ansible

5 files changed, 120 insertions, 0 deletions

diff --git a/hosts b/hosts
new file mode 100644
index 0000000..737929f
--- /dev/null
+++ b/hosts
@@ -0,0 +1 @@
+manager
diff --git a/manager b/manager
new file mode 100755
index 0000000..2e24d63
--- /dev/null
+++ b/manager
@@ -0,0 +1,21 @@
+#!/usr/bin/env python3
+
+import os
+import subprocess
+
+env = dict(os.environ)
+env[
+    "ANSIBLE_SSH_ARGS"
+] = "-o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=/dev/null"
+
+subprocess.check_call(
+    [
+        "ansible-playbook",
+        "-i",
+        "hosts",
+        "manager.yml",
+        "-e@manager-vars.yml",
+        "-eansible_ssh_host=manager",
+    ],
+    env=env,
+)
diff --git a/manager-vm.yaml b/manager-vm.yaml
new file mode 100644
index 0000000..d06f57a
--- /dev/null
+++ b/manager-vm.yaml
@@ -0,0 +1,7 @@
+name: manager
+image_file: /mnt/manager.qcow2
+image_size: 30G
+memory: 8192
+cpus: 4
+base_image: /home/liw/debian-10-openstack-amd64.qcow2
+public_key: /home/liw/.ssh/liw-openpgp.pub
diff --git a/manager.yml b/manager.yml
new file mode 100644
index 0000000..11d8f2a
--- /dev/null
+++ b/manager.yml
@@ -0,0 +1,84 @@
+- hosts: manager
+  remote_user: debian
+  become: true
+  tasks:
+    - name: "configure modprobe to enable nested VMs"
+      copy:
+        content: |
+          options kvm-intel nested=1
+          options kvm-intel enable_shadow_vmcs=1
+          options kvm-intel enable_apicv=1
+          options kvm-intel ept=1
+        dest: /etc/modprobe.d/kvm-nested.conf
+
+    - name: "install needed packages"
+      apt:
+        name:
+          - ssh
+          - sudo
+          - qemu-system-x86
+          - virtinst
+          - libvirt-daemon-system
+          - libvirt-clients
+          - locales-all
+          - jq
+          - rsync
+          - kpartx
+
+    - name: "modify libvirt to use a non-standard IP range for guests"
+      args:
+        warn: false
+      shell:
+        sed -i 's/192\.168\.122\./192.168.99\./g' /etc/libvirt/qemu/networks/default.xml
+
+    - name: "create manager user"
+      user:
+        comment: "Manager"
+        name: manager
+        shell: /bin/bash
+        groups:
+          - libvirt
+
+    - name: "add authorized key to manager user"
+      authorized_key:
+        user: manager
+        key: "{{ user_pub }}"
+
+    - name: "give manager sudo"
+      copy:
+        content: |
+          manager ALL=(ALL:ALL) NOPASSWD: ALL
+        dest: /etc/sudoers.d/manager
+        owner: root
+        group: root
+        mode: 0600
+
+    - name: "create ~manager/.ssh"
+      file:
+        state: directory
+        path: /home/manager/.ssh
+        owner: manager
+        group: manager
+        mode: 0700
+
+    - name: "add SSH keys to manager"
+      copy:
+        src: "{{ item }}"
+        dest: "/home/manager/.ssh/{{ item }}"
+        owner: manager
+        group: manager
+        mode: 0600
+      with_items:
+        - manager.key
+        - manager.key.pub
+
+    - name: "configure manager's ssh"
+      copy:
+        src: manager-ssh-config
+        dest: /home/manager/.ssh/config
+        owner: manager
+        group: manager
+        mode: 0600
+
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
diff --git a/toy.yaml b/toy.yaml
new file mode 100644
index 0000000..d2fdafd
--- /dev/null
+++ b/toy.yaml
@@ -0,0 +1,7 @@
+name: toy2
+image_file: toy.qcow2
+image_size: 10G
+memory: 2048
+cpus: 4
+base_image: /home/liw/debian-10-openstack-amd64.qcow2
+public_key: /home/liw/.ssh/liw-openpgp.pub