From 1203c9f0055a7190852caac5e4d943e0b1221365 Mon Sep 17 00:00:00 2001 From: Yann Autissier Date: Thu, 13 Oct 2022 00:52:38 +0000 Subject: [PATCH] wip: ansible on alpine --- ansible/def.ansible.mk | 3 +- ansible/inventories/host_vars/default | 8 ++-- ansible/inventories/host_vars/localhost | 8 ++-- ansible/inventories/host_vars/myos | 12 ++--- ansible/roles/docker/README.md | 6 +++ ansible/roles/docker/defaults/main.yml | 12 +++++ ansible/roles/docker/tasks/main.yml | 1 + ansible/roles/hosts/README.md | 27 ++++++------ ansible/roles/hosts/defaults/main.yml | 14 +++--- ansible/roles/hosts/files/etc/cron.d/ansible | 4 ++ ansible/roles/hosts/files/etc/cron.d/myos | 3 -- .../hosts/files/etc/local.d/ansible.start | 3 +- .../hosts/files/etc/periodic/hourly/ansible | 3 ++ .../hosts/files/etc/profile.d/rc_functions.sh | 22 +++++----- .../files/etc/systemd/system/ansible.timer | 2 +- ansible/roles/hosts/tasks/cloudinit.yml | 9 ++-- ansible/roles/hosts/tasks/config.yml | 20 ++++++++- ansible/roles/hosts/tasks/groups.yml | 8 +++- ansible/roles/hosts/tasks/main.yml | 6 ++- ansible/roles/hosts/tasks/services.yml | 6 +-- ansible/roles/hosts/tasks/ssh.yml | 2 +- ansible/roles/hosts/tasks/update.yml | 44 ++++++++++++------- ansible/roles/hosts/tasks/user.yml | 6 +-- ansible/roles/hosts/templates/Makefile.j2 | 2 +- .../roles/hosts/tests/goss/package_alpine.yml | 4 +- ansible/roles/hosts/vars/alpine.yml | 2 +- ansible/roles/remotes/README.md | 6 +++ ansible/roles/remotes/defaults/main.yml | 3 ++ ansible/roles/remotes/tasks/main.yml | 1 + ansible/roles/remotes/tasks/myos.yml | 2 +- docker/packer/Dockerfile | 32 ++++++++------ make/apps/myos/def.ssh.mk | 4 +- make/apps/myos/ssh.mk | 4 +- packer/alpine/alpine.pkr.hcl | 5 ++- packer/def.packer.mk | 6 ++- 35 files changed, 185 insertions(+), 115 deletions(-) create mode 100644 ansible/roles/hosts/files/etc/cron.d/ansible delete mode 100644 ansible/roles/hosts/files/etc/cron.d/myos mode change 100644 => 100755 ansible/roles/hosts/files/etc/local.d/ansible.start create mode 100755 ansible/roles/hosts/files/etc/periodic/hourly/ansible diff --git a/ansible/def.ansible.mk b/ansible/def.ansible.mk index 6ccbf01..019bbfb 100644 --- a/ansible/def.ansible.mk +++ b/ansible/def.ansible.mk @@ -27,7 +27,8 @@ ANSIBLE_SSH_AUTHORIZED_KEYS ?= $(strip $(SSH_AUTHORIZED_KEYS)) ANSIBLE_SSH_BASTION_HOSTNAME ?= $(firstword $(SSH_BASTION_HOSTNAME)) ANSIBLE_SSH_BASTION_USERNAME ?= $(firstword $(SSH_BASTION_USERNAME)) ANSIBLE_SSH_PRIVATE_IP_RANGE ?= $(strip $(SSH_PRIVATE_IP_RANGE)) -ANSIBLE_SSH_PRIVATE_KEYS ?= $(strip $(SSH_PRIVATE_KEYS)) +ANSIBLE_SSH_PRIVATE_KEYS ?= $(if $(ANSIBLE_SSH_PRIVATE_KEYS_ENABLE),$(strip $(SSH_PRIVATE_KEYS))) +ANSIBLE_SSH_PRIVATE_KEYS_ENABLE ?= ANSIBLE_SSH_PUBLIC_HOSTS ?= $(strip $(SSH_PUBLIC_HOSTS)) ANSIBLE_SSH_USERNAME ?= $(firstword $(SSH_USER)) ANSIBLE_SERVER_NAME ?= $(SERVER_NAME) diff --git a/ansible/inventories/host_vars/default b/ansible/inventories/host_vars/default index c3463a7..78cb959 100644 --- a/ansible/inventories/host_vars/default +++ b/ansible/inventories/host_vars/default @@ -11,13 +11,11 @@ disks_packages: hosts_git_repositories: - { "repo": "{{ lookup('env','ANSIBLE_GIT_REPOSITORY') }}", "dest": "{{ lookup('env','ANSIBLE_GIT_DIRECTORY') }}", "key_file": "{{ lookup('env','ANSIBLE_GIT_KEY_FILE') or '~/.ssh/id_rsa' }}", "version": "{{ lookup('env','ANSIBLE_GIT_VERSION') }}" } hosts_packages: -- { "name": "ansible", "state": "present" } +- { "name": "ansible-core", "state": "present" } hosts_services: - { "name": "zram", "state": "started", "enabled": "yes" } hosts_update: true -hosts_user_env: -- ANSIBLE_AWS_ACCESS_KEY_ID -- ANSIBLE_AWS_SECRET_ACCESS_KEY +hosts_default_env: - ANSIBLE_CONFIG - ANSIBLE_DISKS_NFS_DISK - ANSIBLE_DISKS_NFS_OPTIONS @@ -32,7 +30,7 @@ hosts_user_env: - ANSIBLE_MYOS - ANSIBLE_PLAYBOOK - ENV -hosts_user_rc_enable: true +hosts_user_rc: true hosts_user_rc_functions: - { "path": "10_prompt_set", "state": "touch" } - { "path": "10_ps1_set", "state": "touch" } diff --git a/ansible/inventories/host_vars/localhost b/ansible/inventories/host_vars/localhost index bce4b3b..991de9b 100644 --- a/ansible/inventories/host_vars/localhost +++ b/ansible/inventories/host_vars/localhost @@ -5,13 +5,14 @@ disks_packages: - { "name": "btrfs-progs", "state": "present" } - { "name": "xfsprogs", "state": "present" } docker_image_tag: "{{ lookup('env','ANSIBLE_DOCKER_IMAGE_TAG') or 'latest' }}" +docker_myos: true docker_registry: "{{ lookup('env','ANSIBLE_DOCKER_REGISTRY') }}" hosts_git_repositories: - { "repo": "{{ lookup('env','ANSIBLE_GIT_REPOSITORY') }}", "dest": "{{ lookup('env','ANSIBLE_GIT_DIRECTORY') }}", "key_file": "{{ lookup('env','ANSIBLE_GIT_KEY_FILE') or '~/.ssh/id_rsa' }}", "version": "{{ lookup('env','ANSIBLE_GIT_VERSION') }}" } hosts_services: -- { "name": "myos", "state": "stopped", "enabled": "yes" } +- { "name": "myos", "state": "started", "enabled": "yes" } hosts_update: true -hosts_user_env: +hosts_default_env: - ANSIBLE_CONFIG - ANSIBLE_DOCKER_IMAGE_TAG - ANSIBLE_DOCKER_REGISTRY @@ -23,4 +24,5 @@ hosts_user_env: - ANSIBLE_MYOS - ANSIBLE_PLAYBOOK - ENV -hosts_user_rc_enable: true +hosts_user_rc: true +remotes_myos: true diff --git a/ansible/inventories/host_vars/myos b/ansible/inventories/host_vars/myos index abd3c23..f176c7b 100644 --- a/ansible/inventories/host_vars/myos +++ b/ansible/inventories/host_vars/myos @@ -21,14 +21,12 @@ disks_services: docker_image_tag: "{{ lookup('env','ANSIBLE_DOCKER_IMAGE_TAG') or 'latest' }}" docker_registry: "{{ lookup('env','ANSIBLE_DOCKER_REGISTRY') }}" hosts_packages: -- { "name": "ansible", "state": "present" } +- { "name": "ansible-core", "state": "present" } hosts_services: -- { "name": "myos", "state": "stopped", "enabled": "yes" } +- { "name": "myos", "state": "started", "enabled": "yes" } - { "name": "zram", "state": "started", "enabled": "yes" } hosts_update: true -hosts_user_env: -- ANSIBLE_AWS_ACCESS_KEY_ID -- ANSIBLE_AWS_SECRET_ACCESS_KEY +hosts_default_env: - ANSIBLE_CONFIG - ANSIBLE_DISKS_NFS_DISK - ANSIBLE_DISKS_NFS_OPTIONS @@ -45,12 +43,10 @@ hosts_user_env: - COMPOSE_PROJECT_NAME - ENV - MYOS_TAGS -hosts_user_rc_enable: true +hosts_user_rc: true hosts_user_rc_functions: - { "path": "10_prompt_set", "state": "touch" } - { "path": "10_ps1_set", "state": "touch" } - { "path": "30_pfetch", "state": "touch" } - { "path": "30_screen_attach", "state": "touch" } - { "path": "40_ssh_add", "state": "touch" } -remotes_services: -- { "name": "ansible", "state": "stopped", "enabled": "yes" } diff --git a/ansible/roles/docker/README.md b/ansible/roles/docker/README.md index 9771219..1a0c858 100644 --- a/ansible/roles/docker/README.md +++ b/ansible/roles/docker/README.md @@ -60,6 +60,12 @@ docker_distribution_release: bullseye docker_machine: amd64 ``` +* `docker_myos` - Register myos tags + +``` yaml +docker_myos: false +``` + * `docker_package` - Name of the docker package ``` yaml diff --git a/ansible/roles/docker/defaults/main.yml b/ansible/roles/docker/defaults/main.yml index 6d2add4..8b303d2 100644 --- a/ansible/roles/docker/defaults/main.yml +++ b/ansible/roles/docker/defaults/main.yml @@ -19,6 +19,18 @@ docker_check_kernel: '3.10' # docker daemon configuration # docker_daemon_config: {} +# docker package distribution +docker_distribution: debian + +# docker package distribution release +docker_distribution_release: bullseye + +# docker package architecture +docker_machine: amd64 + +# register myos tags +docker_myos: false + # docker package name docker_package: docker diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml index 2687704..17e178b 100644 --- a/ansible/roles/docker/tasks/main.yml +++ b/ansible/roles/docker/tasks/main.yml @@ -29,6 +29,7 @@ tags: - run - import_tasks: myos.yml + when: docker_myos|default(false) tags: - myos diff --git a/ansible/roles/hosts/README.md b/ansible/roles/hosts/README.md index 1963522..e74ef3a 100644 --- a/ansible/roles/hosts/README.md +++ b/ansible/roles/hosts/README.md @@ -4,6 +4,12 @@ Bootstrap hosts, installing standard packages and user settings ## Role Variables +* `hosts_cloudinit` - Install and configure cloud-init + +``` yaml +hosts_cloudinit: false +``` + * `hosts_cloudinit_config` - cloud-init yaml config ``` yaml @@ -17,10 +23,12 @@ hosts_cloudinit_config: - 'http://169.254.169.254' ``` -* `hosts_cloudinit_enable` - Install and configure cloud-init +* `hosts_default_env` - List of environment variables to add in file /etc/default/myos ``` yaml -hosts_cloudinit_enable: false +hosts_default_env: + - ENV + - DOCKER ``` * `hosts_git_repositories` - Clone git repositories @@ -112,18 +120,10 @@ hosts_ssh_username: root hosts_update: false ``` -* `hosts_user_env` - List of environment variables to add in file ~/.myos +* `hosts_user_rc` - Call specific functions on user login, allowing it to customize his session ``` yaml -hosts_user_env: - - ENV - - DOCKER -``` - -* `hosts_user_rc_enable` - Call specific functions on user login, allowing it to customize his session - -``` yaml -hosts_user_rc_enable: false +hosts_user_rc: false ``` * `hosts_user_rc_functions` - List of specific functions to call on user login, defined in /etc/profile.d/rc_functions.sh @@ -153,9 +153,8 @@ hosts_user_rc_functions: roles: - role: 'aynicos.hosts' hosts_services: - - { "name": "local", "state": "started", "enabled": "yes" } - { "name": "zram", "state": "started", "enabled": "yes" } - hosts_user_rc_enable: true + hosts_user_rc: true ``` ## Tests diff --git a/ansible/roles/hosts/defaults/main.yml b/ansible/roles/hosts/defaults/main.yml index ff33e8a..ae9d81c 100644 --- a/ansible/roles/hosts/defaults/main.yml +++ b/ansible/roles/hosts/defaults/main.yml @@ -1,6 +1,9 @@ --- # file: defaults/main.yml +# enable cloud-init +hosts_cloudinit: false + # cloud-init config hosts_cloudinit_config: users: @@ -75,8 +78,8 @@ hosts_cloudinit_config: templates_dir: /etc/cloud/templates/ ssh_svcname: sshd -# enable cloud-init -hosts_cloudinit_enable: false +# environment variables to add in /etc/default/myos +hosts_default_env: [] # git repositories to clone hosts_git_repositories: [] @@ -129,14 +132,11 @@ hosts_ssh_public_hosts: "{{ lookup('env','ANSIBLE_SSH_PUBLIC_HOSTS').split(' ') # remote ssh user hosts_ssh_username: "{{ lookup('env','ANSIBLE_SSH_USERNAME') or ansible_user }}" -# update hosts every day +# update hosts every hour hosts_update: false -# list of environment variables to add in ~/.myos -hosts_user_env: [] - # run specific functions on user login -hosts_user_rc_enable: false +hosts_user_rc: false # list of rc functions to call at user connection hosts_user_rc_functions: diff --git a/ansible/roles/hosts/files/etc/cron.d/ansible b/ansible/roles/hosts/files/etc/cron.d/ansible new file mode 100644 index 0000000..c87e6f5 --- /dev/null +++ b/ansible/roles/hosts/files/etc/cron.d/ansible @@ -0,0 +1,4 @@ +PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin + +@reboot root /etc/init.d/myos ansible-pull > /var/log/ansible.log +0 * * * * root /etc/init.d/myos ansible-pull > /var/log/ansible.log diff --git a/ansible/roles/hosts/files/etc/cron.d/myos b/ansible/roles/hosts/files/etc/cron.d/myos deleted file mode 100644 index cee465f..0000000 --- a/ansible/roles/hosts/files/etc/cron.d/myos +++ /dev/null @@ -1,3 +0,0 @@ -PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin -@reboot root make ansible-pull > /var/log/ansible-pull.log -0 0 * * * root make ansible-pull > /var/log/ansible-pull.log diff --git a/ansible/roles/hosts/files/etc/local.d/ansible.start b/ansible/roles/hosts/files/etc/local.d/ansible.start old mode 100644 new mode 100755 index 6e96036..78f6e63 --- a/ansible/roles/hosts/files/etc/local.d/ansible.start +++ b/ansible/roles/hosts/files/etc/local.d/ansible.start @@ -1,2 +1,3 @@ #!/bin/sh -cd /root && ( make ansible-pull > /var/log/ansible.log || reboot ) & + +/etc/init.d/myos ansible-pull > /var/log/ansible.log diff --git a/ansible/roles/hosts/files/etc/periodic/hourly/ansible b/ansible/roles/hosts/files/etc/periodic/hourly/ansible new file mode 100755 index 0000000..78f6e63 --- /dev/null +++ b/ansible/roles/hosts/files/etc/periodic/hourly/ansible @@ -0,0 +1,3 @@ +#!/bin/sh + +/etc/init.d/myos ansible-pull > /var/log/ansible.log diff --git a/ansible/roles/hosts/files/etc/profile.d/rc_functions.sh b/ansible/roles/hosts/files/etc/profile.d/rc_functions.sh index f05fbff..f951e38 100644 --- a/ansible/roles/hosts/files/etc/profile.d/rc_functions.sh +++ b/ansible/roles/hosts/files/etc/profile.d/rc_functions.sh @@ -212,7 +212,7 @@ ssh_add() { else GREP_RECURSIVE_CHAR="*" fi - SSH_PRIVATE_KEYS="${SSH_PRIVATE_KEYS:-} ${dir}/id_rsa $(grep -l${GREP_RECURSIVE_FLAG:-} 'PRIVATE KEY' "${dir}/"${GREP_RECURSIVE_CHAR:-} 2>/dev/null |grep -vw "${dir}"/id_rsa)" + SSH_PRIVATE_KEYS="${SSH_PRIVATE_KEYS:-} ${dir}/id_ed25519 ${dir}/id_rsa $(grep -l${GREP_RECURSIVE_FLAG:-} 'PRIVATE KEY' "${dir}/"${GREP_RECURSIVE_CHAR:-} 2>/dev/null |grep -vwE "${dir}/id_(rsa|ed25519)")" done # shellcheck disable=SC2086 printf '%s\n' ${SSH_PRIVATE_KEYS} |while read -r file; do @@ -238,7 +238,7 @@ ssh_del() { else GREP_RECURSIVE_CHAR="*" fi - SSH_PRIVATE_KEYS="${SSH_PRIVATE_KEYS:-} ${dir}/id_rsa $(grep -l${GREP_RECURSIVE_FLAG:-} 'PRIVATE KEY' "${dir}/"${GREP_RECURSIVE_CHAR:-} 2>/dev/null |grep -vw "${dir}"/id_rsa)" + SSH_PRIVATE_KEYS="${SSH_PRIVATE_KEYS:-} ${dir}/id_ed25519 ${dir}/id_rsa $(grep -l${GREP_RECURSIVE_FLAG:-} 'PRIVATE KEY' "${dir}/"${GREP_RECURSIVE_CHAR:-} 2>/dev/null |grep -vwE "${dir}/id_(rsa|ed25519)")" done # shellcheck disable=SC2086 printf '%s\n' ${SSH_PRIVATE_KEYS} |while read -r file; do @@ -270,14 +270,12 @@ tmux_detach() { # function user_count: Print number of "users sessions"/"users"/"logged users" user_count() { - ps ax -o user,tty 2>/dev/null |awk ' - $2 ~ /^(pts|tty)/ { users_session++; logged[$1]++; }; - { count[$1]++; } - END { - for (uc in count) { c = c" "uc; }; users_count=split(c,v," ")-1; - for (ul in logged) { l = l" "ul; }; users_logged=split(l,v," ")-1; - print users_session+0"/"users_count"/"users_logged; - }' + ps ax -o pid,user,tty,comm 2>/dev/null |awk ' + $3 ~ /^(pts\/|tty[sS]?|[0-9]+,)[0-9]+$/ && $4 != "getty" { users_sessions++; logged[$2]++; }; + $1 ~ /^[0-9]+$/ { count[$2]++; } + END { + for (uc in count) { c = c" "uc; }; users_count=split(c,v," "); + for (ul in logged) { l = l" "ul; }; users_logged=split(l,v," "); + print users_sessions+0"/"users_count+0"/"users_logged+0; + }' } - -# vim:ts=2:sw=2:sts=2:et diff --git a/ansible/roles/hosts/files/etc/systemd/system/ansible.timer b/ansible/roles/hosts/files/etc/systemd/system/ansible.timer index 9ada182..ec67e14 100644 --- a/ansible/roles/hosts/files/etc/systemd/system/ansible.timer +++ b/ansible/roles/hosts/files/etc/systemd/system/ansible.timer @@ -2,7 +2,7 @@ Description=Call ansible [Timer] -OnCalendar=*-*-* 00:00:00 +OnCalendar=*-*-* *:00:00 Unit=ansible.service [Install] diff --git a/ansible/roles/hosts/tasks/cloudinit.yml b/ansible/roles/hosts/tasks/cloudinit.yml index 3c79dcd..d6b4f89 100644 --- a/ansible/roles/hosts/tasks/cloudinit.yml +++ b/ansible/roles/hosts/tasks/cloudinit.yml @@ -2,12 +2,12 @@ # file: tasks/cloudinit.yml - name: cloudinit - install cloud-init packages - when: hosts_cloudinit_enable|default(false) and ansible_os_family|lower != "alpine" + when: ansible_os_family|lower != "alpine" package: name="cloud-init" state="present" become: yes - name: cloudinit - install cloud-init packages - alpine - when: hosts_cloudinit_enable|default(false) and ansible_os_family|lower == "alpine" + when: ansible_os_family|lower == "alpine" with_items: - { "name": "cloud-init", "state": "present" } - { "name": "cloud-init-openrc", "state": "present" } @@ -23,14 +23,13 @@ become: yes - name: cloudinit - update /etc/cloud/cloud.cfg - when: hosts_cloudinit_enable|default(false) template: src: cloud.cfg.j2 dest: /etc/cloud/cloud.cfg force: yes - name: cloudinit - activate service - when: hosts_cloudinit_enable|default(false) and ansible_service_mgr|lower != "openrc" + when: ansible_service_mgr|lower != "openrc" service: name: cloud-init state: started @@ -38,7 +37,7 @@ become: yes - name: cloudinit - activate service - openrc - when: hosts_cloudinit_enable|default(false) and ansible_service_mgr|lower == "openrc" + when: ansible_service_mgr|lower == "openrc" service: name: cloud-init state: started diff --git a/ansible/roles/hosts/tasks/config.yml b/ansible/roles/hosts/tasks/config.yml index d76521f..a1ad8b9 100644 --- a/ansible/roles/hosts/tasks/config.yml +++ b/ansible/roles/hosts/tasks/config.yml @@ -1,7 +1,8 @@ --- # file: tasks/config.yml -- name: config - set MYOS config in /etc/default/myos +- name: config - set MYOS default config + become: true with_items: - APP_NAME={{ lookup('env','ANSIBLE_APP_NAME') }} - APP_TYPE={{ lookup('env','ANSIBLE_APP_TYPE') }} @@ -11,5 +12,20 @@ create: yes line: '{{ item }}' mode: '0644' - become: yes + +- name: config - update MYOS default config + become: true + with_items: '{{hosts_default_env|default([])}}' + lineinfile: + path: /etc/default/myos + create: yes + line: "{{item}}={{lookup('env',item)}}" + mode: '0644' + +- name: config - create /root/Makefile + become: true + template: + src: Makefile.j2 + dest: ~/Makefile + force: yes diff --git a/ansible/roles/hosts/tasks/groups.yml b/ansible/roles/hosts/tasks/groups.yml index ed26ad1..a316a7c 100644 --- a/ansible/roles/hosts/tasks/groups.yml +++ b/ansible/roles/hosts/tasks/groups.yml @@ -1,13 +1,17 @@ --- # file: tasks/groups.yml +- name: groups - remove floppy group - alpine + when: ansible_os_family|lower == "alpine" + group: gid="11" name="floppy" state="absent" + become: yes + - name: groups - create dns group - when: ansible_os_family|lower != "alpine" group: gid="11" name="dns" state="present" system="yes" become: yes - name: groups - add me to the dns group - when: ansible_os_family|lower != "alpine" and ansible_user_uid != "0" + when: ansible_user_uid != "0" user: name="{{ansible_user_id}}" groups=dns append=yes become: yes diff --git a/ansible/roles/hosts/tasks/main.yml b/ansible/roles/hosts/tasks/main.yml index e7c6b4b..5ef49a3 100644 --- a/ansible/roles/hosts/tasks/main.yml +++ b/ansible/roles/hosts/tasks/main.yml @@ -8,11 +8,12 @@ tags: - boot - import_tasks: cloudinit.yml + when: hosts_cloudinit|default(false) tags: - cloudinit - import_tasks: config.yml tags: - - cloudinit + - config - import_tasks: dir.yml tags: - dir @@ -26,6 +27,7 @@ tags: - packages - import_tasks: services.yml + when: hosts_services is defined tags: - services - import_tasks: git.yml @@ -35,9 +37,9 @@ tags: - ssh - import_tasks: update.yml + when: hosts_update|default(false) tags: - update - when: hosts_update|default(false) - import_tasks: user.yml tags: - user diff --git a/ansible/roles/hosts/tasks/services.yml b/ansible/roles/hosts/tasks/services.yml index 3c97ac7..2b26d0d 100644 --- a/ansible/roles/hosts/tasks/services.yml +++ b/ansible/roles/hosts/tasks/services.yml @@ -2,7 +2,7 @@ # file: tasks/services.yml - name: services - enable/disable hosts services - when: hosts_services is defined and ansible_service_mgr|lower != "openrc" and ansible_service_mgr|lower != "runit" + when: ansible_service_mgr|lower != "openrc" and ansible_service_mgr|lower != "runit" with_items: "{{ hosts_services|default([]) }}" service: name: "{{item.name}}" @@ -11,7 +11,7 @@ become: yes - name: services - enable/disable hosts services - openrc - when: hosts_services is defined and ansible_service_mgr|lower == "openrc" + when: ansible_service_mgr|lower == "openrc" with_items: "{{ hosts_services|default([]) }}" service: name: "{{item.name}}" @@ -21,7 +21,7 @@ become: yes - name: services - enable/disable hosts services - runit - when: hosts_services is defined and ansible_service_mgr|lower == "runit" + when: ansible_service_mgr|lower == "runit" with_items: "{{ hosts_services|default([]) }}" sysvinit: name: "{{item.name}}" diff --git a/ansible/roles/hosts/tasks/ssh.yml b/ansible/roles/hosts/tasks/ssh.yml index e753d62..8b4eb26 100644 --- a/ansible/roles/hosts/tasks/ssh.yml +++ b/ansible/roles/hosts/tasks/ssh.yml @@ -6,7 +6,7 @@ known_hosts: path: /etc/ssh/ssh_known_hosts name: "{{ item }}" - key: "{{ lookup('pipe', 'ssh-keyscan -t rsa -H ' + item) }}" + key: "{{ lookup('pipe', '/usr/bin/ssh-keyscan -H ' + item) }}" ignore_errors: true become: true diff --git a/ansible/roles/hosts/tasks/update.yml b/ansible/roles/hosts/tasks/update.yml index 0aff403..9cf560c 100644 --- a/ansible/roles/hosts/tasks/update.yml +++ b/ansible/roles/hosts/tasks/update.yml @@ -2,9 +2,18 @@ # file: tasks/update.yml - name: update - copy files + when: ansible_service_mgr|lower != "systemd" and ansible_os_family|lower != "alpine" with_items: - - /etc/cron.d/myos - copy: src=../files/{{item}} dest={{item}} owner=root group=root mode=0644 + - /etc/cron.d/ansible + copy: src=../files/{{item}} dest={{item}} owner=root group=root + become: yes + +- name: update - copy files - alpine + when: ansible_service_mgr|lower != "systemd" and ansible_os_family|lower == "alpine" + with_items: + - /etc/periodic/hourly/ansible + - /etc/local.d/ansible.start + copy: src=../files/{{item}} dest={{item}} owner=root group=root mode=0755 become: yes - name: update - copy files - systemd @@ -12,21 +21,24 @@ with_items: - /etc/systemd/system/ansible.service - /etc/systemd/system/ansible.timer - copy: src=../files/{{item}} dest={{item}} owner=root group=root mode=0644 + copy: src=../files/{{item}} dest={{item}} owner=root group=root become: yes -- name: update - create /root/.myos - become: true - template: - src: myos.j2 - dest: ~/.myos - force: no - mode: 0400 +- name: update - enable nservices - openrc + when: ansible_service_mgr|lower == "openrc" + service: + name: local + enabled: true + runlevel: boot + become: yes -- name: update - create /root/Makefile - become: true - template: - src: Makefile.j2 - dest: ~/Makefile - force: yes +- name: update - enable services - systemd + when: ansible_service_mgr|lower == "systemd" + with_items: + - ansible.service + - ansible.timer + service: + name: "{{item}}" + enabled: true + become: yes diff --git a/ansible/roles/hosts/tasks/user.yml b/ansible/roles/hosts/tasks/user.yml index 70517b2..acd9a16 100644 --- a/ansible/roles/hosts/tasks/user.yml +++ b/ansible/roles/hosts/tasks/user.yml @@ -12,16 +12,16 @@ ignore_errors: true - name: user - create ~/.rc.d - file: path=~/.rc.d/ state={{hosts_user_rc_enable|default(false)|ternary('directory', 'absent')}} mode="0700" + file: path=~/.rc.d/ state={{hosts_user_rc|default(false)|ternary('directory', 'absent')}} mode="0700" - name: user - source /etc/profile.d/rc_functions.sh - when: hosts_user_rc_enable|default(false) + when: hosts_user_rc|default(false) with_items: - /etc/profile.d/rc_functions.sh lineinfile: dest=~/.rc.d/00_source create=yes line="{{ item }}" mode="0600" - name: user - enable/disable rc functions - when: hosts_user_rc_enable|default(false) + when: hosts_user_rc|default(false) with_items: "{{ hosts_user_rc_functions|default([]) }}" file: path="~/.rc.d/{{item.path}}" state="{{item.state}}" diff --git a/ansible/roles/hosts/templates/Makefile.j2 b/ansible/roles/hosts/templates/Makefile.j2 index 39927ca..fa3d296 100644 --- a/ansible/roles/hosts/templates/Makefile.j2 +++ b/ansible/roles/hosts/templates/Makefile.j2 @@ -1,6 +1,6 @@ CMDS := exec SERVICE ?= cli --include .myos +-include /etc/default/myos ansible: @make -C $(ANSIBLE_GIT_DIRECTORY) ansible-run-localhost diff --git a/ansible/roles/hosts/tests/goss/package_alpine.yml b/ansible/roles/hosts/tests/goss/package_alpine.yml index 1deec15..e424cb8 100644 --- a/ansible/roles/hosts/tests/goss/package_alpine.yml +++ b/ansible/roles/hosts/tests/goss/package_alpine.yml @@ -7,11 +7,11 @@ package: installed: true ncurses: installed: true + neovim: + installed: true openssh-client: installed: true py3-pip: installed: true util-linux: installed: true - vim: - installed: true diff --git a/ansible/roles/hosts/vars/alpine.yml b/ansible/roles/hosts/vars/alpine.yml index 0e94ee9..39e8c04 100644 --- a/ansible/roles/hosts/vars/alpine.yml +++ b/ansible/roles/hosts/vars/alpine.yml @@ -5,8 +5,8 @@ hosts_packages_distro: - { "name": "coreutils", "state": "present" } - { "name": "groff", "state": "present" } - { "name": "ncurses", "state": "present" } + - { "name": "neovim", "state": "present" } - { "name": "openssh-client", "state": "present" } - { "name": "py3-pip", "state": "present" } - { "name": "util-linux", "state": "present" } - - { "name": "vim", "state": "present" } diff --git a/ansible/roles/remotes/README.md b/ansible/roles/remotes/README.md index 45f4980..50881be 100644 --- a/ansible/roles/remotes/README.md +++ b/ansible/roles/remotes/README.md @@ -6,6 +6,12 @@ Interact with remote services ### Default variables +* `remotes_myos` - Retrieve myos tags + +``` yaml +remotes_myos: false +``` + * `remotes_packages` - List of packages to install/remove on your hosts ``` yaml diff --git a/ansible/roles/remotes/defaults/main.yml b/ansible/roles/remotes/defaults/main.yml index 3405be5..fe08159 100644 --- a/ansible/roles/remotes/defaults/main.yml +++ b/ansible/roles/remotes/defaults/main.yml @@ -22,6 +22,9 @@ aws_secret_access_key: 'YOUR_SECRET_ACCESS_KEY' # git repositories to clone git_repositories: [] +# retrieve myos tags +remotes_myos: false + # packages to install/remove remotes_packages: [] diff --git a/ansible/roles/remotes/tasks/main.yml b/ansible/roles/remotes/tasks/main.yml index a180840..d4ea06c 100644 --- a/ansible/roles/remotes/tasks/main.yml +++ b/ansible/roles/remotes/tasks/main.yml @@ -23,6 +23,7 @@ tags: - user - import_tasks: myos.yml + when: remotes_myos|default(false) tags: - myos diff --git a/ansible/roles/remotes/tasks/myos.yml b/ansible/roles/remotes/tasks/myos.yml index 969be4d..2426286 100644 --- a/ansible/roles/remotes/tasks/myos.yml +++ b/ansible/roles/remotes/tasks/myos.yml @@ -17,7 +17,7 @@ ec2_tag: aws_access_key: "{{ aws_access_key_id }}" aws_secret_key: "{{ aws_secret_access_key }}" - region: "{{ ansible_ec2_placement_region }}" + region: "{{ ansible_ec2_placement_region |default('') }}" resource: "{{ ansible_ec2_instance_id }}" state: list register: myos diff --git a/docker/packer/Dockerfile b/docker/packer/Dockerfile index 95b2232..22baa02 100644 --- a/docker/packer/Dockerfile +++ b/docker/packer/Dockerfile @@ -2,33 +2,39 @@ FROM alpine:latest as dist LABEL maintainer aynic.os ARG DOCKER_BUILD_DIR -ARG MACHINE="$(uname -m)" -ARG SYSTEM="$(uname -s)" -ARG ARCH="$(echo ${MACHINE} |awk '/x86_64/ {print "amd64"}; /aarch64/ {print "arm64"}')" -ARG OS="$(echo ${SYSTEM} |awk '{print tolower($0)}')" - -ARG PACKER_VERSION=1.8.3 +ARG MACHINE="x86_64" +ARG SYSTEM="Linux" RUN apk --no-cache add \ ansible \ bash \ + dirmngr \ git \ + gpg \ + gpg-agent \ qemu \ qemu-system-x86_64 \ qemu-img \ + openssh-client \ openssl \ socat \ wget -ADD https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_${OS}_${ARCH}.zip ./ -ADD https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_SHA256SUMS ./ +ARG PACKER_VERSION=1.8.3 -RUN sed -i '/.*'"${OS}"'_'"${ARCH}"'.zip/!d' packer_${PACKER_VERSION}_SHA256SUMS \ - && sha256sum -cs packer_${PACKER_VERSION}_SHA256SUMS \ - && unzip "packer_${PACKER_VERSION}_${OS}_${ARCH}.zip" -d /bin \ - && rm -f "packer_${PACKER_VERSION}_${OS}_${ARCH}.zip" +RUN { OS="$(echo ${SYSTEM} |awk '{print tolower($0)}')"; \ + ARCH="$(echo ${MACHINE} |awk '/x86_64/ {print "amd64"}; /aarch64/ {print "arm64"}')"; \ + wget https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_${OS}_${ARCH}.zip \ + && wget https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_SHA256SUMS \ + && wget https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_SHA256SUMS.sig \ + && GNUPGHOME="./.gnupg" gpg --batch --recv-keys C874011F0AB405110D02105534365D9472D7468F \ + && GNUPGHOME="./.gnupg" gpg --batch --verify packer_${PACKER_VERSION}_SHA256SUMS.sig packer_${PACKER_VERSION}_SHA256SUMS \ + && grep packer_${PACKER_VERSION}_${OS}_${ARCH}.zip packer_${PACKER_VERSION}_SHA256SUMS |sha256sum -c - \ + && unzip "packer_${PACKER_VERSION}_${OS}_${ARCH}.zip" -d /usr/local/bin \ + && rm -f "packer_${PACKER_VERSION}_${OS}_${ARCH}.zip" packer_${PACKER_VERSION}_SHA256SUMS.sig packer_${PACKER_VERSION}_SHA256SUMS ./.gnupg \ + ; } -ENTRYPOINT ["/bin/packer"] +ENTRYPOINT ["/usr/local/bin/packer"] FROM dist as master ARG DOCKER_BUILD_DIR diff --git a/make/apps/myos/def.ssh.mk b/make/apps/myos/def.ssh.mk index cb71469..b733f8a 100644 --- a/make/apps/myos/def.ssh.mk +++ b/make/apps/myos/def.ssh.mk @@ -5,9 +5,9 @@ SSH_BASTION_HOSTNAME ?= SSH_BASTION_USERNAME ?= $(SSH_USER) SSH_ENV_VARS ?= SSH_BASTION_HOSTNAME SSH_BASTION_USERNAME SSH_PUBLIC_HOSTS SSH_PRIVATE_IP_RANGE SSH_USER SSH_GITHUB_AUTHORIZED_KEYS ?= $(patsubst %,https://github.com/%,$(patsubst %,%.keys,$(SSH_USER))) -SSH_PUBLIC_HOSTS ?= $(CONFIG_REPOSITORY_HOST) $(SSH_BASTION_HOSTNAME) $(SSH_REMOTE_HOSTS) +SSH_PUBLIC_HOSTS ?= $(if $(filter ssh,$(CONFIG_REPOSITORY_SCHEME)),$(CONFIG_REPOSITORY_HOST)) $(SSH_BASTION_HOSTNAME) $(SSH_REMOTE_HOSTS) SSH_PRIVATE_IP_RANGE ?= -SSH_PRIVATE_KEYS ?= $(wildcard $(SSH_DIR)/id_rsa) +SSH_PRIVATE_KEYS ?= $(wildcard $(SSH_DIR)/id_ed25519 $(SSH_DIR)/id_rsa) SSH_REMOTE_HOSTS ?= github.com gitlab.com SSH_USER ?= $(call slugify,$(GIT_USER)) diff --git a/make/apps/myos/ssh.mk b/make/apps/myos/ssh.mk index 1ca8e86..db9ab3c 100644 --- a/make/apps/myos/ssh.mk +++ b/make/apps/myos/ssh.mk @@ -10,7 +10,7 @@ ssh: ssh-get-PrivateIpAddress-$(SERVER_NAME) ## Connect to first remote host .PHONY: ssh-add ssh-add: DOCKER_RUN_OPTIONS += -it ssh-add: ssh-key - $(eval SSH_PRIVATE_KEYS := $(foreach file,$(SSH_DIR)/id_rsa $(filter-out $(wildcard $(SSH_DIR)/id_rsa),$(wildcard $(SSH_DIR)/*)),$(if $(shell grep "PRIVATE KEY" $(file) 2>/dev/null),$(notdir $(file))))) + $(eval SSH_PRIVATE_KEYS := $(foreach file,$(SSH_DIR)/id_ed25519 $(SSH_DIR)/id_rsa $(filter-out $(wildcard $(SSH_DIR)/id_ed25519 $(SSH_DIR)/id_rsa),$(wildcard $(SSH_DIR)/*)),$(if $(shell grep "PRIVATE KEY" $(file) 2>/dev/null),$(notdir $(file))))) $(call run,sh -c '$(foreach file,$(patsubst %,$(SSH_DIR)/%,$(SSH_PRIVATE_KEYS)),ssh-add -l |grep -qw $$(ssh-keygen -lf $(file) 2>/dev/null |awk '\''{print $$2}'\'') 2>/dev/null || $(RUN) ssh-add $(file) ||: &&) true',-v $(SSH_DIR):$(SSH_DIR) $(USER_DOCKER_IMAGE) ) # target ssh-connect: Call ssh-connect make connect SERVICE @@ -21,7 +21,7 @@ ssh-connect: ssh-get-PrivateIpAddress-$(SERVER_NAME) # target ssh-del: ssh-add -d file SSH_PRIVATE_KEYS in folder SSH_DIR .PHONY: ssh-del ssh-del: - $(eval SSH_PRIVATE_KEYS := $(foreach file,$(SSH_DIR)/id_rsa $(filter-out $(wildcard $(SSH_DIR)/id_rsa),$(wildcard $(SSH_DIR)/*)),$(if $(shell grep "PRIVATE KEY" $(file) 2>/dev/null),$(notdir $(file))))) + $(eval SSH_PRIVATE_KEYS := $(foreach file,$(SSH_DIR)/id_ed25519 $(SSH_DIR)/id_rsa $(filter-out $(wildcard $(SSH_DIR)/id_ed25519 $(SSH_DIR)/id_rsa),$(wildcard $(SSH_DIR)/*)),$(if $(shell grep "PRIVATE KEY" $(file) 2>/dev/null),$(notdir $(file))))) $(call run,sh -c '$(foreach file,$(patsubst %,$(SSH_DIR)/%,$(SSH_PRIVATE_KEYS)),ssh-add -l |grep -qw $$(ssh-keygen -lf $(file) 2>/dev/null |awk '\''{print $$2}'\'') 2>/dev/null && $(RUN) ssh-add -d $(file) ||: &&) true',-v $(SSH_DIR):$(SSH_DIR) $(USER_DOCKER_IMAGE) ) # target ssh-exec: Call ssh-exec make exec SERVICE ARGS diff --git a/packer/alpine/alpine.pkr.hcl b/packer/alpine/alpine.pkr.hcl index b72d4b8..81b527a 100644 --- a/packer/alpine/alpine.pkr.hcl +++ b/packer/alpine/alpine.pkr.hcl @@ -119,7 +119,7 @@ variable "vnc_port_min" { default = "5900" } -source "qemu" "autogenerated_1" { +source "qemu" "alpine" { accelerator = "${var.accelerator}" boot_command = ["${var.username}", "passwd${var.password}${var.password}", "ifconfig eth0 up && udhcpc -i eth0", "apk add --repository http://dl-cdn.alpinelinux.org/alpine/v${var.alpine_version}/main dropbear dropbear-openrc openssh-sftp-server", "rc-update add dropbear", "echo -e 'auto eth0\\niface eth0 inet dhcp' > /etc/network/interfaces", "mkdir -p /etc/dropbear", "dropbearkey -t ed25519 -f /etc/dropbear/dropbear_ed25519_host_key", "rc-service dropbear start", ""] boot_wait = "${var.boot_wait}" @@ -148,7 +148,7 @@ source "qemu" "autogenerated_1" { } build { - sources = ["source.qemu.autogenerated_1"] + sources = ["source.qemu.alpine"] provisioner "shell" { environment_vars = ["ALPINE_VERSION=${var.alpine_version}", "HOSTNAME=${var.hostname}", "NAMESERVER=${var.nameserver}"] @@ -161,6 +161,7 @@ build { } provisioner "ansible" { + ansible_env_vars = [ "ANSIBLE_USERNAME=${var.ansible_user}" ] // https://github.com/hashicorp/packer-plugin-ansible/issues/69 ansible_ssh_extra_args = ["-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"] extra_arguments = ["--extra-vars", "${var.ansible_extra_vars}", "${var.ansible_verbose}"] diff --git a/packer/def.packer.mk b/packer/def.packer.mk index c45697c..dd5f37e 100644 --- a/packer/def.packer.mk +++ b/packer/def.packer.mk @@ -1,5 +1,5 @@ CMDS += packer -DOCKER_RUN_OPTIONS_PACKER ?= -it -p $(PACKER_SSH_PORT):$(PACKER_SSH_PORT) -p $(PACKER_VNC_PORT):$(PACKER_VNC_PORT) +DOCKER_RUN_OPTIONS_PACKER ?= -it -p $(PACKER_SSH_PORT):$(PACKER_SSH_PORT) -p $(PACKER_VNC_PORT):$(PACKER_VNC_PORT) -v $(SSH_DIR):$(SSH_DIR) ENV_VARS += PACKER_CACHE_DIR PACKER_KEY_INTERVAL PACKER_LOG KVM_GID ?= $(call gid,kvm) PACKER_ARCH ?= $(PACKER_ALPINE_ARCH) @@ -14,7 +14,7 @@ PACKER_ISO_FILES ?= $(wildcard build/iso/*/*/*.iso) PACKER_ISO_FILE = $(PACKER_OUTPUT)/$(PACKER_ISO_NAME).iso PACKER_ISO_INFO = $(PACKER_OUTPUT)/$(PACKER_ISO_NAME).nfo PACKER_ISO_NAME = $(PACKER_TEMPLATE)-$(PACKER_RELEASE)-$(PACKER_ARCH) -PACKER_ISO_SIZE ?= 2048 +PACKER_ISO_SIZE ?= 1024 PACKER_KEY_INTERVAL ?= 11ms PACKER_LOG ?= 1 PACKER_NAMESERVER ?= 1.1.1.1 @@ -51,6 +51,7 @@ boot_wait ?= $(PACKER_BOOT_WAIT) hostname ?= $(PACKER_HOSTNAME) iso_name ?= $(PACKER_ISO_NAME) iso_size ?= $(PACKER_ISO_SIZE) +nameserver ?= $(PACKER_NAMESERVER) output ?= $(PACKER_OUTPUT) password ?= $(PACKER_PASSWORD) pause_before ?= $(PACKER_PAUSE_BEFORE) @@ -94,6 +95,7 @@ endef # function packer-build: Call packer build with arg 1, Add build infos to file PACKER_ISO_INFO define packer-build + $(eval ANSIBLE_USERNAME := $(PACKER_USERNAME)) $(eval PACKER_TEMPLATE := $(notdir $(basename $(basename $(1))))) echo Building $(PACKER_ISO_FILE) $(call packer,build $(PACKER_BUILD_ARGS) $(1))