create local test-VM
This commit is contained in:
parent
33bfb4c427
commit
ed5ccb7e24
7 changed files with 363 additions and 1 deletions
30
Readme.md
30
Readme.md
|
@ -9,3 +9,33 @@ Ein server muss minimal vorbereitet sein, bevor er mit den hiesigen Skripten zum
|
||||||
- Es muss einen user admin geben, auf den die Admins Zugriff haben; dieser muss root-Zugang über sudo haben.
|
- Es muss einen user admin geben, auf den die Admins Zugriff haben; dieser muss root-Zugang über sudo haben.
|
||||||
|
|
||||||
Zusätzlich ist sehr empfehlenswert, dass die Admins die Maschinen mit ihren fqdns in ihrer ssh-config definiert haben.
|
Zusätzlich ist sehr empfehlenswert, dass die Admins die Maschinen mit ihren fqdns in ihrer ssh-config definiert haben.
|
||||||
|
|
||||||
|
Bisher gibt es hier zwei Sammlungen von files: zum Einen der Beginn des eigentlichen Zwecks: bisher kann eine Rolle (auf Basis der obigen Voraussetzungen) alle FFMWU-Server in dem ihnen allen identischen Aspekt vorberein, der Pflege der ssh keys der admins. Zum Anderen gibt es ein playbook, das eine lokale Test-VM aufsetzt, auf der man alle eigentlichen playbooks und Rollen testen kann, ohne ernsthaften Schaden anzurichten.
|
||||||
|
|
||||||
|
## Aufsetzen und Pflegen von Gateways
|
||||||
|
|
||||||
|
Alle FFMWU-Gatways sind auch FFMWU-Server, alle anderen server bei uns überraschenderweise auch; so sind auch alle im inventory in der Gruppe 'ff-servers' zusammengefasst. Der Aspekt, der allen FFMWU-Servern gemein ist, sind die ssh-keys der admins. Auf einigen servern gibt es allerdings weitere Zugriffsberechtigte (spezialisiert admins).
|
||||||
|
|
||||||
|
So gibt es eine Rolle ('ffmwu-server'), die allen hosts dieser Gruppe zugewiesen ist (über das playbook 'ffmwu-servers.yml'). Dieses playbook (einfach starten) weist die Rolle dazu, welche ihrerseits die shh keys auf den hosts pflegt.
|
||||||
|
|
||||||
|
Die Rolle besteht aus nur einem task und einer definierten Variable, die die keys der admins enthält. Sind auf einem host weitere ssh keys von Nöten, so werden disse als hostvar definiert.
|
||||||
|
|
||||||
|
## Erzeugen einer test-VM
|
||||||
|
|
||||||
|
Um die playbooks und Rollen gefahrlos testen zu können, bietet sich ein test host an. Hierfür kenn eine lokale VM zu Einsatz kommen, wenn die Voraussetzungen stimmen.
|
||||||
|
|
||||||
|
Damit auf der lokalen Maschine (der ansible controle machine) VMs ablaugen können, müssten verschiedene Voraussetzungen erfüllt sein. U. a.:
|
||||||
|
|
||||||
|
- installierte Pakete zu libvirt, kvm und qemu und Pakete virt-manager, isomaster
|
||||||
|
- >15G freier Plattenplatz
|
||||||
|
- ansible >= 2.1
|
||||||
|
|
||||||
|
Leifer sind die letzten 2 Meter der Aufgabe offenbar nicht automatisierbar. Deshalb muss der user an einer Stelle mit 'isomaster'kurz etwas manuell durchführen
|
||||||
|
Das playbook 'loctevm-reset.yml' einfach ausführen.
|
||||||
|
|
||||||
|
### bekannte Probleme
|
||||||
|
|
||||||
|
- Oft kann ansible die erzeugt VM nicht starten (um die debian-Installation anzustoßen; per Pedes (mit virt-manager) sollte es aber funktionieren.
|
||||||
|
- Ein Schritt scheint nicht automagisierbar, hier werden isomaster & der user benötigt.
|
||||||
|
- Beim ersten Start werden gelegentlich Laufwerke nicht akzeptiert.
|
||||||
|
- Bisher wird direkt die 64bit-Version ausgewählt.
|
||||||
|
|
|
@ -28,4 +28,4 @@ linse.freifunk-mwu.de # ext. DNS-master
|
||||||
#pudding.freifunk-mwu.de #
|
#pudding.freifunk-mwu.de #
|
||||||
|
|
||||||
[test-vms]
|
[test-vms]
|
||||||
local-test-vm.ffmwu.local vm_path=~/tmp/ffmwu-loctevm
|
local-test-vm.ffmwu.local
|
||||||
|
|
119
loctevm-reset-iso.inc.yml
Normal file
119
loctevm-reset-iso.inc.yml
Normal file
|
@ -0,0 +1,119 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: retrieve install iso
|
||||||
|
get_url:
|
||||||
|
checksum: "sha1:9ea657b3da44bedcfe86369496ba5bde119fdd9a"
|
||||||
|
dest: "{{ vm_path }}/debian-8.5.0-amd64-i386-netinst.iso"
|
||||||
|
force: no
|
||||||
|
url: "http://ftp.de.debian.org/debian-cd/8.5.0/multi-arch/iso-cd/debian-8.5.0-amd64-i386-netinst.iso"
|
||||||
|
delegate_to: 127.0.0.1 # local action
|
||||||
|
register: download
|
||||||
|
|
||||||
|
- name: assert existance of seeded iso
|
||||||
|
stat: path={{ vm_path }}/debian-8.5.0-amd64-i386-{{ inventory_hostname }}.iso
|
||||||
|
get_checksum=False get_md5=False mime=False
|
||||||
|
delegate_to: 127.0.0.1 # local action
|
||||||
|
register: seeded
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: clear leftover tmp files
|
||||||
|
file: path={{ vm_path }}/{{ lri_item }} state=absent
|
||||||
|
with_items:
|
||||||
|
- amdtxt.cfg
|
||||||
|
- isolinux.cfg
|
||||||
|
loop_control:
|
||||||
|
loop_var: lri_item
|
||||||
|
delegate_to: 127.0.0.1 # local action
|
||||||
|
|
||||||
|
- name: manual intervention 1 - extract configs
|
||||||
|
debug:
|
||||||
|
msg: |
|
||||||
|
*******************************
|
||||||
|
*
|
||||||
|
* MANUAL ACTION NEEDED (step 1)
|
||||||
|
* -----------------------------
|
||||||
|
* Please start isomaster debian-8.5.0-amd64-i386-netinst.iso
|
||||||
|
* in the host-directory {{ vm_path }}
|
||||||
|
* (WITHOUT stopping this playbook!)
|
||||||
|
* and extract the files amdtxt.cfg and isolinux.cfg
|
||||||
|
* from the iso-directory /isolinux
|
||||||
|
* to the host-directory {{ vm_path }} .
|
||||||
|
*
|
||||||
|
*******************************
|
||||||
|
delegate_to: 127.0.0.1 # local action
|
||||||
|
|
||||||
|
- name: wait for extraction of {{ vm_path }}/amdtxt.cfg
|
||||||
|
wait_for: path={{ vm_path }}/amdtxt.cfg state=present timeout=900
|
||||||
|
delegate_to: 127.0.0.1 # local action
|
||||||
|
|
||||||
|
- name: patch {{ vm_path }}/amdtxt.cfg
|
||||||
|
lineinfile:
|
||||||
|
dest: "{{ vm_path }}/amdtxt.cfg"
|
||||||
|
line: " append vga=788 initrd=/install.amd/initrd.gz auto=true preseed/file=/cdrom/preseed.cfg --- quiet"
|
||||||
|
regexp: "append vga=788 initrd"
|
||||||
|
state: present
|
||||||
|
delegate_to: 127.0.0.1 # local action
|
||||||
|
|
||||||
|
- name: wait for extraction of {{ vm_path }}/isolinux.cfg
|
||||||
|
wait_for: path={{ vm_path }}/isolinux.cfg state=present timeout=900
|
||||||
|
delegate_to: 127.0.0.1 # local action
|
||||||
|
|
||||||
|
- name: patch {{ vm_path }}/isolinux.cfg
|
||||||
|
lineinfile:
|
||||||
|
dest: "{{ vm_path }}/isolinux.cfg"
|
||||||
|
line: "default amd64-install"
|
||||||
|
regexp: "^default "
|
||||||
|
state: present
|
||||||
|
delegate_to: 127.0.0.1 # local action
|
||||||
|
|
||||||
|
- name: construct {{ vm_path }}/preseed.cfg
|
||||||
|
template:
|
||||||
|
dest: "{{ vm_path }}/preseed.cfg"
|
||||||
|
src: templates/preseed.cfg
|
||||||
|
delegate_to: 127.0.0.1 # local action
|
||||||
|
|
||||||
|
- name: manual intervention 1 - (re)install configs
|
||||||
|
debug: msg=|
|
||||||
|
*******************************
|
||||||
|
*
|
||||||
|
* MANUAL ACTION NEEDED (step 2)
|
||||||
|
* -----------------------------
|
||||||
|
* Please replace the files amdtxt.cfg and isolinux.cfg
|
||||||
|
* in the iso-directory /isolinux
|
||||||
|
* with the now patched files from host-directory {{ vm_path }} .
|
||||||
|
* Likewise copy preseed.cfg from the host-directory {{ vm_path }}
|
||||||
|
* to the iso-directory / .
|
||||||
|
* Finally save-as this patched iso file
|
||||||
|
* to debian-8.5.0-amd64-i386-{{ inventory_hostname }}.iso
|
||||||
|
* in the host-directory {{ vm_path }} .
|
||||||
|
*
|
||||||
|
*******************************
|
||||||
|
delegate_to: 127.0.0.1 # local action
|
||||||
|
|
||||||
|
- name: wait for emergence of {{ vm_path }}/debian-8.5.0-amd64-i386-{{ inventory_hostname }}.iso
|
||||||
|
wait_for: path={{ vm_path }}/debian-8.5.0-amd64-i386-{{ inventory_hostname }}.iso
|
||||||
|
state=present timeout=900
|
||||||
|
delegate_to: 127.0.0.1 # local action
|
||||||
|
|
||||||
|
when: download.changed or not seeded.stat.exists
|
||||||
|
# böock end
|
||||||
|
|
||||||
|
#- name: regenerate seeded copy when downloaded file changed
|
||||||
|
# copy:
|
||||||
|
# src: "{{ vm_path }}/debian-8.5.0-amd64-i386-netinst.iso"
|
||||||
|
# dest: "{{ vm_path }}/debian-8.5.0-amd64-i386-seeded.iso"
|
||||||
|
# force: yes
|
||||||
|
# remote_src: True # though remote equals local ...
|
||||||
|
# when: download.changed
|
||||||
|
# delegate_to: 127.0.0.1 # local action
|
||||||
|
# register: chngcopy
|
||||||
|
|
||||||
|
#- name: make seeded copy when absent
|
||||||
|
# copy:
|
||||||
|
# src: "{{ vm_path }}/debian-8.5.0-amd64-i386-netinst.iso"
|
||||||
|
# dest: "{{ vm_path }}/debian-8.5.0-amd64-i386-seeded.iso"
|
||||||
|
# force: no
|
||||||
|
# remote_src: True # though remote equals local ...
|
||||||
|
# delegate_to: 127.0.0.1 # local action
|
||||||
|
# register: primcopy
|
||||||
|
|
54
loctevm-reset.yml
Executable file
54
loctevm-reset.yml
Executable file
|
@ -0,0 +1,54 @@
|
||||||
|
#!/usr/bin/ansible-playbook
|
||||||
|
---
|
||||||
|
# localhost (aka 127.0.0.1) is the hypervisor (hard-coded)
|
||||||
|
|
||||||
|
- hosts: test-vms
|
||||||
|
#- hosts: local-test-vm.ffmwu.local
|
||||||
|
gather_facts: False
|
||||||
|
# remote_user: root
|
||||||
|
|
||||||
|
vars:
|
||||||
|
- vm_path: "{{ lookup('env','HOME') }}/tmp/ffmwu-loctevm"
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: ensure VM dir and vm image dir
|
||||||
|
file: path={{ vm_path }} state=directory mode=0700
|
||||||
|
delegate_to: 127.0.0.1 # local action
|
||||||
|
|
||||||
|
- name: exnsure image file
|
||||||
|
command: fallocate -l 15G {{ vm_path }}/loctevm.img
|
||||||
|
args:
|
||||||
|
creates: "{{ vm_path }}/loctevm.img"
|
||||||
|
delegate_to: 127.0.0.1 # local action
|
||||||
|
|
||||||
|
- name: get and prepare debian image file
|
||||||
|
include: loctevm-reset-iso.inc.yml
|
||||||
|
|
||||||
|
- name: find already defined local VMs
|
||||||
|
virt: command=list_vms
|
||||||
|
delegate_to: 127.0.0.1 # local action
|
||||||
|
become: True
|
||||||
|
register: vms
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: construct VM xml file
|
||||||
|
template:
|
||||||
|
src: templates/loctevm.xml
|
||||||
|
dest: "{{ vm_path }}/loctevm.xml"
|
||||||
|
delegate_to: 127.0.0.1 # local action
|
||||||
|
|
||||||
|
- name: define VM
|
||||||
|
virt:
|
||||||
|
command: define
|
||||||
|
name: "{{ inventory_hostname }}"
|
||||||
|
xml: "{{ lookup('file',vm_path ~ '/loctevm.xml') }}"
|
||||||
|
delegate_to: 127.0.0.1 # local action
|
||||||
|
|
||||||
|
when: not inventory_hostname in vms.list_vms
|
||||||
|
# block end
|
||||||
|
|
||||||
|
- name: create VM
|
||||||
|
virt:
|
||||||
|
state: running
|
||||||
|
name: "{{ inventory_hostname }}"
|
||||||
|
delegate_to: 127.0.0.1 # local action
|
6
templates/loctevm-pool.xml
Normal file
6
templates/loctevm-pool.xml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
<pool type="dir">
|
||||||
|
<name>loctevm-pool</name>
|
||||||
|
<target>
|
||||||
|
<path>{{ vm_path }}</path>
|
||||||
|
</target>
|
||||||
|
</pool>
|
58
templates/loctevm.xml
Normal file
58
templates/loctevm.xml
Normal file
|
@ -0,0 +1,58 @@
|
||||||
|
<!-- domain type='qemu' -->
|
||||||
|
<domain type='kvm'>
|
||||||
|
<name>{{ inventory_hostname }}</name>
|
||||||
|
<memory unit='M'>1024</memory>
|
||||||
|
<currentMemory unit='M'>512</currentMemory>
|
||||||
|
<vcpu>1</vcpu>
|
||||||
|
|
||||||
|
<cpu mode='host-passthrough'/>
|
||||||
|
<!-- fallback to host-model on errors -->
|
||||||
|
|
||||||
|
<os>
|
||||||
|
<type machine='pc'>hvm</type>
|
||||||
|
<boot dev='hd'/>
|
||||||
|
<boot dev='cdrom'/>
|
||||||
|
<bootmenu enable='no'/>
|
||||||
|
</os>
|
||||||
|
|
||||||
|
<features>
|
||||||
|
<acpi/>
|
||||||
|
<apic/>
|
||||||
|
<pae/>
|
||||||
|
</features>
|
||||||
|
|
||||||
|
<clock offset='utc'/>
|
||||||
|
|
||||||
|
<on_poweroff>destroy</on_poweroff>
|
||||||
|
<on_reboot>restart</on_reboot>
|
||||||
|
<on_crash>destroy</on_crash>
|
||||||
|
|
||||||
|
<devices>
|
||||||
|
<disk type='file' device='disk'>
|
||||||
|
<driver name='qemu' type='raw' cache='writeback'/>
|
||||||
|
<source file='{{ vm_path }}/loctevm.img'/>
|
||||||
|
<target dev='vda' bus='virtio'/>
|
||||||
|
</disk>
|
||||||
|
|
||||||
|
<disk type='file' device='cdrom'>
|
||||||
|
<source file='{{ vm_path }}/debian-8.5.0-amd64-i386-{{ inventory_hostname }}.iso'/>
|
||||||
|
<target dev='vdc' bus='virtio'/>
|
||||||
|
</disk>
|
||||||
|
|
||||||
|
<interface type='network'>
|
||||||
|
<source network='default'/>
|
||||||
|
<model type='virtio'/>
|
||||||
|
</interface>
|
||||||
|
|
||||||
|
<serial type='pty'>
|
||||||
|
<target port='0'/>
|
||||||
|
</serial>
|
||||||
|
<console type='pty'>
|
||||||
|
<target type='serial' port='0'/>
|
||||||
|
</console>
|
||||||
|
|
||||||
|
<input type='mouse' bus='ps2'/>
|
||||||
|
<graphics type='vnc' port='-1' autoport='yes'/>
|
||||||
|
<!-- graphics type='sdl' xauth='~/.Xauthority' fullscreen='no'/ -->
|
||||||
|
</devices>
|
||||||
|
</domain>
|
95
templates/preseed.cfg
Normal file
95
templates/preseed.cfg
Normal file
|
@ -0,0 +1,95 @@
|
||||||
|
d-i debian-installer/language string en
|
||||||
|
d-i debian-installer/country string NL
|
||||||
|
d-i debian-installer/locale string en_GB.UTF-8
|
||||||
|
|
||||||
|
d-i keyboard-configuration/xkb-keymap select de
|
||||||
|
|
||||||
|
d-i netcfg/choose_interface select auto
|
||||||
|
|
||||||
|
d-i netcfg/get_hostname string {{ inventory_hostname }}
|
||||||
|
d-i netcfg/get_domain string ffmwu.org
|
||||||
|
|
||||||
|
d-i mirror/country string manual
|
||||||
|
d-i mirror/http/hostname string ftp.de.debian.org
|
||||||
|
d-i mirror/http/directory string /debian
|
||||||
|
d-i mirror/http/proxy string
|
||||||
|
|
||||||
|
d-i passwd/root-login boolean false
|
||||||
|
d-i passwd/user-fullname string Debian User
|
||||||
|
d-i passwd/username string hein
|
||||||
|
d-i passwd/user-password password bloed
|
||||||
|
d-i passwd/user-password-again password bloed
|
||||||
|
#d-i passwd/user-password-crypted password [MD5 hash]
|
||||||
|
|
||||||
|
d-i clock-setup/utc boolean true
|
||||||
|
|
||||||
|
d-i time/zone string Europe/Amsterdam
|
||||||
|
|
||||||
|
d-i clock-setup/ntp boolean true
|
||||||
|
|
||||||
|
d-i partman-auto/disk string /dev/vda
|
||||||
|
d-i partman-auto/method string regular
|
||||||
|
|
||||||
|
d-i partman-auto/choose_recipe select atomic
|
||||||
|
|
||||||
|
d-i partman-partitioning/confirm_write_new_label boolean true
|
||||||
|
d-i partman/choose_partition select finish
|
||||||
|
d-i partman/confirm boolean true
|
||||||
|
d-i partman/confirm_nooverwrite boolean true
|
||||||
|
|
||||||
|
### Apt setup
|
||||||
|
# You can choose to install non-free and contrib software.
|
||||||
|
#d-i apt-setup/non-free boolean true
|
||||||
|
#d-i apt-setup/contrib boolean true
|
||||||
|
# Uncomment this if you don't want to use a network mirror.
|
||||||
|
#d-i apt-setup/use_mirror boolean false
|
||||||
|
# Select which update services to use; define the mirrors to be used.
|
||||||
|
# Values shown below are the normal defaults.
|
||||||
|
#d-i apt-setup/services-select multiselect security, updates
|
||||||
|
#d-i apt-setup/security_host string security.debian.org
|
||||||
|
|
||||||
|
# Additional repositories, local[0-9] available
|
||||||
|
#d-i apt-setup/local0/repository string \
|
||||||
|
# http://local.server/debian stable main
|
||||||
|
#d-i apt-setup/local0/comment string local server
|
||||||
|
# Enable deb-src lines
|
||||||
|
#d-i apt-setup/local0/source boolean true
|
||||||
|
# URL to the public key of the local repository; you must provide a key or
|
||||||
|
# apt will complain about the unauthenticated repository and so the
|
||||||
|
# sources.list line will be left commented out
|
||||||
|
#d-i apt-setup/local0/key string http://local.server/key
|
||||||
|
|
||||||
|
# By default the installer requires that repositories be authenticated
|
||||||
|
# using a known gpg key. This setting can be used to disable that
|
||||||
|
# authentication. Warning: Insecure, not recommended.
|
||||||
|
#d-i debian-installer/allow_unauthenticated boolean true
|
||||||
|
|
||||||
|
# Uncomment this to add multiarch configuration for i386
|
||||||
|
#d-i apt-setup/multiarch string i386
|
||||||
|
|
||||||
|
tasksel tasksel/first multiselect standard, web-server
|
||||||
|
|
||||||
|
d-i pkgsel/include string openssh-server build-essential
|
||||||
|
d-i pkgsel/upgrade select safe-upgrade
|
||||||
|
|
||||||
|
popularity-contest popularity-contest/participate boolean false
|
||||||
|
|
||||||
|
d-i grub-installer/only_debian boolean true
|
||||||
|
d-i grub-installer/with_other_os boolean true
|
||||||
|
|
||||||
|
d-i grub-installer/bootdev string /dev/vda
|
||||||
|
|
||||||
|
d-i finish-install/keep-consoles boolean true
|
||||||
|
|
||||||
|
d-i finish-install/reboot_in_progress note
|
||||||
|
|
||||||
|
#d-i debian-installer/exit/poweroff boolean true
|
||||||
|
|
||||||
|
### Preseeding other packages
|
||||||
|
# Depending on what software you choose to install, or if things go wrong
|
||||||
|
# during the installation process, it's possible that other questions may
|
||||||
|
# be asked. You can preseed those too, of course. To get a list of every
|
||||||
|
# possible question that could be asked during an install, do an
|
||||||
|
# installation, and then run these commands:
|
||||||
|
# debconf-get-selections --installer > file
|
||||||
|
# debconf-get-selections >> file
|
Loading…
Reference in a new issue