From eb9db2d7291f8bba1636f33ea82dc545e5d9fe11 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Wed, 12 Jun 2024 18:58:04 -0500
Subject: [PATCH] create-dc: Add script to provision DC VMs

Since I don't like to update Samba Active Directory Domain Controller
servers in-place (it's never worked as well as you would think it
should), I want the process for replacing them to be as automated as
possible.  To that end, I've written `create-dc.sh`, which handles the
whole process of creating and configuring a new ADDC VM.  The only
things it doesn't do are transfer the FSMO roles and demote existing DC
servers.
---
 create-dc.sh | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)
 create mode 100644 create-dc.sh

diff --git a/create-dc.sh b/create-dc.sh
new file mode 100644
index 0000000..1a2ca97
--- /dev/null
+++ b/create-dc.sh
@@ -0,0 +1,63 @@
+#!/bin/sh
+# vim: set sw=4 ts=4 sts=4 et :
+
+export http_proxy=http://proxy.pyrocufflink.blue:3128/
+
+ipaddr=$1
+fedora=${2:-40}
+if [ -z "${ipaddr}" ]; then
+    printf 'usage: %s ipaddr [fedora]\n' "${0##*/}" >&2
+    exit 2
+fi
+if [ -z "${LIBVIRT_DEFAULT_URI}" ]; then
+    printf 'LIBVIRT_DEFAULT_URI environment variable must be set\n' >&2
+    exit 1
+fi
+
+wordlist=$(
+    python -c 'from diceware.wordlist import *;print(get_wordlist_path("en_eff"))'
+)
+
+name=dc-$(sort -R "${wordlist}" | awk '{if(length($2) < 13){print $2;exit}}')
+printf 'Creating VM %s : watch progress with\n' "${name}"
+printf '    virsh -c %s console %s\n' "$(virsh uri)" "${name}"
+virt-install \
+    --name ${name} \
+    --memory 2048 \
+    --vcpus 2 \
+    --cpu host \
+    --location http://dl.fedoraproject.org/pub/fedora/linux/releases/${fedora}/Everything/x86_64/os \
+    --extra-args "ip=${ipaddr}::172.30.0.1:255.255.255.192:${name}::none:172.30.0.1 inst.notmux inst.proxy=${http_proxy} inst.ks=http://rosalina.pyrocufflink.blue/~dustin/kickstart/fedora-dc.ks console=ttyS0 quiet systemd.show_status=1" \
+    --os-variant fedora$(rpm -E %fedora) \
+    --disk pool=default,size=16,cache=none \
+    --network network=prod,model=virtio \
+    --graphics none \
+    --sound none \
+    --redirdev none \
+    --rng /dev/urandom \
+    --noautoconsole \
+    --wait -1 \
+    || exit
+
+printf 'Waiting for %s to come up ...\n' "${name}"
+until ssh -l root "${ipaddr}" : >/dev/null 2>&1; do sleep 10; done
+
+ansible-playbook -l samba-dc facts.yml || exit
+
+sed -i \
+    -e "/\[pyrocufflink\]/a${name}.pyrocufflink.blue ansible_host=${ipaddr} ansible_user=root ansible_become=false" \
+    -e "/\[samba-dc\]/a${name}.pyrocufflink.blue" \
+    hosts \
+    || exit
+
+ansible-playbook -l "${name}".pyrocufflink.blue \
+    --become \
+    base.yml \
+    hostname.yml \
+    firewalld.yml \
+    pyrocufflink.yml \
+    promtail.yml \
+    domain-controller.yml \
+    collectd.yml \
+    auto-updates.yml \
+    -e @join.creds