From 332dbe851c44543b69e516439baf203c9bebcadc Mon Sep 17 00:00:00 2001 From: zsdc Date: Thu, 20 Feb 2020 10:43:36 +0200 Subject: QEMU image build improvements * Added missed package dependencies (for Debian 10 based builders) * Added additional options, which can be passed to the playbook: * iso_local - path to local ISO file * disk_size - target disk image size * cloud_init - enable or disable Cloud-init integration to an image * cloud_init_ds - set custom list of data sources for Cloud-init * Added a version number and Cloud-init mark to a QCOW2 image name * Cloud-init installation procedure tuned to use packages from a proper one VyOS repository, according to VyOS and Debian version * Added workaround for /etc/network/interfaces to allow Cloud-init initialize network in a native way * Replaced default config file to Jinja2 template * Fixed GRUB installation on UEFI builders - added target i386-pc * Replaced GRUB configuration: * enable both KVM and Serial console for all images (Serial by default) * added password recovery option for all images * added 5 seconds of a timeout to allow select proper menu entry * fixed booting for 1.3 VyOS * Added loop device detach after image build - allows to build images multiple times without exhausting loop device limit * Added fstrim applying for image - theoretically, this may save some space * Enabled compression for QCOW2 image - this reduces image size significantly * Added RAW image deletion after conversion to more accurate cleanup --- group_vars/all.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'group_vars/all.yml') diff --git a/group_vars/all.yml b/group_vars/all.yml index 2e1c25b..f718626 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -1,7 +1,7 @@ ansible_host_key_checking: False vyos_iso_url: "" -vyos_iso_local: /tmp/vyos.iso +vyos_iso_local: "{{ iso_local | default('/tmp/vyos.iso') }}" vyos_key_url: http://packages.vyos.net/vyos-release.gpg vyos_key_local: /tmp/vyos-release.gpg @@ -12,7 +12,7 @@ vyos_write_root: /mnt/wroot vyos_read_root: /mnt/squashfs vyos_install_root: /mnt/inst_root -vyos_disk_size: 10 +vyos_disk_size: "{{ disk_size | default(10) }}" vyos_root_fstype: ext4 vyos_target_drive: "" -- cgit v1.2.3 From afca529c30e486e834ad5e98f18bfba5f40710ac Mon Sep 17 00:00:00 2001 From: zsdc Date: Mon, 20 Apr 2020 23:45:01 +0300 Subject: Restored ability to build an OVA image Also: - actualized some variables - added more objects to cleanup to not keep garbage after playbook run - added variable to select default boot console in GRUB --- README.md | 7 +- group_vars/all.yml | 3 +- roles/cleanup-ending/tasks/main.yml | 5 + roles/install-grub/templates/boot/grub/grub.cfg.j2 | 4 + roles/install-open-vmdk/tasks/main.yml | 17 +- roles/vmware-ova/tasks/main.yml | 52 +--- .../vmware-ova/templates/vyos_vmware_image.ovf.j2 | 293 +++++++++++++-------- roles/vmware-ova/vars/main.yml | 1 - vmware.yml | 4 +- 9 files changed, 233 insertions(+), 153 deletions(-) (limited to 'group_vars/all.yml') diff --git a/README.md b/README.md index d4b60fa..dacf670 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,12 @@ sudo apt update sudo apt install -y ansible python ``` +If you want to build an OVA image, you also need `ovftool` from VMware. It should be downloaded from the [VMware site](https://code.vmware.com/tool/ovf). Also, you need a private key to sign an OVA file. It can be generated with the next command: + +``` +openssl req -x509 -nodes -sha256 -days 365 -newkey rsa:1024 -keyout myself.pem -out myself.pem +``` + All other requirements will be installed by ansible-playbook. @@ -29,7 +35,6 @@ You need to copy the ISO image with VyOS to /tmp/vyos.iso before running ansible - VMware ``` - ansible-playbook vmware.yml ansible-playbook vmware.yml -e vyos_vmware_private_key_path=path_to_private_key ``` diff --git a/group_vars/all.yml b/group_vars/all.yml index f718626..41ec804 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -2,7 +2,7 @@ ansible_host_key_checking: False vyos_iso_url: "" vyos_iso_local: "{{ iso_local | default('/tmp/vyos.iso') }}" -vyos_key_url: http://packages.vyos.net/vyos-release.gpg +vyos_key_url: https://downloads.vyos.io/vyos-release.gpg vyos_key_local: /tmp/vyos-release.gpg vyos_cd_root: /mnt/cdrom @@ -17,3 +17,4 @@ vyos_root_fstype: ext4 vyos_target_drive: "" vyos_raw_img: /tmp/vyos_raw_image.img +grub_console: "kvm" \ No newline at end of file diff --git a/roles/cleanup-ending/tasks/main.yml b/roles/cleanup-ending/tasks/main.yml index 18cea29..3a84b98 100644 --- a/roles/cleanup-ending/tasks/main.yml +++ b/roles/cleanup-ending/tasks/main.yml @@ -10,3 +10,8 @@ when: - pxe is defined - pxe == "true" + +- name: Delete Release key + file: + path: "{{ vyos_key_local }}" + state: absent diff --git a/roles/install-grub/templates/boot/grub/grub.cfg.j2 b/roles/install-grub/templates/boot/grub/grub.cfg.j2 index 0440442..6cfea8f 100644 --- a/roles/install-grub/templates/boot/grub/grub.cfg.j2 +++ b/roles/install-grub/templates/boot/grub/grub.cfg.j2 @@ -1,4 +1,8 @@ +{% if grub_console == "kvm" %} +set default=0 +{% elif grub_console == "serial" %} set default=1 +{% endif %} set timeout=5 serial --unit=0 terminal_output --append serial diff --git a/roles/install-open-vmdk/tasks/main.yml b/roles/install-open-vmdk/tasks/main.yml index dedece0..8d19da4 100644 --- a/roles/install-open-vmdk/tasks/main.yml +++ b/roles/install-open-vmdk/tasks/main.yml @@ -7,14 +7,27 @@ url: https://github.com/vmware/open-vmdk/archive/master.zip dest: /tmp/master.zip when: stat_result.stat.exists == False -- name: Extract master.zip into /var/lib/foo +- name: Extract master.zip into /tmp unarchive: src: /tmp/master.zip dest: /tmp when: stat_result.stat.exists == False +- name: Build open-vmdk + become: true + make: + chdir: /tmp/open-vmdk-master/vmdk + when: stat_result.stat.exists == False - name: Install open-vmdk become: true make: - chdir: /tmp/open-vmdk-master + chdir: /tmp/open-vmdk-master/vmdk target: install when: stat_result.stat.exists == False +- name: Delete installation directory and archive + file: + path: "{{ item }}" + state: absent + loop: + - "/tmp/open-vmdk-master" + - "/tmp/master.zip" + when: stat_result.stat.exists == False diff --git a/roles/vmware-ova/tasks/main.yml b/roles/vmware-ova/tasks/main.yml index 53c4989..0146a15 100644 --- a/roles/vmware-ova/tasks/main.yml +++ b/roles/vmware-ova/tasks/main.yml @@ -2,6 +2,10 @@ command: qemu-img convert -f raw "{{ vyos_raw_img }}" -O vmdk -o adapter_type=lsilogic "{{ vyos_vmware_tmp_vmdk }}" - name: Fix vmdk with open-vmdk command: vmdk-convert "{{ vyos_vmware_tmp_vmdk }}" "{{ vyos_vmware_vmdk }}" +- name: Delete temporary image + file: + path: "{{ vyos_vmware_tmp_vmdk }}" + state: absent - name: Get vmdk_file_size shell: du --bytes "{{ vyos_vmware_vmdk }}" | cut -f1 register: vmdk_file_size @@ -26,42 +30,14 @@ copy: dest: "{{ vyos_vmware_mf }}" content: "{{ result.stdout }}" -- name: Create OVA without private key +- name: Converting the OVF to signed OVA become: false - archive: - path: - - "{{ vyos_vmware_ovf }}" - - "{{ vyos_vmware_mf }}" - - "{{ vyos_vmware_vmdk }}" - dest: "{{ vyos_vmware_ova }}" - format: tar - when: vyos_vmware_private_key_path is not defined -- name: Sign MF - shell: openssl dgst -sha256 -sign "{{ vyos_vmware_private_key_path }}" -hex "{{ vyos_vmware_mf | basename }}" | sed 's/^RSA-//' - args: - chdir: /tmp - register: signature - when: vyos_vmware_private_key_path is defined -- name: Get certificate - shell: openssl x509 -in "{{ vyos_vmware_private_key_path }}" - register: certificate - when: vyos_vmware_private_key_path is defined -- name: Create cert file for OVA - become: false - copy: - dest: "{{ vyos_vmware_cert }}" - content: | - {{ signature.stdout }} - {{ certificate.stdout }} - when: vyos_vmware_private_key_path is defined -- name: Create OVA with private key - become: false - archive: - path: - - "{{ vyos_vmware_ovf }}" - - "{{ vyos_vmware_mf }}" - - "{{ vyos_vmware_cert }}" - - "{{ vyos_vmware_vmdk }}" - dest: "{{ vyos_vmware_ova }}" - format: tar - when: vyos_vmware_private_key_path is defined + command: "ovftool --compress=9 --privateKey={{ vyos_vmware_private_key_path }} {{ vyos_vmware_ovf }} {{ vyos_vmware_ova }}" +- name: Delete temporary files for VMware + file: + path: "{{ item }}" + state: absent + loop: + - "{{ vyos_vmware_ovf }}" + - "{{ vyos_vmware_mf }}" + - "{{ vyos_vmware_vmdk }}" diff --git a/roles/vmware-ova/templates/vyos_vmware_image.ovf.j2 b/roles/vmware-ova/templates/vyos_vmware_image.ovf.j2 index c3d6145..7f58678 100644 --- a/roles/vmware-ova/templates/vyos_vmware_image.ovf.j2 +++ b/roles/vmware-ova/templates/vyos_vmware_image.ovf.j2 @@ -1,148 +1,223 @@ - + + + The list of logical networks + + WAN network + + + LAN network + + + + List of profiles + + + Minimal hardware profile - 1 vCPU, 512 MB RAM + + + + Medium hardware profile - 4 vCPUs, 16 GB RAM + + + + Large hardware profile - 8 vCPUs, 32 GB RAM + + + + Supported IP assignment schemes + Virtual disk information - + - - The list of logical networks - - The VM Network network - - - + A virtual machine - vyos - - The kind of installed guest operating system + + VyOS is a Linux-based network operating system that provides software-based network routing, firewall, and VPN functionality. + VyOS + Sentrium S.L. + {{ vyos_version }} + https://www.vyos.io + https://sentrium.io/ + + Appliance user Settings + + + The password for the appliance 'vyos' account. Passwords must be at least 8 characters in length. + + + + The public ssh key for the appliance 'vyos' account. + + Appliance IPv4 Network Settings (WAN interface) + + + The host name for this virtual machine. + + + + The IPv4 address. Leave blank if DHCP is desired. + + + + The IPv4 netmask or prefix for this interface. Leave blank if DHCP is desired. + + + + Default gateway address. Leave blank if DHCP is desired. + + + + The domain name server IP Addresses for this VM (comma separated). Leave blank if DHCP is desired. + + + + NTP servers for this VM (comma separated). Leave blank if DHCP is desired. + + Appliance API Settings + + + API key to access the VyOS api. If left blank the api wil not be enabled. + + + + API port to listen on for calls. Leave blank to keep it default '443'. + + + + Enable API debug logging + + + + User-Data, encoded with base64. + + + + VM specific properties + + + + + VyOS + + + The operating system installed + Debian GNU/Linux 8 (64-bit) - - Virtual hardware requirements + + Virtual Hardware Requirements Virtual Hardware Family 0 - vyos - vmx-09 + vmx-11 - + hertz * 10^6 - Number of Virtual CPUs - 1 virtual CPU(s) - 1 + Number of virtual CPUs + 1 virtual CPU + 1 3 1 - - byte * 2^30 + + hertz * 10^6 + Number of virtual CPUs + 4 virtual CPUs + 1 + 3 + 4 + + + hertz * 10^6 + Number of virtual CPUs + 8 virtual CPUs + 1 + 3 + 8 + + + byte * 2^20 Memory Size - 1GB of memory - 2 + 512 MB of memory + 2 4 - 1 + 512 + 512 + + + byte * 2^20 + Memory Size + 16 GB of memory + 2 + 4 + 16384 + 16384 + + + byte * 2^20 + Memory Size + 32 GB of memory + 2 + 4 + 32768 + 32768 - 0 - SCSI Controller - scsiController0 - 3 - lsilogic + 0 + SCSI Controller 0 - VMware Paravirtual SCSI + 3 + VirtualSCSI 6 - 1 - IDE Controller - ideController1 - 4 - 5 + 0 + disk0 + ovf:/disk/vmdisk1 + 4 + 3 + 17 - - true - serial0 - 5 - 21 - + + 0 + IDE Controller 0 + 5 + 5 - + 0 false - cdrom0 - 6 + CD/DVD Drive 1 + 6 5 15 - - 0 - disk0 - ovf:/disk/vmdisk1 + + 7 + true + WAN + NIC representing WAN + WAN 7 - 3 - 17 - - - 2 + vmxnet3 + 10 + + + 8 true - VM Network - VmxNet3 ethernet adapter on "VM Network" - ethernet0 + LAN + NIC representing LAN + LAN 8 - VmxNet3 + vmxnet3 10 - - - - false - video - 9 - 24 - - - false - vmci - 10 - vmware.vmci - 1 - + - - - - + - - VyOS is a Linux-based network operating system that provides software-based network routing, firewall, and VPN functionality. - VyOS - VyOS maintainers and contributors - {{ vyos_version }} - - - Specifies the instance id. This is required and used to determine if the machine should take "first boot" actions - - - Specifies the hostname for the appliance - - - - This field is optional, but indicates that the instance should 'seed' user-data and meta-data from the given url. If set to 'http://tinyurl.com/sm-' is given, meta-data will be pulled from http://tinyurl.com/sm-meta-data and user-data from http://tinyurl.com/sm-user-data. Leave this empty if you do not want to seed from a url. - - - - This field is optional, but indicates that the instance should populate the default user's 'authorized_keys' with this value - - - - In order to fit into a xml attribute, this value is base64 encoded . It will be decoded, and then processed normally as user-data. - - - - - If set, the default user's password will be set to this value to allow password based login. The password will be good for only a single login. If set to the string 'RANDOM' then a random password will be generated, and written to the console. - - - + \ No newline at end of file diff --git a/roles/vmware-ova/vars/main.yml b/roles/vmware-ova/vars/main.yml index 176f25c..598f592 100644 --- a/roles/vmware-ova/vars/main.yml +++ b/roles/vmware-ova/vars/main.yml @@ -2,5 +2,4 @@ vyos_vmware_ovf: /tmp/vyos_vmware_image.ovf vyos_vmware_tmp_vmdk: /tmp/vyos_vmware_image_tmp.vmdk vyos_vmware_mf: /tmp/vyos_vmware_image.mf vyos_vmware_vmdk: /tmp/vyos_vmware_image.vmdk -vyos_vmware_ova: /tmp/vyos_vmware_image.ova vyos_vmware_cert: /tmp/vyos_vmware_image.cert diff --git a/vmware.yml b/vmware.yml index 3372b49..4ec9d8e 100644 --- a/vmware.yml +++ b/vmware.yml @@ -6,7 +6,7 @@ vyos_platform: VMware vyos_format: ova vyos_vmdk_size: 10 - vyos_vmware_ova: /tmp/vyos_vmware_image.ova + vyos_vmware_ova: "/tmp/vyos-{{ vyos_version }}{{ ci_tag | default() }}-vmware.ova" vyos_output_img: "{{ vyos_vmware_ova }}" cloud_init: "true" cloud_init_ds_string: "{{ cloud_init_ds | default('OVF,None') }}" @@ -26,8 +26,10 @@ - install-grub - install-persistence-conf - install-cloud-init-wrapper + - fstrim - unmount-pre - unmount-all - install-open-vmdk - vmware-ova + - cleanup-ending - release -- cgit v1.2.3