diff options
author | Peter Mikus <pmikus@cisco.com> | 2019-02-23 16:27:07 +0000 |
---|---|---|
committer | Peter Mikus <pmikus@cisco.com> | 2019-05-22 09:30:11 +0000 |
commit | 04ea580e111ddf5be6101be1fbfe9fde56f1a214 (patch) | |
tree | 09247ed50f1da5e09b79dcf41a05b38afeaa4ee2 /resources/tools/testbed-setup/ansible/roles/cobbler | |
parent | c6cd03e08d9429168b0e183b8dcbce991112f279 (diff) |
Ansible: Add CIMC/IPMI/COBBLER
- added tasks and handlers for CIMC, IPMI, COBBLER
- allows provisioning of servers via COBBLER
Change-Id: I64080069260dabb8a6e3b648aeff12f109d3f7c2
Signed-off-by: Peter Mikus <pmikus@cisco.com>
Diffstat (limited to 'resources/tools/testbed-setup/ansible/roles/cobbler')
7 files changed, 474 insertions, 0 deletions
diff --git a/resources/tools/testbed-setup/ansible/roles/cobbler/files/Dockerfile b/resources/tools/testbed-setup/ansible/roles/cobbler/files/Dockerfile new file mode 100644 index 0000000000..8d70c0b495 --- /dev/null +++ b/resources/tools/testbed-setup/ansible/roles/cobbler/files/Dockerfile @@ -0,0 +1,96 @@ +# Copyright (c) 2019 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM centos:7 + +MAINTAINER csit-dev <csit-dev@lists.fd.io> +LABEL Description="CSIT cobbler service image." +LABEL Version="0.1" + +# Build arguments +ARG cobbler_sys_pass +ARG cobbler_web_pass +ARG cobbler_ip_addr +ARG cobbler_http_port=60080 +ARG cobbler_https_port=60443 + +# Install dependencies +RUN yum -y install epel-release \ + && yum -y install \ + cobbler \ + cobbler-web \ + fence-agents \ + python-pip \ + curl \ + dhcp \ + bind \ + file \ + debmirror \ + net-tools \ + rsync \ + pykickstart \ + supervisor \ + wget \ + which \ + && yum clean all \ + && rm -rf /var/cache/yum + +# Workaround for Cobbler 2.8.4 bug +RUN pip2.7 install -U django==1.9.13 + +# Copy CSIT configration +COPY supervisord/supervisord.conf /etc/supervisord.conf +COPY etc/cobbler/dhcp.template /etc/cobbler/dhcp.template +COPY var/lib/cobbler/kickstarts/* /var/lib/cobbler/kickstarts/ +COPY etc/httpd/conf.d/cobbler_web.conf /etc/httpd/conf.d/cobbler_web.conf + +RUN sed -i \ + -e "/^default_password_crypted/ s|:.*$|: \"${cobbler_sys_pass}\"|" \ + -e "/^next_server:/ s/:.*$/: ${cobbler_ip_addr}/" \ + -e "/^server/ s/:.*$/: ${cobbler_ip_addr}/" \ + -e "/^http_port:/ s/:.*$/: ${cobbler_http_port}/" \ + -e "/^pxe_just_once:/ s/:.*$/: 1/" \ + -e "/^manage_dhcp:/ s/:.*$/: 1/" \ + /etc/cobbler/settings \ + && sed -i "s/service %s restart/supervisorctl restart %s/g" \ + /usr/lib/python2.7/site-packages/cobbler/modules/sync_post_restart_services.py \ + && sed -i "s/Listen 80/Listen ${cobbler_http_port}/g" \ + /etc/httpd/conf/httpd.conf \ + && sed -i "s/Listen 443 https/Listen ${cobbler_https_port} https/g" \ + /etc/httpd/conf.d/ssl.conf + +# Change Cobbler WEB password +RUN echo -n "cobbler:Cobbler:${cobbler_web_pass}" \ + | md5sum \ + | cut -d' ' -f1 \ + | xargs printf "%s:%s:%s\n" cobbler Cobbler > "/etc/cobbler/users.digest" + +# Create Cobbler directories +RUN mkdir -p /var/lib/cobbler/config/distros.d \ + && mkdir -p /var/lib/cobbler/config/files.d \ + && mkdir -p /var/lib/cobbler/config/images.d \ + && mkdir -p /var/lib/cobbler/config/mgmtclasses.d \ + && mkdir -p /var/lib/cobbler/config/packages.d \ + && mkdir -p /var/lib/cobbler/config/profiles.d \ + && mkdir -p /var/lib/cobbler/config/repos.d \ + && mkdir -p /var/lib/cobbler/config/systems.d \ + && mkdir -p /var/www/cobbler/links/ \ + && touch /usr/share/cobbler/web/cobbler.wsgi + +# Expose TFTP WWW COBBLER +EXPOSE 69 +EXPOSE $cobbler_http_port +EXPOSE $cobbler_https_port +EXPOSE 25151 + +ENTRYPOINT /usr/bin/supervisord -c /etc/supervisord.conf diff --git a/resources/tools/testbed-setup/ansible/roles/cobbler/files/etc/cobbler/dhcp.template b/resources/tools/testbed-setup/ansible/roles/cobbler/files/etc/cobbler/dhcp.template new file mode 100644 index 0000000000..cf2fbdfe34 --- /dev/null +++ b/resources/tools/testbed-setup/ansible/roles/cobbler/files/etc/cobbler/dhcp.template @@ -0,0 +1,86 @@ +# ****************************************************************** +# Cobbler managed dhcpd.conf file +# +# generated from cobbler dhcp.conf template ($date) +# Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes +# in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be +# overwritten. +# +# ****************************************************************** + +ddns-update-style interim; + +allow booting; +allow bootp; + +ignore client-updates; +set vendorclass = option vendor-class-identifier; + +option pxe-system-type code 93 = unsigned integer 16; + +subnet 10.30.51.0 netmask 255.255.255.0 { + option routers 10.30.51.1; + option domain-name "linuxfoundation.org"; + option domain-name-servers 199.204.44.24, 199.204.47.54; + option subnet-mask 255.255.255.0; + range dynamic-bootp 10.30.51.2 10.30.51.254; + default-lease-time 600; + max-lease-time 7200; + next-server $next_server; + class "pxeclients" { + match if substring (option vendor-class-identifier, 0, 9) = "PXEClient"; + if option pxe-system-type = 00:02 { + filename "ia64/elilo.efi"; + } else if option pxe-system-type = 00:06 { + filename "grub/grub-x86.efi"; + } else if option pxe-system-type = 00:07 { + filename "grub/grub-x86_64.efi"; + } else { + filename "pxelinux.0"; + } + } +} + +#for dhcp_tag in $dhcp_tags.keys(): + ## group could be subnet if your dhcp tags line up with your subnets + ## or really any valid dhcpd.conf construct ... if you only use the + ## default dhcp tag in cobbler, the group block can be deleted for a + ## flat configuration +# group for Cobbler DHCP tag: $dhcp_tag +group { + #for mac in $dhcp_tags[$dhcp_tag].keys(): + #set iface = $dhcp_tags[$dhcp_tag][$mac] + host $iface.name { + hardware ethernet $mac; + #if $iface.ip_address: + fixed-address $iface.ip_address; + #end if + #if $iface.hostname: + option host-name "$iface.hostname"; + #end if + #if $iface.netmask: + option subnet-mask $iface.netmask; + #end if + #if $iface.gateway: + option routers $iface.gateway; + #end if + #if $iface.enable_gpxe: + if exists user-class and option user-class = "gPXE" { + filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner"; + } else if exists user-class and option user-class = "iPXE" { + filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner"; + } else { + filename "undionly.kpxe"; + } + #else + filename "$iface.filename"; + #end if + ## Cobbler defaults to $next_server, but some users + ## may like to use $iface.system.server for proxied setups + next-server $next_server; + ## next-server $iface.next_server; + } + #end for +} +#end for + diff --git a/resources/tools/testbed-setup/ansible/roles/cobbler/files/etc/httpd/conf.d/cobbler_web.conf b/resources/tools/testbed-setup/ansible/roles/cobbler/files/etc/httpd/conf.d/cobbler_web.conf new file mode 100644 index 0000000000..8b0f9863c1 --- /dev/null +++ b/resources/tools/testbed-setup/ansible/roles/cobbler/files/etc/httpd/conf.d/cobbler_web.conf @@ -0,0 +1,33 @@ +# This configuration file enables the cobbler web +# interface (django version) + +<Directory "/usr/share/cobbler/web/"> + SetEnv VIRTUALENV + Options Indexes MultiViews + AllowOverride None + Order allow,deny + Allow from all +</Directory> + +<Directory "/var/www/cobbler_webui_content/"> + Options +Indexes +FollowSymLinks + AllowOverride None + Order allow,deny + Allow from all +</Directory> + +# Use separate process group for wsgi +WSGISocketPrefix /var/run/wsgi +WSGIScriptAlias /cobbler_web /usr/share/cobbler/web/cobbler.wsgi +WSGIDaemonProcess cobbler_web display-name=%{GROUP} +WSGIProcessGroup cobbler_web +WSGIPassAuthorization On + +<IfVersion >= 2.4> + <Location /cobbler_web> + Require all granted + </Location> + <Location /cobbler_webui_content> + Require all granted + </Location> +</IfVersion> diff --git a/resources/tools/testbed-setup/ansible/roles/cobbler/files/supervisord/supervisord.conf b/resources/tools/testbed-setup/ansible/roles/cobbler/files/supervisord/supervisord.conf new file mode 100644 index 0000000000..4ac5af8f99 --- /dev/null +++ b/resources/tools/testbed-setup/ansible/roles/cobbler/files/supervisord/supervisord.conf @@ -0,0 +1,42 @@ +[unix_http_server] +file=/run/supervisor.sock + +[supervisord] +pidfile=/var/run/supervisord.pid +identifier=supervisor +directory=/run +logfile=/var/log/supervisord.log +loglevel=debug +nodaemon=true + +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + +[supervisorctl] +serverurl=unix:///run/supervisor.sock + +[program:cobblerd] +command=/usr/bin/cobblerd -F +stdout_logfile=/var/log/supervisord.log +stderr_logfile=/var/log/supervisord.log + +[program:httpd] +command=/usr/sbin/httpd -DFOREGROUND +stdout_logfile=/var/log/supervisord.log +stderr_logfile=/var/log/supervisord.log + +[program:tftpd] +command=/usr/sbin/in.tftpd --foreground --verbose --user root --permissive --blocksize 1380 --address 0.0.0.0:69 --secure /var/lib/tftpboot +stdout_logfile=/var/log/supervisord.log +stderr_logfile=/var/log/supervisord.log + +[program:rsyncd] +command=/usr/bin/rsync --no-detach --daemon --config /etc/rsyncd.conf +stopsignal=QUIT +stdout_logfile=/var/log/supervisord.log +stderr_logfile=/var/log/supervisord.log + +[program:dhcpd] +command=/usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid +stdout_logfile=/var/log/supervisord.log +stderr_logfile=/var/log/supervisord.log diff --git a/resources/tools/testbed-setup/ansible/roles/cobbler/files/var/lib/cobbler/kickstarts/ubuntu-18.04.2-server-x86_64.seed b/resources/tools/testbed-setup/ansible/roles/cobbler/files/var/lib/cobbler/kickstarts/ubuntu-18.04.2-server-x86_64.seed new file mode 100644 index 0000000000..250701232c --- /dev/null +++ b/resources/tools/testbed-setup/ansible/roles/cobbler/files/var/lib/cobbler/kickstarts/ubuntu-18.04.2-server-x86_64.seed @@ -0,0 +1,137 @@ +#### Contents of the preconfiguration file (for Ubuntu 18.04 Server LTS) + +### Localization +# Locale sets language and country. +d-i debian-installer/locale string en_US +d-i pkgsel/install-language-support boolean false +# Keyboard selection. +# Disable automatic (interactive) keymap detection. +d-i console-setup/ask_detect boolean false +d-i console-setup/layoutcode string us + +### Network configuration +# netcfg will choose an interface that has link if possible. This makes it +# skip displaying a list if there is more than one interface. +d-i netcfg/choose_interface select auto +# If you have a slow dhcp server and the installer times out waiting for +# it, this might be useful. +d-i netcfg/dhcp_timeout string 60 +# If you prefer to configure the network manually, uncomment this line and +# the static network configuration below. +#d-i netcfg/disable_dhcp boolean true +# If you want the preconfiguration file to work on systems both with and +# without a dhcp server, uncomment these lines and the static network +# configuration below. +d-i netcfg/dhcp_failed note +#d-i netcfg/dhcp_options select Configure network manually +# Static network configuration. +#d-i netcfg/get_nameservers string 172.30.0.2 +#d-i netcfg/get_ipaddress string 172.30.15.42 +#d-i netcfg/get_netmask string 255.255.0.0 +#d-i netcfg/get_gateway string 172.30.0.1 +#d-i netcfg/confirm_static boolean true +# Any hostname and domain names assigned from dhcp take precedence over +# values set here. However, setting the values still prevents the questions +# from being shown, even if values come from dhcp. +d-i netcfg/get_hostname string unassigned-hostname +d-i netcfg/get_domain string unassigned-domain +# Disable WEP key dialog. +d-i netcfg/wireless_wep string +# Alternatively: by default, the installer uses CC.archive.ubuntu.com where +# CC is the ISO-3166-2 code for the selected country. You can preseed this +# so that it does so without asking. +d-i mirror/http/mirror select us.archive.ubuntu.com + +### Mirror settings +d-i live-installer/net-image string http://$http_server/cobbler/links/$distro_name/install/filesystem.squashfs + +### Clock and time zone setup +# Controls whether or not the hardware clock is set to UTC. +d-i clock-setup/utc boolean true +# You may set this to any valid setting for $TZ; see the contents of +# /usr/share/zoneinfo/ for valid values. +d-i time/zone string America/Los_Angeles +# Controls whether to use NTP to set the clock during the install +d-i clock-setup/ntp boolean false + +### Partitioning +## If the system has free space you can choose to only partition that space. +# Alternatives: custom, some_device, some_device_crypto, some_device_lvm. +d-i partman-auto/init_automatically_partition select some_device +# Alternatively, you can specify a disk to partition. The device name must +# be given in traditional non-devfs format. +d-i partman-auto/disk string /dev/sda +# In addition, you'll need to specify the method to use. +# The presently available methods are: "regular", "lvm" and "crypto" +d-i partman-auto/method string regular +# If one of the disks that are going to be automatically partitioned +# contains an old LVM configuration, the user will normally receive a +# warning. This can be preseeded away... +d-i partman-lvm/device_remove_lvm boolean true +# The same applies to pre-existing software RAID array: +d-i partman-md/device_remove_md boolean true +# And the same goes for the confirmation to write the lvm partitions. +d-i partman-lvm/confirm boolean true +# You can choose one of the three predefined partitioning recipes: +# - atomic: all files in one partition +# - home: separate /home partition +# - multi: separate /home, /usr, /var, and /tmp partitions +d-i partman-auto/choose_recipe select atomic +# If you just want to change the default filesystem from ext3 to something +# else, you can do that without providing a full recipe. +d-i partman/default_filesystem string ext4 +# This makes partman automatically partition without confirmation, provided +# that you told it what to do using one of the methods above. +d-i partman/confirm_write_new_label boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true + +### Account setup +# Skip creation of a root account (normal user account will be able to +# use sudo). The default is false; preseed this to true if you want to set +# a root password. +d-i passwd/root-login boolean false +# Root password, either in clear text +#d-i passwd/root-password password pass +#d-i passwd/root-password-again password pass +# or encrypted using an MD5 hash. +#d-i passwd/root-password-crypted password f4f1d7b6738330f521de21da3f563bce +# To create a normal user account. +d-i passwd/user-fullname string testuser +d-i passwd/username string testuser +# Normal user's password, either in clear text +d-i passwd/user-password password Csit1234 +d-i passwd/user-password-again password Csit1234 +# or encrypted using an MD5 hash. +#d-i passwd/user-password-crypted password f4f1d7b6738330f521de21da3f563bce +# The installer will warn about weak passwords. If you are sure you know +# what you're doing and want to override it, uncomment this. +d-i user-setup/allow-password-weak boolean true +# Set to true if you want to encrypt the first user's home directory. +d-i user-setup/encrypt-home boolean false + +### Package selection +tasksel tasksel/first multiselect ubuntu-server +# Individual additional packages to install +d-i pkgsel/include string openssh-server python2.7 +# Whether to upgrade packages after debootstrap. +# Allowed values: none, safe-upgrade, full-upgrade +#d-i pkgsel/upgrade select none +# Policy for applying updates. May be "none" (no automatic updates), +# "unattended-upgrades" (install security updates automatically), or +# "landscape" (manage system with Landscape). +d-i pkgsel/update-policy select none + +### Boot loader installation +d-i grub-installer/bootdev string default +# This is fairly safe to set, it makes grub install automatically to the MBR +# if no other operating system is detected on the machine. +d-i grub-installer/only_debian boolean false +# This one makes grub-installer install to the MBR if it also finds some other +# OS, which is less safe as it might not be able to boot that other OS. +d-i grub-installer/with_other_os boolean false + +### Finishing up the installation +# Avoid that last message about the install being complete. +d-i finish-install/reboot_in_progress note diff --git a/resources/tools/testbed-setup/ansible/roles/cobbler/tasks/main.yaml b/resources/tools/testbed-setup/ansible/roles/cobbler/tasks/main.yaml new file mode 100644 index 0000000000..f48a976ea1 --- /dev/null +++ b/resources/tools/testbed-setup/ansible/roles/cobbler/tasks/main.yaml @@ -0,0 +1,45 @@ +--- +# file: roles/cobbler/tasks/main.yaml + +- name: Sync the cobbler docker directory + synchronize: + src: 'files' + dest: '/home/{{ ansible_user }}/cobbler_docker' + register: __cobbler_image_built + tags: cobbler-build-image + +- name: Build the cobbler docker image + docker_image: + path: '/home/{{ ansible_user }}/cobbler_docker/files' + name: 'csit/cobbler' + buildargs: + cobbler_pass: '{{ cobbler_pass }}' + cobbler_web_pass: '{{ cobbler_password }}' + cobbler_ip_addr: '{{ inventory_hostname }}' + when: __cobbler_image_built + tags: cobbler-build-image + +- name: Run Cobbler image + docker_container: + name: 'cobbler' + image: 'csit/cobbler' + network_mode: 'host' + volumes: + - '/mnt:/mnt:ro' + register: __cobbler_image_running + tags: cobbler-run-image + +- name: Run cobbler setup get-loaders + command: 'docker exec -i cobbler cobbler get-loaders' + when: __cobbler_image_running + tags: cobbler-run-image + +- name: Run cobbler setup sync + command: 'docker exec -i cobbler cobbler sync' + when: __cobbler_image_running + tags: cobbler-run-image + +- name: Add Ubuntu 18.04.2 Server x86_64 to cobbler + include_tasks: 'ubuntu-18.04.2-server-x86_64.yaml' + when: __cobbler_image_running + tags: cobbler-run-image diff --git a/resources/tools/testbed-setup/ansible/roles/cobbler/tasks/ubuntu-18.04.2-server-x86_64.yaml b/resources/tools/testbed-setup/ansible/roles/cobbler/tasks/ubuntu-18.04.2-server-x86_64.yaml new file mode 100644 index 0000000000..2c89234de2 --- /dev/null +++ b/resources/tools/testbed-setup/ansible/roles/cobbler/tasks/ubuntu-18.04.2-server-x86_64.yaml @@ -0,0 +1,35 @@ +--- +# file: roles/cobbler/tasks/ubuntu-18.04.2-server-x86_64.yaml + +- name: Download Ubuntu 18.04.2 Server x86_64 with check (sha256) + get_url: + url: 'http://cdimage.ubuntu.com/ubuntu/releases/18.04/release/ubuntu-18.04.2-server-amd64.iso' + dest: '/mnt/ubuntu-18.04.2-server-amd64.iso' + checksum: 'sha256:a2cb36dc010d98ad9253ea5ad5a07fd6b409e3412c48f1860536970b073c98f5' + register: __iso_downloaded + tags: cobbler-import-image + +- name: Create directory for Ubuntu 18.04.2 Server x86_64 mount + file: + path: '/mnt/ubuntu-18.04.2-server-x86_64' + state: 'directory' + register: __mount_directory_created + tags: cobbler-import-image + +- name: Mount Ubuntu 18.04.2 Server x86_64 iso + mount: + src: '/mnt/ubuntu-18.04.2-server-amd64.iso' + path: '/mnt/ubuntu-18.04.2-server-x86_64' + fstype: 'iso9660' + opts: 'ro,loop' + state: mounted + when: __iso_downloaded and __mount_directory_created + tags: cobbler-import-image + +- name: Run cobbler distro import for Ubuntu 18.04.2 Server x86_64 + command: | + docker exec -i cobbler cobbler import + --path=/mnt/ubuntu-18.04.2-server-x86_64 + --name=ubuntu-18.04.2-server-x86_64 + --kickstart=/var/lib/cobbler/kickstarts/ubuntu-18.04.2-server-x86_64.seed + tags: cobbler-import-image |