diff options
author | Lars Wirzenius <liw@liw.fi> | 2022-09-04 11:28:23 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2022-09-04 16:04:45 +0300 |
commit | 1653e31dcce6388f8760a0b4775bf32b4df5fb56 (patch) | |
tree | 4ecbde17b056f733e3471627fd92c1668d34d243 /installer-ansible.yml | |
parent | 61fe29561e4af97b27477eb67ae27a9828efde0a (diff) | |
download | v-i-1653e31dcce6388f8760a0b4775bf32b4df5fb56.tar.gz |
feat: provide addresses to LAN via DHCP
This will be useful for Puomi, the router distribution that uses v-i.
Sponsored-by: author
Diffstat (limited to 'installer-ansible.yml')
-rw-r--r-- | installer-ansible.yml | 166 |
1 files changed, 114 insertions, 52 deletions
diff --git a/installer-ansible.yml b/installer-ansible.yml index 627bffa..5911114 100644 --- a/installer-ansible.yml +++ b/installer-ansible.yml @@ -7,17 +7,23 @@ - hosts: image tasks: - - name: "set /etc/hostname" + # General configuration of installer system. + + - name: "install file with version info of installer" + copy: + content: | + {{ lookup('pipe', 'git describe --dirty') }} + dest: /etc/v-i-version + + - name: "set hostname in /etc/hostname" shell: | echo "{{ hostname }}" > /etc/hostname - - name: "unset root password" + - name: "unset root password so that virtual console logins work" shell: | sed -i '/^root:[^:]*:/s//root::/' /etc/passwd - # Remove ping to force it be reinstalled so that the right - # capabilities are set. - - name: "remove ping so it can be re-installed" + - name: "remove ping so it can be re-installed for the right capabilities" apt: name: iputils-ping state: absent @@ -27,50 +33,40 @@ name: iputils-ping state: present - - name: "uninstall rsyslogd" + - name: "uninstall rsyslogd to avoid writing logs to slow disk" apt: name: rsyslogd state: absent purge: yes - - name: "make systemd journal volatile (non-persistent)" + - name: "make systemd journal non-persistent, to avoid writing logs to slow disk" lineinfile: path: /etc/systemd/journald.conf regexp: Storage= line: Storage=volatile - - name: "drop ifupdown interfaces file" - file: - path: /etc/network/interfaces - state: absent + - name: "enable v-i-config service" + shell: | + install -d /etc/systemd/system/ssh.service.wants + ln -nsf /etc/systemd/system/v-i-config.service /etc/systemd/system/ssh.service.wants/v-i-config.service - - name: "enable systemd-networkd" - systemd: - name: systemd-networkd - enabled: true + # Install vmdb2, which actually does the installation to the + # target system. - - name: "add eth0.network" + - name: "add APT key for CI repo with vmdb2" copy: - content: | - [Match] - Name=eth0 + content: "{{ ci_prod_signing_key }}" + dest: /etc/apt/trusted.gpg.d/ci_prod.asc - [Network] - DHCP=ipv4 - dest: /etc/systemd/network/eth0.network + - name: "add CI repo with vmdb2 to apt sources" + apt_repository: + repo: "deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main" - - name: "create /root/.ssh" - file: - state: directory - path: /root/.ssh - owner: root - group: root - mode: 0700 + - name: "install vmdb2" + apt: + name: vmdb2 - - name: "enable v-i-config service" - shell: | - install -d /etc/systemd/system/ssh.service.wants - ln -nsf /etc/systemd/system/v-i-config.service /etc/systemd/system/ssh.service.wants/v-i-config.service + # Local specific configuration. - name: "configure keyboard layout" copy: @@ -97,38 +93,96 @@ shell: echo export LC_CTYPE=fi_FI.UTF8 >> /etc/profile.d/finnish.sh - - name: "configure Ethernet networking" - copy: - content: | - auto eth0 - iface eth0 inet dhcp - iface eth0 inet6 auto - dest: /etc/network/interfaces.d/wired + # SSH configuration. - - name: "restrict root logins over ssh" + - name: "restrict root logins over ssh to require a key" lineinfile: path: /etc/ssh/sshd_config regex: "#* *PasswordAuthentication" line: "PasswordAuthentication no" - - name: "add APT key for CI repo with vmdb2" + - name: "create /root/.ssh" + file: + state: directory + path: /root/.ssh + owner: root + group: root + mode: 0700 + + # Network configuration. + + - name: "remove ifupdown in favor of systemd-networkd" + apt: + name: ifupdown + state: absent + + - name: "enable systemd-networkd" + systemd: + name: systemd-networkd + enabled: true + + - name: "configure eth0 to get an address using DHCP" copy: - content: "{{ ci_prod_signing_key }}" - dest: /etc/apt/trusted.gpg.d/ci_prod.asc + content: | + [Match] + Name=eth0 - - name: "add CI repo with vmdb2 to apt sources" - apt_repository: - repo: "deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main" + [Network] + DHCP=ipv4 + dest: /etc/systemd/network/eth0.network - - name: "install vmdb2" + - name: "configure bridge device br0 for local network ports" + copy: + content: | + [NetDev] + Name=br0 + Kind=bridge + dest: /etc/systemd/network/br0.netdev + + - name: "add LAN devices to br0" + copy: + content: | + [Match] + Name=eth[^0]* + + [Network] + Bridge=br0 + dest: /etc/systemd/network/local.network + + - name: "configure bridge br0" + copy: + content: | + [Match] + Name=br0 + + [Network] + Address={{ lan_ip }}/24 + DHCPServer=false + IPForward=false + IPMasquerade=false + ConfigureWithoutCarrier=true + dest: /etc/systemd/network/br0.network + + - name: "install dnsmasq" apt: - name: vmdb2 + name: dnsmasq + + - name: "configure dnsmasq for configuration .d directory support" + lineinfile: + path: /etc/dnsmasq.conf + regexp: ^conf-dir + line: "conf-dir=/etc/dnsmasq.d/,*.conf" - - name: "install file with version info" + - name: "configure dnsmasq for local bridge br0" copy: content: | - {{ lookup('pipe', 'git describe --dirty') }} - dest: /etc/v-i-version + dhcp-range={{ dhcp_start }},{{ dhcp_end }},{{ dhcp_netmask }},{{ dhcp_lease }} + host-record={{ inventory_hostname }},{{ lan_ip }} + interface=br0 + interface=lo + max-cache-ttl=30 + neg-ttl=10 + dest: /etc/dnsmasq.d/router.conf vars: hostname: v-i @@ -163,3 +217,11 @@ GSJSdir7NkZidgwoCPA7BTqsb5LN =dXB0 -----END PGP PUBLIC KEY BLOCK----- + + + lan_ip: 10.20.20.1 + dhcp_start: 10.20.20.10 + dhcp_end: 10.20.20.250 + dhcp_netmask: 255.255.255.0 + dhcp_lease: 1h + |