wip: ansible on alpine
This commit is contained in:
parent
54bf6bbbe0
commit
1203c9f005
|
@ -27,7 +27,8 @@ ANSIBLE_SSH_AUTHORIZED_KEYS ?= $(strip $(SSH_AUTHORIZED_KEYS))
|
||||||
ANSIBLE_SSH_BASTION_HOSTNAME ?= $(firstword $(SSH_BASTION_HOSTNAME))
|
ANSIBLE_SSH_BASTION_HOSTNAME ?= $(firstword $(SSH_BASTION_HOSTNAME))
|
||||||
ANSIBLE_SSH_BASTION_USERNAME ?= $(firstword $(SSH_BASTION_USERNAME))
|
ANSIBLE_SSH_BASTION_USERNAME ?= $(firstword $(SSH_BASTION_USERNAME))
|
||||||
ANSIBLE_SSH_PRIVATE_IP_RANGE ?= $(strip $(SSH_PRIVATE_IP_RANGE))
|
ANSIBLE_SSH_PRIVATE_IP_RANGE ?= $(strip $(SSH_PRIVATE_IP_RANGE))
|
||||||
ANSIBLE_SSH_PRIVATE_KEYS ?= $(strip $(SSH_PRIVATE_KEYS))
|
ANSIBLE_SSH_PRIVATE_KEYS ?= $(if $(ANSIBLE_SSH_PRIVATE_KEYS_ENABLE),$(strip $(SSH_PRIVATE_KEYS)))
|
||||||
|
ANSIBLE_SSH_PRIVATE_KEYS_ENABLE ?=
|
||||||
ANSIBLE_SSH_PUBLIC_HOSTS ?= $(strip $(SSH_PUBLIC_HOSTS))
|
ANSIBLE_SSH_PUBLIC_HOSTS ?= $(strip $(SSH_PUBLIC_HOSTS))
|
||||||
ANSIBLE_SSH_USERNAME ?= $(firstword $(SSH_USER))
|
ANSIBLE_SSH_USERNAME ?= $(firstword $(SSH_USER))
|
||||||
ANSIBLE_SERVER_NAME ?= $(SERVER_NAME)
|
ANSIBLE_SERVER_NAME ?= $(SERVER_NAME)
|
||||||
|
|
|
@ -11,13 +11,11 @@ disks_packages:
|
||||||
hosts_git_repositories:
|
hosts_git_repositories:
|
||||||
- { "repo": "{{ lookup('env','ANSIBLE_GIT_REPOSITORY') }}", "dest": "{{ lookup('env','ANSIBLE_GIT_DIRECTORY') }}", "key_file": "{{ lookup('env','ANSIBLE_GIT_KEY_FILE') or '~/.ssh/id_rsa' }}", "version": "{{ lookup('env','ANSIBLE_GIT_VERSION') }}" }
|
- { "repo": "{{ lookup('env','ANSIBLE_GIT_REPOSITORY') }}", "dest": "{{ lookup('env','ANSIBLE_GIT_DIRECTORY') }}", "key_file": "{{ lookup('env','ANSIBLE_GIT_KEY_FILE') or '~/.ssh/id_rsa' }}", "version": "{{ lookup('env','ANSIBLE_GIT_VERSION') }}" }
|
||||||
hosts_packages:
|
hosts_packages:
|
||||||
- { "name": "ansible", "state": "present" }
|
- { "name": "ansible-core", "state": "present" }
|
||||||
hosts_services:
|
hosts_services:
|
||||||
- { "name": "zram", "state": "started", "enabled": "yes" }
|
- { "name": "zram", "state": "started", "enabled": "yes" }
|
||||||
hosts_update: true
|
hosts_update: true
|
||||||
hosts_user_env:
|
hosts_default_env:
|
||||||
- ANSIBLE_AWS_ACCESS_KEY_ID
|
|
||||||
- ANSIBLE_AWS_SECRET_ACCESS_KEY
|
|
||||||
- ANSIBLE_CONFIG
|
- ANSIBLE_CONFIG
|
||||||
- ANSIBLE_DISKS_NFS_DISK
|
- ANSIBLE_DISKS_NFS_DISK
|
||||||
- ANSIBLE_DISKS_NFS_OPTIONS
|
- ANSIBLE_DISKS_NFS_OPTIONS
|
||||||
|
@ -32,7 +30,7 @@ hosts_user_env:
|
||||||
- ANSIBLE_MYOS
|
- ANSIBLE_MYOS
|
||||||
- ANSIBLE_PLAYBOOK
|
- ANSIBLE_PLAYBOOK
|
||||||
- ENV
|
- ENV
|
||||||
hosts_user_rc_enable: true
|
hosts_user_rc: true
|
||||||
hosts_user_rc_functions:
|
hosts_user_rc_functions:
|
||||||
- { "path": "10_prompt_set", "state": "touch" }
|
- { "path": "10_prompt_set", "state": "touch" }
|
||||||
- { "path": "10_ps1_set", "state": "touch" }
|
- { "path": "10_ps1_set", "state": "touch" }
|
||||||
|
|
|
@ -5,13 +5,14 @@ disks_packages:
|
||||||
- { "name": "btrfs-progs", "state": "present" }
|
- { "name": "btrfs-progs", "state": "present" }
|
||||||
- { "name": "xfsprogs", "state": "present" }
|
- { "name": "xfsprogs", "state": "present" }
|
||||||
docker_image_tag: "{{ lookup('env','ANSIBLE_DOCKER_IMAGE_TAG') or 'latest' }}"
|
docker_image_tag: "{{ lookup('env','ANSIBLE_DOCKER_IMAGE_TAG') or 'latest' }}"
|
||||||
|
docker_myos: true
|
||||||
docker_registry: "{{ lookup('env','ANSIBLE_DOCKER_REGISTRY') }}"
|
docker_registry: "{{ lookup('env','ANSIBLE_DOCKER_REGISTRY') }}"
|
||||||
hosts_git_repositories:
|
hosts_git_repositories:
|
||||||
- { "repo": "{{ lookup('env','ANSIBLE_GIT_REPOSITORY') }}", "dest": "{{ lookup('env','ANSIBLE_GIT_DIRECTORY') }}", "key_file": "{{ lookup('env','ANSIBLE_GIT_KEY_FILE') or '~/.ssh/id_rsa' }}", "version": "{{ lookup('env','ANSIBLE_GIT_VERSION') }}" }
|
- { "repo": "{{ lookup('env','ANSIBLE_GIT_REPOSITORY') }}", "dest": "{{ lookup('env','ANSIBLE_GIT_DIRECTORY') }}", "key_file": "{{ lookup('env','ANSIBLE_GIT_KEY_FILE') or '~/.ssh/id_rsa' }}", "version": "{{ lookup('env','ANSIBLE_GIT_VERSION') }}" }
|
||||||
hosts_services:
|
hosts_services:
|
||||||
- { "name": "myos", "state": "stopped", "enabled": "yes" }
|
- { "name": "myos", "state": "started", "enabled": "yes" }
|
||||||
hosts_update: true
|
hosts_update: true
|
||||||
hosts_user_env:
|
hosts_default_env:
|
||||||
- ANSIBLE_CONFIG
|
- ANSIBLE_CONFIG
|
||||||
- ANSIBLE_DOCKER_IMAGE_TAG
|
- ANSIBLE_DOCKER_IMAGE_TAG
|
||||||
- ANSIBLE_DOCKER_REGISTRY
|
- ANSIBLE_DOCKER_REGISTRY
|
||||||
|
@ -23,4 +24,5 @@ hosts_user_env:
|
||||||
- ANSIBLE_MYOS
|
- ANSIBLE_MYOS
|
||||||
- ANSIBLE_PLAYBOOK
|
- ANSIBLE_PLAYBOOK
|
||||||
- ENV
|
- ENV
|
||||||
hosts_user_rc_enable: true
|
hosts_user_rc: true
|
||||||
|
remotes_myos: true
|
||||||
|
|
|
@ -21,14 +21,12 @@ disks_services:
|
||||||
docker_image_tag: "{{ lookup('env','ANSIBLE_DOCKER_IMAGE_TAG') or 'latest' }}"
|
docker_image_tag: "{{ lookup('env','ANSIBLE_DOCKER_IMAGE_TAG') or 'latest' }}"
|
||||||
docker_registry: "{{ lookup('env','ANSIBLE_DOCKER_REGISTRY') }}"
|
docker_registry: "{{ lookup('env','ANSIBLE_DOCKER_REGISTRY') }}"
|
||||||
hosts_packages:
|
hosts_packages:
|
||||||
- { "name": "ansible", "state": "present" }
|
- { "name": "ansible-core", "state": "present" }
|
||||||
hosts_services:
|
hosts_services:
|
||||||
- { "name": "myos", "state": "stopped", "enabled": "yes" }
|
- { "name": "myos", "state": "started", "enabled": "yes" }
|
||||||
- { "name": "zram", "state": "started", "enabled": "yes" }
|
- { "name": "zram", "state": "started", "enabled": "yes" }
|
||||||
hosts_update: true
|
hosts_update: true
|
||||||
hosts_user_env:
|
hosts_default_env:
|
||||||
- ANSIBLE_AWS_ACCESS_KEY_ID
|
|
||||||
- ANSIBLE_AWS_SECRET_ACCESS_KEY
|
|
||||||
- ANSIBLE_CONFIG
|
- ANSIBLE_CONFIG
|
||||||
- ANSIBLE_DISKS_NFS_DISK
|
- ANSIBLE_DISKS_NFS_DISK
|
||||||
- ANSIBLE_DISKS_NFS_OPTIONS
|
- ANSIBLE_DISKS_NFS_OPTIONS
|
||||||
|
@ -45,12 +43,10 @@ hosts_user_env:
|
||||||
- COMPOSE_PROJECT_NAME
|
- COMPOSE_PROJECT_NAME
|
||||||
- ENV
|
- ENV
|
||||||
- MYOS_TAGS
|
- MYOS_TAGS
|
||||||
hosts_user_rc_enable: true
|
hosts_user_rc: true
|
||||||
hosts_user_rc_functions:
|
hosts_user_rc_functions:
|
||||||
- { "path": "10_prompt_set", "state": "touch" }
|
- { "path": "10_prompt_set", "state": "touch" }
|
||||||
- { "path": "10_ps1_set", "state": "touch" }
|
- { "path": "10_ps1_set", "state": "touch" }
|
||||||
- { "path": "30_pfetch", "state": "touch" }
|
- { "path": "30_pfetch", "state": "touch" }
|
||||||
- { "path": "30_screen_attach", "state": "touch" }
|
- { "path": "30_screen_attach", "state": "touch" }
|
||||||
- { "path": "40_ssh_add", "state": "touch" }
|
- { "path": "40_ssh_add", "state": "touch" }
|
||||||
remotes_services:
|
|
||||||
- { "name": "ansible", "state": "stopped", "enabled": "yes" }
|
|
||||||
|
|
|
@ -60,6 +60,12 @@ docker_distribution_release: bullseye
|
||||||
docker_machine: amd64
|
docker_machine: amd64
|
||||||
```
|
```
|
||||||
|
|
||||||
|
* `docker_myos` - Register myos tags
|
||||||
|
|
||||||
|
``` yaml
|
||||||
|
docker_myos: false
|
||||||
|
```
|
||||||
|
|
||||||
* `docker_package` - Name of the docker package
|
* `docker_package` - Name of the docker package
|
||||||
|
|
||||||
``` yaml
|
``` yaml
|
||||||
|
|
|
@ -19,6 +19,18 @@ docker_check_kernel: '3.10'
|
||||||
# docker daemon configuration
|
# docker daemon configuration
|
||||||
# docker_daemon_config: {}
|
# docker_daemon_config: {}
|
||||||
|
|
||||||
|
# docker package distribution
|
||||||
|
docker_distribution: debian
|
||||||
|
|
||||||
|
# docker package distribution release
|
||||||
|
docker_distribution_release: bullseye
|
||||||
|
|
||||||
|
# docker package architecture
|
||||||
|
docker_machine: amd64
|
||||||
|
|
||||||
|
# register myos tags
|
||||||
|
docker_myos: false
|
||||||
|
|
||||||
# docker package name
|
# docker package name
|
||||||
docker_package: docker
|
docker_package: docker
|
||||||
|
|
||||||
|
|
|
@ -29,6 +29,7 @@
|
||||||
tags:
|
tags:
|
||||||
- run
|
- run
|
||||||
- import_tasks: myos.yml
|
- import_tasks: myos.yml
|
||||||
|
when: docker_myos|default(false)
|
||||||
tags:
|
tags:
|
||||||
- myos
|
- myos
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,12 @@ Bootstrap hosts, installing standard packages and user settings
|
||||||
|
|
||||||
## Role Variables
|
## Role Variables
|
||||||
|
|
||||||
|
* `hosts_cloudinit` - Install and configure cloud-init
|
||||||
|
|
||||||
|
``` yaml
|
||||||
|
hosts_cloudinit: false
|
||||||
|
```
|
||||||
|
|
||||||
* `hosts_cloudinit_config` - cloud-init yaml config
|
* `hosts_cloudinit_config` - cloud-init yaml config
|
||||||
|
|
||||||
``` yaml
|
``` yaml
|
||||||
|
@ -17,10 +23,12 @@ hosts_cloudinit_config:
|
||||||
- 'http://169.254.169.254'
|
- 'http://169.254.169.254'
|
||||||
```
|
```
|
||||||
|
|
||||||
* `hosts_cloudinit_enable` - Install and configure cloud-init
|
* `hosts_default_env` - List of environment variables to add in file /etc/default/myos
|
||||||
|
|
||||||
``` yaml
|
``` yaml
|
||||||
hosts_cloudinit_enable: false
|
hosts_default_env:
|
||||||
|
- ENV
|
||||||
|
- DOCKER
|
||||||
```
|
```
|
||||||
|
|
||||||
* `hosts_git_repositories` - Clone git repositories
|
* `hosts_git_repositories` - Clone git repositories
|
||||||
|
@ -112,18 +120,10 @@ hosts_ssh_username: root
|
||||||
hosts_update: false
|
hosts_update: false
|
||||||
```
|
```
|
||||||
|
|
||||||
* `hosts_user_env` - List of environment variables to add in file ~/.myos
|
* `hosts_user_rc` - Call specific functions on user login, allowing it to customize his session
|
||||||
|
|
||||||
``` yaml
|
``` yaml
|
||||||
hosts_user_env:
|
hosts_user_rc: false
|
||||||
- ENV
|
|
||||||
- DOCKER
|
|
||||||
```
|
|
||||||
|
|
||||||
* `hosts_user_rc_enable` - Call specific functions on user login, allowing it to customize his session
|
|
||||||
|
|
||||||
``` yaml
|
|
||||||
hosts_user_rc_enable: false
|
|
||||||
```
|
```
|
||||||
|
|
||||||
* `hosts_user_rc_functions` - List of specific functions to call on user login, defined in /etc/profile.d/rc_functions.sh
|
* `hosts_user_rc_functions` - List of specific functions to call on user login, defined in /etc/profile.d/rc_functions.sh
|
||||||
|
@ -153,9 +153,8 @@ hosts_user_rc_functions:
|
||||||
roles:
|
roles:
|
||||||
- role: 'aynicos.hosts'
|
- role: 'aynicos.hosts'
|
||||||
hosts_services:
|
hosts_services:
|
||||||
- { "name": "local", "state": "started", "enabled": "yes" }
|
|
||||||
- { "name": "zram", "state": "started", "enabled": "yes" }
|
- { "name": "zram", "state": "started", "enabled": "yes" }
|
||||||
hosts_user_rc_enable: true
|
hosts_user_rc: true
|
||||||
```
|
```
|
||||||
|
|
||||||
## Tests
|
## Tests
|
||||||
|
|
|
@ -1,6 +1,9 @@
|
||||||
---
|
---
|
||||||
# file: defaults/main.yml
|
# file: defaults/main.yml
|
||||||
|
|
||||||
|
# enable cloud-init
|
||||||
|
hosts_cloudinit: false
|
||||||
|
|
||||||
# cloud-init config
|
# cloud-init config
|
||||||
hosts_cloudinit_config:
|
hosts_cloudinit_config:
|
||||||
users:
|
users:
|
||||||
|
@ -75,8 +78,8 @@ hosts_cloudinit_config:
|
||||||
templates_dir: /etc/cloud/templates/
|
templates_dir: /etc/cloud/templates/
|
||||||
ssh_svcname: sshd
|
ssh_svcname: sshd
|
||||||
|
|
||||||
# enable cloud-init
|
# environment variables to add in /etc/default/myos
|
||||||
hosts_cloudinit_enable: false
|
hosts_default_env: []
|
||||||
|
|
||||||
# git repositories to clone
|
# git repositories to clone
|
||||||
hosts_git_repositories: []
|
hosts_git_repositories: []
|
||||||
|
@ -129,14 +132,11 @@ hosts_ssh_public_hosts: "{{ lookup('env','ANSIBLE_SSH_PUBLIC_HOSTS').split(' ')
|
||||||
# remote ssh user
|
# remote ssh user
|
||||||
hosts_ssh_username: "{{ lookup('env','ANSIBLE_SSH_USERNAME') or ansible_user }}"
|
hosts_ssh_username: "{{ lookup('env','ANSIBLE_SSH_USERNAME') or ansible_user }}"
|
||||||
|
|
||||||
# update hosts every day
|
# update hosts every hour
|
||||||
hosts_update: false
|
hosts_update: false
|
||||||
|
|
||||||
# list of environment variables to add in ~/.myos
|
|
||||||
hosts_user_env: []
|
|
||||||
|
|
||||||
# run specific functions on user login
|
# run specific functions on user login
|
||||||
hosts_user_rc_enable: false
|
hosts_user_rc: false
|
||||||
|
|
||||||
# list of rc functions to call at user connection
|
# list of rc functions to call at user connection
|
||||||
hosts_user_rc_functions:
|
hosts_user_rc_functions:
|
||||||
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin
|
||||||
|
|
||||||
|
@reboot root /etc/init.d/myos ansible-pull > /var/log/ansible.log
|
||||||
|
0 * * * * root /etc/init.d/myos ansible-pull > /var/log/ansible.log
|
|
@ -1,3 +0,0 @@
|
||||||
PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin
|
|
||||||
@reboot root make ansible-pull > /var/log/ansible-pull.log
|
|
||||||
0 0 * * * root make ansible-pull > /var/log/ansible-pull.log
|
|
|
@ -1,2 +1,3 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
cd /root && ( make ansible-pull > /var/log/ansible.log || reboot ) &
|
|
||||||
|
/etc/init.d/myos ansible-pull > /var/log/ansible.log
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
/etc/init.d/myos ansible-pull > /var/log/ansible.log
|
|
@ -212,7 +212,7 @@ ssh_add() {
|
||||||
else
|
else
|
||||||
GREP_RECURSIVE_CHAR="*"
|
GREP_RECURSIVE_CHAR="*"
|
||||||
fi
|
fi
|
||||||
SSH_PRIVATE_KEYS="${SSH_PRIVATE_KEYS:-} ${dir}/id_rsa $(grep -l${GREP_RECURSIVE_FLAG:-} 'PRIVATE KEY' "${dir}/"${GREP_RECURSIVE_CHAR:-} 2>/dev/null |grep -vw "${dir}"/id_rsa)"
|
SSH_PRIVATE_KEYS="${SSH_PRIVATE_KEYS:-} ${dir}/id_ed25519 ${dir}/id_rsa $(grep -l${GREP_RECURSIVE_FLAG:-} 'PRIVATE KEY' "${dir}/"${GREP_RECURSIVE_CHAR:-} 2>/dev/null |grep -vwE "${dir}/id_(rsa|ed25519)")"
|
||||||
done
|
done
|
||||||
# shellcheck disable=SC2086
|
# shellcheck disable=SC2086
|
||||||
printf '%s\n' ${SSH_PRIVATE_KEYS} |while read -r file; do
|
printf '%s\n' ${SSH_PRIVATE_KEYS} |while read -r file; do
|
||||||
|
@ -238,7 +238,7 @@ ssh_del() {
|
||||||
else
|
else
|
||||||
GREP_RECURSIVE_CHAR="*"
|
GREP_RECURSIVE_CHAR="*"
|
||||||
fi
|
fi
|
||||||
SSH_PRIVATE_KEYS="${SSH_PRIVATE_KEYS:-} ${dir}/id_rsa $(grep -l${GREP_RECURSIVE_FLAG:-} 'PRIVATE KEY' "${dir}/"${GREP_RECURSIVE_CHAR:-} 2>/dev/null |grep -vw "${dir}"/id_rsa)"
|
SSH_PRIVATE_KEYS="${SSH_PRIVATE_KEYS:-} ${dir}/id_ed25519 ${dir}/id_rsa $(grep -l${GREP_RECURSIVE_FLAG:-} 'PRIVATE KEY' "${dir}/"${GREP_RECURSIVE_CHAR:-} 2>/dev/null |grep -vwE "${dir}/id_(rsa|ed25519)")"
|
||||||
done
|
done
|
||||||
# shellcheck disable=SC2086
|
# shellcheck disable=SC2086
|
||||||
printf '%s\n' ${SSH_PRIVATE_KEYS} |while read -r file; do
|
printf '%s\n' ${SSH_PRIVATE_KEYS} |while read -r file; do
|
||||||
|
@ -270,14 +270,12 @@ tmux_detach() {
|
||||||
|
|
||||||
# function user_count: Print number of "users sessions"/"users"/"logged users"
|
# function user_count: Print number of "users sessions"/"users"/"logged users"
|
||||||
user_count() {
|
user_count() {
|
||||||
ps ax -o user,tty 2>/dev/null |awk '
|
ps ax -o pid,user,tty,comm 2>/dev/null |awk '
|
||||||
$2 ~ /^(pts|tty)/ { users_session++; logged[$1]++; };
|
$3 ~ /^(pts\/|tty[sS]?|[0-9]+,)[0-9]+$/ && $4 != "getty" { users_sessions++; logged[$2]++; };
|
||||||
{ count[$1]++; }
|
$1 ~ /^[0-9]+$/ { count[$2]++; }
|
||||||
END {
|
END {
|
||||||
for (uc in count) { c = c" "uc; }; users_count=split(c,v," ")-1;
|
for (uc in count) { c = c" "uc; }; users_count=split(c,v," ");
|
||||||
for (ul in logged) { l = l" "ul; }; users_logged=split(l,v," ")-1;
|
for (ul in logged) { l = l" "ul; }; users_logged=split(l,v," ");
|
||||||
print users_session+0"/"users_count"/"users_logged;
|
print users_sessions+0"/"users_count+0"/"users_logged+0;
|
||||||
}'
|
}'
|
||||||
}
|
}
|
||||||
|
|
||||||
# vim:ts=2:sw=2:sts=2:et
|
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
Description=Call ansible
|
Description=Call ansible
|
||||||
|
|
||||||
[Timer]
|
[Timer]
|
||||||
OnCalendar=*-*-* 00:00:00
|
OnCalendar=*-*-* *:00:00
|
||||||
Unit=ansible.service
|
Unit=ansible.service
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
|
|
|
@ -2,12 +2,12 @@
|
||||||
# file: tasks/cloudinit.yml
|
# file: tasks/cloudinit.yml
|
||||||
|
|
||||||
- name: cloudinit - install cloud-init packages
|
- name: cloudinit - install cloud-init packages
|
||||||
when: hosts_cloudinit_enable|default(false) and ansible_os_family|lower != "alpine"
|
when: ansible_os_family|lower != "alpine"
|
||||||
package: name="cloud-init" state="present"
|
package: name="cloud-init" state="present"
|
||||||
become: yes
|
become: yes
|
||||||
|
|
||||||
- name: cloudinit - install cloud-init packages - alpine
|
- name: cloudinit - install cloud-init packages - alpine
|
||||||
when: hosts_cloudinit_enable|default(false) and ansible_os_family|lower == "alpine"
|
when: ansible_os_family|lower == "alpine"
|
||||||
with_items:
|
with_items:
|
||||||
- { "name": "cloud-init", "state": "present" }
|
- { "name": "cloud-init", "state": "present" }
|
||||||
- { "name": "cloud-init-openrc", "state": "present" }
|
- { "name": "cloud-init-openrc", "state": "present" }
|
||||||
|
@ -23,14 +23,13 @@
|
||||||
become: yes
|
become: yes
|
||||||
|
|
||||||
- name: cloudinit - update /etc/cloud/cloud.cfg
|
- name: cloudinit - update /etc/cloud/cloud.cfg
|
||||||
when: hosts_cloudinit_enable|default(false)
|
|
||||||
template:
|
template:
|
||||||
src: cloud.cfg.j2
|
src: cloud.cfg.j2
|
||||||
dest: /etc/cloud/cloud.cfg
|
dest: /etc/cloud/cloud.cfg
|
||||||
force: yes
|
force: yes
|
||||||
|
|
||||||
- name: cloudinit - activate service
|
- name: cloudinit - activate service
|
||||||
when: hosts_cloudinit_enable|default(false) and ansible_service_mgr|lower != "openrc"
|
when: ansible_service_mgr|lower != "openrc"
|
||||||
service:
|
service:
|
||||||
name: cloud-init
|
name: cloud-init
|
||||||
state: started
|
state: started
|
||||||
|
@ -38,7 +37,7 @@
|
||||||
become: yes
|
become: yes
|
||||||
|
|
||||||
- name: cloudinit - activate service - openrc
|
- name: cloudinit - activate service - openrc
|
||||||
when: hosts_cloudinit_enable|default(false) and ansible_service_mgr|lower == "openrc"
|
when: ansible_service_mgr|lower == "openrc"
|
||||||
service:
|
service:
|
||||||
name: cloud-init
|
name: cloud-init
|
||||||
state: started
|
state: started
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
---
|
---
|
||||||
# file: tasks/config.yml
|
# file: tasks/config.yml
|
||||||
|
|
||||||
- name: config - set MYOS config in /etc/default/myos
|
- name: config - set MYOS default config
|
||||||
|
become: true
|
||||||
with_items:
|
with_items:
|
||||||
- APP_NAME={{ lookup('env','ANSIBLE_APP_NAME') }}
|
- APP_NAME={{ lookup('env','ANSIBLE_APP_NAME') }}
|
||||||
- APP_TYPE={{ lookup('env','ANSIBLE_APP_TYPE') }}
|
- APP_TYPE={{ lookup('env','ANSIBLE_APP_TYPE') }}
|
||||||
|
@ -11,5 +12,20 @@
|
||||||
create: yes
|
create: yes
|
||||||
line: '{{ item }}'
|
line: '{{ item }}'
|
||||||
mode: '0644'
|
mode: '0644'
|
||||||
become: yes
|
|
||||||
|
- name: config - update MYOS default config
|
||||||
|
become: true
|
||||||
|
with_items: '{{hosts_default_env|default([])}}'
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/default/myos
|
||||||
|
create: yes
|
||||||
|
line: "{{item}}={{lookup('env',item)}}"
|
||||||
|
mode: '0644'
|
||||||
|
|
||||||
|
- name: config - create /root/Makefile
|
||||||
|
become: true
|
||||||
|
template:
|
||||||
|
src: Makefile.j2
|
||||||
|
dest: ~/Makefile
|
||||||
|
force: yes
|
||||||
|
|
||||||
|
|
|
@ -1,13 +1,17 @@
|
||||||
---
|
---
|
||||||
# file: tasks/groups.yml
|
# file: tasks/groups.yml
|
||||||
|
|
||||||
|
- name: groups - remove floppy group - alpine
|
||||||
|
when: ansible_os_family|lower == "alpine"
|
||||||
|
group: gid="11" name="floppy" state="absent"
|
||||||
|
become: yes
|
||||||
|
|
||||||
- name: groups - create dns group
|
- name: groups - create dns group
|
||||||
when: ansible_os_family|lower != "alpine"
|
|
||||||
group: gid="11" name="dns" state="present" system="yes"
|
group: gid="11" name="dns" state="present" system="yes"
|
||||||
become: yes
|
become: yes
|
||||||
|
|
||||||
- name: groups - add me to the dns group
|
- name: groups - add me to the dns group
|
||||||
when: ansible_os_family|lower != "alpine" and ansible_user_uid != "0"
|
when: ansible_user_uid != "0"
|
||||||
user: name="{{ansible_user_id}}" groups=dns append=yes
|
user: name="{{ansible_user_id}}" groups=dns append=yes
|
||||||
become: yes
|
become: yes
|
||||||
|
|
||||||
|
|
|
@ -8,11 +8,12 @@
|
||||||
tags:
|
tags:
|
||||||
- boot
|
- boot
|
||||||
- import_tasks: cloudinit.yml
|
- import_tasks: cloudinit.yml
|
||||||
|
when: hosts_cloudinit|default(false)
|
||||||
tags:
|
tags:
|
||||||
- cloudinit
|
- cloudinit
|
||||||
- import_tasks: config.yml
|
- import_tasks: config.yml
|
||||||
tags:
|
tags:
|
||||||
- cloudinit
|
- config
|
||||||
- import_tasks: dir.yml
|
- import_tasks: dir.yml
|
||||||
tags:
|
tags:
|
||||||
- dir
|
- dir
|
||||||
|
@ -26,6 +27,7 @@
|
||||||
tags:
|
tags:
|
||||||
- packages
|
- packages
|
||||||
- import_tasks: services.yml
|
- import_tasks: services.yml
|
||||||
|
when: hosts_services is defined
|
||||||
tags:
|
tags:
|
||||||
- services
|
- services
|
||||||
- import_tasks: git.yml
|
- import_tasks: git.yml
|
||||||
|
@ -35,9 +37,9 @@
|
||||||
tags:
|
tags:
|
||||||
- ssh
|
- ssh
|
||||||
- import_tasks: update.yml
|
- import_tasks: update.yml
|
||||||
|
when: hosts_update|default(false)
|
||||||
tags:
|
tags:
|
||||||
- update
|
- update
|
||||||
when: hosts_update|default(false)
|
|
||||||
- import_tasks: user.yml
|
- import_tasks: user.yml
|
||||||
tags:
|
tags:
|
||||||
- user
|
- user
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
# file: tasks/services.yml
|
# file: tasks/services.yml
|
||||||
|
|
||||||
- name: services - enable/disable hosts services
|
- name: services - enable/disable hosts services
|
||||||
when: hosts_services is defined and ansible_service_mgr|lower != "openrc" and ansible_service_mgr|lower != "runit"
|
when: ansible_service_mgr|lower != "openrc" and ansible_service_mgr|lower != "runit"
|
||||||
with_items: "{{ hosts_services|default([]) }}"
|
with_items: "{{ hosts_services|default([]) }}"
|
||||||
service:
|
service:
|
||||||
name: "{{item.name}}"
|
name: "{{item.name}}"
|
||||||
|
@ -11,7 +11,7 @@
|
||||||
become: yes
|
become: yes
|
||||||
|
|
||||||
- name: services - enable/disable hosts services - openrc
|
- name: services - enable/disable hosts services - openrc
|
||||||
when: hosts_services is defined and ansible_service_mgr|lower == "openrc"
|
when: ansible_service_mgr|lower == "openrc"
|
||||||
with_items: "{{ hosts_services|default([]) }}"
|
with_items: "{{ hosts_services|default([]) }}"
|
||||||
service:
|
service:
|
||||||
name: "{{item.name}}"
|
name: "{{item.name}}"
|
||||||
|
@ -21,7 +21,7 @@
|
||||||
become: yes
|
become: yes
|
||||||
|
|
||||||
- name: services - enable/disable hosts services - runit
|
- name: services - enable/disable hosts services - runit
|
||||||
when: hosts_services is defined and ansible_service_mgr|lower == "runit"
|
when: ansible_service_mgr|lower == "runit"
|
||||||
with_items: "{{ hosts_services|default([]) }}"
|
with_items: "{{ hosts_services|default([]) }}"
|
||||||
sysvinit:
|
sysvinit:
|
||||||
name: "{{item.name}}"
|
name: "{{item.name}}"
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
known_hosts:
|
known_hosts:
|
||||||
path: /etc/ssh/ssh_known_hosts
|
path: /etc/ssh/ssh_known_hosts
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
key: "{{ lookup('pipe', 'ssh-keyscan -t rsa -H ' + item) }}"
|
key: "{{ lookup('pipe', '/usr/bin/ssh-keyscan -H ' + item) }}"
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
|
|
|
@ -2,9 +2,18 @@
|
||||||
# file: tasks/update.yml
|
# file: tasks/update.yml
|
||||||
|
|
||||||
- name: update - copy files
|
- name: update - copy files
|
||||||
|
when: ansible_service_mgr|lower != "systemd" and ansible_os_family|lower != "alpine"
|
||||||
with_items:
|
with_items:
|
||||||
- /etc/cron.d/myos
|
- /etc/cron.d/ansible
|
||||||
copy: src=../files/{{item}} dest={{item}} owner=root group=root mode=0644
|
copy: src=../files/{{item}} dest={{item}} owner=root group=root
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: update - copy files - alpine
|
||||||
|
when: ansible_service_mgr|lower != "systemd" and ansible_os_family|lower == "alpine"
|
||||||
|
with_items:
|
||||||
|
- /etc/periodic/hourly/ansible
|
||||||
|
- /etc/local.d/ansible.start
|
||||||
|
copy: src=../files/{{item}} dest={{item}} owner=root group=root mode=0755
|
||||||
become: yes
|
become: yes
|
||||||
|
|
||||||
- name: update - copy files - systemd
|
- name: update - copy files - systemd
|
||||||
|
@ -12,21 +21,24 @@
|
||||||
with_items:
|
with_items:
|
||||||
- /etc/systemd/system/ansible.service
|
- /etc/systemd/system/ansible.service
|
||||||
- /etc/systemd/system/ansible.timer
|
- /etc/systemd/system/ansible.timer
|
||||||
copy: src=../files/{{item}} dest={{item}} owner=root group=root mode=0644
|
copy: src=../files/{{item}} dest={{item}} owner=root group=root
|
||||||
become: yes
|
become: yes
|
||||||
|
|
||||||
- name: update - create /root/.myos
|
- name: update - enable nservices - openrc
|
||||||
become: true
|
when: ansible_service_mgr|lower == "openrc"
|
||||||
template:
|
service:
|
||||||
src: myos.j2
|
name: local
|
||||||
dest: ~/.myos
|
enabled: true
|
||||||
force: no
|
runlevel: boot
|
||||||
mode: 0400
|
become: yes
|
||||||
|
|
||||||
- name: update - create /root/Makefile
|
- name: update - enable services - systemd
|
||||||
become: true
|
when: ansible_service_mgr|lower == "systemd"
|
||||||
template:
|
with_items:
|
||||||
src: Makefile.j2
|
- ansible.service
|
||||||
dest: ~/Makefile
|
- ansible.timer
|
||||||
force: yes
|
service:
|
||||||
|
name: "{{item}}"
|
||||||
|
enabled: true
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
|
|
@ -12,16 +12,16 @@
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
|
|
||||||
- name: user - create ~/.rc.d
|
- name: user - create ~/.rc.d
|
||||||
file: path=~/.rc.d/ state={{hosts_user_rc_enable|default(false)|ternary('directory', 'absent')}} mode="0700"
|
file: path=~/.rc.d/ state={{hosts_user_rc|default(false)|ternary('directory', 'absent')}} mode="0700"
|
||||||
|
|
||||||
- name: user - source /etc/profile.d/rc_functions.sh
|
- name: user - source /etc/profile.d/rc_functions.sh
|
||||||
when: hosts_user_rc_enable|default(false)
|
when: hosts_user_rc|default(false)
|
||||||
with_items:
|
with_items:
|
||||||
- /etc/profile.d/rc_functions.sh
|
- /etc/profile.d/rc_functions.sh
|
||||||
lineinfile: dest=~/.rc.d/00_source create=yes line="{{ item }}" mode="0600"
|
lineinfile: dest=~/.rc.d/00_source create=yes line="{{ item }}" mode="0600"
|
||||||
|
|
||||||
- name: user - enable/disable rc functions
|
- name: user - enable/disable rc functions
|
||||||
when: hosts_user_rc_enable|default(false)
|
when: hosts_user_rc|default(false)
|
||||||
with_items: "{{ hosts_user_rc_functions|default([]) }}"
|
with_items: "{{ hosts_user_rc_functions|default([]) }}"
|
||||||
file: path="~/.rc.d/{{item.path}}" state="{{item.state}}"
|
file: path="~/.rc.d/{{item.path}}" state="{{item.state}}"
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
CMDS := exec
|
CMDS := exec
|
||||||
SERVICE ?= cli
|
SERVICE ?= cli
|
||||||
-include .myos
|
-include /etc/default/myos
|
||||||
|
|
||||||
ansible:
|
ansible:
|
||||||
@make -C $(ANSIBLE_GIT_DIRECTORY) ansible-run-localhost
|
@make -C $(ANSIBLE_GIT_DIRECTORY) ansible-run-localhost
|
||||||
|
|
|
@ -7,11 +7,11 @@ package:
|
||||||
installed: true
|
installed: true
|
||||||
ncurses:
|
ncurses:
|
||||||
installed: true
|
installed: true
|
||||||
|
neovim:
|
||||||
|
installed: true
|
||||||
openssh-client:
|
openssh-client:
|
||||||
installed: true
|
installed: true
|
||||||
py3-pip:
|
py3-pip:
|
||||||
installed: true
|
installed: true
|
||||||
util-linux:
|
util-linux:
|
||||||
installed: true
|
installed: true
|
||||||
vim:
|
|
||||||
installed: true
|
|
||||||
|
|
|
@ -5,8 +5,8 @@ hosts_packages_distro:
|
||||||
- { "name": "coreutils", "state": "present" }
|
- { "name": "coreutils", "state": "present" }
|
||||||
- { "name": "groff", "state": "present" }
|
- { "name": "groff", "state": "present" }
|
||||||
- { "name": "ncurses", "state": "present" }
|
- { "name": "ncurses", "state": "present" }
|
||||||
|
- { "name": "neovim", "state": "present" }
|
||||||
- { "name": "openssh-client", "state": "present" }
|
- { "name": "openssh-client", "state": "present" }
|
||||||
- { "name": "py3-pip", "state": "present" }
|
- { "name": "py3-pip", "state": "present" }
|
||||||
- { "name": "util-linux", "state": "present" }
|
- { "name": "util-linux", "state": "present" }
|
||||||
- { "name": "vim", "state": "present" }
|
|
||||||
|
|
||||||
|
|
|
@ -6,6 +6,12 @@ Interact with remote services
|
||||||
|
|
||||||
### Default variables
|
### Default variables
|
||||||
|
|
||||||
|
* `remotes_myos` - Retrieve myos tags
|
||||||
|
|
||||||
|
``` yaml
|
||||||
|
remotes_myos: false
|
||||||
|
```
|
||||||
|
|
||||||
* `remotes_packages` - List of packages to install/remove on your hosts
|
* `remotes_packages` - List of packages to install/remove on your hosts
|
||||||
|
|
||||||
``` yaml
|
``` yaml
|
||||||
|
|
|
@ -22,6 +22,9 @@ aws_secret_access_key: 'YOUR_SECRET_ACCESS_KEY'
|
||||||
# git repositories to clone
|
# git repositories to clone
|
||||||
git_repositories: []
|
git_repositories: []
|
||||||
|
|
||||||
|
# retrieve myos tags
|
||||||
|
remotes_myos: false
|
||||||
|
|
||||||
# packages to install/remove
|
# packages to install/remove
|
||||||
remotes_packages: []
|
remotes_packages: []
|
||||||
|
|
||||||
|
|
|
@ -23,6 +23,7 @@
|
||||||
tags:
|
tags:
|
||||||
- user
|
- user
|
||||||
- import_tasks: myos.yml
|
- import_tasks: myos.yml
|
||||||
|
when: remotes_myos|default(false)
|
||||||
tags:
|
tags:
|
||||||
- myos
|
- myos
|
||||||
|
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
ec2_tag:
|
ec2_tag:
|
||||||
aws_access_key: "{{ aws_access_key_id }}"
|
aws_access_key: "{{ aws_access_key_id }}"
|
||||||
aws_secret_key: "{{ aws_secret_access_key }}"
|
aws_secret_key: "{{ aws_secret_access_key }}"
|
||||||
region: "{{ ansible_ec2_placement_region }}"
|
region: "{{ ansible_ec2_placement_region |default('') }}"
|
||||||
resource: "{{ ansible_ec2_instance_id }}"
|
resource: "{{ ansible_ec2_instance_id }}"
|
||||||
state: list
|
state: list
|
||||||
register: myos
|
register: myos
|
||||||
|
|
|
@ -2,33 +2,39 @@ FROM alpine:latest as dist
|
||||||
LABEL maintainer aynic.os <support+docker@asycn.io>
|
LABEL maintainer aynic.os <support+docker@asycn.io>
|
||||||
ARG DOCKER_BUILD_DIR
|
ARG DOCKER_BUILD_DIR
|
||||||
|
|
||||||
ARG MACHINE="$(uname -m)"
|
ARG MACHINE="x86_64"
|
||||||
ARG SYSTEM="$(uname -s)"
|
ARG SYSTEM="Linux"
|
||||||
ARG ARCH="$(echo ${MACHINE} |awk '/x86_64/ {print "amd64"}; /aarch64/ {print "arm64"}')"
|
|
||||||
ARG OS="$(echo ${SYSTEM} |awk '{print tolower($0)}')"
|
|
||||||
|
|
||||||
ARG PACKER_VERSION=1.8.3
|
|
||||||
|
|
||||||
RUN apk --no-cache add \
|
RUN apk --no-cache add \
|
||||||
ansible \
|
ansible \
|
||||||
bash \
|
bash \
|
||||||
|
dirmngr \
|
||||||
git \
|
git \
|
||||||
|
gpg \
|
||||||
|
gpg-agent \
|
||||||
qemu \
|
qemu \
|
||||||
qemu-system-x86_64 \
|
qemu-system-x86_64 \
|
||||||
qemu-img \
|
qemu-img \
|
||||||
|
openssh-client \
|
||||||
openssl \
|
openssl \
|
||||||
socat \
|
socat \
|
||||||
wget
|
wget
|
||||||
|
|
||||||
ADD https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_${OS}_${ARCH}.zip ./
|
ARG PACKER_VERSION=1.8.3
|
||||||
ADD https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_SHA256SUMS ./
|
|
||||||
|
|
||||||
RUN sed -i '/.*'"${OS}"'_'"${ARCH}"'.zip/!d' packer_${PACKER_VERSION}_SHA256SUMS \
|
RUN { OS="$(echo ${SYSTEM} |awk '{print tolower($0)}')"; \
|
||||||
&& sha256sum -cs packer_${PACKER_VERSION}_SHA256SUMS \
|
ARCH="$(echo ${MACHINE} |awk '/x86_64/ {print "amd64"}; /aarch64/ {print "arm64"}')"; \
|
||||||
&& unzip "packer_${PACKER_VERSION}_${OS}_${ARCH}.zip" -d /bin \
|
wget https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_${OS}_${ARCH}.zip \
|
||||||
&& rm -f "packer_${PACKER_VERSION}_${OS}_${ARCH}.zip"
|
&& wget https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_SHA256SUMS \
|
||||||
|
&& wget https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_SHA256SUMS.sig \
|
||||||
|
&& GNUPGHOME="./.gnupg" gpg --batch --recv-keys C874011F0AB405110D02105534365D9472D7468F \
|
||||||
|
&& GNUPGHOME="./.gnupg" gpg --batch --verify packer_${PACKER_VERSION}_SHA256SUMS.sig packer_${PACKER_VERSION}_SHA256SUMS \
|
||||||
|
&& grep packer_${PACKER_VERSION}_${OS}_${ARCH}.zip packer_${PACKER_VERSION}_SHA256SUMS |sha256sum -c - \
|
||||||
|
&& unzip "packer_${PACKER_VERSION}_${OS}_${ARCH}.zip" -d /usr/local/bin \
|
||||||
|
&& rm -f "packer_${PACKER_VERSION}_${OS}_${ARCH}.zip" packer_${PACKER_VERSION}_SHA256SUMS.sig packer_${PACKER_VERSION}_SHA256SUMS ./.gnupg \
|
||||||
|
; }
|
||||||
|
|
||||||
ENTRYPOINT ["/bin/packer"]
|
ENTRYPOINT ["/usr/local/bin/packer"]
|
||||||
|
|
||||||
FROM dist as master
|
FROM dist as master
|
||||||
ARG DOCKER_BUILD_DIR
|
ARG DOCKER_BUILD_DIR
|
||||||
|
|
|
@ -5,9 +5,9 @@ SSH_BASTION_HOSTNAME ?=
|
||||||
SSH_BASTION_USERNAME ?= $(SSH_USER)
|
SSH_BASTION_USERNAME ?= $(SSH_USER)
|
||||||
SSH_ENV_VARS ?= SSH_BASTION_HOSTNAME SSH_BASTION_USERNAME SSH_PUBLIC_HOSTS SSH_PRIVATE_IP_RANGE SSH_USER
|
SSH_ENV_VARS ?= SSH_BASTION_HOSTNAME SSH_BASTION_USERNAME SSH_PUBLIC_HOSTS SSH_PRIVATE_IP_RANGE SSH_USER
|
||||||
SSH_GITHUB_AUTHORIZED_KEYS ?= $(patsubst %,https://github.com/%,$(patsubst %,%.keys,$(SSH_USER)))
|
SSH_GITHUB_AUTHORIZED_KEYS ?= $(patsubst %,https://github.com/%,$(patsubst %,%.keys,$(SSH_USER)))
|
||||||
SSH_PUBLIC_HOSTS ?= $(CONFIG_REPOSITORY_HOST) $(SSH_BASTION_HOSTNAME) $(SSH_REMOTE_HOSTS)
|
SSH_PUBLIC_HOSTS ?= $(if $(filter ssh,$(CONFIG_REPOSITORY_SCHEME)),$(CONFIG_REPOSITORY_HOST)) $(SSH_BASTION_HOSTNAME) $(SSH_REMOTE_HOSTS)
|
||||||
SSH_PRIVATE_IP_RANGE ?=
|
SSH_PRIVATE_IP_RANGE ?=
|
||||||
SSH_PRIVATE_KEYS ?= $(wildcard $(SSH_DIR)/id_rsa)
|
SSH_PRIVATE_KEYS ?= $(wildcard $(SSH_DIR)/id_ed25519 $(SSH_DIR)/id_rsa)
|
||||||
SSH_REMOTE_HOSTS ?= github.com gitlab.com
|
SSH_REMOTE_HOSTS ?= github.com gitlab.com
|
||||||
SSH_USER ?= $(call slugify,$(GIT_USER))
|
SSH_USER ?= $(call slugify,$(GIT_USER))
|
||||||
|
|
||||||
|
|
|
@ -10,7 +10,7 @@ ssh: ssh-get-PrivateIpAddress-$(SERVER_NAME) ## Connect to first remote host
|
||||||
.PHONY: ssh-add
|
.PHONY: ssh-add
|
||||||
ssh-add: DOCKER_RUN_OPTIONS += -it
|
ssh-add: DOCKER_RUN_OPTIONS += -it
|
||||||
ssh-add: ssh-key
|
ssh-add: ssh-key
|
||||||
$(eval SSH_PRIVATE_KEYS := $(foreach file,$(SSH_DIR)/id_rsa $(filter-out $(wildcard $(SSH_DIR)/id_rsa),$(wildcard $(SSH_DIR)/*)),$(if $(shell grep "PRIVATE KEY" $(file) 2>/dev/null),$(notdir $(file)))))
|
$(eval SSH_PRIVATE_KEYS := $(foreach file,$(SSH_DIR)/id_ed25519 $(SSH_DIR)/id_rsa $(filter-out $(wildcard $(SSH_DIR)/id_ed25519 $(SSH_DIR)/id_rsa),$(wildcard $(SSH_DIR)/*)),$(if $(shell grep "PRIVATE KEY" $(file) 2>/dev/null),$(notdir $(file)))))
|
||||||
$(call run,sh -c '$(foreach file,$(patsubst %,$(SSH_DIR)/%,$(SSH_PRIVATE_KEYS)),ssh-add -l |grep -qw $$(ssh-keygen -lf $(file) 2>/dev/null |awk '\''{print $$2}'\'') 2>/dev/null || $(RUN) ssh-add $(file) ||: &&) true',-v $(SSH_DIR):$(SSH_DIR) $(USER_DOCKER_IMAGE) )
|
$(call run,sh -c '$(foreach file,$(patsubst %,$(SSH_DIR)/%,$(SSH_PRIVATE_KEYS)),ssh-add -l |grep -qw $$(ssh-keygen -lf $(file) 2>/dev/null |awk '\''{print $$2}'\'') 2>/dev/null || $(RUN) ssh-add $(file) ||: &&) true',-v $(SSH_DIR):$(SSH_DIR) $(USER_DOCKER_IMAGE) )
|
||||||
|
|
||||||
# target ssh-connect: Call ssh-connect make connect SERVICE
|
# target ssh-connect: Call ssh-connect make connect SERVICE
|
||||||
|
@ -21,7 +21,7 @@ ssh-connect: ssh-get-PrivateIpAddress-$(SERVER_NAME)
|
||||||
# target ssh-del: ssh-add -d file SSH_PRIVATE_KEYS in folder SSH_DIR
|
# target ssh-del: ssh-add -d file SSH_PRIVATE_KEYS in folder SSH_DIR
|
||||||
.PHONY: ssh-del
|
.PHONY: ssh-del
|
||||||
ssh-del:
|
ssh-del:
|
||||||
$(eval SSH_PRIVATE_KEYS := $(foreach file,$(SSH_DIR)/id_rsa $(filter-out $(wildcard $(SSH_DIR)/id_rsa),$(wildcard $(SSH_DIR)/*)),$(if $(shell grep "PRIVATE KEY" $(file) 2>/dev/null),$(notdir $(file)))))
|
$(eval SSH_PRIVATE_KEYS := $(foreach file,$(SSH_DIR)/id_ed25519 $(SSH_DIR)/id_rsa $(filter-out $(wildcard $(SSH_DIR)/id_ed25519 $(SSH_DIR)/id_rsa),$(wildcard $(SSH_DIR)/*)),$(if $(shell grep "PRIVATE KEY" $(file) 2>/dev/null),$(notdir $(file)))))
|
||||||
$(call run,sh -c '$(foreach file,$(patsubst %,$(SSH_DIR)/%,$(SSH_PRIVATE_KEYS)),ssh-add -l |grep -qw $$(ssh-keygen -lf $(file) 2>/dev/null |awk '\''{print $$2}'\'') 2>/dev/null && $(RUN) ssh-add -d $(file) ||: &&) true',-v $(SSH_DIR):$(SSH_DIR) $(USER_DOCKER_IMAGE) )
|
$(call run,sh -c '$(foreach file,$(patsubst %,$(SSH_DIR)/%,$(SSH_PRIVATE_KEYS)),ssh-add -l |grep -qw $$(ssh-keygen -lf $(file) 2>/dev/null |awk '\''{print $$2}'\'') 2>/dev/null && $(RUN) ssh-add -d $(file) ||: &&) true',-v $(SSH_DIR):$(SSH_DIR) $(USER_DOCKER_IMAGE) )
|
||||||
|
|
||||||
# target ssh-exec: Call ssh-exec make exec SERVICE ARGS
|
# target ssh-exec: Call ssh-exec make exec SERVICE ARGS
|
||||||
|
|
|
@ -119,7 +119,7 @@ variable "vnc_port_min" {
|
||||||
default = "5900"
|
default = "5900"
|
||||||
}
|
}
|
||||||
|
|
||||||
source "qemu" "autogenerated_1" {
|
source "qemu" "alpine" {
|
||||||
accelerator = "${var.accelerator}"
|
accelerator = "${var.accelerator}"
|
||||||
boot_command = ["${var.username}<enter>", "passwd<enter>${var.password}<enter>${var.password}<enter>", "ifconfig eth0 up && udhcpc -i eth0<enter>", "apk add --repository http://dl-cdn.alpinelinux.org/alpine/v${var.alpine_version}/main dropbear dropbear-openrc openssh-sftp-server<enter>", "rc-update add dropbear<enter>", "echo -e 'auto eth0\\niface eth0 inet dhcp' > /etc/network/interfaces<enter>", "mkdir -p /etc/dropbear<enter>", "dropbearkey -t ed25519 -f /etc/dropbear/dropbear_ed25519_host_key<enter>", "rc-service dropbear start<enter>", "<wait>"]
|
boot_command = ["${var.username}<enter>", "passwd<enter>${var.password}<enter>${var.password}<enter>", "ifconfig eth0 up && udhcpc -i eth0<enter>", "apk add --repository http://dl-cdn.alpinelinux.org/alpine/v${var.alpine_version}/main dropbear dropbear-openrc openssh-sftp-server<enter>", "rc-update add dropbear<enter>", "echo -e 'auto eth0\\niface eth0 inet dhcp' > /etc/network/interfaces<enter>", "mkdir -p /etc/dropbear<enter>", "dropbearkey -t ed25519 -f /etc/dropbear/dropbear_ed25519_host_key<enter>", "rc-service dropbear start<enter>", "<wait>"]
|
||||||
boot_wait = "${var.boot_wait}"
|
boot_wait = "${var.boot_wait}"
|
||||||
|
@ -148,7 +148,7 @@ source "qemu" "autogenerated_1" {
|
||||||
}
|
}
|
||||||
|
|
||||||
build {
|
build {
|
||||||
sources = ["source.qemu.autogenerated_1"]
|
sources = ["source.qemu.alpine"]
|
||||||
|
|
||||||
provisioner "shell" {
|
provisioner "shell" {
|
||||||
environment_vars = ["ALPINE_VERSION=${var.alpine_version}", "HOSTNAME=${var.hostname}", "NAMESERVER=${var.nameserver}"]
|
environment_vars = ["ALPINE_VERSION=${var.alpine_version}", "HOSTNAME=${var.hostname}", "NAMESERVER=${var.nameserver}"]
|
||||||
|
@ -161,6 +161,7 @@ build {
|
||||||
}
|
}
|
||||||
|
|
||||||
provisioner "ansible" {
|
provisioner "ansible" {
|
||||||
|
ansible_env_vars = [ "ANSIBLE_USERNAME=${var.ansible_user}" ]
|
||||||
// https://github.com/hashicorp/packer-plugin-ansible/issues/69
|
// https://github.com/hashicorp/packer-plugin-ansible/issues/69
|
||||||
ansible_ssh_extra_args = ["-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"]
|
ansible_ssh_extra_args = ["-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"]
|
||||||
extra_arguments = ["--extra-vars", "${var.ansible_extra_vars}", "${var.ansible_verbose}"]
|
extra_arguments = ["--extra-vars", "${var.ansible_extra_vars}", "${var.ansible_verbose}"]
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
CMDS += packer
|
CMDS += packer
|
||||||
DOCKER_RUN_OPTIONS_PACKER ?= -it -p $(PACKER_SSH_PORT):$(PACKER_SSH_PORT) -p $(PACKER_VNC_PORT):$(PACKER_VNC_PORT)
|
DOCKER_RUN_OPTIONS_PACKER ?= -it -p $(PACKER_SSH_PORT):$(PACKER_SSH_PORT) -p $(PACKER_VNC_PORT):$(PACKER_VNC_PORT) -v $(SSH_DIR):$(SSH_DIR)
|
||||||
ENV_VARS += PACKER_CACHE_DIR PACKER_KEY_INTERVAL PACKER_LOG
|
ENV_VARS += PACKER_CACHE_DIR PACKER_KEY_INTERVAL PACKER_LOG
|
||||||
KVM_GID ?= $(call gid,kvm)
|
KVM_GID ?= $(call gid,kvm)
|
||||||
PACKER_ARCH ?= $(PACKER_ALPINE_ARCH)
|
PACKER_ARCH ?= $(PACKER_ALPINE_ARCH)
|
||||||
|
@ -14,7 +14,7 @@ PACKER_ISO_FILES ?= $(wildcard build/iso/*/*/*.iso)
|
||||||
PACKER_ISO_FILE = $(PACKER_OUTPUT)/$(PACKER_ISO_NAME).iso
|
PACKER_ISO_FILE = $(PACKER_OUTPUT)/$(PACKER_ISO_NAME).iso
|
||||||
PACKER_ISO_INFO = $(PACKER_OUTPUT)/$(PACKER_ISO_NAME).nfo
|
PACKER_ISO_INFO = $(PACKER_OUTPUT)/$(PACKER_ISO_NAME).nfo
|
||||||
PACKER_ISO_NAME = $(PACKER_TEMPLATE)-$(PACKER_RELEASE)-$(PACKER_ARCH)
|
PACKER_ISO_NAME = $(PACKER_TEMPLATE)-$(PACKER_RELEASE)-$(PACKER_ARCH)
|
||||||
PACKER_ISO_SIZE ?= 2048
|
PACKER_ISO_SIZE ?= 1024
|
||||||
PACKER_KEY_INTERVAL ?= 11ms
|
PACKER_KEY_INTERVAL ?= 11ms
|
||||||
PACKER_LOG ?= 1
|
PACKER_LOG ?= 1
|
||||||
PACKER_NAMESERVER ?= 1.1.1.1
|
PACKER_NAMESERVER ?= 1.1.1.1
|
||||||
|
@ -51,6 +51,7 @@ boot_wait ?= $(PACKER_BOOT_WAIT)
|
||||||
hostname ?= $(PACKER_HOSTNAME)
|
hostname ?= $(PACKER_HOSTNAME)
|
||||||
iso_name ?= $(PACKER_ISO_NAME)
|
iso_name ?= $(PACKER_ISO_NAME)
|
||||||
iso_size ?= $(PACKER_ISO_SIZE)
|
iso_size ?= $(PACKER_ISO_SIZE)
|
||||||
|
nameserver ?= $(PACKER_NAMESERVER)
|
||||||
output ?= $(PACKER_OUTPUT)
|
output ?= $(PACKER_OUTPUT)
|
||||||
password ?= $(PACKER_PASSWORD)
|
password ?= $(PACKER_PASSWORD)
|
||||||
pause_before ?= $(PACKER_PAUSE_BEFORE)
|
pause_before ?= $(PACKER_PAUSE_BEFORE)
|
||||||
|
@ -94,6 +95,7 @@ endef
|
||||||
|
|
||||||
# function packer-build: Call packer build with arg 1, Add build infos to file PACKER_ISO_INFO
|
# function packer-build: Call packer build with arg 1, Add build infos to file PACKER_ISO_INFO
|
||||||
define packer-build
|
define packer-build
|
||||||
|
$(eval ANSIBLE_USERNAME := $(PACKER_USERNAME))
|
||||||
$(eval PACKER_TEMPLATE := $(notdir $(basename $(basename $(1)))))
|
$(eval PACKER_TEMPLATE := $(notdir $(basename $(basename $(1)))))
|
||||||
echo Building $(PACKER_ISO_FILE)
|
echo Building $(PACKER_ISO_FILE)
|
||||||
$(call packer,build $(PACKER_BUILD_ARGS) $(1))
|
$(call packer,build $(PACKER_BUILD_ARGS) $(1))
|
||||||
|
|
Loading…
Reference in New Issue