Initial version

2026-01-27 02:18:12 +00:00 · 2019-05-02 22:23:10 +01:00
parent 148c118226
commit 3da361dfa0
18 changed files with 562 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,2 @@
+*.sw?
+.DS_Store
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -0,0 +1,14 @@
+[defaults]
+inventory = inventory/box
+host_key_checking = False
+forks = 20
+remote_user = vagrant
+system_warnings = True
+roles_path = roles
+nocows = 1
+ansible_managed = Ansible managed: modified on %d-%b-%Y %H:%M by {uid} on {host}
+retry_files_enabled = False
+
+[ssh_connection]
+pipelining=True
+control_path = /tmp/%%h-%%r
--- a/plays/kickstart.yml
+++ b/plays/kickstart.yml
@@ -0,0 +1,7 @@
+---
+- hosts: kickstart
+  become: true
+  roles:
+    - { role: shell,     tags: sh }
+    - { role: firewall,  tags: fw }
+    - { role: kickstart, tags: ks }
--- a/plays/reinstall.yml
+++ b/plays/reinstall.yml
@@ -0,0 +1,32 @@
+---
+- hosts: kickstart
+  gather_facts: no
+  vars:
+    reboot: False
+
+  tasks:
+    - name: Gather
+      setup:
+        filter: ansible_default_ipv4
+      register: output
+      delegate_to: "{{ item }}"
+      delegate_facts: true
+      loop: "{{ groups['reinstall'] }}"
+
+    - name: Set PXE menu to install
+      file:
+        state: link
+        src: install
+        dest: "/var/lib/tftpboot/pxelinux.cfg/01-{{ hostvars[item]['ansible_default_ipv4']['macaddress'] | regex_replace(':','-') }}"
+      become: true
+      loop: "{{ groups['reinstall'] }}"
+
+    - name: Reboot target host for PXE boot
+      hpilo_boot:
+        host: "{{ hostvars[item]['ilo_ip'] }}"
+        media: network
+        password: "{{ hostvars[item]['ilo_password'] }}"
+        force: true
+      loop: "{{ groups['reinstall'] }}"
+      delegate_to: localhost
+      when: reboot
--- a/roles/firewall/README.md
+++ b/roles/firewall/README.md
@@ -0,0 +1,35 @@
+Firewall
+=========
+
+Only for CentOS 7 - set default zone
+
+Requirements
+------------
+
+
+Role Variables
+--------------
+
+    firewall_default_zone
+
+Dependencies
+------------
+
+
+Example Playbook
+----------------
+
+    - hosts: servers
+      roles:
+         - { role: firewall, firewall_default_zone: trusted }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+Mark Phillips <mark@probably.co.uk>
+http://probably.co.uk
--- a/roles/firewall/defaults/main.yml
+++ b/roles/firewall/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+# defaults file for firewall
+
+firewall_default_zone: trusted
--- a/roles/firewall/tasks/main.yml
+++ b/roles/firewall/tasks/main.yml
@@ -0,0 +1,17 @@
+---
+# tasks file for firewall
+
+- name: Check the OS we're running against
+  assert:
+    that: "ansible_os_family == 'RedHat'"
+    fail_msg: "Role is only intended to run against Red Hat EL type OS's"
+    success_msg: "OS is Red Hat EL family"
+
+- name: Get default zone
+  command: firewall-cmd --get-default-zone
+  register: output
+  changed_when: false
+
+- name: Set default zone
+  command: firewall-cmd --set-default-zone {{ firewall_default_zone }}
+  when: firewall_default_zone not in output.stdout
--- a/roles/kickstart/README.md
+++ b/roles/kickstart/README.md
@@ -0,0 +1,50 @@
+Kickstart
+=========
+
+Set up a Linux host to serve PXE/TFTP and Kickstart files.
+
+This is all very simplistic – for example, we install the httpd package but do
+**nothing** with the config. In the real world httpd would be a separate
+install, and hopefully a proper configuration. But, out of the box, to
+demonstrate principles here, it works just fine. YMMV.
+
+Requirements
+------------
+
+
+Role Variables
+--------------
+
+defaults/main.yml
+
+```
+kickstart_pkgs: 
+  - tftp-server
+  - syslinux-tftpboot
+  - createrepo
+  - httpd
+kickstart_tftpdir: /var/lib/tftpboot
+```
+
+You'll want to tailor `kickstart_server`
+
+Dependencies
+------------
+
+
+Example Playbook
+----------------
+
+    - hosts: servers
+      roles:
+         - { role: kickstart, kickstart_server: kickstart.lan }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+Mark Phillips <mark@probably.co.uk>
--- a/roles/kickstart/defaults/main.yml
+++ b/roles/kickstart/defaults/main.yml
@@ -0,0 +1,11 @@
+---
+# defaults file for kickstart
+
+kickstart_pkgs: 
+  - tftp-server
+  - syslinux-tftpboot
+  - createrepo
+  - httpd
+kickstart_tftpdir: /var/lib/tftpboot
+# you'll need to set this
+# kickstart_server: set_this_variable_in_role_defaults_or_groupvars
--- a/roles/kickstart/files/pxe_readme
+++ b/roles/kickstart/files/pxe_readme
@@ -0,0 +1,11 @@
+If you want to install a host, then create a symlink in this directory to the
+'install' file with the link being a dash separated version of the host's MAC
+address, with 01- prepended. Lowercase any letters. For example:
+
+[pxelinux.cfg]$ l
+lrwxrwxrwx. 1 root root    7 Jun 29 16:53 01-00-25-90-22-e5-44 -> install
+-rw-r--r--. 1 root root  287 Jun 29 13:16 default
+-rw-r--r--. 1 root root  433 Jun 29 13:16 install
+
+So the host with MAC 00:25:90:22:e5:44 would be served the 'install' menu
+on its next network boot.
--- a/roles/kickstart/tasks/main.yml
+++ b/roles/kickstart/tasks/main.yml
@@ -0,0 +1,59 @@
+---
+- name: Check the OS we're running against
+  assert:
+    that: "ansible_os_family == 'RedHat'"
+    fail_msg: "Role is only intended to run against Red Hat EL type OS's"
+    success_msg: "OS is Red Hat EL family"
+
+- name: Ensure packages are installed
+  yum:
+    name: "{{ kickstart_pkgs }}"
+    state: present
+
+- name: Ensure required PXE dirs exist
+  file:
+    path: "{{ kickstart_tftpdir }}/{{ item }}"
+    state: directory
+    owner: root
+    group: root
+    mode: 0755
+  loop:
+    - pxeboot
+    - pxelinux.cfg
+
+- name: Ensure PXE boot README is present in pxelinux.cfg
+  copy:
+    src: pxe_readme
+    dest: "{{ kickstart_tftpdir }}/pxelinux.cfg/00README"
+    owner: root
+    group: root
+    mode: 0444
+
+- name: Ensure ks directory exists for kickstart files
+  file:
+    state: directory
+    path: "/var/www/html/ks"
+
+- name: Ensure templated files in place
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: root
+    group: root
+    mode: 0644
+  loop:
+#   - { src: pxe_default.j2, dest: "{{ kickstart_tftpdir }}/pxelinux.cfg/default" }
+    - { src: pxe_install.j2, dest: "{{ kickstart_tftpdir }}/pxelinux.cfg/install" }
+    - { src: local6.ks.j2, dest: "/var/www/html/ks/local6.ks" }
+    - { src: local7.ks.j2, dest: "/var/www/html/ks/local7.ks" }
+
+- name: Ensure services running
+  service:
+    name: "{{ item }}"
+    enabled: true
+    state: started
+  loop:
+    - tftp
+    - httpd
+
+# tasks file for kickstart
--- a/roles/kickstart/templates/local6.ks.j2
+++ b/roles/kickstart/templates/local6.ks.j2
@@ -0,0 +1,152 @@
+install
+# Use network installation
+url --url="{{ kickstart_server }}/6/os/x86_64"
+# Root password "vagrant"
+rootpw --iscrypted $1$AhuPDILr$dDMPkB.oPma.Y0G0SnpdH0
+# add a vagrant user with password "vagrant"
+user --name=vagrant --password=$1$z/0vnFRa$3tWM3pKkniA7SuYGpX/T4/ --iscrypted --uid=1000
+auth  --useshadow  --passalgo=sha512
+# Use text mode install
+text
+keyboard uk
+lang en_GB
+selinux --permissive
+skipx
+logging --level=info
+reboot
+timezone  Europe/London
+network  --bootproto=dhcp --device=eth0 --onboot=on --hostname=initial6
+firewall --disabled
+bootloader --location=mbr
+zerombr
+clearpart --all --initlabel 
+part /boot --asprimary --fstype="ext4" --size=500
+part / --asprimary --fstype="ext4" --grow --size=1
+part swap --asprimary --fstype="swap" --size=64
+
+%packages
+@base
+@core
+bind-libs
+bind-utils
+git
+kernel-devel
+libselinux-python
+ntp
+openssh-clients
+openssh-server
+redhat-lsb
+rsync
+rsyslog
+sudo
+sysstat
+telnet
+vim-enhanced
+virt-what
+-OpenIPMI
+-OpenIPMI-libs
+-apmd
+-aspell
+-aspell-en
+-autofs
+-bluez-bluefw
+-bluez-hcidump
+-bluez-libs
+-bluez-utils
+-dapl
+-desktop-file-utils
+-diskdumputils
+-dmraid
+-dos2unix
+-dosfstools
+-dump
+-eject
+-finger
+-ftp
+-gpm
+-htmlview
+-ibmasm
+-indexhtml
+-ipsec-tools
+-irda-utils
+-isdn4k-utils
+-jpackage-utils
+-kernel-smp
+-krb5-workstation
+-lftp
+-libmthca
+-librdmacm
+-libsdp
+-libwvstreams
+-lksctp-tools
+-m4
+-mailcap
+-mailx
+-minicom
+-mt
+-mt-st
+-mtr
+-nano
+-nfs
+-nfs-utils-lib
+-nscd
+-nss_ldap
+-numactl
+-pam_ccreds
+-pam_krb5
+-pam_passwdqc
+-pam_smb
+-parted
+-pcmcia-cs
+-pdksh
+-pinfo
+-ppp
+-procmail
+-rdist
+-redhat-menus
+-rhpl
+-rmt
+-rp-pppoe
+-rsh
+-sendmail
+-setarch
+-specspo
+-sysreport
+-talk
+-tcsh
+-unix2dos
+-up2date
+-vconfig
+-wireless-tools
+-wvdial
+-yp-tools
+-ypbind
+%end
+
+%pre
+ntpdate ntp.linx.net
+hwclock --systohc
+%end
+
+%post --logfile /root/ks-post.log
+# pop the IP and MAC address into /etc/issue – useful visibility for initial log on
+ip=$(/sbin/ifconfig eth0 | /usr/bin/perl -ne 'print $1 if /addr:( (\d{1,3}\.){3} \d{1,3} )/x')
+mac=$(/sbin/ifconfig eth0 | /usr/bin/perl -ne 'print $1 if /HWaddr \s ((?:\w{2} :){5} \w{2})/x')
+echo "IP: ${ip} MAC: ${mac}" >> /etc/issue
+
+# this used to be for building images for vagrant, and frankly it's now muscle memory. You could change or even ditch this user, of course
+user=vagrant
+mkdir -p /home/${user}/.ssh
+cat > /home/${user}/.ssh/authorized_keys <<'EOF'
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
+EOF
+chown -R ${user}:${user} /home/${user}/.ssh
+chmod 700 /home/${user}/.ssh
+cat > /etc/sudoers.d/${user} <<EOF
+${user} ALL=(ALL) NOPASSWD: ALL
+EOF
+chmod 440 /etc/sudoers.d/${user}
+# For Ansible pipelining+sudo support
+perl -pi -e 's/(Defaults \s+ requiretty)/#$1/x' /etc/sudoers
+# patch
+%end
--- a/roles/kickstart/templates/local7.ks.j2
+++ b/roles/kickstart/templates/local7.ks.j2
@@ -0,0 +1,87 @@
+#version=7
+auth --enableshadow --passalgo=sha512
+# Use network installation
+url --url="{{ kickstart_server }}/7/os/x86_64"
+zerombr
+keyboard --vckeymap=uk --xlayouts='gb'
+lang en_GB.UTF-8
+reboot
+network  --bootproto=dhcp --ipv6=auto --activate --hostname=initial7
+firewall --service=ssh
+text
+skipx
+# Root password "vagrant"
+rootpw --iscrypted $6$hL0adudkuUQ1R..t$f3M4aLth3zWo5LJR9Q3Z17IQ5FOtCv7OgbO.5nxOALUuNmcuoaobhEGL9a9Qfvi6LLSsZQsUvCjtIJivzL7au/
+# add a vagrant user with password "vagrant"
+user --name=vagrant --password=$1$z/0vnFRa$3tWM3pKkniA7SuYGpX/T4/ --iscrypted --uid=1000
+timezone Europe/London --isUtc
+bootloader --location=mbr
+clearpart --all --initlabel
+
+# part swap --size 64 --asprimary
+# part btrfs.10 --size=1 --grow
+# btrfs none --label=POOL btrfs.10
+# btrfs / --subvol --name=ROOT LABEL=POOL
+# btrfs /var --subvol --name=VAR LABEL=POOL
+
+part /boot --fstype="xfs" --size=750
+part pv.10 --fstype="lvmpv" --size=1 --grow
+volgroup vg0 --pesize=4096 pv.10
+logvol swap  --fstype="swap" --size=64   --name=swap --vgname=vg0
+logvol /     --fstype="xfs"  --size=4096 --name=root --vgname=vg0
+logvol /var  --fstype="xfs"  --size=1 --grow --name=var --vgname=vg0
+
+%packages
+@core
+lsof
+bash-completion
+bind-utils
+bzip2
+fuse
+fuse-libs
+git
+libselinux-python
+net-tools
+psacct
+#pykickstart
+rsync
+#strace
+tcpdump
+telnet
+traceroute
+unzip
+vim-enhanced
+#yum-utils
+zip
+-*-firmware
+-wireless-tools
+%end
+
+%post --log=/root/ks-post.log
+interface=$(route | grep ^default | grep -oP '\w+$')
+ip=$(/sbin/ifconfig ${interface} | /usr/bin/perl -ne 'print $1 if /inet \s ( (\d{1,3}\.){3} \d{1,3} )/x')
+mac=$(/sbin/ifconfig ${interface} | /usr/bin/perl -ne 'print $1 if /ether \s ((?:\w{2} :){5} \w{2})/x')
+echo "IP: ${ip} MAC: ${mac}" >> /etc/issue
+
+user=vagrant
+mkdir -p /home/${user}/.ssh
+cat > /home/${user}/.ssh/authorized_keys <<'EOF'
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
+EOF
+chown -R ${user}:${user} /home/${user}/.ssh
+chmod 700 /home/${user}/.ssh
+cat > /etc/sudoers.d/${user} <<EOF
+${user} ALL=(ALL) NOPASSWD: ALL
+# For Ansible pipelining+sudo support
+Defaults !requiretty
+EOF
+chmod 440 /etc/sudoers.d/${user}
+
+# Add open-vm-tools
+if [ "$(/usr/sbin/virt-what)" = "vmware" ]; then
+    echo "Installing open-vm-tools"
+    yum install -y open-vm-tools
+fi
+
+# yum update -y
+%end
--- a/roles/kickstart/templates/pxe_default.j2
+++ b/roles/kickstart/templates/pxe_default.j2
@@ -0,0 +1,10 @@
+# {{ ansible_managed }}
+UI menu.c32
+prompt 0
+timeout 50
+ontimeout local
+menu title Node Install HD Boot
+ 
+LABEL local
+    MENU LABEL Boot from HD
+    localboot 0
--- a/roles/kickstart/templates/pxe_install.j2
+++ b/roles/kickstart/templates/pxe_install.j2
@@ -0,0 +1,22 @@
+# {{ ansible_managed }}
+UI menu.c32
+prompt 0 
+timeout 50
+ontimeout {{ kickstart_default }}
+menu title Node Install Kickstart
+
+LABEL inst6
+    MENU LABEL ^1) Install 6
+    KERNEL pxeboot/6/vmlinuz
+    APPEND initrd=pxeboot/6/initrd.img kssendmac ksdevice=eth0 ks={{ kickstart_server }}/ks/local6.ks noipv6 ramdisk_size=10240
+
+LABEL inst7
+    MENU LABEL ^2) Install 7
+    KERNEL pxeboot/7/vmlinuz
+    APPEND initrd=pxeboot/7/initrd.img kssendmac ksdevice=enp3s0 hpsa.hpsa_allow_any=1 ks={{ kickstart_server }}/ks/local7.ks noipv6 ramdisk_size=10240
+
+LABEL rescue
+    MENU LABEL ^3) 6 Rescue Boot
+    KERNEL pxeboot/6/vmlinuz
+    APPEND initrd=pxeboot/6/initrd.img rescue
+
--- a/roles/shell/README.md
+++ b/roles/shell/README.md
@@ -0,0 +1,33 @@
+Role Name
+========
+
+Some basic requirements for shells. Aliases, that kind of thing.
+
+Requirements
+------------
+
+
+Role Variables
+--------------
+
+
+Dependencies
+------------
+
+
+Example Playbook
+-------------------------
+
+    - hosts: servers
+      roles:
+         - shell
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+Mark Phillips <mark@probably.co.uk>
--- a/roles/shell/tasks/main.yml
+++ b/roles/shell/tasks/main.yml
@@ -0,0 +1,11 @@
+---
+# tasks file for shell
+
+- name: Ensure aliases.sh present
+  template:
+    src: aliases.sh.j2
+    dest: /etc/profile.d/aliases.sh
+    owner: root
+    group: root
+    mode: 0644
+
--- a/roles/shell/templates/aliases.sh.j2
+++ b/roles/shell/templates/aliases.sh.j2
@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+alias l='ls -laF'
+alias lr='ls -Fartl'
+alias j=jobs
+[ -x /usr/bin/vim ] && alias vi=vim