From 32b86b6c6815ff2c7f49715466bb7c03e7bd561b Mon Sep 17 00:00:00 2001 From: Khue Doan Date: Mon, 30 Aug 2021 23:44:25 +0700 Subject: [PATCH 1/9] Restructure pxe server role files and templates --- .../{templates => files}/dhcp/Dockerfile | 0 .../roles/pxe-server/files/docker-compose.yml | 21 +++++ .../{templates => files}/http/Dockerfile | 0 .../{templates => files}/tftp/Dockerfile | 0 .../templates/{dhcp => }/dhcpd.conf.j2 | 0 .../pxe-server/templates/docker-compose.yml | 25 ------ .../templates/{tftp/tftpboot => }/grub.cfg.j2 | 2 +- .../templates/http/ignition/ignition.yaml.j2 | 79 ------------------- 8 files changed, 22 insertions(+), 105 deletions(-) rename metal/roles/pxe-server/{templates => files}/dhcp/Dockerfile (100%) create mode 100644 metal/roles/pxe-server/files/docker-compose.yml rename metal/roles/pxe-server/{templates => files}/http/Dockerfile (100%) rename metal/roles/pxe-server/{templates => files}/tftp/Dockerfile (100%) rename metal/roles/pxe-server/templates/{dhcp => }/dhcpd.conf.j2 (100%) delete mode 100644 metal/roles/pxe-server/templates/docker-compose.yml rename metal/roles/pxe-server/templates/{tftp/tftpboot => }/grub.cfg.j2 (86%) delete mode 100644 metal/roles/pxe-server/templates/http/ignition/ignition.yaml.j2 diff --git a/metal/roles/pxe-server/templates/dhcp/Dockerfile b/metal/roles/pxe-server/files/dhcp/Dockerfile similarity index 100% rename from metal/roles/pxe-server/templates/dhcp/Dockerfile rename to metal/roles/pxe-server/files/dhcp/Dockerfile diff --git a/metal/roles/pxe-server/files/docker-compose.yml b/metal/roles/pxe-server/files/docker-compose.yml new file mode 100644 index 00000000..cd59d683 --- /dev/null +++ b/metal/roles/pxe-server/files/docker-compose.yml @@ -0,0 +1,21 @@ +version: "3" + +services: + dhcp: + build: ./dhcp + volumes: + - ./dhcp/dhcpd.conf:/etc/dhcp/dhcpd.conf + network_mode: host + tftp: + build: ./tftp + network_mode: host + volumes: + - ./tftp/grub.cfg:/var/lib/tftpboot/grub.cfg + http: + build: ./http + network_mode: host + volumes: + - ./data/iso:/usr/share/nginx/html/iso + - ./data/init-config/:/usr/share/nginx/html/init-config + environment: + NGINX_PORT: 80 diff --git a/metal/roles/pxe-server/templates/http/Dockerfile b/metal/roles/pxe-server/files/http/Dockerfile similarity index 100% rename from metal/roles/pxe-server/templates/http/Dockerfile rename to metal/roles/pxe-server/files/http/Dockerfile diff --git a/metal/roles/pxe-server/templates/tftp/Dockerfile b/metal/roles/pxe-server/files/tftp/Dockerfile similarity index 100% rename from metal/roles/pxe-server/templates/tftp/Dockerfile rename to metal/roles/pxe-server/files/tftp/Dockerfile diff --git a/metal/roles/pxe-server/templates/dhcp/dhcpd.conf.j2 b/metal/roles/pxe-server/templates/dhcpd.conf.j2 similarity index 100% rename from metal/roles/pxe-server/templates/dhcp/dhcpd.conf.j2 rename to metal/roles/pxe-server/templates/dhcpd.conf.j2 diff --git a/metal/roles/pxe-server/templates/docker-compose.yml b/metal/roles/pxe-server/templates/docker-compose.yml deleted file mode 100644 index dcacf065..00000000 --- a/metal/roles/pxe-server/templates/docker-compose.yml +++ /dev/null @@ -1,25 +0,0 @@ -version: "3" - -services: - dhcp: - build: ./dhcp - volumes: - - ./dhcp/dhcpd.conf:/etc/dhcp/dhcpd.conf - network_mode: host - tftp: - build: ./tftp - network_mode: host - volumes: - - ./tftp/tftpboot/grub.cfg:/var/lib/tftpboot/grub.cfg - - ./mnt/EFI/fedora/grubx64.efi:/var/lib/tftpboot/grubx64.efi - - ./mnt/images/ignition.img:/var/lib/tftpboot/ignition.img - - ./mnt/images/pxeboot/initrd.img:/var/lib/tftpboot/initrd.img - - ./mnt/images/pxeboot/vmlinuz:/var/lib/tftpboot/vmlinuz - http: - build: ./http - network_mode: host - volumes: - - ./mnt:/usr/share/nginx/html/CoreOS - - ./http/ignition/:/usr/share/nginx/html/ignition - environment: - NGINX_PORT: 80 diff --git a/metal/roles/pxe-server/templates/tftp/tftpboot/grub.cfg.j2 b/metal/roles/pxe-server/templates/grub.cfg.j2 similarity index 86% rename from metal/roles/pxe-server/templates/tftp/tftpboot/grub.cfg.j2 rename to metal/roles/pxe-server/templates/grub.cfg.j2 index 6a79aa9b..a09cad0d 100644 --- a/metal/roles/pxe-server/templates/tftp/tftpboot/grub.cfg.j2 +++ b/metal/roles/pxe-server/templates/grub.cfg.j2 @@ -1,6 +1,6 @@ set timeout=1 -menuentry '{{ os_name }} (Live)' { +menuentry '{{ iso_url | basename | splitext | first }} (PXE)' { linux vmlinuz \ ip=dhcp \ ignition.platform.id=metal \ diff --git a/metal/roles/pxe-server/templates/http/ignition/ignition.yaml.j2 b/metal/roles/pxe-server/templates/http/ignition/ignition.yaml.j2 deleted file mode 100644 index 91d0ae67..00000000 --- a/metal/roles/pxe-server/templates/http/ignition/ignition.yaml.j2 +++ /dev/null @@ -1,79 +0,0 @@ -variant: fcos -version: 1.3.0 - -passwd: - users: - - name: root - ssh_authorized_keys: - - {{ ssh_public_key }} - -storage: - files: - # Set hostname - - path: /etc/hostname - mode: 0644 - contents: - inline: {{ hostvars[item]['inventory_hostname'] }} - # Set static IP - - path: /etc/NetworkManager/system-connections/{{ network_interface }}.nmconnection - mode: 0600 - contents: - inline: | - [connection] - id={{ network_interface }} - type=ethernet - interface-name={{ network_interface }} - permissions= - [ipv4] - address1={{ (hostvars[item]['ansible_host'] + '/' + ansible_default_ipv4.netmask) | ansible.netcommon.ipaddr('host/prefix') }},{{ ansible_default_ipv4.gateway }} - dns={{ dns_server }}; - dns-search= - method=manual - # Make audit logs less verbose - - path: /etc/sysctl.d/20-silence-audit.conf - contents: - inline: | - kernel.printk=4 - # Fix flannel support - - path: /etc/systemd/network/50-flannel.link - contents: - inline: | - [Match] - OriginalName=flannel* - [Link] - MACAddressPolicy=none - links: - # Set timezone - - path: /etc/localtime - target: /usr/share/zoneinfo/{{ timezone }} - -systemd: - units: - # iSCSI for Longhorn distributed block storage - - name: iscsid.service - enabled: true -{% if item == "metal0" %} - # Terraform state backend - - name: tfstate.service - enabled: true - contents: | - [Unit] - Description=Run etcd for Terraform state backend - After=network-online.target - Wants=network-online.target - - [Service] - ExecStartPre=-/usr/bin/docker kill tfstate - ExecStartPre=-/usr/bin/docker rm tfstate - ExecStart=/usr/bin/docker run --name tfstate \ - --volume tfstate:/bitnami/etcd/data \ - --env ALLOW_NONE_AUTHENTICATION=yes \ - --publish 23799:2379 \ - --restart always \ - bitnami/etcd - ExecStop=/usr/bin/docker stop tfstate - Restart=always - - [Install] - WantedBy=multi-user.target -{% endif %} From 25de291c713ac553d7a7a038efe41b5cd62b9702 Mon Sep 17 00:00:00 2001 From: Khue Doan Date: Mon, 30 Aug 2021 23:47:16 +0700 Subject: [PATCH 2/9] Split init config to a separate role --- metal/roles/init-config/defaults/main.yml | 1 + metal/roles/init-config/tasks/main.yml | 4 ++ .../roles/init-config/templates/kickstart.ks | 49 +++++++++++++++++++ metal/roles/pxe-server/tasks/main.yml | 22 --------- 4 files changed, 54 insertions(+), 22 deletions(-) create mode 100644 metal/roles/init-config/defaults/main.yml create mode 100644 metal/roles/init-config/tasks/main.yml create mode 100644 metal/roles/init-config/templates/kickstart.ks diff --git a/metal/roles/init-config/defaults/main.yml b/metal/roles/init-config/defaults/main.yml new file mode 100644 index 00000000..0e57f1d3 --- /dev/null +++ b/metal/roles/init-config/defaults/main.yml @@ -0,0 +1 @@ +timezone: Asia/Ho_Chi_Minh diff --git a/metal/roles/init-config/tasks/main.yml b/metal/roles/init-config/tasks/main.yml new file mode 100644 index 00000000..1ed4ef1f --- /dev/null +++ b/metal/roles/init-config/tasks/main.yml @@ -0,0 +1,4 @@ +- name: Render machine specific init config + template: + src: kickstart.ks.j2 + dest: "{{ playbook_dir }}/build/data/init-config/{{ hostvars[item]['mac'] }}.ks" diff --git a/metal/roles/init-config/templates/kickstart.ks b/metal/roles/init-config/templates/kickstart.ks new file mode 100644 index 00000000..ffe6351c --- /dev/null +++ b/metal/roles/init-config/templates/kickstart.ks @@ -0,0 +1,49 @@ +#version=DEVEL + +# Do not use graphical install +text + +# Keyboard layouts +keyboard --xlayouts='us' +# System language +lang en_US.UTF-8 + +# Partition clearing information +clearpart --all --drives={{ disk }} +# Partitioning +ignoredisk --only-use={{ disk }} +autopart + +# Network information +network --bootproto=static --device={{ network_interface }} --ip={{ hostvars[item]['ansible_host'] }} --gateway={{ ansible_default_ipv4.gateway }} --nameserver={{ dns_server }} --netmask={{ ansible_default_ipv4.netmask }} --ipv6=auto --hostname={{ hostvars[item]['inventory_hostname'] }} --activate + +# Use network installation +url --url="http://{{ ansible_default_ipv4.address }}/iso/" +# Disable Setup Agent on first boot +firstboot --disable +# Do not configure the X Window System +skipx +# System services +services --enabled="chronyd" +# System timezone +timezone {{ timezone }} --utc + +# Create user (locked by default) +user --groups=wheel --name={{ os_username }} +# Add SSH key +sshkey --username=root "{{ ssh_public_key }}" + +# SELinux +selinux --disabled + +# Firewall +firewall --disabled + +%packages +@^server-product-environment +%end + +# Enable some services for Kubernetes +services --enable=iscsid + +reboot diff --git a/metal/roles/pxe-server/tasks/main.yml b/metal/roles/pxe-server/tasks/main.yml index bb0f7684..dafe9175 100644 --- a/metal/roles/pxe-server/tasks/main.yml +++ b/metal/roles/pxe-server/tasks/main.yml @@ -46,28 +46,6 @@ src: tftp/tftpboot/grub.cfg.j2 dest: "{{ role_path }}/build/tftp/tftpboot/grub.cfg" -- name: Render machine specific Butane config - template: - src: http/ignition/ignition.yaml.j2 - dest: "{{ role_path }}/build/http/ignition/{{ hostvars[item]['mac'] }}.yaml" - loop: "{{ groups['metal'] }}" - -- name: Render Ignition config from Butane config - docker_container: - name: butane - image: quay.io/coreos/butane:release - auto_remove: yes - volumes: - - "{{ role_path }}/build/http/ignition:/local/src" - working_dir: /local/src - command: - - --pretty - - --strict - - "{{ hostvars[item]['mac'] }}.yaml" - - --output - - "{{ hostvars[item]['mac'] }}.json" - loop: "{{ groups['metal'] }}" - - name: Start ephemeral PXE server docker_compose: project_src: "{{ role_path }}/build" From bb94e89409804fd8c341a341fb11e627d4606c87 Mon Sep 17 00:00:00 2001 From: Khue Doan Date: Tue, 31 Aug 2021 00:35:35 +0700 Subject: [PATCH 3/9] Add PXE server data dirs --- metal/roles/pxe-server/files/data/init-config/.gitignore | 2 ++ metal/roles/pxe-server/files/data/iso/.gitignore | 2 ++ metal/roles/pxe-server/files/data/os/.gitignore | 2 ++ metal/roles/pxe-server/files/docker-compose.yml | 2 +- 4 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 metal/roles/pxe-server/files/data/init-config/.gitignore create mode 100644 metal/roles/pxe-server/files/data/iso/.gitignore create mode 100644 metal/roles/pxe-server/files/data/os/.gitignore diff --git a/metal/roles/pxe-server/files/data/init-config/.gitignore b/metal/roles/pxe-server/files/data/init-config/.gitignore new file mode 100644 index 00000000..d6b7ef32 --- /dev/null +++ b/metal/roles/pxe-server/files/data/init-config/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore diff --git a/metal/roles/pxe-server/files/data/iso/.gitignore b/metal/roles/pxe-server/files/data/iso/.gitignore new file mode 100644 index 00000000..d6b7ef32 --- /dev/null +++ b/metal/roles/pxe-server/files/data/iso/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore diff --git a/metal/roles/pxe-server/files/data/os/.gitignore b/metal/roles/pxe-server/files/data/os/.gitignore new file mode 100644 index 00000000..d6b7ef32 --- /dev/null +++ b/metal/roles/pxe-server/files/data/os/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore diff --git a/metal/roles/pxe-server/files/docker-compose.yml b/metal/roles/pxe-server/files/docker-compose.yml index cd59d683..f5ef520a 100644 --- a/metal/roles/pxe-server/files/docker-compose.yml +++ b/metal/roles/pxe-server/files/docker-compose.yml @@ -15,7 +15,7 @@ services: build: ./http network_mode: host volumes: - - ./data/iso:/usr/share/nginx/html/iso + - ./data/os:/usr/share/nginx/html/os - ./data/init-config/:/usr/share/nginx/html/init-config environment: NGINX_PORT: 80 From 03ef74fe0575f214e8bac17de445203823d2047a Mon Sep 17 00:00:00 2001 From: Khue Doan Date: Tue, 31 Aug 2021 02:10:26 +0700 Subject: [PATCH 4/9] Use generic Ansible wait for connection --- metal/roles/wake/tasks/main.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/metal/roles/wake/tasks/main.yml b/metal/roles/wake/tasks/main.yml index ac3098d2..ebd8e736 100644 --- a/metal/roles/wake/tasks/main.yml +++ b/metal/roles/wake/tasks/main.yml @@ -4,9 +4,5 @@ delegate_to: localhost - name: Wait for the servers to comes up - wait_for: - host: '{{ ansible_host }}' - port: 22 - search_regex: OpenSSH + wait_for_connection: timeout: 600 - delegate_to: localhost From 626afa352c5aae95da716e39b6cbcf1903ab9baf Mon Sep 17 00:00:00 2001 From: Khue Doan Date: Tue, 31 Aug 2021 02:11:33 +0700 Subject: [PATCH 5/9] Working installer --- metal/roles/init-config/defaults/main.yml | 1 - metal/roles/init-config/tasks/main.yml | 4 -- metal/roles/pxe-server/defaults/main.yml | 7 +-- metal/roles/pxe-server/files/dhcp/dhcpd.conf | 20 ++++++++ .../roles/pxe-server/files/docker-compose.yml | 3 ++ metal/roles/pxe-server/files/tftp/grub.cfg | 9 ++++ metal/roles/pxe-server/tasks/main.yml | 49 ++++++------------- metal/roles/pxe-server/templates/grub.cfg.j2 | 8 ++- .../templates/kickstart.ks.j2} | 19 +++---- 9 files changed, 61 insertions(+), 59 deletions(-) delete mode 100644 metal/roles/init-config/defaults/main.yml delete mode 100644 metal/roles/init-config/tasks/main.yml create mode 100644 metal/roles/pxe-server/files/dhcp/dhcpd.conf create mode 100644 metal/roles/pxe-server/files/tftp/grub.cfg rename metal/roles/{init-config/templates/kickstart.ks => pxe-server/templates/kickstart.ks.j2} (60%) diff --git a/metal/roles/init-config/defaults/main.yml b/metal/roles/init-config/defaults/main.yml deleted file mode 100644 index 0e57f1d3..00000000 --- a/metal/roles/init-config/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ -timezone: Asia/Ho_Chi_Minh diff --git a/metal/roles/init-config/tasks/main.yml b/metal/roles/init-config/tasks/main.yml deleted file mode 100644 index 1ed4ef1f..00000000 --- a/metal/roles/init-config/tasks/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -- name: Render machine specific init config - template: - src: kickstart.ks.j2 - dest: "{{ playbook_dir }}/build/data/init-config/{{ hostvars[item]['mac'] }}.ks" diff --git a/metal/roles/pxe-server/defaults/main.yml b/metal/roles/pxe-server/defaults/main.yml index 7c5b0b81..0d54a00c 100644 --- a/metal/roles/pxe-server/defaults/main.yml +++ b/metal/roles/pxe-server/defaults/main.yml @@ -1,6 +1,3 @@ -iso_url: "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/34.20210808.2.0/x86_64/fedora-coreos-34.20210808.2.0-live.x86_64.iso" -iso_checksum: "sha256:8ec901fcb5bf9f05cf8046cbe7bce29e36600b7ec61165577c1b3c565b85425c" - -os_name: CoreOS -# TODO (optimize) Get timezone automatically from the controller +iso_url: "https://download.rockylinux.org/pub/rocky/8/isos/x86_64/Rocky-8.4-x86_64-minimal.iso" +iso_checksum: "sha256:0de5f12eba93e00fefc06cdb0aa4389a0972a4212977362ea18bde46a1a1aa4f" timezone: Asia/Ho_Chi_Minh diff --git a/metal/roles/pxe-server/files/dhcp/dhcpd.conf b/metal/roles/pxe-server/files/dhcp/dhcpd.conf new file mode 100644 index 00000000..6abb83d3 --- /dev/null +++ b/metal/roles/pxe-server/files/dhcp/dhcpd.conf @@ -0,0 +1,20 @@ +option space pxelinux; +option pxelinux.magic code 208 = string; +option pxelinux.configfile code 209 = text; +option pxelinux.pathprefix code 210 = text; +option pxelinux.reboottime code 211 = unsigned integer 32; +option architecture-type code 93 = unsigned integer 16; + +subnet 192.168.1.0 netmask 255.255.255.0 { + option routers 192.168.1.1; + range 192.168.1.2 192.168.1.254; + + class "pxeclients" { + match if substring (option vendor-class-identifier, 0, 9) = "PXEClient"; + next-server 192.168.1.12; + + if option architecture-type = 00:07 { + filename "grubx64.efi"; + } + } +} diff --git a/metal/roles/pxe-server/files/docker-compose.yml b/metal/roles/pxe-server/files/docker-compose.yml index f5ef520a..8cb7d340 100644 --- a/metal/roles/pxe-server/files/docker-compose.yml +++ b/metal/roles/pxe-server/files/docker-compose.yml @@ -11,6 +11,9 @@ services: network_mode: host volumes: - ./tftp/grub.cfg:/var/lib/tftpboot/grub.cfg + - ./data/os/EFI/BOOT/grubx64.efi:/var/lib/tftpboot/grubx64.efi + - ./data/os/images/pxeboot/initrd.img:/var/lib/tftpboot/initrd.img + - ./data/os/images/pxeboot/vmlinuz:/var/lib/tftpboot/vmlinuz http: build: ./http network_mode: host diff --git a/metal/roles/pxe-server/files/tftp/grub.cfg b/metal/roles/pxe-server/files/tftp/grub.cfg new file mode 100644 index 00000000..40e1a42b --- /dev/null +++ b/metal/roles/pxe-server/files/tftp/grub.cfg @@ -0,0 +1,9 @@ +set timeout=1 + +menuentry 'Rocky-8.4-x86_64-minimal (PXE)' { + linux vmlinuz \ + ip=dhcp \ + inst.repo=http://192.168.1.12/os \ + ks=http://192.168.1.12/init-config/${net_default_mac}.ks + initrd initrd.img +} diff --git a/metal/roles/pxe-server/tasks/main.yml b/metal/roles/pxe-server/tasks/main.yml index dafe9175..899bdcdb 100644 --- a/metal/roles/pxe-server/tasks/main.yml +++ b/metal/roles/pxe-server/tasks/main.yml @@ -1,55 +1,34 @@ -- name: Gather network facts - ansible.builtin.setup: - gather_subset: - - network - -- name: Create build directory - file: - path: "{{ item }}" - state: directory - loop: - - "{{ role_path }}/build" - - "{{ role_path }}/files/images" - - "{{ role_path }}/build/mnt" - - name: Download ISO get_url: url: "{{ iso_url }}" - dest: "{{ role_path }}/files/images/{{ iso_url | basename }}" + dest: "{{ role_path }}/files/data/iso/{{ iso_url | basename }}" checksum: "{{ iso_checksum }}" register: iso - name: Extract the ISO command: - cmd: "xorriso -osirrox on -indev {{ iso.dest }} -extract / {{ role_path }}/build/mnt" - creates: "{{ role_path }}/build/mnt/.treeinfo" - -- name: Extract bootloader - iso_extract: - image: "{{ role_path }}/build/mnt/images/efiboot.img" - dest: "{{ role_path }}/build/mnt/EFI/fedora" - files: - - EFI/fedora/grubx64.efi - -- name: Copy configs - copy: - src: "{{ role_path }}/templates/" - dest: "{{ role_path }}/build" + cmd: "xorriso -osirrox on -indev {{ iso.dest }} -extract / {{ role_path }}/files/data/os" + creates: "{{ role_path }}/files/data/os/.treeinfo" - name: Render DHCP config template: - src: dhcp/dhcpd.conf.j2 - dest: "{{ role_path }}/build/dhcp/dhcpd.conf" + src: dhcpd.conf.j2 + dest: "{{ role_path }}/files/dhcp/dhcpd.conf" - name: Render GRUB config template: - src: tftp/tftpboot/grub.cfg.j2 - dest: "{{ role_path }}/build/tftp/tftpboot/grub.cfg" + src: grub.cfg.j2 + dest: "{{ role_path }}/files/tftp/grub.cfg" + +- name: Render machine specific init config + template: + src: kickstart.ks.j2 + dest: "{{ role_path }}/files/data/init-config/{{ hostvars[item]['mac'] }}.ks" + loop: "{{ groups['metal'] }}" - name: Start ephemeral PXE server docker_compose: - project_src: "{{ role_path }}/build" + project_src: "{{ role_path }}/files" state: present restarted: yes build: yes - recreate: always diff --git a/metal/roles/pxe-server/templates/grub.cfg.j2 b/metal/roles/pxe-server/templates/grub.cfg.j2 index a09cad0d..5e9f4991 100644 --- a/metal/roles/pxe-server/templates/grub.cfg.j2 +++ b/metal/roles/pxe-server/templates/grub.cfg.j2 @@ -3,9 +3,7 @@ set timeout=1 menuentry '{{ iso_url | basename | splitext | first }} (PXE)' { linux vmlinuz \ ip=dhcp \ - ignition.platform.id=metal \ - coreos.live.rootfs_url=http://{{ ansible_default_ipv4.address }}/{{ os_name }}/images/pxeboot/rootfs.img \ - coreos.inst.install_dev=/dev/{{ disk }} \ - coreos.inst.ignition_url=http://{{ ansible_default_ipv4.address }}/ignition/${net_default_mac}.json - initrd initrd.img ignition.img + inst.repo=http://{{ ansible_default_ipv4.address }}/os \ + ks=http://{{ ansible_default_ipv4.address }}/init-config/${net_default_mac}.ks + initrd initrd.img } diff --git a/metal/roles/init-config/templates/kickstart.ks b/metal/roles/pxe-server/templates/kickstart.ks.j2 similarity index 60% rename from metal/roles/init-config/templates/kickstart.ks rename to metal/roles/pxe-server/templates/kickstart.ks.j2 index ffe6351c..be03a5a4 100644 --- a/metal/roles/init-config/templates/kickstart.ks +++ b/metal/roles/pxe-server/templates/kickstart.ks.j2 @@ -1,4 +1,4 @@ -#version=DEVEL +#version=RHEL8 # Do not use graphical install text @@ -15,35 +15,36 @@ ignoredisk --only-use={{ disk }} autopart # Network information -network --bootproto=static --device={{ network_interface }} --ip={{ hostvars[item]['ansible_host'] }} --gateway={{ ansible_default_ipv4.gateway }} --nameserver={{ dns_server }} --netmask={{ ansible_default_ipv4.netmask }} --ipv6=auto --hostname={{ hostvars[item]['inventory_hostname'] }} --activate +network --bootproto=static --device={{ network_interface }} --ip={{ ansible_host }} --gateway={{ ansible_default_ipv4.gateway }} --nameserver={{ dns_server }} --netmask={{ ansible_default_ipv4.netmask }} --ipv6=auto --hostname={{ hostvars[item]['inventory_hostname'] }} --activate # Use network installation +repo --name="Minimal" --baseurl=http://{{ ansible_default_ipv4.address }}/os/Minimal url --url="http://{{ ansible_default_ipv4.address }}/iso/" # Disable Setup Agent on first boot firstboot --disable # Do not configure the X Window System skipx -# System services +# Enable NTP services --enabled="chronyd" # System timezone -timezone {{ timezone }} --utc +timezone {{ timezone }} --isUtc # Create user (locked by default) -user --groups=wheel --name={{ os_username }} +user --groups=wheel --name=admin # Add SSH key sshkey --username=root "{{ ssh_public_key }}" -# SELinux +# Disable SELinux selinux --disabled -# Firewall +# Disable firewall firewall --disabled %packages -@^server-product-environment +@^minimal-environment %end -# Enable some services for Kubernetes +# Enable iSCSI for Kubernetes storage services --enable=iscsid reboot From e4b2ebb979d427ea1c6b895f41c214bd1ca93bb3 Mon Sep 17 00:00:00 2001 From: Khue Doan Date: Tue, 31 Aug 2021 02:12:03 +0700 Subject: [PATCH 6/9] Remove tfstate role --- metal/main.yml | 6 ------ metal/roles/tfstate/defaults/main.yml | 1 - metal/roles/tfstate/tasks/main.yml | 11 ----------- metal/roles/tfstate/templates/backend.tfvars.j2 | 5 ----- 4 files changed, 23 deletions(-) delete mode 100644 metal/roles/tfstate/defaults/main.yml delete mode 100644 metal/roles/tfstate/tasks/main.yml delete mode 100644 metal/roles/tfstate/templates/backend.tfvars.j2 diff --git a/metal/main.yml b/metal/main.yml index 956bb25c..4bc6a240 100644 --- a/metal/main.yml +++ b/metal/main.yml @@ -8,9 +8,3 @@ gather_facts: no roles: - wake - -- name: Create Terraform state storage - hosts: metal[0] - gather_facts: no - roles: - - tfstate diff --git a/metal/roles/tfstate/defaults/main.yml b/metal/roles/tfstate/defaults/main.yml deleted file mode 100644 index a8f43f12..00000000 --- a/metal/roles/tfstate/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ -etcd_port: 23799 diff --git a/metal/roles/tfstate/tasks/main.yml b/metal/roles/tfstate/tasks/main.yml deleted file mode 100644 index 122e9149..00000000 --- a/metal/roles/tfstate/tasks/main.yml +++ /dev/null @@ -1,11 +0,0 @@ -- name: Wait for etcd - wait_for: - port: 23799 - host: '{{ ansible_ssh_host }}' - connection: local - -- name: Generate Terraform backend config - delegate_to: localhost - template: - src: backend.tfvars.j2 - dest: "{{ playbook_dir }}/../cluster/backend.tfvars" diff --git a/metal/roles/tfstate/templates/backend.tfvars.j2 b/metal/roles/tfstate/templates/backend.tfvars.j2 deleted file mode 100644 index 4a285b08..00000000 --- a/metal/roles/tfstate/templates/backend.tfvars.j2 +++ /dev/null @@ -1,5 +0,0 @@ -endpoints = [ -{% for host in ansible_play_hosts %} - "{{ hostvars[host].ansible_host }}:{{ etcd_port }}", -{% endfor %} -] From 2a944bd597b4f9e90eeae11918c1e855ef93cab7 Mon Sep 17 00:00:00 2001 From: Khue Doan Date: Tue, 31 Aug 2021 04:17:59 +0700 Subject: [PATCH 7/9] Fix incorrect installer address --- metal/roles/pxe-server/files/tftp/grub.cfg | 1 - metal/roles/pxe-server/templates/grub.cfg.j2 | 1 - metal/roles/pxe-server/templates/kickstart.ks.j2 | 4 ++-- 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/metal/roles/pxe-server/files/tftp/grub.cfg b/metal/roles/pxe-server/files/tftp/grub.cfg index 40e1a42b..d9ae55fa 100644 --- a/metal/roles/pxe-server/files/tftp/grub.cfg +++ b/metal/roles/pxe-server/files/tftp/grub.cfg @@ -3,7 +3,6 @@ set timeout=1 menuentry 'Rocky-8.4-x86_64-minimal (PXE)' { linux vmlinuz \ ip=dhcp \ - inst.repo=http://192.168.1.12/os \ ks=http://192.168.1.12/init-config/${net_default_mac}.ks initrd initrd.img } diff --git a/metal/roles/pxe-server/templates/grub.cfg.j2 b/metal/roles/pxe-server/templates/grub.cfg.j2 index 5e9f4991..bbd3c977 100644 --- a/metal/roles/pxe-server/templates/grub.cfg.j2 +++ b/metal/roles/pxe-server/templates/grub.cfg.j2 @@ -3,7 +3,6 @@ set timeout=1 menuentry '{{ iso_url | basename | splitext | first }} (PXE)' { linux vmlinuz \ ip=dhcp \ - inst.repo=http://{{ ansible_default_ipv4.address }}/os \ ks=http://{{ ansible_default_ipv4.address }}/init-config/${net_default_mac}.ks initrd initrd.img } diff --git a/metal/roles/pxe-server/templates/kickstart.ks.j2 b/metal/roles/pxe-server/templates/kickstart.ks.j2 index be03a5a4..6c413349 100644 --- a/metal/roles/pxe-server/templates/kickstart.ks.j2 +++ b/metal/roles/pxe-server/templates/kickstart.ks.j2 @@ -15,11 +15,11 @@ ignoredisk --only-use={{ disk }} autopart # Network information -network --bootproto=static --device={{ network_interface }} --ip={{ ansible_host }} --gateway={{ ansible_default_ipv4.gateway }} --nameserver={{ dns_server }} --netmask={{ ansible_default_ipv4.netmask }} --ipv6=auto --hostname={{ hostvars[item]['inventory_hostname'] }} --activate +network --bootproto=static --device={{ network_interface }} --ip={{ hostvars[item]['ansible_host'] }} --gateway={{ ansible_default_ipv4.gateway }} --nameserver={{ dns_server }} --netmask={{ ansible_default_ipv4.netmask }} --ipv6=auto --hostname={{ hostvars[item]['inventory_hostname'] }} --activate # Use network installation repo --name="Minimal" --baseurl=http://{{ ansible_default_ipv4.address }}/os/Minimal -url --url="http://{{ ansible_default_ipv4.address }}/iso/" +url --url="http://{{ ansible_default_ipv4.address }}/os" # Disable Setup Agent on first boot firstboot --disable # Do not configure the X Window System From 5d44f4640176861c7567cb2606ebbedc8e03e250 Mon Sep 17 00:00:00 2001 From: Khue Doan Date: Tue, 31 Aug 2021 04:38:30 +0700 Subject: [PATCH 8/9] Add missing iSCSI package to kickstart --- metal/roles/pxe-server/templates/kickstart.ks.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/metal/roles/pxe-server/templates/kickstart.ks.j2 b/metal/roles/pxe-server/templates/kickstart.ks.j2 index 6c413349..4825c3ad 100644 --- a/metal/roles/pxe-server/templates/kickstart.ks.j2 +++ b/metal/roles/pxe-server/templates/kickstart.ks.j2 @@ -42,6 +42,7 @@ firewall --disabled %packages @^minimal-environment +iscsi-initiator-utils %end # Enable iSCSI for Kubernetes storage From 1ddab8a2a4b1776fd07694734d06d3ffbce3777d Mon Sep 17 00:00:00 2001 From: Khue Doan Date: Tue, 31 Aug 2021 05:11:42 +0700 Subject: [PATCH 9/9] Move dhcp and grub config to data --- metal/roles/pxe-server/files/data/pxe-config/.gitignore | 2 ++ metal/roles/pxe-server/files/docker-compose.yml | 4 ++-- metal/roles/pxe-server/tasks/main.yml | 4 ++-- 3 files changed, 6 insertions(+), 4 deletions(-) create mode 100644 metal/roles/pxe-server/files/data/pxe-config/.gitignore diff --git a/metal/roles/pxe-server/files/data/pxe-config/.gitignore b/metal/roles/pxe-server/files/data/pxe-config/.gitignore new file mode 100644 index 00000000..d6b7ef32 --- /dev/null +++ b/metal/roles/pxe-server/files/data/pxe-config/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore diff --git a/metal/roles/pxe-server/files/docker-compose.yml b/metal/roles/pxe-server/files/docker-compose.yml index 8cb7d340..c8814857 100644 --- a/metal/roles/pxe-server/files/docker-compose.yml +++ b/metal/roles/pxe-server/files/docker-compose.yml @@ -4,13 +4,13 @@ services: dhcp: build: ./dhcp volumes: - - ./dhcp/dhcpd.conf:/etc/dhcp/dhcpd.conf + - ./data/pxe-config/dhcpd.conf:/etc/dhcp/dhcpd.conf network_mode: host tftp: build: ./tftp network_mode: host volumes: - - ./tftp/grub.cfg:/var/lib/tftpboot/grub.cfg + - ./data/pxe-config/grub.cfg:/var/lib/tftpboot/grub.cfg - ./data/os/EFI/BOOT/grubx64.efi:/var/lib/tftpboot/grubx64.efi - ./data/os/images/pxeboot/initrd.img:/var/lib/tftpboot/initrd.img - ./data/os/images/pxeboot/vmlinuz:/var/lib/tftpboot/vmlinuz diff --git a/metal/roles/pxe-server/tasks/main.yml b/metal/roles/pxe-server/tasks/main.yml index 899bdcdb..c1d88e3f 100644 --- a/metal/roles/pxe-server/tasks/main.yml +++ b/metal/roles/pxe-server/tasks/main.yml @@ -13,12 +13,12 @@ - name: Render DHCP config template: src: dhcpd.conf.j2 - dest: "{{ role_path }}/files/dhcp/dhcpd.conf" + dest: "{{ role_path }}/files/data/pxe-config/dhcpd.conf" - name: Render GRUB config template: src: grub.cfg.j2 - dest: "{{ role_path }}/files/tftp/grub.cfg" + dest: "{{ role_path }}/files/data/pxe-config/grub.cfg" - name: Render machine specific init config template: