site.yml | 11 | ||||
-rw-r--r-- | roles/sshd/tasks/main.yml | 2 | ||||
-rw-r--r-- | roles/vmm/.travis.yml | 29 | ||||
-rw-r--r-- | roles/vmm/defaults/main.yml | 22 | ||||
-rw-r--r-- | roles/vmm/tasks/disk.yml | 15 | ||||
-rw-r--r-- | roles/vmm/tasks/facts.yml | 14 | ||||
-rw-r--r-- | roles/vmm/tasks/iso.yml | 7 | ||||
-rw-r--r-- | roles/vmm/tasks/main.yml | 69 | ||||
-rw-r--r-- | roles/vmm/templates/hostname.j2 | 1 | ||||
-rw-r--r-- | roles/vmm/templates/vm.conf.j2 | 22 | ||||
-rw-r--r-- | roles/workstation/defaults/main.yml | 6 |
12 files changed, 198 insertions, 9 deletions
diff --git a/host_vars/stack0.yml b/host_vars/stack0.yml index a6d0500..5d0791c 100644 --- a/host_vars/stack0.yml +++ b/host_vars/stack0.yml @@ -6,17 +6,14 @@ __vms: - name: stack0-dc1 image: openbsd memory: 4G - disks: - - size: 8G + size: 8G - name: stack0-cld0 image: openbsd memory: 4G - disks: - - size: 8G + size: 8G - name: stack0-git0 image: openbsd memory: 2G - disks: - - size: 8G + size: 8G diff --git a/playbooks/site.yml b/playbooks/site.yml new file mode 100644 index 0000000..5030b79 --- /dev/null +++ b/playbooks/site.yml @@ -0,0 +1,11 @@ +- hosts: servers + roles: + - role: sshd + tags: role_sshd + +- hosts: stack0 + roles: + - role: nfsd + tags: role_nfsd + - role: vmm + tags: role_vmm diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml index f9131e9..fcff3e9 100644 --- a/roles/sshd/tasks/main.yml +++ b/roles/sshd/tasks/main.yml @@ -6,7 +6,7 @@ group: 0 mode: 0644 -- name: enabled and restart sshd +- name: enable and restart sshd service: name: sshd state: restarted diff --git a/roles/vmm/.travis.yml b/roles/vmm/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/roles/vmm/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/
\ No newline at end of file diff --git a/roles/vmm/defaults/main.yml b/roles/vmm/defaults/main.yml new file mode 100644 index 0000000..1dcb012 --- /dev/null +++ b/roles/vmm/defaults/main.yml @@ -0,0 +1,22 @@ +vmm_root_dir: /data/vmm +vmm_iso_dir: /data/vmm/iso.d +vmm_disk_dir: /data/vmm/disk.d +vmm_disk_format: qcow2 +vmm_configuration_file: /etc/vm.conf + +vmm_network_forwarded_ips: ["", 6] + +vmm_network_switch: + name: uplink + interface: bridge0 + +vmm_iso: + - name: alpine + version: 3.15.0 + url: https://dl-cdn.alpinelinux.org/alpine/v3.15/releases/x86_64/alpine-virt-3.15.0-x86_64.iso + checksum: sha256:e97eaedb3bff39a081d1d7e67629d5c0e8fb39677d6a9dd1eaf2752e39061e02 + + - name: openbsd + version: 6.8 + url: https://cdn.openbsd.org/pub/OpenBSD/7.0/amd64/install70.img + checksum: sha256:6bc7f945c2709247d449892c33c0f1b9a31590528572c1e988fef4a7637210e6 diff --git a/roles/vmm/tasks/disk.yml b/roles/vmm/tasks/disk.yml new file mode 100644 index 0000000..24dd491 --- /dev/null +++ b/roles/vmm/tasks/disk.yml @@ -0,0 +1,15 @@ +- name: create disks + command: + cmd: vmctl create -s "{{ item.size }}" "{{ item.name }}.{{ vmm_disk_format }}" + chdir: "{{ vmm_disk_dir }}" + loop: "{{ __vms }}" + register: result + changed_when: result.rc == 0 + failed_when: + - result.rc != 0 + - "'File exists' not in result.stderr" + +- name: retrieve existing disks + find: + path: "{{ vmm_disk_dir }}" + patterns: "*.{{ vmm_disk_format }}" diff --git a/roles/vmm/tasks/facts.yml b/roles/vmm/tasks/facts.yml new file mode 100644 index 0000000..7cf4f0c --- /dev/null +++ b/roles/vmm/tasks/facts.yml @@ -0,0 +1,14 @@ +- name: generate lladdr variable for virtual machines + set_fact: + tmp_vms: > + {{ tmp_vms | default([]) + [ item | combine({ + 'lladdr': item.name + | hash('sha1') + | truncate(12, True, '') + | ansible.netcommon.hwaddr('unix') + }) ] }} + loop: "{{ __vms }}" + +- name: save variables + set_fact: + __vms: "{{ tmp_vms }}" diff --git a/roles/vmm/tasks/iso.yml b/roles/vmm/tasks/iso.yml new file mode 100644 index 0000000..0811ac1 --- /dev/null +++ b/roles/vmm/tasks/iso.yml @@ -0,0 +1,7 @@ +- name: download latest iso files + get_url: + url: "{{ item.url }}" + dest: "{{ vmm_iso_dir }}/{{ item.name }}-latest.iso" + checksum: "{{ item.checksum }}" + tags: task_iso + loop: "{{ vmm_iso }}" diff --git a/roles/vmm/tasks/main.yml b/roles/vmm/tasks/main.yml new file mode 100644 index 0000000..3c5a462 --- /dev/null +++ b/roles/vmm/tasks/main.yml @@ -0,0 +1,69 @@ +- name: create vmm directories + file: + path: "{{ item }}" + owner: 0 + group: 0 + mode: 0770 + state: directory + loop: + - "{{ vmm_root_dir }}" + - "{{ vmm_iso_dir }}" + - "{{ vmm_disk_dir }}" + +- name: include facts generation + include_tasks: facts.yml + +- name: include iso management + include_tasks: iso.yml + tags: task_iso + +- name: include disk management + include_tasks: disk.yml + tags: task_disk + +- name: start ip forwarding + command: sysctl net.inet.ip{{ item }}.forwarding=1 + loop: "{{ vmm_network_forwarded_ips }}" + +- name: enable ip forwarding + lineinfile: + path: /etc/sysctl.conf + regexp: "^net.inet.ip{{ item }}.forwarding=" + line: "net.inet.ip{{ item }}.forwarding=1" + owner: 0 + group: 0 + mode: 0640 + create: true + loop: "{{ vmm_network_forwarded_ips }}" + +- name: create network switch + lineinfile: + path: "/etc/hostname.{{ vmm_network_switch.interface }}" + regexp: &network_line "add {{ ansible_default_ipv4.interface }}" + line: *network_line + owner: 0 + group: 0 + mode: 0640 + create: true + +- name: start network switch + command: "sh /etc/netstart {{ vmm_network_switch.interface }}" + +- name: generate vmm configuration + template: + src: vm.conf.j2 + dest: "{{ vmm_configuration_file }}" + owner: 0 + group: 0 + mode: 0640 + register: result + +- name: lint vmm configuration + command: "vmd -nf {{ vmm_configuration_file }}" + when: result.changed + +- name: restart and enable vmd + service: + name: vmd + state: restarted + enabled: true diff --git a/roles/vmm/templates/hostname.j2 b/roles/vmm/templates/hostname.j2 new file mode 100644 index 0000000..68b989a --- /dev/null +++ b/roles/vmm/templates/hostname.j2 @@ -0,0 +1 @@ +add {{ vmm.switch.interface_host }} diff --git a/roles/vmm/templates/vm.conf.j2 b/roles/vmm/templates/vm.conf.j2 new file mode 100644 index 0000000..d45c398 --- /dev/null +++ b/roles/vmm/templates/vm.conf.j2 @@ -0,0 +1,22 @@ +# managed by Ansible + +# network +switch "{{ vmm_network_switch.name }}" { + interface {{ vmm_network_switch.interface }} +} + +# virtual machines +{% for vm in __vms %} +vm "{{ vm.name }}" { +{% if vm.enabled is defined and not vm.enabled %} + disable +{% endif %} + memory {{ vm.memory }} + disk "{{ vmm_disk_dir }}/{{ vm.name }}.{{ vmm_disk_format }}" + interface { + switch "{{ vmm_network_switch.name }}" + lladdr {{ vm.lladdr }} + } +} + +{% endfor %} diff --git a/roles/workstation/defaults/main.yml b/roles/workstation/defaults/main.yml index 96d33e6..0097b11 100644 --- a/roles/workstation/defaults/main.yml +++ b/roles/workstation/defaults/main.yml @@ -5,6 +5,8 @@ workstation_yay_dir: /tmp/yay workstation_pkgs: common: + - ansible + - ansible-lint - calcurse - newsboat - dmenu @@ -31,8 +33,6 @@ workstation_pkgs: archlinux: - acpi - - ansible - - ansible-lint - base-devel - bind - clang @@ -47,6 +47,7 @@ workstation_pkgs: - pcsc-tools - pipewire - pipewire-pulse + - python-netaddr - python-poetry - signify - tar @@ -62,4 +63,5 @@ workstation_pkgs: - pcsc-lite - pcsc-tools - py3-pip + - py3-netaddr - wireguard-tools |