34 lines
1.1 KiB
Markdown
34 lines
1.1 KiB
Markdown
|
# VM setup
|
||
|
This repo uses ansible to make the git setup (and potential further service deployments)
|
||
|
comprehensible for future maintenance.
|
||
|
|
||
|
It is a basic ansible repo with to main roles:
|
||
|
* libvirt for vm creation
|
||
|
|
||
|
Other services could be added as further roles.
|
||
|
|
||
|
## The playbooks
|
||
|
Ansible uses playbooks, to configure the hardware as wished. The roles should be indempotent
|
||
|
and could be run arbitraryly often.
|
||
|
|
||
|
### The libvirt setup
|
||
|
The role installs `libvirt` on the vmhost and uses `virt-install` and _debian cloud images_
|
||
|
to create the vms.
|
||
|
|
||
|
Run it with
|
||
|
|
||
|
ansible-playbook -D create-vm.yml
|
||
|
|
||
|
It asks the user a few questions and create a new entry for the new vm in this repository.
|
||
|
Please push it to master afterwards.
|
||
|
|
||
|
## Vaults
|
||
|
Sensible information is encrypted and stored inside a so called _vault_.
|
||
|
One example is `roles/git/vars/vault`
|
||
|
It is decrypted on the fly, when using a playbook. To be able to decrypt the vault, you
|
||
|
need a password file called `vault_pass` which has to be copied manually into the repo.
|
||
|
It is explicitly excluded from git.
|
||
|
Ask Carl for `vault_pass`.
|
||
|
|
||
|
Use `ansible-vault` to mess around with the vault files manually.
|