From 91b2e826e066ca3e4ff43d191dc665709c182408 Mon Sep 17 00:00:00 2001 From: Andrew Schoen Date: Thu, 9 Apr 2015 16:43:45 -0500 Subject: [PATCH] Adds a new cobbler role. All this does currently is upload some of the custom templates we've built. We should come back later and create the profiles and install cobbler, etc. Signed-off-by: Andrew Schoen --- cobbler.yml | 4 + roles/cobbler/tasks/main.yml | 40 ++++++ .../templates/kickstarts/cephlab_rhel.ks | 82 +++++++++++++ .../kickstarts/cephlab_trusty.preseed | 114 ++++++++++++++++++ .../templates/scripts/cephlab_preseed_late | 14 +++ .../snippets/cephlab_apt-mirror_hack | 2 + .../templates/snippets/cephlab_hostname | 3 + .../templates/snippets/cephlab_packages_rhel | 3 + roles/cobbler/templates/snippets/cephlab_user | 25 ++++ 9 files changed, 287 insertions(+) create mode 100644 cobbler.yml create mode 100644 roles/cobbler/tasks/main.yml create mode 100644 roles/cobbler/templates/kickstarts/cephlab_rhel.ks create mode 100755 roles/cobbler/templates/kickstarts/cephlab_trusty.preseed create mode 100644 roles/cobbler/templates/scripts/cephlab_preseed_late create mode 100755 roles/cobbler/templates/snippets/cephlab_apt-mirror_hack create mode 100644 roles/cobbler/templates/snippets/cephlab_hostname create mode 100644 roles/cobbler/templates/snippets/cephlab_packages_rhel create mode 100644 roles/cobbler/templates/snippets/cephlab_user diff --git a/cobbler.yml b/cobbler.yml new file mode 100644 index 0000000..df5ec80 --- /dev/null +++ b/cobbler.yml @@ -0,0 +1,4 @@ +--- +- hosts: cobbler + roles: + - cobbler diff --git a/roles/cobbler/tasks/main.yml b/roles/cobbler/tasks/main.yml new file mode 100644 index 0000000..d9a16c2 --- /dev/null +++ b/roles/cobbler/tasks/main.yml @@ -0,0 +1,40 @@ +--- +- name: Upload kickstarts and preseeds. + template: + src: "kickstarts/{{ item }}" + dest: "/var/lib/cobbler/kickstarts/{{ item }}" + owner: root + group: root + mode: 0644 + with_items: + - cephlab_trusty.preseed + - cephlab_rhel.ks + tags: + - kickstarts + +- name: Upload snippets + template: + src: "snippets/{{ item }}" + dest: "/var/lib/cobbler/snippets/{{ item }}" + owner: root + group: root + mode: 0644 + with_items: + - cephlab_user + - cephlab_hostname + - cephlab_apt-mirror_hack + - cephlab_packages_rhel + tags: + - snippets + +- name: Upload scripts. + template: + src: "scripts/{{ item }}" + dest: "/var/lib/cobbler/scripts/{{ item }}" + owner: root + group: root + mode: 0644 + with_items: + - cephlab_preseed_late + tags: + - scripts diff --git a/roles/cobbler/templates/kickstarts/cephlab_rhel.ks b/roles/cobbler/templates/kickstarts/cephlab_rhel.ks new file mode 100644 index 0000000..587cf5b --- /dev/null +++ b/roles/cobbler/templates/kickstarts/cephlab_rhel.ks @@ -0,0 +1,82 @@ +## {{ ansible_managed }} +# kickstart template for Fedora 8 and later. +# (includes %end blocks) +# do not use with earlier distros + +#platform=x86, AMD64, or Intel EM64T +# System authorization information +auth --useshadow --enablemd5 +# System bootloader configuration +bootloader --location=mbr +# Partition clearing information +clearpart --all --initlabel +# Use text mode install +text +# Firewall configuration +firewall --enabled +# Run the Setup Agent on first boot +firstboot --disable +# System keyboard +keyboard us +# System language +lang en_US +# Use network installation +url --url=$tree +# If any cobbler repo definitions were referenced in the kickstart profile, include them here. +$yum_repo_stanza +# Network information +network --bootproto=dhcp --device=eth0 --onboot=on +# Reboot after installation +reboot + +#Root password +rootpw --iscrypted $default_password_crypted +# SELinux configuration +selinux --disabled +# Do not configure the X Window System +skipx +# System timezone +timezone America/New_York +# Install OS instead of upgrade +install +# Clear the Master Boot Record +zerombr +# Allow anaconda to partition the system as needed +autopart + +%pre +$SNIPPET('log_ks_pre') +$SNIPPET('kickstart_start') +# Enable installation monitoring +$SNIPPET('pre_anamon') +%end + +%packages +$SNIPPET('cephlab_packages_rhel') +$SNIPPET('func_install_if_enabled') +%end + +%post --nochroot +$SNIPPET('log_ks_post_nochroot') +%end + +%post +$SNIPPET('log_ks_post') +# Start yum configuration +$yum_config_stanza +# End yum configuration +$SNIPPET('post_install_kernel_options') +$SNIPPET('func_register_if_enabled') +$SNIPPET('download_config_files') +$SNIPPET('koan_environment') +$SNIPPET('redhat_register') +$SNIPPET('cobbler_register') +# Enable post-install boot notification +$SNIPPET('post_anamon') +# Start final steps +$SNIPPET('cephlab_hostname') +$SNIPPET('cephlab_user') +$SNIPPET('cephlab_apt-mirror_hack') +$SNIPPET('kickstart_done') +# End final steps +%end diff --git a/roles/cobbler/templates/kickstarts/cephlab_trusty.preseed b/roles/cobbler/templates/kickstarts/cephlab_trusty.preseed new file mode 100755 index 0000000..5463592 --- /dev/null +++ b/roles/cobbler/templates/kickstarts/cephlab_trusty.preseed @@ -0,0 +1,114 @@ +## {{ ansible_managed }} +### Apt setup +# You can choose to install non-free and contrib software. +#d-i apt-setup/non-free boolean true +#d-i apt-setup/contrib boolean true + +# Keyboard selection. +# Disable automatic (interactive) keymap detection. +d-i console-setup/ask_detect boolean false + +# If you select ftp, the mirror/country string does not need to be set. +#d-i mirror/protocol string ftp +d-i mirror/country string manual +d-i mirror/http/hostname string apt-mirror.sepia.ceph.com +d-i mirror/http/directory string /archive.ubuntu.com/ubuntu +d-i mirror/suite string trusty + +#Removes the prompt about missing modules: +# Continue without installing a kernel? +#d-i base-installer/kernel/skip-install boolean true +# Continue the install without loading kernel modules? +#d-i anna/no_kernel_modules boolean true + +# Stop Ubuntu from installing random kernel choice +#d-i base-installer/kernel/image select none + +# Controls whether to use NTP to set the clock during the install +d-i clock-setup/ntp boolean true +# NTP server to use. The default is almost always fine here. +d-i clock-setup/ntp-server string pool.ntp.org + + +# This makes partman automatically partition without confirmation. +#d-i partman/confirm_write_new_label boolean true +#d-i partman/choose_partition select finish +#d-i partman/confirm boolean true +#d-i partman/choose_partition select finish +d-i partman-basicfilesystems/no_swap boolean false +d-i partman-basicfilesystems/no_swap seen true +d-i partman-auto/disk string /dev/sda +d-i partman-auto/method string regular +#d-i partman-auto/purge_lvm_from_device boolean true +d-i partman-auto/confirm_nooverwrite boolean true +d-i partman-auto/choose_partition select finish + + +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman/default_filesystem string ext4 +d-i partman-auto/expert_recipe string \ + root :: \ + 500 10000 1000000000 ext4 \ + $primary{ } $bootable{ } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ / } \ + . +#\ +# 64 512 1% linux-swap \ +# method{ swap } format{ } \ +# . +d-i partman/confirm_write_new_label boolean true +d-i partman/choose_partition \ + select Finish partitioning and write changes to disk +d-i partman/confirm boolean true + +d-i grub-pc/install_devices multiselect /dev/sda + +#User account. +d-i passwd/root-login boolean false +d-i passwd/make-user boolean true +d-i passwd/user-fullname string ubuntu +d-i passwd/username string ubuntu +d-i passwd/user-password-crypted password $6$.1eHH0iY$ArGzKX2YeQ3G6U.mlOO3A.NaL22Ewgz8Fi4qqz.Ns7EMKjEJRIW2Pm/TikDptZpuu7I92frytmk5YeL.9fRY4. +d-i passwd/user-uid string +d-i user-setup/allow-password-weak boolean false +d-i user-setup/encrypt-home boolean false + +# Individual additional packages to install +d-i pkgsel/include string u-boot-tools pastebinit initramfs-tools wget linux-firmware linux-firmware-nonfree ntpdate bash devmem2 fbset sudo openssh-server udev-discover + +# d-i pkgsel/include string u-boot-tools pastebinit initramfs-tools wget linux-firmware linux-firmware-nonfree ntpdate bash devmem2 fbset sudo ipcalc openssh-server nagios-nrpe-server smartmontools udev-discover xfsprogs + +# Whether to upgrade packages after debootstrap. +# Allowed values: none, safe-upgrade, full-upgrade +d-i pkgsel/upgrade select safe-upgrade + +# Policy for applying updates. May be "none" (no automatic updates), +# "unattended-upgrades" (install security updates automatically), or +# "landscape" (manage system with Landscape). +d-i pkgsel/update-policy select none + +# During installations from serial console, the regular virtual consoles +# (VT1-VT6) are normally disabled in /etc/inittab. Uncomment the next +# line to prevent this. +d-i finish-install/keep-consoles boolean true + +# Avoid that last message about the install being complete. +d-i finish-install/reboot_in_progress note + +# This command is run just before the install finishes, but when there is +# still a usable /target directory. You can chroot to /target and use it +# directly, or use the apt-install and in-target commands to easily install +# packages and run commands in the target system. + +# cephlab_preseed_late lives in /var/lib/cobbler/scripts +# It is passed to the cobbler xmlrpc generate_scripts function where it's rendered. +# This means that snippets or other templating features can be used. +d-i preseed/late_command string \ +in-target wget http://$http_server/cblr/svc/op/script/system/$system_name/?script=cephlab_preseed_late -O /tmp/postinst.sh; \ +in-target /bin/chmod 755 /tmp/postinst.sh; \ +in-target /tmp/postinst.sh; diff --git a/roles/cobbler/templates/scripts/cephlab_preseed_late b/roles/cobbler/templates/scripts/cephlab_preseed_late new file mode 100644 index 0000000..2ab9eea --- /dev/null +++ b/roles/cobbler/templates/scripts/cephlab_preseed_late @@ -0,0 +1,14 @@ +## {{ ansible_managed }} +# Start preseed_late_default +# This script runs in the chroot /target by default +$SNIPPET('post_install_network_config_deb') +$SNIPPET('late_apt_repo_config') +$SNIPPET('post_run_deb') +$SNIPPET('download_config_files') +# custom +$SNIPPET('cephlab_hostname') +$SNIPPET('cephlab_user') +$SNIPPET('cephlab_apt-mirror_hack') +# end custom +$SNIPPET('kickstart_done') +# End preseed_late_default diff --git a/roles/cobbler/templates/snippets/cephlab_apt-mirror_hack b/roles/cobbler/templates/snippets/cephlab_apt-mirror_hack new file mode 100755 index 0000000..1239743 --- /dev/null +++ b/roles/cobbler/templates/snippets/cephlab_apt-mirror_hack @@ -0,0 +1,2 @@ +## {{ ansible_managed }} +grep -q apt-mirror /etc/hosts || echo 64.90.32.37 apt-mirror.front.sepia.ceph.com | sudo tee -a /etc/hosts diff --git a/roles/cobbler/templates/snippets/cephlab_hostname b/roles/cobbler/templates/snippets/cephlab_hostname new file mode 100644 index 0000000..e24211d --- /dev/null +++ b/roles/cobbler/templates/snippets/cephlab_hostname @@ -0,0 +1,3 @@ +## {{ ansible_managed }} +hostname $system_name +echo $system_name > /etc/hostname diff --git a/roles/cobbler/templates/snippets/cephlab_packages_rhel b/roles/cobbler/templates/snippets/cephlab_packages_rhel new file mode 100644 index 0000000..3e0be82 --- /dev/null +++ b/roles/cobbler/templates/snippets/cephlab_packages_rhel @@ -0,0 +1,3 @@ +## {{ ansible_managed }} +perl +wget diff --git a/roles/cobbler/templates/snippets/cephlab_user b/roles/cobbler/templates/snippets/cephlab_user new file mode 100644 index 0000000..e983aad --- /dev/null +++ b/roles/cobbler/templates/snippets/cephlab_user @@ -0,0 +1,25 @@ +## {{ ansible_managed }} +#set $user = 'ubuntu' +#set $home = '/home/' + $user +#set $auth_keys = $home + '/.ssh/authorized_keys' +groupadd sudo +useradd -G sudo ubuntu +passwd -d $user + +cat >> /etc/sudoers.d/cephlab_sudo << EOF +%sudo ALL=(ALL) NOPASSWD: ALL +# For ansible pipelining +Defaults !requiretty +Defaults visiblepw +EOF + +install -d -m0755 --owner=$user --group=$user /home/$user/.ssh + +cat >> $auth_keys << EOF +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1WFDbZSC387Oh/8/PoN0ItIrwbKAlAIIDhH0E1okyG6Nj3CjqctUQ8nBYg3yr6ztUTs1q5RWOsCeG7ZePxrxdDZz3YEJsZZhqdtwYbLkcKFME2eQNj/BaCp58FB5T3p0Yy6S4YAwGUZv+UGroUseE8RRavNVrBq3+3ciPYXiopm1jRrAWNXW5wbzry8NOxl/x1Q0PzDgy/9+Su433pkcaEY9X633+1iYcFx6NyKwVvh5GFDFUMM5wFtiJRVAhnhT9UloIwk2TP9p874Y6JjgfXgHmvlatvUEeKdVdkorHd0H0Ln5xlwq+1eJsl7GXNXW/HeSbZ9srfZlNMzfHk5y5w== root@magna001.ceph.lab.eng.rdu.redhat.com +EOF + +chown $user.$user $auth_keys +chmod 644 $auth_keys +chown -Rf $user:$user /home/$user +curl "http://$http_server:$http_port/cblr/svc/op/nopxe/system/$system_name" -o /dev/null -- 2.39.5