vm standup work for k8s

2022-10-24 02:54:34 +13:00 · 2022-10-24 02:54:34 +13:00 · fb6a488dac
commit fb6a488dac
parent 31157afa57
5 changed files with 200 additions and 1 deletions
--- a/ansible/playbooks/k8s.yaml
+++ b/ansible/playbooks/k8s.yaml
@ -1,16 +1,26 @@
 ---
 - name: create the vms
  hosts: hv00
  gather_facts: true
  become: true
  roles:
    - k8s_vms
 - name: python bootstrap
  hosts: k8s
  gather_facts: false
  become: true
  roles:
    - python-install
- name: ssh hardening
+
 - name: vm hardening
  hosts: k8s
  gather_facts: true
  become: true
  roles:
    - sshd
    - firewall
 - name: configure control plane
  hosts: k8s_control
  gather_facts: true
--- a/ansible/roles/k8s_vms/defaults/main.yml
+++ b/ansible/roles/k8s_vms/defaults/main.yml
@ -0,0 +1,19 @@
 ---
 vm_name_prefix: "kube"
 vm_name_suffixes: ["01","02","03"]
 vhd_template: "kube_template_vda.qcow2"
 root_vhd_pool_dir: "/vhds" # No trailing /
 data_vhd_pool_dir: 
 fw_vars_pool_dir: "/var/lib/libvirt/qemu/nvram" # No trailing /
 vm_memory: "16"
 vm_cpu: "4"
 vm_cpu_cores: "2"
 vm_cpu_threads: "2"
 vm_bridge: "br1"
 vm_mac_prefix: "52:54:00:e3:af:"
 vm_subnet_prefix: "192.168.199.1" # vm suffix will be appended to this
 vm_subnet_suffix: "/24"
 vm_gateway: "192.168.199.254"
 vm_domain: "balsillie.net"
 vm_machine_type: "pc-q35-7.1"
 vm_machine_arch: "x86_64"
--- a/ansible/roles/k8s_vms/tasks/main.yml
+++ b/ansible/roles/k8s_vms/tasks/main.yml
@ -0,0 +1,69 @@
 ---
 - name: create k8s vms
  with_items: "{{ vm_name_suffixes }}"
  loop_control:
    loop_var: vm_number
  block: 
  - name: create root vhd from template
    ansible.builtin.shell:
      cmd: |
        qemu-img create \
        -b {{ root_vhd_pool_dir }}/{{ vhd_template }} \
        -F qcow2 \
        -f qcow2 \
        {{ root_vhd_pool_dir }}/{{ vm_name_prefix }}{{ vm_number }}_vda.qcow2
    creates: "{{ root_vhd_pool_dir }}/{{ vm_name_prefix }}{{ vm_number }}_vda.qcow2"
    register: root_vhd_created
 # TODO check this template copy
  - name: copy network files in
    when: root_vhd_created is changed
    ansible.builtin.template:
      src: eno1.network.j2
      dest: /tmp/eno1_{{ vm_number }}.network
  - name: customize root vhd
    when: root_vhd_created is changed
    ansible.builtin.shell:
 # TODO check virt customize command
 # TODO select host vars for vm_number for password and ssh string
      cmd: |
        virt-customize -a {{ root_vhd_pool_dir }}/{{ vm_name_prefix }}{{ vm_number }}_vda.qcow2 \
        --format qcow2 \
        --hostname {{ vm_name_prefix }}{{ vm_number }}.{{ vm_domain }} \
        --copy-in /tmp/eno1_{{ vm_number }}.network:/etc/systemd/network/eno1.network \
        --append-line "/etc/hosts:127.0.1.1 {{ vm_name_prefix }}{{ vm_number }}.{{ vm_domain }} {{ vm_name_prefix }}{{ vm_number }}"
        --password ladmin:password:{{ }} \
        --password-crypto sha512 \
        --ssh-inject 'ladmin:string:{{  }}'
  - name: create container storage vhd
    ansible.builtin.shell:
      cmd: |
        qemu-img create -f qcow2 {{ root_vhd_pool_dir }}/{{ vm_name_prefix }}{{ vm_number }}_vdb.qcow2 64G
    creates: "{{ root_vhd_pool_dir }}/{{ vm_name_prefix }}{{ vm_number }}_vdb.qcow2"
  # - name: create data storage vhd
  #   ansible.builtin.shell:
  #     cmd: |
  #       qemu-img create -f qcow2 {{ data_vhd_pool_dir }}/kube{{ vm_number }}_vdc.qcow2 4096G
  #   creates: "{{ data_vhd_pool_dir }}/kube{{ vm_number }}_vdc.qcow2"
  - name: list vms
    community.libvirt.virt:
      command: list
    register: vm_list
  - name: define vm
    community.libvirt.virt:
      command: define
      autostart: true
      name: "{{ vm_name_prefix }}{{ vm_number }}"
      xml: "{{ lookup('template', 'vm_template.xml.j2') }}"
    when: not (vm_list contains {{ vm_name_prefix }}{{ vm_number }})
  - name: start vm
    community.libvirt.virt:
      command: start
      name: "{{ vm_name_prefix }}{{ vm_number }}"
--- a/ansible/roles/k8s_vms/templates/eno1.network.j2
+++ b/ansible/roles/k8s_vms/templates/eno1.network.j2
@ -0,0 +1,13 @@
 [Match]
 MACAddress={{ vm_mac_prefix }}{{ vm_number }}
 [Address]
 {{ vm_subnet_prefix }}{{ vm_number }}{{ vm_subnet_suffix }}
 [Route]
 Gateway={{ vm_gateway }}
 [Network]
 DHCP=no
 DNS={{ vm_gateway }}
 Domains={{ vm_domain }}
--- a/ansible/roles/k8s_vms/templates/vm_template.xml.j2
+++ b/ansible/roles/k8s_vms/templates/vm_template.xml.j2
@ -0,0 +1,88 @@
 <domain type='kvm'>
  <name>{{ vm_name_prefix }}{{ vm_number }}</name>
  <metadata>
    <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
      <libosinfo:os id="http://archlinux.org/archlinux/rolling"/>
    </libosinfo:libosinfo>
  </metadata>
  <memory unit='GiB'>{{ vm_memory }}</memory>
  <currentMemory unit='GiB'>{{ vm_memory }}</currentMemory>
  <vcpu placement='static'>{{ vm_cpu }}</vcpu>
  <resource>
    <partition>/machine</partition>
  </resource>
  <os>
    <type arch={{ vm_machine_arch }} machine={{ vm_machine_type }}>hvm</type>
    <loader readonly='yes' secure='yes' type='pflash'>/usr/share/edk2-ovmf/x64/OVMF_CODE.secboot.fd</loader>
    <nvram template=/usr/share/edk2-ovmf/x64/OVMF_VARS.fd>{{ fw_vars_pool_dir }}/{{ vm_name_prefix }}{{ vm_number }}_VARS.fd</nvram>
    <boot dev='hd'/>
  </os>
  <features>
    <acpi/>
    <apic/>
    <vmport state='off'/>
    <smm state='on'/>
  </features>
  <cpu mode='host-passthrough' check='none' migratable='on'>
    <topology sockets='1' dies='1' cores={{ vm_cpu_cores }} threads={{ vm_cpu_threads }}/>
  </cpu>
  <clock offset='utc'>
    <timer name='rtc' tickpolicy='catchup'/>
    <timer name='pit' tickpolicy='delay'/>
    <timer name='hpet' present='no'/>
  </clock>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>destroy</on_crash>
  <pm>
    <suspend-to-mem enabled='no'/>
    <suspend-to-disk enabled='no'/>
  </pm>
  <devices>
    <emulator>/usr/bin/qemu-system-x86_64</emulator>
    <disk type='file' device='disk'>
      <driver name='qemu' type='qcow2'/>
      <source file='{{ root_vhd_pool_dir }}/{{ vm_name_prefix }}{{ vm_number }}_vda.qcow2'/>
      <target dev='vda' bus='virtio'/>
      <boot order='1'/>
    </disk>
    <disk type='file' device='disk'>
      <driver name='qemu' type='qcow2'/>
      <source file='{{ root_vhd_pool_dir }}/{{ vm_name_prefix }}{{ vm_number }}_vdb.qcow2'/>
      <target dev='vdb' bus='virtio'/>
    </disk>
    <controller type='usb' index='0' model='qemu-xhci' ports='15'/>
    <controller type='sata' index='0'/>
    <controller type='virtio-serial' index='0'/>
    <interface type='bridge'>
      <mac address={{ vm_mac_prefix }}{{ vm_number }}'/>
      <source bridge='{{ vm_bridge }}'/>
      <model type='virtio'/>
    </interface>
    <serial type='pty'>
      <source path='/dev/pts/2'/>
      <target type='isa-serial' port='0'>
        <model name='isa-serial'/>
      </target>
    </serial>
    <console type='pty' tty='/dev/pts/2'>
      <source path='/dev/pts/2'/>
      <target type='serial' port='0'/>
    </console>
    <channel type='unix'>
      <target type='virtio' name='org.qemu.guest_agent.0'/>
      <address type='virtio-serial' controller='0' bus='0' port='1'/>
    </channel>
    <input type='tablet' bus='usb'>
      <address type='usb' bus='0' port='1'/>
    </input>
    <input type='mouse' bus='ps2'/>
    <input type='keyboard' bus='ps2'/>
    <memballoon model='virtio' autodeflate='on' freePageReporting='on'>
      <stats period='5'/>
    </memballoon>
    <rng model='virtio'>
      <backend model='random'>/dev/urandom</backend>
    </rng>
  </devices>
 </domain>