nilsmeyer / ansible-debootstrap Goto Github PK

For remote system it makes sense to use dropbear in initramfs, , since this may be required for first boot when there is no iKVM available.

• install dropbear package
• convert newly generated ssh keys to dropbear format
• rebuild initramfs

Stretch goal:

• Add some sort of remote unlock script

Since there are some problems with automounting ZFS on /var, it should be possible to use legacy mountpoints and add those filesystems to fstab

json output for lsblk is only available from util-linux package version 2.27 on, debian jessie uses 2.25.
Since jessie is supportet for installation, it would be good to support is as initial system also.

device mapper has issues when the partition size doesn't divide cleanly by luks-sector-size. This is not an issue with devices that report a native sector size of 4KiB, but may be an issue otherwise. The partition size can be rounded down to eh 4KiB boundary so this problem does not occur - there probably needs to be some wiggle room for other data structures as well.

The error one sees with this is: device-mapper: reload ioctl on failed: Invalid argument
And in the kernel log:

device-mapper: table: 253:2: crypt: Device size is not multiple of sector_size feature
device-mapper: ioctl: error adding target to table

The role should support setting up mdadm and LVM as well.

I have a volume group (vg0) on a vm host platform, which has all vm root partitions as volumes (/dev/vg0/testvm-root). The vm sees the volume as /dev/vda. I've been trying for a while now, but can't figure out a way to handle this with this role. Is it possible without modifying this too much or do I basically need to reimplement the handling of partitions?

Short question, is anyone aware of how to set the correct network names under the new naming schema?

Need to replace 'debootstrap' in the path below with {{ dbstrp_user['name'] }}
https://github.com/nilsmeyer/ansible-debootstrap/blob/master/tasks/main.yml#L201

Could you please include a simple example on how to make a simple directory debootstrap with this script? That would make it more complete and easier to try out.

I may do a PR when (or if) I figure it out. Is it a supported scenario to do an installation to a directory? It is especially useful for LXC containers.

The first Ansible task in the file encryption.yml uses the command cryptsetup --version before it will be installed in the 3rd task:

---

- name: fetch cryptsetup version  <==========================
  command: "cryptsetup --version"
  changed_when: no
  register: _cryptsetup_version

- name: register version
  set_fact:
    cryptsetup_version: "{{ _cryptsetup_version.stdout[11:] }}"

- block:
  - name: install dependencies  <============================
    apt:
      name: "{{ dependencies.encryption }}"
      state: latest
      update_cache: no # skip cache check since we already ran apt

There should be a way to automatically test this, since it's a bit of a special use case may require some sort of special vagrant box (booted from secondary disk or so).

trying to set up a system with 2 disks in mdadm raid, playbook gets to place templates in /etc and fails:

failed: [ip_address] (item={'src': 'fstab'}) => {"ansible_loop_var": "item", "changed": false, "item": {"src": "fstab"}, "msg": "AnsibleUndefinedVariable: 'dict object' has no attribute 'fs'"}
changed: [ip_address => (item={'src': 'crypttab', 'dest': 'crypttab'})

I believe because /dev/sd{a,b}1 has no filesystem (it's a boot partition)

~# lsblk -f
NAME      FSTYPE      LABEL                UUID                                 MOUNTPOINT
loop0     squashfs                                                              /lib/live/mount/rootfs/img.current.sq
sda                                                                             
├─sda1                                                                          
└─sda2    linux_raid_ 163-172-251-100:root 5d8518c2-7589-668b-d736-6c8a724d21a5 
  └─md127 ext4                             9a54cc12-4af5-43af-859b-59e23735ffbd /mnt/bootstrap
sdb                                                                             
├─sdb1                                                                          
└─sdb2    linux_raid_ 163-172-251-100:root 5d8518c2-7589-668b-d736-6c8a724d21a5 
  └─md127 ext4                             9a54cc12-4af5-43af-859b-59e23735ffbd /mnt/bootstrap

Hi,
I really love your role Ansible! It is particularly suitable for my setup where the Debian installer can not do it.

Could you add swap support under LVM (mkswap and append to fstab) please ?

Here are my dictionaries:

release: buster
layout:
  - device: '/dev/sda'
    partitions:
      - num: 1
        size: 1M
        type: ef02
        label: BIOS
      - num: 2
        size: 100M
        type: ef00
        fs: vfat
        mount: /boot/efi
        mountdump: 0
        mountpass: 1
        mountopts: noatime,nofail,x-systemd.device-timeout=1,umask=0077
        label: EFI
      - num: 3
        size: 250M
        type: 8300
        fs: xfs
        mount: /boot
        mountdump: 0
        mountpass: 2
        mountopts: noatime,nodev,nosuid
        label: BOOT

lvm:
  - lv: swap
    vg: vg-srv
    pvs: /dev/sdb
    size: 1G
    opts: ~
    label: swap
    fs: swap
    mount: none
    mountdump: 0
    mountpass: 0
    mountopts: sw
  - lv: os
    vg: vg-srv
    pvs: /dev/sdb
    size: 15G
    opts: ~
    label: os
    fs: xfs
    mount: /
    mountdump: 0
    mountpass: 1
    mountopts: noatime,nodev

Thank you in advance

I was trying to use this rule to bootstrap an xubuntu workstation and had to increase the size of the _bootstrap_target here.
https://github.com/nilsmeyer/ansible-debootstrap/blob/master/tasks/bootstrap.yml#L16

It would be nice if this was exposed as a variable.

Really nice rule btw. I was going to roll my own, but it would have taken me forever and not been as good as what you've put together. Thanks!

There is a problem with using ZFS from the jonathonf ppa - at some point the shipped and hopelessly outdated zfs module is loaded, preventing the newly installed/built module from loading, later on breaking ZFS support. The error looks like this:

failed: [ansible-debootstrap] (item={'poolname': 'rpool', 'devices': ['/dev/sdb3'], 'options': ['ashift=12'], 'fs_options': ['canmount=off', 'mountpoint=/', 'compression=lz4', 'atime=off', 'normalization=formD']}) => {"ansible_loop_var": "item", "changed": true, "cmd": ["zpool", "create", "-o", "ashift=12", "-O", "canmount=off", "-O", "mountpoint=/", "-O", "compression=lz4", "-O", "atime=off", "-O", "normalization=formD", "-R", "/mnt/bootstrap", "rpool", "/dev/sdb3"], "delta": "0:00:00.011030", "end": "2019-06-25 23:19:50.791048", "item": {"devices": ["/dev/sdb3"], "fs_options": ["canmount=off", "mountpoint=/", "compression=lz4", "atime=off", "normalization=formD"], "options": ["ashift=12"], "poolname": "rpool"}, "msg": "non-zero return code", "rc": 1, "start": "2019-06-25 23:19:50.780018", "stderr": "cannot create 'rpool': invalid argument for this pool operation", "stderr_lines": ["cannot create 'rpool': invalid argument for this pool operation"], "stdout": "", "stdout_lines": []}

The problem is a version mismatch between the module and the installed zfs utils. Using the old ZFS version works.

Instead of running a lot of things via the shell module, invoking chroot, I think it may be more prudent to at least temporarily start an sshd instance in the chrooted system (on a different port or possibly tunneled through the main host), then allow further plays to be executed on that sshd instance. This would also allow the user to add their roles to the playbook and allows separating out some of the more advanced features.