lxd-container: add creation and initial configuration

25d38b13 · Pietro Albini · 9f644ded · 25d38b13 · 25d38b13 · 25d38b13
Commit 25d38b13 authored Feb 27, 2018 by Pietro Albini
4 changed files
--- a/playbooks/roadhouse.yml
+++ b/playbooks/roadhouse.yml
@@ -27,3 +27,13 @@
    - role: lxd
      subnet4: 10.0.0
      subnet6: 2001:470:b368:4242
+    - role: lxd-container
+      name: spock
+      image: debian/jessie/amd64
+    - role: lxd-container
+      name: bromuro
+      image: ubuntu/trusty/amd64
--- a/roles/lxd-container/tasks/creation.yml
+++ b/roles/lxd-container/tasks/creation.yml
+---
+- name: "Create the {{ name }} container"
+  lxd_container:
+    name: "{{ name }}"
+    state: started
+    source:
+      type: image
+      mode: pull
+      server: https://images.linuxcontainers.org
+      protocol: lxd
+      alias: "{{ image }}"
+    timeout: 600
+  register: lxd_container_created
+- block:
+    - name: "Upload the bootstrap script for the {{ name }} container"
+      template:
+        src: bootstrap-container.sh.j2
+        dest: "/tmp/bootstrap-container-{{ name }}.sh"
+        mode: 0700
+    - name: "Execute the bootstrap script for the {{ name }} container"
+      command: "/tmp/bootstrap-container-{{ name }}.sh"
+    - name: "Delete the bootstrap script for the {{ name }} container"
+      file:
+        path: "/tmp/bootstrap-container-{{ name }}.sh"
+        state: absent
+  when: lxd_container_created.changed
--- a/roles/lxd-container/tasks/main.yml
+++ b/roles/lxd-container/tasks/main.yml
+---
+- include_tasks: creation.yml
--- a/roles/lxd-container/templates/bootstrap-container.sh.j2
+++ b/roles/lxd-container/templates/bootstrap-container.sh.j2
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+NAME="{{ name }}"
+ex() {
+    lxc exec "${NAME}" -- $@
+    return $?
+}
+# Install a few packages in the container
+ex apt-get update
+ex apt-get install python openssh-server sudo -y
+# Create the "manage" user in the passwordless sudo group
+if ! ex grep -q -E "^passwordless-sudo:" /etc/group; then
+    ex addgroup passwordless-sudo
+fi
+if ! ex grep -q -E "^manage:" /etc/passwd; then
+    ex adduser manage --home /home/manage --gecos "" --disabled-password
+    ex adduser manage passwordless-sudo
+fi
+# Allow the passwordless-sudo group to use... well... passwordless sudo?
+echo "%passwordless-sudo ALL=(ALL:ALL) NOPASSWD:ALL" | \
+    ex bash -c "cat >> /etc/sudoers"
+# Authorize the hypervisor manage to connect to the guest manage
+ex sudo -u manage mkdir -p /home/manage/.ssh
+cat /home/manage/.ssh/authorized_keys | \
+    ex sudo -u manage bash -c "cat > /home/manage/.ssh/authorized_keys"
+ex chmod 0600 /home/manage/.ssh/authorized_keys