diff --git a/ansible-kvm-vms/roles/os_config/tasks/main.yml b/ansible-kvm-vms/roles/os_config/tasks/main.yml index d93853a..9e8565a 100644 --- a/ansible-kvm-vms/roles/os_config/tasks/main.yml +++ b/ansible-kvm-vms/roles/os_config/tasks/main.yml @@ -1,18 +1,28 @@ --- - -- name: Generate Ignition configuration for CoreOS/Flatcar +- name: Generate Butane config for CoreOS template: - src: ignition.json.j2 - dest: "{{ vm_images_dir }}/{{ vm_name }}.ign" - when: os_type == 'coreos' or os_type == 'flatcar' + src: coreos_ignition.bu.j2 + dest: "/tmp/{{ vm_name }}.bu" + when: os_type == 'coreos' -- name: Generate Cloud-init configuration for MicroOS +- name: Generate Butane config for Flatcar template: - src: user-data.yaml.j2 - dest: "{{ vm_images_dir }}/{{ vm_name }}_user-data" + src: flatcar_ignition.bu.j2 + dest: "/tmp/{{ vm_name }}.bu" + when: os_type == 'flatcar' + +- name: Generate Butane config for microos + template: + src: microos_ignition.bu.j2 + dest: "/tmp/{{ vm_name }}.bu" when: os_type == 'microos' +- name: Compile Butane to Ignition JSON + shell: | + docker run --rm -i quay.io/coreos/butane --pretty --strict < /tmp/{{ vm_name }}.bu > {{ vm_images_dir }}/{{ vm_name }}.ign + become: yes + - name: Generate dummy meta-data file copy: content: "instance-id: {{ vm_name }}\nlocal-hostname: {{ vm_name }}\n" - dest: "{{ vm_images_dir }}/{{ vm_name }}_meta-data" + dest: "{{ vm_images_dir }}/{{ vm_name }}_meta-data" \ No newline at end of file diff --git a/ansible-kvm-vms/roles/os_config/templates/coreos_ignition.bu.j2 b/ansible-kvm-vms/roles/os_config/templates/coreos_ignition.bu.j2 new file mode 100644 index 0000000..8f7cb97 --- /dev/null +++ b/ansible-kvm-vms/roles/os_config/templates/coreos_ignition.bu.j2 @@ -0,0 +1,14 @@ +variant: fcos +version: 1.5.0 +passwd: + users: + - name: {{ vm_user }} + password_hash: "{{ vm_password | password_hash('sha512') }}" + ssh_authorized_keys: + - "{{ lookup('file', vm_ssh_public_key) | trim }}" +storage: + files: + - path: /etc/ssh/sshd_config.d/permit_root_login.conf + mode: 0644 + contents: + inline: PermitRootLogin yes \ No newline at end of file diff --git a/ansible-kvm-vms/roles/os_config/templates/flatcar_ignition.bu.j2 b/ansible-kvm-vms/roles/os_config/templates/flatcar_ignition.bu.j2 new file mode 100644 index 0000000..e47b533 --- /dev/null +++ b/ansible-kvm-vms/roles/os_config/templates/flatcar_ignition.bu.j2 @@ -0,0 +1,14 @@ +variant: fcos +version: 1.4.0 +passwd: + users: + - name: {{ vm_user }} + password_hash: "{{ vm_password | password_hash('sha512') }}" + ssh_authorized_keys: + - "{{ lookup('file', vm_ssh_public_key) | trim }}" +storage: + files: + - path: /etc/ssh/sshd_config.d/permit_root_login.conf + mode: 0644 + contents: + inline: PermitRootLogin yes diff --git a/ansible-kvm-vms/roles/os_config/templates/ignition.json.j2 b/ansible-kvm-vms/roles/os_config/templates/ignition.json.j2 deleted file mode 100644 index f4189ce..0000000 --- a/ansible-kvm-vms/roles/os_config/templates/ignition.json.j2 +++ /dev/null @@ -1,16 +0,0 @@ -{ - "ignition": { - "version": "3.4.0" - }, - "passwd": { - "users": [ - { - "name": "{{ vm_user }}", - "passwordHash": "{{ vm_password | password_hash('sha512') }}", - "sshAuthorizedKeys": [ - "{{ lookup('file', vm_ssh_public_key) | trim }}" - ] - } - ] - } -} \ No newline at end of file diff --git a/ansible-kvm-vms/roles/os_config/templates/microos_ignition.bu.j2 b/ansible-kvm-vms/roles/os_config/templates/microos_ignition.bu.j2 new file mode 100644 index 0000000..938fde2 --- /dev/null +++ b/ansible-kvm-vms/roles/os_config/templates/microos_ignition.bu.j2 @@ -0,0 +1,89 @@ +variant: fcos +version: 1.5.0 +passwd: + users: + - name: root + password_hash: "{{ vm_password | password_hash('sha512') }}" + ssh_authorized_keys: + - "{{ lookup('file', vm_ssh_public_key) | trim }}" +storage: + disks: + - device: /dev/vdb + wipe_table: true + partitions: + - label: ext-data + number: 1 + filesystems: + - device: /dev/vdb1 + format: btrfs + label: ext-pool + wipe_filesystem: true + files: + - path: /etc/ssh/sshd_config.d/permit_root_login.conf + mode: 0644 + contents: + inline: PermitRootLogin yes +systemd: + units: + # 1. Einmaliger Dienst, der das Subvolume "@home" physisch auf der Platte anlegt + - name: create-home-subvolume.service + enabled: true + contents: | + [Unit] + Description=Create Btrfs Subvolume for Home (Once) + After=local-fs-pre.target + Before=home.mount + + [Service] + Type=oneshot + ExecStartPre=/usr/bin/mkdir -p /run/mnt-ext-init + ExecStartPre=/usr/bin/mount LABEL=ext-pool /run/mnt-ext-init + # Hier werden die Subvolumes @home angelegt, falls sie nicht existieren + ExecStart=/usr/bin/bash -c "for sub in @home; do [ -d /run/mnt-ext-init/\$$sub ] || /usr/sbin/btrfs subvolume create /run/mnt-ext-init/$$sub; done" + ExecStartPost=/usr/bin/umount /run/mnt-ext-init + ExecStartPost=/usr/bin/rmdir /run/mnt-ext-init + RemainAfterExit=true + + [Install] + RequiredBy=home.mount + # Der Name der Unit MUSS exakt dem Pfad entsprechen (aus /home wird home.mount) + - name: home.mount + enabled: true + contents: | + [Unit] + Description=Mount Separates Home Laufwerk + Before=local-fs.target + + [Mount] + What=LABEL=ext-pool + Where=/home + Type=btrfs + Options=defaults,subvol=@home + + [Install] + WantedBy=local-fs.target + # HIER wird der zusätzliche User sicher angelegt, NACHDEM /home gemountet ist + - name: create-custom-users.service + enabled: true + contents: | + [Unit] + Description=Create Additional System Users safely after Mounts + After=home.mount + Requires=home.mount + Before=multi-user.target + + [Service] + Type=oneshot + # Legt den User an, setzt das Home-Verzeichnis, fügt ihn zu wheel (sudo) hinzu und setzt den SSH Key + ExecStart=/usr/bin/bash -c "\ + /usr/sbin/useradd -m -s /bin/bash {{ vm_user }} && \ + /usr/sbin/usermod -p '{{ vm_password | password_hash('sha512') }}' {{ vm_user }} && \ + /usr/bin/mkdir -p /home/{{ vm_user }}/.ssh && \ + /usr/bin/echo '{{ lookup('file', vm_ssh_public_key) | trim }}' > /home/{{ vm_user }}/.ssh/authorized_keys && \ + /usr/bin/chown -R {{ vm_user }}:{{ vm_user }} /home/{{ vm_user }}/.ssh && \ + /usr/bin/chmod 700 /home/{{ vm_user }}/.ssh && \ + /usr/bin/chmod 600 /home/{{ vm_user }}/.ssh/authorized_keys" + RemainAfterExit=true + + [Install] + WantedBy=multi-user.target \ No newline at end of file diff --git a/ansible-kvm-vms/roles/vm_provision/tasks/main.yml b/ansible-kvm-vms/roles/vm_provision/tasks/main.yml index d31c6c5..f62bc43 100644 --- a/ansible-kvm-vms/roles/vm_provision/tasks/main.yml +++ b/ansible-kvm-vms/roles/vm_provision/tasks/main.yml @@ -4,7 +4,7 @@ os_images: coreos: "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/44.20260510.3.1/x86_64/fedora-coreos-44.20260510.3.1-qemu.x86_64.qcow2.xz" flatcar: "https://stable.release.flatcar-linux.net/amd64-usr/current/flatcar_production_qemu_image.img" - microos: "https://ftp.halifax.rwth-aachen.de/opensuse/tumbleweed/appliances/openSUSE-MicroOS.x86_64-kvm-and-xen.qcow2" + microos: "https://download.opensuse.org/tumbleweed/appliances/openSUSE-MicroOS.x86_64-ContainerHost-kvm-and-xen.qcow2" - name: Verify internet connectivity uri: @@ -48,7 +48,7 @@ --name {{ vm_name }} \ --vcpus {{ cpu | default(default_cpu) }} \ --memory {{ ram | default(default_ram) }} \ - --disk size={{ disk | default('10G') }},backing_store={{ vm_images_dir }}/{{ vm_name }}.qcow2,backing_format=qcow2 \ + --disk size={{ disk | default('10') }},backing_store={{ vm_images_dir }}/{{ vm_name }}.qcow2,backing_format=qcow2,bus=virtio \ --os-variant {{ os_variant }} \ --network network=default \ --graphics none \ @@ -71,17 +71,18 @@ --qemu-commandline="-fw_cfg name=opt/org.flatcar-linux/config,file=/{{ vm_images_dir }}/{{ vm_name }}.ign" {% elif os_type == 'microos' %} virt-install \ + --connect qemu:///system \ --name {{ vm_name }} \ --vcpus {{ cpu | default(default_cpu) }} \ --memory {{ ram | default(default_ram) }} \ - --disk path={{ vm_images_dir }}/{{ vm_name }}.qcow2,bus=virtio \ - --import \ + --disk size={{ disk | default('10') }},backing_store={{ vm_images_dir }}/{{ vm_name }}.qcow2,backing_format=qcow2,bus=virtio \ + --disk size={{ disk | default('10') }},path={{ vm_images_dir }}/{{ vm_name }}-home.qcow2,bus=virtio \ --os-variant {{ os_variant }} \ --network network=default \ --graphics none \ --noautoconsole \ --boot uefi \ - --cloud-init user-data={{ vm_images_dir }}/{{ vm_name }}_user-data,meta-data={{ vm_images_dir }}/{{ vm_name }}_meta-data + --sysinfo type=fwcfg,entry0.name=opt/com.coreos/config,entry0.file={{ vm_images_dir }}/{{ vm_name }}.ign {% endif %} args: creates: "/etc/libvirt/qemu/{{ vm_name }}.xml" \ No newline at end of file diff --git a/ansible-kvm-vms/vars/vms.yml b/ansible-kvm-vms/vars/vms.yml index f3ab098..1848203 100644 --- a/ansible-kvm-vms/vars/vms.yml +++ b/ansible-kvm-vms/vars/vms.yml @@ -16,7 +16,7 @@ vms: - name: microos-vm os_type: microos - os_variant: "opensusemicroos" + os_variant: "opensusetumbleweed" cpu: 2 ram: 2048 - disk: "20G" + disk: 20 #GB