From 3cc673d274f9d8b584fae1c99601b8e6146a9f3c Mon Sep 17 00:00:00 2001
From: Khue Doan <khuedoan98@gmail.com>
Date: Fri, 11 Jun 2021 14:04:18 +0700
Subject: [PATCH] Improve kickstart config

---
 metal/main.yml                                     |  3 ---
 metal/roles/docker/tasks/main.yml                  | 14 --------------
 metal/roles/pxe-boot/defaults/main.yml             |  2 +-
 .../pxe-boot/templates/http/kickstart/fedora.ks.j2 | 14 +++++++++++---
 4 files changed, 12 insertions(+), 21 deletions(-)

diff --git a/metal/main.yml b/metal/main.yml
index 8053cec6..3924c17f 100644
--- a/metal/main.yml
+++ b/metal/main.yml
@@ -1,9 +1,6 @@
 - name: Install OS on bare metal machines
   hosts: all
   gather_facts: no
-  vars_prompt:
-    - name: os_password
-      prompt: Enter password for metal nodes
   roles:
     - pxe-boot
 
diff --git a/metal/roles/docker/tasks/main.yml b/metal/roles/docker/tasks/main.yml
index e6d3c97b..9d817b55 100644
--- a/metal/roles/docker/tasks/main.yml
+++ b/metal/roles/docker/tasks/main.yml
@@ -1,10 +1,3 @@
-# TODO (optimize) Node firewall
-- name: Disable firewall
-  service:
-    name: firewalld
-    state: stopped
-    enabled: no
-
 - name: Install Docker
   dnf:
     name: docker
@@ -14,10 +7,3 @@
     name: docker
     state: started
     enabled: yes
-
-# TODO (optimize) Restructure provisioning roles
-- name: Start iSCSI service
-  systemd:
-    name: iscsid
-    state: started
-    enabled: yes
diff --git a/metal/roles/pxe-boot/defaults/main.yml b/metal/roles/pxe-boot/defaults/main.yml
index 4ff5e06d..9f30ae14 100644
--- a/metal/roles/pxe-boot/defaults/main.yml
+++ b/metal/roles/pxe-boot/defaults/main.yml
@@ -2,4 +2,4 @@ iso_url: "https://download.fedoraproject.org/pub/fedora/linux/releases/34/Server
 iso_checksum: "sha256:0b9dc87d060c7c4ef89f63db6d4d1597dd3feaf4d635ca051d87f5e8c89e8675"
 iso_file_name: "Fedora-Server-dvd-x86_64-34-1.2.iso"
 
-os_username: fedora
+os_username: admin
diff --git a/metal/roles/pxe-boot/templates/http/kickstart/fedora.ks.j2 b/metal/roles/pxe-boot/templates/http/kickstart/fedora.ks.j2
index fbf0b654..ab3a47be 100644
--- a/metal/roles/pxe-boot/templates/http/kickstart/fedora.ks.j2
+++ b/metal/roles/pxe-boot/templates/http/kickstart/fedora.ks.j2
@@ -34,14 +34,22 @@ services --enabled="chronyd"
 # System timezone
 timezone Asia/Ho_Chi_Minh --utc
 
-# Create user
-user --groups=wheel --name={{ os_username }} --password={{ os_password }}
+# Create user (locked by default)
+user --groups=wheel --name={{ os_username }}
 # Add SSH key
 sshkey --username=root "{{ ssh_public_key }}"
 
+# SELinux
+selinux --disabled
+
+# Firewall
+firewall --disabled
+
 %packages
 @^server-product-environment
-
 %end
 
+# Enable some services for Kubernetes
+services --enable=iscsid
+
 reboot