Merge pull request 'feat-test-playbooks' (#5) from feat-test-playbooks into master
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful

Reviewed-on: #5
This commit is contained in:
Aravinth Manivannan 2023-12-13 00:49:03 +05:30
commit 74cd88322d
17 changed files with 222 additions and 304 deletions

1
.gitignore vendored
View file

@ -161,3 +161,4 @@ cython_debug/
#.idea/ #.idea/
ansible/credentials/ ansible/credentials/
terraform/mcaptcha/mcaptcha terraform/mcaptcha/mcaptcha
sec/

27
.woodpecker.yml Normal file
View file

@ -0,0 +1,27 @@
steps:
backend:
image: python:3-bookworm
environment:
- ANSIBLE_HOST_KEY_CHECKING=False
commands:
- export PATH=$PATH:/root/.local/bin
- eval "$(ssh-agent -s)"
- make ci.init
- cat terraform/mcaptcha/hosts.ini
# db: mariadb cache: redis
- . venv/bin/activate && ansible-playbook --become -i terraform/mcaptcha/hosts.ini --extra-vars "database_type=mariadb cache_type=redis" ./ansible/mcaptcha.yml
- INVENTORY=terraform/mcaptcha/hosts.ini make test.cache
- INVENTORY=terraform/mcaptcha/hosts.ini make test.mcaptcha
# db: postgres cache: redis
- . venv/bin/activate && ansible-playbook --become -i terraform/mcaptcha/hosts.ini --extra-vars "database_type=postgres cache_type=redis" ./ansible/mcaptcha.yml
- INVENTORY=terraform/mcaptcha/hosts.ini make test.cache
- INVENTORY=terraform/mcaptcha/hosts.ini make test.mcaptcha
# embedded cache
- . venv/bin/activate && ansible-playbook --become -i terraform/mcaptcha/hosts.ini --extra-vars "database_type=postgres cache_type=embedded" ./ansible/mcaptcha.yml
- INVENTORY=terraform/mcaptcha/hosts.ini make test.mcaptcha
# embedded cache
- . venv/bin/activate && ansible-playbook --become -i terraform/mcaptcha/hosts.ini --extra-vars "database_type=mariadb cache_type=embedded" ./ansible/mcaptcha.yml
- INVENTORY=terraform/mcaptcha/hosts.ini make test.mcaptcha
- make ci.clean
secrets: [TEST_NODE_SSH_KEY]

View file

@ -134,5 +134,29 @@ test.cache: ## Test cache configuration
test.mcaptcha: ## Test mcaptcha configuration test.mcaptcha: ## Test mcaptcha configuration
$(call test_mcaptcha) $(call test_mcaptcha)
ci.init:
apt-get update
apt-get install -y ca-certificates curl gnupg tar wget libssl-dev python3-pip cython3 pipx apt-transport-https coreutils iputils-ping openssh-client libvirt-clients genisoimage
./scripts/ci.sh --init "$$TEST_NODE_SSH_KEY"
ssh-add /tmp/ci-ssh-id
ssh -o StrictHostKeyChecking=accept-new mcaptcha-ci@192.168.0.102 "echo f"
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://packages.opentofu.org/opentofu/tofu/gpgkey | gpg --no-tty --batch --dearmor -o /etc/apt/keyrings/opentofu.gpg
chmod a+r /etc/apt/keyrings/opentofu.gpg
echo "deb [signed-by=/etc/apt/keyrings/opentofu.gpg] https://packages.opentofu.org/opentofu/tofu/any/ any main" > /etc/apt/sources.list.d/opentofu.list
echo "deb-src [signed-by=/etc/apt/keyrings/opentofu.gpg] https://packages.opentofu.org/opentofu/tofu/any/ any main" >> /etc/apt/sources.list.d/opentofu.list
apt-get update
apt-get install -y tofu
tofu -chdir=terraform/mcaptcha/ init
tofu -chdir=terraform/mcaptcha/ plan -var-file="ci.tfvars" -out="mcaptcha"
tofu -chdir=terraform/mcaptcha/ apply "mcaptcha"
pip install virtualenv && virtualenv venv
. venv/bin/activate && pip install -r requirements.txt
. venv/bin/activate && ansible-galaxy install -r ./ansible/requirements.yml
ci.clean:
echo yes | tofu -chdir=terraform/mcaptcha/ destroy -var-file="ci.tfvars"
./scripts/ci.sh --clean
help: ## Prints help for targets with comments help: ## Prints help for targets with comments
@cat $(MAKEFILE_LIST) | grep -E '^[a-zA-Z_-].+:.*?## .*$$' | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' @cat $(MAKEFILE_LIST) | grep -E '^[a-zA-Z_-].+:.*?## .*$$' | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'

View file

@ -6,7 +6,7 @@
ansible.builtin.import_playbook: base.yml ansible.builtin.import_playbook: base.yml
- name: Install redis cache - name: Install redis cache
hosts: mcaptcha_hosts hosts: all
pre_tasks: pre_tasks:
- name: Ensure all VMs are reachable - name: Ensure all VMs are reachable
ansible.builtin.ping: ansible.builtin.ping:

View file

@ -6,7 +6,7 @@
ansible.builtin.import_playbook: base.yml ansible.builtin.import_playbook: base.yml
- name: Install and configure postgres - name: Install and configure postgres
hosts: mcaptcha_hosts hosts: all
become: yes become: yes
vars_files: vars_files:
- vars/mcaptcha/vars.yml - vars/mcaptcha/vars.yml
@ -18,11 +18,11 @@
database_type == "postgres" database_type == "postgres"
- name: Install and configure mariadb - name: Install and configure mariadb
hosts: mcaptcha_hosts hosts: all
become: yes become: yes
vars_files: vars_files:
- vars/mcaptcha/vars.yml - vars/mcaptcha/vars.yml
- vars/mcaptcha/mariadb.yml.yml - vars/mcaptcha/mariadb.yml
tasks: tasks:
- ansible.builtin.include_role: - ansible.builtin.include_role:
name: geerlingguy.mysql name: geerlingguy.mysql
@ -30,7 +30,7 @@
database_type == "mariadb" database_type == "mariadb"
- name: Install and configure cache - name: Install and configure cache
hosts: mcaptcha_hosts hosts: all
become: yes become: yes
vars_files: vars_files:
- vars/mcaptcha/vars.yml - vars/mcaptcha/vars.yml
@ -41,7 +41,7 @@
when: cache_type == "redis" when: cache_type == "redis"
- name: Install mCaptcha binary - name: Install mCaptcha binary
hosts: mcaptcha_hosts hosts: all
vars_files: vars_files:
- vars/mcaptcha/vars.yml - vars/mcaptcha/vars.yml
roles: roles:

3
ansible/requirements.yml Normal file
View file

@ -0,0 +1,3 @@
- src: geerlingguy.mysql
- src: geerlingguy.postgresql

View file

@ -42,9 +42,9 @@
- name: Copy mCaptcha systemd servicefile - name: Copy mCaptcha systemd servicefile
become: true become: true
ansible.builtin.copy: ansible.builtin.template:
src: ./artifacts/mcaptcha/mcaptcha.service src: ./templates/mcaptcha/mcaptcha.service.j2
dest: /etc/systemd/system/ dest: /etc/systemd/system/mcaptcha.service
owner: root owner: root
group: root group: root
force: true force: true
@ -57,7 +57,7 @@
state: directory state: directory
mode: "0755" mode: "0755"
- name: Copy mCaptcha systemd servicefile - name: Copy mCaptcha config file
become: true become: true
notify: restart mcaptcha notify: restart mcaptcha
ansible.builtin.template: ansible.builtin.template:

View file

@ -2,18 +2,23 @@
Description=mCaptcha: PoW CAPTCHA system Description=mCaptcha: PoW CAPTCHA system
After=syslog.target After=syslog.target
After=network.target After=network.target
###
# Don't forget to add the database service dependencies {% if cache_type == 'redis' %}
### Wants=redis.service
# After=redis.service
#Wants=mariadb.service {% endif %}
#After=mariadb.service
# {% if database_type == 'postgres' %}
Wants=postgresql.service Wants=postgresql.service
After=postgresql.service After=postgresql.service
# {% endif %}
#Wants=redis.service
#After=redis.service {% if database_type == 'mariadb' %}
Wants=mariadb.service
After=mariadb.service
{% endif %}
[Service] [Service]
RestartSec=2s RestartSec=2s

View file

@ -1,289 +1,31 @@
ansible==8.1.0 ansible==9.1.0
ansible-core==2.15.1 ansible-core==2.16.2
certifi==2023.5.7 certifi==2023.11.17
cffi==1.15.1 cffi==1.16.0
charset-normalizer==3.2.0 charset-normalizer==3.3.2
contextvars==2.4 contextvars==2.4
cryptography==41.0.2 cryptography==41.0.7
distro==1.8.0 distro==1.8.0
execnet==2.0.2 execnet==2.0.2
idna==3.4 idna==3.6
immutables==0.19 immutables==0.20
iniconfig==2.0.0 iniconfig==2.0.0
Jinja2==3.1.2 Jinja2==3.1.2
jmespath==1.0.1 jmespath==1.0.1
looseversion==1.3.0 looseversion==1.3.0
MarkupSafe==2.1.3 MarkupSafe==2.1.3
msgpack==1.0.5 msgpack==1.0.7
packaging==23.1 packaging==23.2
pluggy==1.2.0 pluggy==1.3.0
psutil==5.9.5 psutil==5.9.6
pycparser==2.21 pycparser==2.21
pycryptodomex==3.18.0 pycryptodomex==3.19.0
pytest==7.4.0 pytest==7.4.3
pytest-testinfra==8.1.0 pytest-testinfra==10.0.0
pytest-xdist==3.3.1 pytest-xdist==3.5.0
PyYAML==6.0
pyzmq==25.0.2
requests==2.31.0
resolvelib==1.0.1
salt==3006.1
urllib3==2.0.3
airdrop-ng==1.1
airgraph-ng==1.1
apparmor==3.1.6
appdirs==1.4.4
argcomplete==2.0.0
asttokens==2.2.1
async-timeout==4.0.2
attrs==22.2.0
autocommand==2.2.2
autopage==0.5.1
Babel==2.12.1
beautifulsoup4==4.12.2
binwalk==2.3.3
black==23.7.0
borgbackup==1.2.4
Brlapi==0.8.5
btrfsutil==6.3.3
certifi==2023.7.22
cffi==1.15.1
chardet==5.2.0
charset-normalizer==3.2.0
click==8.1.6
cliff==4.3.0
cmd2==2.4.3
codespell==2.2.5
colorama==0.4.6
ConfigArgParse==1.5.3
contourpy==1.1.0
crit==3.18
cryptography==41.0.3
cupshelpers==1.0
cycler==0.11.0
Cython==3.0.0
dbus-python==1.3.2
debtcollector==2.5.0
decorator==5.1.1
defusedxml==0.7.1
deprecation==2.1.0
devtools==0.11.0
distlib==0.3.7
distro==1.8.0
dnspython==2.3.0
dogpile.cache==1.1.8
executing==1.2.0
fastjsonschema==2.18.0
filelock==3.12.2
fonttools==4.42.0
gevent==22.10.2
git-filter-repo==2.38.0
gpg==1.21.0
greenlet==2.0.2
html5lib==1.1
httpie==3.2.1
idna==3.4
importlib-metadata==5.0.0
inflect==7.0.0
iotop==0.6
iso8601==2.0.0
jaraco.context==4.3.0
jaraco.functools==3.8.1
jaraco.text==3.11.1
jedi==0.18.2
jmespath==1.0.1
jsonpatch==1.33
jsonpointer==2.4
jsonschema==4.19.0
jsonschema-specifications==2023.7.1
keystoneauth1==5.2.1
kiwisolver==1.4.4
lensfun==0.3.4
LibAppArmor==3.1.6
libfdt==1.7.0
libtorrent==2.0.9
libvirt-python==9.6.0
lit==15.0.7.dev0
louis==3.26.0
lxml==4.9.2
Mako==1.2.4
mallard-ducktype==1.0.2
Markdown==3.4.4
markdown-it-py==2.2.0
MarkupSafe==2.1.3
matplotlib==3.7.2
mdurl==0.1.2
MemoizeDB==2021.11.20.2.41.2
meson==1.2.1
more-itertools==10.1.0
msgpack==1.0.5
multidict==6.0.4
mypy-extensions==1.0.0
netaddr==0.8.0
netifaces==0.11.0
nftables==0.1
numpy==1.25.1
openshot-qt==3.1.1
openstacksdk==1.0.1
ordered-set==4.1.0
os-service-types==1.7.0
osc-lib==2.8.0
oslo.config==9.1.1
oslo.i18n==6.0.0
oslo.serialization==5.1.1
oslo.utils==6.1.0
packaging==23.1
parso==0.8.3
pathspec==0.11.2
pbr==5.11.1
perf==0.1
Pillow==10.0.0
pipenv==2023.7.23
pipx==1.2.0
platformdirs==3.10.0
ply==3.11
pm2ml==2021.11.20.2.41.2
pooch==1.7.0
Powerpill==2021.11.20.2.41.2
prettytable==3.6.0
protobuf==4.23.4
psutil==5.9.5
pwquality==1.4.5
pyalpm==0.10.6
pyasn1==0.4.8
pybind11==2.11.1
pycairo==1.24.0
pycparser==2.21
pycups==2.0.1
pycurl==7.45.2
pydantic==1.10.9
Pygments==2.16.1
PyGObject==3.44.1
pynvim==0.4.3
pyOpenSSL==23.2.0
pyparsing==3.0.9
pyperclip==1.8.2
PyQt5==5.15.9
PyQt5-sip==12.12.2
PyQtWebEngine==5.15.6
pyrsistent==0.19.3
pysequoia==0.1.20
PySocks==1.7.1
python-cinderclient==9.3.0
python-dateutil==2.8.2
python-glanceclient==4.1.0
python-keystoneclient==5.1.0
python-novaclient==18.3.0
python-openstackclient==6.2.0
pytz==2023.3
pyxdg==0.28
PyYAML==6.0.1 PyYAML==6.0.1
pyzmq==25.1.1 pyzmq==25.1.2
redis==4.6.0
referencing==0.30.2
Reflector==2023.6.28.0.36.1
requests==2.28.2
requests-toolbelt==1.0.0
requestsexceptions==1.4.0
rfc3986==2.0.0
rich==13.5.2
rpds-py==0.9.2
rpm==4.18.1
scipy==1.11.1
simplejson==3.19.1
six==1.16.0
soupsieve==2.4.1
stevedore==5.1.0
TBB==0.2
tomli==2.0.1
torbrowser-launcher==0.3.6
tqdm==4.65.0
trash-cli==0.23.2.13.2
trimage==1.0.6
trove-classifiers==2023.8.8
typing_extensions==4.7.1
uc-micro-py==1.0.2
ufw==0.36.2
urllib3==1.26.15
userpath==1.8.0
validate-pyproject==0.13.post1.dev0+gb752273.d20230520
vboxapi==1.0
virtualenv==20.24.3
virtualenv-clone==0.5.7
warlock==2.0.1
wcwidth==0.2.6
webencodings==0.5.1
wrapt==1.14.1
XCGF==2021.11.20.2.41.3
XCPF==2021.12.24.10.22.41
youtube-dl==2021.12.17
yt-dlp==2023.7.6
zipp==3.16.2
zope.event==5.0
zope.interface==6.0
ansible==8.1.0
ansible-compat==4.1.6
ansible-core==2.15.1
ansible-lint==6.17.2
astroid==2.15.6
attrs==23.1.0
black==23.7.0
bracex==2.3.post1
certifi==2023.5.7
cffi==1.15.1
charset-normalizer==3.2.0
click==8.1.6
contextvars==2.4
cryptography==41.0.2
dill==0.3.7
distro==1.8.0
execnet==2.0.2
filelock==3.12.2
gitdb==4.0.10
GitPython==3.1.32
idna==3.4
immutables==0.19
iniconfig==2.0.0
isort==5.12.0
Jinja2==3.1.2
jmespath==1.0.1
jsonschema==4.19.0
jsonschema-specifications==2023.7.1
lazy-object-proxy==1.9.0
lint==1.2.1
looseversion==1.3.0
markdown-it-py==3.0.0
MarkupSafe==2.1.3
mccabe==0.7.0
mdurl==0.1.2
msgpack==1.0.5
mypy-extensions==1.0.0
packaging==23.1
pathspec==0.11.2
platformdirs==3.10.0
pluggy==1.2.0
psutil==5.9.5
pycparser==2.21
pycryptodomex==3.18.0
Pygments==2.16.1
pylint==2.17.5
pytest==7.4.0
pytest-testinfra==8.1.0
pytest-xdist==3.3.1
PyYAML==6.0
pyzmq==25.0.2
referencing==0.30.2
requests==2.31.0 requests==2.31.0
resolvelib==1.0.1 resolvelib==1.0.1
rich==13.5.2 salt==3006.4
rpds-py==0.9.2 urllib3==2.1.0
ruamel.yaml==0.17.32
ruamel.yaml.clib==0.2.7
salt==3006.1
smmap==5.0.0
subprocess-tee==0.4.1
tomlkit==0.12.1
urllib3==2.0.3
wcmatch==8.4.1
wrapt==1.15.0
yamllint==1.32.0

84
scripts/ci.sh Executable file
View file

@ -0,0 +1,84 @@
#!/bin/bash
# ci.sh: Helper script to automate deployment operations on CI/CD
# Copyright © 2022 Aravinth Manivannan <realaravinth@batsense.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
set -xEeuo pipefail
#source $(pwd)/scripts/lib.sh
readonly SSH_ID_FILE=/tmp/ci-ssh-id
match_arg() {
if [ $1 == $2 ] || [ $1 == $3 ]
then
return 0
else
return 1
fi
}
help() {
cat << EOF
USAGE: ci.sh [SUBCOMMAND]
Helper script to automate deployment operations on CI/CD
Subcommands
-c --clean cleanup secrets, SSH key and other runtime data
-i --init <SSH_PRIVATE_KEY> initialize environment, write SSH private to file
-h --help print this help menu
EOF
}
# $1: SSH private key
write_ssh(){
truncate --size 0 $SSH_ID_FILE
echo "$1" > $SSH_ID_FILE
chmod 600 $SSH_ID_FILE
}
clean() {
if [ -f $SSH_ID_FILE ]
then
shred $SSH_ID_FILE
rm $SSH_ID_FILE
fi
}
if (( "$#" < 1 ))
then
help
exit -1
fi
if match_arg $1 '-i' '--init'
then
if (( "$#" < 2 ))
then
help
exit -1
fi
write_ssh "$2"
elif match_arg $1 '-c' '--clean'
then
clean
elif match_arg $1 '-h' '--help'
then
help
else
help
fi

View file

@ -0,0 +1,5 @@
libvirt_uri = "qemu+ssh://mcaptcha-ci@192.168.0.102/system?keyfile=/tmp/ci-ssh-id&sshauth=privkey&no_verify=1"
libvirt_pool_path = "/home/mcaptcha-ci/libvirt/pool/mcaptcha_basic"
libvirt_debian_src = "http://192.168.0.102/debian-12-generic-amd64.qcow2"
macvtap_ethernet_interface = "enp2s0"
ssh_public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBCYagT9/PXoeaUae7Z3BKOPKBiEvJsCTUIhPCcRp5fb mcaptcha-ci@hellbat.batsense.net"

View file

@ -1,10 +1,17 @@
#cloud-config #cloud-config
# vim: syntax=yaml # vim: syntax=yaml
packages:
- sudo
- qemu-guest-agent
runcmd:
- [ systemctl, daemon-reload ]
- [ systemctl, enable, qemu-guest-agent.service ]
- [ systemctl, start, --wait, qemu-guest-agent.service ]
users: users:
- name: root - name: root
ssh_authorized_keys: ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/wXdHpwpY/4ubhYTmuNdGepQpj1kchvTUTApxMZyfyVW4uzrPRTYsle1y9QbTBV35qLkNajRC/wmC5/xPchdXpsJpuD9st1HMhLeR8qwaPyptiYJYT+z/WisWw2k6oWhG3QKvPoRtBdW9nhZnkG+O6zkuGXiRHpS7j2VVboDPpWEe1UdELQFVCwfraRal2g3ENFZ/9V1UrW/4ahRnQnSxERplZUm/fgSxQtmXubTkW68ut7yasBsrKFffMm8JztW0tWgTlTKONd3LCjv4juM0t5+cJDotNDnUR86Tq2PG8io7no/h8BWtazmjdpfGgn02ibX26BkdU0LDEYbJt5q9/Fh9TGk2ZwcMQeyepO1AWQgkmHXZWZELqu6MLQpqdtsOjHp9k0MeSpuIbdwzgf10Ydy7vK1z8irS24tVNNnJaMBwOlVOPwfyztHRADPkFcv2lKSjS1uyKR0FIkV8Kvs4txaIjmwv2LfMg6lF5W6j3ZPLyeE4cplJP0DDjzorSanu31xVnqVb3A8V9awsJ/4H7d59bI99c7QHL4K3fBVP3O0gqd31xAVRsdGs5Tj2P+RpiI6o5JJiOa1+DuBdWzrVIXYchQ30ZjaJp1wTNsYLmAsjeYuQZE2tf1xvywdzD4MB4avugDEWikzRWN9V5PHDZr1bamTCCjOrb2PRCd7eSQ== aravinth7820@gmail.com - ${ssh_public_key}
- name: atm - name: atm
gecos: Aravinth Manivannan gecos: Aravinth Manivannan
groups: users, admin groups: users, admin
@ -13,7 +20,7 @@ users:
lock_passwd: true lock_passwd: true
plain_text_passwd: fooabr12 plain_text_passwd: fooabr12
ssh_authorized_keys: ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/wXdHpwpY/4ubhYTmuNdGepQpj1kchvTUTApxMZyfyVW4uzrPRTYsle1y9QbTBV35qLkNajRC/wmC5/xPchdXpsJpuD9st1HMhLeR8qwaPyptiYJYT+z/WisWw2k6oWhG3QKvPoRtBdW9nhZnkG+O6zkuGXiRHpS7j2VVboDPpWEe1UdELQFVCwfraRal2g3ENFZ/9V1UrW/4ahRnQnSxERplZUm/fgSxQtmXubTkW68ut7yasBsrKFffMm8JztW0tWgTlTKONd3LCjv4juM0t5+cJDotNDnUR86Tq2PG8io7no/h8BWtazmjdpfGgn02ibX26BkdU0LDEYbJt5q9/Fh9TGk2ZwcMQeyepO1AWQgkmHXZWZELqu6MLQpqdtsOjHp9k0MeSpuIbdwzgf10Ydy7vK1z8irS24tVNNnJaMBwOlVOPwfyztHRADPkFcv2lKSjS1uyKR0FIkV8Kvs4txaIjmwv2LfMg6lF5W6j3ZPLyeE4cplJP0DDjzorSanu31xVnqVb3A8V9awsJ/4H7d59bI99c7QHL4K3fBVP3O0gqd31xAVRsdGs5Tj2P+RpiI6o5JJiOa1+DuBdWzrVIXYchQ30ZjaJp1wTNsYLmAsjeYuQZE2tf1xvywdzD4MB4avugDEWikzRWN9V5PHDZr1bamTCCjOrb2PRCd7eSQ== aravinth7820@gmail.com - ${ssh_public_key}
ssh_pwauth: true ssh_pwauth: true
chpasswd: chpasswd:

View file

@ -32,6 +32,9 @@ resource "libvirt_volume" "debian-mcaptcha-qcow2" {
data "template_file" "user_data" { data "template_file" "user_data" {
template = file("${path.module}/cloud_init.cfg") template = file("${path.module}/cloud_init.cfg")
vars = {
ssh_public_key = var.ssh_public_key
}
} }
data "template_file" "network_config" { data "template_file" "network_config" {

View file

@ -13,9 +13,10 @@ resource "libvirt_volume" "mcaptcha_volume" {
resource "libvirt_domain" "mcaptcha_mcaptcha" { resource "libvirt_domain" "mcaptcha_mcaptcha" {
count = var.mcaptcha_vm_count count = var.mcaptcha_vm_count
name = "mcaptcha_mcaptcha_${count.index}" name = "mcaptcha_mcaptcha_${count.index}"
memory = var.mcaptcha_vm_memory memory = var.mcaptcha_vm_memory
vcpu = var.mcaptcha_vm_vcpu vcpu = var.mcaptcha_vm_vcpu
qemu_agent = true
cloudinit = libvirt_cloudinit_disk.commoninit.id cloudinit = libvirt_cloudinit_disk.commoninit.id
@ -31,8 +32,9 @@ resource "libvirt_domain" "mcaptcha_mcaptcha" {
target_port = "1" target_port = "1"
} }
network_interface { network_interface {
network_name = "default" macvtap = var.macvtap_ethernet_interface
wait_for_lease = true wait_for_lease = true
} }
@ -41,6 +43,8 @@ resource "libvirt_domain" "mcaptcha_mcaptcha" {
} }
} }
locals { locals {
mcaptcha_vm_ips = [for i in libvirt_domain.mcaptcha_mcaptcha : i.network_interface.0.addresses[0]] mcaptcha_vm_ips = [for i in libvirt_domain.mcaptcha_mcaptcha : i.network_interface.0.addresses[0]]
mcaptcha_vm_names = [for i in libvirt_domain.mcaptcha_mcaptcha : i.name] mcaptcha_vm_names = [for i in libvirt_domain.mcaptcha_mcaptcha : i.name]

View file

@ -2,3 +2,4 @@ version: 2
ethernets: ethernets:
ens3: ens3:
dhcp4: true dhcp4: true
# ip: 192.168.0.115

View file

@ -12,7 +12,7 @@ resource "local_file" "hosts_yml" {
{ {
mcaptcha_vms_ips = local.mcaptcha_vm_ips, mcaptcha_vms_ips = local.mcaptcha_vm_ips,
mcaptcha_vms_names = local.mcaptcha_vm_names, mcaptcha_vms_names = local.mcaptcha_vm_names,
mcaptcha_vms = local.mcaptcha_vm_map mcaptcha_vms = local.mcaptcha_vm_map
}) })

View file

@ -44,3 +44,15 @@ variable "mcaptcha_vm_vcpu" {
type = number type = number
default = 4 default = 4
} }
variable "macvtap_ethernet_interface" {
description = "Ethernet interface on the host machine that can be used as macvtap"
type = string
default = "enp2s0"
}
variable "ssh_public_key" {
description = "Set up SSH login for this public key"
type = string
default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/wXdHpwpY/4ubhYTmuNdGepQpj1kchvTUTApxMZyfyVW4uzrPRTYsle1y9QbTBV35qLkNajRC/wmC5/xPchdXpsJpuD9st1HMhLeR8qwaPyptiYJYT+z/WisWw2k6oWhG3QKvPoRtBdW9nhZnkG+O6zkuGXiRHpS7j2VVboDPpWEe1UdELQFVCwfraRal2g3ENFZ/9V1UrW/4ahRnQnSxERplZUm/fgSxQtmXubTkW68ut7yasBsrKFffMm8JztW0tWgTlTKONd3LCjv4juM0t5+cJDotNDnUR86Tq2PG8io7no/h8BWtazmjdpfGgn02ibX26BkdU0LDEYbJt5q9/Fh9TGk2ZwcMQeyepO1AWQgkmHXZWZELqu6MLQpqdtsOjHp9k0MeSpuIbdwzgf10Ydy7vK1z8irS24tVNNnJaMBwOlVOPwfyztHRADPkFcv2lKSjS1uyKR0FIkV8Kvs4txaIjmwv2LfMg6lF5W6j3ZPLyeE4cplJP0DDjzorSanu31xVnqVb3A8V9awsJ/4H7d59bI99c7QHL4K3fBVP3O0gqd31xAVRsdGs5Tj2P+RpiI6o5JJiOa1+DuBdWzrVIXYchQ30ZjaJp1wTNsYLmAsjeYuQZE2tf1xvywdzD4MB4avugDEWikzRWN9V5PHDZr1bamTCCjOrb2PRCd7eSQ== aravinth7820@gmail.com"
}