create-dc: Add script to provision DC VMs

Since I don't like to update Samba Active Directory Domain Controller servers in-place (it's never worked as well as you would think it should), I want the process for replacing them to be as automated as possible. To that end, I've written `create-dc.sh`, which handles the whole process of creating and configuring a new ADDC VM. The only things it doesn't do are transfer the FSMO roles and demote existing DC servers.
2024-06-12 18:58:04 -05:00 · 2024-06-12 18:58:04 -05:00 · eb9db2d729
parent 292ab4585c
commit eb9db2d729
1 changed files with 63 additions and 0 deletions
--- a/create-dc.sh
+++ b/create-dc.sh
@ -0,0 +1,63 @@
+#!/bin/sh
+# vim: set sw=4 ts=4 sts=4 et :
+
+export http_proxy=http://proxy.pyrocufflink.blue:3128/
+
+ipaddr=$1
+fedora=${2:-40}
+if [ -z "${ipaddr}" ]; then
+    printf 'usage: %s ipaddr [fedora]\n' "${0##*/}" >&2
+    exit 2
+fi
+if [ -z "${LIBVIRT_DEFAULT_URI}" ]; then
+    printf 'LIBVIRT_DEFAULT_URI environment variable must be set\n' >&2
+    exit 1
+fi
+
+wordlist=$(
+    python -c 'from diceware.wordlist import *;print(get_wordlist_path("en_eff"))'
+)
+
+name=dc-$(sort -R "${wordlist}" | awk '{if(length($2) < 13){print $2;exit}}')
+printf 'Creating VM %s : watch progress with\n' "${name}"
+printf '    virsh -c %s console %s\n' "$(virsh uri)" "${name}"
+virt-install \
+    --name ${name} \
+    --memory 2048 \
+    --vcpus 2 \
+    --cpu host \
+    --location http://dl.fedoraproject.org/pub/fedora/linux/releases/${fedora}/Everything/x86_64/os \
+    --extra-args "ip=${ipaddr}::172.30.0.1:255.255.255.192:${name}::none:172.30.0.1 inst.notmux inst.proxy=${http_proxy} inst.ks=http://rosalina.pyrocufflink.blue/~dustin/kickstart/fedora-dc.ks console=ttyS0 quiet systemd.show_status=1" \
+    --os-variant fedora$(rpm -E %fedora) \
+    --disk pool=default,size=16,cache=none \
+    --network network=prod,model=virtio \
+    --graphics none \
+    --sound none \
+    --redirdev none \
+    --rng /dev/urandom \
+    --noautoconsole \
+    --wait -1 \
+    || exit
+
+printf 'Waiting for %s to come up ...\n' "${name}"
+until ssh -l root "${ipaddr}" : >/dev/null 2>&1; do sleep 10; done
+
+ansible-playbook -l samba-dc facts.yml || exit
+
+sed -i \
+    -e "/\[pyrocufflink\]/a${name}.pyrocufflink.blue ansible_host=${ipaddr} ansible_user=root ansible_become=false" \
+    -e "/\[samba-dc\]/a${name}.pyrocufflink.blue" \
+    hosts \
+    || exit
+
+ansible-playbook -l "${name}".pyrocufflink.blue \
+    --become \
+    base.yml \
+    hostname.yml \
+    firewalld.yml \
+    pyrocufflink.yml \
+    promtail.yml \
+    domain-controller.yml \
+    collectd.yml \
+    auto-updates.yml \
+    -e @join.creds