diff options
author | Lars Wirzenius <liw@liw.fi> | 2021-07-27 16:53:19 +0000 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2021-07-27 16:53:19 +0000 |
commit | da983483a853c672fc1238a36eafb66b79dcbe4a (patch) | |
tree | bfa88ff7aba022bf09ce4cae333fa36e7ba5e9ae /env/playbook.yml | |
parent | 56671321dbd662fa3f2babdfdbf59f3287f5533b (diff) | |
parent | 91a5fef528e998939860f5bff93f18d4723bbdfd (diff) | |
download | puomi-da983483a853c672fc1238a36eafb66b79dcbe4a.tar.gz |
Merge branch 'proto' into 'main'
feat: add scripts + infra for setting up nested VMs for routers
See merge request larswirzenius/puomi!3
Diffstat (limited to 'env/playbook.yml')
-rw-r--r-- | env/playbook.yml | 215 |
1 files changed, 215 insertions, 0 deletions
diff --git a/env/playbook.yml b/env/playbook.yml new file mode 100644 index 0000000..7f34432 --- /dev/null +++ b/env/playbook.yml @@ -0,0 +1,215 @@ +- hosts: puomienv + remote_user: debian + become: yes + roles: + - sane_debian_system + - unix_users + tasks: + - name: "Install software" + apt: + name: + - qemu-system-x86 + - virtinst + - virt-manager + - libvirt-daemon-system + - libvirt-clients + - libnss-libvirt + - python3-lxml + - vmadm + - jq + - libnss-libvirt + - ansible + - traceroute + - moreutils + - name: "configure nss to find VM names" + shell: | + if awk '$1 == "hosts:" && !/libvirt_guest/' /etc/nsswitch.conf | grep . + then + sed -i '/hosts:/s/files /files libvirt libvirt_guest /' /etc/nsswitch.conf + fi + - name: "put puomi into libvirt group" + user: + name: puomi + groups: + - libvirt + - name: "define libvirt network lan" + virt_net: + command: define + autostart: yes + name: lan + xml: | + <network> + <name>lan</name> + <bridge name='virbr1'/> + <forward/> + <ip address='192.168.40.1' netmask='255.255.255.0'> + <dhcp> + <range start='192.168.40.2' end='192.168.40.254'/> + </dhcp> + </ip> + </network> + - name: "autostart libvirt network lan" + virt_net: + autostart: yes + name: lan + - name: "start libvirt network lan" + virt_net: + command: start + name: lan + - name: "define libvirt network wan" + virt_net: + command: define + autostart: yes + name: wan + xml: | + <network> + <name>wan</name> + <bridge name='virbr2'/> + <forward/> + <ip address='192.168.50.1' netmask='255.255.255.0'> + <dhcp> + <range start='192.168.50.2' end='192.168.50.254'/> + </dhcp> + </ip> + </network> + - name: "autostart libvirt network wan" + virt_net: + autostart: yes + name: wan + - name: "start libvirt network wan" + virt_net: + command: start + name: wan + - name: "remove libvirt network default" + virt_net: + command: undefine + name: default + - name: "copy Debian 10 OpenStack image" + copy: + src: debian-10-openstack-amd64.qcow2 + dest: /home/puomi/debian-10-openstack-amd64.qcow2 + - name: "create ~puomi/.config/vmadm" + file: + state: directory + path: /home/puomi/.config/vmadm + owner: puomi + group: puomi + mode: 0755 + - name: "configure vmadm" + copy: + src: vmadm.yaml + dest: /home/puomi/.config/vmadm/config.yaml + - name: "copy vmadm spec for VMs" + copy: + src: puomi.yaml + dest: /home/puomi/puomi.yaml + - name: "create ~puomi/.ssh" + file: + state: directory + path: /home/puomi/.ssh + owner: puomi + group: puomi + mode: 0700 + - name: "copy SSH private key" + copy: + src: id_ed25519 + dest: /home/puomi/.ssh/id_ed25519 + owner: puomi + group: puomi + mode: 0600 + - name: "copy SSH public key" + copy: + src: id_ed25519.pub + dest: /home/puomi/.ssh/id_ed25519.pub + owner: puomi + group: puomi + - name: "copy SSH CA private key" + copy: + src: ca + dest: /home/puomi/.ssh/ca + owner: puomi + group: puomi + mode: 0600 + - name: "copy SSH CA public key" + copy: + src: ca.pub + dest: /home/puomi/.ssh/ca.pub + owner: puomi + group: puomi + - name: "configure SSH client to trust SSH CA host certificates" + shell: | + echo "@cert-authority * $(cat /home/puomi/.ssh/ca.pub)" | tee /home/puomi/.ssh/known_hosts + chown puomi:puomi /home/puomi/.ssh/known_hosts + - name: "copy files" + copy: + src: "{{ item }}" + dest: "/home/puomi/{{ item }}" + owner: puomi + group: puomi + mode: 0755 + loop: + - inner.yml + - inner-hosts + - name: "copy scripts" + copy: + src: "{{ item }}" + dest: "/home/puomi/{{ item }}" + owner: puomi + group: puomi + mode: 0755 + loop: + - getip.py + - setup-inner.sh + vars: + sane_debian_system_version: 2 + unix_users_version: 2 + + sane_debian_system_hostname: puomienv + sane_debian_system_codename: buster + sane_debian_system_mirror: deb.debian.org + + ansible_python_interpreter: /usr/bin/python3 + + unix_users: + - username: puomi + comment: Puomi for testing + authorized_keys: | + {{ ssh_pub }} + + sane_debian_system_sources_lists: + - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main + signing_key: "{{ ci_prod_signing_key }}" + + ssh_pub: | + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA4hKoygOkXNujMW40d2F93lIMbyu0ZwXSBQ2S17R6a8 liw@exolobe1 + + ci_prod_signing_key: | + -----BEGIN PGP PUBLIC KEY BLOCK----- + + mQINBFrLO7kBEADdz6mHstYmKU5Dp6OSjxWtWaqTDOX1sJdmmaIK/9EKVIH0Maxp + 5kvVO5G6mULLAjv/kLG0MxasHPrq8I2A/y8AqKAGVL8QelwLjQMIFZ30/VbGQPHS + +T5TZXEnoQtNce1GUhFwJ38ZyjjwHBFV9tSec7rZ2Q3YeM3nNnGPf6DacXGfEOPO + HIN4sXAN2hzNXNjKRzTIvxQseb6nr7afUh/SlZ3yhQOCrIzmYlD7tP9WJe7ofL0p + JY4pDQYw8rT6nC2BE/ioemh84kERCT1vCe+OVFlSRuMlqfEv+ZpKQ+itOmPDQ/lM + jpUm1K2hrW/lWpxT/ZxHKo/w1K36J5WshgMZxfUu5BMCL9LMqMcrXNhNjDMfxDMM + 3yBPOvQ4ls6fecOZ/bsFo1p8VzMk/w/eG8vPs5yuNa5XxN95yFMXoOHGb5Xbu8D4 + 6yiW+Af70LbiSNpGdmNdneiGB2fY38NxBukPw5u3S5qG8HedSmMr1RvSr5kHoAAe + UbOY+BYaaKsTAT7+1skUW1o3FJSqoRKCHAzTsMWC6zzhR8hRn7jVrrguH1hGbqq5 + TZSCFQZExuTJ7uXrTLG0WoBXIjB5wWNcSeXn8myUWYB51nJNF4tJBouZOz9JwWGl + kiAQkrHnBttLQWdW9FyjbIoTZMtpvVx+m6ObGTGdGL1cNlLAvWprMXGc+QARAQAB + tDJJY2sgQVBUIHJlcG9zaXRvcnkgc2lnbmluZyBrZXkgKDIwMTgpIDxsaXdAbGl3 + LmZpPokCTgQTAQgAOBYhBKL1uyDoXyxUH3O717Wr+TZVS6PGBQJayzu5AhsDBQsJ + CAcCBhUICQoLAgQWAgMBAh4BAheAAAoJELWr+TZVS6PGB5QQANTcikhRUHwt9N4h + dGc/Hp6CbqdshMoWlwpFskttoVDxQG5OAobuZl5XyzGcmja1lT85RGkZFfbca0IZ + LnXOLLSAu51QBkXNaj4OhjK/0uQ+ITrvL6RQSXNgHiUTR/W2XD1GIUq6nBqe2GSN + 31S1baYKKVj5QIMsi7Dq8ls3BBXuPCE+xTSaNmGWjes2t9pPidcRvxsksCLY1qgw + P1GFXBeMkBQ29kBP87SUL15SIk7OiQLlEURCy5iRls5rt/YEsdEpRWIb0Tm5Nrjv + 2M3VM+iBhfNXTwj0rJ34mlycF1qQmA7YcTEobT7z587GPY0VWzBpQUnEQj7rQWPM + cDYY0b+I6kQ8VKOaL4wVAtE98d7HzFIrIrwhTKufnrWrVDPYsmLZ+LPC1jiF7JBD + SR6Vftb+SdDR9xoE1yRuXbC6IfoW+5/qQNrdQ2mm9BFw5jOonBqchs18HTTf3441 + 6SWwP9fY3Vi+IZphPPi0Gf85oMStgnv/Wnw6LacEL32ek39Desero/D8iGLZernK + Q2mC9mua5A/bYGVhsNWyURNFkKdbFa+/wW3NfdKYyZnsSfo+jJ2luNewrhAY7Kod + GWXTer9RxzTGA3EXFGvNr+BBOOxSj0SfWTl0Olo7J5dnxof+jLAUS1VHpceHGHps + GSJSdir7NkZidgwoCPA7BTqsb5LN + =dXB0 + -----END PGP PUBLIC KEY BLOCK----- |