From 51fd19f45a91c83f7de14c16042c61709edc8834 Mon Sep 17 00:00:00 2001 From: Andreas Date: Wed, 10 Jun 2026 17:10:50 +0200 Subject: [PATCH] Several fixes by Gemma, unverified --- ansible-kvm-vms/README.md | 9 +++---- .../roles/os_config/tasks/main.yml | 11 ++------ .../os_config/templates/ignition.json.j2 | 26 ------------------- .../templates/user-data-coreos.yaml.j2 | 11 ++++++++ .../os_config/templates/user-data.yaml.j2 | 2 +- .../roles/vm_provision/tasks/main.yml | 5 +--- 6 files changed, 18 insertions(+), 46 deletions(-) delete mode 100644 ansible-kvm-vms/roles/os_config/templates/ignition.json.j2 create mode 100644 ansible-kvm-vms/roles/os_config/templates/user-data-coreos.yaml.j2 diff --git a/ansible-kvm-vms/README.md b/ansible-kvm-vms/README.md index c49ec16..0bbdfef 100644 --- a/ansible-kvm-vms/README.md +++ b/ansible-kvm-vms/README.md @@ -5,9 +5,7 @@ This project provides an Ansible-based framework to automatically provision virt ## 🚀 Features - **Automated Host Setup**: Installs and configures `libvirt`, `qemu-kvm`, and `libguestfs-tools`. -- **Immutable OS Support**: Handles the specific boot-time configuration requirements for: - - **CoreOS/Flatcar**: Generates and injects Ignition JSON configurations. - - **MicroOS**: Generates and injects Cloud-init user-data. +- **Cloud-init Support**: Generates and injects Cloud-init user-data for all supported OSs via a NoCloud ISO. - **Custom User Provisioning**: Automatically creates a default user with a hashed password and injects your SSH public key. - **Modular Design**: Uses Ansible roles for host preparation, configuration generation, and VM provisioning. @@ -67,9 +65,8 @@ Edit `vars/vms.yml` to add or modify the VMs you wish to deploy. You can specify ## 🔍 How it Works Since immutable OSs do not use traditional installers, this setup uses a "seed" approach: -1. **Config Generation**: The `os_config` role creates a JSON (Ignition) or YAML (Cloud-init) file based on your variables. -2. **Image Customization**: The `vm_provision` role downloads the official `.qcow2` cloud image and uses `virt-customize` (from `libguestfs-tools`) to inject the configuration directly into the disk image before the VM is started. -3. **Deployment**: `virt-install` is used to create the VM with UEFI boot and the customized disk. +1. **Config Generation**: The `os_config` role creates a YAML Cloud-init user-data file based on your variables. +2. **Deployment**: `virt-install` is used to create the VM with UEFI boot. The `--cloud-init` flag is used to attach the configuration as a NoCloud ISO, which the immutable OSs (CoreOS, Flatcar, MicroOS) process at first boot. ## 🌐 Accessing your VMs diff --git a/ansible-kvm-vms/roles/os_config/tasks/main.yml b/ansible-kvm-vms/roles/os_config/tasks/main.yml index af1439c..0466a21 100644 --- a/ansible-kvm-vms/roles/os_config/tasks/main.yml +++ b/ansible-kvm-vms/roles/os_config/tasks/main.yml @@ -1,12 +1,5 @@ --- -- name: Generate Ignition config for CoreOS/Flatcar +- name: Generate Cloud-init config template: - src: ignition.json.j2 - dest: "/tmp/{{ vm_name }}_ignition.json" - when: os_type == "coreos" or os_type == "flatcar" - -- name: Generate Cloud-init config for MicroOS - template: - src: user-data.yaml.j2 + src: "{{ 'user-data-coreos.yaml.j2' if os_type in ['coreos', 'flatcar'] else 'user-data.yaml.j2' }}" dest: "/tmp/{{ vm_name }}_user-data" - when: os_type == "microos" diff --git a/ansible-kvm-vms/roles/os_config/templates/ignition.json.j2 b/ansible-kvm-vms/roles/os_config/templates/ignition.json.j2 deleted file mode 100644 index 8483a29..0000000 --- a/ansible-kvm-vms/roles/os_config/templates/ignition.json.j2 +++ /dev/null @@ -1,26 +0,0 @@ -{ - "ignition": { - "version": "0.3.0" - }, - "passwd": { - "users": [ - { - "name": "{{ vm_user }}", - "password_hash": "{{ vm_password | password_hash('sha512') }}", - "ssh_public_keys": [ - "{{ lookup('file', vm_ssh_public_key) }}" - ] - } - ] - }, - "storage": { - "files": [ - { - "path": "/etc/ssh/sshd_config.d/permit_root_login.conf", - "contents": { - "source": "data:text/plain;charset=utf-8,PermitRootLogin yes" - } - } - ] - } -} diff --git a/ansible-kvm-vms/roles/os_config/templates/user-data-coreos.yaml.j2 b/ansible-kvm-vms/roles/os_config/templates/user-data-coreos.yaml.j2 new file mode 100644 index 0000000..ca5c650 --- /dev/null +++ b/ansible-kvm-vms/roles/os_config/templates/user-data-coreos.yaml.j2 @@ -0,0 +1,11 @@ +#cloud-config +users: + - name: {{ vm_user }} + passwd: {{ vm_password | password_hash('sha512') }} + ssh_authorized_keys: + - {{ lookup('file', vm_ssh_public_key | replace('~', lookup('env', 'HOME'))) }} + sudo: ALL=(ALL) NOPASSWD:ALL +write_files: + - path: /etc/ssh/sshd_config.d/permit_root_login.conf + content: | + PermitRootLogin yes diff --git a/ansible-kvm-vms/roles/os_config/templates/user-data.yaml.j2 b/ansible-kvm-vms/roles/os_config/templates/user-data.yaml.j2 index da7496b..98210bb 100644 --- a/ansible-kvm-vms/roles/os_config/templates/user-data.yaml.j2 +++ b/ansible-kvm-vms/roles/os_config/templates/user-data.yaml.j2 @@ -3,6 +3,6 @@ users: - name: {{ vm_user }} passwd: {{ vm_password | password_hash('sha512') }} ssh_authorized_keys: - - {{ lookup('file', vm_ssh_public_key) }} + - {{ lookup('file', vm_ssh_public_key | replace('~', lookup('env', 'HOME'))) }} sudo: ALL=(ALL) NOPASSWD:ALL lock_passwd: false diff --git a/ansible-kvm-vms/roles/vm_provision/tasks/main.yml b/ansible-kvm-vms/roles/vm_provision/tasks/main.yml index aaaa889..dc9b480 100644 --- a/ansible-kvm-vms/roles/vm_provision/tasks/main.yml +++ b/ansible-kvm-vms/roles/vm_provision/tasks/main.yml @@ -54,11 +54,8 @@ --graphics none \ --noautoconsole \ --boot uefi \ - {% if os_type == 'coreos' or os_type == 'flatcar' %} - --cloud-init user-data=/tmp/{{ vm_name }}_ignition.json - {% elif os_type == 'microos' %} --cloud-init user-data=/tmp/{{ vm_name }}_user-data - {% endif %} + args: args: creates: "/etc/libvirt/qemu/{{ vm_name }}.xml"