openstack/openstack-ansible-ops
Code Issues Proposed changes

Add basic provisioning using pxelinux

Browse Source 
The basic provisioning tools we had in the MNAIO could long be used on a
set of physical machines however doing so required a healthy
understanding of everything going on under the hood. This change
extracts the PXE components out of our older MNAIO tooling and
will allow operators to easily deploy operating systems on machines in
the most compatible way possible.

Change-Id: I2188f0f0de7f8be331a35b5f22cf5114ea9b6718
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
Kevin Carter 2018-04-26 10:10:26 -05:00 committed by Kevin Carter (cloudnull)
parent 5c0516f9bb
commit 743b939640
26 changed files with 1688 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
pxelinux-provisioning/README.rst Normal file
View File

@ -0,0 +1,76 @@
OpenStack-Ansible pxelinux Provisioning
#######################################
:date: 2018-04-24
:tags: rackspace, openstack, ansible
:category: \*openstack, \*nix
About this repository
---------------------
This repository provides for basic "pxelinux" provisioning using debian based
operating systems.
A complete set of options can be seen within the ``playbook/group_vars/all.yml``
file.
These provisioning playbooks have been created to use static inventory. Example
static inventory used for these playbooks can be seen in the
``playbooks/inventory.yml`` file.
Scripts have been created to simplify the deployment of these playbooks and
install ansible however they are 100% optional.
Playbook Usage
--------------
These playbooks require three groups, ``dhcp_hosts``, ``pxe_hosts``, and
``pxe_servers``. The groups ``dhcp_hosts`` and ``pxe_hosts`` are used as targets
to install the required packages and setup the TFTP and DHCP services. The group
``pxe_servers`` is as a set of targets that to deploy a given OS.
Each host in the ``pxe_servers`` group should have the something similar to the
following configuration.
.. code-block:: yaml
$name_used_in_inventory:
ansible_os_family: "{{ default_images[default_image_name]['image_type'] }}"
server_hostname: '$hostname'
server_image: "ubuntu-16.04-amd64"
server_default_interface: 'eth0'
server_obm_ip: 192.168.1.100
server_model: PowerEdge R710
server_mac_address: 00:11:22:33:44:55
server_extra_options: ''
server_fixed_addr: "10.0.0.100"
server_domain_name: "{{ default_server_domain_name }}"
ansible_host: "{{ server_fixed_addr }}"
The options **$name_used_in_inventory** and **$hostname** need to be changed to
reflect the machine being deployed as well as the ``server_mac_address`` and
``server_obm_ip`` entries. Note ``server_obm_ip`` is optional and not a
required attribute.
With the inventory all setup the script ``build.sh`` can be used to deploy
everything or the playbooks could be run with the following commmand.
.. code-block:: bash
ansible-playbook -vv -i /root/inventory.yml
-e setup_host=${SETUP_HOST:-"true"}
-e setup_pxeboot=${SETUP_PXEBOOT:-"true"}
-e setup_dhcpd=${SETUP_DHCPD:-"true"}
-e default_image=${DEFAULT_IMAGE:-"ubuntu-16.04-amd64"}
-e default_http_proxy=${DEFAULT_HTTP_PROXY:-''}
--force-handlers
playbooks/site.yml
Once the playbooks have completed, set the ``pxe_servers`` target hosts, PXE
boot once and reboot them.
For convience a playbook named ``playbooks/idrac-config.yml`` has been added
which will do **minimal** drac reset and re-configuration which will result in
the host being ready to PXE. This playbook is **not** intended for production
use and was included **only** as an example.

19
pxelinux-provisioning/ansible-env.rc Normal file
View File

@ -0,0 +1,19 @@
export ANSIBLE_GATHERING="${ANSIBLE_GATHERING:-smart}"
export ANSIBLE_GATHER_SUBSET="${ANSIBLE_GATHER_SUBSET:-network,hardware,virtual}"
export ANSIBLE_CACHE_PLUGIN="${ANSIBLE_CACHE_PLUGIN:-jsonfile}"
export ANSIBLE_CACHE_PLUGIN_CONNECTION="${ANSIBLE_CACHE_PLUGIN_CONNECTION:-/tmp/mnaio_facts}"
export ANSIBLE_CACHE_PLUGIN_TIMEOUT="${ANSIBLE_CACHE_PLUGIN_TIMEOUT:-86400}"
export ANSIBLE_HOST_KEY_CHECKING=False
export ANSIBLE_SSH_CONTROL_PATH=/tmp/%%h-%%r
export ANSIBLE_SSH_ARGS="-o ControlMaster=no \
-o UserKnownHostsFile=/dev/null \
-o StrictHostKeyChecking=no \
-o ServerAliveInterval=64 \
-o ServerAliveCountMax=1024 \
-o Compression=no \
-o TCPKeepAlive=yes \
-o VerifyHostKeyDNS=no \
-o ForwardX11=no \
-o ForwardAgent=yes"

63
pxelinux-provisioning/bindep.txt Normal file
View File

@ -0,0 +1,63 @@
# This file facilitates OpenStack-CI package installation
# before the execution of any tests.
#
# See the following for details:
# - http://docs.openstack.org/infra/bindep/
# - https://git.openstack.org/cgit/openstack-infra/bindep
#
# Even if the role does not make use of this facility, it
# is better to have this file empty, otherwise OpenStack-CI
# will fall back to installing its default packages which
# will potentially be detrimental to the tests executed.
#
# Note:
# This file is maintained in the openstack-ansible-tests repository.
# https://git.openstack.org/cgit/openstack/openstack-ansible-tests/tree/bindep.txt
# If you need to remove or add extra dependencies, you should modify
# the central file instead and once your change is accepted then update
# this file as well. The purpose of this file is to ensure that Python and
# Ansible have all their necessary binary requirements on the test host before
# tox executes. Any binary requirements needed by services/roles should be
# installed by those roles in their applicable package install tasks, not through
# using this file.
#
# Base requirements for Ubuntu
build-essential [platform:dpkg]
git-core [platform:dpkg]
libssl-dev [platform:dpkg]
libffi-dev [platform:dpkg]
python2.7 [platform:dpkg]
python-apt [platform:dpkg]
python-dev [platform:dpkg]
# Base requirements for RPM distros
gcc [platform:rpm]
gcc-c++ [platform:rpm]
git [platform:rpm]
libffi-devel [platform:rpm !platform:opensuseproject-42]
libffi-devel-gcc5 [platform:opensuseproject-42]
openssl-devel [platform:redhat]
libopenssl-devel [platform:suse]
python-devel [platform:rpm]
python2-dnf [platform:fedora]
# For SELinux
libselinux-python [platform:redhat]
libsemanage-python [platform:redhat]
# For SSL SNI support
python-pyasn1 [platform:dpkg platform:suse]
python-openssl [platform:dpkg]
python-ndg-httpsclient [platform:ubuntu !platform:ubuntu-14]
python2-pyasn1 [platform:redhat]
python2-pyOpenSSL [platform:redhat !platform:fedora]
pyOpenSSL [platform:fedora]
python-pyOpenSSL [platform:opensuseproject-42]
python2-pyOpenSSL [platform:suse !platform:opensuseproject-42]
python-ndg_httpsclient [platform:redhat !platform:fedora]
python2-ndg_httpsclient [platform:fedora]
python-ndg-httpsclient [platform:suse]
# Required for compressing collected log files in CI
gzip

86
pxelinux-provisioning/bootstrap.sh Executable file
View File

@ -0,0 +1,86 @@
#!/usr/bin/env bash
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -o pipefail
set -euov
BINDEP_FILE=${BINDEP_FILE:-bindep.txt}
source /etc/os-release || source /usr/lib/os-release
case "${ID,,}" in
*suse*)
# Need to pull libffi and python-pyOpenSSL early
# because we install ndg-httpsclient from pip on Leap 42.1
[[ "${VERSION}" == "42.1" ]] && extra_suse_deps="libffi-devel python-pyOpenSSL"
sudo zypper -n in python-devel lsb-release ${extra_suse_deps:-}
;;
amzn|centos|rhel)
sudo yum install -y python-devel redhat-lsb-core
;;
ubuntu|debian)
sudo apt-get update && sudo apt-get install -y python-dev lsb-release
;;
*)
echo "Unsupported distribution: ${ID,,}"
exit 1
esac
# Install pip
if ! which pip &>/dev/null; then
curl --silent --show-error --retry 5 \
https://bootstrap.pypa.io/get-pip.py | sudo python2.7
fi
# Install bindep and tox
sudo pip install 'bindep>=2.4.0' tox
# CentOS 7 requires two additional packages:
# redhat-lsb-core - for bindep profile support
# epel-release - required to install python-ndg_httpsclient/python2-pyasn1
if [[ ${ID,,} == "centos" ]]; then
sudo yum -y install redhat-lsb-core epel-release yum-utils
# epel-release could be installed but not enabled (which is very common
# in openstack-ci) so enable it here if needed
sudo yum-config-manager --enable epel || true
# openSUSE 42.1 does not have python-ndg-httpsclient
elif [[ ${ID,,} == *suse* ]] && [[ ${VERSION} == "42.1" ]]; then
sudo pip install ndg-httpsclient
fi
# Get a list of packages to install with bindep. If packages need to be
# installed, bindep exits with an exit code of 1.
BINDEP_PKGS=$(bindep -b -f ${BINDEP_FILE} test || true)
echo "Packages to install: ${BINDEP_PKGS}"
# Install OS packages using bindep
if [[ ${#BINDEP_PKGS} > 0 ]]; then
case "${ID,,}" in
*suse*)
sudo zypper -n in $BINDEP_PKGS
;;
centos)
sudo yum install -y $BINDEP_PKGS
;;
ubuntu|debian)
sudo apt-get update
DEBIAN_FRONTEND=noninteractive \
sudo apt-get -q --option "Dpkg::Options::=--force-confold" \
--assume-yes install $BINDEP_PKGS
;;
esac
fi
sudo pip install ansible

20
pxelinux-provisioning/build.sh Executable file
View File

@ -0,0 +1,20 @@
#!/usr/bin/env bash
# Copyright [2016] [Kevin Carter]
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -euvo
source bootstrap.sh
source run.sh

72
pxelinux-provisioning/playbooks/deploy-dhcp.yml Normal file
View File

@ -0,0 +1,72 @@
---
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Deploy DHCP
hosts: dhcp_hosts
gather_facts: "{{ gather_facts | default(true) }}"
pre_tasks:
- name: Gather variables for each operating system
include_vars: "{{ item }}"
with_first_found:
- "{{ playbook_dir }}/vars/{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
- "{{ playbook_dir }}/vars/{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ playbook_dir }}/vars/{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ playbook_dir }}/vars/{{ ansible_distribution | lower }}.yml"
- "{{ playbook_dir }}/vars/{{ ansible_os_family | lower }}.yml"
tags:
- always
- name: Install all required packages for dhcpd_install
package:
pkg: "{{ item }}"
state: "latest"
update_cache: yes
cache_valid_time: 600
with_items: "{{ default_dhcp_distro_packages }}"
- name: Enable services
systemd:
name: "{{ item }}"
enabled: yes
with_items: "{{ default_dhcp_distro_packages }}"
tasks:
- name: Create a template in /etc/dhcp/dhcpd.conf
template:
src: templates/dhcp/dhcpd.conf.j2
dest: /etc/dhcp/dhcpd.conf
mode: 0644
owner: root
group: root
notify: restart dhcpd
- name: Create a template in /etc/dhcp/dhcpd.conf
template:
src: templates/dhcp/isc-dhcp-server.j2
dest: /etc/default/isc-dhcp-server
mode: 0644
owner: root
group: root
notify: restart dhcpd
environment: "{{ deployment_environment_variables | default({}) }}"
handlers:
- name: restart dhcpd
systemd:
name: "{{ item }}"
state: restarted
with_items: "{{ default_dhcp_distro_packages }}"
tags:
- deploy-dhcpd

268
pxelinux-provisioning/playbooks/deploy-pxe.yml Normal file
View File

@ -0,0 +1,268 @@
---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in witing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Deploy PXE
hosts: pxe_hosts
gather_facts: "{{ gather_facts | default(true) }}"
pre_tasks:
- name: Gather variables for each operating system
include_vars: "{{ item }}"
with_first_found:
- "{{ playbook_dir }}/vars/{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
- "{{ playbook_dir }}/vars/{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ playbook_dir }}/vars/{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ playbook_dir }}/vars/{{ ansible_distribution | lower }}.yml"
- "{{ playbook_dir }}/vars/{{ ansible_os_family | lower }}.yml"
tags:
- always
- name: Install host distro packages
package:
pkg: "{{ item }}"
state: "latest"
update_cache: yes
cache_valid_time: 600
with_items: "{{ default_pxe_distro_packages }}"
- name: Create base directories
file:
path: "{{ item }}"
state: directory
owner: "root"
group: "root"
mode: "0755"
with_items:
- /var/www/pxe
- /var/www/pxe/images
- /var/www/pxe/iso
- /var/www/pxe/networking
- /var/www/pxe/scripts
- /var/www/pxe/templates
- /var/lib/tftpboot
- /var/lib/tftpboot/boot-screens
- /var/lib/tftpboot/preseed
- /var/lib/tftpboot/pxelinux.cfg
- name: Get root public key
command: cat /root/.ssh/id_rsa.pub
register: public_key_get
changed_when: false
when:
- default_tftp_ssh_key is undefined
- name: Set key facts
set_fact:
default_tftp_ssh_key: "{{ public_key_get.stdout }}"
when:
- default_tftp_ssh_key is undefined
tasks:
- name: Drop NGINX config
copy:
src: "templates/pxe/sites-enabled.default.j2"
dest: /etc/nginx/sites-enabled/default
mode: "0644"
owner: root
group: root
notify:
- restart nginx
- name: Drop tftp-hpa configs
copy:
src: "templates/pxe/tftp/tftp-hpa.j2"
dest: /etc/default/tftpd-hpa
mode: "0644"
owner: root
group: root
notify:
- restart tftp-hpa
- name: Drop inetd configs
copy:
src: "templates/pxe/tftp/inetd.conf.j2"
dest: /etc/default/tftpd-hpa
mode: "0644"
owner: root
group: root
notify:
- restart tftp-hpa
- name: Download image iso(s)
get_url:
url: "{{ item.value.image_iso_url }}"
dest: "/var/www/pxe/iso/{{ item.value.image_name }}"
with_dict: "{{ default_images }}"
- name: Clean image directory
file:
path: "/var/www/pxe/images/{{ item.value.image_short_name }}"
state: absent
with_dict: "{{ default_images }}"
- name: Create image directory
file:
path: "/var/www/pxe/images/{{ item.value.image_short_name }}"
state: directory
owner: "root"
group: "root"
mode: "0755"
with_dict: "{{ default_images }}"
- name: Extract ISO(s) contents
command: "7z x /var/www/pxe/iso/{{ item.value.image_name }}"
args:
chdir: "/var/www/pxe/images/{{ item.value.image_short_name }}"
with_dict: "{{ default_images }}"
- name: Download pxelinux
get_url:
url: "{{ default_pxelinux_url }}"
dest: "/var/www/pxe/{{ default_pxelinux_name }}"
tmp_dest: /tmp/
- name: Clean pxe image directory
file:
path: "/var/www/pxe/{{ default_pxelinux_short_name }}"
state: absent
- name: Extract pxelinux contents
command: "tar -xf /var/www/pxe/{{ default_pxelinux_name }}"
args:
chdir: "/var/www/pxe"
- name: Drop pxelinux.cfg default menu
copy:
src: "templates/pxe/tftp/pxelinux.cfg.default.j2"
dest: "{{ item }}"
mode: "0644"
owner: root
group: root
with_items:
- /var/lib/tftpboot/pxelinux.cfg/default
- /var/lib/tftpboot/boot-screens/syslinux.cfg
# These links are using the shell command because the file module does not create hard links
- name: Create hard links
shell: |
ln -f /var/www/pxe/{{ default_pxelinux_short_name }}/bios/com32/elflink/ldlinux/ldlinux.c32 /var/lib/tftpboot/ldlinux.c32
ln -f /var/www/pxe/{{ default_pxelinux_short_name }}/bios/core/pxelinux.0 /var/lib/tftpboot/pxelinux.0
ln -f /var/www/pxe/{{ default_pxelinux_short_name }}/bios/com32/lib/libcom32.c32 /var/lib/tftpboot/boot-screens/libcom32.c32
ln -f /var/www/pxe/{{ default_pxelinux_short_name }}/bios/com32/libutil/libutil.c32 /var/lib/tftpboot/boot-screens/libutil.c32
ln -f /var/www/pxe/{{ default_pxelinux_short_name }}/bios/com32/menu/vesamenu.c32 /var/lib/tftpboot/boot-screens/vesamenu.c32
- name: Drop boot-screens default menu
template:
src: "templates/pxe/tftp/menu.cfg.j2"
dest: /var/lib/tftpboot/boot-screens/menu.cfg
mode: "0644"
owner: root
group: root
- name: Drop tftp-hpa configs
template:
src: "templates/pxe/tftp/tftp-hpa.j2"
dest: /etc/default/tftpd-hpa
mode: "0644"
owner: root
group: root
notify:
- restart tftp-hpa
- name: tftp configs for servers
template:
src: "templates/pxe/tftp/pxelinux.cfg.macaddr.j2"
dest: "/var/lib/tftpboot/pxelinux.cfg/01-{{ hostvars[item]['server_mac_address'] | replace(':', '-') | upper }}"
mode: "0644"
owner: root
group: root
with_items: "{{ groups['pxe_servers'] }}"
- name: Preseeds for pxe scripts
template:
src: "templates/pxe/{{ item.value.image_type }}/{{ item.value.image_preseed }}-post-install-script.sh.j2"
dest: "/var/www/pxe/scripts/{{ item.value.image_preseed }}-post-install-script.sh"
mode: "0644"
owner: root
group: root
with_dict: "{{ default_images }}"
- name: Preseeds for pxe
template:
src: "templates/pxe/{{ item.value.image_type }}/{{ item.value.image_preseed }}.preseed.j2"
dest: "/var/lib/tftpboot/preseed/{{ item.value.image_preseed }}.preseed"
mode: "0644"
owner: root
group: root
with_dict: "{{ default_images }}"
- name: Create netboot bind mount path
file:
path: "/var/lib/tftpboot/{{ item.value.image_short_name }}"
state: directory
owner: "root"
group: "root"
mode: "0755"
with_dict: "{{ default_images }}"
- name: Unbind mount netboot images
mount:
name: "/var/lib/tftpboot/{{ item.value.image_short_name }}"
src: "/var/www/pxe/images/{{ item.value.image_netboot }}"
opts: bind
fstype: none
state: unmounted
register: fstab
with_dict: "{{ default_images }}"
- name: Ensure permissions are correct
shell: |
# Fix perms if needed
find /var/lib/tftpboot -type d -exec chmod 0755 {} \;
find /var/lib/tftpboot -type f -exec chmod 0644 {} \;
find /var/www/pxe -type d -exec chmod 0755 {} \;
- name: Bind mount netboot images
mount:
name: "/var/lib/tftpboot/{{ item.value.image_short_name }}"
src: "/var/www/pxe/images/{{ item.value.image_netboot }}"
opts: bind
fstype: none
state: mounted
register: fstab
with_dict: "{{ default_images }}"
environment: "{{ deployment_environment_variables | default({}) }}"
handlers:
- name: restart nginx
systemd:
name: "nginx"
state: restarted
enabled: yes
- name: restart tftp-hpa
systemd:
name: "tftpd-hpa"
state: restarted
enabled: yes
- name: restart inetd
systemd:
name: "inetutils-inetd"
state: restarted
enabled: yes
tags:
- deploy-pxe

91
pxelinux-provisioning/playbooks/group_vars/all.yml Normal file
View File

@ -0,0 +1,91 @@
---
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This is the default system root password. This should be changed.
default_root_password: secrete
# Depending on the kernel parameters passed into the physical machines when
# booted these options may be different or host specific.
default_interface: "{{ default_network | default('eth0') }}"
default_dhcp_interface: "{{ default_interface }}"
# To speed up the deployment apt-cacher NG is used on the pxe/dhcp server.
default_acng_bind_address: 0.0.0.0
# This is a mapping of OS familiies. While Ansible has a suitable interface for
# for this it can vary in unpredictable ways. This setting it used to determine
# the type of preseed needed to deploy an given OS type.
default_os_families:
ubuntu-16.04-amd64: debian
# Default setting for Apt-Cacher-NG.
default_mirror_proxy: 'http://{{ default_tftp_server }}:3142/'
default_mirror_hostname: archive.ubuntu.com
default_mirror_directory: /ubuntu
# IP address, or domain name of the TFTP server
default_tftp_server: "{{ hostvars[groups['pxe_hosts'][0]]['ansible_host'] | default(ansible_host) }}"
# tftp_ssh_key: '' # user defined ssh key, used to access the host
default_tftp_port: 69
default_tftp_boot_path: /pxelinux.0 # Path of where to boot from first
# Default ISO images
default_image_name: "ubuntu-16.04-amd64"
default_images:
ubuntu-16.04-amd64:
image_type: debian
image_iso_url: "http://releases.ubuntu.com/16.04.2/ubuntu-16.04.2-server-amd64.iso"
image_name: "ubuntu-16.04.2-server-amd64.iso"
image_short_name: "ubuntu-16.04.2-server-amd64"
image_default_boot: "ubuntu-16.04.2-server-amd64/amd64/boot-screens/menu.cfg"
image_kernel_options: "biosdevname=0 net.ifnames=0 auto=true priority=critical quiet splash"
image_kernel: "ubuntu-16.04.2-server-amd64/amd64/linux"
image_initrd: "ubuntu-16.04.2-server-amd64/amd64/initrd.gz"
image_netboot: "ubuntu-16.04.2-server-amd64/install/netboot/ubuntu-installer"
image_preseed: basic
image_preseed_option:
url: "tftp://{{ default_tftp_server }}/preseed/basic.preseed"
# PXELinux downloads. While pxelinux is available as a component of most distros
# the version may vary. This stabalizes on a known set.
default_pxelinux_url: "https://www.kernel.org/pub/linux/utils/boot/syslinux/syslinux-6.03.tar.gz"
default_pxelinux_name: "syslinux-6.03.tar.gz"
default_pxelinux_short_name: "syslinux-6.03"
# Default network / server setup used in DHCP
default_server_domain_name: "openstack.local"
default_server_netmask: "255.255.255.0"
default_server_gateway: "10.0.0.1"
default_server_dns: "8.8.8.8"
default_server_subnet: "10.0.0.0"
# List of DHCP Subnets - These are iterated though and each will be created
default_dhcp_default_lease_time: 21600 # Default lease time
default_dhcp_max_lease_time: 43200 # Max lease time
# DHCP system setup
default_dhcp_list:
- netmask: "{{ default_server_netmask }}" # Netmask
gateway: "{{ default_server_gateway }}" # Gateway
dns: "{{ default_server_dns }}" # DNS
subnet: "{{ default_server_subnet }}" # Subnet mask
default_lease_time: "{{ default_dhcp_default_lease_time }}" # Subnet Default lease time - The default is used if this is not defined
max_lease_time: "{{ default_dhcp_max_lease_time }}" # Subnet Max lease time - The default is used if this is not defined
tftp_boot_path: /pxelinux.0 # Path for tftp of where to boot from first - The default is used if this is not defined
tftp_server: "{{ default_tftp_server }}" # The server hosting the TFTP server - The default is used if this is not defined
dhcp_default_domain_name: "{{ default_server_domain_name }}" # Domain name
# Determine the root disk. This can be statically set. By default this function
# is run as an early command during preseed which will look at all active disks
# and use the first one.
default_root_disk: '$(fdisk -l | grep sd | grep -wo "dev.*:" | sed "s/\://" | head -n1)'

27
pxelinux-provisioning/playbooks/host_vars/example-host1.yml.example Normal file
View File

@ -0,0 +1,27 @@
---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in witing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
server_hostname: 'example-host1' # str - required, hostname of server
server_image: "{{ default_image_name }}" # str - required, image name
server_default_interface: 'eth0' # str - required, default interface
server_obm_ip: 10.127.83.200 # str - optional, used for out of band management
server_model: PowerEdge R710 # str - optional, information on the server
server_mac_address: '00:00:00:00:00:00' # str - required, mac address of default interface
server_extra_options: '' # str - not required, added kernel options
server_fixed_addr: '10.127.83.100' # str - required, IP address for this host
server_domain_name: "{{ default_server_domain_name }}" # str - required, domain name for the server
ansible_host: "{{ server_fixed_addr }}" # str - required, ansible host ip address
ansible_os_family: "{{ images[default_image_name]['image_type'] }}" # str - Set the ansible os family

310
pxelinux-provisioning/playbooks/idrac-config.yml Normal file
View File

@ -0,0 +1,310 @@
---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in witing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Run DRAC Config
hosts: pxe_servers
gather_facts: false
connection: local
tasks:
- set_fact:
racadm_path: "/opt/dell/srvadmin/sbin/racadm"
tags:
- always
- name: check for racadm
stat:
path: "{{ racadm_path }}"
register: racadm_command
tags:
- always
- name: check for racadm_command
fail:
msg: "racadm command is not found."
when:
- not racadm_command.stat.exists
tags:
- always
- set_fact:
racadm: "{{ racadm_path }} -r {{ server_obm_ip }} -u root -p calvin"
tags:
- always
- name: set cfgServerBootOnce
command: "{{ racadm }} config -g cfgServerInfo -o cfgServerBootOnce 0"
register: command
until: command is success
retries: 2
delay: 2
tags:
- cfgServerFirstBootDevice
- name: set cfgServerFirstBootDevice
command: "{{ racadm }} config -g cfgServerInfo -o cfgServerFirstBootDevice HDD"
register: command
until: command is success
retries: 2
delay: 2
tags:
- cfgServerFirstBootDevice
- name: set cfgServerBootOnce
command: "{{ racadm }} config -g cfgServerInfo -o cfgServerBootOnce 1"
register: command
until: command is success
retries: 2
delay: 2
tags:
- cfgServerBootOnce
- name: set cfgServerFirstBootDevice
command: "{{ racadm }} config -g cfgServerInfo -o cfgServerFirstBootDevice PXE"
register: command
until: command is success
retries: 2
delay: 2
tags:
- cfgServerBootOnce
- name: set cfgNicEnable
command: "{{ racadm }} config -g cfgLanNetworking -o cfgNicEnable 1"
register: command
until: command is success
retries: 2
delay: 2
tags:
- cfgNicEnable
- name: set cfgNicIPv4Enable
command: "{{ racadm }} config -g cfgLanNetworking -o cfgNicIPv4Enable 1"
register: command
until: command is success
retries: 2
delay: 2
tags:
- cfgNicIPv4Enable
- name: set cfgNicUseDhcp
command: "{{ racadm }} config -g cfgLanNetworking -o cfgNicUseDhcp 0"
register: command
until: command is success
retries: 2
delay: 2
tags:
- cfgNicUseDhcp
- name: set cfgNicVLanEnable
command: "{{ racadm }} config -g cfgLanNetworking -o cfgNicVLanEnable 0"
register: command
until: command is success
retries: 2
delay: 2
tags:
- cfgNicVLanEnable
- name: set cfgNicVLanID
command: "{{ racadm }} config -g cfgLanNetworking -o cfgNicVLanID 1"
register: command
until: command is success
retries: 2
delay: 2
tags:
- cfgNicVLanID
- name: set cfgNicVLanPriority
command: "{{ racadm }} config -g cfgLanNetworking -o cfgNicVLanPriority 0"
register: command
until: command is success
retries: 2
delay: 2
tags:
- cfgNicVLanPriority
- name: set cfgNicSelection
command: "{{ racadm }} config -g cfgLanNetworking -o cfgNicSelection 2"
register: command
until: command is success
retries: 2
delay: 2
tags:
- cfgNicSelection
- name: set cfgDNSServersFromDHCP
command: "{{ racadm }} config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0"
register: command
until: command is success
retries: 2
delay: 2
tags:
- cfgDNSServersFromDHCP
- name: set cfgDNSRacName
command: "{{ racadm }} config -g cfgLanNetworking -o cfgDNSRacName {{ server_hostname }}"
register: command
until: command is success
retries: 2
delay: 2
tags:
- cfgDNSRacName
- name: set cfgNicIpAddress
command: "{{ racadm }} config -g cfgLanNetworking -o cfgNicIpAddress {{ server_obm_ip }}"
register: command
until: command is success
retries: 2
delay: 2
tags:
- cfgNicIpAddress
- name: set cfgDNSServer1
command: "{{ racadm }} config -g cfgLanNetworking -o cfgDNSServer1 {{ server_gateway }}"
register: command
until: command is success
retries: 2
delay: 2
tags:
- cfgDNSServer1
- name: set cfgDNSServer2
command: "{{ racadm }} config -g cfgLanNetworking -o cfgDNSServer2 {{ server_dns }}"
register: command
until: command is success
retries: 2
delay: 2
tags:
- cfgDNSServer2
- name: set cfgNicNetmask
command: "{{ racadm }} config -g cfgLanNetworking -o cfgNicNetmask {{ server_netmask }}"
register: command
until: command is success
retries: 2
delay: 2
tags:
- cfgNicNetmask
- name: set cfgNicGateway
command: "{{ racadm }} config -g cfgLanNetworking -o cfgNicGateway {{ server_gateway }}"
register: command
until: command is success
retries: 2
delay: 2
tags:
- cfgNicGateway
- name: set cfgDNSDomainName
command: "{{ racadm }} config -g cfgLanNetworking -o cfgDNSDomainName {{ server_domain_name }}"
register: command
until: command is success
retries: 2
delay: 2
tags:
- cfgDNSDomainName
- name: set cfgDNSDomainNameFromDHCP
command: "{{ racadm }} config -g cfgLanNetworking -o cfgDNSDomainNameFromDHCP 0"
register: command
until: command is success
retries: 2
delay: 2
tags:
- cfgDNSDomainNameFromDHCP
- name: set cfgDNSRegisterRac
command: "{{ racadm }} config -g cfgLanNetworking -o cfgDNSRegisterRac 0"
register: command
until: command is success
retries: 2
delay: 2
tags:
- cfgDNSRegisterRac
- name: set cfgIpmiLanEnable
command: "{{ racadm }} config -g cfgIpmiLan -o cfgIpmiLanEnable 1"
register: command
until: command is success
retries: 2
delay: 2
tags:
- cfgIpmiLanEnable
- name: set cfgIpmiLanPrivilegeLimit
command: "{{ racadm }} config -g cfgIpmiLan -o cfgIpmiLanPrivilegeLimit 4"
register: command
until: command is success
retries: 2
delay: 2
tags:
- cfgIpmiLanPrivilegeLimit
- name: set cfgIpmiLanAlertEnable
command: "{{ racadm }} config -g cfgIpmiLan -o cfgIpmiLanAlertEnable 0"
register: command
until: command is success
retries: 2
delay: 2
tags:
- cfgIpmiLanAlertEnable
- name: set cfgIpmiEncryptionKey
command: "{{ racadm }} config -g cfgIpmiLan -o cfgIpmiEncryptionKey 0000000000000000000000000000000000000000"
register: command
until: command is success
retries: 2
delay: 2
tags:
- cfgIpmiEncryptionKey
- name: set cfgIpmiPetCommunityName
command: "{{ racadm }} config -g cfgIpmiLan -o cfgIpmiPetCommunityName public"
register: command
until: command is success
retries: 2
delay: 2
tags:
- cfgIpmiPetCommunityName
- name: run sslresetcfg
command: "{{ racadm }} sslresetcfg"
register: command
failed_when: not command.rc in [0, 2]
until: command is success
retries: 2
delay: 2
tags:
- sslresetcfg
- name: run serveraction powercycle
command: "{{ racadm }} serveraction powercycle"
register: command
until: command is success
retries: 2
delay: 2
when:
- not inventory_hostname in groups['pxe_hosts']
tags:
- powercycle
- name: run racreset
command: "{{ racadm }} racreset"
register: command
until: command is success
retries: 2
delay: 2
when:
- not inventory_hostname in groups['pxe_hosts']
tags:
- racreset

49
pxelinux-provisioning/playbooks/inventory.yml Normal file
View File

@ -0,0 +1,49 @@
---
################################## ALL HOSTS ##################################
all:
vars:
server_netmask: "255.255.255.0"
server_gateway: "10.127.83.1"
server_dns: "8.8.8.8"
server_subnet: "10.127.83.0"
hosts:
# Local host
localhost:
ansible_host: 127.0.0.1
# PXE Server
n1:
ansible_user: root
################################## PXE HOSTS ##################################
# The group "pxe_hosts" is used to setup all systems that will be responsible
# for PXE boot. This will install all of the needed capabilities to TFTP serve
# system images.
pxe_hosts:
hosts:
localhost: {}
dhcp_hosts:
hosts:
localhost: {}
################################# PXE TARGETS #################################
# The group "pxe_servers" is used for all servers that will be a PXE target.
pxe_servers:
hosts:
n1:
ansible_os_family: "{{ default_images[default_image_name]['image_type'] }}"
server_hostname: 'n1'
server_image: "ubuntu-16.04-amd64"
server_default_interface: 'eth0'
server_obm_ip: 10.0.0.200
server_model: PowerEdge R710
server_mac_address: 00:11:22:33:44:55
server_extra_options: ''
server_fixed_addr: "10.0.0.100"
server_domain_name: "{{ default_server_domain_name }}"
ansible_host: "{{ server_fixed_addr }}"

147
pxelinux-provisioning/playbooks/setup-host.yml Normal file
View File

@ -0,0 +1,147 @@
---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in witing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Deploy PXE Host Setup
hosts: pxe_hosts
gather_facts: "{{ gather_facts | default(true) }}"
pre_tasks:
- name: Gather variables for each operating system
include_vars: "{{ item }}"
with_first_found:
- "{{ playbook_dir }}/vars/{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
- "{{ playbook_dir }}/vars/{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ playbook_dir }}/vars/{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ playbook_dir }}/vars/{{ ansible_distribution | lower }}.yml"
- "{{ playbook_dir }}/vars/{{ ansible_os_family | lower }}.yml"
tags:
- always
- name: Install host distro packages
package:
pkg: "{{ item }}"
state: "latest"
update_cache: yes
cache_valid_time: 600
with_items: "{{ default_host_distro_packages }}"
tasks:
- name: Ensure root has a .ssh directory
file:
path: /root/.ssh
state: directory
owner: root
group: root
mode: 0700
- name: Create ssh key pair for root
user:
name: root
generate_ssh_key: yes
ssh_key_bits: 2048
ssh_key_file: /root/.ssh/id_rsa
- name: Get root public key
command: cat /root/.ssh/id_rsa.pub
register: public_key_get
changed_when: false
- name: Set key facts
set_fact:
root_public_key: "{{ public_key_get.stdout }}"
- name: Ensure root can ssh to localhost
authorized_key:
user: "root"
key: "{{ root_public_key }}"
- name: Add sysctl options
sysctl:
name: net.ipv4.ip_forward
value: 1
sysctl_set: yes
state: present
reload: yes
sysctl_file: /etc/sysctl.conf
- name: Start netfilter persistent
systemd:
name: "{{ default_host_iptables_service }}"
state: started
enabled: yes
- name: Install repo caching server packages
package:
name: "{{ item }}"
state: "latest"
with_items: "{{ default_pkg_cache_server_distro_packages }}"
- name: Create cache directory
file:
path: "/var/www/pkg-cache"
state: "directory"
owner: "apt-cacher-ng"
group: "www-data"
mode: "02775"
- name: Stat the cache path
stat:
path: /var/cache/apt-cacher-ng
register: acs
- name: Remove cacher directory if its a directory
file:
path: "/var/cache/apt-cacher-ng"
state: "absent"
when:
- acs.stat.isdir is defined and acs.stat.isdir
- name: Link cacher to the repo path
file:
src: "/var/www/pkg-cache"
dest: "/var/cache/apt-cacher-ng"
state: "link"
- name: create yum merged mirror list
shell: |
curl https://www.centos.org/download/full-mirrorlist.csv | sed 's/^.*"http:/http:/' | sed 's/".*$//' | grep ^http >/etc/apt-cacher-ng/centos_mirrors
echo "http://mirror.centos.org/centos/" >>/etc/apt-cacher-ng/centos_mirrors
- name: Drop acng.conf
template:
src: "templates/pxe/acng.conf.j2"
dest: "/etc/apt-cacher-ng/acng.conf"
notify:
- reload acng
- name: Drop apt package manager proxy
copy:
content: 'Acquire::http { Proxy "{{ default_mirror_proxy }}"; };'
dest: "/etc/apt/apt.conf.d/00apt-cacher-proxy"
- name: Update apt when proxy is added
apt:
update_cache: yes
environment: "{{ deployment_environment_variables | default({}) }}"
handlers:
- name: reload acng
service:
name: "apt-cacher-ng"
state: restarted
enabled: yes
tags:
- setup-host

26
pxelinux-provisioning/playbooks/site.yml Normal file
View File

@ -0,0 +1,26 @@
---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in witing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- import_playbook: setup-host.yml
when:
- setup_host | default(true) | bool
- import_playbook: deploy-pxe.yml
when:
- setup_pxeboot | default(true) | bool
- import_playbook: deploy-dhcp.yml
when:
- setup_dhcpd | default(true) | bool

50
pxelinux-provisioning/playbooks/templates/dhcp/dhcpd.conf.j2 Normal file
View File

@ -0,0 +1,50 @@
ddns-update-style none;
allow booting;
allow bootp;
log-facility local7;
authoritative;
shared-network all-networks {
{% for dhcp in default_dhcp_list %}
subnet {{ dhcp.subnet }} netmask {{ dhcp.netmask }} {
option routers {{ dhcp.gateway }};
option domain-name-servers {{ dhcp.dns }};
option subnet-mask {{ dhcp.netmask }};
{% if dhcp.default_lease_time is defined and dhcp.default_lease_time > 0 %}
default-lease-time {{ dhcp.default_lease_time }};
{% else %}
default-lease-time {{ dhcp_default_lease_time }};
{% endif %}
{% if dhcp.max_lease_time is defined and dhcp.max_lease_time > 0 %}
max-lease-time {{ dhcp.max_lease_time }};
{% else %}
max-lease-time {{ dhcp_max_lease_time }};
{% endif %}
{% if dhcp.tftp_server is defined and dhcp.tftp_server | ipaddr %}
next-server {{ dhcp.tftp_server }};
{% elif default_tftp_server is defined and default_tftp_server | length > 0 %}
next-server {{ default_tftp_server }};
{% endif %}
{% if dhcp.tftp_boot_path is defined and dhcp.tftp_boot_path | ipaddr %}
filename "{{ dhcp.tftp_boot_path }}";
{% elif default_tftp_boot_path is defined and default_tftp_boot_path | length > 0 %}
filename "{{ default_tftp_boot_path }}";
{% endif %}
}
{% endfor %}
group {
{% for item in groups['pxe_servers'] %}
host {{ hostvars[item]['server_hostname'] }} {
hardware ethernet {{ hostvars[item]['server_mac_address'] | upper }};
fixed-address {{ hostvars[item]['server_fixed_addr'] }};
option host-name "{{ hostvars[item]['server_hostname'] }}";
}
{% endfor %}
}
}

1
pxelinux-provisioning/playbooks/templates/dhcp/isc-dhcp-server.j2 Normal file
View File

@ -0,0 +1 @@
INTERFACES="{{ default_dhcp_interface }}"

34
pxelinux-provisioning/playbooks/templates/pxe/acng.conf.j2 Normal file
View File

@ -0,0 +1,34 @@
# {{ ansible_managed }}
CacheDir: /var/www/pkg-cache
LogDir: /var/log/apt-cacher-ng
Port: 3142
BindAddress: {{ default_acng_bind_address }}
Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian # Debian Archives
Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu # Ubuntu Archives
Remap-debvol: file:debvol_mirror*.gz /debian-volatile ; file:backends_debvol # Debian Volatile Archives
Remap-cygwin: file:cygwin_mirrors /cygwin # ; file:backends_cygwin # incomplete, please create this file or specify preferred mirrors here
Remap-sfnet: file:sfnet_mirrors # ; file:backends_sfnet # incomplete, please create this file or specify preferred mirrors here
Remap-alxrep: file:archlx_mirrors /archlinux # ; file:backend_archlx # Arch Linux
Remap-fedora: file:fedora_mirrors # Fedora Linux
Remap-epel: file:epel_mirrors # Fedora EPEL
Remap-slrep: file:sl_mirrors # Scientific Linux
Remap-centos: file:centos_mirrors /centos #centos
ReportPage: acng-report.html
PidFile: /var/run/apt-cacher-ng
ExTreshold: 4
LocalDirs: acng-doc /usr/share/doc/apt-cacher-ng
PassThroughPattern: .*
{% if default_http_proxy is defined and default_http_proxy %}
Proxy: {{ default_http_proxy }}
{% endif %}
{% if ansible_distribution_release | lower != 'trusty' %}
VfilePatternEx: ^/\?release=[0-9]+&arch=
{% endif %}
# NOTE(mhayden): Caching the CentOS mirror list causes yum to throw
# 503 errors intermittently since the remote file is dynamic. Also,
# yum has issues with retrieving the mariadb.org repodata bz2 and
# that causes more intermittent 503 errors. This DontCache line
# tells apt-cacher-ng to allow requests for these to pass through
# without being cached.
DontCache: (mirrorlist\.centos\.org)|(mariadb\.org.*\.bz2$)

12
pxelinux-provisioning/playbooks/templates/pxe/debian/basic-post-install-script.sh.j2 Normal file
View File

@ -0,0 +1,12 @@
#!/usr/bin/env bash
apt-get remove --purge snap* lxc* lxd* || true
sed -i 's/\(GRUB_CMDLINE_LINUX_DEFAULT=\).*/\1\"\"/g' /target/etc/default/grub
update-grub
sed -i '/PermitRootLogin / s/ .*/ without-password/' /etc/ssh/sshd_config
mkdir -p /root/.ssh
chmod 0700 /root/.ssh
echo "{{ default_tftp_ssh_key }}" >> /root/.ssh/authorized_keys

221
pxelinux-provisioning/playbooks/templates/pxe/debian/basic.preseed.j2 Normal file
View File

@ -0,0 +1,221 @@
# Ubuntu Server Preseed
# Kernel Options
# Use the following option to add additional boot parameters for the
# installed system (if supported by the bootloader installer).
# Note: options passed to the installer will be added automatically.
d-i debian-installer/add-kernel-opts string biosdevname=0 net.ifnames=0 elevator=cfq
# Networking
d-i netcfg/choose_interface select eth0
d-i netcfg/dhcp_timeout string 60
## USE THIS FOR STATIC NETWORKING
# d-i netcfg/disable_autoconfig boolean true
# d-i netcfg/dhcp_failed note
# d-i netcfg/dhcp_options select Configure network manually
# # Static network configuration.
# d-i netcfg/get_ipaddress string 10.0.0.100
# d-i netcfg/get_netmask string 255.255.255.0
# d-i netcfg/get_gateway string 10.0.0.200
# d-i netcfg/get_nameservers string 8.8.8.8
# d-i netcfg/confirm_static boolean true
## USE THIS FOR STATIC NETWORKING
# Disable that annoying WEP key dialog.
d-i netcfg/wireless_wep string
# Pre Install
# Command Line 1: This is necessary otherwise you will be prompted to umount /dev/vda. See Ubuntu bug #1347726.
d-i preseed/early_command string \
umount /media || true
# Net Image
# Required at least for 12.10+
d-i live-installer/net-image string {{ default_tftp_server }}/images/{{ item.value.image_short_name }}/install/filesystem.squashfs
# Localization
d-i debian-installer/locale string en
d-i debian-installer/country string US
d-i debian-installer/locale string en_US.UTF-8
d-i debian-installer/language string en
# Keyboard
# Disable automatic (interactive) keymap detection.
d-i console-setup/ask_detect boolean false
d-i console-setup/layoutcode string us
d-i console-setup/variantcode string
d-i keyboard-configuration/layoutcode string us
# Mirror
d-i mirror/country string manual
d-i mirror/http/proxy string {{ default_mirror_proxy }}
d-i mirror/http/hostname string {{ default_mirror_hostname }}
d-i mirror/http/directory string {{ default_mirror_directory }}
# Clock and Time Zone
# Controls whether to use NTP to set the clock during the install
d-i clock-setup/ntp boolean true
d-i clock-setup/ntp-server string ntp.ubuntu.com
# You may set this to any valid setting for TZ; see the contents of
# /usr/share/zoneinfo/ for valid values.
d-i time/zone string US/Central
# Controls whether or not the hardware clock is set to UTC.
d-i clock-setup/utc boolean true
# Partitioning
d-i partman/early_command string \
DISK="{{ default_root_disk }}"; \
debconf-set partman-auto/method "lvm"; \
debconf-set partman-auto/disk "${DISK}"; \
debconf-set partman-auto-lvm/guided_size "max"; \
debconf-set partman-auto-lvm/new_vg_name "vg00"; \
debconf-set partman-auto/expert_recipe "custompartitioning :: \
512 1 512 ext2 \
\$primary{ } \
\$bootable{ } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext2 } \
label{ boot } \
mountpoint{ /boot } \
. \
1024 1 100% ext4 \ \
\$primary{ } \
method{ lvm } \
device{ ${DISK}2 } \
vg_name{ vg00 } \
. \
2048 1 4096 linux-swap \
\$lvmok{ } in_vg{ vg00 } \
lv_name{ swap00 } \
method{ swap } format{ } \
. \
8192 1 16384 ext4 \
\$lvmok{ } in_vg{ vg00 } \
lv_name{ root00 } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
label{ root } \
mountpoint{ / } \
. \
16384 1 16384 ext4 \
\$lvmok{ } in_vg{ vg00 } \
lv_name{ openstack00 } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
label{ openstack } \
mountpoint{ /openstack } \
. \
16384 1 10240000 ext4 \
\$lvmok{ } in_vg{ vg00 } \
lv_name{ deleteme } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
label{ deleteme } \
mountpoint{ /var/lib/deleteme } \
.";
# If one of the disks that are going to be automatically partitioned
# contains an old LVM configuration, the user will normally receive a
# warning. This can be preseeded away...
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-lvm/device_remove_lvm_span boolean true
d-i partman-auto/purge_lvm_from_device boolean true
# The same applies to pre-existing software RAID array:
d-i partman-md/device_remove_md boolean true
# And the same goes for the confirmation to write the lvm partitions.
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
d-i partman-md/confirm boolean true
d-i partman-md/confirm_nooverwrite boolean true
d-i partman-basicfilesystems/choose_label string gpt
d-i partman-basicfilesystems/default_label string gpt
d-i partman-partitioning/choose_label string gpt
d-i partman-partitioning/default_label string gpt
d-i partman/choose_label string gpt
d-i partman/default_label string gpt
# This makes partman automatically partition without confirmation, provided
# that you told it what to do using one of the methods above.
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
# Packages
# Package selection
tasksel tasksel/first multiselect openssh-server
# Whether to upgrade packages after debootstrap.
# Allowed values: none, safe-upgrade, full-upgrade
d-i pkgsel/upgrade select full-upgrade
d-i pkgsel/include string bridge-utils \
dstat \
ethtool \
git \
htop \
ifenslave \
lvm2 \
openssh-server \
parted \
python3-all \
python-all \
tmux \
vim \
vlan
d-i pkgsel/update-policy select none
# Some versions of the installer can report back on what software you have
# installed, and what software you use. The default is not to report back,
# but sending reports helps the project determine what software is most
# popular and include it on CDs.
popularity-contest popularity-contest/participate boolean false
# Users and Password
# Skip creation of a root account (normal user account will be able to
# use sudo). The default is false; preseed this to true if you want to set
# a root password.
d-i passwd/root-login boolean true
# Alternatively, to skip creation of a normal user account.
d-i passwd/make-user boolean false
# The installer will warn about weak passwords. If you are sure you know
# what you're doing and want to override it, uncomment this.
d-i user-setup/allow-password-weak boolean true
# Root password, either in clear text
d-i passwd/root-password password {{ default_root_password }}
d-i passwd/root-password-again password {{ default_root_password }}
# Bootloader
# This is fairly safe to set, it makes grub install automatically to the MBR
# if no other operating system is detected on the machine.
d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean true
d-i grub-installer/bootdev string default
# Post Install
d-i preseed/late_command string \
in-target bash -c "wget --no-proxy http://{{ default_tftp_server }}/scripts/basic-post-install-script.sh -O /opt/basic-post-install-script.sh"; \
in-target bash -c 'chmod +x /opt/basic-post-install-script.sh'; \
in-target bash -c '/opt/basic-post-install-script.sh'
# Finish
# Reboot after the install is finished.
d-i finish-install/reboot_in_progress note

8
pxelinux-provisioning/playbooks/templates/pxe/sites-enabled.default.j2 Normal file
View File

@ -0,0 +1,8 @@
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/pxe;
location / {
autoindex on;
}
}

1
pxelinux-provisioning/playbooks/templates/pxe/tftp/inetd.conf.j2 Normal file
View File

@ -0,0 +1 @@
tftp dgram udp wait root /usr/sbin/in.tftpd /usr/sbin/in.tftpd -s /var/lib/tftpboot

17
pxelinux-provisioning/playbooks/templates/pxe/tftp/menu.cfg.j2 Normal file
View File

@ -0,0 +1,17 @@
menu hshift 13
menu width 49
menu margin 8
menu tabmsg
menu title Boot Menu
{% for key, value in default_images.items() %}
label {{ key }}-{{ default_images[key]['image_preseed'] }}
menu label ^{{ key }}-{{ default_images[key]['image_preseed'] }} automated install
kernel {{ value.image_kernel }}
{% if value.image_type == 'debian' %}
append {{ value.image_kernel_options }} initrd={{ value.image_initrd }} preseed/url={{ default_images[key]['image_preseed_option']['url'] }} preseed/interactive=false netcfg/choose_interface={{ default_interface }}
{% endif %}
{% endfor %}
menu end

5
pxelinux-provisioning/playbooks/templates/pxe/tftp/pxelinux.cfg.default.j2 Normal file
View File

@ -0,0 +1,5 @@
path boot-screens
include boot-screens/menu.cfg
default boot-screens/vesamenu.c32
prompt 0
timeout 100

10
pxelinux-provisioning/playbooks/templates/pxe/tftp/pxelinux.cfg.macaddr.j2 Normal file
View File

@ -0,0 +1,10 @@
{% set image_properties = default_images[hostvars[item]['server_image']] %}
default linux
prompt 0
timeout 1
label linux
kernel {{ image_properties['image_kernel'] }}
{% if image_properties['image_type'] == 'debian' %}
append hostname={{ hostvars[item]['server_hostname'] }} domain={{ hostvars[item]['server_domain_name'] }} {{ image_properties['image_kernel_options'] }} initrd={{ image_properties['image_initrd'] }} preseed/url={{ image_properties['image_preseed_option']['url'] }} preseed/interactive=false netcfg/choose_interface={{ hostvars[item]['server_default_interface'] }} {{ hostvars[item]['server_extra_options'] | default('') }}
{% endif %}

6
pxelinux-provisioning/playbooks/templates/pxe/tftp/tftp-hpa.j2 Normal file
View File

@ -0,0 +1,6 @@
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/var/lib/tftpboot"
TFTP_ADDRESS=":{{ default_tftp_port }}"
TFTP_OPTIONS="--secure"
RUN_DAEMON="yes"
OPTIONS="-l -s /var/lib/tftpboot"

41
pxelinux-provisioning/playbooks/vars/ubuntu-16.04.yml Normal file
View File

@ -0,0 +1,41 @@
---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in witing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
default_host_distro_packages:
- bridge-utils
- ifenslave
- iptables-persistent
- lvm2
- ntp
- openssh-server
- python2.7
- python-software-properties
- python-netaddr
- software-properties-common
- vlan
default_pxe_distro_packages:
- tftpd-hpa
- inetutils-inetd
- nginx
- p7zip-full
default_dhcp_distro_packages:
- isc-dhcp-server
default_pkg_cache_server_distro_packages:
- apt-cacher-ng
default_host_iptables_service: "netfilter-persistent"

28
pxelinux-provisioning/run.sh Executable file
View File

@ -0,0 +1,28 @@
#!/usr/bin/env bash
# Copyright [2016] [Kevin Carter]
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -euvo
source ansible-env.rc
ansible-playbook -vv \
-i ${DEFAULT_INVENTORY:-"playbooks/inventory.yml"} \
-e setup_host=${SETUP_HOST:-"true"} \
-e setup_pxeboot=${SETUP_PXEBOOT:-"true"} \
-e setup_dhcpd=${SETUP_DHCPD:-"true"} \
-e default_image=${DEFAULT_IMAGE:-"ubuntu-16.04-amd64"} \
-e default_http_proxy=${DEFAULT_HTTP_PROXY:-''} \
--force-handlers \
playbooks/site.yml