Script creating new VMs #252
No reviewers
Labels
No Label
service
accounts
service
discourse
service
drone-ci
service
email
service
garage
service
gitea
service
ipfs
service
mastodon
service
postgres
service
remotestorage
service
wiki
service
xmpp
bug
design
dev environment
docs
duplicate
enhancement
feature
good first issue
idea
invalid
kredits-1
kredits-2
kredits-3
on hold
ops
question
release
major
release
minor
release
patch
security
ui/ux
wontfix
No Milestone
No project
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Blocks
#253 Upgrade Gitea to 1.13
kosmos/chef
Reference: kosmos/chef#252
Loading…
Reference in New Issue
No description provided.
Delete Branch "feature/244-new_vm_script"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
It uses
virt-install
with the official Ubuntu 20.04 cloud image as astarting point, with cloud-init to add our SSH keys to the ubuntu user
and set up Zerotier.
I have also extracted firewall rules to their own recipes, so they can be included on KVM hosts (see nodes files)
Closes #244
Cool. I left a few comments/questions.
@ -0,0 +22,4 @@
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
I think adding a whole license text to every recipe is complete overkill. Why not have a single LICENSE file at the repo root, like with every other software repo these days? What's the benefit of adding the license to every recipe file (but not other files)?
I don't know why Chef's generator does it like this. I'm open to this idea
@ -0,0 +3,4 @@
# The base VM was downloaded using the following commands:
# mkdir /var/lib/libvirt/images/base
# curl -o http://cloud-images.ubuntu.com/releases/focal/release/ubuntu-20.04-server-cloudimg-amd64-disk-kvm.img /var/lib/libvirt/images/base/ubuntu-20.04-server-cloudimg-amd64-disk-kvm.qcow2
This doesn't look right to me. It would attempt to download the path as a second file, no? The pathname should come after the
-o
flag.However, why not just use a normal file download resource in the KVM host recipe in the first place? Same amount of characters as this extended comment, but then it's automated and handles existing files.
@ -0,0 +73,4 @@
virt-install \
--name cloudinit-1 \
--ram 2048 \
--vcpus 1\
We won't want to edit the script on the host all the time, so why not simply:
@ -0,0 +77,4 @@
--cpu host \
--arch x86_64 \
--os-type linux \
--os-variant ubuntu16.04 \
I always set this to 20.04 when creating VMs in virt-manager.
When I set it to 20.04
virt-install
would fail (while setting up SSH), I couldn't find a way to figure out what was going on@ -0,0 +22,4 @@
platforms:
- name: ubuntu-18.04
- name: centos-7
Is this file actually used? We're on 20.04 now so it seems like this is some default template?
@ -0,0 +5,4 @@
description 'Installs/Configures kosmos_kvm'
long_description 'Installs/Configures kosmos_kvm'
version '0.1.0'
chef_version '>= 14.0'
This whole file seems to not have been edited after being generated.
@ -0,0 +7,4 @@
version '0.1.0'
chef_version '>= 14.0'
depends 'kosmos-base'
Same as for the other cookbook, this seems to have been left unedited after being generated.
I randomly thought about this again earlier today, and I'm actually not sure why the PR had to include firewall rules and such.
If we don't run the basic cookbook against the host again, then it won't destroy the existing ones for example. So this could actually have been two different PRs, one for the script itself, and one for the firewall config, as they are two different features.
You can still split it up, of course, but maybe now it's not worth it anymore. So just putting this here as input, and perhaps for the next PRs to keep in mind what's actually necessary for a feature/PR.
👍
Just one last thing: personally, I would move the KVM
default
recipe to an explicithost
recipe, because it's not clear if it configures a host or a guest.