Docs, configure hostnet

Author: nightkr

README.md

@@ -0,0 +1,57 @@
+# ad-init
+
+## What is it?
+
+A testing tool that installs and configures a Windows VM with Active Directory, and configures a Stackable Data Platform
+cluster to use it.
+
+The latter includes, for example:
+
+- Rewriting the Kubernetes Corefile to delegate DNS for the AD domain
+- Creating a SecretClass for provisioning Kerberos principals
+- Creating a user for the SecretClass
+- Installing credentials for the above into the Kubernetes cluster
+
+## What isn't it?
+
+It does not configure a production-ready cluster. For example, many passwords will be the hard-coded dummy value "Asdf1234".
+
+It also assumes that the Kubernetes cluster and Windows VM will be running on the same machine, or have full connectivity between each other.
+
+## Prerequisites
+
+- Libvirt and QEMU
+- Ansible
+- A Windows Server installation ISO (download from https://info.microsoft.com/ww-landing-windows-server-2022.html)
+- A Kubernetes cluster (kind is suggested) running the Stackable Data Platform
+
+In addition, for a completely unattended installation, the ISO must be patched using cdrtools.
+
+## Using it
+
+1. Put your Windows ISO in `target/Windows Server 2022 EVAL.iso` (or modify `install_iso_windows` to point at it)
+2. Run `ansible-playbook install.yaml -i inventory.ini`
+3. Open virt-manager
+4. When the VM appears, open it and answer the "press any key to boot" prompt (reboot the VM if you missed it)
+5. Wait for the playbook to complete
+6. Done!
+
+### Completely unattended (noprompt patch)
+
+The "press any key to boot" prompt can be disabled by patching the Windows ISO, but this requires a slightly manual one-time process as root:
+
+```shell
+mkdir tmp
+sudo mount "/path/to/Windows Server 2022 EVAL.iso" tmp -o loop -t udf
+mkisofs -o windows-2k22-noprompt.iso --udf -eltorito-boot efi/microsoft/boot/efisys_noprompt.bin --iso-level 4 tmp
+sudo umount tmp
+rmdir tmp
+```
+
+After this, `install_iso_windows` can be pointed at `windows-2k22-noprompt.iso` instead to fully automate the process. `ansible-playbook install.yaml -i inventory.ini` should then be enough.
+
+## Troubleshooting
+
+### LDAP error: connection reset by peer
+
+Once everything installed, it will take a little bit for Windows to decide to provision a certificate for the domain controller. It should resolve itself after a few minutes.

roles/create-vm/defaults/main.yaml

@@ -7,9 +7,12 @@ vm_disk_name: stackable-adds-test.qcow2
 vm_disk_pool: default
 vm_disk_size_gib: 30
 vm_disk_format: qcow2
-vm_disk_path: /var/lib/libvirt/images/stackable-adds-test.qcow2
 
-install_iso_windows: /mnt/data/DL/OS/Windows Server 2022 EVAL.iso
+vm_network_hostnet_name: stackable-adds-test-hostnet
+vm_network_hostnet_subnet: 192.168.197.0/24
+vm_network_internet_name: default
+
+install_iso_windows: "{{ lookup('first_found', 'target') }}/Windows Server 2022 EVAL.iso"
 
 install_iso_virtio_win_url: https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.248-1/virtio-win-0.1.248.iso
 install_iso_virtio_win_checksum: sha256:d5b5739cf297f0538d263e30678d5a09bba470a7c6bcbd8dff74e44153f16549

roles/create-vm/tasks/main.yaml

@@ -24,6 +24,17 @@
     url: "{{ install_exe_spice_guest_tools_url }}"
     checksum: "{{ install_exe_spice_guest_tools_checksum }}"
 
+- name: Create VM Network
+  community.libvirt.virt_net:
+    name: "{{ vm_network_hostnet_name }}"
+    command: define
+    xml: "{{ lookup('template', 'windows-vm-network.xml.j2') }}"
+    uri: "{{ libvirt_uri }}"
+- name: Start VM Network
+  community.libvirt.virt_net:
+    name: "{{ vm_network_hostnet_name }}"
+    state: active
+    uri: "{{ libvirt_uri }}"
 - name: Create VM
   community.libvirt.virt:
     command: define

roles/create-vm/templates/windows-vm-network.xml.j2

@@ -0,0 +1,13 @@
+<network connections="1">
+  <name>{{ vm_network_hostnet_name }}</name>
+  <forward mode="route"/>
+  <ip
+    address="{{ vm_network_hostnet_subnet | ansible.utils.ipaddr('next_usable') }}"
+    netmask="{{ vm_network_hostnet_subnet | ansible.utils.ipaddr('netmask') }}">
+    <dhcp>
+      <range
+        start="{{ vm_network_hostnet_subnet | ansible.utils.next_nth_usable(2) }}"
+        end="{{ vm_network_hostnet_subnet | ansible.utils.ipaddr('last_usable') }}"/>
+    </dhcp>
+  </ip>
+</network>

roles/create-vm/templates/windows-vm.xml.j2

@@ -64,13 +64,15 @@
       <readonly/>
     </disk>
     <controller type="scsi" index="0" model="virtio-scsi"/>
+    <!-- Docker/Kind does not route traffic into libvirt NAT networks properly, so configure a host-only network -->
     <interface type="network">
-      <source network="routed"/>
+      <source network="{{ vm_network_hostnet_name }}"/>
       <model type="virtio"/>
       <alias name="ua-net-hostnet"/>
     </interface>
+    <!-- Routed networks require extra configuration to provide internet access, so provide a NATed secondary network interface instead -->
     <interface type="network">
-      <source network="default"/>
+      <source network="{{ vm_network_internet_name }}"/>
       <model type="virtio"/>
       <alias name="ua-net-internet"/>
     </interface>