ansible

author: Lars Wirzenius <liw@liw.fi> 2020-10-04 17:34:58 +0300
committer: Lars Wirzenius <liw@liw.fi> 2020-10-04 17:34:58 +0300
commit: 97999ca67b834b1216108e542cdb73010e36930d (patch)
tree: 23b0cf6b55780a7a8f8f3023670eda17f04a2864 /manager.yml
parent: 32e9d47ce40da71c31fd39192ba97597598d6ad2 (diff)
download: ick-contractor-97999ca67b834b1216108e542cdb73010e36930d.tar.gz
1 files changed, 84 insertions, 0 deletions
diff --git a/manager.yml b/manager.yml
new file mode 100644
index 0000000..11d8f2a
--- /dev/null
+++ b/manager.yml
@@ -0,0 +1,84 @@
+- hosts: manager
+  remote_user: debian
+  become: true
+  tasks:
+    - name: "configure modprobe to enable nested VMs"
+      copy:
+        content: |
+          options kvm-intel nested=1
+          options kvm-intel enable_shadow_vmcs=1
+          options kvm-intel enable_apicv=1
+          options kvm-intel ept=1
+        dest: /etc/modprobe.d/kvm-nested.conf
+
+    - name: "install needed packages"
+      apt:
+        name:
+          - ssh
+          - sudo
+          - qemu-system-x86
+          - virtinst
+          - libvirt-daemon-system
+          - libvirt-clients
+          - locales-all
+          - jq
+          - rsync
+          - kpartx
+
+    - name: "modify libvirt to use a non-standard IP range for guests"
+      args:
+        warn: false
+      shell:
+        sed -i 's/192\.168\.122\./192.168.99\./g' /etc/libvirt/qemu/networks/default.xml
+
+    - name: "create manager user"
+      user:
+        comment: "Manager"
+        name: manager
+        shell: /bin/bash
+        groups:
+          - libvirt
+
+    - name: "add authorized key to manager user"
+      authorized_key:
+        user: manager
+        key: "{{ user_pub }}"
+
+    - name: "give manager sudo"
+      copy:
+        content: |
+          manager ALL=(ALL:ALL) NOPASSWD: ALL
+        dest: /etc/sudoers.d/manager
+        owner: root
+        group: root
+        mode: 0600
+
+    - name: "create ~manager/.ssh"
+      file:
+        state: directory
+        path: /home/manager/.ssh
+        owner: manager
+        group: manager
+        mode: 0700
+
+    - name: "add SSH keys to manager"
+      copy:
+        src: "{{ item }}"
+        dest: "/home/manager/.ssh/{{ item }}"
+        owner: manager
+        group: manager
+        mode: 0600
+      with_items:
+        - manager.key
+        - manager.key.pub
+
+    - name: "configure manager's ssh"
+      copy:
+        src: manager-ssh-config
+        dest: /home/manager/.ssh/config
+        owner: manager
+        group: manager
+        mode: 0600
+
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
author	Lars Wirzenius <liw@liw.fi>	2020-10-04 17:34:58 +0300
committer	Lars Wirzenius <liw@liw.fi>	2020-10-04 17:34:58 +0300
commit	97999ca67b834b1216108e542cdb73010e36930d (patch)
tree	23b0cf6b55780a7a8f8f3023670eda17f04a2864 /manager.yml
parent	32e9d47ce40da71c31fd39192ba97597598d6ad2 (diff)
download	ick-contractor-97999ca67b834b1216108e542cdb73010e36930d.tar.gz