First working version for Netbootbox-Install

2023-09-05 15:11:41 +02:00 · 2023-09-05 15:11:41 +02:00 · 7bf673e2c6
commit 7bf673e2c6
parent 790f0327ca
59 changed files with 659 additions and 171 deletions
--- a/roles/lmn_netbootinstaller/defaults/main.yml
+++ b/roles/lmn_netbootinstaller/defaults/main.yml
@ -0,0 +1,2 @@
+---
+service_description: "A service to server the netboot-client-playbook and roles to the lan"
--- a/roles/lmn_netbootinstaller/handlers/main.yml
+++ b/roles/lmn_netbootinstaller/handlers/main.yml
@ -0,0 +1,13 @@
+- name: rebuild di-netboot menu
+  command: "{{ item }}"
+  with_items:
+    - di-netboot-assistant rebuild-menu
+    - di-netboot-assistant rebuild-grub
+  listen: rebuild di-netboot menu
+
+
+- name: restart git service 
+  service:
+    name: lmn-netboot-git
+    state: restarted
+  listen: restart git service
--- a/roles/lmn_netbootinstaller/tasks/main.yml
+++ b/roles/lmn_netbootinstaller/tasks/main.yml
@ -0,0 +1,39 @@
+---
+- name: prepare installer boot loader grub
+  blockinfile:
+    path: /etc/di-netboot-assistant/grub.cfg.HEAD
+    insertbefore: "^menuentry 'Boot from local disk..'"
+    marker: "# {mark} ANSIBLE MANAGED BLOCK netboot-installer"
+    block: |
+      menuentry 'Installer Debian bookworm (amd64) + preseed + lmn-desktop.yml' --unrestricted {
+          linux (http,{{ ansible_default_ipv4.address }})/d-i/n-pkg/images/12/amd64/text/debian-installer/amd64/linux auto=true priority=critical \
+          url=tftp://{{ ansible_default_ipv4.address }}/d-i/bookworm/preseed.cfg_lmn-desktop \
+          playbook=lmn-desktop.yml adpw='{{ gapw }}' ---
+          initrd (http,{{ ansible_default_ipv4.address }})/d-i/n-pkg/images/12/amd64/text/debian-installer/amd64/initrd.gz
+      }
+  notify: rebuild di-netboot menu
+
+- name: set git-daemon-export-ok for management repo
+  copy:
+    content: ""
+    dest: "{{ playbook_dir }}/.git/git-daemon-export-ok"
+    force: false
+    group: ansible
+    owner: ansible
+    mode: 0644
+
+- name: Create gitd systemd service file
+  template:
+    src: templates/lmn-netboot-git.service.j2
+    dest: /lib/systemd/system/lmn-netboot-git.service
+
+- name: Start gitd service for installation playbook
+  systemd:
+    name: lmn-netboot-git
+    state: started
+
+- name: provide preseed.cfg_lmn-desktop file
+  template:
+    src: templates/preseed.cfg_lmn-desktop.j2
+    dest: /var/lib/tftpboot/d-i/bookworm/preseed.cfg_lmn-desktop
+  notify: restart git service
--- a/roles/lmn_netbootinstaller/templates/lmn-netboot-git.service.j2
+++ b/roles/lmn_netbootinstaller/templates/lmn-netboot-git.service.j2
@ -0,0 +1,20 @@
+[Unit]
+Description={{ service_description }}
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/git daemon --reuseaddr --base-path={{ playbook_dir }}  {{ playbook_dir }}
+Restart=on-failure
+
+Restart=always
+RestartSec=500ms
+
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=git-daemon
+
+User=ansible
+Group=ansible
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/lmn_netbootinstaller/templates/preseed.cfg_lmn-desktop.j2
+++ b/roles/lmn_netbootinstaller/templates/preseed.cfg_lmn-desktop.j2
@ -0,0 +1,149 @@
+#### Preconfiguration file
+##
+##  The following preseeding might be used to install a basic system
+##  completely automatically.
+##
+##  A user 'ansible' is set up and ssh login with public key
+##  authentication is configured.  The idea is to allow further
+##  customization of the system after installation using ansible.
+##
+##  Modify at least the public ssh key in 'authorized_keys' (see
+##  below).
+##
+##  For more examples and comments consult:
+##    https://www.debian.org/releases/stable/example-preseed.txt
+##
+
+## To change default values:
+#d-i foo/bar seen false
+#d-i foo/bar string value
+
+## Useful boot parameters:
+## DEBCONF_DEBUG=5
+## locale?=de_DE
+
+## To set the hostname manually during installation, use priority=high
+## as boot parameter and uncomment this line:
+#d-i debconf/priority string critical
+
+## Preseeding only locale sets language, country and locale:
+d-i debian-installer/locale string de_DE
+d-i keyboard-configuration/xkb-keymap select de
+
+## Use hostname assigned by DHCP:
+d-i netcfg/get_hostname string unassigned-hostname
+d-i netcfg/get_domain string unassigned-domain
+
+## Skip root account:
+d-i passwd/root-login boolean false
+
+### Apt setup
+d-i apt-setup/non-free-firmware boolean true
+d-i apt-setup/non-free boolean true
+d-i apt-setup/contrib boolean true
+
+d-i mirror/country string manual
+d-i mirror/http/hostname string deb.debian.org
+d-i mirror/http/directory string /debian
+#d-i mirror/http/proxy string http://10.167.0.253:3142/
+#d-i mirror/http/proxy string http://192.168.1.17:3142/
+#d-i mirror/http/proxy string http://aptcache.steinbeisschule-reutlingen.de:3142/
+d-i mirror/http/proxy string http://10.16.1.2:3142/
+
+# NTP server to use.
+d-i clock-setup/ntp-server string server.qgm.lan
+
+### Backports:
+#apt-setup-udeb apt-setup/services-select multiselect security, updates, backports
+apt-setup-udeb apt-setup/services-select multiselect security, updates
+
+### Ansible User
+d-i passwd/user-fullname string Ansible User
+d-i passwd/username string ansible
+d-i passwd/user-password password insecure
+d-i passwd/user-password-again password insecure
+#d-i passwd/user-password-crypted password [crypt(3) hash]
+
+### Do not ask about support for non-efi systems:
+d-i partman-efi/non_efi_system boolean true
+
+### Leave this empty to use the only available hard drive:
+d-i partman-auto/disk string
+#d-i partman-auto/disk string /dev/sdd
+#d-i partman-auto/disk string /dev/vda
+
+### Regular partitions:
+d-i partman-auto/method string regular
+d-i partman-auto/choose_recipe select atomic
+## This makes partman automatically partition without confirmation:
+d-i partman-partitioning/confirm_write_new_label boolean true
+d-i partman/choose_partition select finish
+d-i partman/confirm boolean true
+d-i partman/confirm_nooverwrite boolean true
+
+# ### Enable to set up LVM:
+# d-i partman-auto/method string lvm
+# ## Use only 50% of the available physical volume size and then
+# ## adjust the logical volume sizes later with ansible, if needed:
+# d-i partman-auto-lvm/guided_size PERCENT 50%
+# # If one of the disks that are going to be automatically partitioned
+# # contains an old LVM configuration, the user will normally receive a
+# # warning. This can be preseeded away...
+# d-i partman-lvm/device_remove_lvm boolean true
+# # The same applies to pre-existing software RAID array:
+# d-i partman-md/device_remove_md boolean true
+# # And the same goes for the confirmation to write the lvm partitions.
+# d-i partman-lvm/confirm boolean true
+# d-i partman-lvm/confirm_nooverwrite boolean true
+# # You can choose one of the three predefined partitioning recipes:
+# # - atomic: all files in one partition
+# # - home:   separate /home partition
+# # - multi:  separate /home, /var, and /tmp partitions
+# d-i partman-auto/choose_recipe select multi
+
+### Package selection
+#tasksel tasksel/first multiselect standard, ssh-server, gnome-desktop, print-server
+tasksel tasksel/first multiselect standard, ssh-server, kde-desktop
+
+### Individual additional packages to install
+#d-i pkgsel/include string firmware-linux ansible git
+d-i pkgsel/include string ansible git firmware-linux
+#d-i pkgsel/include string firmware-linux ansible/buster-backports git
+#d-i pkgsel/include string firmware-linux
+
+### GRUB on default disk:
+d-i grub-installer/bootdev string default
+
+### This command is run just before the install finishes:
+d-i preseed/late_command string \
+      mkdir -p /target/home/ansible/.ssh && \
+      echo "{{ ansible_ssh_pubkey }}" >> /target/home/ansible/.ssh/authorized_keys ; \
+      in-target chown -R ansible:ansible /home/ansible/.ssh/ ; \
+      in-target chmod -R og= /home/ansible/.ssh/ ; \
+      [ -z "$playbook" ] || mkdir -v /target/dev/shm ; \
+      [	-z "$playbook" ] || in-target mount -v -t tmpfs tmpfs /dev/shm ; \
+      in-target ansible-pull --verbose --purge --extra-vars="run_in_installer=true" \
+          -i localhost, --url=git://{{ ansible_default_ipv4.address }}/.git -C {{ lmn_client_branch }} $playbook
+#         -i localhost, --url=http://10.16.1.2/debian-lan-ansible.git $playbook
+#         -i localhost, --url=git://10.167.0.253/.git -C fvs $playbook
+#         -i localhost, --url=git://installbox/.git $playbook
+#
+#
+## Replace key with:  sed -i "s#echo \".\+\"#echo \"$(cat ~/.ssh/id_rsa.pub)\"#" preseed.cfg
+#
+## When installing in combination with ansible-pull,
+## export your ansible playbook like:
+##
+##   git daemon --verbose --export-all \
+##       --base-path=/dir/of/playbook -- /dir/of/playbook
+##
+## Conditions may be applied in the playbook like:
+##    when: run_in_installer|default(false)|bool
+##    when: not run_in_installer|default(false)|bool
+
+### Avoid that last message about the install being complete.
+d-i finish-install/reboot_in_progress note
+
+## Do not modify boot order (netboot first): 
+grub-efi-amd64 grub2/update_nvram boolean false
+##grub-efi-amd64 grub2/force_efi_extra_removable boolean true