MicroOS plus ext partition and user creation
This commit is contained in:
@@ -1,18 +1,28 @@
|
||||
---
|
||||
|
||||
- name: Generate Ignition configuration for CoreOS/Flatcar
|
||||
- name: Generate Butane config for CoreOS
|
||||
template:
|
||||
src: ignition.json.j2
|
||||
dest: "{{ vm_images_dir }}/{{ vm_name }}.ign"
|
||||
when: os_type == 'coreos' or os_type == 'flatcar'
|
||||
src: coreos_ignition.bu.j2
|
||||
dest: "/tmp/{{ vm_name }}.bu"
|
||||
when: os_type == 'coreos'
|
||||
|
||||
- name: Generate Cloud-init configuration for MicroOS
|
||||
- name: Generate Butane config for Flatcar
|
||||
template:
|
||||
src: user-data.yaml.j2
|
||||
dest: "{{ vm_images_dir }}/{{ vm_name }}_user-data"
|
||||
src: flatcar_ignition.bu.j2
|
||||
dest: "/tmp/{{ vm_name }}.bu"
|
||||
when: os_type == 'flatcar'
|
||||
|
||||
- name: Generate Butane config for microos
|
||||
template:
|
||||
src: microos_ignition.bu.j2
|
||||
dest: "/tmp/{{ vm_name }}.bu"
|
||||
when: os_type == 'microos'
|
||||
|
||||
- name: Compile Butane to Ignition JSON
|
||||
shell: |
|
||||
docker run --rm -i quay.io/coreos/butane --pretty --strict < /tmp/{{ vm_name }}.bu > {{ vm_images_dir }}/{{ vm_name }}.ign
|
||||
become: yes
|
||||
|
||||
- name: Generate dummy meta-data file
|
||||
copy:
|
||||
content: "instance-id: {{ vm_name }}\nlocal-hostname: {{ vm_name }}\n"
|
||||
dest: "{{ vm_images_dir }}/{{ vm_name }}_meta-data"
|
||||
dest: "{{ vm_images_dir }}/{{ vm_name }}_meta-data"
|
||||
@@ -0,0 +1,14 @@
|
||||
variant: fcos
|
||||
version: 1.5.0
|
||||
passwd:
|
||||
users:
|
||||
- name: {{ vm_user }}
|
||||
password_hash: "{{ vm_password | password_hash('sha512') }}"
|
||||
ssh_authorized_keys:
|
||||
- "{{ lookup('file', vm_ssh_public_key) | trim }}"
|
||||
storage:
|
||||
files:
|
||||
- path: /etc/ssh/sshd_config.d/permit_root_login.conf
|
||||
mode: 0644
|
||||
contents:
|
||||
inline: PermitRootLogin yes
|
||||
@@ -0,0 +1,14 @@
|
||||
variant: fcos
|
||||
version: 1.4.0
|
||||
passwd:
|
||||
users:
|
||||
- name: {{ vm_user }}
|
||||
password_hash: "{{ vm_password | password_hash('sha512') }}"
|
||||
ssh_authorized_keys:
|
||||
- "{{ lookup('file', vm_ssh_public_key) | trim }}"
|
||||
storage:
|
||||
files:
|
||||
- path: /etc/ssh/sshd_config.d/permit_root_login.conf
|
||||
mode: 0644
|
||||
contents:
|
||||
inline: PermitRootLogin yes
|
||||
@@ -1,16 +0,0 @@
|
||||
{
|
||||
"ignition": {
|
||||
"version": "3.4.0"
|
||||
},
|
||||
"passwd": {
|
||||
"users": [
|
||||
{
|
||||
"name": "{{ vm_user }}",
|
||||
"passwordHash": "{{ vm_password | password_hash('sha512') }}",
|
||||
"sshAuthorizedKeys": [
|
||||
"{{ lookup('file', vm_ssh_public_key) | trim }}"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,89 @@
|
||||
variant: fcos
|
||||
version: 1.5.0
|
||||
passwd:
|
||||
users:
|
||||
- name: root
|
||||
password_hash: "{{ vm_password | password_hash('sha512') }}"
|
||||
ssh_authorized_keys:
|
||||
- "{{ lookup('file', vm_ssh_public_key) | trim }}"
|
||||
storage:
|
||||
disks:
|
||||
- device: /dev/vdb
|
||||
wipe_table: true
|
||||
partitions:
|
||||
- label: ext-data
|
||||
number: 1
|
||||
filesystems:
|
||||
- device: /dev/vdb1
|
||||
format: btrfs
|
||||
label: ext-pool
|
||||
wipe_filesystem: true
|
||||
files:
|
||||
- path: /etc/ssh/sshd_config.d/permit_root_login.conf
|
||||
mode: 0644
|
||||
contents:
|
||||
inline: PermitRootLogin yes
|
||||
systemd:
|
||||
units:
|
||||
# 1. Einmaliger Dienst, der das Subvolume "@home" physisch auf der Platte anlegt
|
||||
- name: create-home-subvolume.service
|
||||
enabled: true
|
||||
contents: |
|
||||
[Unit]
|
||||
Description=Create Btrfs Subvolume for Home (Once)
|
||||
After=local-fs-pre.target
|
||||
Before=home.mount
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStartPre=/usr/bin/mkdir -p /run/mnt-ext-init
|
||||
ExecStartPre=/usr/bin/mount LABEL=ext-pool /run/mnt-ext-init
|
||||
# Hier werden die Subvolumes @home angelegt, falls sie nicht existieren
|
||||
ExecStart=/usr/bin/bash -c "for sub in @home; do [ -d /run/mnt-ext-init/\$$sub ] || /usr/sbin/btrfs subvolume create /run/mnt-ext-init/$$sub; done"
|
||||
ExecStartPost=/usr/bin/umount /run/mnt-ext-init
|
||||
ExecStartPost=/usr/bin/rmdir /run/mnt-ext-init
|
||||
RemainAfterExit=true
|
||||
|
||||
[Install]
|
||||
RequiredBy=home.mount
|
||||
# Der Name der Unit MUSS exakt dem Pfad entsprechen (aus /home wird home.mount)
|
||||
- name: home.mount
|
||||
enabled: true
|
||||
contents: |
|
||||
[Unit]
|
||||
Description=Mount Separates Home Laufwerk
|
||||
Before=local-fs.target
|
||||
|
||||
[Mount]
|
||||
What=LABEL=ext-pool
|
||||
Where=/home
|
||||
Type=btrfs
|
||||
Options=defaults,subvol=@home
|
||||
|
||||
[Install]
|
||||
WantedBy=local-fs.target
|
||||
# HIER wird der zusätzliche User sicher angelegt, NACHDEM /home gemountet ist
|
||||
- name: create-custom-users.service
|
||||
enabled: true
|
||||
contents: |
|
||||
[Unit]
|
||||
Description=Create Additional System Users safely after Mounts
|
||||
After=home.mount
|
||||
Requires=home.mount
|
||||
Before=multi-user.target
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
# Legt den User an, setzt das Home-Verzeichnis, fügt ihn zu wheel (sudo) hinzu und setzt den SSH Key
|
||||
ExecStart=/usr/bin/bash -c "\
|
||||
/usr/sbin/useradd -m -s /bin/bash {{ vm_user }} && \
|
||||
/usr/sbin/usermod -p '{{ vm_password | password_hash('sha512') }}' {{ vm_user }} && \
|
||||
/usr/bin/mkdir -p /home/{{ vm_user }}/.ssh && \
|
||||
/usr/bin/echo '{{ lookup('file', vm_ssh_public_key) | trim }}' > /home/{{ vm_user }}/.ssh/authorized_keys && \
|
||||
/usr/bin/chown -R {{ vm_user }}:{{ vm_user }} /home/{{ vm_user }}/.ssh && \
|
||||
/usr/bin/chmod 700 /home/{{ vm_user }}/.ssh && \
|
||||
/usr/bin/chmod 600 /home/{{ vm_user }}/.ssh/authorized_keys"
|
||||
RemainAfterExit=true
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@@ -71,17 +71,18 @@
|
||||
--qemu-commandline="-fw_cfg name=opt/org.flatcar-linux/config,file=/{{ vm_images_dir }}/{{ vm_name }}.ign"
|
||||
{% elif os_type == 'microos' %}
|
||||
virt-install \
|
||||
--connect qemu:///system \
|
||||
--name {{ vm_name }} \
|
||||
--vcpus {{ cpu | default(default_cpu) }} \
|
||||
--memory {{ ram | default(default_ram) }} \
|
||||
--disk path={{ vm_images_dir }}/{{ vm_name }}.qcow2,bus=virtio \
|
||||
--import \
|
||||
--disk size={{ disk | default('10') }},backing_store={{ vm_images_dir }}/{{ vm_name }}.qcow2,backing_format=qcow2,bus=virtio \
|
||||
--disk size={{ disk | default('10') }},path={{ vm_images_dir }}/{{ vm_name }}-home.qcow2,bus=virtio \
|
||||
--os-variant {{ os_variant }} \
|
||||
--network network=default \
|
||||
--graphics none \
|
||||
--noautoconsole \
|
||||
--boot uefi \
|
||||
--cloud-init user-data={{ vm_images_dir }}/{{ vm_name }}_user-data,meta-data={{ vm_images_dir }}/{{ vm_name }}_meta-data
|
||||
--sysinfo type=fwcfg,entry0.name=opt/com.coreos/config,entry0.file={{ vm_images_dir }}/{{ vm_name }}.ign
|
||||
{% endif %}
|
||||
args:
|
||||
creates: "/etc/libvirt/qemu/{{ vm_name }}.xml"
|
||||
@@ -16,7 +16,7 @@ vms:
|
||||
|
||||
- name: microos-vm
|
||||
os_type: microos
|
||||
os_variant: "opensusemicroos"
|
||||
os_variant: "opensusetumbleweed"
|
||||
cpu: 2
|
||||
ram: 2048
|
||||
disk: "20G"
|
||||
disk: 20 #GB
|
||||
|
||||
Reference in New Issue
Block a user