Commit 5f95b044 authored by bgm's avatar bgm Committed by bgm
Browse files

ansible: sync kvm-server role with symbiotic

parent 9009b63e
---
# The VM user password is changed once the VM is booted, so this doesn't need to be saved
kvm_preseed_password: "{{ lookup('password', '/dev/null chars=ascii_letters length=15') }}"
kvm_preseed_language: en
kvm_preseed_country: US
kvm_preseed_locale: en_US
......@@ -2,51 +2,70 @@
# NB: netcat-openbsd is required if using virt-manager GUI (requires -U option).
- apt: name={{ item }} state=present install_recommends=no default_release=jessie-backports
with_items:
- linux-image-amd64
- linux-headers-amd64
when: ansible_distribution_release == "jessie"
- apt: name={{ item }} state=present install_recommends=no
with_items:
- linux-image-amd64
- linux-headers-amd64
when: ansible_distribution_release != "jessie"
tags:
- packages
# FIXME: on Stretch, requires "contrib"
- apt: name={{ item }} state=present install_recommends=no
with_items:
- openntpd
- kvm
- qemu-kvm
- virtinst
- bridge-utils
- netcat-openbsd
- nvme-cli
- parted
- zfs-dkms
- zfsutils-linux
- zfs-zed
tags:
- packages
- apt: name={{ item }} state=present install_recommends=no
with_items:
- libvirt-bin
- libvirt-daemon
- libvirt-daemon-system
when: ansible_distribution_release == "jessie"
- name: Modprobe zfs
shell: modprobe zfs
tags:
- kvm-server-zfs
- name: zfs | make sure that the module is loaded at boot
copy:
content: "zfs"
dest: "/etc/modules-load.d/zfs.conf"
owner: "root"
group: "root"
mode: '0644'
tags:
- kvm-server-zfs
- name: zfs | modprobe arc memory limit
copy:
content: "options zfs zfs_arc_max=1073741824"
dest: "/etc/modprobe.d/zfs.conf"
owner: "root"
group: "root"
mode: '0644'
tags:
- kvm-server-zfs
- apt: name={{ item }} state=present install_recommends=no
with_items:
- zfsutils-linux
- zfs-zed
- libvirt-clients
- libvirt-daemon
- libvirt-daemon-system
when: ansible_distribution_release == "stretch"
- virt-top
- service: name=openntpd state=started enabled=yes
# TODO:
# - had to "rm /boot/bzImage-3.14.32-xxxx-grs-ipv6-64" otherwise it would
# boot automatically on this kernel, and this causes issues with dkms for ZFS.
# - network interface configuration
- name: Ensure that OVH defaults are absent
file: path="/etc/systemd/network/{{ item }}" state=absent
with_items:
- 50-default.network
- 50-public-interface.link
- pub.network
tags:
- kvm-server-networkd
- name: Deploy the network interfaces configuration
template:
......@@ -57,22 +76,11 @@
mode: 0644
with_items:
- 50-br0.netdev
- 50-default.network
- 50-br0.network
- 50-network-interface.network
tags:
- kvm-server-networkd
# FIXME: not sure if these are the correct file names, some are the same as above.
# - name: Ensure that OVH defaults are absent
# file: path="/etc/systemd/network/{{ item }}" state=absent
# with_items:
# - 50-br0.netdev
# - 50-default.network
# - 50-public-interface.link
# TODO: reduce network timeout delay
- name: Create networking.service.d directory
file: path="/etc/systemd/system/networking.service.d/" state=directory mode=0755 owner=root group=root
......@@ -80,9 +88,30 @@
# [Service]
# TimeoutStartSec=15
# TODO: reload systemd (systemctl daemon-reload)
# Enable IP forwarding in /etc/sysctl.d/99-sysctl.conf by uncommenting:
# - net.ipv4.ip_forward=1
# - net.ipv6.conf.all.forwarding=1
- name: network | Deploy the network interfaces configuration
template:
src: "etc/network/interfaces"
dest: "/etc/network/interfaces"
owner: "root"
group: "root"
mode: 0644
tags:
- kvm-server-networkd
- name: network | Disable Debian old networking
systemd:
name: networking
enabled: no
tags:
- kvm-server-networkd
- name: network | Enable systemd-networkd
systemd:
name: systemd-networkd
enabled: yes
tags:
- kvm-server-networkd
- name: kvm preseeds | Create preseed directory
file: path="/etc/preseeds" state=directory mode=0750 owner=root group=root
......@@ -100,3 +129,9 @@
with_items: "{{ kvm_hosts }}"
tags:
- kvm-server-preseeds
- name: Generate preseed start script for VMs on this host
template: src=etc/preseeds/host/start.sh dest=/etc/preseeds/{{ item }}/start.sh owner=root group=root mode=0755
with_items: "{{ kvm_hosts }}"
tags:
- kvm-server-preseeds
......@@ -29,28 +29,3 @@ iface br0 inet6 static
post-up /sbin/ip -6 route add default via {{ kvm_main_ipv6_gateway }}
pre-down /sbin/ip -6 route del default via {{ kvm_main_ipv6_gateway }}
pre-down /sbin/ip -6 route del {{ kvm_main_ipv6_gateway }} dev br0
# auto br0
# iface br0 inet static
# address 167.114.158.208
# netmask 255.255.255.0
# network 167.114.158.0
# broadcast 167.114.158.255
# gateway 167.114.158.254
# bridge_ports eth0
# bridge_waitport 0
# bridge_stp off
# bridge_fd 0
# up echo 0 > /sys/devices/virtual/net/$IFACE/bridge/multicast_snooping
#
# iface br0:pub inet static
# address 192.95.2.129
# netmask 255.255.255.248
#
# iface br0 inet6 static
# address 2607:5300:60:71d0::
# netmask 64
# post-up /sbin/ip -6 route add 2607:5300:60:71ff:ff:ff:ff:ff dev br0
# post-up /sbin/ip -6 route add default via 2607:5300:60:71ff:ff:ff:ff:ff
# pre-down /sbin/ip -6 route del default via 2607:5300:60:71ff:ff:ff:ff:ff
# pre-down /sbin/ip -6 route del 2607:5300:60:71ff:ff:ff:ff:ff dev br0
#
# virt-install --name {{ hostvars[item]['preseed_hostname'] }} --ram {{ hostvars[item]['preseed_ram_mb'] }} --disk path=/dev/zvol/{{ kvm_zfs_pool }}/{{ hostvars[item]['preseed_hostname'] }} \
# --vcpus {{ hostvars[item]['preseed_vcpus'] }} --os-type linux --os-variant virtio26 --network bridge=br0,mac={{ hostvars[item]['preseed_macaddr'] }} --graphics vnc,listen=127.0.0.1 \
# --noautoconsole --location 'http://ftp.ca.debian.org/debian/dists/stretch/main/installer-amd64/' \
# --initrd-inject=/etc/preseeds/{{ hostvars[item]['preseed_hostname'] }}.{{ hostvars[item]['preseed_domain'] }}/preseed.cfg
#
# {{ ansible_managed }}
#
# To start the installation, run:
# /etc/preseeds/{{ hostvars[item]['preseed_hostname'] }}.{{ hostvars[item]['preseed_domain'] }}/start.sh
#### Contents of the preconfiguration file (for stretch)
#### Contents of the preconfiguration file (for buster)
### Localization
# Preseeding only locale sets language, country and locale.
# d-i debian-installer/locale string en_US
# The values can also be preseeded individually for greater flexibility.
d-i debian-installer/language string en
d-i debian-installer/country string US
d-i debian-installer/locale string en_US.UTF-8
d-i debian-installer/language string {{ hostvars[item]['preseed_language'] }}
d-i debian-installer/country string {{ hostvars[item]['preseed_country'] }}
d-i debian-installer/locale string {{ hostvars[item]['preseed_locale'] }}
# Keyboard selection.
d-i keyboard-configuration/xkb-keymap select us
......@@ -27,7 +24,7 @@ d-i netcfg/enable boolean true
# netcfg will choose an interface that has link if possible. This makes it
# skip displaying a list if there is more than one interface.
d-i netcfg/choose_interface select auto
d-i netcfg/choose_interface select {{ hostvars[item]['preseed_network_interface'] }}
# If you prefer to configure the network manually, uncomment this line and
# the static network configuration below.
......@@ -35,15 +32,14 @@ d-i netcfg/disable_autoconfig boolean true
# Static network configuration.
# IPv4
# FIXME: [ML] network config seems to fail?
# comment out these settings (ipaddress, netmask, gateway) and do it manually.
d-i netcfg/get_ipaddress string {{ hostvars[item]['preseed_ipv4_address'] }}
d-i netcfg/get_netmask string {{ hostvars[item]['preseed_ipv4_netmask'] }}
d-i netcfg/get_gateway string {{ hostvars[item]['preseed_ipv4_gateway'] }}
# d-i netcfg/get_gateway string {{ hostvars[item]['preseed_ipv4_gateway'] }}
d-i netcfg/get_gateway string none
d-i netcfg/get_nameservers string {{ hostvars[item]['preseed_ipv4_nameservers'] }}
d-i netcfg/confirm_static boolean true
# IPv6
# IPv6 - not working
#d-i netcfg/get_ipaddress string fc00::2
#d-i netcfg/get_netmask string ffff:ffff:ffff:ffff::
#d-i netcfg/get_gateway string fc00::1
......@@ -275,5 +271,28 @@ d-i finish-install/reboot_in_progress note
# still a usable /target directory. You can chroot to /target and use it
# directly, or use the apt-install and in-target commands to easily install
# packages and run commands in the target system.
#d-i preseed/late_command string apt-install zsh; in-target chsh -s /bin/zsh
# [ML] Notes
# - Yes, this is horrible, but only way found to set our OVH static route
# - ethdetect calls firmware-detect, which does if down/up just for fun. This overwrites the script because we don't need it anyway.
# - and then the DNS were getting reset, so I despaired and added it to /usr/share/debconf/confmodule
# - nb: need to check if executable, because otherwise the installer won't finish once in the chroot.
# - it is slightly more readable once generated.
d-i preseed/early_command string ip link set ens3 up && \
ip a add {{ hostvars[item]['preseed_ipv4_address'] }}/32 dev {{ hostvars[item]['preseed_network_interface'] }} && \
echo "(ip route add {{ hostvars[item]['preseed_ipv4_gateway'] }} dev {{ hostvars[item]['preseed_network_interface'] }} || true) && (ip route add default via {{ hostvars[item]['preseed_ipv4_gateway'] }} dev {{ hostvars[item]['preseed_network_interface'] }} || true) && echo 'nameserver 8.8.8.8' > /etc/resolv.conf" > /bin/ethdetect && \
echo "(test -x /bin/ethdetect && /bin/ethdetect) || true" >> /usr/share/debconf/confmodule
# [ML] Notes:
# - This makes sure that our default route will work after reboot
# - We also deploy an ssh key to simplify the ansible setup later on
# - The chown must use the UID because the user is not known (chroot?)
d-i preseed/late_command string echo " post-up /sbin/ip route add {{ hostvars[item]['preseed_ipv4_gateway'] }} dev ens3" >> /target/etc/network/interfaces; \
echo "post-up /sbin/ip route add default via {{ hostvars[item]['preseed_ipv4_gateway'] }} dev ens3" >> /target/etc/network/interfaces; \
mkdir /target/home/mathieu/.ssh/; \
wget -O /target/home/mathieu/.ssh/authorized_keys https://github.com/mlutfy.keys; \
chmod 0600 /target/home/mathieu/.ssh/authorized_keys; \
chown -R 1000.1000 /target/home/mathieu/.ssh; \
chmod 0700 /target/home/mathieu/.ssh
#!/bin/bash
# Begin the installation of the VM
virt-install --name {{ hostvars[item]['preseed_hostname'] }} \
--ram {{ hostvars[item]['preseed_ram_mb'] }} \
--disk path=/dev/zvol/{{ kvm_zfs_pool }}/{{ hostvars[item]['preseed_hostname'] }} \
--vcpus {{ hostvars[item]['preseed_vcpus'] }} --os-type linux --os-variant virtio26 \
--network bridge=br0,mac={{ hostvars[item]['preseed_macaddr'] }} \
--graphics vnc,listen=127.0.0.1 \
--noautoconsole --location 'http://ftp.ca.debian.org/debian/dists/buster/main/installer-amd64/' \
--autostart \
--initrd-inject=/etc/preseeds/{{ hostvars[item]['preseed_hostname'] }}.{{ hostvars[item]['preseed_domain'] }}/preseed.cfg
# Make sure it boots automatically
# virsh autostart {{ hostvars[item]['preseed_hostname'] }}
# Based on:
# https://serverfault.com/questions/385889/kvm-guest-auto-start-after-install
finished="0"
while [ "$finished" = "0" ]; do
sleep 5;
virsh list --all | grep "running" | grep -q "{{ hostvars[item]['preseed_hostname'] }}"
if [[ $? != 0 ]]; then
echo "Setup finished, starting vm {{ hostvars[item]['preseed_hostname'] }}"
finished=1
virsh start {{ hostvars[item]['preseed_hostname'] }}
fi
done
[NetDev]
Name=br0
Kind=bridge
MACAddress={{ kvm_main_mac_address }}
[Match]
Name=br0
[Network]
Description=network interface on public network, with default route
DHCP=no
Address={{ kvm_main_ipv4_address }}/{{ kvm_main_ipv4_netmask }}
Gateway={{ kvm_main_ipv4_gateway }}
IPv6AcceptRA=false
NTP=ntp.ovh.net
DNS={{ kvm_main_ipv4_dns }}
DNS={{ kvm_main_ipv6_dns }}
Gateway={{ kvm_main_ipv6_gateway }}
[Address]
Address={{ kvm_main_ipv6_address }}/{{ kvm_main_ipv6_netmask }}
[Route]
Destination={{ kvm_main_ipv6_gateway }}
Scope=link
[Match]
MACAddress={{ kvm_main_mac_address }}
[Network]
Bridge=br0
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment