diff --git a/.gitignore b/.gitignore index 08d7f3e..542a744 100644 --- a/.gitignore +++ b/.gitignore @@ -161,3 +161,4 @@ cython_debug/ #.idea/ ansible/credentials/ terraform/mcaptcha/mcaptcha +sec/ diff --git a/.woodpecker.yml b/.woodpecker.yml new file mode 100644 index 0000000..41d1ae5 --- /dev/null +++ b/.woodpecker.yml @@ -0,0 +1,27 @@ +steps: + backend: + image: python:3-bookworm + environment: + - ANSIBLE_HOST_KEY_CHECKING=False + commands: + - export PATH=$PATH:/root/.local/bin + - eval "$(ssh-agent -s)" + - make ci.init + - cat terraform/mcaptcha/hosts.ini + # db: mariadb cache: redis + - . venv/bin/activate && ansible-playbook --become -i terraform/mcaptcha/hosts.ini --extra-vars "database_type=mariadb cache_type=redis" ./ansible/mcaptcha.yml + - INVENTORY=terraform/mcaptcha/hosts.ini make test.cache + - INVENTORY=terraform/mcaptcha/hosts.ini make test.mcaptcha + # db: postgres cache: redis + - . venv/bin/activate && ansible-playbook --become -i terraform/mcaptcha/hosts.ini --extra-vars "database_type=postgres cache_type=redis" ./ansible/mcaptcha.yml + - INVENTORY=terraform/mcaptcha/hosts.ini make test.cache + - INVENTORY=terraform/mcaptcha/hosts.ini make test.mcaptcha + # embedded cache + - . venv/bin/activate && ansible-playbook --become -i terraform/mcaptcha/hosts.ini --extra-vars "database_type=postgres cache_type=embedded" ./ansible/mcaptcha.yml + - INVENTORY=terraform/mcaptcha/hosts.ini make test.mcaptcha + # embedded cache + - . venv/bin/activate && ansible-playbook --become -i terraform/mcaptcha/hosts.ini --extra-vars "database_type=mariadb cache_type=embedded" ./ansible/mcaptcha.yml + - INVENTORY=terraform/mcaptcha/hosts.ini make test.mcaptcha + + - make ci.clean + secrets: [TEST_NODE_SSH_KEY] diff --git a/Makefile b/Makefile index 601d16e..31c26c1 100644 --- a/Makefile +++ b/Makefile @@ -134,5 +134,29 @@ test.cache: ## Test cache configuration test.mcaptcha: ## Test mcaptcha configuration $(call test_mcaptcha) +ci.init: + apt-get update + apt-get install -y ca-certificates curl gnupg tar wget libssl-dev python3-pip cython3 pipx apt-transport-https coreutils iputils-ping openssh-client libvirt-clients genisoimage + ./scripts/ci.sh --init "$$TEST_NODE_SSH_KEY" + ssh-add /tmp/ci-ssh-id + ssh -o StrictHostKeyChecking=accept-new mcaptcha-ci@192.168.0.102 "echo f" + install -m 0755 -d /etc/apt/keyrings + curl -fsSL https://packages.opentofu.org/opentofu/tofu/gpgkey | gpg --no-tty --batch --dearmor -o /etc/apt/keyrings/opentofu.gpg + chmod a+r /etc/apt/keyrings/opentofu.gpg + echo "deb [signed-by=/etc/apt/keyrings/opentofu.gpg] https://packages.opentofu.org/opentofu/tofu/any/ any main" > /etc/apt/sources.list.d/opentofu.list + echo "deb-src [signed-by=/etc/apt/keyrings/opentofu.gpg] https://packages.opentofu.org/opentofu/tofu/any/ any main" >> /etc/apt/sources.list.d/opentofu.list + apt-get update + apt-get install -y tofu + tofu -chdir=terraform/mcaptcha/ init + tofu -chdir=terraform/mcaptcha/ plan -var-file="ci.tfvars" -out="mcaptcha" + tofu -chdir=terraform/mcaptcha/ apply "mcaptcha" + pip install virtualenv && virtualenv venv + . venv/bin/activate && pip install -r requirements.txt + . venv/bin/activate && ansible-galaxy install -r ./ansible/requirements.yml + +ci.clean: + echo yes | tofu -chdir=terraform/mcaptcha/ destroy -var-file="ci.tfvars" + ./scripts/ci.sh --clean + help: ## Prints help for targets with comments @cat $(MAKEFILE_LIST) | grep -E '^[a-zA-Z_-].+:.*?## .*$$' | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' diff --git a/ansible/cache.yml b/ansible/cache.yml index b5fff3d..6dfa3ab 100644 --- a/ansible/cache.yml +++ b/ansible/cache.yml @@ -6,7 +6,7 @@ ansible.builtin.import_playbook: base.yml - name: Install redis cache - hosts: mcaptcha_hosts + hosts: all pre_tasks: - name: Ensure all VMs are reachable ansible.builtin.ping: diff --git a/ansible/mcaptcha.yml b/ansible/mcaptcha.yml index 45927d8..b8717e0 100644 --- a/ansible/mcaptcha.yml +++ b/ansible/mcaptcha.yml @@ -6,7 +6,7 @@ ansible.builtin.import_playbook: base.yml - name: Install and configure postgres - hosts: mcaptcha_hosts + hosts: all become: yes vars_files: - vars/mcaptcha/vars.yml @@ -18,11 +18,11 @@ database_type == "postgres" - name: Install and configure mariadb - hosts: mcaptcha_hosts + hosts: all become: yes vars_files: - vars/mcaptcha/vars.yml - - vars/mcaptcha/mariadb.yml.yml + - vars/mcaptcha/mariadb.yml tasks: - ansible.builtin.include_role: name: geerlingguy.mysql @@ -30,7 +30,7 @@ database_type == "mariadb" - name: Install and configure cache - hosts: mcaptcha_hosts + hosts: all become: yes vars_files: - vars/mcaptcha/vars.yml @@ -41,7 +41,7 @@ when: cache_type == "redis" - name: Install mCaptcha binary - hosts: mcaptcha_hosts + hosts: all vars_files: - vars/mcaptcha/vars.yml roles: diff --git a/ansible/requirements.yml b/ansible/requirements.yml new file mode 100644 index 0000000..8629619 --- /dev/null +++ b/ansible/requirements.yml @@ -0,0 +1,3 @@ +- src: geerlingguy.mysql + +- src: geerlingguy.postgresql diff --git a/ansible/roles/mcaptcha/tasks/main.yml b/ansible/roles/mcaptcha/tasks/main.yml index 4852cfa..6ee38b9 100644 --- a/ansible/roles/mcaptcha/tasks/main.yml +++ b/ansible/roles/mcaptcha/tasks/main.yml @@ -42,9 +42,9 @@ - name: Copy mCaptcha systemd servicefile become: true - ansible.builtin.copy: - src: ./artifacts/mcaptcha/mcaptcha.service - dest: /etc/systemd/system/ + ansible.builtin.template: + src: ./templates/mcaptcha/mcaptcha.service.j2 + dest: /etc/systemd/system/mcaptcha.service owner: root group: root force: true @@ -57,7 +57,7 @@ state: directory mode: "0755" -- name: Copy mCaptcha systemd servicefile +- name: Copy mCaptcha config file become: true notify: restart mcaptcha ansible.builtin.template: diff --git a/ansible/artifacts/mcaptcha/mcaptcha.service b/ansible/templates/mcaptcha/mcaptcha.service.j2 similarity index 61% rename from ansible/artifacts/mcaptcha/mcaptcha.service rename to ansible/templates/mcaptcha/mcaptcha.service.j2 index 9889943..49dac32 100644 --- a/ansible/artifacts/mcaptcha/mcaptcha.service +++ b/ansible/templates/mcaptcha/mcaptcha.service.j2 @@ -2,18 +2,23 @@ Description=mCaptcha: PoW CAPTCHA system After=syslog.target After=network.target -### -# Don't forget to add the database service dependencies -### -# -#Wants=mariadb.service -#After=mariadb.service -# + +{% if cache_type == 'redis' %} +Wants=redis.service +After=redis.service +{% endif %} + +{% if database_type == 'postgres' %} Wants=postgresql.service After=postgresql.service -# -#Wants=redis.service -#After=redis.service +{% endif %} + +{% if database_type == 'mariadb' %} +Wants=mariadb.service +After=mariadb.service +{% endif %} + + [Service] RestartSec=2s diff --git a/requirements.txt b/requirements.txt index 9363b82..be63dae 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,289 +1,31 @@ -ansible==8.1.0 -ansible-core==2.15.1 -certifi==2023.5.7 -cffi==1.15.1 -charset-normalizer==3.2.0 +ansible==9.1.0 +ansible-core==2.16.2 +certifi==2023.11.17 +cffi==1.16.0 +charset-normalizer==3.3.2 contextvars==2.4 -cryptography==41.0.2 +cryptography==41.0.7 distro==1.8.0 execnet==2.0.2 -idna==3.4 -immutables==0.19 +idna==3.6 +immutables==0.20 iniconfig==2.0.0 Jinja2==3.1.2 jmespath==1.0.1 looseversion==1.3.0 MarkupSafe==2.1.3 -msgpack==1.0.5 -packaging==23.1 -pluggy==1.2.0 -psutil==5.9.5 +msgpack==1.0.7 +packaging==23.2 +pluggy==1.3.0 +psutil==5.9.6 pycparser==2.21 -pycryptodomex==3.18.0 -pytest==7.4.0 -pytest-testinfra==8.1.0 -pytest-xdist==3.3.1 -PyYAML==6.0 -pyzmq==25.0.2 -requests==2.31.0 -resolvelib==1.0.1 -salt==3006.1 -urllib3==2.0.3 -airdrop-ng==1.1 -airgraph-ng==1.1 -apparmor==3.1.6 -appdirs==1.4.4 -argcomplete==2.0.0 -asttokens==2.2.1 -async-timeout==4.0.2 -attrs==22.2.0 -autocommand==2.2.2 -autopage==0.5.1 -Babel==2.12.1 -beautifulsoup4==4.12.2 -binwalk==2.3.3 -black==23.7.0 -borgbackup==1.2.4 -Brlapi==0.8.5 -btrfsutil==6.3.3 -certifi==2023.7.22 -cffi==1.15.1 -chardet==5.2.0 -charset-normalizer==3.2.0 -click==8.1.6 -cliff==4.3.0 -cmd2==2.4.3 -codespell==2.2.5 -colorama==0.4.6 -ConfigArgParse==1.5.3 -contourpy==1.1.0 -crit==3.18 -cryptography==41.0.3 -cupshelpers==1.0 -cycler==0.11.0 -Cython==3.0.0 -dbus-python==1.3.2 -debtcollector==2.5.0 -decorator==5.1.1 -defusedxml==0.7.1 -deprecation==2.1.0 -devtools==0.11.0 -distlib==0.3.7 -distro==1.8.0 -dnspython==2.3.0 -dogpile.cache==1.1.8 -executing==1.2.0 -fastjsonschema==2.18.0 -filelock==3.12.2 -fonttools==4.42.0 -gevent==22.10.2 -git-filter-repo==2.38.0 -gpg==1.21.0 -greenlet==2.0.2 -html5lib==1.1 -httpie==3.2.1 -idna==3.4 -importlib-metadata==5.0.0 -inflect==7.0.0 -iotop==0.6 -iso8601==2.0.0 -jaraco.context==4.3.0 -jaraco.functools==3.8.1 -jaraco.text==3.11.1 -jedi==0.18.2 -jmespath==1.0.1 -jsonpatch==1.33 -jsonpointer==2.4 -jsonschema==4.19.0 -jsonschema-specifications==2023.7.1 -keystoneauth1==5.2.1 -kiwisolver==1.4.4 -lensfun==0.3.4 -LibAppArmor==3.1.6 -libfdt==1.7.0 -libtorrent==2.0.9 -libvirt-python==9.6.0 -lit==15.0.7.dev0 -louis==3.26.0 -lxml==4.9.2 -Mako==1.2.4 -mallard-ducktype==1.0.2 -Markdown==3.4.4 -markdown-it-py==2.2.0 -MarkupSafe==2.1.3 -matplotlib==3.7.2 -mdurl==0.1.2 -MemoizeDB==2021.11.20.2.41.2 -meson==1.2.1 -more-itertools==10.1.0 -msgpack==1.0.5 -multidict==6.0.4 -mypy-extensions==1.0.0 -netaddr==0.8.0 -netifaces==0.11.0 -nftables==0.1 -numpy==1.25.1 -openshot-qt==3.1.1 -openstacksdk==1.0.1 -ordered-set==4.1.0 -os-service-types==1.7.0 -osc-lib==2.8.0 -oslo.config==9.1.1 -oslo.i18n==6.0.0 -oslo.serialization==5.1.1 -oslo.utils==6.1.0 -packaging==23.1 -parso==0.8.3 -pathspec==0.11.2 -pbr==5.11.1 -perf==0.1 -Pillow==10.0.0 -pipenv==2023.7.23 -pipx==1.2.0 -platformdirs==3.10.0 -ply==3.11 -pm2ml==2021.11.20.2.41.2 -pooch==1.7.0 -Powerpill==2021.11.20.2.41.2 -prettytable==3.6.0 -protobuf==4.23.4 -psutil==5.9.5 -pwquality==1.4.5 -pyalpm==0.10.6 -pyasn1==0.4.8 -pybind11==2.11.1 -pycairo==1.24.0 -pycparser==2.21 -pycups==2.0.1 -pycurl==7.45.2 -pydantic==1.10.9 -Pygments==2.16.1 -PyGObject==3.44.1 -pynvim==0.4.3 -pyOpenSSL==23.2.0 -pyparsing==3.0.9 -pyperclip==1.8.2 -PyQt5==5.15.9 -PyQt5-sip==12.12.2 -PyQtWebEngine==5.15.6 -pyrsistent==0.19.3 -pysequoia==0.1.20 -PySocks==1.7.1 -python-cinderclient==9.3.0 -python-dateutil==2.8.2 -python-glanceclient==4.1.0 -python-keystoneclient==5.1.0 -python-novaclient==18.3.0 -python-openstackclient==6.2.0 -pytz==2023.3 -pyxdg==0.28 +pycryptodomex==3.19.0 +pytest==7.4.3 +pytest-testinfra==10.0.0 +pytest-xdist==3.5.0 PyYAML==6.0.1 -pyzmq==25.1.1 -redis==4.6.0 -referencing==0.30.2 -Reflector==2023.6.28.0.36.1 -requests==2.28.2 -requests-toolbelt==1.0.0 -requestsexceptions==1.4.0 -rfc3986==2.0.0 -rich==13.5.2 -rpds-py==0.9.2 -rpm==4.18.1 -scipy==1.11.1 -simplejson==3.19.1 -six==1.16.0 -soupsieve==2.4.1 -stevedore==5.1.0 -TBB==0.2 -tomli==2.0.1 -torbrowser-launcher==0.3.6 -tqdm==4.65.0 -trash-cli==0.23.2.13.2 -trimage==1.0.6 -trove-classifiers==2023.8.8 -typing_extensions==4.7.1 -uc-micro-py==1.0.2 -ufw==0.36.2 -urllib3==1.26.15 -userpath==1.8.0 -validate-pyproject==0.13.post1.dev0+gb752273.d20230520 -vboxapi==1.0 -virtualenv==20.24.3 -virtualenv-clone==0.5.7 -warlock==2.0.1 -wcwidth==0.2.6 -webencodings==0.5.1 -wrapt==1.14.1 -XCGF==2021.11.20.2.41.3 -XCPF==2021.12.24.10.22.41 -youtube-dl==2021.12.17 -yt-dlp==2023.7.6 -zipp==3.16.2 -zope.event==5.0 -zope.interface==6.0 -ansible==8.1.0 -ansible-compat==4.1.6 -ansible-core==2.15.1 -ansible-lint==6.17.2 -astroid==2.15.6 -attrs==23.1.0 -black==23.7.0 -bracex==2.3.post1 -certifi==2023.5.7 -cffi==1.15.1 -charset-normalizer==3.2.0 -click==8.1.6 -contextvars==2.4 -cryptography==41.0.2 -dill==0.3.7 -distro==1.8.0 -execnet==2.0.2 -filelock==3.12.2 -gitdb==4.0.10 -GitPython==3.1.32 -idna==3.4 -immutables==0.19 -iniconfig==2.0.0 -isort==5.12.0 -Jinja2==3.1.2 -jmespath==1.0.1 -jsonschema==4.19.0 -jsonschema-specifications==2023.7.1 -lazy-object-proxy==1.9.0 -lint==1.2.1 -looseversion==1.3.0 -markdown-it-py==3.0.0 -MarkupSafe==2.1.3 -mccabe==0.7.0 -mdurl==0.1.2 -msgpack==1.0.5 -mypy-extensions==1.0.0 -packaging==23.1 -pathspec==0.11.2 -platformdirs==3.10.0 -pluggy==1.2.0 -psutil==5.9.5 -pycparser==2.21 -pycryptodomex==3.18.0 -Pygments==2.16.1 -pylint==2.17.5 -pytest==7.4.0 -pytest-testinfra==8.1.0 -pytest-xdist==3.3.1 -PyYAML==6.0 -pyzmq==25.0.2 -referencing==0.30.2 +pyzmq==25.1.2 requests==2.31.0 resolvelib==1.0.1 -rich==13.5.2 -rpds-py==0.9.2 -ruamel.yaml==0.17.32 -ruamel.yaml.clib==0.2.7 -salt==3006.1 -smmap==5.0.0 -subprocess-tee==0.4.1 -tomlkit==0.12.1 -urllib3==2.0.3 -wcmatch==8.4.1 -wrapt==1.15.0 -yamllint==1.32.0 +salt==3006.4 +urllib3==2.1.0 diff --git a/scripts/ci.sh b/scripts/ci.sh new file mode 100755 index 0000000..c062c73 --- /dev/null +++ b/scripts/ci.sh @@ -0,0 +1,84 @@ +#!/bin/bash +# ci.sh: Helper script to automate deployment operations on CI/CD +# Copyright © 2022 Aravinth Manivannan +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +set -xEeuo pipefail +#source $(pwd)/scripts/lib.sh + +readonly SSH_ID_FILE=/tmp/ci-ssh-id + +match_arg() { + if [ $1 == $2 ] || [ $1 == $3 ] + then + return 0 + else + return 1 + fi +} + +help() { + cat << EOF +USAGE: ci.sh [SUBCOMMAND] +Helper script to automate deployment operations on CI/CD + +Subcommands + + -c --clean cleanup secrets, SSH key and other runtime data + -i --init initialize environment, write SSH private to file + -h --help print this help menu +EOF +} + +# $1: SSH private key +write_ssh(){ + truncate --size 0 $SSH_ID_FILE + echo "$1" > $SSH_ID_FILE + chmod 600 $SSH_ID_FILE +} + + +clean() { + if [ -f $SSH_ID_FILE ] + then + shred $SSH_ID_FILE + rm $SSH_ID_FILE + fi +} + +if (( "$#" < 1 )) +then + help + exit -1 +fi + + +if match_arg $1 '-i' '--init' +then + if (( "$#" < 2 )) + then + help + exit -1 + fi + write_ssh "$2" +elif match_arg $1 '-c' '--clean' +then + clean +elif match_arg $1 '-h' '--help' +then + help +else + help +fi diff --git a/terraform/mcaptcha/ci.tfvars b/terraform/mcaptcha/ci.tfvars new file mode 100644 index 0000000..f1617d3 --- /dev/null +++ b/terraform/mcaptcha/ci.tfvars @@ -0,0 +1,5 @@ +libvirt_uri = "qemu+ssh://mcaptcha-ci@192.168.0.102/system?keyfile=/tmp/ci-ssh-id&sshauth=privkey&no_verify=1" +libvirt_pool_path = "/home/mcaptcha-ci/libvirt/pool/mcaptcha_basic" +libvirt_debian_src = "http://192.168.0.102/debian-12-generic-amd64.qcow2" +macvtap_ethernet_interface = "enp2s0" +ssh_public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBCYagT9/PXoeaUae7Z3BKOPKBiEvJsCTUIhPCcRp5fb mcaptcha-ci@hellbat.batsense.net" diff --git a/terraform/mcaptcha/cloud_init.cfg b/terraform/mcaptcha/cloud_init.cfg index 1a4f40b..688b077 100644 --- a/terraform/mcaptcha/cloud_init.cfg +++ b/terraform/mcaptcha/cloud_init.cfg @@ -1,10 +1,17 @@ #cloud-config # vim: syntax=yaml +packages: + - sudo + - qemu-guest-agent +runcmd: + - [ systemctl, daemon-reload ] + - [ systemctl, enable, qemu-guest-agent.service ] + - [ systemctl, start, --wait, qemu-guest-agent.service ] users: - name: root ssh_authorized_keys: - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/wXdHpwpY/4ubhYTmuNdGepQpj1kchvTUTApxMZyfyVW4uzrPRTYsle1y9QbTBV35qLkNajRC/wmC5/xPchdXpsJpuD9st1HMhLeR8qwaPyptiYJYT+z/WisWw2k6oWhG3QKvPoRtBdW9nhZnkG+O6zkuGXiRHpS7j2VVboDPpWEe1UdELQFVCwfraRal2g3ENFZ/9V1UrW/4ahRnQnSxERplZUm/fgSxQtmXubTkW68ut7yasBsrKFffMm8JztW0tWgTlTKONd3LCjv4juM0t5+cJDotNDnUR86Tq2PG8io7no/h8BWtazmjdpfGgn02ibX26BkdU0LDEYbJt5q9/Fh9TGk2ZwcMQeyepO1AWQgkmHXZWZELqu6MLQpqdtsOjHp9k0MeSpuIbdwzgf10Ydy7vK1z8irS24tVNNnJaMBwOlVOPwfyztHRADPkFcv2lKSjS1uyKR0FIkV8Kvs4txaIjmwv2LfMg6lF5W6j3ZPLyeE4cplJP0DDjzorSanu31xVnqVb3A8V9awsJ/4H7d59bI99c7QHL4K3fBVP3O0gqd31xAVRsdGs5Tj2P+RpiI6o5JJiOa1+DuBdWzrVIXYchQ30ZjaJp1wTNsYLmAsjeYuQZE2tf1xvywdzD4MB4avugDEWikzRWN9V5PHDZr1bamTCCjOrb2PRCd7eSQ== aravinth7820@gmail.com + - ${ssh_public_key} - name: atm gecos: Aravinth Manivannan groups: users, admin @@ -13,7 +20,7 @@ users: lock_passwd: true plain_text_passwd: fooabr12 ssh_authorized_keys: - - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/wXdHpwpY/4ubhYTmuNdGepQpj1kchvTUTApxMZyfyVW4uzrPRTYsle1y9QbTBV35qLkNajRC/wmC5/xPchdXpsJpuD9st1HMhLeR8qwaPyptiYJYT+z/WisWw2k6oWhG3QKvPoRtBdW9nhZnkG+O6zkuGXiRHpS7j2VVboDPpWEe1UdELQFVCwfraRal2g3ENFZ/9V1UrW/4ahRnQnSxERplZUm/fgSxQtmXubTkW68ut7yasBsrKFffMm8JztW0tWgTlTKONd3LCjv4juM0t5+cJDotNDnUR86Tq2PG8io7no/h8BWtazmjdpfGgn02ibX26BkdU0LDEYbJt5q9/Fh9TGk2ZwcMQeyepO1AWQgkmHXZWZELqu6MLQpqdtsOjHp9k0MeSpuIbdwzgf10Ydy7vK1z8irS24tVNNnJaMBwOlVOPwfyztHRADPkFcv2lKSjS1uyKR0FIkV8Kvs4txaIjmwv2LfMg6lF5W6j3ZPLyeE4cplJP0DDjzorSanu31xVnqVb3A8V9awsJ/4H7d59bI99c7QHL4K3fBVP3O0gqd31xAVRsdGs5Tj2P+RpiI6o5JJiOa1+DuBdWzrVIXYchQ30ZjaJp1wTNsYLmAsjeYuQZE2tf1xvywdzD4MB4avugDEWikzRWN9V5PHDZr1bamTCCjOrb2PRCd7eSQ== aravinth7820@gmail.com + - ${ssh_public_key} ssh_pwauth: true chpasswd: diff --git a/terraform/mcaptcha/main.tf b/terraform/mcaptcha/main.tf index 8c7aa9d..9266b54 100644 --- a/terraform/mcaptcha/main.tf +++ b/terraform/mcaptcha/main.tf @@ -32,6 +32,9 @@ resource "libvirt_volume" "debian-mcaptcha-qcow2" { data "template_file" "user_data" { template = file("${path.module}/cloud_init.cfg") + vars = { + ssh_public_key = var.ssh_public_key + } } data "template_file" "network_config" { diff --git a/terraform/mcaptcha/mcaptcha.tf b/terraform/mcaptcha/mcaptcha.tf index 0c19bd5..26889c1 100644 --- a/terraform/mcaptcha/mcaptcha.tf +++ b/terraform/mcaptcha/mcaptcha.tf @@ -13,9 +13,10 @@ resource "libvirt_volume" "mcaptcha_volume" { resource "libvirt_domain" "mcaptcha_mcaptcha" { count = var.mcaptcha_vm_count - name = "mcaptcha_mcaptcha_${count.index}" - memory = var.mcaptcha_vm_memory - vcpu = var.mcaptcha_vm_vcpu + name = "mcaptcha_mcaptcha_${count.index}" + memory = var.mcaptcha_vm_memory + vcpu = var.mcaptcha_vm_vcpu + qemu_agent = true cloudinit = libvirt_cloudinit_disk.commoninit.id @@ -31,8 +32,9 @@ resource "libvirt_domain" "mcaptcha_mcaptcha" { target_port = "1" } + network_interface { - network_name = "default" + macvtap = var.macvtap_ethernet_interface wait_for_lease = true } @@ -41,6 +43,8 @@ resource "libvirt_domain" "mcaptcha_mcaptcha" { } } + + locals { mcaptcha_vm_ips = [for i in libvirt_domain.mcaptcha_mcaptcha : i.network_interface.0.addresses[0]] mcaptcha_vm_names = [for i in libvirt_domain.mcaptcha_mcaptcha : i.name] diff --git a/terraform/mcaptcha/network_config.cfg b/terraform/mcaptcha/network_config.cfg index 5b2cbca..4223aaa 100644 --- a/terraform/mcaptcha/network_config.cfg +++ b/terraform/mcaptcha/network_config.cfg @@ -2,3 +2,4 @@ version: 2 ethernets: ens3: dhcp4: true +# ip: 192.168.0.115 diff --git a/terraform/mcaptcha/output.tf b/terraform/mcaptcha/output.tf index 688a67e..4093d9c 100644 --- a/terraform/mcaptcha/output.tf +++ b/terraform/mcaptcha/output.tf @@ -12,7 +12,7 @@ resource "local_file" "hosts_yml" { { mcaptcha_vms_ips = local.mcaptcha_vm_ips, mcaptcha_vms_names = local.mcaptcha_vm_names, - mcaptcha_vms = local.mcaptcha_vm_map + mcaptcha_vms = local.mcaptcha_vm_map }) diff --git a/terraform/mcaptcha/variables.tf b/terraform/mcaptcha/variables.tf index 6bbfab4..246f128 100644 --- a/terraform/mcaptcha/variables.tf +++ b/terraform/mcaptcha/variables.tf @@ -44,3 +44,15 @@ variable "mcaptcha_vm_vcpu" { type = number default = 4 } + +variable "macvtap_ethernet_interface" { + description = "Ethernet interface on the host machine that can be used as macvtap" + type = string + default = "enp2s0" +} + +variable "ssh_public_key" { + description = "Set up SSH login for this public key" + type = string + default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/wXdHpwpY/4ubhYTmuNdGepQpj1kchvTUTApxMZyfyVW4uzrPRTYsle1y9QbTBV35qLkNajRC/wmC5/xPchdXpsJpuD9st1HMhLeR8qwaPyptiYJYT+z/WisWw2k6oWhG3QKvPoRtBdW9nhZnkG+O6zkuGXiRHpS7j2VVboDPpWEe1UdELQFVCwfraRal2g3ENFZ/9V1UrW/4ahRnQnSxERplZUm/fgSxQtmXubTkW68ut7yasBsrKFffMm8JztW0tWgTlTKONd3LCjv4juM0t5+cJDotNDnUR86Tq2PG8io7no/h8BWtazmjdpfGgn02ibX26BkdU0LDEYbJt5q9/Fh9TGk2ZwcMQeyepO1AWQgkmHXZWZELqu6MLQpqdtsOjHp9k0MeSpuIbdwzgf10Ydy7vK1z8irS24tVNNnJaMBwOlVOPwfyztHRADPkFcv2lKSjS1uyKR0FIkV8Kvs4txaIjmwv2LfMg6lF5W6j3ZPLyeE4cplJP0DDjzorSanu31xVnqVb3A8V9awsJ/4H7d59bI99c7QHL4K3fBVP3O0gqd31xAVRsdGs5Tj2P+RpiI6o5JJiOa1+DuBdWzrVIXYchQ30ZjaJp1wTNsYLmAsjeYuQZE2tf1xvywdzD4MB4avugDEWikzRWN9V5PHDZr1bamTCCjOrb2PRCd7eSQ== aravinth7820@gmail.com" +}