Update Debian cloud image for running on Proxmox

NIXKnight · Nov 26, 2023 · 9c68142 · 9c68142
1 parent 84d96c8
commit 9c68142
Show file tree

Hide file tree

Showing 10 changed files with 270 additions and 29 deletions.
diff --git a/extravars/common.yml b/extravars/common.yml
@@ -1,6 +1,5 @@
 ---
 # linux_common
-ansible_user_id: "saadali"
 LC_CHANGE_HOSTNAME: False
 LC_SET_LOCALES: True
 LC_SETUP_SUDO: False
@@ -12,18 +11,16 @@ LC_DEFAULT_LOCALE: "en_US.UTF-8 UTF-8"
 LC_MODIFY_SYSTEM_SHELL_ENV: True
 LC_MODIFY_SKEL: True
 LC_MODIFY_ROOT_SHELL_ENV: True
-LC_MODIFY_USER_SHELL_ENV: True
-LC_DEBIAN_MIRROR: "deb.debian.org"
 LC_INSTALL_PACKAGES: True
-LC_REBOOT: True
-LC_CHANGE_TIMEZONE: True
-LC_ENABLE_SRC_REPOS: False
-LC_ENABLE_APT_BACKPORTS: False
 LC_CHANGES_APT_DEFAULT_SOURCES_LIST: True
+LC_DEBIAN_MIRROR: "deb.debian.org"
+LC_DEBIAN_REPOS: "main contrib non-free non-free-firmware"
+LC_CHANGE_TIMEZONE: True
 LC_TIMEZONE: "Asia/Karachi"
 LC_EXTRA_PACKAGES:
   - "gpg"
   - "apt-transport-https"
+  - "qemu-guest-agent"
 
 # motd variables
 memory_info: False

diff --git a/extravars/provision_vms.yml b/extravars/provision_vms.yml
@@ -1,6 +1,8 @@
 ---
+# pve_ci_tweak
+pve_ci_image: "{{ lookup('ansible.builtin.env', 'HOME') }}/Downloads/debian-12-generic-amd64-daily-20231117-1567.qcow2"
 # provision_proxmox_vms
-vm_provisioner_src_image: "{{ lookup('ansible.builtin.env', 'HOME') }}/Downloads/debian-12-generic-amd64-daily-20231117-1567.qcow2"
+vm_provisioner_src_image: "{{ pve_ci_image }}"
 vm_provisioner_dest_image: "/var/lib/vz/images/debian-12-generic-amd64-daily-20231117-1567.qcow2"
 vm_provisioner_cloudinit_username: "{{ lookup('ansible.builtin.env', 'USER') }}"
 vm_provisioner_local_user_ssh_public_key: "{{ lookup('ansible.builtin.env', 'HOME') }}/.ssh/id_rsa.pub"
@@ -10,8 +12,8 @@ vm_provisioner_proxmox_node: "KDRAIGO"
 vm_provisioner_cloudinit_search_domain: "h.nixknight.pk"
 vm_provisioner_default_proxmox_storage: "SSD-DATA"
 vm_provisioner_k8s_vms:
-  - name: "k8s-master-01"
-    tags: "k8s_nodes,master"
+  - name: "k8s-api-lb"
+    tags: "k8s_nodes,api-lb"
     vmid: 101
     sockets: 2
     cores: 1
@@ -30,8 +32,8 @@ vm_provisioner_k8s_vms:
     ipconfig:
       ipconfig0: "ip=192.168.1.21/24,gw=192.168.1.1"
     state: present
-  - name: "k8s-master-02"
-    tags: "k8s_nodes,master"
+  - name: "k8s-master-01"
+    tags: "k8s_nodes,masters"
     vmid: 102
     sockets: 2
     cores: 1
@@ -50,8 +52,8 @@ vm_provisioner_k8s_vms:
     ipconfig:
       ipconfig0: "ip=192.168.1.22/24,gw=192.168.1.1"
     state: present
-  - name: "k8s-lb"
-    tags: "k8s_nodes,lb"
+  - name: "k8s-master-02"
+    tags: "k8s_nodes,masters"
     vmid: 103
     sockets: 2
     cores: 1
@@ -70,8 +72,8 @@ vm_provisioner_k8s_vms:
     ipconfig:
       ipconfig0: "ip=192.168.1.23/24,gw=192.168.1.1"
     state: present
-  - name: "k8s-worker-01"
-    tags: "k8s_nodes,workers"
+  - name: "k8s-master-03"
+    tags: "k8s_nodes,masters"
     vmid: 104
     sockets: 2
     cores: 1
@@ -90,7 +92,7 @@ vm_provisioner_k8s_vms:
     ipconfig:
       ipconfig0: "ip=192.168.1.24/24,gw=192.168.1.1"
     state: present
-  - name: "k8s-worker-02"
+  - name: "k8s-worker-01"
     tags: "k8s_nodes,workers"
     vmid: 105
     sockets: 2
@@ -110,3 +112,43 @@ vm_provisioner_k8s_vms:
     ipconfig:
       ipconfig0: "ip=192.168.1.25/24,gw=192.168.1.1"
     state: present
+  - name: "k8s-worker-02"
+    tags: "k8s_nodes,workers"
+    vmid: 106
+    sockets: 2
+    cores: 1
+    memory: 2048
+    ostype: "l26"
+    disk_resize: "18G"
+    ciuser: "{{ vm_provisioner_cloudinit_username }}"
+    ide:
+      ide2: 'local:cloudinit,format=qcow2'
+    sshkeys: "{{ vm_provisioner_cloudinit_ssh_public_key }}"
+    searchdomains: "{{ vm_provisioner_cloudinit_search_domain }}"
+    nameservers:
+      - '192.168.1.1'
+    net:
+      net0: "virtio,bridge=vmbr0"
+    ipconfig:
+      ipconfig0: "ip=192.168.1.26/24,gw=192.168.1.1"
+    state: present
+  - name: "k8s-worker-03"
+    tags: "k8s_nodes,workers"
+    vmid: 106
+    sockets: 2
+    cores: 1
+    memory: 2048
+    ostype: "l26"
+    disk_resize: "18G"
+    ciuser: "{{ vm_provisioner_cloudinit_username }}"
+    ide:
+      ide2: 'local:cloudinit,format=qcow2'
+    sshkeys: "{{ vm_provisioner_cloudinit_ssh_public_key }}"
+    searchdomains: "{{ vm_provisioner_cloudinit_search_domain }}"
+    nameservers:
+      - '192.168.1.1'
+    net:
+      net0: "virtio,bridge=vmbr0"
+    ipconfig:
+      ipconfig0: "ip=192.168.1.27/24,gw=192.168.1.1"
+    state: present
diff --git a/inventory/inventory.ini b/inventory/inventory.ini
@@ -0,0 +1,8 @@
+[proxmox]
+192.168.1.20
+
+[localhost]
+localhost
+
+[chroot]
+/mnt
diff --git a/mount_cloud_image.yml b/mount_cloud_image.yml
@@ -0,0 +1,100 @@
+---
+- name: Mount/Unmount Cloud Image
+  connection: local
+  hosts: localhost
+  gather_facts: yes
+  become: True
+  vars:
+    cloud_image: "{{ lookup('ansible.builtin.env', 'HOME') }}/Downloads/debian-12-generic-amd64-daily-20231117-1567.qcow2"
+    mount_point: "/mnt"
+    mount_device: "/dev/nbd0"
+  tasks:
+    - name: Load NBD Module
+      community.general.modprobe:
+        name: "nbd"
+        params: "max_part=2"
+        state: present
+      tags:
+        - mount
+
+    - name: Connect Cloud Image Using NBD
+      ansible.builtin.shell:
+        cmd: "qemu-nbd --connect={{ mount_device }} {{ cloud_image }}"
+      args:
+        executable: /bin/bash
+      tags:
+        - mount
+
+    - name: Mount the NBD Exported Cloud Image
+      ansible.posix.mount:
+        src: "{{ mount_device }}p1"
+        path: "{{ mount_point }}"
+        fstype: auto
+        state: ephemeral
+      tags:
+        - mount
+
+    - name: Mount /sys and /dev into {{ mount_point }}
+      ansible.posix.mount:
+        src: "{{ item }}"
+        path: "{{ mount_point }}{{ item }}"
+        fstype: none
+        opts: bind
+        state: ephemeral
+      with_items:
+        - "/sys"
+        - "/dev"
+      tags:
+        - mount
+
+    - name: Remove Existing File {{ mount_point }}/etc/resolv.conf
+      ansible.builtin.file:
+        path: "{{ mount_point }}/etc/resolv.conf"
+        state: absent
+      tags:
+        - mount
+        - unmount
+
+    - name: Copy /etc/resolv.conf to {{ mount_point }}/etc/resolv.conf
+      ansible.builtin.copy:
+        src: "/etc/resolv.conf"
+        dest: "{{ mount_point }}/etc/resolv.conf"
+      tags:
+        - mount
+
+    - name: Restore Symlink {{ mount_point }}/etc/resolv.conf
+      ansible.builtin.file:
+        path: "/etc/resolv.conf"
+        state: absent
+      delegate_to: chroot
+      vars:
+        ansible_connection: community.general.chroot
+      tags:
+        - mount
+        - unmount
+
+    - name: Umount /sys, /dev and {{ mount_point }}
+      ansible.posix.mount:
+        path: "{{ item }}"
+        state: unmounted
+      with_items:
+        - "{{ mount_point }}/sys"
+        - "{{ mount_point }}/dev"
+        - "{{ mount_point }}"
+      tags:
+        - unmount
+
+    - name: Disconnect Cloud Image Using NBD
+      ansible.builtin.shell:
+        cmd: "qemu-nbd --disconnect {{ mount_device }}"
+      args:
+        executable: /bin/bash
+      tags:
+        - unmount
+
+    - name: Unload NBD Module
+      community.general.modprobe:
+        name: "nbd"
+        state: absent
+      tags:
+        - unmount
diff --git a/provision_proxmox_vms.yml b/provision_proxmox_vms.yml
@@ -1,17 +1,7 @@
 ---
 - name: Create and Start Proxmox VMs
-  hosts: all
+  hosts: proxmox
   gather_facts: yes
   become: True
   roles:
     - provision_proxmox_vms
-  tags: create-and-start-vms
-
-- name: Run Common Roles
-  hosts: k8s_nodes
-  gather_facts: yes
-  become: True
-  roles:
-    - linux_common
-    - motd
-  tags: common-roles
diff --git a/roles/provision_proxmox_vms/tasks/vm_creation.yml b/roles/provision_proxmox_vms/tasks/vm_creation.yml
@@ -62,7 +62,7 @@
 
 - name: Resize Imported Disk(s)
   ansible.builtin.shell:
-    cmd: "qm resize {{ item }} virtio0 +10G"
+    cmd: "qm resize {{ item }} virtio0 +{{ disk_resize }}"
   args:
     executable: /bin/bash
   with_items: "{{ vms_without_attached_disk }}"

diff --git a/roles/pve_ci_tweak/defaults/main.yml b/roles/pve_ci_tweak/defaults/main.yml
@@ -0,0 +1,15 @@
+---
+# defaults file for pve_ci_tweak
+pve_ci_image: ""
+pve_ci_update_grub_cmdline: True
+pve_ci_grub_config_path: "/etc/default/grub"
+pve_ci_grub_cmdline: 'GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1"'
+pve_ci_kernel_modules_override_path: "/etc/modules-load.d/override.conf"
+pve_ci_kernel_modules: |
+  nf_conntrack
+  br_netfilter
+pve_ci_sysctl_override_path: "/etc/sysctl.d/override.conf"
+pve_ci_sysctl_parameters:
+  vm.swappiness=1
+  net.ipv4.ip_forward=1
+  net.bridge.bridge-nf-call-iptables=1
diff --git a/roles/pve_ci_tweak/meta/main.yml b/roles/pve_ci_tweak/meta/main.yml
@@ -0,0 +1,52 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
diff --git a/roles/pve_ci_tweak/tasks/main.yml b/roles/pve_ci_tweak/tasks/main.yml
@@ -0,0 +1,27 @@
+---
+# tasks file for pve_ci_tweak
+- name: Update Grub Configuration
+  ansible.builtin.lineinfile:
+    path: "{{ pve_ci_grub_config_path }}"
+    regexp: '^GRUB_CMDLINE_LINUX_DEFAULT='
+    line: "{{ pve_ci_grub_cmdline }}"
+    backrefs: yes
+  when: pve_ci_update_grub_cmdline
+
+- name: Add Kernel Modules
+  ansible.builtin.lineinfile:
+    path: "{{ pve_ci_kernel_modules_override_path }}"
+    line: "{{ pve_ci_kernel_modules }}"
+    create: yes
+
+- name: Update sysctl Parameters
+  ansible.builtin.lineinfile:
+    path: "{{ pve_ci_sysctl_override_path }}"
+    line: "{{ pve_ci_sysctl_parameters }}"
+    create: yes
+
+- name: Update Grub
+  ansible.builtin.shell:
+    cmd: "update-grub"
+  args:
+    executable: /bin/bash
diff --git a/tweak_cloud_image.yml b/tweak_cloud_image.yml
@@ -0,0 +1,10 @@
+---
+- name: Prepare PVE Cloud Image
+  connection: community.general.chroot
+  hosts: chroot
+  gather_facts: yes
+  become: True
+  roles:
+    - linux_common
+    - motd
+    - pve_ci_tweak