initialize: add basic roles to get started

This playbook is intended to be used with "ansible-pull". This initial commit creates roles which will setup libvirt and kvm on the host, and setup some scaffolding for creating VMs via ansible variables.
2 years ago · 1b402b2072
commit 1b402b2072
14 changed files with 448 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,3 @@
+# Ansible Hypervisor
+
+An `ansible-pull` repo to configure our hypervisors.
--- a/local.yml
+++ b/local.yml
@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  roles:
+  - kvm
+  - virtual-machines
--- a/roles/kvm/files/create-debian-vm.sh
+++ b/roles/kvm/files/create-debian-vm.sh
@ -0,0 +1,46 @@
+#!/bin/bash
+set -euo pipefail
+hostname=${1:-}
+if [[ -z ${hostname} ]]; then
+  echo -n "Enter hostname: "
+  read hostname
+fi
+
+disk_prefix="/var/lib/libvirt/images/${hostname}"
+
+tempconfig=$(mktemp -td cloudinit.XXXXX)
+
+echo "instance-id: $hostname" >> $tempconfig/meta-data
+echo "local-hostname: $hostname" >> $tempconfig/meta-data
+
+cat > $tempconfig/user-data <<EOF
+#cloud-config
+users:
+  - default
+  - name: dvn
+    groups: systemd-journal
+    shell: /bin/bash
+    sudo: ALL=(ALL) NOPASSWD:ALL
+    ssh_authorized_keys:  # These SSH keys will be overwritten by ansible-pull when the VM first boots
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAYBrkfJCH8sHuEVGRkOod9fdy4hJzxoq1/q6CnSQSPh
+package_update: true
+packages:
+  - ansible
+  - git
+runcmd:
+  - ansible-pull -U "https://gitea.pep.foundation/dvn/ansible-basic.git"
+  - run-ansible-pull nodisown
+power_state:
+  mode: reboot
+EOF
+
+pushd ${tempconfig}
+genisoimage -output "${disk_prefix}-cloudinit.iso" -volid cidata -joliet -r user-data meta-data
+popd
+rm -rf ${tempconfig}
+
+cp /var/installmedia/debian-10-openstack-amd64.qcow2 "${disk_prefix}.qcow2"
+
+qemu-img resize "${disk_prefix}.qcow2" 20G
+
+virt-install --rng /dev/random --connect qemu:///system --virt-type=kvm --import --name "${hostname}" --ram 1024 --vcpus 1 --disk "${disk_prefix}.qcow2,format=qcow2,bus=virtio" --disk "${disk_prefix}-cloudinit.iso,device=cdrom" --network bridge=brlan,model=virtio --console pty,target_type=serial --os-type=linux --os-variant=debian9 --noautoconsole
--- a/roles/kvm/handlers/main.yml
+++ b/roles/kvm/handlers/main.yml
@ -0,0 +1,2 @@
+- name: reboot
+  command: reboot
--- a/roles/kvm/tasks/main.yml
+++ b/roles/kvm/tasks/main.yml
@ -0,0 +1,46 @@
+- name: Install kvm
+  apt:
+    name:
+      - qemu-kvm
+      - libvirt-clients
+      - qemu-utils
+      - libvirt-daemon-system
+      - genisoimage
+      - virtinst
+      - cpu-checker
+
+- name: Put us in the kvm groups
+  user:
+    append: yes ## Don't set these as our *only* groups!
+    groups: libvirt,libvirt-qemu,kvm
+    name: "{{ item }}"
+  with_items:
+    - dvn
+
+- name: Create /var/installmedia
+  file:
+    path: /var/installmedia
+    state: directory
+
+- name: Download the latest debian cloud image
+  get_url:
+    url: https://cdimage.debian.org/cdimage/openstack/current/debian-10.6.1-20201023-openstack-amd64.qcow2
+    dest: /var/installmedia/debian-10-openstack-amd64.qcow2
+    checksum: sha256:fbce410f82e3473772398c1b97556fea2ca5eab18839adfe2e803228b4b98c70
+
+- name: Install create-debian-vm.sh
+  copy:
+    src: create-debian-vm.sh
+    dest: /usr/local/bin/create-debian-vm
+    mode: 0755
+
+- name: Set permissions and ownership on /var/lib/libvirt/images
+  file:
+    path: /var/lib/libvirt/images
+    group: libvirt
+    mode: "0775"
+
+- name: Configure virsh for local administration
+  template:
+    src: libvirt-default-uri.sh
+    dest: /etc/profile.d/libvirt-default-uri.sh
--- a/roles/kvm/templates/gateway.xml
+++ b/roles/kvm/templates/gateway.xml
@ -0,0 +1,162 @@
+<domain type='qemu' id='4'>
+  <name>gateway</name>
+  <memory unit='KiB'>1048576</memory>
+  <currentMemory unit='KiB'>1048576</currentMemory>
+  <vcpu placement='static'>2</vcpu>
+  <resource>
+    <partition>/machine</partition>
+  </resource>
+  <os>
+    <type arch='x86_64' machine='pc-i440fx-2.8'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <features>
+    <acpi/>
+    <apic/>
+    <vmport state='off'/>
+  </features>
+  <clock offset='utc'>
+    <timer name='rtc' tickpolicy='catchup'/>
+    <timer name='pit' tickpolicy='delay'/>
+    <timer name='hpet' present='no'/>
+  </clock>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>restart</on_crash>
+  <pm>
+    <suspend-to-mem enabled='no'/>
+    <suspend-to-disk enabled='no'/>
+  </pm>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='qcow2'/>
+      <source file='/var/lib/libvirt/images/gateway.qcow2'/>
+      <backingStore/>
+      <target dev='vda' bus='virtio'/>
+      <alias name='virtio-disk0'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>
+    </disk>
+    <disk type='file' device='cdrom'>
+      <driver name='qemu' type='raw'/>
+      <source file='/var/lib/libvirt/images/gateway-cloudinit.iso'/>
+      <backingStore/>
+      <target dev='hda' bus='ide'/>
+      <readonly/>
+      <alias name='ide0-0-0'/>
+      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+    </disk>
+    <controller type='usb' index='0' model='ich9-ehci1'>
+      <alias name='usb'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x7'/>
+    </controller>
+    <controller type='usb' index='0' model='ich9-uhci1'>
+      <alias name='usb'/>
+      <master startport='0'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0' multifunction='on'/>
+    </controller>
+    <controller type='usb' index='0' model='ich9-uhci2'>
+      <alias name='usb'/>
+      <master startport='2'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x1'/>
+    </controller>
+    <controller type='usb' index='0' model='ich9-uhci3'>
+      <alias name='usb'/>
+      <master startport='4'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x2'/>
+    </controller>
+    <controller type='pci' index='0' model='pci-root'>
+      <alias name='pci.0'/>
+    </controller>
+    <controller type='ide' index='0'>
+      <alias name='ide'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
+    </controller>
+    <controller type='virtio-serial' index='0'>
+      <alias name='virtio-serial0'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
+    </controller>
+    <interface type='bridge'>
+      <mac address='52:54:00:0e:ea:c1'/>
+      <source bridge='brlan'/>
+      <target dev='vnet0'/>
+      <model type='virtio'/>
+      <alias name='net0'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+    </interface>
+    <interface type='bridge'>
+      <mac address='52:54:00:29:0c:ad'/>
+      <source bridge='brwan'/>
+      <target dev='vnet1'/>
+      <model type='virtio'/>
+      <alias name='net1'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
+    </interface>
+    <serial type='pty'>
+      <source path='/dev/pts/1'/>
+      <target port='0'/>
+      <alias name='serial0'/>
+    </serial>
+    <console type='pty' tty='/dev/pts/1'>
+      <source path='/dev/pts/1'/>
+      <target type='serial' port='0'/>
+      <alias name='serial0'/>
+    </console>
+    <channel type='unix'>
+      <source mode='bind' path='/var/lib/libvirt/qemu/channel/target/domain-4-gateway/org.qemu.guest_agent.0'/>
+      <target type='virtio' name='org.qemu.guest_agent.0' state='disconnected'/>
+      <alias name='channel0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='1'/>
+    </channel>
+    <channel type='spicevmc'>
+      <target type='virtio' name='com.redhat.spice.0' state='disconnected'/>
+      <alias name='channel1'/>
+      <address type='virtio-serial' controller='0' bus='0' port='2'/>
+    </channel>
+    <input type='tablet' bus='usb'>
+      <alias name='input0'/>
+      <address type='usb' bus='0' port='1'/>
+    </input>
+    <input type='mouse' bus='ps2'>
+      <alias name='input1'/>
+    </input>
+    <input type='keyboard' bus='ps2'>
+      <alias name='input2'/>
+    </input>
+    <graphics type='spice' port='5900' autoport='yes' listen='127.0.0.1'>
+      <listen type='address' address='127.0.0.1'/>
+      <image compression='off'/>
+    </graphics>
+    <sound model='ich6'>
+      <alias name='sound0'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
+    </sound>
+    <video>
+      <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
+      <alias name='video0'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
+    </video>
+    <redirdev bus='usb' type='spicevmc'>
+      <alias name='redir0'/>
+      <address type='usb' bus='0' port='2'/>
+    </redirdev>
+    <redirdev bus='usb' type='spicevmc'>
+      <alias name='redir1'/>
+      <address type='usb' bus='0' port='3'/>
+    </redirdev>
+    <memballoon model='virtio'>
+      <alias name='balloon0'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x09' function='0x0'/>
+    </memballoon>
+    <rng model='virtio'>
+      <backend model='random'>/dev/random</backend>
+      <alias name='rng0'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/>
+    </rng>
+  </devices>
+  <seclabel type='none' model='none'/>
+  <seclabel type='dynamic' model='dac' relabel='yes'>
+    <label>+64055:+64055</label>
+    <imagelabel>+64055:+64055</imagelabel>
+  </seclabel>
+</domain>
--- a/roles/kvm/templates/libvirt-default-uri.sh
+++ b/roles/kvm/templates/libvirt-default-uri.sh
@ -0,0 +1,2 @@
+#!/bin/sh
+export LIBVIRT_DEFAULT_URI=qemu:///system
--- a/roles/virtual-machines/tasks/create-vm.yml
+++ b/roles/virtual-machines/tasks/create-vm.yml
@ -0,0 +1,56 @@
+- name: Check if cloudinit.iso exists
+  stat:
+    path: "{{ vm_disk_folder }}/{{ virtual_machine.name }}-cloudinit.iso" 
+  register: cloudinit_file
+
+- name: Create a folder to build the cloud-init data in
+  file:
+    path: "/tmp/{{ virtual_machine.name }}-cloud-init"
+    state: directory
+  when: not cloudinit_file.stat.exists
+
+- name: Create user-data cloudinit file
+  template:
+    src: "{{ item.src }}"
+    dest: "/tmp/{{ virtual_machine.name }}-cloud-init/{{ item.dest }}"
+  when: not cloudinit_file.stat.exists
+  loop:
+    - dest: meta-data
+      src: cloud-init-meta-data
+    - dest: user-data
+      src: cloud-init-user-data
+
+- name: Create network-config cloudinit file
+  template:
+    src: cloud-init-network-config
+    dest: "/tmp/{{ virtual_machine.name }}-cloud-init/network-config"
+  when: not cloudinit_file.stat.exists and virtual_machine.cloud_init_network_config is defined
+
+- name: Build the cloudinit ISO
+  command: genisoimage -output "{{ vm_disk_folder }}/{{ virtual_machine.name }}-cloudinit.iso" -volid cidata -joliet -r "/tmp/{{ virtual_machine.name }}-cloud-init"
+  when: not cloudinit_file.stat.exists
+
+- name: Check if the base disk exists
+  stat:
+    path: "{{ vm_disk_folder }}/{{ virtual_machine.name }}.qcow2"
+  register: disk_file
+
+- name: Create base disk
+  command: "cp {{ virtual_machine.base_image | default('/var/installmedia/debian-10-openstack-amd64.qcow2') }} {{ vm_disk_folder }}/{{ virtual_machine.name }}.qcow2"
+  when: not disk_file.stat.exists
+
+- name: Resize the base disk
+  command: qemu-img resize "{{ vm_disk_folder }}/{{ virtual_machine.name }}.qcow2" "{{ virtual_machine.storage_size | default('10G') }}"
+  when: not disk_file.stat.exists
+
+- name: Define the VM
+  virt:
+    name: "{{ virtual_machine.name }}"
+    command: define
+    xml: "{{ lookup('template', virtual_machine.template | default('vm-template.xml')) }}"
+
+- name: Boot VM
+  virt:
+    name: "{{ virtual_machine.name }}"
+    state: running
+    autostart: yes
--- a/roles/virtual-machines/tasks/main.yml
+++ b/roles/virtual-machines/tasks/main.yml
@ -0,0 +1,5 @@
+- name: Create a VM
+  include_tasks: "create-vm.yml"
+  loop: "{{ vms[ansible_fqdn] | default([]) }}"
+  loop_control:
+    loop_var: virtual_machine
--- a/roles/virtual-machines/templates/cloud-init-meta-data
+++ b/roles/virtual-machines/templates/cloud-init-meta-data
@ -0,0 +1,6 @@
+dsmode: local
+instance-id: {{ virtual_machine.name }}
+local-hostname: {{ virtual_machine.name }}
+{% if virtual_machine.cloud_init_meta_append is defined %}
+{{ virtual_machine.cloud_init_meta_append | to_yaml }}
+{% endif %}
--- a/roles/virtual-machines/templates/cloud-init-network-config
+++ b/roles/virtual-machines/templates/cloud-init-network-config
@ -0,0 +1 @@
+{{ virtual_machine.cloud_init_network_config | to_yaml }}
--- a/roles/virtual-machines/templates/cloud-init-user-data
+++ b/roles/virtual-machines/templates/cloud-init-user-data
@ -0,0 +1,21 @@
+#cloud-config
+users:
+  - default
+  - name: dvn
+    groups: systemd-journal
+    shell: /bin/bash
+    sudo: ALL=(ALL) NOPASSWD:ALL
+    ssh_authorized_keys:  # These SSH keys will be overwritten by ansible-pull when the VM first boots
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAYBrkfJCH8sHuEVGRkOod9fdy4hJzxoq1/q6CnSQSPh
+package_update: true
+packages:
+  - ansible
+  - git
+runcmd:
+  - ansible-pull -U "https://pep-security.lu/gitlab/cid/infrastructure/ansible-basic.git"
+  - bash -x /usr/sbin/run-ansible-pull nodisown
+power_state:
+  mode: reboot
+{% if virtual_machine.cloud_init_user_data is defined %}
+{{ virtual_machine.cloud_init_user_data | to_yaml }}
+{% endif %}
--- a/roles/virtual-machines/templates/vm-template.xml
+++ b/roles/virtual-machines/templates/vm-template.xml
@ -0,0 +1,92 @@
+<domain type='kvm'>
+  <name>{{ virtual_machine.name }}</name>
+  <memory unit='KiB'>{{ virtual_machine.max_memory | default(virtual_machine.memory | default("1048576")) }}</memory>
+  <currentMemory unit='KiB'>{{ virtual_machine.memory | default("1048576") }}</currentMemory>
+  <vcpu placement='static'>{{ virtual_machine.cpus | default("1") }}</vcpu>
+  <os>
+    <type arch='x86_64' machine='pc-i440fx-2.8'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <features>
+    <acpi/>
+    <apic/>
+    <vmport state='off'/>
+  </features>
+  <cpu mode='custom' match='exact'>
+    <model fallback='allow'>SandyBridge</model>
+  </cpu>
+  <clock offset='utc'>
+    <timer name='rtc' tickpolicy='catchup'/>
+    <timer name='pit' tickpolicy='delay'/>
+    <timer name='hpet' present='no'/>
+  </clock>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>restart</on_crash>
+  <pm>
+    <suspend-to-mem enabled='no'/>
+    <suspend-to-disk enabled='no'/>
+  </pm>
+  <devices>
+    <emulator>/usr/bin/kvm</emulator>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='qcow2'/>
+      <source file='{{ vm_disk_folder }}/{{ virtual_machine.name }}.qcow2'/>
+      <target dev='vda' bus='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
+    </disk>
+    <disk type='file' device='cdrom'>
+      <driver name='qemu' type='raw'/>
+      <source file='{{ vm_disk_folder }}/{{ virtual_machine.name }}-cloudinit.iso'/>
+      <target dev='hda' bus='ide'/>
+      <readonly/>
+      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+    </disk>
+    <controller type='usb' index='0' model='ich9-ehci1'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x7'/>
+    </controller>
+    <controller type='usb' index='0' model='ich9-uhci1'>
+      <master startport='0'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0' multifunction='on'/>
+    </controller>
+    <controller type='usb' index='0' model='ich9-uhci2'>
+      <master startport='2'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x1'/>
+    </controller>
+    <controller type='usb' index='0' model='ich9-uhci3'>
+      <master startport='4'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x2'/>
+    </controller>
+    <controller type='pci' index='0' model='pci-root'/>
+    <controller type='ide' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
+    </controller>
+    <controller type='virtio-serial' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
+    </controller>
+    <interface type='network'>
+      <source network='default'/>
+      <model type='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/>
+    </interface>
+    <serial type='pty'>
+      <target type='isa-serial' port='0'/>
+    </serial>
+    <console type='pty'>
+      <target type='serial' port='0'/>
+    </console>
+    <channel type='unix'>
+      <target type='virtio' name='org.qemu.guest_agent.0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='1'/>
+    </channel>
+    <input type='mouse' bus='ps2'/>
+    <input type='keyboard' bus='ps2'/>
+    <memballoon model='virtio'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>
+    </memballoon>
+    <rng model='virtio'>
+      <backend model='random'>/dev/random</backend>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x09' function='0x0'/>
+    </rng>
+  </devices>
+</domain>
--- a/roles/virtual-machines/vars/main.yml
+++ b/roles/virtual-machines/vars/main.yml
@ -0,0 +1 @@
+vm_disk_folder: /var/lib/libvirt/images
				`@ -0,0 +1 @@`
				`{{ virtual_machine.cloud_init_network_config \| to_yaml }}`