Ansible: Add CIMC/IPMI/COBBLER

- added tasks and handlers for CIMC, IPMI, COBBLER
- allows provisioning of servers via COBBLER

Change-Id: I64080069260dabb8a6e3b648aeff12f109d3f7c2
Signed-off-by: Peter Mikus <pmikus@cisco.com>

7 files changed, 474 insertions, 0 deletions

diff --git a/resources/tools/testbed-setup/ansible/roles/cobbler/files/Dockerfile b/resources/tools/testbed-setup/ansible/roles/cobbler/files/Dockerfile
new file mode 100644
index 0000000000..8d70c0b495
--- /dev/null
+++ b/resources/tools/testbed-setup/ansible/roles/cobbler/files/Dockerfile
@@ -0,0 +1,96 @@
+# Copyright (c) 2019 Cisco and/or its affiliates.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM centos:7
+
+MAINTAINER csit-dev <csit-dev@lists.fd.io>
+LABEL Description="CSIT cobbler service image."
+LABEL Version="0.1"
+
+# Build arguments
+ARG cobbler_sys_pass
+ARG cobbler_web_pass
+ARG cobbler_ip_addr
+ARG cobbler_http_port=60080
+ARG cobbler_https_port=60443
+
+# Install dependencies
+RUN yum -y install epel-release \
+    && yum -y install \
+        cobbler \
+        cobbler-web \
+        fence-agents \
+        python-pip \
+        curl \
+        dhcp \
+        bind \
+        file \
+        debmirror \
+        net-tools \
+        rsync \
+        pykickstart \
+        supervisor \
+        wget \
+        which \
+    && yum clean all \
+    && rm -rf /var/cache/yum
+
+# Workaround for Cobbler 2.8.4 bug
+RUN pip2.7 install -U django==1.9.13
+
+# Copy CSIT configration
+COPY supervisord/supervisord.conf /etc/supervisord.conf
+COPY etc/cobbler/dhcp.template /etc/cobbler/dhcp.template
+COPY var/lib/cobbler/kickstarts/* /var/lib/cobbler/kickstarts/
+COPY etc/httpd/conf.d/cobbler_web.conf /etc/httpd/conf.d/cobbler_web.conf
+
+RUN sed -i \
+    -e "/^default_password_crypted/ s|:.*$|: \"${cobbler_sys_pass}\"|" \
+    -e "/^next_server:/ s/:.*$/: ${cobbler_ip_addr}/" \
+    -e "/^server/ s/:.*$/: ${cobbler_ip_addr}/" \
+    -e "/^http_port:/ s/:.*$/: ${cobbler_http_port}/" \
+    -e "/^pxe_just_once:/ s/:.*$/: 1/" \
+    -e "/^manage_dhcp:/ s/:.*$/: 1/" \
+    /etc/cobbler/settings \
+    && sed -i "s/service %s restart/supervisorctl restart %s/g" \
+    /usr/lib/python2.7/site-packages/cobbler/modules/sync_post_restart_services.py \
+    && sed -i "s/Listen 80/Listen ${cobbler_http_port}/g" \
+    /etc/httpd/conf/httpd.conf \
+    && sed -i "s/Listen 443 https/Listen ${cobbler_https_port} https/g" \
+    /etc/httpd/conf.d/ssl.conf
+
+# Change Cobbler WEB password
+RUN echo -n "cobbler:Cobbler:${cobbler_web_pass}" \
+    | md5sum \
+    | cut -d' ' -f1 \
+    | xargs printf "%s:%s:%s\n" cobbler Cobbler  > "/etc/cobbler/users.digest"
+
+# Create Cobbler directories
+RUN mkdir -p /var/lib/cobbler/config/distros.d \
+    && mkdir -p /var/lib/cobbler/config/files.d \
+    && mkdir -p /var/lib/cobbler/config/images.d \
+    && mkdir -p /var/lib/cobbler/config/mgmtclasses.d \
+    && mkdir -p /var/lib/cobbler/config/packages.d \
+    && mkdir -p /var/lib/cobbler/config/profiles.d \
+    && mkdir -p /var/lib/cobbler/config/repos.d \
+    && mkdir -p /var/lib/cobbler/config/systems.d \
+    && mkdir -p /var/www/cobbler/links/ \
+    && touch /usr/share/cobbler/web/cobbler.wsgi
+
+# Expose TFTP WWW COBBLER
+EXPOSE 69
+EXPOSE $cobbler_http_port
+EXPOSE $cobbler_https_port
+EXPOSE 25151
+
+ENTRYPOINT /usr/bin/supervisord -c /etc/supervisord.conf
diff --git a/resources/tools/testbed-setup/ansible/roles/cobbler/files/etc/cobbler/dhcp.template b/resources/tools/testbed-setup/ansible/roles/cobbler/files/etc/cobbler/dhcp.template
new file mode 100644
index 0000000000..cf2fbdfe34
--- /dev/null
+++ b/resources/tools/testbed-setup/ansible/roles/cobbler/files/etc/cobbler/dhcp.template
@@ -0,0 +1,86 @@
+# ******************************************************************
+# Cobbler managed dhcpd.conf file
+#
+# generated from cobbler dhcp.conf template ($date)
+# Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes
+# in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be
+# overwritten.
+#
+# ******************************************************************
+
+ddns-update-style interim;
+
+allow booting;
+allow bootp;
+
+ignore client-updates;
+set vendorclass = option vendor-class-identifier;
+
+option pxe-system-type code 93 = unsigned integer 16;
+
+subnet 10.30.51.0 netmask 255.255.255.0 {
+     option routers             10.30.51.1;
+     option domain-name         "linuxfoundation.org";
+     option domain-name-servers 199.204.44.24, 199.204.47.54;
+     option subnet-mask         255.255.255.0;
+     range dynamic-bootp        10.30.51.2 10.30.51.254;
+     default-lease-time         600;
+     max-lease-time             7200;
+     next-server                $next_server;
+     class "pxeclients" {
+          match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
+          if option pxe-system-type = 00:02 {
+                  filename "ia64/elilo.efi";
+          } else if option pxe-system-type = 00:06 {
+                  filename "grub/grub-x86.efi";
+          } else if option pxe-system-type = 00:07 {
+                  filename "grub/grub-x86_64.efi";
+          } else {
+                  filename "pxelinux.0";
+          }
+     }
+}
+
+#for dhcp_tag in $dhcp_tags.keys():
+    ## group could be subnet if your dhcp tags line up with your subnets
+    ## or really any valid dhcpd.conf construct ... if you only use the
+    ## default dhcp tag in cobbler, the group block can be deleted for a
+    ## flat configuration
+# group for Cobbler DHCP tag: $dhcp_tag
+group {
+        #for mac in $dhcp_tags[$dhcp_tag].keys():
+            #set iface = $dhcp_tags[$dhcp_tag][$mac]
+    host $iface.name {
+        hardware ethernet $mac;
+        #if $iface.ip_address:
+        fixed-address $iface.ip_address;
+        #end if
+        #if $iface.hostname:
+        option host-name "$iface.hostname";
+        #end if
+        #if $iface.netmask:
+        option subnet-mask $iface.netmask;
+        #end if
+        #if $iface.gateway:
+        option routers $iface.gateway;
+        #end if
+        #if $iface.enable_gpxe:
+        if exists user-class and option user-class = "gPXE" {
+            filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
+        } else if exists user-class and option user-class = "iPXE" {
+            filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
+        } else {
+            filename "undionly.kpxe";
+        }
+        #else
+        filename "$iface.filename";
+        #end if
+        ## Cobbler defaults to $next_server, but some users
+        ## may like to use $iface.system.server for proxied setups
+        next-server $next_server;
+        ## next-server $iface.next_server;
+    }
+        #end for
+}
+#end for
+
diff --git a/resources/tools/testbed-setup/ansible/roles/cobbler/files/etc/httpd/conf.d/cobbler_web.conf b/resources/tools/testbed-setup/ansible/roles/cobbler/files/etc/httpd/conf.d/cobbler_web.conf
new file mode 100644
index 0000000000..8b0f9863c1
--- /dev/null
+++ b/resources/tools/testbed-setup/ansible/roles/cobbler/files/etc/httpd/conf.d/cobbler_web.conf
@@ -0,0 +1,33 @@
+# This configuration file enables the cobbler web
+# interface (django version)
+
+<Directory "/usr/share/cobbler/web/">
+        SetEnv VIRTUALENV
+        Options Indexes MultiViews
+        AllowOverride None
+        Order allow,deny
+        Allow from all
+</Directory>
+
+<Directory "/var/www/cobbler_webui_content/">
+        Options +Indexes +FollowSymLinks
+        AllowOverride None
+        Order allow,deny
+        Allow from all
+</Directory>
+
+# Use separate process group for wsgi
+WSGISocketPrefix /var/run/wsgi
+WSGIScriptAlias /cobbler_web /usr/share/cobbler/web/cobbler.wsgi
+WSGIDaemonProcess cobbler_web display-name=%{GROUP}
+WSGIProcessGroup cobbler_web
+WSGIPassAuthorization On
+
+<IfVersion >= 2.4>
+    <Location /cobbler_web>
+        Require all granted
+    </Location>
+    <Location /cobbler_webui_content>
+        Require all granted
+    </Location>
+</IfVersion>
diff --git a/resources/tools/testbed-setup/ansible/roles/cobbler/files/supervisord/supervisord.conf b/resources/tools/testbed-setup/ansible/roles/cobbler/files/supervisord/supervisord.conf
new file mode 100644
index 0000000000..4ac5af8f99
--- /dev/null
+++ b/resources/tools/testbed-setup/ansible/roles/cobbler/files/supervisord/supervisord.conf
@@ -0,0 +1,42 @@
+[unix_http_server]
+file=/run/supervisor.sock
+
+[supervisord]
+pidfile=/var/run/supervisord.pid
+identifier=supervisor
+directory=/run
+logfile=/var/log/supervisord.log
+loglevel=debug
+nodaemon=true
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///run/supervisor.sock
+
+[program:cobblerd]
+command=/usr/bin/cobblerd -F
+stdout_logfile=/var/log/supervisord.log
+stderr_logfile=/var/log/supervisord.log
+
+[program:httpd]
+command=/usr/sbin/httpd -DFOREGROUND
+stdout_logfile=/var/log/supervisord.log
+stderr_logfile=/var/log/supervisord.log
+
+[program:tftpd]
+command=/usr/sbin/in.tftpd --foreground --verbose --user root --permissive --blocksize 1380 --address 0.0.0.0:69 --secure /var/lib/tftpboot
+stdout_logfile=/var/log/supervisord.log
+stderr_logfile=/var/log/supervisord.log
+
+[program:rsyncd]
+command=/usr/bin/rsync --no-detach --daemon --config /etc/rsyncd.conf
+stopsignal=QUIT
+stdout_logfile=/var/log/supervisord.log
+stderr_logfile=/var/log/supervisord.log
+
+[program:dhcpd]
+command=/usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid
+stdout_logfile=/var/log/supervisord.log
+stderr_logfile=/var/log/supervisord.log
diff --git a/resources/tools/testbed-setup/ansible/roles/cobbler/files/var/lib/cobbler/kickstarts/ubuntu-18.04.2-server-x86_64.seed b/resources/tools/testbed-setup/ansible/roles/cobbler/files/var/lib/cobbler/kickstarts/ubuntu-18.04.2-server-x86_64.seed
new file mode 100644
index 0000000000..250701232c
--- /dev/null
+++ b/resources/tools/testbed-setup/ansible/roles/cobbler/files/var/lib/cobbler/kickstarts/ubuntu-18.04.2-server-x86_64.seed
@@ -0,0 +1,137 @@
+#### Contents of the preconfiguration file (for Ubuntu 18.04 Server LTS)
+
+### Localization
+# Locale sets language and country.
+d-i debian-installer/locale string en_US
+d-i pkgsel/install-language-support boolean false
+# Keyboard selection.
+# Disable automatic (interactive) keymap detection.
+d-i console-setup/ask_detect boolean false
+d-i console-setup/layoutcode string us
+
+### Network configuration
+# netcfg will choose an interface that has link if possible. This makes it
+# skip displaying a list if there is more than one interface.
+d-i netcfg/choose_interface select auto
+# If you have a slow dhcp server and the installer times out waiting for
+# it, this might be useful.
+d-i netcfg/dhcp_timeout string 60
+# If you prefer to configure the network manually, uncomment this line and
+# the static network configuration below.
+#d-i netcfg/disable_dhcp boolean true
+# If you want the preconfiguration file to work on systems both with and
+# without a dhcp server, uncomment these lines and the static network
+# configuration below.
+d-i netcfg/dhcp_failed note
+#d-i netcfg/dhcp_options select Configure network manually
+# Static network configuration.
+#d-i netcfg/get_nameservers string 172.30.0.2
+#d-i netcfg/get_ipaddress string 172.30.15.42
+#d-i netcfg/get_netmask string 255.255.0.0
+#d-i netcfg/get_gateway string 172.30.0.1
+#d-i netcfg/confirm_static boolean true
+# Any hostname and domain names assigned from dhcp take precedence over
+# values set here. However, setting the values still prevents the questions
+# from being shown, even if values come from dhcp.
+d-i netcfg/get_hostname string unassigned-hostname
+d-i netcfg/get_domain string unassigned-domain
+# Disable WEP key dialog.
+d-i netcfg/wireless_wep string
+# Alternatively: by default, the installer uses CC.archive.ubuntu.com where
+# CC is the ISO-3166-2 code for the selected country. You can preseed this
+# so that it does so without asking.
+d-i mirror/http/mirror select us.archive.ubuntu.com
+
+### Mirror settings
+d-i live-installer/net-image string http://$http_server/cobbler/links/$distro_name/install/filesystem.squashfs
+
+### Clock and time zone setup
+# Controls whether or not the hardware clock is set to UTC.
+d-i clock-setup/utc boolean true
+# You may set this to any valid setting for $TZ; see the contents of
+# /usr/share/zoneinfo/ for valid values.
+d-i time/zone string America/Los_Angeles
+# Controls whether to use NTP to set the clock during the install
+d-i clock-setup/ntp boolean false
+
+### Partitioning
+## If the system has free space you can choose to only partition that space.
+# Alternatives: custom, some_device, some_device_crypto, some_device_lvm.
+d-i partman-auto/init_automatically_partition select some_device
+# Alternatively, you can specify a disk to partition. The device name must
+# be given in traditional non-devfs format.
+d-i partman-auto/disk string /dev/sda
+# In addition, you'll need to specify the method to use.
+# The presently available methods are: "regular", "lvm" and "crypto"
+d-i partman-auto/method string regular
+# If one of the disks that are going to be automatically partitioned
+# contains an old LVM configuration, the user will normally receive a
+# warning. This can be preseeded away...
+d-i partman-lvm/device_remove_lvm boolean true
+# The same applies to pre-existing software RAID array:
+d-i partman-md/device_remove_md boolean true
+# And the same goes for the confirmation to write the lvm partitions.
+d-i partman-lvm/confirm boolean true
+# You can choose one of the three predefined partitioning recipes:
+# - atomic: all files in one partition
+# - home:   separate /home partition
+# - multi:  separate /home, /usr, /var, and /tmp partitions
+d-i partman-auto/choose_recipe select atomic
+# If you just want to change the default filesystem from ext3 to something
+# else, you can do that without providing a full recipe.
+d-i partman/default_filesystem string ext4
+# This makes partman automatically partition without confirmation, provided
+# that you told it what to do using one of the methods above.
+d-i partman/confirm_write_new_label boolean true
+d-i partman/choose_partition select finish
+d-i partman/confirm boolean true
+d-i partman/confirm_nooverwrite boolean true
+
+### Account setup
+# Skip creation of a root account (normal user account will be able to
+# use sudo). The default is false; preseed this to true if you want to set
+# a root password.
+d-i passwd/root-login boolean false
+# Root password, either in clear text
+#d-i passwd/root-password password pass
+#d-i passwd/root-password-again password pass
+# or encrypted using an MD5 hash.
+#d-i passwd/root-password-crypted password f4f1d7b6738330f521de21da3f563bce
+# To create a normal user account.
+d-i passwd/user-fullname string testuser
+d-i passwd/username string testuser
+# Normal user's password, either in clear text
+d-i passwd/user-password password Csit1234
+d-i passwd/user-password-again password Csit1234
+# or encrypted using an MD5 hash.
+#d-i passwd/user-password-crypted password f4f1d7b6738330f521de21da3f563bce
+# The installer will warn about weak passwords. If you are sure you know
+# what you're doing and want to override it, uncomment this.
+d-i user-setup/allow-password-weak boolean true
+# Set to true if you want to encrypt the first user's home directory.
+d-i user-setup/encrypt-home boolean false
+
+### Package selection
+tasksel tasksel/first multiselect ubuntu-server
+# Individual additional packages to install
+d-i pkgsel/include string openssh-server python2.7
+# Whether to upgrade packages after debootstrap.
+# Allowed values: none, safe-upgrade, full-upgrade
+#d-i pkgsel/upgrade select none
+# Policy for applying updates. May be "none" (no automatic updates),
+# "unattended-upgrades" (install security updates automatically), or
+# "landscape" (manage system with Landscape).
+d-i pkgsel/update-policy select none
+
+### Boot loader installation
+d-i grub-installer/bootdev string default
+# This is fairly safe to set, it makes grub install automatically to the MBR
+# if no other operating system is detected on the machine.
+d-i grub-installer/only_debian boolean false
+# This one makes grub-installer install to the MBR if it also finds some other
+# OS, which is less safe as it might not be able to boot that other OS.
+d-i grub-installer/with_other_os boolean false
+
+### Finishing up the installation
+# Avoid that last message about the install being complete.
+d-i finish-install/reboot_in_progress note
diff --git a/resources/tools/testbed-setup/ansible/roles/cobbler/tasks/main.yaml b/resources/tools/testbed-setup/ansible/roles/cobbler/tasks/main.yaml
new file mode 100644
index 0000000000..f48a976ea1
--- /dev/null
+++ b/resources/tools/testbed-setup/ansible/roles/cobbler/tasks/main.yaml
@@ -0,0 +1,45 @@
+---
+# file: roles/cobbler/tasks/main.yaml
+
+- name: Sync the cobbler docker directory
+  synchronize:
+    src: 'files'
+    dest: '/home/{{ ansible_user }}/cobbler_docker'
+  register: __cobbler_image_built
+  tags: cobbler-build-image
+
+- name: Build the cobbler docker image
+  docker_image:
+     path: '/home/{{ ansible_user }}/cobbler_docker/files'
+     name: 'csit/cobbler'
+     buildargs:
+       cobbler_pass: '{{ cobbler_pass }}'
+       cobbler_web_pass: '{{ cobbler_password }}'
+       cobbler_ip_addr: '{{ inventory_hostname }}'
+  when: __cobbler_image_built
+  tags: cobbler-build-image
+
+- name: Run Cobbler image
+  docker_container:
+    name: 'cobbler'
+    image: 'csit/cobbler'
+    network_mode: 'host'
+    volumes:
+      - '/mnt:/mnt:ro'
+  register: __cobbler_image_running
+  tags: cobbler-run-image
+
+- name: Run cobbler setup get-loaders
+  command: 'docker exec -i cobbler cobbler get-loaders'
+  when: __cobbler_image_running
+  tags: cobbler-run-image
+
+- name: Run cobbler setup sync
+  command: 'docker exec -i cobbler cobbler sync'
+  when: __cobbler_image_running
+  tags: cobbler-run-image
+
+- name: Add Ubuntu 18.04.2 Server x86_64 to cobbler
+  include_tasks: 'ubuntu-18.04.2-server-x86_64.yaml'
+  when: __cobbler_image_running
+  tags: cobbler-run-image
diff --git a/resources/tools/testbed-setup/ansible/roles/cobbler/tasks/ubuntu-18.04.2-server-x86_64.yaml b/resources/tools/testbed-setup/ansible/roles/cobbler/tasks/ubuntu-18.04.2-server-x86_64.yaml
new file mode 100644
index 0000000000..2c89234de2
--- /dev/null
+++ b/resources/tools/testbed-setup/ansible/roles/cobbler/tasks/ubuntu-18.04.2-server-x86_64.yaml
@@ -0,0 +1,35 @@
+---
+# file: roles/cobbler/tasks/ubuntu-18.04.2-server-x86_64.yaml
+
+- name: Download Ubuntu 18.04.2 Server x86_64 with check (sha256)
+  get_url:
+    url: 'http://cdimage.ubuntu.com/ubuntu/releases/18.04/release/ubuntu-18.04.2-server-amd64.iso'
+    dest: '/mnt/ubuntu-18.04.2-server-amd64.iso'
+    checksum: 'sha256:a2cb36dc010d98ad9253ea5ad5a07fd6b409e3412c48f1860536970b073c98f5'
+  register: __iso_downloaded
+  tags: cobbler-import-image
+
+- name: Create directory for Ubuntu 18.04.2 Server x86_64 mount
+  file:
+    path: '/mnt/ubuntu-18.04.2-server-x86_64'
+    state: 'directory'
+  register: __mount_directory_created
+  tags: cobbler-import-image
+
+- name: Mount Ubuntu 18.04.2 Server x86_64 iso
+  mount:
+    src: '/mnt/ubuntu-18.04.2-server-amd64.iso'
+    path: '/mnt/ubuntu-18.04.2-server-x86_64'
+    fstype: 'iso9660'
+    opts: 'ro,loop'
+    state: mounted
+  when: __iso_downloaded and __mount_directory_created
+  tags: cobbler-import-image
+
+- name: Run cobbler distro import for Ubuntu 18.04.2 Server x86_64
+  command: |
+      docker exec -i cobbler cobbler import
+      --path=/mnt/ubuntu-18.04.2-server-x86_64
+      --name=ubuntu-18.04.2-server-x86_64
+      --kickstart=/var/lib/cobbler/kickstarts/ubuntu-18.04.2-server-x86_64.seed
+  tags: cobbler-import-image