emdee/libvirt_cloud
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

add

Browse source
This commit is contained in:
emdee 2024-01-04 14:53:42 +00:00
parent e1c072cf16
commit 346682eedb
31 changed files with 12094 additions and 132 deletions
Download patch file Download diff file Expand all files Collapse all files

40
roles/toxcore/tasks/Gentoo.yml
View file

@ -13,16 +13,16 @@
shell: |
role=toxcore
cd {{ BASE_ROOT_LOG_DIR }} || exit 2
/usr/local/bin/usr_local_base.bash box_gentoo_emerge {{item}} || exit $?
with_items:
- "{{ toxcore_pkgs_inst }}"
- "{{ toxcore_qemu_pkgs_inst if 'qemu' in TOXCORE_FEATURES }}"
- "{{ toxcore_qemu_pkgs_inst if 'libvirt' in TOXCORE_FEATURES }}"
- "{{ toxcore_libvirt_pkgs_inst if 'libvirt' in TOXCORE_FEATURES }}"
- "{{ toxcore_docker_pkgs_inst if 'DOCKER' in TOXCORE_FEATURES }}"
/usr/local/bin/usr_local_base.bash box_gentoo_emerge \
{{proxy_pkgs_bootstrap}} \
{{ toxcore_pkgs_inst }} \
{{ toxcore_qemu_pkgs_inst if 'qemu' in TOXCORE_FEATURES else '' }} \
{{ toxcore_qemu_pkgs_inst if 'libvirt' in TOXCORE_FEATURES else '' }} \
{{ toxcore_libvirt_pkgs_inst if 'libvirt' in TOXCORE_FEATURES else '' }} \
{{ toxcore_docker_pkgs_inst if 'docker' in TOXCORE_FEATURES else '' }} \
|| exit $?
ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}"
when:
- item != '' and item != []
- BASE_ARE_CONNECTED|default('') != ''
- "ansible_virtualization_role|replace('NA', 'host') == 'host'"
@ -30,14 +30,15 @@
environment: "{{ portage_proxy_env }}"
shell: |
cd {{ BASE_ROOT_LOG_DIR }} || exit 2
/usr/local/bin/usr_local_base.bash box_gentoo_emerge {{item}} || exit $?
with_items:
- "{{ toxcore_pkgs_inst_guest }}"
/usr/local/bin/usr_local_base.bash box_gentoo_emerge \
{{proxy_pkgs_bootstrap}} \
{{ toxcore_pkgs_inst_guest }} \
|| exit $?
[ -z "{{AGI_bootstrap_pips3}}" ] || pip3.sh install {{AGI_bootstrap_pips3}}
ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}"
when:
- item != '' and item != []
- BASE_ARE_CONNECTED|default('') != ''
- "{{ ansible_virtualization_role|replace('NA', 'host') != 'host' }}"
- "ansible_virtualization_role|replace('NA', 'host') != 'host'"
- name: /etc/conf.d/consolefont
blockinfile:
@ -76,6 +77,19 @@
# safe ones
- block:
- name: app-admin/supervisor
shell: |
which supervisorctl 2>/dev/null || exit 0
cat >/etc/supervisor/conf.d/negotiator-host.conf >/dev/null << EOF
[program:negotiator-host]
command = /usr/local/bin/negotiator-host --daemon
autostart = True
stdout_logfile = /var/log/negotiator-host.log
stderr_logfile = /var/log/negotiator-host.log
EOF
supervisorctl update negotiator-host
when: false
- name: "/etc/portage/make.conf base Gentoo PORTAGE_ELOG"
blockinfile:
dest: /etc/portage/make.conf

2
roles/toxcore/tasks/hourly.yml
View file

@ -22,7 +22,7 @@
shell: |
UNIT=qemu-guest-agent
S=/etc/init.d/$UNIT
$S $UNIT status || {
$S status || {
retval=$?
echo WARN: $UNIT not running
exit 0 # $retval

45
roles/toxcore/tasks/main.yml
View file

@ -87,7 +87,8 @@
- name: modprobe VM modules toxcore_kmods_in_host
modprobe:
name: "{{ item }}"
state: "{{ 'absent' if ansible_virtualization_role|replace('NA', 'host') != 'host' else 'present'}}"
# "{{ 'absent' if ansible_virtualization_role|replace('NA', 'host') != 'host' else 'present'}}"
state: present
when:
- item != ''
with_items: "{{ toxcore_kmods_in_host }}"
@ -129,7 +130,8 @@
ignore_errors: true
with_nested:
- "{{ base_system_users }}"
- "{{ toxcore_standard_users_groups }}"
- "{{ toxcore_standard_users_groups_host if ansible_virtualization_role|replace('NA', 'host') == 'host' else [] }}"
- "{{ toxcore_standard_users_groups_guest if ansible_virtualization_role|replace('NA', 'host') != 'host' else [] }}"
- name: "make a directory for /data/Vms"
file:
@ -162,6 +164,18 @@
[ -f /usr/share/openpgp-keys/gentoo-release.asc ] && exit 0
gpg --import /usr/local/share/openpgp-keys/gentoo-release.asc
# FixMe: does this do SSH?
- name: /usr/local/bin/gitproxy.sh
blockinfile:
dest: "/usr/local/bin/gitproxy.bash"
create: yes
mode: 0775
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy"
block: |
exec corkscrew {{HTTP_PROXYHOST}} {{HTTP_PROXYPORT}} $1 $2
# $1 %h $2 %p
#? exec connect -4 -S {{HTTP_PROXYHOST}}:{{HTTP_PROXYPORT}} $(tor-resolve $1 {{HTTP_PROXYHOST}}:{{HTTP_PROXYPORT}}) $2
# this should not run as root
# delegate_to: localhost? - no - per test
- name: "usr_local_toxcore.bash"
@ -309,6 +323,8 @@
-b {{BOX_NBD_OVERLAY_BR}} \
-p {{BOX_NBD_OVERLAY_PASS}} \
-o gentoo
args:
creates: "{{BOX_NBD_OVERLAY_DIR}}/{{BOX_NBD_OVERLAY_NAME}}.qcow2"
ignore_errors: true
when:
- "ansible_virtualization_role|replace('NA', 'host') == 'host'"
@ -353,3 +369,28 @@
# replace this ^A with a control-A to provoke an error in the error handler of yamlint
# yaml.reader.ReaderError: unacceptable character #x0001: special characters are not allowed
- block:
- name: ansible-keepassxc
ansible-keepassxc:
database: "{{ base_passwords_database }}"
entry: "HOSTVMS_LXD_TRUST_PASSWORD"
group: "/Ansible/hostvms"
password: "{{ base_passwords_password }}"
no_log: False
register: hostvms_lxd_trust_password
- debug:
verbosity: 1
var: hostvms_lxd_trust_password
check_mode: false
rescue:
- debug:
verbosity: 1
msg: "hostvms vms.yml WARN undefined or missing base_passwords_database "
- set_fact:
base_passwords_password: "{{HOSTVMS_LXD_TRUST_PASSWORD}}"
when: false

127
roles/toxcore/tasks/users.yml
View file

@ -7,6 +7,133 @@
verbosity: 1
msg: "toxcore users.yml LOOP_USER_F={{LOOP_USER_F[0]}}"
- block:
# https://stackoverflow.com/questions/13114268/passing-ciphers-to-libcurl-through-git
# https://git-scm.com/docs/git-config#git-config-httpsslCipherList
- name: ~/.gitconfig TEST_SSL_GIT_CIPHERLIST
ini_file:
path: "{{ item.dest }}"
create: yes
section: "http"
option: "sslCipherList"
value: "{{ TEST_SSL_GIT_CIPHERLIST|join(' ') }}"
when:
- TEST_SSL_GIT_CIPHERLIST|default([])|length > 0
with_items:
- {dest: "{{USER_HOME}}/.gitconfig", owner: "{{ LOOP_USER }}", group: "{{ BOX_ALSO_GROUP }}" }
# https://stackoverflow.com/questions/48938019/git-pull-push-unable-to-access-https-ssl-routines-seem-to-be-down
# git config http.sslVersion tlsv1.2
- name: ~/.gitconfig TEST_SSL_GIT_SSLVERSION
ini_file:
path: "{{ item.dest }}"
create: yes
section: "http"
option: "sslVersion"
value: "{{ TEST_SSL_GIT_SSLVERSION }}"
when:
- TEST_SSL_GIT_SSLVERSION|default('') != ''
with_items:
- { dest: "{{USER_HOME}}/.gitconfig", owner: "{{ LOOP_USER }}", group: "{{ BOX_ALSO_GROUP }}" }
# https://stackoverflow.com/questions/21181231/server-certificate-verification-failed-cafile-etc-ssl-certs-ca-certificates-c
- name: ~/.gitconfig with proxy http
blockinfile:
dest: "{{ item.dest|expanduser }}"
owner: "{{ item.owner }}"
create: yes
state: "{{ 'present' if HTTP_PROXY != '' else 'absent' }}"
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy http"
block: |
[http]
# https sic
proxy = http://{{HTTPS_PROXYHOST}}:{{HTTPS_PROXYPORT}}
sslCAinfo = /usr/local/etc/ssl/cacert-testforge.pem
# http sic
sslverify = true
# sslversion = {{"tlsv1.3" if BOX_TLS_VERSION == "1.3" else "tlsv1.2"}}
when:
- HTTPS_PROXYHOST != '' and HTTPS_PROXYPORT != ''
with_items:
- dest: "~{{LOOP_USER}}/.gitconfig"
owner: "{{ LOOP_USER }}"
- name: git config --global http.sslverify "true"
shell: |
git config --global --list | grep -q http.sslverify.true || \
git config --global http.sslverify "true"
git config --global --list | grep -q https.sslverify.true || \
git config --global https.sslverify "true"
exit 0
- name: git config --global http.sslversion tlsv1.3
shell: |
# GIT_CURL_VERBOSE=1
git config --global --list | \
grep -q http.sslversion.tlsv1.{{BOX_TLS_VERSION}} || \
git config --global http.sslversion tlsv1.{{BOX_TLS_VERSION}}
exit 0
when:
- BOX_TLS_VERSION == "1.3"
- false
- name: ~/.gitconfig with proxy https
blockinfile:
dest: "{{ item.dest|expanduser }}"
owner: "{{ item.owner }}"
create: yes
state: "{{ 'present' if HTTPS_PROXY != '' else 'absent' }}"
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy https"
block: |
[https]
proxy = http://{{HTTPS_PROXYHOST}}:{{HTTPS_PROXYPORT}}
sslCAinfo = {{PLAY_CA_CERT}}
# http sic
sslverify = true
sslversion = {{"tlsv1.3" if BOX_TLS_VERSION == "1.3" else "tlsv1.2"}}
when:
- true
with_items:
- dest: "~{{LOOP_USER}}/.gitconfig"
owner: "{{ LOOP_USER }}"
- name: ~/.gitconfig with proxy core
blockinfile:
dest: "{{ item.dest|expanduser }}"
owner: "{{ item.owner }}"
create: yes
state: "{{ 'present' if HTTP_PROXY != '' else 'absent' }}"
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy core"
block: |
[core]
gitproxy = /usr/local/bin/gitproxy.bash
when:
- true
with_items:
- dest: "~{{LOOP_USER}}/.gitconfig"
owner: "{{ LOOP_USER }}"
- name: ~/.gitconfig with proxy socks
blockinfile:
dest: "{{ item.dest|expanduser }}"
owner: "{{ item.owner }}"
create: yes
state: "{{ 'present' if SOCKS_PROXY != '' else 'absent' }}"
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy socks"
block: |
[socks]
proxy = {{SOCKS_PROXYTYPE}}://{{SOCKS_PROXYHOST}}:{{SOCKS_PROXYPORT}}
when:
- true
with_items:
- dest: "~{{LOOP_USER}}/.gitconfig"
owner: "{{ LOOP_USER }}"
when:
- "LOOP_USER != 'portage'"
- block:
- name: /etc/sysconfig/docker

16
roles/toxcore/tasks/vms.yml
View file

@ -137,6 +137,22 @@
- /var/lib/libvirt/dnsmasq/default.conf
ignore_errors: true
- name: foo
shell: |
# https://pypi.org/project/negotiator-common/#on-kvm-qemu-guests
GUEST_NAME="gentoo_vm-2" # or gentoo_overlay-2
cat > /dev/null << EOF
<channel type='unix'>
<source mode='bind' path='/var/lib/libvirt/qemu/channel/target/$GUEST_NAME.negotiator-host-to-guest.0' />
<target type='virtio' name='negotiator-host-to-guest.0' />
</channel>
<channel type='unix'>
<source mode='bind' path='/var/lib/libvirt/qemu/channel/target/$GUEST_NAME.negotiator-guest-to-host.0' />
<target type='virtio' name='negotiator-guest-to-host.0' />
</channel>
EOF
when:
- "'libvirt' in TOXCORE_FEATURES" # or 'lxd' in TOXCORE_FEATURES"
- ( ansible_virtualization_type is not defined or