LILiK
/
lilik_playbook
5
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Playbooks to a new Lilik
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
58 Commits
12 Branches
967 KiB
Tree: 5e0d924814
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '5e0d924814'
${ noResults }
lilik_playbook/roles/lxc_guest/tasks/main.yaml

129 lines
5.4 KiB
Raw Normal View History

Some playbooks full of joy.
9 years ago
improved lxc_host
9 years ago
Some playbooks full of joy.
9 years ago
Minor lxc_guest fix.
9 years ago
lxc_guest now uses lxc-attach to do initial config, no longer needs external resolv.conf.
9 years ago
Some playbooks full of joy.
9 years ago
lxc_guest now uses lxc-attach to do initial config, no longer needs external resolv.conf.
9 years ago
Some playbooks full of joy.
9 years ago
lxc_guest now uses lxc-attach to do initial config, no longer needs external resolv.conf.
9 years ago
Various LXC fixes.
9 years ago
lxc_guest now uses lxc-attach to do initial config, no longer needs external resolv.conf.
9 years ago
 
  1. - name: check for lxc container existance

  2.   shell: "[ -d /var/lib/lxc/{{ vm_name }} ] && echo true || echo false"

  3.   register: lxc_existance

  4.   ignore_errors: true

  5.   changed_when: false

  6. - block:

  7.     - name: create the lxc container

  8.       lxc_container:

  9.           name: "{{ vm_name }}"

  10.           backing_store: lvm

  11.           vg_name: "{{ inventory_hostname }}vg"

  12.           lv_name: "vm_{{ vm_name }}"

  13.           fs_type: xfs

  14.           container_log: true

  15.           template: debian

  16.           template_options: --release {{ distro }} --packages=ssh,python

  17. #          container_command: |

  18. #              echo "ssh-rsa {{ user_ca_key }}" > /etc/ssh/user_ca.pub

  19. #              echo "TrustedUserCAKeys /etc/ssh/user_ca.pub" >> /etc/ssh/sshd_config

  20. #              sed -i 's/iface eth0 inet dhcp/iface eth0 inet manual/' /etc/network/interfaces

  21.           state: stopped

  22.     - name: deploy container config

  23.       template: src=config.j2 dest="/var/lib/lxc/{{ vm_name }}/config"

  24.     - name: start container

  25.       lxc_container:

  26.           name: "{{ vm_name }}"

  27.           state: started

  28.       when: auto_start|bool

  29.   when: "lxc_existance.stdout == 'false'"

  30. 

  31. - name: update container config

  32.   template: src=config.j2 dest="/var/lib/lxc/{{ vm_name }}/config"

  33.   register: container_config

  34. 

  35. - name: set container running state

  36.   lxc_container:

  37.       name: "{{ vm_name }}"

  38.       state: "{{ container_state }}"

  39.   register: container_running_state

  40. 

  41. - name: update container DNS configuration

  42.   shell: lxc-attach -n {{ vm_name }} --clear-env -e -- bash -c "grep '^nameserver {{ hostvars[ext_gateway].ansible_host }}$' /etc/resolv.conf || echo 'nameserver {{ hostvars[ext_gateway].ansible_host }}' > /etc/resolv.conf"

  43.   register: container_dns_configuration

  44.   changed_when: "container_dns_configuration.stdout != 'nameserver {{ hostvars[ext_gateway].ansible_host }}'"

  45. 

  46. - name: check if cert key exist

  47.   shell: lxc-attach -n {{ vm_name }} --clear-env -e -- bash -c "ls /etc/ssh/ssh_host_ed25519_key-cert.pub"

  48.   register: cert_key_existance

  49.   ignore_errors: true

  50.   changed_when: "cert_key_existance.rc != 0"

  51. - block:

  52.     - name: get pub key

  53.       shell: lxc-attach -n {{ vm_name }} --clear-env -e -- bash -c "cat /etc/ssh/ssh_host_ed25519_key.pub"

  54.       register: pub_key

  55. #    - debug: var=pub_key

  56.     - name: generate host request

  57.       local_action: command ../ca_manager/make_ssh_host_request.py {{ pub_key.stdout|quote }} {{ vm_name|quote }}

  58.       register: cert_request

  59. #    - debug: var=cert_request

  60.     - name: start sign request

  61.       raw: "{{ cert_request.stdout|string }}"

  62.       delegate_to: "{{item}}"

  63.       delegate_facts: True

  64.       with_items: "{{groups['cas']}}"

  65.       register: request_result

  66. #    - debug: var=request_result

  67. 

  68.     - set_fact:

  69.           request_output: "{{ request_result.results[0].stdout|string|from_json }}"

  70.     - debug: var=request_output

  71. 

  72.     - name: generate get request

  73.       local_action: command ../ca_manager/make_get_request.py {{ request_output.requestID }}

  74.       register: get_request

  75. #    - debug: var=get_request

  76. 

  77.     - debug: msg="Please manualy confirm sign request with id {{ request_output.requestID }}"

  78. 

  79.     - name: wait for cert

  80.       raw: "{{ get_request.stdout|string }}"

  81.       delegate_to: "{{item}}"

  82.       delegate_facts: True

  83.       with_items: "{{groups['cas']}}"

  84.       register: cert_result

  85. #    - debug: var=cert_result

  86. 

  87.     - set_fact:

  88.           cert_key: "{{ cert_result.results[0].stdout|string|from_json }}"

  89. #    - debug: var=request_output

  90. 

  91.     - name: set pub key

  92.       shell: lxc-attach -n {{ vm_name }} --clear-env -e -- bash -c "echo '{{ cert_key.result }}' > /etc/ssh/ssh_host_ed25519_key-cert.pub"

  93.       register: set_pub_key

  94.   when: "cert_key_existance.rc != 0"

  95. 

  96. - name: update container network configuration

  97.   shell: lxc-attach -n {{ vm_name }} --clear-env -e -- bash -c "grep -F 'iface eth0 inet manual' /etc/network/interfaces || sed -i 's/iface eth0 inet dhcp/iface eth0 inet manual/' /etc/network/interfaces"

  98.   register: container_network

  99.   changed_when: "container_network.stdout != 'iface eth0 inet manual'"

  100. 

  101. - name: install packages

  102.   shell: lxc-attach -n {{ vm_name }} --clear-env -e -- bash -c "apt-get install python ssh -y"

  103.   register: install_packages

  104.   changed_when: "install_packages.stdout.find('0 newly installed') == -1"

  105. 

  106. - name: update container user ca key

  107.   shell: lxc-attach -n {{ vm_name }} --clear-env -e -- bash -c "grep -F 'ssh-rsa {{ user_ca_key }}' /etc/ssh/user_ca.pub || echo 'ssh-rsa {{ user_ca_key }}' > /etc/ssh/user_ca.pub"

  108.   register: update_user_ca_key

  109.   changed_when: "update_user_ca_key.stdout != 'ssh-rsa {{ user_ca_key }}'"

  110. 

  111. - name: trust user ca key

  112.   shell: lxc-attach -n {{ vm_name }} --clear-env -e -- bash -c "grep -F 'TrustedUserCAKeys /etc/ssh/user_ca.pub' /etc/ssh/sshd_config || echo 'TrustedUserCAKeys /etc/ssh/user_ca.pub' >> /etc/ssh/sshd_config"

  113.   register: trust_ca_key

  114.   changed_when: "trust_ca_key.stdout != 'TrustedUserCAKeys /etc/ssh/user_ca.pub'"

  115. 

  116. - name: restart-container

  117.   lxc_container:

  118.       name: "{{ vm_name }}"

  119.       state: restarted

  120.   register: container_restart

  121.   when: set_pub_key.changed or install_packages.changed or update_user_ca_key.changed or trust_ca_key.changed or container_network.changed or container_config.changed or container_dns_configuration.changed

  122. 

  123. - name: "waiting for ssh on {{ vm_name }} vm to start"

  124.   wait_for: host="{{ hostvars[vm_name]['ansible_host'] }}" port=22 timeout=30

  125.   delegate_to: "{{ inventory_hostname }}"

  126.   delegate_facts: True

  127. 

  128. - pause: seconds=20

  129.   when: container_restart.changed or container_running_state.changed