Update ubuntu plan for internal VMs, add availability check

2025-04-10 17:42:49 -04:00 · 2025-04-10 17:42:49 -04:00 · 9a72f07ec7
commit 9a72f07ec7
parent e6b975927d
8 changed files with 123 additions and 13 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,5 @@
 .DS_Store
 alpine-iso
-keys
+keys
+user-data
+user-data-internal
--- a/README.md
+++ b/README.md
@ -176,15 +176,28 @@ ssh moeny@ns1.moeny.ai "sudo rndc sync moeny.ai"

 ## VMs on an Internal Network

-In order to spin up VMs on an internal network, you will need to generate an Alpine iso comatible with the internal IPs you are using and specify its path. You will also want to declare the staging IP and gateway IP parameters accordingly. Here is a sample command to run the Alpine bolt plan.
+In order to spin up VMs on an internal network, you will need to generate an Alpine iso compatible with the internal IPs you are using and specify its path. You will also want to declare the staging IP and gateway IP parameters accordingly. Here is a sample command to run the Alpine bolt plan.

 ```bash
 bolt plan run bolt_vm_automation::create_alpine \
-  vm_name=moeny-service \
+  vm_name=moeny-service-alpine \
  ip_with_cidr=10.44.0.20/24 \
-  hostname=moeny-service \
+  hostname=moeny-service-alpine \
  network=internal-moeny \
  staging_ip=10.44.0.250 \
  gateway_ip=10.44.0.1 \
  iso_path=/mnt/nfs/kvm-isos/iso-build/alpine-autoinstall-internal_moeny.iso -v
+```
+
+Similarly, a new Ubuntu iso will need to be generated that is compatible with the internal IPs. This can be done by simply updating the `user-data` file from Step 6 to have the proper network configuration, as in [`user-data-internal`](user-data-internal.yaml). Here is a sample command to run the Ubuntu bolt plan.
+
+```bash
+bolt plan run bolt_vm_automation::create_ubuntu \
+  vm_name=moeny-service-ubuntu \
+  ip_with_cidr=10.44.0.20/24 \
+  hostname=moeny-service-ubuntu \
+  network=internal-moeny \
+  gateway=10.44.0.1 \
+  iso_path=/mnt/nfs/kvm-isos/iso-build/ubuntu-22.04-autoinstall-internal_moeny.iso \
+  vm_target=vm-template-internal -v
 ```
--- a/bolt_vm_automation/inventory.yaml
+++ b/bolt_vm_automation/inventory.yaml
@ -12,15 +12,21 @@ groups:
        uri: astrocore.masiero.us

  - name: new-vm
+    config:
+      transport: ssh
+      ssh:
+        user: moeny
+        private-key: ~/.ssh/DMMF-20211104
+        host-key-check: false
    targets:
-      - name: vm-template-staging
+      - name: vm-template-public
        config:
-          transport: ssh
          ssh:
            host: 100.40.223.190
-            user: moeny
-            private-key: ~/.ssh/DMMF-20211104
-            host-key-check: false
+      - name: vm-template-internal
+        config:
+          ssh:
+            host: 10.44.0.250

  - name: alpine-vms
    config:
--- a/bolt_vm_automation/plans/create_ubuntu.yaml
+++ b/bolt_vm_automation/plans/create_ubuntu.yaml
@ -4,10 +4,14 @@ parameters:
    type: String
    description: "Target host to create the VM on"
    default: "vortex"
+  vm_target:
+    type: String
+    description: "Target VM for post-installation tasks"
+    default: "vm-template-public"
  iso_path:
    type: String
    description: "Path to the ISO file"
-    default: "/mnt/nfs/kvm-isos/iso-build/ubuntu-22.04-autoinstall.iso"
+    default: "/mnt/nfs/kvm-isos/iso-build/ubuntu-22.04-autoinstall-wan_verizon.iso"
  vm_name:
    type: String
    description: "Name of the VM"
@ -66,6 +70,13 @@ parameters:
    default: "1.1.1.1"

 steps:
+  - name: check_ip_availability
+    description: Check if the target IP is already in use
+    task: bolt_vm_automation::check_ip_availability
+    targets: localhost
+    parameters:
+      network: $network
+
  - name: create_vm
    task: bolt_vm_automation::create_ubuntu
    targets: $target
@ -82,11 +93,11 @@ steps:
  - name: install_docker
    description: Install Docker on the VM
    task: bolt_vm_automation::install_docker_ubuntu
-    targets: vm-template-staging
+    targets: $vm_target

  - name: system_setup
    task: bolt_vm_automation::system_setup_ubuntu
-    targets: vm-template-staging
+    targets: $vm_target
    parameters:
      ip_with_cidr: $ip_with_cidr
      hostname: $hostname
--- a/bolt_vm_automation/tasks/check_ip_availability.json
+++ b/bolt_vm_automation/tasks/check_ip_availability.json
@ -0,0 +1,9 @@
+{
+  "description": "Check if the target IP is already in use",
+  "parameters": {
+    "network": {
+      "type": "String",
+      "description": "Network type (internal-moeny or wan-verizon)"
+    }
+  }
+} 
--- a/bolt_vm_automation/tasks/check_ip_availability.sh
+++ b/bolt_vm_automation/tasks/check_ip_availability.sh
@ -0,0 +1,23 @@
+#!/bin/bash
+
+# Extract parameters
+network="$PT_network"
+
+# Determine which IP to ping based on network
+if [ "$network" = "internal-moeny" ]; then
+    ping_ip="10.44.0.250"
+elif [ "$network" = "wan-verizon" ]; then
+    ping_ip="100.40.223.190"
+else
+    echo "{\"status\": \"error\", \"message\": \"Unsupported network type: $network. Must be either internal-moeny or wan-verizon.\"}"
+    exit 1
+fi
+
+# Ping the target IP with 3 second timeout
+if ping -c 1 -W 3 "$ping_ip" > /dev/null 2>&1; then
+    echo "{\"status\": \"error\", \"message\": \"IP $ping_ip is already in use. Please choose a different IP.\"}"
+    exit 1
+else
+    echo "{\"status\": \"success\", \"message\": \"IP $ping_ip is available.\"}"
+    exit 0
+fi 
--- a/bolt_vm_automation/tasks/system_setup_ubuntu.sh
+++ b/bolt_vm_automation/tasks/system_setup_ubuntu.sh
@ -20,7 +20,7 @@ sudo DEBIAN_FRONTEND=noninteractive apt-get -y install iptables-persistent

 # Restrict SSH access
 sudo iptables -A INPUT -p tcp --dport 22 -s 100.40.223.128/26 -j ACCEPT
-sudo iptables -A INPUT -p tcp --dport 22 -s 173.62.109.73/32 -j ACCEPT
+sudo iptables -A INPUT -p tcp --dport 22 -s 10.0.0.0/8  -j ACCEPT
 sudo iptables -A INPUT -p tcp --dport 22 -j DROP
 # Use netfilter-persistent to save rules instead of direct file writing
 sudo netfilter-persistent save
--- a/user-data-internal.yaml
+++ b/user-data-internal.yaml
@ -0,0 +1,46 @@
+#cloud-config
+---
+autoinstall:
+  version: 1
+  locale: en_US.UTF-8
+  keyboard:
+    layout: us
+  identity:
+    hostname: vm-template-staging
+    username: moeny
+    password: '$6$rounds=4096$saltsaltsaltsalt$hashedpasswordhere'
+  ssh:
+    install-server: true
+    authorized-keys:
+      # Add username or email to end of authorized-key below
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCRMJNdI/n/7xYN65zHFN8hlRSDg5OPJ12AwOsUyP8OmKCQTapoVQ/suvjaUTCtt8o28QNIQm1vAD03hFNzVJn6F6FJu9vUbR+YqlmzmzGJXB6sWWTEnc9/GsVvLoculuzFYfa2qU9xFbuUTtqFRu6qor82TPAhy/yVWzIvRxlfuxKLpdU9paKiV+WtCkSpVoBgIH6soBE1swMX4ILIOGeFTrmCdBac4K1Bs0OarKtShR6PHdNiqPlwpCeQQDZD8ops69yBMc0t6poFZC9FYSj7arJEWvZN9YtUr+PJiYZQc+gIG4enPW1Zf4FEkXXvH/t6RaYMq9w/P5lIUNOVe169
+    allow-pw: false
+
+  network:
+    version: 2
+    ethernets:
+      enp1s0:
+        dhcp4: false
+        addresses:
+          - 10.44.0.250/24
+        gateway4: 10.44.0.1
+        nameservers:
+          addresses:
+            - 8.8.8.8
+            - 8.8.4.4
+  storage:
+    layout:
+      name: lvm
+      sizing-policy: all
+  packages:
+    - vim
+    - btop
+    - net-tools
+    - fping
+  user-data:
+    disable_root: false
+  updates: all
+  shutdown: reboot
+
+  late-commands:
+    - ["curtin", "in-target", "--target=/target", "--", "/bin/bash", "-c", "echo '%sudo ALL=(ALL) NOPASSWD: ALL' | tee -a /etc/sudoers.d/nopasswd_sudo_group"]