diff --git a/hosts.yml b/hosts.yml index 2a0f45c..785e47a 100644 --- a/hosts.yml +++ b/hosts.yml @@ -2,11 +2,9 @@ all: vars: userdata: "{{playbook_dir}}/userdata" ovmf: /usr/share/edk2-ovmf/x64/OVMF_CODE.fd # not required for libvirt - virtual_machines: - - name: mirror-env - ram: 3G - disk_size: 10G - ssh_port: 7777 + vm_ram: 3G + vm_disk_size: 10G + vm_ssh_port: 7777 children: local: hosts: diff --git a/mirror-vm.yml b/mirror-vm.yml index af85f68..319c178 100644 --- a/mirror-vm.yml +++ b/mirror-vm.yml @@ -1,9 +1,10 @@ --- -- hosts: local - roles: - - vm-qemu - - run-vm +# - hosts: local +# roles: +# - vm-qemu + # - run-vm - hosts: vm + become: yes roles: - - post-install + - nginx diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml new file mode 100644 index 0000000..3bce67a --- /dev/null +++ b/roles/nginx/tasks/main.yml @@ -0,0 +1,48 @@ +--- +- name: Install nginx + apt: + name: nginx + state: latest + update_cache: true + +- name: Start nginx service + service: + name: nginx + state: started + +- name: Remove pre-existing sites-available and sites-enabled + file: + state: absent + path: "{{item}}" + loop: + - /etc/nginx/sites-available + - /etc/nginx/sites-enabled + +- name: Copy nginx config files + copy: + src: "{{role_path}}/templates/{{item.src}}" + dest: "/etc/nginx/{{item.dest}}" + loop: + - {src: nginx.conf, dest: nginx.conf} + - {src: mime.types, dest: mime.types} + - {src: includes, dest: ""} + - {src: sites-available, dest: ""} + +- name: Make new sites-enabled + file: + path: /etc/nginx/sites-enabled + state: directory + +- name: Find all files in sites-available + find: + paths: /etc/nginx/sites-available + register: sites + +- name: Link to sites-enabled + file: + src: "{{item.path}}" + path: "/etc/nginx/sites-enabled/{{item.path|basename}}" + state: link + with_items: "{{sites.files}}" + +# restart nginx service diff --git a/roles/nginx/templates/README.md b/roles/nginx/templates/README.md new file mode 100644 index 0000000..5a4b39d --- /dev/null +++ b/roles/nginx/templates/README.md @@ -0,0 +1,22 @@ +Will not copy ssl certs (dev env will not support ssl?) +``` +mime.types -> +/etc/nginx/mime.types +``` +``` +nginx.conf -> +/etc/nginx/nginx.conf +``` +``` +includes/ -> +/etc/nginx/includes/ +``` +``` +sites-available/ -> +/etc/nginx/sites-available/ +``` +To enable the sites +``` +ln -s /etc/nginx/sites-available/debian.conf /etc/nginx/sites-enabled/ +ln -s /etc/nginx/sites-available/mirror.conf /etc/nginx/sites-enabled/ +``` diff --git a/roles/nginx/templates/includes/ceph.conf b/roles/nginx/templates/includes/ceph.conf new file mode 100644 index 0000000..07a9516 --- /dev/null +++ b/roles/nginx/templates/includes/ceph.conf @@ -0,0 +1,17 @@ +server_name ca.ceph.com; +access_log /var/log/nginx/access.ceph.log; + +root /mirror/root/ceph; +index index.html; + +location ^~ /.well-known/acme-challenge { + alias /var/www/dehydrated; +} + +location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + autoindex on; + autoindex_exact_size off; +} diff --git a/roles/nginx/templates/includes/csc-debian.conf b/roles/nginx/templates/includes/csc-debian.conf new file mode 100644 index 0000000..fb4669b --- /dev/null +++ b/roles/nginx/templates/includes/csc-debian.conf @@ -0,0 +1,12 @@ +server_name debian.csclub.uwaterloo.ca debian.csclub debian; + +root /srv/debian/www; +index index.html; + +location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + autoindex on; + autoindex_exact_size off; +} diff --git a/roles/nginx/templates/includes/mirror.conf b/roles/nginx/templates/includes/mirror.conf new file mode 100644 index 0000000..2830a5e --- /dev/null +++ b/roles/nginx/templates/includes/mirror.conf @@ -0,0 +1,56 @@ +server_name _; + +root /mirror/root; +index index.html; +autoindex on; +autoindex_exact_size off; + +location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; +} + +# Server status +location /server-status { + stub_status on; + allow 127.0.0.1; + allow ::1; + allow 129.97.134.0/24; + allow 129.97.31.128/26; + allow 2620:101:f000:4901::/64; + allow 2620:101:f000:4902::/64; + deny all; +} + +# Statistics +location ~ /stats/(?.*) { + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://[::1]:19999/$ndpath$is_args$args; + proxy_http_version 1.1; + proxy_pass_request_headers on; + proxy_set_header Connection "keep-alive"; + proxy_store off; +} + +location = /stats { + return 301 /stats/; +} + +# On behalf of WiCS, redirect all files +# from sarah_sharp to sage_sharp +location ~ /wics/sarah_sharp_(?.*) { + return 301 /wics/sage_sharp_$file; +} + +# Ceph has a special access log +location /ceph { + access_log /var/log/nginx/access.ceph.log; +} + +# Removed projects +location ^~ /kali {return 410;} +location ^~ /kali-images {return 410;} +location ^~ /hyperbola {return 410;} diff --git a/roles/nginx/templates/includes/ssl.conf b/roles/nginx/templates/includes/ssl.conf new file mode 100644 index 0000000..a4a742b --- /dev/null +++ b/roles/nginx/templates/includes/ssl.conf @@ -0,0 +1,11 @@ +ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; +ssl_prefer_server_ciphers on; +ssl_session_cache shared:SSL:10m; +ssl_protocols TLSv1.2 TLSv1.3; +ssl_dhparam /etc/ssl/private/dhparam.pem; +ssl_session_tickets off; +ssl_stapling on; +ssl_stapling_verify on; +resolver 129.97.134.4 129.97.18.20 [2620:101:f000:4901:c5c::4] [2620:101:f000:7300:c5c::20] valid=300s; +resolver_timeout 5s; +ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt; diff --git a/roles/nginx/templates/includes/ubuntu.conf b/roles/nginx/templates/includes/ubuntu.conf new file mode 100644 index 0000000..5c4d086 --- /dev/null +++ b/roles/nginx/templates/includes/ubuntu.conf @@ -0,0 +1,13 @@ +server_name ca.releases.ubuntu.com; + +root /mirror/root/ubuntu-releases; +index index.html; + + +location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + autoindex on; + autoindex_exact_size off; +} diff --git a/roles/nginx/templates/mime.types b/roles/nginx/templates/mime.types new file mode 100644 index 0000000..89be9a4 --- /dev/null +++ b/roles/nginx/templates/mime.types @@ -0,0 +1,89 @@ + +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + image/svg+xml svg svgz; + image/webp webp; + + application/font-woff woff; + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.wap.wmlc wmlc; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; + application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/roles/nginx/templates/nginx.conf b/roles/nginx/templates/nginx.conf new file mode 100644 index 0000000..48dbf8a --- /dev/null +++ b/roles/nginx/templates/nginx.conf @@ -0,0 +1,101 @@ +user www-data; +worker_processes 17; +pid /run/nginx.pid; + +events { + worker_connections 1024; + multi_accept on; + use epoll; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + sendfile_max_chunk 1m; + + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + # server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type text/plain; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1.2; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + gzip_disable "msie6"; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Open File Cache + # + open_file_cache max=2000 inactive=20s; + open_file_cache_valid 60s; + open_file_cache_min_uses 5; + open_file_cache_errors off; + + ## + # File + ## + output_buffers 1 1m; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} + + +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#} diff --git a/roles/nginx/templates/sites-available/debian.conf b/roles/nginx/templates/sites-available/debian.conf new file mode 100644 index 0000000..09c28c0 --- /dev/null +++ b/roles/nginx/templates/sites-available/debian.conf @@ -0,0 +1,17 @@ +server { + listen 80; + listen [::]:80; + + include includes/csc-debian.conf; +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + + ssl_certificate /etc/ssl/private/csclub-wildcard-chain.crt; + ssl_certificate_key /etc/ssl/private/csclub-wildcard.key; + include includes/ssl.conf; + + include includes/csc-debian.conf; +} diff --git a/roles/nginx/templates/sites-available/default b/roles/nginx/templates/sites-available/default new file mode 100644 index 0000000..b4c49af --- /dev/null +++ b/roles/nginx/templates/sites-available/default @@ -0,0 +1,80 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# http://wiki.nginx.org/Pitfalls +# http://wiki.nginx.org/QuickStart +# http://wiki.nginx.org/Configuration +# +# Generally, you will want to move this file somewhere, and start with a clean +# file but keep this around for reference. Or just disable in sites-enabled. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration +# +server { + listen 80 default_server; + listen [::]:80 default_server; + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + + server_name _; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + } + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # + # # With php5-cgi alone: + # fastcgi_pass 127.0.0.1:9000; + # # With php5-fpm: + # fastcgi_pass unix:/var/run/php5-fpm.sock; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + + +# Virtual Host configuration for example.com +# +# You can move that to a different file under sites-available/ and symlink that +# to sites-enabled/ to enable it. +# +#server { +# listen 80; +# listen [::]:80; +# +# server_name example.com; +# +# root /var/www/example.com; +# index index.html; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} diff --git a/roles/nginx/templates/sites-available/default.dpkg-dist b/roles/nginx/templates/sites-available/default.dpkg-dist new file mode 100644 index 0000000..9117e37 --- /dev/null +++ b/roles/nginx/templates/sites-available/default.dpkg-dist @@ -0,0 +1,91 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration +# +server { + listen 80 default_server; + listen [::]:80 default_server; + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + + server_name _; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + } + + # pass PHP scripts to FastCGI server + # + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # + # # With php-fpm (or other unix sockets): + # fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; + # # With php-cgi (or other tcp sockets): + # fastcgi_pass 127.0.0.1:9000; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + + +# Virtual Host configuration for example.com +# +# You can move that to a different file under sites-available/ and symlink that +# to sites-enabled/ to enable it. +# +#server { +# listen 80; +# listen [::]:80; +# +# server_name example.com; +# +# root /var/www/example.com; +# index index.html; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} diff --git a/roles/nginx/templates/sites-available/mirror.conf b/roles/nginx/templates/sites-available/mirror.conf new file mode 100644 index 0000000..4e23a7e --- /dev/null +++ b/roles/nginx/templates/sites-available/mirror.conf @@ -0,0 +1,44 @@ +server { + listen 80 default_server reuseport; + listen [::]:80 default_server reuseport; + + include includes/mirror.conf; +} + +server { + listen 443 ssl default_server reuseport; + listen [::]:443 ssl default_server reuseport; + + ssl_certificate /etc/ssl/private/csclub-wildcard-chain.crt; + ssl_certificate_key /etc/ssl/private/csclub-wildcard.key; + include includes/ssl.conf; + + include includes/mirror.conf; +} + +# ca.releases.ubuntu.com +server { + listen 80; + listen [::]:80; + + include includes/ubuntu.conf; +} + +# ca.ceph.com +server { + listen 80; + listen [::]:80; + + include includes/ceph.conf; +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + + ssl_certificate /etc/dehydrated/certs/ca.ceph.com/fullchain.pem; + ssl_certificate_key /etc/dehydrated/certs/ca.ceph.com/privkey.pem; + include includes/ssl.conf; + + include includes/ceph.conf; +} diff --git a/roles/run-vm/tasks/main.yml b/roles/run-vm/tasks/main.yml index c622685..ca2cadb 100644 --- a/roles/run-vm/tasks/main.yml +++ b/roles/run-vm/tasks/main.yml @@ -1,6 +1,18 @@ --- -- name: Run all VMs - include_tasks: vm.yml - loop: "{{virtual_machines}}" - loop_control: - loop_var: vm +- name: Start VM + # async: 10000 + # poll: 0 + shell: + cmd: "qemu-system-x86_64 \ + -enable-kvm -boot order=d \ + -drive file={{userdata}}/drive1,if=virtio,id=a,media=disk,format=qcow2 \ + -drive file={{userdata}}/drive2,if=virtio,id=b,media=disk,format=qcow2 \ + -drive file={{userdata}}/drive3,if=virtio,id=c,media=disk,format=qcow2 \ + -drive file={{userdata}}/drive4,if=virtio,id=d,media=disk,format=qcow2 \ + -drive file={{userdata}}/drive5,if=virtio,id=e,media=disk,format=qcow2 \ + -drive file={{userdata}}/drive6,if=virtio,id=f,media=disk,format=qcow2 \ + -drive file={{userdata}}/seed.iso,if=virtio,format=raw \ + -bios {{ovmf}} \ + -m {{vm_ram}} \ + -net user,hostfwd=tcp::{{vm_ssh_port}}-:22 \ + -net nic" diff --git a/roles/run-vm/tasks/vm.yml b/roles/run-vm/tasks/vm.yml deleted file mode 100644 index b99b2a7..0000000 --- a/roles/run-vm/tasks/vm.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: "{{vm.name}} - Start VM" - async: 10000 - poll: 0 - shell: - cmd: "qemu-system-x86_64 \ - -enable-kvm -boot order=d \ - -drive file={{userdata}}/{{vm.name}}/drive1,if=virtio,id=a,media=disk,format=qcow2 \ - -drive file={{userdata}}/{{vm.name}}/drive2,if=virtio,id=b,media=disk,format=qcow2 \ - -drive file={{userdata}}/{{vm.name}}/drive3,if=virtio,id=c,media=disk,format=qcow2 \ - -drive file={{userdata}}/{{vm.name}}/drive4,if=virtio,id=d,media=disk,format=qcow2 \ - -drive file={{userdata}}/{{vm.name}}/drive5,if=virtio,id=e,media=disk,format=qcow2 \ - -drive file={{userdata}}/{{vm.name}}/drive6,if=virtio,id=f,media=disk,format=qcow2 \ - -drive file={{userdata}}/{{vm.name}}/seed.iso,if=virtio,format=raw \ - -bios {{ovmf}} \ - -m {{vm.ram}} \ - -net user,hostfwd=tcp::{{vm.ssh_port}}-:22 \ - -net nic" diff --git a/roles/vm-qemu/tasks/main.yml b/roles/vm-qemu/tasks/main.yml index d3e6c28..927c88e 100644 --- a/roles/vm-qemu/tasks/main.yml +++ b/roles/vm-qemu/tasks/main.yml @@ -1,6 +1,56 @@ --- -- name: Configure all VMs - include_tasks: vm.yml - loop: "{{virtual_machines}}" - loop_control: - loop_var: vm +# quite a lot of duplication, probably fix later +# Gather info +- name: Check if vm was created already + stat: + path: "{{userdata}}" + register: vmexists + ignore_errors: true +- name: Check for ubuntu iso + stat: + path: "{{role_path}}/files/ubuntu20_04.iso" + register: isoexists + ignore_errors: true +- name: Check for ubuntu iso seed + stat: + path: "{{userdata}}/seed.iso" + register: seedexists + ignore_errors: true + +# Setting up VM +- name: Create directory for VM + file: + state: directory + path: "{{userdata}}" + when: vmexists.stat.exists == false + +# didn't use get_url module since it broke with symlinks +- name: Fetching ubuntu iso + command: curl -o "{{role_path}}/files/ubuntu20_04.iso" https://releases.ubuntu.com/20.04.3/ubuntu-20.04.3-live-server-amd64.iso + when: isoexists.stat.exists == false + +- name: Create disk images + shell: + cmd: "for i in {1..6}; do qemu-img create -f qcow2 {{userdata}}/drive${i} {{vm_disk_size}}; done" + when: vmexists.stat.exists == false + +- name: Creating cloud-init iso + command: "genisoimage -output {{userdata}}/seed.iso -volid cidata -joliet -rock {{role_path}}/files/user-data {{role_path}}/files/meta-data" + when: seedexists.stat.exists == false + +- name: Starting autoinstallation + shell: + cmd: "qemu-system-x86_64 -cdrom {{role_path}}/files/ubuntu20_04.iso \ + -enable-kvm -boot order=d \ + -drive file={{userdata}}/drive1,if=virtio,id=a,media=disk,format=qcow2 \ + -drive file={{userdata}}/drive2,if=virtio,id=b,media=disk,format=qcow2 \ + -drive file={{userdata}}/drive3,if=virtio,id=c,media=disk,format=qcow2 \ + -drive file={{userdata}}/drive4,if=virtio,id=d,media=disk,format=qcow2 \ + -drive file={{userdata}}/drive5,if=virtio,id=e,media=disk,format=qcow2 \ + -drive file={{userdata}}/drive6,if=virtio,id=f,media=disk,format=qcow2 \ + -drive file={{userdata}}/seed.iso,if=virtio,format=raw \ + -bios {{ovmf}} \ + -m {{vm_ram}}" + +# todo: find a way to not ask for confirmation to start autoinstall +# bug: autoinstall will not shutdown properly so the ansible task will never finish diff --git a/roles/vm-qemu/tasks/vm.yml b/roles/vm-qemu/tasks/vm.yml deleted file mode 100644 index c7bb2e1..0000000 --- a/roles/vm-qemu/tasks/vm.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -# quite a lot of duplication, probably fix later -# Gather info -- name: "{{vm.name}} - Check if vm was created already" - stat: - path: "{{userdata}}/{{vm.name}}" - register: vmexists - ignore_errors: true -- name: "{{vm.name}} - Check for ubuntu iso" - stat: - path: "{{role_path}}/files/ubuntu20_04.iso" - register: isoexists - ignore_errors: true -- name: "{{vm.name}} - Check for ubuntu iso seed" - stat: - path: "{{userdata}}/{{vm.name}}/seed.iso" - register: seedexists - ignore_errors: true - -# Setting up VM -- name: "{{vm.name}} - Create directory for VM" - file: - state: directory - path: "{{userdata}}/{{vm.name}}" - when: vmexists.stat.exists == false - -# didn't use get_url module since it broke with symlinks -- name: "{{vm.name}} - Fetching ubuntu iso" - command: curl -o "{{role_path}}/files/ubuntu20_04.iso" https://releases.ubuntu.com/20.04.3/ubuntu-20.04.3-live-server-amd64.iso - when: isoexists.stat.exists == false - -- name: "{{vm.name}} - Create disk images" - shell: - cmd: "for i in {1..6}; do qemu-img create -f qcow2 {{userdata}}/{{vm.name}}/drive${i} {{vm.disk_size}}; done" - when: vmexists.stat.exists == false - -- name: "{{vm.name}} - Creating cloud-init iso" - command: "genisoimage -output {{userdata}}/{{vm.name}}/seed.iso -volid cidata -joliet -rock {{role_path}}/files/user-data {{role_path}}/files/meta-data" - when: seedexists.stat.exists == false - -- name: "{{vm.name}} - Starting autoinstallation" - shell: - cmd: "qemu-system-x86_64 -cdrom {{role_path}}/files/ubuntu20_04.iso \ - -enable-kvm -boot order=d \ - -drive file={{userdata}}/{{vm.name}}/drive1,if=virtio,id=a,media=disk,format=qcow2 \ - -drive file={{userdata}}/{{vm.name}}/drive2,if=virtio,id=b,media=disk,format=qcow2 \ - -drive file={{userdata}}/{{vm.name}}/drive3,if=virtio,id=c,media=disk,format=qcow2 \ - -drive file={{userdata}}/{{vm.name}}/drive4,if=virtio,id=d,media=disk,format=qcow2 \ - -drive file={{userdata}}/{{vm.name}}/drive5,if=virtio,id=e,media=disk,format=qcow2 \ - -drive file={{userdata}}/{{vm.name}}/drive6,if=virtio,id=f,media=disk,format=qcow2 \ - -drive file={{userdata}}/{{vm.name}}/seed.iso,if=virtio,format=raw \ - -bios {{ovmf}} \ - -m {{vm.ram}}" - -# todo: find a way to not ask for confirmation to start autoinstall -# bug: autoinstall will not shutdown properly so the ansible task will never finish