emdee
/
libvirt_cloud
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
libvirt_cloud/roles/toxcore/tasks/main.yml

397 lines
12 KiB
YAML
Raw Blame History

# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: "toxcore main.yml"
debug:
verbosity: 1
msg: "toxcore main.yml BOX_OS_FAMILY={{BOX_OS_FAMILY}} {{BOX_GENTOO_FROM_MP}} {{ansible_virtualization_role|replace('NA', 'host')}}"
- name: toxcore include_vars
include_vars: "{{item}}.yml"
with_items:
- Linux
- "{{ ansible_distribution }}{{ ansible_distribution_major_version }}"
tags: always
- name: "rsync toxcore root_overlay"
synchronize:
src: "roles/toxcore/overlay/{{item}}/"
dest: /
compress: no
copy_links: yes
archive: no
recursive: yes
links: no
owner: no
perms: no
times: yes
rsync_opts: "{{base_rsync_opts}}"
with_items:
- Linux
- "{{ ansible_distribution }}"
notify:
- chmod /var/local
when:
- not ansible_check_mode
# FixAns: This remote host is being accessed via chroot instead so it cannot work
- ansible_connection|default('') not in PLAY_NORSYNC_CONNECTIONS
tags:
- always
- name: rsync root_overlay - tar before running
unarchive:
dest: /
src: "{{item}}.tar"
keep_newer: true
owner: "{{BOX_ROOT_USER}}"
# extra_opts: "{{ BASE_UNTAR_ARGS }}"
with_items:
- Linux
- "{{ ansible_distribution }}"
notify:
- chmod /usr/local
ignore_errors: true
when:
- not ansible_check_mode
# FixAns: This remote host is being accessed via chroot instead so it cannot work
- ansible_connection|default('') in PLAY_NORSYNC_CONNECTIONS
- name: "make /var/local/var/log/testforge toxcore"
file:
path: "{{ item }}"
state: directory
mode: 0775
with_items:
- "{{ TOXCORE_LOG_DIR }}"
- "{{ TOXCORE_DAILY_LOG }}"
# - "{{ TOXCORE_WEEKLY_LOG }}"
# - "{{ TOXCORE_MONTHLY_LOG }}"
tags:
- hourly
- daily
- weekly
- monthly
- name: "/var/local/bin/toxcore_sign_modules.bash modules needed toxcore_kmods_in_host"
shell: |
KVER=`cat /proc/cmdline |sed -e 's/ .*//' -e 's/BOOT_IMAGE=//' -e 's/kernel-[a-z]*-x86_64-//'`
KDIR=/lib/modules/$KVER
DIR=$KDIR/misc
[ -d $DIR ] || { echo WARN: no directory $DIR ; exit 0 ; }
/var/local/bin/toxcore_sign_modules.bash {{ toxcore_kmods_in_host|flatten|join(' ') }}
when: false
# this changes with kernel 4 -> 5
- name: modprobe VM modules toxcore_kmods_in_host
modprobe:
name: "{{ item }}"
# "{{ 'absent' if ansible_virtualization_role|replace('NA', 'host') != 'host' else 'present'}}"
state: present
when:
- item != ''
with_items: "{{ toxcore_kmods_in_host }}"
ignore_errors: true
- name: modprobe VM modules toxcore_kmods_not_in_host
modprobe:
name: "{{ item }}"
state: absent
with_items: "{{ toxcore_kmods_not_in_host }}"
when: false
# I'm not sure kvm should be missing anymore 5+
ignore_errors: true
- name: include by-platform tasks
include_tasks: "{{ ansible_distribution }}.yml"
- name: grub.cfg from roles/ansible-gentoo_install/tasks/
shell: |
LINE="rd.skipfsck=1 ipv6.disable=1 console=tty1 lang=en keymap=us"
# LINE="$LINE pti=on doscsi iommu=pt amd_iommu=on debugfs=off efi=disable_early_pci_dma extra_latent_entropy init_on_free=1 kvm.nx_huge_pages=force l1tf=full,force mce=0 mds=full,nosmt nosmt=force page_alloc.shuffle=1 pti=on random.trust_cpu=off slab_nomerge slub_debug=FZ spec_store_bypass_disable=on spectre_v2=on tsx_async_abort=full,nosmt vsyscall=none "
LINE="$LINE intel_iommu=on vga=0x315 text"
grep /boot /etc/fstab || exit 1
df | grep /boot || mount /boot || exit 2
[ -d /boot/grub ] || exit 3
[ -f /boot/grub/grub.cfg ] || exit 4
[ -f /boot/grub/grub.cfg.dst ] || cp -p /boot/grub/grub.cfg /boot/grub/grub.cfg.dst
sed -e 's@ ro *$@ '"$LINE"' ro@' -i /boot/grub/grub.cfg
ignore_errors: true
- name: add standard_users to groups
user:
name: "{{ item.0 }}"
append: true
groups: "{{ item.1 }}"
when:
- item != ''
# some groups may not be there
ignore_errors: true
with_nested:
- "{{ base_system_users }}"
- "{{ toxcore_standard_users_groups_host if ansible_virtualization_role|replace('NA', 'host') == 'host' else [] }}"
- "{{ toxcore_standard_users_groups_guest if ansible_virtualization_role|replace('NA', 'host') != 'host' else [] }}"
- name: "make a directory for /data/Vms"
file:
path: "{{item }}"
state: directory
mode: 0775
with_items:
- "{{TOXCORE_VMS_DIR}}"
- "{{TOXCORE_VMS_DIR}}/Instances"
- "{{TOXCORE_VMS_DIR}}/Qemu"
- "{{TOXCORE_VMS_DIR}}/Boxes"
#? - "{{TOXCORE_VMS_DIR}}/vagrant.d/tmp"
check_mode: false
- name: "toxcore gpg keys system"
# Option --keyserver must be used to
environment: "{{ shell_proxy_env }}"
shell: |
/usr/bin/gpg --list-keys | grep "{{ item.primary }}" || \
/usr/bin/gpg --recv-keys "{{ item.uid }}" # --keyserver "{{ TOXCORE_GPG_SERVER }}"
with_items: "{{ toxcore_gpg_keys_system }}"
when:
- toxcore_gpg_keys_system|length > 0
- BASE_ARE_CONNECTED|default('') != ''
ignore_errors: true
- name: "toxcore gpg keys gentoo"
environment: "{{ shell_proxy_env }}"
shell: |
[ -f /usr/share/openpgp-keys/gentoo-release.asc ] && exit 0
gpg --import /usr/local/share/openpgp-keys/gentoo-release.asc
# FixMe: does this do SSH?
- name: /usr/local/bin/gitproxy.sh
blockinfile:
dest: "/usr/local/bin/gitproxy.bash"
create: yes
mode: 0775
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy"
block: |
exec corkscrew {{HTTP_PROXYHOST}} {{HTTP_PROXYPORT}} $1 $2
# $1 %h $2 %p
#? exec connect -4 -S {{HTTP_PROXYHOST}}:{{HTTP_PROXYPORT}} $(tor-resolve $1 {{HTTP_PROXYHOST}}:{{HTTP_PROXYPORT}}) $2
# this should not run as root
# delegate_to: localhost? - no - per test
- name: "usr_local_toxcore.bash"
environment: "{{ shell_proxy_env }}"
shell: |
umask 0002
bash {{TOXCORE_USR_LOCAL}}/src/usr_local_toxcore.bash \
{{ 'check' if ansible_check_mode }}
exit 0
args:
chdir: "{{TOXCORE_USR_LOCAL}}/src"
become: yes
become_user: "{{ BOX_USER_NAME }}"
ignore_errors: true
check_mode: false
- name: "include_tasks toxcore vms as root"
include_tasks:
file: "{{LOOP_ITEM}}.yml"
apply:
environment: "{{ proxy_env }}"
when:
- LOOP_ITEM != '' and LOOP_ITEM != []
with_items:
- "vms"
- "{{ 'libvirt_whonix' if (BOX_WHONIX_PROXY_HOST != '' or 'libvirt' in BOX_HOSTVMS_FEATURES or 'whonix' in BOX_TOXCORE_FEATURES) else [] }}"
loop_control:
loop_var: LOOP_ITEM
- name: "include_tasks toxcore users on the command host"
include_tasks:
file: "{{ LOOP_USER_F[1] }}"
apply:
environment: "{{ proxy_env }}"
become_user: "{{ LOOP_USER_F[0] }}"
when:
- "LOOP_USER_F[1] != ''"
- "ansible_virtualization_role|replace('NA', 'host') == 'host'"
with_nested:
-
- "{{ toxcore_system_users }}"
-
- users.yml
loop_control:
loop_var: LOOP_USER_F
- name: "include_tasks toxcore users as user"
include_tasks:
file: "{{ LOOP_USER_F[1] }}.yml"
apply:
environment: "{{ proxy_env }}"
become_user: "{{ LOOP_USER_F[0] }}"
when:
- "LOOP_USER_F[1] != ''"
- "ansible_virtualization_role|replace('NA', 'host') == 'host'"
- false
with_nested:
- "{{ toxcore_system_users }}"
-
#no - users
- "{{ 'libvirt_users' if 'libvirt' in TOXCORE_FEATURES else '' }}"
# - "{{ 'qemu_users' if 'qemu' in TOXCORE_FEATURES else '' }}"
# - "{{ 'docker_users' if 'docker' in TOXCORE_FEATURES else '' }}"
loop_control:
loop_var: LOOP_USER_F
- name: enable and start toxcore services
service:
name: "{{ item }}"
enabled: yes
state: started
when:
- "item != ''"
- ansible_connection|default('') not in PLAY_CHROOT_CONNECTIONS
- "toxcore_services_enabled|length > 0"
with_items: "{{ toxcore_services_enabled }}"
ignore_errors: true
- name: start toxcore services
service:
name: "{{ item }}"
enabled: no
state: started
when:
- "item != ''"
- ansible_connection|default('') not in PLAY_CHROOT_CONNECTIONS
- false
with_items: "{{ toxcore_services_started }}"
ignore_errors: true
- name: stop toxcore services
service:
name: "{{ item }}"
enabled: no
state: stopped
failed_when: false
when:
- "item != ''"
- ansible_connection|default('') not in PLAY_CHROOT_CONNECTIONS
- false
with_items: "{{ toxcore_services_stopped }}"
- name: run ansible-gentoo_install
include_role:
name: ansible-gentoo_install
when:
- "ansible_virtualization_role|replace('NA', 'host') == 'host'"
# - BOX_OS_FAMILY == 'Gentoo' or BOX_GENTOO_FROM_MP not in ['/', '']
# Set BOX_NBD_OVERLAY_DIR environment variable to override storage location for VMs
# -b Bridge interface to use (defaults to virbr0)
# -m MAC address to use (default is to use a randomly-generated MAC)
# -p ansible users plaintext password
# -k Full path and name of the ansible user's public key file (required)
- name: run toxcore_create-vm.bash
delegate_to: localhost
shell: |
export BOX_NBD_OVERLAY_DIR=${BOX_NBD_OVERLAY_DIR:-"${HOME}/vms/virsh"}
[ '{{BOX_NBD_OVERLAY_NAME}}' != '' ] || exit 1
[ '{{BOX_NBD_OVERLAY_DIR}}' != '' ] || exit 2
[ '{{BOX_NBD_BASE_PUBKEY}}' != '' ] || exit 3
[ '{{BOX_NBD_BASE_QCOW}}' != '' ] || exit 4
[ '{{BOX_NBD_OVERLAY_RAM}}' != '' ] || exit 5
[ '{{BOX_NBD_OVERLAY_BR}}' != '' ] || exit 6
[ '{{BOX_NBD_OVERLAY_GB}}' != '' ] || exit 7
[ '{{BOX_NBD_OVERLAY_CPUS}}' != '' ] || exit 8
[ '{{BOX_NBD_OVERLAY_PASS}}' != '' ] || exit 9
if [ ! -f '{{BOX_NBD_BASE_QCOW}}' ] ; then
echo WARN: '{{BOX_NBD_BASE_QCOW}}' not built yet - skipping
exit 0
fi
if [ -z '{{BOX_NBD_BASE_PASS}}' ] ; then
echo WARN: 'BOX_NBD_BASE_PASS' empty
exit 10
fi
toxcore_create-vm.bash \
-n {{BOX_NBD_OVERLAY_NAME}} \
-k {{BOX_NBD_BASE_PUBKEY}} \
-i {{BOX_NBD_BASE_QCOW}} \
-s {{BOX_NBD_OVERLAY_GB}} \
-c {{BOX_NBD_OVERLAY_CPUS}} \
-r {{BOX_NBD_OVERLAY_RAM}} \
-d {{BOX_NBD_OVERLAY_DIR}} \
-b {{BOX_NBD_OVERLAY_BR}} \
-p {{BOX_NBD_OVERLAY_PASS}} \
-o gentoo
args:
creates: "{{BOX_NBD_OVERLAY_DIR}}/{{BOX_NBD_OVERLAY_NAME}}.qcow2"
ignore_errors: true
when:
- "ansible_virtualization_role|replace('NA', 'host') == 'host'"
# run this last
# works with apply tags hourly
- name: toxcore hourly include_tasks
include_tasks:
file: "hourly.yml"
apply:
tags:
- always
with_items:
- "{{ toxcore_system_users }}"
loop_control:
loop_var: LOOP_USER
tags:
- always
- name: toxcore daily include_tasks
include_tasks:
file: "daily.yml"
apply:
environment: "{{ proxy_env }}"
tags:
- daily
tags:
- daily
- name: toxcore weekly include_tasks
include_tasks:
file: "weekly.yml"
apply:
environment: "{{ proxy_env }}"
tags:
- weekly
tags:
- weekly
when: false
# replace this ^A with a control-A to provoke an error in the error handler of yamlint
# yaml.reader.ReaderError: unacceptable character #x0001: special characters are not allowed
- block:
- name: ansible-keepassxc
ansible-keepassxc:
database: "{{ base_passwords_database }}"
entry: "HOSTVMS_LXD_TRUST_PASSWORD"
group: "/Ansible/hostvms"
password: "{{ base_passwords_password }}"
no_log: False
register: hostvms_lxd_trust_password
- debug:
verbosity: 1
var: hostvms_lxd_trust_password
check_mode: false
rescue:
- debug:
verbosity: 1
msg: "hostvms vms.yml WARN undefined or missing base_passwords_database "
- set_fact:
base_passwords_password: "{{HOSTVMS_LXD_TRUST_PASSWORD}}"
when: false
Reference in New Issue View Git Blame Copy Permalink