From 37743f6637f0a7bc79b1ed3fa310b7b3c8af0771 Mon Sep 17 00:00:00 2001 From: Antoine Date: Fri, 13 Nov 2020 04:02:41 +0100 Subject: [PATCH] ansible debian post instalation setup --- .gitignore | 1 + docker-compose.yml | 12 +++---- image/assets/ansible/playbook-debian.yml | 18 +++++++--- .../roles/create-user/defaults/main.yml | 3 ++ .../ansible/roles/create-user/tasks/main.yml | 35 +++++++++++++++++++ .../roles/debian-init/defaults/main.yml | 12 +++++++ .../roles/debian-init/handlers/main.yml | 18 ++++++++++ .../ansible/roles/debian-init/tasks/main.yml | 30 ++++++++++++++++ .../roles/debian-init/templates/interfaces.j2 | 12 +++++++ .../assets/ansible/roles/setup/tasks/main.yml | 1 - .../ansible/roles/setup/tasks/users.yml | 13 ------- image/assets/hcl/builder.pkr.hcl | 8 ++--- image/assets/hcl/source-debian.pkr.hcl | 8 ++--- image/assets/httpdir/preseed.cfg | 19 +++++----- run-image.sh | 6 ++-- 15 files changed, 149 insertions(+), 47 deletions(-) create mode 100644 image/assets/ansible/roles/create-user/defaults/main.yml create mode 100644 image/assets/ansible/roles/create-user/tasks/main.yml create mode 100644 image/assets/ansible/roles/debian-init/defaults/main.yml create mode 100644 image/assets/ansible/roles/debian-init/handlers/main.yml create mode 100644 image/assets/ansible/roles/debian-init/tasks/main.yml create mode 100644 image/assets/ansible/roles/debian-init/templates/interfaces.j2 delete mode 100644 image/assets/ansible/roles/setup/tasks/users.yml diff --git a/.gitignore b/.gitignore index af40667..d1d3e46 100644 --- a/.gitignore +++ b/.gitignore @@ -3,6 +3,7 @@ *.iso *.tar *.bz2 +*.qcow2 .env *.retry diff --git a/docker-compose.yml b/docker-compose.yml index 1c41775..e7d1a74 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,9 +4,6 @@ services: gentoo_packer: image: ${REGISTRY_URL}/${IMAGE_NAME}:${VERSION} privileged: true - volumes: - - "./image/assets:/packer" - - "./image/cache:/packer-cache" network_mode: "host" environment: - SOURCE_NAME=qemu.gentoo @@ -16,6 +13,9 @@ services: - ANSIBLE_PLAYBOOK=/packer/ansible/playbook-gentoo.yml - ISO_CHECKSUM=file:http://distfiles.gentoo.org/releases/amd64/autobuilds/current-install-amd64-minimal/install-amd64-minimal-20201111T214503Z.iso.DIGESTS - ISO_URL=http://distfiles.gentoo.org/releases/amd64/autobuilds/current-install-amd64-minimal/install-amd64-minimal-20201111T214503Z.iso + volumes: + - "./image/assets:/packer" + - "./image/cache:/packer-cache" #ports: # - "5900:5900/udp" # - "2222:2229" @@ -24,9 +24,6 @@ services: debian_packer: image: ${REGISTRY_URL}/${IMAGE_NAME}:${VERSION} privileged: true - volumes: - - "./image/assets:/packer" - - "./image/cache:/packer-cache" network_mode: "host" environment: - SOURCE_NAME=qemu.debian @@ -36,6 +33,9 @@ services: - ANSIBLE_PLAYBOOK=/packer/ansible/playbook-debian.yml - ISO_CHECKSUM=file:https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA512SUMS - ISO_URL=https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-10.6.0-amd64-netinst.iso + volumes: + - "./image/assets:/packer" + - "./image/cache:/packer-cache" #ports: # - "5900:5900/udp" # - "2222:2229" diff --git a/image/assets/ansible/playbook-debian.yml b/image/assets/ansible/playbook-debian.yml index 9a6a682..0639bdc 100644 --- a/image/assets/ansible/playbook-debian.yml +++ b/image/assets/ansible/playbook-debian.yml @@ -1,8 +1,7 @@ --- # file: playbook-debian.yml -- hosts: localhost - become: true +- hosts: default pre_tasks: - name: "check ansible required param" assert: @@ -12,6 +11,15 @@ - generated_group is defined fail_msg: "Pass param ssh_pub, generated_user and generated_group to launch this playbook" roles: - - geerlingguy.docker - docker_users: - - debian + - role: debian-init + - role: create-user + vars: + ssh_public_key: "{{ ssh_pub }}" + user_name: "{{ generated_user }}" + group_name: "{{ generated_group }}" + - role: geerlingguy.docker + become: yes + vars: + docker_users: + - "{{ generated_user }}" + - debian diff --git a/image/assets/ansible/roles/create-user/defaults/main.yml b/image/assets/ansible/roles/create-user/defaults/main.yml new file mode 100644 index 0000000..2d1ef36 --- /dev/null +++ b/image/assets/ansible/roles/create-user/defaults/main.yml @@ -0,0 +1,3 @@ +user_name: "default" +group_name: "default" +ssh_public_key: "" diff --git a/image/assets/ansible/roles/create-user/tasks/main.yml b/image/assets/ansible/roles/create-user/tasks/main.yml new file mode 100644 index 0000000..d6cc0c4 --- /dev/null +++ b/image/assets/ansible/roles/create-user/tasks/main.yml @@ -0,0 +1,35 @@ +--- +# create user and group + +- name: "Ensure group {{ group_name }} exists" + become: yes + group: + name: "{{ group_name }}" + +- name: "create {{ user_name }} user and {{ group_name }} group" + become: yes + user: + name: "{{ user_name }}" + comment: "Login user generate by ansible" + groups: + - debian + - "{{ group_name }}" + +- name: "create directory .ssh for public key" + become: yes + file: + path: "/home/{{ user_name }}/.ssh" + owner: "{{ user_name }}" + group: "{{ group_name }}" + state: directory + mode: '0755' + when: ssh_public_key is defined and ssh_public_key != "" + +- name: "setup ssh key" + become: yes + copy: + content: "{{ ssh_public_key }}" + dest: "/home/{{ user_name }}/.ssh/authorized_keys" + owner: "{{ user_name }}" + group: "{{ group_name }}" + when: ssh_public_key is defined and ssh_public_key != "" diff --git a/image/assets/ansible/roles/debian-init/defaults/main.yml b/image/assets/ansible/roles/debian-init/defaults/main.yml new file mode 100644 index 0000000..5c50719 --- /dev/null +++ b/image/assets/ansible/roles/debian-init/defaults/main.yml @@ -0,0 +1,12 @@ + +grub_file: "/etc/default/grub" +grub_timeout: 1 + +network_config: + src: "interfaces.j2" + dest: "/etc/network/interfaces" + nic_name: "ens4" + +initial_package: + - vim + - lsb-release diff --git a/image/assets/ansible/roles/debian-init/handlers/main.yml b/image/assets/ansible/roles/debian-init/handlers/main.yml new file mode 100644 index 0000000..650d474 --- /dev/null +++ b/image/assets/ansible/roles/debian-init/handlers/main.yml @@ -0,0 +1,18 @@ +- name: "Update grub" + become: yes + shell: "update-grub" + +- name: "Restart networking" + become: yes + service: + name: networking + state: restarted + daemon_reload: yes + +- name: Start qemu-guest service + become: yes + service: + name: qemu-guest-agent + state: started + enabled: yes + when: '"qemu-guest-agent" in initial_package' diff --git a/image/assets/ansible/roles/debian-init/tasks/main.yml b/image/assets/ansible/roles/debian-init/tasks/main.yml new file mode 100644 index 0000000..eb633c5 --- /dev/null +++ b/image/assets/ansible/roles/debian-init/tasks/main.yml @@ -0,0 +1,30 @@ +- name: "set grub timeout" + become: yes + lineinfile: + dest: "{{ grub_file }}" + line: GRUB_TIMEOUT="{{ grub_timeout }}" + regexp: '^GRUB_TIMEOUT="' + notify: + - Update grub + +- name: "setup network" + become: yes + template: + src: "{{ network_config.src }}" + dest: "{{ network_config.dest }}" + owner: root + group: root + mode: '0644' + notify: + - Restart networking + +- name: "flush all notified handler" + meta: flush_handlers + +- name: "setup initial package" + become: yes + package: + name: "{{ initial_package }}" + update_cache: yes + state: present + notify: Start qemu-guest service diff --git a/image/assets/ansible/roles/debian-init/templates/interfaces.j2 b/image/assets/ansible/roles/debian-init/templates/interfaces.j2 new file mode 100644 index 0000000..924330e --- /dev/null +++ b/image/assets/ansible/roles/debian-init/templates/interfaces.j2 @@ -0,0 +1,12 @@ +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). +source /etc/network/interfaces.d/* + +# The loopback network interface +auto lo +iface lo inet loopback + +# The primary network interface +auto {{ network_config.nic_name }} +allow-hotplug {{ network_config.nic_name }} +iface {{ network_config.nic_name }} inet dhcp diff --git a/image/assets/ansible/roles/setup/tasks/main.yml b/image/assets/ansible/roles/setup/tasks/main.yml index efe3be1..b4f7960 100644 --- a/image/assets/ansible/roles/setup/tasks/main.yml +++ b/image/assets/ansible/roles/setup/tasks/main.yml @@ -5,6 +5,5 @@ - import_tasks: mount.yml - import_tasks: os.yml - import_tasks: configure.yml - #- import_tasks: users.yml #- import_tasks: security.yml diff --git a/image/assets/ansible/roles/setup/tasks/users.yml b/image/assets/ansible/roles/setup/tasks/users.yml deleted file mode 100644 index 56de8b8..0000000 --- a/image/assets/ansible/roles/setup/tasks/users.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# create user and group - -- name: "Ensure group {{ generated_group }} exists" - group: - name: "{{ generated_group }}" - -- name: "create {{ generated_user }} user and {{ generated_group }} group" - user: - name: "{{ generated_user }}" - comment: "Login user generate by ansible" - group: "{{ generated_group }}" - diff --git a/image/assets/hcl/builder.pkr.hcl b/image/assets/hcl/builder.pkr.hcl index 055d5e7..50f2ee0 100644 --- a/image/assets/hcl/builder.pkr.hcl +++ b/image/assets/hcl/builder.pkr.hcl @@ -2,14 +2,14 @@ locals { timestamp = regex_replace(timestamp(), "[- TZ:]", "") } build { - sources = ["source.qemu.gentoo", "source.qemu.debian"] + sources = ["source.qemu.gentoo", "source.qemu.debian"] provisioner "ansible" { ansible_env_vars = ["ANSIBLE_CONFIG=/packer/ansible/ansible.cfg"] - extra_arguments = ["--extra-vars", "${var.ansible_extra_vars}"] - groups = ["default"] + extra_arguments = ["--extra-vars", "${var.ansible_extra_vars} ansible_python_interpreter=/usr/bin/python3", "-vv"] + groups = ["all"] playbook_file = "${var.ansible_provisioning_playbook}" - user = "root" + user = "${var.ssh_username}" galaxy_file = "/packer/ansible/requirements.yml" } } diff --git a/image/assets/hcl/source-debian.pkr.hcl b/image/assets/hcl/source-debian.pkr.hcl index 9512284..fb7a687 100644 --- a/image/assets/hcl/source-debian.pkr.hcl +++ b/image/assets/hcl/source-debian.pkr.hcl @@ -4,8 +4,8 @@ source "qemu" "debian" { boot_command = [ "", # non-graphical install "preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg ", - "language=en locale=en_US.UTF-8 ", - "country=FR keymap=fr ", + "language=fr locale=fr_FR.UTF-8 ", + "country=FR keymap=fr(latin9) ", "hostname=packer domain=test ", # Should be overriden after DHCP, if available "", ] @@ -27,14 +27,14 @@ source "qemu" "debian" { host_port_max = 2229 iso_checksum = "${var.iso_checksum}" iso_url = "${var.iso_url}" - memory = "1024" + memory = 2048 net_device = "virtio-net" output_directory = "output_qcow2" qemuargs = [ ["-boot", "b"], ["-device", "virtio-rng-pci"] ] - shutdown_command = "/sbin/shutdown -hP now" + shutdown_command = "sudo /sbin/shutdown -hP now" ssh_password = "${var.ssh_password}" ssh_username = "${var.ssh_username}" ssh_wait_timeout = "900m" diff --git a/image/assets/httpdir/preseed.cfg b/image/assets/httpdir/preseed.cfg index 7825b0e..0e06212 100644 --- a/image/assets/httpdir/preseed.cfg +++ b/image/assets/httpdir/preseed.cfg @@ -1,20 +1,19 @@ d-i partman/early_command \ string debconf-set partman-auto/disk "$(list-devices disk | head -n1)" -#### Contents of the preconfiguration file (for stretch) +#### Contents of the preconfiguration file (for buster) ### Localization # Preseeding only locale sets language, country and locale. d-i debian-installer/locale string fr_FR.UTF-8 # The values can also be preseeded individually for greater flexibility. -#d-i debian-installer/language string en -#d-i debian-installer/country string NL -#d-i debian-installer/locale string en_GB.UTF-8 +# d-i debian-installer/language string fr +# d-i debian-installer/country string FR # Optionally specify additional locales to be generated. d-i localechooser/supported-locales multiselect fr_FR.UTF-8, en_US.UTF-8 # Keyboard selection. -d-i keyboard-configuration/xkb-keymap select fr +d-i keyboard-configuration/xkb-keymap select fr(latin9) # d-i keyboard-configuration/toggle select No toggling ### Network configuration @@ -28,7 +27,7 @@ d-i keyboard-configuration/xkb-keymap select fr d-i netcfg/choose_interface select auto # To pick a particular interface instead: -#d-i netcfg/choose_interface select eth1 +# d-i netcfg/choose_interface select ens3 # To set a different link detection timeout (default is 3 seconds). # Values are interpreted as seconds. @@ -97,9 +96,9 @@ d-i netcfg/wireless_wep string ### Mirror settings # If you select ftp, the mirror/country string does not need to be set. -#d-i mirror/protocol string https +#d-i mirror/protocol string ftp d-i mirror/country string manual -d-i mirror/http/hostname string deb.debian.org +d-i mirror/http/hostname string http.us.debian.org d-i mirror/http/directory string /debian d-i mirror/http/proxy string @@ -227,7 +226,6 @@ d-i partman/mount_style select traditional # Configure APT to not install recommended packages by default. Use of this # option can result in an incomplete system and should only be used by very # experienced users. -#d-i base-installer/install-recommends boolean false d-i base-installer/install-recommends boolean false # The kernel image (meta) package to be installed; "none" can be used if no @@ -278,7 +276,7 @@ tasksel tasksel/first multiselect SSH server # We need at least these to continue the preseeding later on. # Provide also haveged so we (hopefully) have more entropy when our VM starts # for the first time. -d-i pkgsel/include string haveged openssh-server sudo +d-i pkgsel/include string haveged openssh-server sudo python3 # Whether to upgrade packages after debootstrap. # Allowed values: none, safe-upgrade, full-upgrade @@ -289,7 +287,6 @@ d-i pkgsel/upgrade select full-upgrade # installed, and what software you use. The default is not to report back, # but sending reports helps the project determine what software is most # popular and include it on CDs. -#popularity-contest popularity-contest/participate boolean false popularity-contest popularity-contest/participate boolean false ### Boot loader installation diff --git a/run-image.sh b/run-image.sh index 8f6ba10..f2da73c 100755 --- a/run-image.sh +++ b/run-image.sh @@ -1,7 +1,7 @@ #!/bin/bash # pass debian or gentoo as first parameter -if [ "$#" -lt 2 ]; then +if [ "$#" -lt 1 ]; then exit 1 fi @@ -10,6 +10,6 @@ qemu-system-x86_64 \ -boot order=d -m 1024 \ -smp cpus=1,sockets=2,maxcpus=2 \ -drive "file=./image/assets/output_qcow2/$1_packer.qcow2,format=qcow2,index=1" \ - -device virtio-net,netdev=user.0 \ - -netdev user,id=user.0,hostfwd=tcp::5556-:22 + -net nic,model=virtio \ + -net user,hostfwd=tcp::5556-:22