ansible debian post instalation setup

.gitignore

@@ -3,6 +3,7 @@
 *.iso
 *.tar
 *.bz2
+*.qcow2
 .env
 *.retry
 

docker-compose.yml

@@ -4,9 +4,6 @@ services:
    gentoo_packer:
       image: ${REGISTRY_URL}/${IMAGE_NAME}:${VERSION}
       privileged: true
-      volumes:
-         - "./image/assets:/packer"
-         - "./image/cache:/packer-cache"
       network_mode: "host"
       environment:
          - SOURCE_NAME=qemu.gentoo
@@ -16,6 +13,9 @@ services:
          - ANSIBLE_PLAYBOOK=/packer/ansible/playbook-gentoo.yml
          - ISO_CHECKSUM=file:http://distfiles.gentoo.org/releases/amd64/autobuilds/current-install-amd64-minimal/install-amd64-minimal-20201111T214503Z.iso.DIGESTS
          - ISO_URL=http://distfiles.gentoo.org/releases/amd64/autobuilds/current-install-amd64-minimal/install-amd64-minimal-20201111T214503Z.iso
+      volumes:
+         - "./image/assets:/packer"
+         - "./image/cache:/packer-cache"
       #ports:
       #    - "5900:5900/udp"
       #    - "2222:2229"
@@ -24,9 +24,6 @@ services:
    debian_packer:
       image: ${REGISTRY_URL}/${IMAGE_NAME}:${VERSION}
       privileged: true
-      volumes:
-         - "./image/assets:/packer"
-         - "./image/cache:/packer-cache"
       network_mode: "host"
       environment:
          - SOURCE_NAME=qemu.debian
@@ -36,6 +33,9 @@ services:
          - ANSIBLE_PLAYBOOK=/packer/ansible/playbook-debian.yml
          - ISO_CHECKSUM=file:https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA512SUMS
          - ISO_URL=https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-10.6.0-amd64-netinst.iso
+      volumes:
+         - "./image/assets:/packer"
+         - "./image/cache:/packer-cache"
       #ports:
       #    - "5900:5900/udp"
       #    - "2222:2229"

image/assets/ansible/playbook-debian.yml

@@ -1,8 +1,7 @@
 ---
 # file: playbook-debian.yml
 
-- hosts: localhost
-  become: true
+- hosts: default
   pre_tasks:
     - name: "check ansible required param"
       assert:
@@ -12,6 +11,15 @@
           - generated_group is defined
         fail_msg: "Pass param ssh_pub, generated_user and generated_group to launch this playbook"
   roles:
-    - geerlingguy.docker
-      docker_users:
-        - debian
+    - role: debian-init
+    - role: create-user
+      vars:
+        ssh_public_key: "{{ ssh_pub }}"
+        user_name: "{{ generated_user }}"
+        group_name: "{{ generated_group }}"
+    - role: geerlingguy.docker
+      become: yes
+      vars:
+        docker_users:
+          - "{{ generated_user }}"
+          - debian

image/assets/ansible/roles/create-user/defaults/main.yml

@@ -0,0 +1,3 @@
+user_name: "default"
+group_name: "default"
+ssh_public_key: ""

image/assets/ansible/roles/create-user/tasks/main.yml

@@ -0,0 +1,35 @@
+---
+# create user and group
+
+- name: "Ensure group {{ group_name }} exists"
+  become: yes
+  group:
+    name: "{{ group_name }}"
+
+- name: "create {{ user_name }} user and {{ group_name }} group"
+  become: yes
+  user:
+    name: "{{ user_name }}"
+    comment: "Login user generate by ansible"
+    groups:
+      - debian
+      - "{{ group_name }}"
+
+- name: "create directory .ssh for public key"
+  become: yes
+  file:
+    path: "/home/{{ user_name }}/.ssh"
+    owner: "{{ user_name }}"
+    group: "{{ group_name }}"
+    state: directory
+    mode: '0755'
+  when: ssh_public_key is defined and ssh_public_key != ""
+
+- name: "setup ssh key"
+  become: yes
+  copy:
+    content: "{{ ssh_public_key }}"
+    dest: "/home/{{ user_name }}/.ssh/authorized_keys"
+    owner: "{{ user_name }}"
+    group: "{{ group_name }}"
+  when: ssh_public_key is defined and ssh_public_key != ""

image/assets/ansible/roles/debian-init/defaults/main.yml

@@ -0,0 +1,12 @@
+
+grub_file: "/etc/default/grub"
+grub_timeout: 1
+
+network_config:
+  src: "interfaces.j2"
+  dest: "/etc/network/interfaces"
+  nic_name: "ens4"
+
+initial_package:
+  - vim
+  - lsb-release

image/assets/ansible/roles/debian-init/handlers/main.yml

@@ -0,0 +1,18 @@
+- name: "Update grub"
+  become: yes
+  shell: "update-grub"
+
+- name: "Restart networking"
+  become: yes
+  service:
+    name: networking
+    state: restarted
+    daemon_reload: yes
+
+- name: Start qemu-guest service
+  become: yes
+  service:
+    name: qemu-guest-agent
+    state: started
+    enabled: yes
+  when: '"qemu-guest-agent" in initial_package'

image/assets/ansible/roles/debian-init/tasks/main.yml

@@ -0,0 +1,30 @@
+- name: "set grub timeout"
+  become: yes
+  lineinfile:
+    dest: "{{ grub_file }}"
+    line: GRUB_TIMEOUT="{{ grub_timeout }}"
+    regexp: '^GRUB_TIMEOUT="'
+  notify:
+    - Update grub
+
+- name: "setup network"
+  become: yes
+  template:
+    src: "{{ network_config.src }}"
+    dest: "{{ network_config.dest }}"
+    owner: root
+    group: root
+    mode: '0644'
+  notify:
+    - Restart networking
+
+- name: "flush all notified handler"
+  meta: flush_handlers
+
+- name: "setup initial package"
+  become: yes
+  package:
+    name: "{{ initial_package }}"
+    update_cache: yes
+    state: present
+  notify: Start qemu-guest service

image/assets/ansible/roles/debian-init/templates/interfaces.j2

@@ -0,0 +1,12 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+auto {{ network_config.nic_name }}
+allow-hotplug {{ network_config.nic_name }}
+iface {{ network_config.nic_name }} inet dhcp

image/assets/ansible/roles/setup/tasks/main.yml

@@ -5,6 +5,5 @@
 - import_tasks: mount.yml
 - import_tasks: os.yml
 - import_tasks: configure.yml
-  #- import_tasks: users.yml
   #- import_tasks: security.yml
 

image/assets/ansible/roles/setup/tasks/users.yml

@@ -1,13 +0,0 @@
----
-# create user and group
-
-- name: "Ensure group {{ generated_group }} exists"
-  group:
-    name: "{{ generated_group }}"
-
-- name: "create {{ generated_user }} user and {{ generated_group }} group"
-  user:
-    name: "{{ generated_user }}"
-    comment: "Login user generate by ansible"
-    group: "{{ generated_group }}"
-

image/assets/hcl/builder.pkr.hcl

@@ -2,14 +2,14 @@
 locals { timestamp = regex_replace(timestamp(), "[- TZ:]", "") }
 
 build {
- sources = ["source.qemu.gentoo", "source.qemu.debian"]
+  sources = ["source.qemu.gentoo", "source.qemu.debian"]
 
   provisioner "ansible" {
     ansible_env_vars = ["ANSIBLE_CONFIG=/packer/ansible/ansible.cfg"]
-    extra_arguments  = ["--extra-vars", "${var.ansible_extra_vars}"]
-    groups           = ["default"]
+    extra_arguments  = ["--extra-vars", "${var.ansible_extra_vars} ansible_python_interpreter=/usr/bin/python3", "-vv"]
+    groups           = ["all"]
     playbook_file    = "${var.ansible_provisioning_playbook}"
-    user             = "root"
+    user             = "${var.ssh_username}"
     galaxy_file      = "/packer/ansible/requirements.yml"
   }
 }

image/assets/hcl/source-debian.pkr.hcl

@@ -4,8 +4,8 @@ source "qemu" "debian" {
   boot_command = [
     "<down><tab>", # non-graphical install
     "preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg ",
-    "language=en locale=en_US.UTF-8 ",
-    "country=FR keymap=fr ",
+    "language=fr locale=fr_FR.UTF-8 ",
+    "country=FR keymap=fr(latin9) ",
     "hostname=packer domain=test ", # Should be overriden after DHCP, if available
     "<enter><wait>",
   ]
@@ -27,14 +27,14 @@ source "qemu" "debian" {
   host_port_max      = 2229
   iso_checksum       = "${var.iso_checksum}"
   iso_url            = "${var.iso_url}"
-  memory             = "1024"
+  memory             = 2048
   net_device         = "virtio-net"
   output_directory   = "output_qcow2"
   qemuargs           = [
     ["-boot", "b"],
     ["-device", "virtio-rng-pci"]
   ]
-  shutdown_command   = "/sbin/shutdown -hP now"
+  shutdown_command   = "sudo /sbin/shutdown -hP now"
   ssh_password       = "${var.ssh_password}"
   ssh_username       = "${var.ssh_username}"
   ssh_wait_timeout   = "900m"

image/assets/httpdir/preseed.cfg

@@ -1,20 +1,19 @@
 d-i partman/early_command \
        string debconf-set partman-auto/disk "$(list-devices disk | head -n1)"
 
-#### Contents of the preconfiguration file (for stretch)
+#### Contents of the preconfiguration file (for buster)
 ### Localization
 # Preseeding only locale sets language, country and locale.
 d-i debian-installer/locale string fr_FR.UTF-8
 
 # The values can also be preseeded individually for greater flexibility.
-#d-i debian-installer/language string en
-#d-i debian-installer/country string NL
-#d-i debian-installer/locale string en_GB.UTF-8
+# d-i debian-installer/language string fr
+# d-i debian-installer/country string FR
 # Optionally specify additional locales to be generated.
 d-i localechooser/supported-locales multiselect fr_FR.UTF-8, en_US.UTF-8
 
 # Keyboard selection.
-d-i keyboard-configuration/xkb-keymap select fr
+d-i keyboard-configuration/xkb-keymap select fr(latin9)
 # d-i keyboard-configuration/toggle select No toggling
 
 ### Network configuration
@@ -28,7 +27,7 @@ d-i keyboard-configuration/xkb-keymap select fr
 d-i netcfg/choose_interface select auto
 
 # To pick a particular interface instead:
-#d-i netcfg/choose_interface select eth1
+# d-i netcfg/choose_interface select ens3
 
 # To set a different link detection timeout (default is 3 seconds).
 # Values are interpreted as seconds.
@@ -97,9 +96,9 @@ d-i netcfg/wireless_wep string
 
 ### Mirror settings
 # If you select ftp, the mirror/country string does not need to be set.
-#d-i mirror/protocol string https
+#d-i mirror/protocol string ftp
 d-i mirror/country string manual
-d-i mirror/http/hostname string deb.debian.org
+d-i mirror/http/hostname string http.us.debian.org
 d-i mirror/http/directory string /debian
 d-i mirror/http/proxy string
 
@@ -227,7 +226,6 @@ d-i partman/mount_style select traditional
 # Configure APT to not install recommended packages by default. Use of this
 # option can result in an incomplete system and should only be used by very
 # experienced users.
-#d-i base-installer/install-recommends boolean false
 d-i base-installer/install-recommends boolean false
 
 # The kernel image (meta) package to be installed; "none" can be used if no
@@ -278,7 +276,7 @@ tasksel tasksel/first multiselect SSH server
 # We need at least these to continue the preseeding later on.
 # Provide also haveged so we (hopefully) have more entropy when our VM starts
 # for the first time.
-d-i pkgsel/include string haveged openssh-server sudo
+d-i pkgsel/include string haveged openssh-server sudo python3
 
 # Whether to upgrade packages after debootstrap.
 # Allowed values: none, safe-upgrade, full-upgrade
@@ -289,7 +287,6 @@ d-i pkgsel/upgrade select full-upgrade
 # installed, and what software you use. The default is not to report back,
 # but sending reports helps the project determine what software is most
 # popular and include it on CDs.
-#popularity-contest popularity-contest/participate boolean false
 popularity-contest popularity-contest/participate boolean false
 
 ### Boot loader installation

run-image.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # pass debian or gentoo as first parameter
-if [ "$#" -lt 2 ]; then
+if [ "$#" -lt 1 ]; then
   exit 1
 fi
 
@@ -10,6 +10,6 @@ qemu-system-x86_64 \
     -boot order=d -m 1024 \
     -smp cpus=1,sockets=2,maxcpus=2 \
     -drive "file=./image/assets/output_qcow2/$1_packer.qcow2,format=qcow2,index=1" \
-    -device virtio-net,netdev=user.0 \
-    -netdev user,id=user.0,hostfwd=tcp::5556-:22
+    -net nic,model=virtio \
+    -net user,hostfwd=tcp::5556-:22