diff --git a/metal/roles/init-config/defaults/main.yml b/metal/roles/init-config/defaults/main.yml deleted file mode 100644 index 0e57f1d3..00000000 --- a/metal/roles/init-config/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ -timezone: Asia/Ho_Chi_Minh diff --git a/metal/roles/init-config/tasks/main.yml b/metal/roles/init-config/tasks/main.yml deleted file mode 100644 index 1ed4ef1f..00000000 --- a/metal/roles/init-config/tasks/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -- name: Render machine specific init config - template: - src: kickstart.ks.j2 - dest: "{{ playbook_dir }}/build/data/init-config/{{ hostvars[item]['mac'] }}.ks" diff --git a/metal/roles/pxe-server/defaults/main.yml b/metal/roles/pxe-server/defaults/main.yml index 7c5b0b81..0d54a00c 100644 --- a/metal/roles/pxe-server/defaults/main.yml +++ b/metal/roles/pxe-server/defaults/main.yml @@ -1,6 +1,3 @@ -iso_url: "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/34.20210808.2.0/x86_64/fedora-coreos-34.20210808.2.0-live.x86_64.iso" -iso_checksum: "sha256:8ec901fcb5bf9f05cf8046cbe7bce29e36600b7ec61165577c1b3c565b85425c" - -os_name: CoreOS -# TODO (optimize) Get timezone automatically from the controller +iso_url: "https://download.rockylinux.org/pub/rocky/8/isos/x86_64/Rocky-8.4-x86_64-minimal.iso" +iso_checksum: "sha256:0de5f12eba93e00fefc06cdb0aa4389a0972a4212977362ea18bde46a1a1aa4f" timezone: Asia/Ho_Chi_Minh diff --git a/metal/roles/pxe-server/files/dhcp/dhcpd.conf b/metal/roles/pxe-server/files/dhcp/dhcpd.conf new file mode 100644 index 00000000..6abb83d3 --- /dev/null +++ b/metal/roles/pxe-server/files/dhcp/dhcpd.conf @@ -0,0 +1,20 @@ +option space pxelinux; +option pxelinux.magic code 208 = string; +option pxelinux.configfile code 209 = text; +option pxelinux.pathprefix code 210 = text; +option pxelinux.reboottime code 211 = unsigned integer 32; +option architecture-type code 93 = unsigned integer 16; + +subnet 192.168.1.0 netmask 255.255.255.0 { + option routers 192.168.1.1; + range 192.168.1.2 192.168.1.254; + + class "pxeclients" { + match if substring (option vendor-class-identifier, 0, 9) = "PXEClient"; + next-server 192.168.1.12; + + if option architecture-type = 00:07 { + filename "grubx64.efi"; + } + } +} diff --git a/metal/roles/pxe-server/files/docker-compose.yml b/metal/roles/pxe-server/files/docker-compose.yml index f5ef520a..8cb7d340 100644 --- a/metal/roles/pxe-server/files/docker-compose.yml +++ b/metal/roles/pxe-server/files/docker-compose.yml @@ -11,6 +11,9 @@ services: network_mode: host volumes: - ./tftp/grub.cfg:/var/lib/tftpboot/grub.cfg + - ./data/os/EFI/BOOT/grubx64.efi:/var/lib/tftpboot/grubx64.efi + - ./data/os/images/pxeboot/initrd.img:/var/lib/tftpboot/initrd.img + - ./data/os/images/pxeboot/vmlinuz:/var/lib/tftpboot/vmlinuz http: build: ./http network_mode: host diff --git a/metal/roles/pxe-server/files/tftp/grub.cfg b/metal/roles/pxe-server/files/tftp/grub.cfg new file mode 100644 index 00000000..40e1a42b --- /dev/null +++ b/metal/roles/pxe-server/files/tftp/grub.cfg @@ -0,0 +1,9 @@ +set timeout=1 + +menuentry 'Rocky-8.4-x86_64-minimal (PXE)' { + linux vmlinuz \ + ip=dhcp \ + inst.repo=http://192.168.1.12/os \ + ks=http://192.168.1.12/init-config/${net_default_mac}.ks + initrd initrd.img +} diff --git a/metal/roles/pxe-server/tasks/main.yml b/metal/roles/pxe-server/tasks/main.yml index dafe9175..899bdcdb 100644 --- a/metal/roles/pxe-server/tasks/main.yml +++ b/metal/roles/pxe-server/tasks/main.yml @@ -1,55 +1,34 @@ -- name: Gather network facts - ansible.builtin.setup: - gather_subset: - - network - -- name: Create build directory - file: - path: "{{ item }}" - state: directory - loop: - - "{{ role_path }}/build" - - "{{ role_path }}/files/images" - - "{{ role_path }}/build/mnt" - - name: Download ISO get_url: url: "{{ iso_url }}" - dest: "{{ role_path }}/files/images/{{ iso_url | basename }}" + dest: "{{ role_path }}/files/data/iso/{{ iso_url | basename }}" checksum: "{{ iso_checksum }}" register: iso - name: Extract the ISO command: - cmd: "xorriso -osirrox on -indev {{ iso.dest }} -extract / {{ role_path }}/build/mnt" - creates: "{{ role_path }}/build/mnt/.treeinfo" - -- name: Extract bootloader - iso_extract: - image: "{{ role_path }}/build/mnt/images/efiboot.img" - dest: "{{ role_path }}/build/mnt/EFI/fedora" - files: - - EFI/fedora/grubx64.efi - -- name: Copy configs - copy: - src: "{{ role_path }}/templates/" - dest: "{{ role_path }}/build" + cmd: "xorriso -osirrox on -indev {{ iso.dest }} -extract / {{ role_path }}/files/data/os" + creates: "{{ role_path }}/files/data/os/.treeinfo" - name: Render DHCP config template: - src: dhcp/dhcpd.conf.j2 - dest: "{{ role_path }}/build/dhcp/dhcpd.conf" + src: dhcpd.conf.j2 + dest: "{{ role_path }}/files/dhcp/dhcpd.conf" - name: Render GRUB config template: - src: tftp/tftpboot/grub.cfg.j2 - dest: "{{ role_path }}/build/tftp/tftpboot/grub.cfg" + src: grub.cfg.j2 + dest: "{{ role_path }}/files/tftp/grub.cfg" + +- name: Render machine specific init config + template: + src: kickstart.ks.j2 + dest: "{{ role_path }}/files/data/init-config/{{ hostvars[item]['mac'] }}.ks" + loop: "{{ groups['metal'] }}" - name: Start ephemeral PXE server docker_compose: - project_src: "{{ role_path }}/build" + project_src: "{{ role_path }}/files" state: present restarted: yes build: yes - recreate: always diff --git a/metal/roles/pxe-server/templates/grub.cfg.j2 b/metal/roles/pxe-server/templates/grub.cfg.j2 index a09cad0d..5e9f4991 100644 --- a/metal/roles/pxe-server/templates/grub.cfg.j2 +++ b/metal/roles/pxe-server/templates/grub.cfg.j2 @@ -3,9 +3,7 @@ set timeout=1 menuentry '{{ iso_url | basename | splitext | first }} (PXE)' { linux vmlinuz \ ip=dhcp \ - ignition.platform.id=metal \ - coreos.live.rootfs_url=http://{{ ansible_default_ipv4.address }}/{{ os_name }}/images/pxeboot/rootfs.img \ - coreos.inst.install_dev=/dev/{{ disk }} \ - coreos.inst.ignition_url=http://{{ ansible_default_ipv4.address }}/ignition/${net_default_mac}.json - initrd initrd.img ignition.img + inst.repo=http://{{ ansible_default_ipv4.address }}/os \ + ks=http://{{ ansible_default_ipv4.address }}/init-config/${net_default_mac}.ks + initrd initrd.img } diff --git a/metal/roles/init-config/templates/kickstart.ks b/metal/roles/pxe-server/templates/kickstart.ks.j2 similarity index 60% rename from metal/roles/init-config/templates/kickstart.ks rename to metal/roles/pxe-server/templates/kickstart.ks.j2 index ffe6351c..be03a5a4 100644 --- a/metal/roles/init-config/templates/kickstart.ks +++ b/metal/roles/pxe-server/templates/kickstart.ks.j2 @@ -1,4 +1,4 @@ -#version=DEVEL +#version=RHEL8 # Do not use graphical install text @@ -15,35 +15,36 @@ ignoredisk --only-use={{ disk }} autopart # Network information -network --bootproto=static --device={{ network_interface }} --ip={{ hostvars[item]['ansible_host'] }} --gateway={{ ansible_default_ipv4.gateway }} --nameserver={{ dns_server }} --netmask={{ ansible_default_ipv4.netmask }} --ipv6=auto --hostname={{ hostvars[item]['inventory_hostname'] }} --activate +network --bootproto=static --device={{ network_interface }} --ip={{ ansible_host }} --gateway={{ ansible_default_ipv4.gateway }} --nameserver={{ dns_server }} --netmask={{ ansible_default_ipv4.netmask }} --ipv6=auto --hostname={{ hostvars[item]['inventory_hostname'] }} --activate # Use network installation +repo --name="Minimal" --baseurl=http://{{ ansible_default_ipv4.address }}/os/Minimal url --url="http://{{ ansible_default_ipv4.address }}/iso/" # Disable Setup Agent on first boot firstboot --disable # Do not configure the X Window System skipx -# System services +# Enable NTP services --enabled="chronyd" # System timezone -timezone {{ timezone }} --utc +timezone {{ timezone }} --isUtc # Create user (locked by default) -user --groups=wheel --name={{ os_username }} +user --groups=wheel --name=admin # Add SSH key sshkey --username=root "{{ ssh_public_key }}" -# SELinux +# Disable SELinux selinux --disabled -# Firewall +# Disable firewall firewall --disabled %packages -@^server-product-environment +@^minimal-environment %end -# Enable some services for Kubernetes +# Enable iSCSI for Kubernetes storage services --enable=iscsid reboot