summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLars Wirzenius <liw@liw.fi>2022-01-07 15:06:29 +0200
committerLars Wirzenius <liw@liw.fi>2022-01-07 18:52:02 +0200
commit2c3f88259122323eb73eb40f4dec9d66483d926c (patch)
treeca22c3b0740bb2db51f1775d80dec57b7317140f
parent79dd4f5367ca66df6c2c56b751b4582554e39032 (diff)
downloadv-i-2c3f88259122323eb73eb40f4dec9d66483d926c.tar.gz
feat: make v-i script support my standard base install
Also, put as many packages as possible inside the cached portion, for speed. Sponsored-by: author
Diffstat
-rwxr-xr-xbuild-installer.sh2
-rw-r--r--installer.vmdb (renamed from v-i.vmdb)4
-rw-r--r--installer.yml (renamed from v-i.yml)9
-rw-r--r--liw.yml8
-rw-r--r--std.yml113
-rwxr-xr-xv-i64
6 files changed, 168 insertions, 32 deletions
diff --git a/build-installer.sh b/build-installer.sh
index 1927fa2..6ed4e6f 100755
--- a/build-installer.sh
+++ b/build-installer.sh
@@ -4,5 +4,5 @@ set -eu -o pipefail
tarball="$1"
-vmdb2 --output v-i.img --log v-i.log v-i.vmdb \
+vmdb2 --output installer.img --log installer.log installer.vmdb \
--verbose --rootfs-tarball "$tarball"
diff --git a/v-i.vmdb b/installer.vmdb
index 9411282..218a809 100644
--- a/v-i.vmdb
+++ b/installer.vmdb
@@ -65,10 +65,6 @@ steps:
- ansible: /
playbook: v-i.yml
- - copy-file: /root/x220.sh
- src: x220.sh
- perm: 0755
-
- fstab: /
- grub: uefi
diff --git a/v-i.yml b/installer.yml
index 541d045..ad0d2f6 100644
--- a/v-i.yml
+++ b/installer.yml
@@ -26,7 +26,7 @@
- name: "set root authorized keys"
copy:
content: |
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQe6lsTapAxiwhhEeE/ixuK+5N8esCsMWoekQqjtxjP liw personal systems
+ {{ user_pub }}
dest: /root/.ssh/authorized_keys
owner: root
group: root
@@ -76,11 +76,6 @@
src: "{{ rootfs_tarball }}"
dest: /root/rootfs.tar.gz
- - name: "add my ssh pub key to root's authorized keys"
- authorized_key:
- user: root
- key: "{{ user_pub }}"
-
- name: "add APT key for CI repo with vmdb2"
copy:
content: "{{ ci_prod_signing_key }}"
@@ -98,7 +93,7 @@
hostname: v-i
ansible_python_interpreter: /usr/bin/python3
user_pub: |
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAlECa3tbFGXhB3Zh/4/GhM11THOThVfiuLqqJ2dpWHEClzpKJHpzzwWt7g9z/MMQNMsUJLy+okz+De6hdjjmYJ9kG9Sr3H4YKq6itGQMj7L/cH3WS3ynp0uy0oW3hf932vDZKQ8iy9vczXH+ERYl+4TYae1Jp4Hyf4/2IYxEfuhKctvSvqySST3Qk9JNZ71HFGOWhjH/MmoCLoT1v+HkqmHdYf/GMKGRo3gqCEGgCgNErYYIyKm3OF3dHXK+hyGLE/cZNu6fU5woW3rvtUCFt08Ri2pm0cnXXJn9jQIMxfS5Kkf64svwgzKmPqgX1f4flopYPlsBXduCgzbJvj+lpgauAk/i1A5B01CFa9sI4C6pHZmwk1qxRwN+4IXL2CQt+tDgYC84ZDDd8R7cNyL22a3KhMQmdHtvog1beAa3Ab+J+cafkXXN+Es9f1wQjzk7DiHupmJIVofBvPP+cRcB46rwha6ati8Fa5QkT9rXFNqQsKk7jq8TIi54Bm15OOa0jInGG3TM17b9Ftu2WTJSAaqgBnDfZiInK7HEvC6K/IBljrN3oGagmFZPrAvzw7d6C2/nKFAQtfoMcE5oWVDrJyjsmJ8oaru0E8rwj7mMvyKPgEMnXTGXLWDgEo50+i291m4bkCxVwiOPbPRvdMll1Y8qfBAPT76sY4Ikgcw/2iw== openpgp:0xBBE80E50
+ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQe6lsTapAxiwhhEeE/ixuK+5N8esCsMWoekQqjtxjP liw personal systems
ci_prod_signing_key: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
diff --git a/liw.yml b/liw.yml
new file mode 100644
index 0000000..35fc54d
--- /dev/null
+++ b/liw.yml
@@ -0,0 +1,8 @@
+hostname: x220
+user_pub: |
+ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQe6lsTapAxiwhhEeE/ixuK+5N8esCsMWoekQqjtxjP liw personal systems
+user_locale: |
+ LC_CTYPE=fi_FI.UTF8
+user_keyboard_model: pc105
+user_keyboard_layout: fi
+user_console_codeset: Lat15
diff --git a/std.yml b/std.yml
new file mode 100644
index 0000000..f2911ad
--- /dev/null
+++ b/std.yml
@@ -0,0 +1,113 @@
+# Ansible playbook to install stuff for a standard install with v-i.
+
+- hosts: image
+ tasks:
+ - name: "set /etc/hostname"
+ copy:
+ content: |
+ {{ hostname }}
+ dest: /etc/hostname
+
+ - name: "disable root password"
+ shell: |
+ passwd -l root
+
+ - name: "create ~root/.ssh"
+ file:
+ state: directory
+ path: /root/.ssh
+ owner: root
+ group: root
+ mode: 0700
+
+ - name: "set ~root/.ssh/authorized keys"
+ copy:
+ content: |
+ {{ user_pub }}
+ dest: /root/.ssh/authorized_keys
+ owner: root
+ group: root
+ mode: 0600
+
+ - name: "configure keyboard layout"
+ copy:
+ content: |
+ XKBMODEL="{{ user_keyboard_model }}"
+ XKBLAYOUT="{{ user_keyboard_layout }}"
+ XKBVARIANT=""
+ XKBOPTIONS=""
+ BACKSPACE="guess"
+ dest: /etc/default/keyboard
+
+ - name: "configure console"
+ copy:
+ content: |
+ ACTIVE_CONSOLES="/dev/tty[1-6]"
+ CHARMAP="UTF-8"
+ CODESET="{{ user_console_codeset }}"
+ FONTFACE="Fixed"
+ FONTSIZE="8x16"
+ VIDEOMODE=
+ dest: /etc/default/console-setup
+
+ - name: "set default locales for all users"
+ copy:
+ content: |
+ {{ user_locale }}
+ dest: /etc/profile.d/finnish.sh
+
+ - name: "configure Ethernet networking"
+ copy:
+ content: |
+ auto eth0
+ iface eth0 inet dhcp
+ iface eth0 inet6 auto
+ dest: /etc/network/interfaces.d/wired
+
+ # - name: "restrict root logins over ssh"
+ # lineinfile:
+ # path: /etc/ssh/sshd_config
+ # regex: "#* *PasswordAuthentication"
+ # line: "PasswordAuthentication no"
+
+ vars:
+ hostname: v-i
+ user_pub: |
+ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQe6lsTapAxiwhhEeE/ixuK+5N8esCsMWoekQqjtxjP liw personal systems
+ user_locale: |
+ LC_CTYPE=fi_FI.UTF8
+ user_keyboard_model: pc105
+ user_keyboard_layout: fi
+ user_console_codeset: Lat15
+
+ ansible_python_interpreter: /usr/bin/python3
+ ci_prod_signing_key: |
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+ mQINBFrLO7kBEADdz6mHstYmKU5Dp6OSjxWtWaqTDOX1sJdmmaIK/9EKVIH0Maxp
+ 5kvVO5G6mULLAjv/kLG0MxasHPrq8I2A/y8AqKAGVL8QelwLjQMIFZ30/VbGQPHS
+ +T5TZXEnoQtNce1GUhFwJ38ZyjjwHBFV9tSec7rZ2Q3YeM3nNnGPf6DacXGfEOPO
+ HIN4sXAN2hzNXNjKRzTIvxQseb6nr7afUh/SlZ3yhQOCrIzmYlD7tP9WJe7ofL0p
+ JY4pDQYw8rT6nC2BE/ioemh84kERCT1vCe+OVFlSRuMlqfEv+ZpKQ+itOmPDQ/lM
+ jpUm1K2hrW/lWpxT/ZxHKo/w1K36J5WshgMZxfUu5BMCL9LMqMcrXNhNjDMfxDMM
+ 3yBPOvQ4ls6fecOZ/bsFo1p8VzMk/w/eG8vPs5yuNa5XxN95yFMXoOHGb5Xbu8D4
+ 6yiW+Af70LbiSNpGdmNdneiGB2fY38NxBukPw5u3S5qG8HedSmMr1RvSr5kHoAAe
+ UbOY+BYaaKsTAT7+1skUW1o3FJSqoRKCHAzTsMWC6zzhR8hRn7jVrrguH1hGbqq5
+ TZSCFQZExuTJ7uXrTLG0WoBXIjB5wWNcSeXn8myUWYB51nJNF4tJBouZOz9JwWGl
+ kiAQkrHnBttLQWdW9FyjbIoTZMtpvVx+m6ObGTGdGL1cNlLAvWprMXGc+QARAQAB
+ tDJJY2sgQVBUIHJlcG9zaXRvcnkgc2lnbmluZyBrZXkgKDIwMTgpIDxsaXdAbGl3
+ LmZpPokCTgQTAQgAOBYhBKL1uyDoXyxUH3O717Wr+TZVS6PGBQJayzu5AhsDBQsJ
+ CAcCBhUICQoLAgQWAgMBAh4BAheAAAoJELWr+TZVS6PGB5QQANTcikhRUHwt9N4h
+ dGc/Hp6CbqdshMoWlwpFskttoVDxQG5OAobuZl5XyzGcmja1lT85RGkZFfbca0IZ
+ LnXOLLSAu51QBkXNaj4OhjK/0uQ+ITrvL6RQSXNgHiUTR/W2XD1GIUq6nBqe2GSN
+ 31S1baYKKVj5QIMsi7Dq8ls3BBXuPCE+xTSaNmGWjes2t9pPidcRvxsksCLY1qgw
+ P1GFXBeMkBQ29kBP87SUL15SIk7OiQLlEURCy5iRls5rt/YEsdEpRWIb0Tm5Nrjv
+ 2M3VM+iBhfNXTwj0rJ34mlycF1qQmA7YcTEobT7z587GPY0VWzBpQUnEQj7rQWPM
+ cDYY0b+I6kQ8VKOaL4wVAtE98d7HzFIrIrwhTKufnrWrVDPYsmLZ+LPC1jiF7JBD
+ SR6Vftb+SdDR9xoE1yRuXbC6IfoW+5/qQNrdQ2mm9BFw5jOonBqchs18HTTf3441
+ 6SWwP9fY3Vi+IZphPPi0Gf85oMStgnv/Wnw6LacEL32ek39Desero/D8iGLZernK
+ Q2mC9mua5A/bYGVhsNWyURNFkKdbFa+/wW3NfdKYyZnsSfo+jJ2luNewrhAY7Kod
+ GWXTer9RxzTGA3EXFGvNr+BBOOxSj0SfWTl0Olo7J5dnxof+jLAUS1VHpceHGHps
+ GSJSdir7NkZidgwoCPA7BTqsb5LN
+ =dXB0
+ -----END PGP PUBLIC KEY BLOCK-----
diff --git a/v-i b/v-i
index bf1903e..49721e4 100755
--- a/v-i
+++ b/v-i
@@ -107,7 +107,7 @@ def clean_up_disks():
run(["cryptsetup", "close", mapping], check=False)
-def vmdb_spec(cryptsetup_password, playbook):
+def vmdb_spec(cryptsetup_password, playbook, extra_vars):
device = "{{ image }}"
spec = {
"steps": [
@@ -190,16 +190,17 @@ def vmdb_spec(cryptsetup_password, playbook):
{
"mount": "root",
},
- {"mount": "boot", "dirname": "/boot", "mount-on": "root"},
+ {
+ "mount": "boot",
+ "dirname": "/boot",
+ "mount-on": "root",
+ },
{
"mount": "efi",
"dirname": "/boot/efi",
"mount-on": "boot",
},
{
- "virtual-filesystems": "root",
- },
- {
"unpack-rootfs": "root",
},
{
@@ -209,35 +210,46 @@ def vmdb_spec(cryptsetup_password, playbook):
"unless": "rootfs_unpacked",
},
{
+ "apt": "install",
+ "packages": [
+ "console-setup",
+ "dosfstools",
+ "ifupdown",
+ "linux-image-amd64",
+ "locales-all",
+ "lvm2",
+ "psmisc",
+ "python3",
+ "ssh",
+ "strace",
+ ],
+ "tag": "root",
+ "unless": "rootfs_unpacked",
+ },
+ {
"cache-rootfs": "root",
"unless": "rootfs_unpacked",
},
{
- "fstab": "root",
+ # This MUST be after the debootstrap step.
+ "virtual-filesystems": "root",
},
{
- "apt": "install",
- "packages": ["linux-image-amd64"],
- "tag": "root",
+ "fstab": "root",
},
{
+ # These MUST come after the fstab step so that they add the
+ # crypttab in the initramfs.
"apt": "install",
"packages": [
- "console-setup",
"cryptsetup",
"cryptsetup-initramfs",
- "dosfstools",
- "ifupdown",
- "locales-all",
- "lvm2",
- "psmisc",
- "python3",
- "ssh",
- "strace",
],
"tag": "root",
},
{
+ # This also MUST come outside the rootfs caching, as it install
+ # things outside the file systems.
"grub": "uefi",
"tag": "root",
"efi": "efi",
@@ -249,7 +261,9 @@ def vmdb_spec(cryptsetup_password, playbook):
# If a playbook has been specified, add an ansible step.
if playbook:
- spec["steps"].append({"ansible": "root", "playbook": playbook})
+ spec["steps"].append(
+ {"ansible": "root", "playbook": playbook, "extra_vars": extra_vars}
+ )
return spec
@@ -260,13 +274,19 @@ def main():
p.add_argument("--log", default="install.log")
p.add_argument("--cache", default="cache.tar.gz")
p.add_argument("--playbook")
+ p.add_argument("--vars")
p.add_argument("--luks")
p.add_argument("device")
args = p.parse_args()
+ extra_vars = {}
+ if args.vars:
+ with open(args.vars) as f:
+ extra_vars = yaml.safe_load(f)
+
clean_up_disks()
- spec = vmdb_spec(args.luks, args.playbook)
+ spec = vmdb_spec(args.luks, args.playbook, extra_vars)
tmp = tempfile.mkdtemp()
specfile = os.path.join(tmp, "spec.yaml")
if args.verbose:
@@ -275,6 +295,10 @@ def main():
yaml.dump(spec, stream=f, indent=4)
log(f"run vmdb2 to install on {args.device}")
+ env = dict(os.environ)
+ env["ANSIBLE_STDOUT_CALLBACK"] = "yaml"
+ env["ANSIBLE_NOCOWS"] = "1"
+ env["ANSIBLE_LOG_PATH"] = "ansible.log"
run(
[
"vmdb2",
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-15 10:20:12 +0000