commit
be6058a64a
10 changed files with 253 additions and 0 deletions
|
|
@ -19,6 +19,11 @@ vault_password_file = ./vault.secret
|
|||
# Ansible-Verhalten
|
||||
ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S
|
||||
|
||||
# Use the YAML callback plugin.
|
||||
stdout_callback = yaml
|
||||
# Use the stdout_callback when running ad-hoc commands.
|
||||
bin_ansible_callbacks = True
|
||||
|
||||
[privilege_escalation]
|
||||
become = True
|
||||
become_method = sudo
|
||||
|
|
|
|||
7
playbooks/heyer.systems/build_debian-minimal-image.yml
Normal file
7
playbooks/heyer.systems/build_debian-minimal-image.yml
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
- name: Build Debian image for Proxmox using bootstrap-vz (local)
|
||||
hosts: localhost
|
||||
connection: local
|
||||
gather_facts: false
|
||||
|
||||
roles:
|
||||
- create_image_debian-minimal
|
||||
1
roles/create_image_debian-minimal/.gitignore
vendored
Normal file
1
roles/create_image_debian-minimal/.gitignore
vendored
Normal file
|
|
@ -0,0 +1 @@
|
|||
files/*
|
||||
14
roles/create_image_debian-minimal/defaults/main.yml
Normal file
14
roles/create_image_debian-minimal/defaults/main.yml
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
packer_version: "1.13.1"
|
||||
|
||||
ssh_key_url: "https://skulldev.de/Skull-IT/trusted-ssh-keys/raw/branch/main/trusted-ssh-keys"
|
||||
|
||||
image_output_dir: "/tmp/packer_images"
|
||||
|
||||
debian_iso_url: "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.11.0-amd64-netinst.iso"
|
||||
debian_iso_checksum_url: "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA256SUMS"
|
||||
# https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA256SUMS
|
||||
debian_iso_filename: "debian-12.11.0-amd64-netinst.iso"
|
||||
|
||||
ssh_username: "localadmin"
|
||||
ssh_password: "packer"
|
||||
0
roles/create_image_debian-minimal/handlers/main.yml
Normal file
0
roles/create_image_debian-minimal/handlers/main.yml
Normal file
0
roles/create_image_debian-minimal/meta/main.yml
Normal file
0
roles/create_image_debian-minimal/meta/main.yml
Normal file
96
roles/create_image_debian-minimal/tasks/main.yml
Normal file
96
roles/create_image_debian-minimal/tasks/main.yml
Normal file
|
|
@ -0,0 +1,96 @@
|
|||
---
|
||||
- name: Ensure QEMU, KVM and dependencies are installed
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- qemu-system-x86
|
||||
- qemu-utils
|
||||
- libvirt-daemon-system
|
||||
- libvirt-clients
|
||||
- bridge-utils
|
||||
- virtinst
|
||||
- virt-manager
|
||||
- cpu-checker
|
||||
- unzip
|
||||
- curl
|
||||
state: present
|
||||
become: true
|
||||
|
||||
- name: Download Packer
|
||||
ansible.builtin.get_url:
|
||||
url: "https://releases.hashicorp.com/packer/{{ packer_version }}/packer_{{ packer_version }}_linux_amd64.zip"
|
||||
dest: "/tmp/packer.zip"
|
||||
mode: '0644'
|
||||
|
||||
- name: Unarchive Packer
|
||||
ansible.builtin.unarchive:
|
||||
src: /tmp/packer.zip
|
||||
dest: /usr/local/bin/
|
||||
remote_src: yes
|
||||
become: true
|
||||
|
||||
- name: Ensure packer is executable
|
||||
ansible.builtin.file:
|
||||
path: /usr/local/bin/packer
|
||||
mode: '0755'
|
||||
owner: root
|
||||
group: root
|
||||
become: true
|
||||
|
||||
- name: Create output directory for Packer images
|
||||
ansible.builtin.file:
|
||||
path: "{{ image_output_dir }}"
|
||||
state: directory
|
||||
mode: '0755'
|
||||
become: true
|
||||
|
||||
- name: Create HTTP directory inside output dir for preseed.cfg
|
||||
ansible.builtin.file:
|
||||
path: "{{ image_output_dir }}/http"
|
||||
state: directory
|
||||
mode: '0755'
|
||||
become: true
|
||||
|
||||
- name: Copy preseed.cfg template to HTTP directory
|
||||
ansible.builtin.template:
|
||||
src: preseed.cfg.j2
|
||||
dest: "{{ image_output_dir }}/http/preseed.cfg"
|
||||
mode: '0644'
|
||||
|
||||
- name: Download Debian ISO checksums
|
||||
ansible.builtin.get_url:
|
||||
url: "{{ debian_iso_checksum_url }}"
|
||||
dest: /tmp/debian_sha256sums.txt
|
||||
mode: '0644'
|
||||
|
||||
- name: Extract checksum for ISO
|
||||
ansible.builtin.shell: |
|
||||
grep "{{ debian_iso_filename }}" /tmp/debian_sha256sums.txt | awk '{ print $1 }'
|
||||
register: debian_iso_checksum_result
|
||||
changed_when: false
|
||||
|
||||
- name: Set fact with full checksum string
|
||||
ansible.builtin.set_fact:
|
||||
debian_iso_checksum: "sha256:{{ debian_iso_checksum_result.stdout }}"
|
||||
|
||||
- name: Template Packer HCL config
|
||||
ansible.builtin.template:
|
||||
src: debian_minimal.pkr.hcl.j2
|
||||
dest: "{{ image_output_dir }}/debian_minimal.pkr.hcl"
|
||||
|
||||
- name: Run `packer init`
|
||||
ansible.builtin.command: packer init debian_minimal.pkr.hcl
|
||||
args:
|
||||
chdir: "{{ image_output_dir }}"
|
||||
|
||||
- name: Run `packer build`
|
||||
ansible.builtin.command: >
|
||||
sh -c 'PACKER_LOG=1 PACKER_LOG_PATH=/tmp/packer.log packer build debian_minimal.pkr.hcl'
|
||||
args:
|
||||
chdir: "{{ image_output_dir }}"
|
||||
|
||||
- name: Copy built image to role files directory
|
||||
ansible.builtin.copy:
|
||||
src: "{{ image_output_dir }}/debian-minimal/debian-minimal.qcow2"
|
||||
dest: "{{ role_path }}/files/debian-minimal.qcow2"
|
||||
remote_src: yes
|
||||
become: true
|
||||
|
|
@ -0,0 +1,53 @@
|
|||
source "qemu" "debian" {
|
||||
iso_url = "{{ debian_iso_url }}"
|
||||
iso_checksum = "{{ debian_iso_checksum }}"
|
||||
|
||||
output_directory = "{{ image_output_dir }}/debian-minimal"
|
||||
vm_name = "debian-minimal.qcow2"
|
||||
shutdown_command = "echo 'packer' | sudo -S shutdown -P now"
|
||||
ssh_username = "{{ ssh_username }}"
|
||||
ssh_password = "{{ ssh_password }}"
|
||||
ssh_timeout = "60m"
|
||||
disk_interface = "virtio"
|
||||
format = "qcow2"
|
||||
accelerator = "kvm"
|
||||
|
||||
http_directory = "http"
|
||||
|
||||
headless = true
|
||||
|
||||
qemuargs = [
|
||||
["-m", "2048M"],
|
||||
["-smp", "2"],
|
||||
["-cpu", "host"],
|
||||
["-device", "virtio-rng-pci"]
|
||||
]
|
||||
|
||||
boot_wait = "15s"
|
||||
|
||||
boot_command = [
|
||||
{% raw %}
|
||||
"<esc><wait>",
|
||||
"<esc><wait>",
|
||||
"auto priority=critical interface=auto netcfg/disable_dhcp=false preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg debian-installer=de_DE locale=de_DE.UTF-8 keyboard-configuration/xkb-keymap=de keyboard-configuration/layoutcode=de keyboard-configuration/modelcode=pc105 keyboard-configuration/variant=de console-setup/ask_detect=false netcfg/get_hostname=debian fb=false debconf/frontend=noninteractive initrd=/install.amd/initrd.gz /install.amd/vmlinuz quiet <enter>"
|
||||
{% endraw %}
|
||||
]
|
||||
|
||||
}
|
||||
|
||||
build {
|
||||
sources = ["source.qemu.debian"]
|
||||
|
||||
provisioner "shell" {
|
||||
inline = [
|
||||
"export DEBIAN_FRONTEND=noninteractive",
|
||||
|
||||
"sudo apt-get update -y",
|
||||
"sudo apt-get install -y sudo curl vim", # 'passwd' ist eh schon da
|
||||
|
||||
"sudo mkdir -p /root/.ssh",
|
||||
"curl -fsSL '{{ ssh_key_url }}' | sudo tee /root/.ssh/authorized_keys",
|
||||
"sudo chmod 600 /root/.ssh/authorized_keys"
|
||||
]
|
||||
}
|
||||
}
|
||||
77
roles/create_image_debian-minimal/templates/preseed.cfg.j2
Normal file
77
roles/create_image_debian-minimal/templates/preseed.cfg.j2
Normal file
|
|
@ -0,0 +1,77 @@
|
|||
d-i partman/early_command string \
|
||||
debconf-set partman/confirm_write_new_label true; \
|
||||
debconf-set partman/confirm_nooverwrite true; \
|
||||
debconf-set partman/confirm true
|
||||
|
||||
# Preseeding only locale sets language, country and locale.
|
||||
d-i debian-installer/locale string de_DE.UTF-8
|
||||
|
||||
# Keyboard selection
|
||||
d-i console-setup/ask_detect boolean false
|
||||
d-i keyboard-configuration/xkb-keymap select de
|
||||
d-i keyboard-configuration/layoutcode string de
|
||||
d-i keyboard-configuration/variant string de
|
||||
d-i keyboard-configuration/modelcode string pc105
|
||||
|
||||
# Clock and time zone setup
|
||||
d-i clock-setup/utc boolean true
|
||||
d-i time/zone string Europe/Berlin
|
||||
|
||||
# Avoid that last message about the install being complete.
|
||||
d-i finish-install/reboot_in_progress note
|
||||
|
||||
# Partitioning
|
||||
d-i partman-auto/method string lvm
|
||||
d-i partman-auto-lvm/guided_size string max
|
||||
d-i partman-lvm/device_remove_lvm boolean true
|
||||
d-i partman-md/device_remove_md boolean true
|
||||
|
||||
## This makes partman automatically partition without confirmation.
|
||||
d-i partman-md/confirm boolean true
|
||||
d-i partman-partitioning/confirm_write_new_label boolean true
|
||||
d-i partman-auto/choose_recipe select atomic
|
||||
d-i partman/choose_partition select finish
|
||||
d-i partman-lvm/confirm boolean true
|
||||
d-i partman-lvm/confirm_nooverwrite boolean true
|
||||
d-i partman/confirm boolean true
|
||||
|
||||
# Bootloader
|
||||
d-i grub-installer/only_debian boolean true
|
||||
d-i grub-installer/with_other_os boolean true
|
||||
d-i grub-installer/bootdev string /dev/vda
|
||||
|
||||
# Account setup
|
||||
|
||||
## Root Account
|
||||
d-i passwd/root-login boolean false
|
||||
|
||||
## User Account
|
||||
d-i passwd/user-fullname string heyeradmin
|
||||
d-i passwd/user-uid string 1000
|
||||
d-i passwd/user-default-groups string sudo,adm,cdrom,dip,plugdev
|
||||
d-i passwd/user-password password packer
|
||||
d-i passwd/user-password-again password packer
|
||||
d-i passwd/username string heyeradmin
|
||||
d-i user-setup/allow-password-weak boolean true
|
||||
d-i user-setup/encrypt-home boolean false
|
||||
|
||||
d-i preseed/late_command string \
|
||||
in-target bash -c \
|
||||
'echo "heyeradmin ALL=(ALL) NOPASSWD:ALL" >/etc/sudoers.d/99_heyeradmin && \
|
||||
chmod 440 /etc/sudoers.d/99_heyeradmin'
|
||||
|
||||
# Hostname
|
||||
d-i netcfg/get_hostname string debian
|
||||
d-i netcfg/get_domain string localdomain
|
||||
d-i netcfg/disable_dhcp boolean false
|
||||
|
||||
|
||||
# Package selection
|
||||
tasksel tasksel/first standard
|
||||
d-i pkgsel/include string openssh-server build-essential
|
||||
d-i pkgsel/update-policy select none
|
||||
d-i pkgsel/upgrade select full-upgrade
|
||||
|
||||
d-i partman/confirm_write_new_label boolean true
|
||||
d-i partman/confirm_nooverwrite boolean true
|
||||
d-i partman/confirm boolean true
|
||||
0
roles/create_image_debian-minimal/vars/main.yml
Normal file
0
roles/create_image_debian-minimal/vars/main.yml
Normal file
Loading…
Add table
Reference in a new issue