diff --git a/.gitignore b/.gitignore index 3441bb6..b481748 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,7 @@ .vscode/ galaxy_roles/* files/* +*.iso +*.box +*.ova +*.vdi diff --git a/Vagrantfile.template b/Vagrantfile.template new file mode 100644 index 0000000..851e498 --- /dev/null +++ b/Vagrantfile.template @@ -0,0 +1,64 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : +# To use these virtual machines install Vagrant and VirtualBox. +# vagrant up + +Vagrant.require_version ">= 2.0.0" +Vagrant.configure(2) do |config| + + # check for updates of the base image + config.vm.box_check_update = true + # wait a while longer + config.vm.boot_timeout = 1200 + + # disable update guest additions + if Vagrant.has_plugin?("vagrant-vbguest") + config.vbguest.auto_update = false + end + + # enable ssh agent forwarding + config.ssh.forward_agent = true + + # use the standard vagrant ssh key + config.ssh.insert_key = false + + # Iterate through entries in JSON file + + config.vm.box = "ansiblebook/controller" + config.vm.hostname = "controller" + config.vm.network "public_network", type: "dhcp", bridge: "Wi-Fi" + config.vm.network :forwarded_port, host: 8443, guest: 443 + + # set no_share to false to enable file sharing + config.vm.synced_folder ".", "/vagrant", id: "vagrant-root", disabled: true + config.vm.provider "hyperv" do |hyperv| + hyperv.cpus = 4 + hyperv.memory = 4096 + hyperv.vmname = "controller" + hyperv.enable_virtualization_extensions = true + hyperv.vm_integration_services = { + guest_service_interface: true, + heartbeat: true, + shutdown: true, + time_synchronization: true, + } + hyperv.linked_clone = true + end + config.vm.provider :vmware_desktop do |vmware| + vmware.gui = false + vmware.vmx['memsize'] = 4096 + vmware.vmx['numvcpus'] = 4 + end + config.vm.provider :virtualbox do |virtualbox| + virtualbox.customize ["modifyvm", :id, + "--audio-driver", "none", + "--cpus", 4, + "--memory", 4096, + "--natnet1", "192.168.33.0/24", + "--graphicscontroller", "VMSVGA", + "--vram", "64" + ] + virtualbox.gui = false + virtualbox.name = "controller" + end +end diff --git a/controller.sh b/controller.sh index 379e37d..7c8dff8 100755 --- a/controller.sh +++ b/controller.sh @@ -22,4 +22,11 @@ sudo pip3.12 install jmespath ansible --version (git clone https://github.com/playingfield/controller.git || /bin/true) cd controller && source ansible.sh && ./prepare.sh +# export these variables! +if [ -z "${DB_PASS}" ]; then + export DB_PASS="your_database_password" +fi +if [ -z "${SSH_PASS}" ]; then + export SSH_PASS="KeyWillBeGeneratedWithAPassphrase" +fi ./provision.yml -v -e debug=true diff --git a/kickstart/ks.cfg b/kickstart/ks.cfg new file mode 100644 index 0000000..71a45d2 --- /dev/null +++ b/kickstart/ks.cfg @@ -0,0 +1,146 @@ +# License agreement +eula --agreed +# Reboot after installation +reboot --eject +# Use text mode install +text +# Use CDROM installation media +cdrom + +%pre --erroronfail +/usr/bin/dd bs=512 count=10 if=/dev/zero of=/dev/sda +/usr/sbin/parted -s /dev/sda mklabel gpt +/usr/sbin/parted -s /dev/sda print +%end + +%post --erroronfail +rm -f /etc/dconf/db/gdm.d/00-security-settings + +# /tmp is restricted by mount options +mkdir /var/tmp +chmod 1777 /var/tmp + +# permit root login via SSH with password authentication +echo "PermitRootLogin yes" > /etc/ssh/sshd_config.d/01-permitrootlogin.conf + +# For Ansible +sed -i "s/^.*requiretty/# Defaults requiretty/" /etc/sudoers + +# remove random-seed so it's not the same every time +rm -f /var/lib/systemd/random-seed + +# Remove machine-id on the pre generated images +cat /dev/null > /etc/machine-id + +# Anaconda is writing to /etc/resolv.conf from the generating environment. +# The system should start out with an empty file. +truncate -s 0 /etc/resolv.conf + +echo "Cleaning old yum repodata." +dnf clean all + +# clean up installation logs" +rm -rf /var/log/yum.log +rm -rf /var/lib/yum/* +rm -rf /root/install.log +rm -rf /root/install.log.syslog +rm -rf /root/anaconda-ks.cfg +rm -rf /var/log/anaconda* + +%end + +%packages --ignoremissing --excludedocs --instLangs=en_US.UTF-8 +@core +chrony +bash-completion +glibc-langpack-en +glibc-minimal-langpack +langtable +bzip2 +tar +dhcp-client +git-core +# Make this image portable; rescue mode isn't useful here. +dracut-config-generic +dracut-norescue +# Boot config +grub2-pc +grub2-efi-modules +usermode +# Ansible +ansible-core +python3-jmespath +python3-libselinux +python3-policycoreutils +python3-rpm +# vmware +open-vm-tools +# hyperv +hyperv-daemons +hyperv-daemons-licence +hypervfcopyd +hypervkvpd +hypervvssd +# Add rng-tools as source of entropy +rng-tools +# Some things from @core we can do without in a minimal install +-biosdevname +-cockpit +# RHEL subscription +-dnf-plugin-spacewalk +-rhn* + +-sqlite +-iprutils +-iwl*-firmware +-langpacks-* +-mdadm +-plymouth +%end + +# Keyboard layouts +keyboard --vckeymap=us --xlayouts='us' +# System language +lang en_US.UTF-8 + +# Firewall configuration +firewall --disabled +# Network information +network --bootproto=dhcp --device=link --hostname=controller --activate + +# System authorization information +authselect --enableshadow --passalgo=sha512 --kickstart +# SELinux configuration +selinux --permissive + +firstboot --disabled +# Do not configure the X Window System +skipx +# System services +services --enabled="NetworkManager,sshd,chronyd" +ignoredisk --only-use=sda + +# Partition information + +zerombr +# net.ifnames are defined by the host +bootloader --location=boot --append="loglevel=3 audit=0 console=tty1 console=ttyS0 earlyprintk=ttyS0 rootdelay=300 no_timer_check net.ifnames=0" +clearpart --all --drives=sda --initlabel + +# Create primary system partitions (required for installs) +part /boot/efi --fstype=efi --label EFI --size=512 +part /boot --fstype=ext4 --label BOOT --size=512 --fsoptions="nodev,nosuid,noexec" +part /dev/shm --fstype=tmpfs --size=1024 +part / --size=1 --ondrive=sda --grow --asprimary + +# System timezone +timezone UTC + +rootpw --iscrypted $6$hGuNal58RjvpKAqy$UPGgU7QRk0ZA.dcGO0xZwsAmPgDDjzDs9f3UV3X5.SYfRAQR2pwUAZEmj0WHLo2gQXT0mS4/Bzs9WuIW.hxUW. + +# disable kdump service +%addon com_redhat_kdump --disable +%end + +%anaconda +%end diff --git a/packer.pkr.hcl b/packer.pkr.hcl new file mode 100644 index 0000000..a2ef48a --- /dev/null +++ b/packer.pkr.hcl @@ -0,0 +1,207 @@ +packer { + required_version = ">= 1.7.0" + required_plugins { + ansible = { + source = "github.com/hashicorp/ansible" + version = "~> 1.1.1" + } + vagrant = { + source = "github.com/hashicorp/vagrant" + version = "~> 1.1.4" + } + azure = { + source = "github.com/hashicorp/azure" + version = "~> 2.1.7" + } + hyperv = { + version = "= 1.0.4" + source = "github.com/hashicorp/hyperv" + } + proxmox = { + version = ">= 1.2.1" + source = "github.com/hashicorp/proxmox" + } + vmware = { + version = ">= 1.0.0" + source = "github.com/hashicorp/vmware" + } + virtualbox = { + version = ">= 1.1.1" + source = "github.com/hashicorp/virtualbox" + } + } +} + +variable "arm_client_id" { + type = string + sensitive = true + default = "${env("ARM_CLIENT_ID")}" + description = "The Active Directory service principal associated with your builder." +} + +variable "arm_client_secret" { + type = string + sensitive = true + description = "The password or secret for your service principal." + default = "${env("ARM_CLIENT_SECRET")}" +} + +variable "arm_location" { + type = string + default = "${env("ARM_LOCATION")}" + description = "https://azure.microsoft.com/en-us/global-infrastructure/geographies/" +} + +variable "arm_resource_group" { + type = string + default = "${env("ARM_RESOURCE_GROUP_IMAGES")}" +} + +variable "arm_storage_account" { + type = string + default = "${env("ARM_STORAGE_ACCOUNT_IMAGES")}" +} + +variable "arm_subscription_id" { + type = string + default = "${env("ARM_SUBSCRIPTION_ID")}" +} + +variable "arm_tenant_id" { + type = string + default = "${env("ARM_TENANT_ID")}" + description = "https://www.packer.io/docs/builders/azure/arm" +} + +variable "managed_image_resource_group_name" { + type = string + description = "https://developer.hashicorp.com/packer/plugins/builders/azure/arm#managed_image_resource_group_name" + default = "ansiblebook" +} + +variable "iso_checksum" { + type = string + default = "sha256:463fa92155b886e31627f6713e1c2824343762245a914715ffd6f2efc300b7a1" +} + +variable "iso_url1" { + type = string + default = "./packer_cache/AlmaLinux-8.10-x86_64-dvd.iso" +} + +variable "iso_url2" { + type = string + default = "https://almalinux.mirror.wearetriple.com/8/isos/x86_64/AlmaLinux-8.10-x86_64-dvd.iso" +} + +variable "vagrantcloud_token" { + type = string + default = "${env("VAGRANT_CLOUD_TOKEN")}" +} + +locals { timestamp = regex_replace(timestamp(), "[- TZ:]", "") } + +locals { + version = "8.10.${local.timestamp}" +} + +source "azure-arm" "controller" { + azure_tags = { + product = "controller" + } + client_id = "${var.arm_client_id}" + client_secret = "${var.arm_client_secret}" + plan_info { + plan_name = "8-gen2" + plan_product = "almalinux" + plan_publisher = "almalinux" + } + image_offer = "almalinux" + image_publisher = "almalinux" + image_sku = "8-gen2" + location = "${var.arm_location}" + managed_image_name = "controller" + managed_image_resource_group_name = "${var.managed_image_resource_group_name}" + os_disk_size_gb = "30" + os_type = "Linux" + subscription_id = "${var.arm_subscription_id}" + tenant_id = "${var.arm_tenant_id}" + vm_size = "Standard_D8_v3" +} + +source "virtualbox-iso" "controller" { + boot_command = [" append initrd=initrd.img inst.text inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/ks.cfg noipv6"] + cpus = 4 + guest_additions_mode = "upload" + guest_additions_path = "VBoxGuestAdditions.iso" + guest_os_type = "RedHat_64" + headless = true + http_directory = "kickstart" + iso_checksum = "${var.iso_checksum}" + iso_urls = ["${var.iso_url1}", "${var.iso_url2}"] + shutdown_command = "echo 'vagrant' | /usr/bin/sudo -S /sbin/shutdown -h 0" + ssh_password = "vagrant" + ssh_username = "root" + ssh_wait_timeout = "10000s" + vboxmanage = [["modifyvm", "{{ .Name }}", "--memory", "4096"], ["modifyvm", "{{ .Name }}", "--cpus", "4"]] + virtualbox_version_file = ".vbox_version" + vm_name = "controller" +} + +source "vmware-iso" "controller" { + boot_command = [" append initrd=initrd.img inst.text inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/ks.cfg noipv6"] + boot_wait = "10s" + cpus = 4 + guest_os_type = "Centos-64" + headless = false + http_directory = "kickstart" + iso_checksum = "${var.iso_checksum}" + iso_urls = ["${var.iso_url1}", "${var.iso_url2}"] + output_directory = "output-vmware-iso" + shutdown_command = "echo 'vagrant' | sudo -S /sbin/shutdown -h 0" + ssh_password = "vagrant" + ssh_username = "root" + ssh_wait_timeout = "10000s" + tools_upload_flavor = "linux" + vm_name = "controller" + vmdk_name = "controller" +} + + +build { + sources = ["source.azure-arm.controller", "source.virtualbox-iso.controller", "source.vmware-iso.controller"] + + provisioner "shell" { + execute_command = "echo 'vagrant' | {{ .Vars }} sudo -S -E bash '{{ .Path }}'" + scripts = ["controller.sh"] + } + + provisioner "shell" { + execute_command = "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh '{{ .Path }}'" + inline = ["/usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync"] + inline_shebang = "/bin/sh -x" + only = ["azure-arm"] + } + + post-processors { + + post-processor "vagrant" { + keep_input_artifact = true + compression_level = 9 + only = ["vmware-iso", "virtualbox-iso", "hyperv-iso"] + output = "packer/controller.box" + vagrantfile_template = "Vagrantfile.template" + } + post-processor "shell-local" { + keep_input_artifact = true + inline = ["ovftool packer-vmware-ova/controller.vmx packer/controller.ova"] + only = ["vmware-ova"] + } + post-processor "vagrant-cloud" { + access_token = "${var.cloud_token}" + box_tag = "ansiblebook/controller" + only = ["vmware-iso", "virtualbox-iso"] + version = "${local.version}" + } + } +} diff --git a/packer_cache/.gitkeep b/packer_cache/.gitkeep new file mode 100644 index 0000000..916a9b6 --- /dev/null +++ b/packer_cache/.gitkeep @@ -0,0 +1 @@ +# download dir for packer diff --git a/roles/requirements.yml b/roles/requirements.yml index e2131df..df73b3b 100644 --- a/roles/requirements.yml +++ b/roles/requirements.yml @@ -9,4 +9,4 @@ roles: version: 1.1.0 - src: bbaassssiiee.nginx_ssl name: nginx - version: 1.0.3 + version: 1.0.5