blob: 7f344326c89adc7aef5cb08821a8dc4141ddece1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
|
- hosts: puomienv
remote_user: debian
become: yes
roles:
- sane_debian_system
- unix_users
tasks:
- name: "Install software"
apt:
name:
- qemu-system-x86
- virtinst
- virt-manager
- libvirt-daemon-system
- libvirt-clients
- libnss-libvirt
- python3-lxml
- vmadm
- jq
- libnss-libvirt
- ansible
- traceroute
- moreutils
- name: "configure nss to find VM names"
shell: |
if awk '$1 == "hosts:" && !/libvirt_guest/' /etc/nsswitch.conf | grep .
then
sed -i '/hosts:/s/files /files libvirt libvirt_guest /' /etc/nsswitch.conf
fi
- name: "put puomi into libvirt group"
user:
name: puomi
groups:
- libvirt
- name: "define libvirt network lan"
virt_net:
command: define
autostart: yes
name: lan
xml: |
<network>
<name>lan</name>
<bridge name='virbr1'/>
<forward/>
<ip address='192.168.40.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.40.2' end='192.168.40.254'/>
</dhcp>
</ip>
</network>
- name: "autostart libvirt network lan"
virt_net:
autostart: yes
name: lan
- name: "start libvirt network lan"
virt_net:
command: start
name: lan
- name: "define libvirt network wan"
virt_net:
command: define
autostart: yes
name: wan
xml: |
<network>
<name>wan</name>
<bridge name='virbr2'/>
<forward/>
<ip address='192.168.50.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.50.2' end='192.168.50.254'/>
</dhcp>
</ip>
</network>
- name: "autostart libvirt network wan"
virt_net:
autostart: yes
name: wan
- name: "start libvirt network wan"
virt_net:
command: start
name: wan
- name: "remove libvirt network default"
virt_net:
command: undefine
name: default
- name: "copy Debian 10 OpenStack image"
copy:
src: debian-10-openstack-amd64.qcow2
dest: /home/puomi/debian-10-openstack-amd64.qcow2
- name: "create ~puomi/.config/vmadm"
file:
state: directory
path: /home/puomi/.config/vmadm
owner: puomi
group: puomi
mode: 0755
- name: "configure vmadm"
copy:
src: vmadm.yaml
dest: /home/puomi/.config/vmadm/config.yaml
- name: "copy vmadm spec for VMs"
copy:
src: puomi.yaml
dest: /home/puomi/puomi.yaml
- name: "create ~puomi/.ssh"
file:
state: directory
path: /home/puomi/.ssh
owner: puomi
group: puomi
mode: 0700
- name: "copy SSH private key"
copy:
src: id_ed25519
dest: /home/puomi/.ssh/id_ed25519
owner: puomi
group: puomi
mode: 0600
- name: "copy SSH public key"
copy:
src: id_ed25519.pub
dest: /home/puomi/.ssh/id_ed25519.pub
owner: puomi
group: puomi
- name: "copy SSH CA private key"
copy:
src: ca
dest: /home/puomi/.ssh/ca
owner: puomi
group: puomi
mode: 0600
- name: "copy SSH CA public key"
copy:
src: ca.pub
dest: /home/puomi/.ssh/ca.pub
owner: puomi
group: puomi
- name: "configure SSH client to trust SSH CA host certificates"
shell: |
echo "@cert-authority * $(cat /home/puomi/.ssh/ca.pub)" | tee /home/puomi/.ssh/known_hosts
chown puomi:puomi /home/puomi/.ssh/known_hosts
- name: "copy files"
copy:
src: "{{ item }}"
dest: "/home/puomi/{{ item }}"
owner: puomi
group: puomi
mode: 0755
loop:
- inner.yml
- inner-hosts
- name: "copy scripts"
copy:
src: "{{ item }}"
dest: "/home/puomi/{{ item }}"
owner: puomi
group: puomi
mode: 0755
loop:
- getip.py
- setup-inner.sh
vars:
sane_debian_system_version: 2
unix_users_version: 2
sane_debian_system_hostname: puomienv
sane_debian_system_codename: buster
sane_debian_system_mirror: deb.debian.org
ansible_python_interpreter: /usr/bin/python3
unix_users:
- username: puomi
comment: Puomi for testing
authorized_keys: |
{{ ssh_pub }}
sane_debian_system_sources_lists:
- repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main
signing_key: "{{ ci_prod_signing_key }}"
ssh_pub: |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA4hKoygOkXNujMW40d2F93lIMbyu0ZwXSBQ2S17R6a8 liw@exolobe1
ci_prod_signing_key: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFrLO7kBEADdz6mHstYmKU5Dp6OSjxWtWaqTDOX1sJdmmaIK/9EKVIH0Maxp
5kvVO5G6mULLAjv/kLG0MxasHPrq8I2A/y8AqKAGVL8QelwLjQMIFZ30/VbGQPHS
+T5TZXEnoQtNce1GUhFwJ38ZyjjwHBFV9tSec7rZ2Q3YeM3nNnGPf6DacXGfEOPO
HIN4sXAN2hzNXNjKRzTIvxQseb6nr7afUh/SlZ3yhQOCrIzmYlD7tP9WJe7ofL0p
JY4pDQYw8rT6nC2BE/ioemh84kERCT1vCe+OVFlSRuMlqfEv+ZpKQ+itOmPDQ/lM
jpUm1K2hrW/lWpxT/ZxHKo/w1K36J5WshgMZxfUu5BMCL9LMqMcrXNhNjDMfxDMM
3yBPOvQ4ls6fecOZ/bsFo1p8VzMk/w/eG8vPs5yuNa5XxN95yFMXoOHGb5Xbu8D4
6yiW+Af70LbiSNpGdmNdneiGB2fY38NxBukPw5u3S5qG8HedSmMr1RvSr5kHoAAe
UbOY+BYaaKsTAT7+1skUW1o3FJSqoRKCHAzTsMWC6zzhR8hRn7jVrrguH1hGbqq5
TZSCFQZExuTJ7uXrTLG0WoBXIjB5wWNcSeXn8myUWYB51nJNF4tJBouZOz9JwWGl
kiAQkrHnBttLQWdW9FyjbIoTZMtpvVx+m6ObGTGdGL1cNlLAvWprMXGc+QARAQAB
tDJJY2sgQVBUIHJlcG9zaXRvcnkgc2lnbmluZyBrZXkgKDIwMTgpIDxsaXdAbGl3
LmZpPokCTgQTAQgAOBYhBKL1uyDoXyxUH3O717Wr+TZVS6PGBQJayzu5AhsDBQsJ
CAcCBhUICQoLAgQWAgMBAh4BAheAAAoJELWr+TZVS6PGB5QQANTcikhRUHwt9N4h
dGc/Hp6CbqdshMoWlwpFskttoVDxQG5OAobuZl5XyzGcmja1lT85RGkZFfbca0IZ
LnXOLLSAu51QBkXNaj4OhjK/0uQ+ITrvL6RQSXNgHiUTR/W2XD1GIUq6nBqe2GSN
31S1baYKKVj5QIMsi7Dq8ls3BBXuPCE+xTSaNmGWjes2t9pPidcRvxsksCLY1qgw
P1GFXBeMkBQ29kBP87SUL15SIk7OiQLlEURCy5iRls5rt/YEsdEpRWIb0Tm5Nrjv
2M3VM+iBhfNXTwj0rJ34mlycF1qQmA7YcTEobT7z587GPY0VWzBpQUnEQj7rQWPM
cDYY0b+I6kQ8VKOaL4wVAtE98d7HzFIrIrwhTKufnrWrVDPYsmLZ+LPC1jiF7JBD
SR6Vftb+SdDR9xoE1yRuXbC6IfoW+5/qQNrdQ2mm9BFw5jOonBqchs18HTTf3441
6SWwP9fY3Vi+IZphPPi0Gf85oMStgnv/Wnw6LacEL32ek39Desero/D8iGLZernK
Q2mC9mua5A/bYGVhsNWyURNFkKdbFa+/wW3NfdKYyZnsSfo+jJ2luNewrhAY7Kod
GWXTer9RxzTGA3EXFGvNr+BBOOxSj0SfWTl0Olo7J5dnxof+jLAUS1VHpceHGHps
GSJSdir7NkZidgwoCPA7BTqsb5LN
=dXB0
-----END PGP PUBLIC KEY BLOCK-----
|