From 38c6161ee2822ad2a86dacbfc417815dcf63725c Mon Sep 17 00:00:00 2001 From: tigro Date: Sat, 9 Sep 2023 00:20:45 +0300 Subject: [PATCH] Added configuration for Yandex Cloud We should add /etc/cloud/cloud.cfg.d/00_Ec2.cfg: --- datasource: Ec2: strict_id: false --- This will fix cloud-init start: https://cloud.yandex.ru/docs/compute/operations/image-create/custom-image#ec2 --- ansible/roles/yandexcloud_guest/README.md | 3 + .../roles/yandexcloud_guest/files/00_Ec2.cfg | 3 + .../roles/yandexcloud_guest/files/ifcfg-eth0 | 9 ++ ansible/roles/yandexcloud_guest/meta/main.yml | 7 + .../roles/yandexcloud_guest/tasks/main.yml | 132 ++++++++++++++++++ ansible/yandexcloud.yml | 8 ++ msvsphere-9-yandexcloud.pkr.hcl | 56 ++++++++ 7 files changed, 218 insertions(+) create mode 100644 ansible/roles/yandexcloud_guest/README.md create mode 100644 ansible/roles/yandexcloud_guest/files/00_Ec2.cfg create mode 100644 ansible/roles/yandexcloud_guest/files/ifcfg-eth0 create mode 100644 ansible/roles/yandexcloud_guest/meta/main.yml create mode 100644 ansible/roles/yandexcloud_guest/tasks/main.yml create mode 100644 ansible/yandexcloud.yml create mode 100644 msvsphere-9-yandexcloud.pkr.hcl diff --git a/ansible/roles/yandexcloud_guest/README.md b/ansible/roles/yandexcloud_guest/README.md new file mode 100644 index 0000000..01a253e --- /dev/null +++ b/ansible/roles/yandexcloud_guest/README.md @@ -0,0 +1,3 @@ +# yandexcoud_guest + +An Ansible role that configures an MSVSphere Yandex Cloud image system. diff --git a/ansible/roles/yandexcloud_guest/files/00_Ec2.cfg b/ansible/roles/yandexcloud_guest/files/00_Ec2.cfg new file mode 100644 index 0000000..319a08b --- /dev/null +++ b/ansible/roles/yandexcloud_guest/files/00_Ec2.cfg @@ -0,0 +1,3 @@ +datasource: + Ec2: + strict_id: false diff --git a/ansible/roles/yandexcloud_guest/files/ifcfg-eth0 b/ansible/roles/yandexcloud_guest/files/ifcfg-eth0 new file mode 100644 index 0000000..bd1e650 --- /dev/null +++ b/ansible/roles/yandexcloud_guest/files/ifcfg-eth0 @@ -0,0 +1,9 @@ +TYPE=Ethernet +DEVICE=eth0 +BOOTPROTO=dhcp +PERSISTENT_DHCLIENT=1 +IPV6INIT=yes +IPV6_FAILURE_FATAL=no +PEERDNS=yes +USERCTL=yes +ONBOOT=yes diff --git a/ansible/roles/yandexcloud_guest/meta/main.yml b/ansible/roles/yandexcloud_guest/meta/main.yml new file mode 100644 index 0000000..6e4c5a7 --- /dev/null +++ b/ansible/roles/yandexcloud_guest/meta/main.yml @@ -0,0 +1,7 @@ +--- +dependencies: + - role: disable_firstboot + - role: setup_cloud_init + cloud_init_user: 'msvsphere' + - role: pvgrub_config + - role: qemu_guest_agent diff --git a/ansible/roles/yandexcloud_guest/tasks/main.yml b/ansible/roles/yandexcloud_guest/tasks/main.yml new file mode 100644 index 0000000..8ba187a --- /dev/null +++ b/ansible/roles/yandexcloud_guest/tasks/main.yml @@ -0,0 +1,132 @@ +--- +- name: Remove firewalld and linux-firmware + ansible.builtin.dnf: + name: + - firewalld + - firewalld-filesystem + - ipset + - ipset-libs + - iptables + - python3-firewall + - python3-slip + - libnftnl + - libnfnetlink + - linux-firmware + state: absent + +- name: Install additional software + ansible.builtin.dnf: + name: + - cockpit-system + - cockpit-ws + - dnf-utils + - gdisk + - nfs-utils + - rsync + - tar + - tuned + - tcpdump + state: present + +- name: Find persistent-net.rules + ansible.builtin.find: + paths: /etc/udev/rules.d + patterns: 70* + register: net_rules + +- name: Delete persistent-net.rules + ansible.builtin.file: + path: "{{ item.path }}" + state: absent + with_items: "{{ net_rules.files }}" + +- name: Configure /etc/sysconfig/network + ansible.builtin.lineinfile: + path: /etc/sysconfig/network + line: "{{ item }}" + with_items: + - NETWORKING=yes + - NOZEROCONF=yes + +- name: Configure /etc/sysconfig/network-scripts/ifcfg-eth0 + ansible.builtin.copy: + src: ifcfg-eth0 + dest: /etc/sysconfig/network-scripts/ifcfg-eth0 + owner: root + group: root + mode: 0644 + +- name: Configure /etc/cloud/cloud.cfg.d/00_Ec2.cfg + ansible.builtin.copy: + src: 00_Ec2.cfg + dest: /etc/cloud/cloud.cfg.d/00_Ec2.cfg + owner: root + group: root + mode: 0644 + +- name: Disable consistent network device naming + ansible.builtin.file: + src: /dev/null + dest: /etc/udev/rules.d/80-net-name-slot.rules + owner: root + group: root + state: link + +- name: Disable virtual terminals allocation by logind + ansible.builtin.replace: + path: '/etc/systemd/logind.conf' + regexp: '^#?NAutoVTs=\d+' + replace: 'NAutoVTs=0' + +- name: Configure NetworkManager default DHCP timeout + community.general.ini_file: + path: /etc/NetworkManager/conf.d/dhcp.conf + section: connection + option: ipv4.dhcp-timeout + value: 300 + owner: root + group: root + mode: 0644 + seuser: system_u + +- name: Set default kernel package type to kernel + ansible.builtin.replace: + path: /etc/sysconfig/kernel + regexp: '^(DEFAULTKERNEL=).*$' + replace: '\1kernel' + +# https://bugzilla.redhat.com/show_bug.cgi?id=1849082#c7 +- name: Enable Xen support + block: + - name: Enable xen drivers in dracut + ansible.builtin.lineinfile: + path: /etc/dracut.conf.d/xen.conf + line: 'add_drivers+=" xen-netfront xen-blkfront "' + create: true + owner: root + group: root + mode: 0644 + + - name: Upgrade initramfs + ansible.builtin.command: dracut -f --regenerate-all + when: ansible_facts['architecture'] == 'x86_64' + +- name: Add msvsphere user to /etc/sudoers + ansible.builtin.lineinfile: + path: /etc/sudoers + line: "msvsphere\tALL=(ALL)\tNOPASSWD: ALL" + state: present + +- name: Set virtual-guest as default profile for tuned + ansible.builtin.lineinfile: + path: /etc/tuned/active_profile + line: virtual-guest + create: yes + +- name: Regenerate the initramfs + ansible.builtin.command: dracut -f --regenerate-all + +- name: Disable root login + ansible.builtin.user: + name: root + password: '!!' diff --git a/ansible/yandexcloud.yml b/ansible/yandexcloud.yml new file mode 100644 index 0000000..4ac6e93 --- /dev/null +++ b/ansible/yandexcloud.yml @@ -0,0 +1,8 @@ +--- +- name: MSVSphere Yandex Cloud image + hosts: default + become: true + + roles: + - yandexcloud_guest + - cleanup_vm diff --git a/msvsphere-9-yandexcloud.pkr.hcl b/msvsphere-9-yandexcloud.pkr.hcl new file mode 100644 index 0000000..7ee4b09 --- /dev/null +++ b/msvsphere-9-yandexcloud.pkr.hcl @@ -0,0 +1,56 @@ +/** + * Packer template for building MSVSphere 9 Yandex Cloud images. + */ + +source "qemu" "msvsphere-9-yandexcloud-x86_64" { + iso_url = var.iso_url_9_x86_64 + iso_checksum = var.iso_checksum_9_x86_64 + boot_command = var.gencloud_boot_cmd_9_x86_64_uefi + boot_wait = var.boot_wait + cpus = var.cpus + memory = var.memory + disk_size = var.gencloud_disk_size + headless = var.headless + http_directory = var.http_directory + shutdown_command = var.root_shutdown_command + ssh_username = var.gencloud_ssh_username + ssh_password = var.gencloud_ssh_password + ssh_timeout = var.ssh_timeout + vnc_bind_address = var.vnc_bind_address + accelerator = "kvm" + efi_firmware_code = var.uefi_ovmf_code + efi_firmware_vars = var.uefi_ovmf_vars + disk_interface = "virtio-scsi" + disk_cache = "unsafe" + disk_discard = "unmap" + disk_detect_zeroes = "unmap" + disk_compression = true + format = "qcow2" + machine_type = "q35" + net_device = "virtio-net" + qemu_binary = var.qemu_binary + vm_name = "MSVSphere-${var.os_version_9}-${formatdate("YYYYMMDD", timestamp())}.yandexcloud.x86_64.qcow2" + qemuargs = [ + ["-cpu", "host"] + ] +} + + +build { + sources = [ + "qemu.msvsphere-9-yandexcloud-x86_64" + ] + + provisioner "ansible" { + playbook_file = "ansible/yandexcloud.yml" + galaxy_file = "ansible/requirements.yml" + roles_path = "ansible/roles" + collections_path = "ansible/collections" + ansible_env_vars = [ + "ANSIBLE_PIPELINING=True", + "ANSIBLE_REMOTE_TEMP=/tmp", + "ANSIBLE_SSH_ARGS='-o ControlMaster=no -o ControlPersist=180s -o ServerAliveInterval=120s -o TCPKeepAlive=yes -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa'" + ] + extra_arguments = ["--scp-extra-args", "'-O'"] + } +}