commit e7c907eb3e7be290b153605f94a209fa5e331730 Author: Markus Brecchtel Date: Tue Nov 29 16:36:56 2016 +0000 current state from 2015-11-29 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b25c15b --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*~ diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..c965c54 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,4 @@ +installer_directory: host_files/{{ inventory_hostname }}/installer +nonfree_firmware: false +img_size: 8 +memory: 512 diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..307399e --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,25 @@ +--- +dependencies: + - name: static_host_vars + static_host_vars_default: + uuid: "{{ lookup('pipe','uuid') }}" + networks: "{{ { netname : { 'mac': '%02x' | format( (2**44)*5 + 2**41 + (2**32)*84 + (16777216|random) ) | hwaddr( 'linux' ) } } }}" + when: install=="vm" + - name: password + password_name: root + password_hash: sha512 + password_wordlists: ['en'] + password_space: true + password_bits: 96 + - name: password + password_name: "local-admin" + password_hash: sha512 + password_wordlists: ['en'] + password_space: true + password_bits: 96 + - name: password + password_name: grub + password_hash: md5 + password_wordlists: ['en'] + password_space: true + password_bits: 96 diff --git a/tasks/installer.yml b/tasks/installer.yml new file mode 100644 index 0000000..57af1ec --- /dev/null +++ b/tasks/installer.yml @@ -0,0 +1,22 @@ +--- + +- name: copy linux kernel + copy: src=/usr/lib/debian-installer/images/8/amd64/text/debian-installer/amd64/linux dest={{installer_directory}}/linux remote_src=true + +- name: copy initrd for customization + shell: gunzip -c /usr/lib/debian-installer/images/8/amd64/text/debian-installer/amd64/initrd.gz > {{installer_directory}}/initrd + +- name: insert files into initrd + shell: echo {{item}} | cpio --create --format=newc --append --file=initrd + args: + chdir: "{{installer_directory}}/" + with_items: + - preseed.cfg + - run.sh + +- name: compress custom initrd + command: gzip -f {{installer_directory}}/initrd + +- name: merge initrd.gz and firmware.cpio.gz + shell: cat /usr/lib/debian-installer/images/8/amd64/text/debian-installer/firmware.cpio.gz >> {{installer_directory}}/initrd.gz + when: nonfree_firmware diff --git a/tasks/iso.yml b/tasks/iso.yml new file mode 100644 index 0000000..1c52c1c --- /dev/null +++ b/tasks/iso.yml @@ -0,0 +1,14 @@ +--- + +- name: isolinux.bin + copy: src=/usr/lib/ISOLINUX/isolinux.bin dest={{installer_directory}}/isolinux.bin + +- name: ldlinux.c32 + copy: src=/usr/lib/syslinux/modules/bios/ldlinux.c32 dest={{installer_directory}}/ldlinux.c32 + +- name: isolinux.cfg + template: src=isolinux.cfg.j2 dest={{installer_directory}}/isolinux.cfg + +- name: generate iso image + command: genisoimage -o {{installer_directory}}/installer.iso -b isolinux.bin -c boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table {{installer_directory}}/ + diff --git a/tasks/kexec.yml b/tasks/kexec.yml new file mode 100644 index 0000000..1286034 --- /dev/null +++ b/tasks/kexec.yml @@ -0,0 +1,7 @@ +--- + +- name: create kexec-script to start debian-installer + copy: content="kexec --command-line=\'auto=true priority=critical --- console=ttyS0\' --initrd=initrd.gz linux" dest={{installer_directory}}/kexec.sh + +- name: install kexec-tools + apt: pkg=kexec-tools state=present diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..e3efa0f --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,19 @@ +--- + +#- include: tools.yml + +- name: host install directory + file: state=directory path={{installer_directory}} + +- include: preseed.yml + +- include: installer.yml + +- include: kexec.yml + when: install == "kexec" + +- include: iso.yml + when: (install == "iso") or (install == "vm") + +- include: vm.yml + when: install == "vm" diff --git a/tasks/preseed.yml b/tasks/preseed.yml new file mode 100644 index 0000000..11f669c --- /dev/null +++ b/tasks/preseed.yml @@ -0,0 +1,12 @@ +--- + +- name: template run.sh + template: src=run.sh.j2 dest={{installer_directory}}/run.sh + +- name: stat run.sh + stat: path={{installer_directory}}/run.sh + register: run_sh + +- name: template preseed.cfg + template: src=preseed.cfg.j2 dest={{installer_directory}}/preseed.cfg + diff --git a/tasks/tools.yml b/tasks/tools.yml new file mode 100644 index 0000000..cc48dac --- /dev/null +++ b/tasks/tools.yml @@ -0,0 +1,14 @@ +--- + +- name: install required software + apt: name={{item}} state=present + with_items: + - cpio + - debian-installer-8-netboot-amd64 + - genisoimage + - syslinux + - isolinux + - pxelinux + +- name: download d-i non-free firmware + get_url: url=http://cdimage.debian.org/cdimage/unofficial/non-free/firmware/stable/current/firmware.cpio.gz dest=/usr/lib/debian-installer/images/8/amd64/text/debian-installer/firmware.cpio.gz diff --git a/tasks/vm.yml b/tasks/vm.yml new file mode 100644 index 0000000..d786537 --- /dev/null +++ b/tasks/vm.yml @@ -0,0 +1,3 @@ +--- +- name: install vm + command: virt-install -n {{ inventory_hostname }} --memory {{memory}} --vcpus {{vcpus|default(1)}} --disk size={{img_size}} --network network={{netname}},mac={{networks[netname].mac}},model=e1000 --cdrom {{installer_directory}}/installer.iso --os-variant=debianwheezy diff --git a/templates/isolinux.cfg.j2 b/templates/isolinux.cfg.j2 new file mode 100644 index 0000000..dafbc78 --- /dev/null +++ b/templates/isolinux.cfg.j2 @@ -0,0 +1,5 @@ +serial 0 115200 +default installer +label installer + kernel /linux + append initrd=/initrd.gz auto=true priority=critical --- console=ttyS0 diff --git a/templates/preseed.cfg.j2 b/templates/preseed.cfg.j2 new file mode 100644 index 0000000..abb44ed --- /dev/null +++ b/templates/preseed.cfg.j2 @@ -0,0 +1,168 @@ +#### Contents of the preconfiguration file (for jessie) +### Localization +# Locale +d-i debian-installer/language string de +d-i debian-installer/country string DE +d-i debian-installer/locale string de_DE.UTF-8 + +# Keyboard selection. +d-i keyboard-configuration/xkb-keymap select de +d-i keyboard-configuration/toggle select No toggling + +### Network configuration +{% if (networks is defined) and (netname is defined) and (networks[netname] is defined) %} +d-i netcfg/choose_interface select {{ networks[netname].mac | default("auto") }} + +{% if (networks[netname].type is defined) and (networks[netname].type == 'static') %} +d-i netcfg/disable_autoconfig boolean true +d-i netcfg/get_ipaddress string {{ networks[netname].ip | ipaddr('address') }} +d-i netcfg/get_netmask string {{ networks[netname].ip | ipaddr('netmask') }} +d-i netcfg/get_gateway string {{ networks[netname].gateway }} +d-i netcfg/get_nameservers string {{ networks[netname].nameservers | join(" ") }} +d-i netcfg/confirm_static boolean true +{% endif %} +{% endif %} + +### Network console +{% if network_console is defined %} +d-i anna/choose_modules string network-console +d-i network-console/password-disabled boolean true +{% endif %} + +### Hostname +d-i netcfg/hostname string {{inventory_hostname}} + +### Mirror settings +d-i mirror/country string manual +d-i mirror/http/hostname string debian.thengo.net +d-i mirror/http/directory string /debian +d-i mirror/http/proxy string + +### Account setup +# Skip creation of a root account (normal user account will be able to +# use sudo). +d-i passwd/root-login boolean true +# Alternatively, to skip creation of a normal user account. +d-i passwd/make-user boolean true + +# Root password +d-i passwd/root-password-crypted password {{ passwords_hashed["root"] }} + +# local-admin +d-i passwd/user-fullname string Administrator +d-i passwd/username string local-admin +d-i passwd/user-password-crypted password {{ passwords_hashed["local-admin"] }} +d-i passwd/user-uid string 999 + +### Clock and time zone setup +d-i clock-setup/utc boolean true +d-i time/zone string Etc/UTC +d-i clock-setup/ntp boolean true +d-i clock-setup/ntp-server string ntp1.thengo.net ntp2.thengo.net ntp3.thengo.net + +### Partitioning +{% if partitioning is defined %} +## Partitioning example +# If the system has free space you can choose to only partition that space. +# This is only honoured if partman-auto/method (below) is not set. +#d-i partman-auto/init_automatically_partition select biggest_free + +# You can choose one of the three predefined partitioning recipes: +# - atomic: all files in one partition +# - home: separate /home partition +# - multi: separate /home, /var, and /tmp partitions +d-i partman-auto/choose_recipe select atomic + +## Controlling how partitions are mounted +# The default is to mount by UUID, but you can also choose "traditional" to +# use traditional device names, or "label" to try filesystem labels before +# falling back to UUIDs. +d-i partman/mount_style select uuid + +d-i partman/default_filesystem string btrfs + +#d-i partman-auto/disk string /dev/sda + +d-i partman-auto/method string regular + +# partitioning +d-i partman-basicfilesystems/choose_label string gpt +d-i partman-basicfilesystems/default_label string gpt +d-i partman-partitioning/choose_label string gpt +d-i partman-partitioning/default_label string gpt +d-i partman/choose_label string gpt +d-i partman/default_label string gpt +d-i partman-partitioning/choose_label select gpt + +partman-base partman/default_filesystem string btrfs + +d-i partman-auto/choose_recipe atomic + +# This makes partman automatically partition without confirmation. +d-i partman-md/confirm boolean true +d-i partman-md/confirm_nooverwrite boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true + +# If one of the disks that are going to be automatically partitioned +# contains an old LVM configuration, the user will normally receive a +# warning. This can be preseeded away... +d-i partman-lvm/device_remove_lvm boolean true +# The same applies to pre-existing software RAID array: +d-i partman-md/device_remove_md boolean true +# And the same goes for the confirmation to write the lvm partitions. +d-i partman-lvm/confirm boolean true +d-i partman-lvm/confirm_nooverwrite boolean true + +# do not complain about missing swap partition +#d-i partman-basicfilesystems/no_swap boolean false +{% endif %} + +### Apt setup +# You can choose to install non-free and contrib software. +d-i apt-setup/non-free boolean {{ nonfree_firmware }} +d-i apt-setup/contrib boolean {{ nonfree_firmware }} +d-i apt-setup/services-select multiselect security,updates +d-i apt-setup/security_host string security.debian.org + +### Package selection +tasksel tasksel/first multiselect minimal + +# Individual additional packages to install +d-i pkgsel/include string openssh-server python python-apt + +# Whether to upgrade packages after debootstrap. +# Allowed values: none, safe-upgrade, full-upgrade +d-i pkgsel/upgrade select full-upgrade + +# Some versions of the installer can report back on what software you have +# installed, and what software you use. The default is not to report back, +# but sending reports helps the project determine what software is most +# popular and include it on CDs. +popularity-contest popularity-contest/participate boolean false + +### Boot loader installation +{% if bootloader is defined %} +# This is fairly safe to set, it makes grub install automatically to the MBR +# if no other operating system is detected on the machine. +d-i grub-installer/only_debian boolean true + +# This one makes grub-installer install to the MBR if it also finds some other +# OS, which is less safe as it might not be able to boot that other OS. +d-i grub-installer/with_other_os boolean true + +d-i grub-installer/bootdev string {{ bootdev | default("default") }} + +d-i grub-installer/password-crypted password {{ passwords_hashed["grub"] }} +{% endif %} + +### Finishing up the installation +# Avoid that last message about the install being complete. +d-i finish-install/reboot_in_progress note + +### Running custom commands during the installation +d-i preseed/run string run.sh +d-i preseed/run/checksum string {{ run_sh.stat.md5 }} + +d-i preseed/late_command string mkdir -p /target/root/.ssh; cp /.ssh/authorized_keys /target/root/.ssh/authorized_keys; mkdir -p /target/home/local-admin/.ssh; cp /.ssh/authorized_keys /target/home/local-admin/.ssh/authorized_keys; diff --git a/templates/run.sh.j2 b/templates/run.sh.j2 new file mode 100644 index 0000000..d8e0845 --- /dev/null +++ b/templates/run.sh.j2 @@ -0,0 +1,7 @@ +#!/bin/sh + +mkdir -p /.ssh + +cat > /.ssh/authorized_keys << EOF +{{ lookup('file', 'ssh_authorized_keys') }} +EOF