From 2dab1820d23e32743f319afd97836e1016bdae16 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sat, 7 Dec 2019 10:44:13 +0200 Subject: Add: first draft of a vmdb to create a sid image --- sid.yml | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 sid.yml diff --git a/sid.yml b/sid.yml new file mode 100644 index 0000000..cda8d61 --- /dev/null +++ b/sid.yml @@ -0,0 +1,52 @@ +steps: + - mkimg: "{{ output }}" + size: 4G + + - mklabel: msdos + device: "{{ output }}" + + - mkpart: primary + device: "{{ output }}" + start: 0% + end: 100% + tag: rootfs + + - kpartx: "{{ output }}" + + - mkfs: ext4 + partition: rootfs + label: smoke + + - mount: rootfs + + - unpack-rootfs: rootfs + + - debootstrap: unstable + mirror: http://deb.debian.org/debian + target: rootfs + unless: rootfs_unpacked + + - apt: install + packages: + - linux-image-amd64 + - python + tag: rootfs + unless: rootfs_unpacked + + - cache-rootfs: rootfs + unless: rootfs_unpacked + + - chroot: rootfs + shell: | + passwd -l root + echo sid > /etc/hostname + printf 'auth eth0\niface eth0 inet dhcp\n' > /etc/network/interface.d/eth0 + mkdir -p -m 0700 /root/.ssh + + - shell: | + install -o root -g root -m 0644 liw-openpgp.pub "$ROOT/root/.ssh/authorized_keys" + root-fs: rootfs + + - grub: bios + tag: rootfs + console: serial -- cgit v1.2.1 From 92c7978d559123b275c603c893ee5a9ae8172037 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sat, 7 Dec 2019 12:38:56 +0200 Subject: Change: sid network up and password reset --- sid.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/sid.yml b/sid.yml index cda8d61..a1a858c 100644 --- a/sid.yml +++ b/sid.yml @@ -38,9 +38,13 @@ steps: - chroot: rootfs shell: | - passwd -l root + set -eu + # passwd -l root + # remove root password - temporary for dev/test + sed -i 's/^root:[^:]*:/root::/' /etc/passwd echo sid > /etc/hostname - printf 'auth eth0\niface eth0 inet dhcp\n' > /etc/network/interface.d/eth0 + mkdir -p -m 0755 /etc/network/interfaces.d + printf 'auto eth0\niface eth0 inet dhcp\n' > /etc/network/interfaces.d/eth0 mkdir -p -m 0700 /root/.ssh - shell: | -- cgit v1.2.1 From 3584828db6d427dd49052d6ee6905fbf2320a5e7 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sat, 7 Dec 2019 12:54:52 +0200 Subject: Change: lock root password, but don't delete it --- sid.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/sid.yml b/sid.yml index a1a858c..87aacc1 100644 --- a/sid.yml +++ b/sid.yml @@ -30,6 +30,7 @@ steps: packages: - linux-image-amd64 - python + - ssh tag: rootfs unless: rootfs_unpacked @@ -39,9 +40,7 @@ steps: - chroot: rootfs shell: | set -eu - # passwd -l root - # remove root password - temporary for dev/test - sed -i 's/^root:[^:]*:/root::/' /etc/passwd + passwd -l root echo sid > /etc/hostname mkdir -p -m 0755 /etc/network/interfaces.d printf 'auto eth0\niface eth0 inet dhcp\n' > /etc/network/interfaces.d/eth0 -- cgit v1.2.1 From 4e020d116adb9b8433405eb2f6a3eab1facad933 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sun, 8 Dec 2019 12:53:18 +0200 Subject: Add: spec file for a minimal, Ansible-managed VM --- minimal.vmdb | 47 +++++++++++++++++++++++++++++++++++++++++++++++ minimal.yml | 23 +++++++++++++++++++++++ 2 files changed, 70 insertions(+) create mode 100644 minimal.vmdb create mode 100644 minimal.yml diff --git a/minimal.vmdb b/minimal.vmdb new file mode 100644 index 0000000..bc915d6 --- /dev/null +++ b/minimal.vmdb @@ -0,0 +1,47 @@ +# A vmdb2 image specification file for a minimal VM image that can be +# administered via Ansible. Root access directly via ssh. + +steps: + - mkimg: "{{ output }}" + size: 4G + + - mklabel: msdos + device: "{{ output }}" + + - mkpart: primary + device: "{{ output }}" + start: 0% + end: 100% + tag: / + + - kpartx: "{{ output }}" + + - mkfs: ext4 + partition: / + + - mount: / + + - unpack-rootfs: / + + - debootstrap: buster + mirror: http://deb.debian.org/debian + target: / + unless: rootfs_unpacked + + - apt: install + packages: + - linux-image-amd64 + - python + - ssh + tag: / + unless: rootfs_unpacked + + - cache-rootfs: / + unless: rootfs_unpacked + + - ansible: + playbook: minimal.yml + + - grub: bios + tag: rootfs + console: serial diff --git a/minimal.yml b/minimal.yml new file mode 100644 index 0000000..1765119 --- /dev/null +++ b/minimal.yml @@ -0,0 +1,23 @@ +hosts: image +tasks: + - name: disable root password + chroot: | + passwd -l root + + - name: set hostname in /etc/hostname and /etc/hosts + chroot: | + echo "{{ hostname }}" > /etc/hostname + sed -i 's/^127\.0\.1\.1/& localhost {{ hostname }}' /etc/hosts + + - name: install root ssh authorized_keys + authorized_key: + user: root + state: present + key: "{{ root_authorized_keys }}" + + - name: enable eth0 network interface + copy: + content: | + auto eth0 + iface eth0 inet dhcp + dest: /etc/network/interfaces.d/eth0 -- cgit v1.2.1 From e260397b81365fc105a077de186f79f8bfb524e4 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sun, 8 Dec 2019 12:53:43 +0200 Subject: Change: build only a buster image --- build-all.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/build-all.sh b/build-all.sh index fca81a3..b619eb4 100755 --- a/build-all.sh +++ b/build-all.sh @@ -12,7 +12,9 @@ image() --verbose \ --log base.log \ --rootfs-tarball "$tarball" - xz -v1T0 "$img" +# xz -v1T0 "$img" } -image debian9-ick.img "/home/liw/tmp/debian9.tar.gz" +tarballs="$1" + +image debian-sid.img "$tarballs/debian-amd64-unstable.tar.gz" -- cgit v1.2.1 From a6f5cf4b9e56dc28cc0cd579051bbf9526de82cb Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sun, 8 Dec 2019 12:55:28 +0200 Subject: Fix: call tarball by its correct name --- build-all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build-all.sh b/build-all.sh index b619eb4..e8d6701 100755 --- a/build-all.sh +++ b/build-all.sh @@ -17,4 +17,4 @@ image() tarballs="$1" -image debian-sid.img "$tarballs/debian-amd64-unstable.tar.gz" +image debian-buster.img "$tarballs/debian-amd64-buster.tar.gz" -- cgit v1.2.1 From 4deb74c6c501f5b9d9c7d65aac73057b90b994fe Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sun, 8 Dec 2019 13:28:30 +0200 Subject: Fix: minimal buster builds --- build-all.sh | 2 +- minimal.vmdb | 7 +++---- minimal.yml | 16 ++++++++-------- 3 files changed, 12 insertions(+), 13 deletions(-) diff --git a/build-all.sh b/build-all.sh index e8d6701..3551558 100755 --- a/build-all.sh +++ b/build-all.sh @@ -7,7 +7,7 @@ image() local img="$1" local tarball="$2" - vmdb2 base.vmdb \ + vmdb2 minimal.vmdb \ --output "$img" \ --verbose \ --log base.log \ diff --git a/minimal.vmdb b/minimal.vmdb index bc915d6..3a30e31 100644 --- a/minimal.vmdb +++ b/minimal.vmdb @@ -39,9 +39,8 @@ steps: - cache-rootfs: / unless: rootfs_unpacked - - ansible: - playbook: minimal.yml + - ansible: / + playbook: minimal.yml - grub: bios - tag: rootfs - console: serial + tag: / diff --git a/minimal.yml b/minimal.yml index 1765119..8fd485a 100644 --- a/minimal.yml +++ b/minimal.yml @@ -1,14 +1,10 @@ -hosts: image -tasks: +- hosts: image + + tasks: - name: disable root password - chroot: | + shell: | passwd -l root - - name: set hostname in /etc/hostname and /etc/hosts - chroot: | - echo "{{ hostname }}" > /etc/hostname - sed -i 's/^127\.0\.1\.1/& localhost {{ hostname }}' /etc/hosts - - name: install root ssh authorized_keys authorized_key: user: root @@ -21,3 +17,7 @@ tasks: auto eth0 iface eth0 inet dhcp dest: /etc/network/interfaces.d/eth0 + + vars: + root_authorized_keys: | + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAlECa3tbFGXhB3Zh/4/GhM11THOThVfiuLqqJ2dpWHEClzpKJHpzzwWt7g9z/MMQNMsUJLy+okz+De6hdjjmYJ9kG9Sr3H4YKq6itGQMj7L/cH3WS3ynp0uy0oW3hf932vDZKQ8iy9vczXH+ERYl+4TYae1Jp4Hyf4/2IYxEfuhKctvSvqySST3Qk9JNZ71HFGOWhjH/MmoCLoT1v+HkqmHdYf/GMKGRo3gqCEGgCgNErYYIyKm3OF3dHXK+hyGLE/cZNu6fU5woW3rvtUCFt08Ri2pm0cnXXJn9jQIMxfS5Kkf64svwgzKmPqgX1f4flopYPlsBXduCgzbJvj+lpgauAk/i1A5B01CFa9sI4C6pHZmwk1qxRwN+4IXL2CQt+tDgYC84ZDDd8R7cNyL22a3KhMQmdHtvog1beAa3Ab+J+cafkXXN+Es9f1wQjzk7DiHupmJIVofBvPP+cRcB46rwha6ati8Fa5QkT9rXFNqQsKk7jq8TIi54Bm15OOa0jInGG3TM17b9Ftu2WTJSAaqgBnDfZiInK7HEvC6K/IBljrN3oGagmFZPrAvzw7d6C2/nKFAQtfoMcE5oWVDrJyjsmJ8oaru0E8rwj7mMvyKPgEMnXTGXLWDgEo50+i291m4bkCxVwiOPbPRvdMll1Y8qfBAPT76sY4Ikgcw/2iw== openpgp:0xBBE80E50 -- cgit v1.2.1 From e64b84d370cafef334ceddfab75b0d3ea63ec47f Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sun, 8 Dec 2019 14:05:15 +0200 Subject: Drop: now-useless files --- base.vmdb | 48 ------------------------------------------------ base.yml | 61 ------------------------------------------------------------- sid.yml | 55 ------------------------------------------------------- 3 files changed, 164 deletions(-) delete mode 100644 base.vmdb delete mode 100644 base.yml delete mode 100644 sid.yml diff --git a/base.vmdb b/base.vmdb deleted file mode 100644 index e1633b6..0000000 --- a/base.vmdb +++ /dev/null @@ -1,48 +0,0 @@ -# This is a VMDB2 input file for a BIOS booting system, including most -# virtual machines. The goal is to have a system that can be managed -# via Ansible. - -steps: - - mkimg: "{{ output }}" - size: 8G - - - mklabel: msdos - device: "{{ output }}" - - - mkpart: primary - device: "{{ output }}" - start: 0% - end: 100% - tag: rootfs - - - kpartx: "{{ output }}" - - - mkfs: ext4 - partition: rootfs - label: rootfs - - - mount: rootfs - - - unpack-rootfs: rootfs - - - debootstrap: stretch - mirror: http://deb.debian.org/debian - target: rootfs - unless: rootfs_unpacked - - - apt: install - packages: - - linux-image-amd64 - - python - tag: rootfs - unless: rootfs_unpacked - - - cache-rootfs: rootfs - unless: rootfs_unpacked - - - ansible: rootfs - playbook: base.yml - - - grub: bios - tag: rootfs - console: serial diff --git a/base.yml b/base.yml deleted file mode 100644 index bed3790..0000000 --- a/base.yml +++ /dev/null @@ -1,61 +0,0 @@ -- hosts: image - tasks: - - name: set hostname in /etc/hostname - copy: - content: "{{ hostname }}" - dest: /etc/hostname - owner: root - group: root - mode: 0600 - - - name: add hostname to /etc/hosts - lineinfile: - dest: /etc/hosts - regexp: '^127\.0\.1\.1' - line: "127.0.0.1 {{ hostname }}" - - - name: remove password for root - shell: | - sed -i 's/^root:x:/root::/' /etc/passwd - - - name: add ansible user - user: - name: ansible - comment: "Ansible config mangement" - shell: /bin/bash - - - name: add ssh key to ansible authorized keys - authorized_key: - user: ansible - state: present - key: "{{ ssh_key_for_ansible }}" - - - name: add dhcp client to eth0 - copy: - content: | - auto eth0 - iface eth0 inet dhcp - dest: /etc/network/interfaces.d/eth0 - owner: root - group: root - mode: 0644 - - - name: install sshd - apt: - name: ssh - - - name: install sudo - apt: - name: sudo - - - name: allow passwordless sudo for ansible - copy: - content: "ansible ALL=(ALL:ALL) NOPASSWD: ALL" - dest: /etc/sudoers.d/ansible - owner: root - group: root - mode: 0600 - - vars: - hostname: stretch-amd64 - ssh_key_for_ansible: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAlECa3tbFGXhB3Zh/4/GhM11THOThVfiuLqqJ2dpWHEClzpKJHpzzwWt7g9z/MMQNMsUJLy+okz+De6hdjjmYJ9kG9Sr3H4YKq6itGQMj7L/cH3WS3ynp0uy0oW3hf932vDZKQ8iy9vczXH+ERYl+4TYae1Jp4Hyf4/2IYxEfuhKctvSvqySST3Qk9JNZ71HFGOWhjH/MmoCLoT1v+HkqmHdYf/GMKGRo3gqCEGgCgNErYYIyKm3OF3dHXK+hyGLE/cZNu6fU5woW3rvtUCFt08Ri2pm0cnXXJn9jQIMxfS5Kkf64svwgzKmPqgX1f4flopYPlsBXduCgzbJvj+lpgauAk/i1A5B01CFa9sI4C6pHZmwk1qxRwN+4IXL2CQt+tDgYC84ZDDd8R7cNyL22a3KhMQmdHtvog1beAa3Ab+J+cafkXXN+Es9f1wQjzk7DiHupmJIVofBvPP+cRcB46rwha6ati8Fa5QkT9rXFNqQsKk7jq8TIi54Bm15OOa0jInGG3TM17b9Ftu2WTJSAaqgBnDfZiInK7HEvC6K/IBljrN3oGagmFZPrAvzw7d6C2/nKFAQtfoMcE5oWVDrJyjsmJ8oaru0E8rwj7mMvyKPgEMnXTGXLWDgEo50+i291m4bkCxVwiOPbPRvdMll1Y8qfBAPT76sY4Ikgcw/2iw== openpgp:0xBBE80E50 diff --git a/sid.yml b/sid.yml deleted file mode 100644 index 87aacc1..0000000 --- a/sid.yml +++ /dev/null @@ -1,55 +0,0 @@ -steps: - - mkimg: "{{ output }}" - size: 4G - - - mklabel: msdos - device: "{{ output }}" - - - mkpart: primary - device: "{{ output }}" - start: 0% - end: 100% - tag: rootfs - - - kpartx: "{{ output }}" - - - mkfs: ext4 - partition: rootfs - label: smoke - - - mount: rootfs - - - unpack-rootfs: rootfs - - - debootstrap: unstable - mirror: http://deb.debian.org/debian - target: rootfs - unless: rootfs_unpacked - - - apt: install - packages: - - linux-image-amd64 - - python - - ssh - tag: rootfs - unless: rootfs_unpacked - - - cache-rootfs: rootfs - unless: rootfs_unpacked - - - chroot: rootfs - shell: | - set -eu - passwd -l root - echo sid > /etc/hostname - mkdir -p -m 0755 /etc/network/interfaces.d - printf 'auto eth0\niface eth0 inet dhcp\n' > /etc/network/interfaces.d/eth0 - mkdir -p -m 0700 /root/.ssh - - - shell: | - install -o root -g root -m 0644 liw-openpgp.pub "$ROOT/root/.ssh/authorized_keys" - root-fs: rootfs - - - grub: bios - tag: rootfs - console: serial -- cgit v1.2.1