diff options
-rw-r--r-- | hosts | 1 | ||||
-rwxr-xr-x | manager | 21 | ||||
-rw-r--r-- | manager-vm.yaml | 7 | ||||
-rw-r--r-- | manager.yml | 84 | ||||
-rw-r--r-- | toy.yaml | 7 |
5 files changed, 120 insertions, 0 deletions
@@ -0,0 +1 @@ +manager @@ -0,0 +1,21 @@ +#!/usr/bin/env python3 + +import os +import subprocess + +env = dict(os.environ) +env[ + "ANSIBLE_SSH_ARGS" +] = "-o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=/dev/null" + +subprocess.check_call( + [ + "ansible-playbook", + "-i", + "hosts", + "manager.yml", + "-e@manager-vars.yml", + "-eansible_ssh_host=manager", + ], + env=env, +) diff --git a/manager-vm.yaml b/manager-vm.yaml new file mode 100644 index 0000000..d06f57a --- /dev/null +++ b/manager-vm.yaml @@ -0,0 +1,7 @@ +name: manager +image_file: /mnt/manager.qcow2 +image_size: 30G +memory: 8192 +cpus: 4 +base_image: /home/liw/debian-10-openstack-amd64.qcow2 +public_key: /home/liw/.ssh/liw-openpgp.pub diff --git a/manager.yml b/manager.yml new file mode 100644 index 0000000..11d8f2a --- /dev/null +++ b/manager.yml @@ -0,0 +1,84 @@ +- hosts: manager + remote_user: debian + become: true + tasks: + - name: "configure modprobe to enable nested VMs" + copy: + content: | + options kvm-intel nested=1 + options kvm-intel enable_shadow_vmcs=1 + options kvm-intel enable_apicv=1 + options kvm-intel ept=1 + dest: /etc/modprobe.d/kvm-nested.conf + + - name: "install needed packages" + apt: + name: + - ssh + - sudo + - qemu-system-x86 + - virtinst + - libvirt-daemon-system + - libvirt-clients + - locales-all + - jq + - rsync + - kpartx + + - name: "modify libvirt to use a non-standard IP range for guests" + args: + warn: false + shell: + sed -i 's/192\.168\.122\./192.168.99\./g' /etc/libvirt/qemu/networks/default.xml + + - name: "create manager user" + user: + comment: "Manager" + name: manager + shell: /bin/bash + groups: + - libvirt + + - name: "add authorized key to manager user" + authorized_key: + user: manager + key: "{{ user_pub }}" + + - name: "give manager sudo" + copy: + content: | + manager ALL=(ALL:ALL) NOPASSWD: ALL + dest: /etc/sudoers.d/manager + owner: root + group: root + mode: 0600 + + - name: "create ~manager/.ssh" + file: + state: directory + path: /home/manager/.ssh + owner: manager + group: manager + mode: 0700 + + - name: "add SSH keys to manager" + copy: + src: "{{ item }}" + dest: "/home/manager/.ssh/{{ item }}" + owner: manager + group: manager + mode: 0600 + with_items: + - manager.key + - manager.key.pub + + - name: "configure manager's ssh" + copy: + src: manager-ssh-config + dest: /home/manager/.ssh/config + owner: manager + group: manager + mode: 0600 + + vars: + ansible_python_interpreter: /usr/bin/python3 diff --git a/toy.yaml b/toy.yaml new file mode 100644 index 0000000..d2fdafd --- /dev/null +++ b/toy.yaml @@ -0,0 +1,7 @@ +name: toy2 +image_file: toy.qcow2 +image_size: 10G +memory: 2048 +cpus: 4 +base_image: /home/liw/debian-10-openstack-amd64.qcow2 +public_key: /home/liw/.ssh/liw-openpgp.pub |