- hosts: puomienv
remote_user: debian
become: yes
roles:
- sane_debian_system
- unix_users
tasks:
- name: "Install software"
apt:
name:
- qemu-system-x86
- virtinst
- virt-manager
- libvirt-daemon-system
- libvirt-clients
- libnss-libvirt
- python3-lxml
- vmadm
- jq
- libnss-libvirt
- ansible
- traceroute
- moreutils
- name: "configure nss to find VM names"
shell: |
if awk '$1 == "hosts:" && !/libvirt_guest/' /etc/nsswitch.conf | grep .
then
sed -i '/hosts:/s/files /files libvirt libvirt_guest /' /etc/nsswitch.conf
fi
- name: "put puomi into libvirt group"
user:
name: puomi
groups:
- libvirt
- name: "define libvirt network lan"
virt_net:
command: define
autostart: yes
name: lan
xml: |
lan
- name: "autostart libvirt network lan"
virt_net:
autostart: yes
name: lan
- name: "start libvirt network lan"
virt_net:
command: start
name: lan
- name: "define libvirt network wan"
virt_net:
command: define
autostart: yes
name: wan
xml: |
wan
- name: "autostart libvirt network wan"
virt_net:
autostart: yes
name: wan
- name: "start libvirt network wan"
virt_net:
command: start
name: wan
- name: "remove libvirt network default"
virt_net:
command: undefine
name: default
- name: "copy Debian 10 OpenStack image"
copy:
src: debian-10-openstack-amd64.qcow2
dest: /home/puomi/debian-10-openstack-amd64.qcow2
- name: "create ~puomi/.config/vmadm"
file:
state: directory
path: /home/puomi/.config/vmadm
owner: puomi
group: puomi
mode: 0755
- name: "configure vmadm"
copy:
src: vmadm.yaml
dest: /home/puomi/.config/vmadm/config.yaml
- name: "copy vmadm spec for VMs"
copy:
src: puomi.yaml
dest: /home/puomi/puomi.yaml
- name: "create ~puomi/.ssh"
file:
state: directory
path: /home/puomi/.ssh
owner: puomi
group: puomi
mode: 0700
- name: "copy SSH private key"
copy:
src: id_ed25519
dest: /home/puomi/.ssh/id_ed25519
owner: puomi
group: puomi
mode: 0600
- name: "copy SSH public key"
copy:
src: id_ed25519.pub
dest: /home/puomi/.ssh/id_ed25519.pub
owner: puomi
group: puomi
- name: "copy SSH CA private key"
copy:
src: ca
dest: /home/puomi/.ssh/ca
owner: puomi
group: puomi
mode: 0600
- name: "copy SSH CA public key"
copy:
src: ca.pub
dest: /home/puomi/.ssh/ca.pub
owner: puomi
group: puomi
- name: "configure SSH client to trust SSH CA host certificates"
shell: |
echo "@cert-authority * $(cat /home/puomi/.ssh/ca.pub)" | tee /home/puomi/.ssh/known_hosts
chown puomi:puomi /home/puomi/.ssh/known_hosts
- name: "copy files"
copy:
src: "{{ item }}"
dest: "/home/puomi/{{ item }}"
owner: puomi
group: puomi
mode: 0755
loop:
- inner.yml
- inner-hosts
- name: "copy scripts"
copy:
src: "{{ item }}"
dest: "/home/puomi/{{ item }}"
owner: puomi
group: puomi
mode: 0755
loop:
- getip.py
- setup-inner.sh
vars:
sane_debian_system_version: 2
unix_users_version: 2
sane_debian_system_hostname: puomienv
sane_debian_system_codename: buster
sane_debian_system_mirror: deb.debian.org
ansible_python_interpreter: /usr/bin/python3
unix_users:
- username: puomi
comment: Puomi for testing
authorized_keys: |
{{ ssh_pub }}
sane_debian_system_sources_lists:
- repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main
signing_key: "{{ ci_prod_signing_key }}"
ssh_pub: |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA4hKoygOkXNujMW40d2F93lIMbyu0ZwXSBQ2S17R6a8 liw@exolobe1
ci_prod_signing_key: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFrLO7kBEADdz6mHstYmKU5Dp6OSjxWtWaqTDOX1sJdmmaIK/9EKVIH0Maxp
5kvVO5G6mULLAjv/kLG0MxasHPrq8I2A/y8AqKAGVL8QelwLjQMIFZ30/VbGQPHS
+T5TZXEnoQtNce1GUhFwJ38ZyjjwHBFV9tSec7rZ2Q3YeM3nNnGPf6DacXGfEOPO
HIN4sXAN2hzNXNjKRzTIvxQseb6nr7afUh/SlZ3yhQOCrIzmYlD7tP9WJe7ofL0p
JY4pDQYw8rT6nC2BE/ioemh84kERCT1vCe+OVFlSRuMlqfEv+ZpKQ+itOmPDQ/lM
jpUm1K2hrW/lWpxT/ZxHKo/w1K36J5WshgMZxfUu5BMCL9LMqMcrXNhNjDMfxDMM
3yBPOvQ4ls6fecOZ/bsFo1p8VzMk/w/eG8vPs5yuNa5XxN95yFMXoOHGb5Xbu8D4
6yiW+Af70LbiSNpGdmNdneiGB2fY38NxBukPw5u3S5qG8HedSmMr1RvSr5kHoAAe
UbOY+BYaaKsTAT7+1skUW1o3FJSqoRKCHAzTsMWC6zzhR8hRn7jVrrguH1hGbqq5
TZSCFQZExuTJ7uXrTLG0WoBXIjB5wWNcSeXn8myUWYB51nJNF4tJBouZOz9JwWGl
kiAQkrHnBttLQWdW9FyjbIoTZMtpvVx+m6ObGTGdGL1cNlLAvWprMXGc+QARAQAB
tDJJY2sgQVBUIHJlcG9zaXRvcnkgc2lnbmluZyBrZXkgKDIwMTgpIDxsaXdAbGl3
LmZpPokCTgQTAQgAOBYhBKL1uyDoXyxUH3O717Wr+TZVS6PGBQJayzu5AhsDBQsJ
CAcCBhUICQoLAgQWAgMBAh4BAheAAAoJELWr+TZVS6PGB5QQANTcikhRUHwt9N4h
dGc/Hp6CbqdshMoWlwpFskttoVDxQG5OAobuZl5XyzGcmja1lT85RGkZFfbca0IZ
LnXOLLSAu51QBkXNaj4OhjK/0uQ+ITrvL6RQSXNgHiUTR/W2XD1GIUq6nBqe2GSN
31S1baYKKVj5QIMsi7Dq8ls3BBXuPCE+xTSaNmGWjes2t9pPidcRvxsksCLY1qgw
P1GFXBeMkBQ29kBP87SUL15SIk7OiQLlEURCy5iRls5rt/YEsdEpRWIb0Tm5Nrjv
2M3VM+iBhfNXTwj0rJ34mlycF1qQmA7YcTEobT7z587GPY0VWzBpQUnEQj7rQWPM
cDYY0b+I6kQ8VKOaL4wVAtE98d7HzFIrIrwhTKufnrWrVDPYsmLZ+LPC1jiF7JBD
SR6Vftb+SdDR9xoE1yRuXbC6IfoW+5/qQNrdQ2mm9BFw5jOonBqchs18HTTf3441
6SWwP9fY3Vi+IZphPPi0Gf85oMStgnv/Wnw6LacEL32ek39Desero/D8iGLZernK
Q2mC9mua5A/bYGVhsNWyURNFkKdbFa+/wW3NfdKYyZnsSfo+jJ2luNewrhAY7Kod
GWXTer9RxzTGA3EXFGvNr+BBOOxSj0SfWTl0Olo7J5dnxof+jLAUS1VHpceHGHps
GSJSdir7NkZidgwoCPA7BTqsb5LN
=dXB0
-----END PGP PUBLIC KEY BLOCK-----