From fa5f106bf6048994a35fb259e93fc0fe8617ebf3 Mon Sep 17 00:00:00 2001 From: Xicheng Chang Date: Tue, 3 Nov 2015 17:35:40 -0800 Subject: [PATCH] Revert "Retire stackforge/compass-install" This reverts commit 2614e5fa95aab680fb6f9287831e50c65f76f72c. The repository is actually maintained, the authors merely misunderstood the stackforge namespace retirement maintenance announcements[1] and didn't realize they needed to notify us of that status. Reverting the repository to its former state in preparation for a namespace move in a coming project rename maintenance. [1] http://lists.openstack.org/pipermail/openstack-infra/2015-August/003119.html Change-Id: I6ccdcd8f8a084711c265e42c77b3b4159af27b24 --- .gitignore | 2 + .gitreview | 4 + README.md | 23 + README.rst | 7 - Vagrantfile | 43 ++ ci/Vagrantfile | 43 ++ ci/conf/four-ansible.conf | 40 ++ ci/conf/two.conf | 40 ++ ci/deploy-vm.sh | 44 ++ ci/deploy.sh | 4 + ci/func.sh | 20 + ci/mac_generator.sh | 23 + ci/prepare.sh | 35 ++ ci/setup-env.sh | 60 +++ ci/test.sh | 127 +++++ docker/build/cobbler/Dockerfile | 150 ++++++ docker/build/cobbler/conf/1404_distributions | 8 + docker/build/cobbler/conf/cobbler.settings | 450 ++++++++++++++++++ docker/build/cobbler/conf/cobbler_web.conf | 10 + docker/build/cobbler/conf/dhcp.template | 98 ++++ docker/build/cobbler/conf/distributions | 8 + docker/build/cobbler/conf/modules.conf | 84 ++++ docker/build/cobbler/conf/setup.conf | 25 + docker/build/cobbler/conf/ssl.conf | 221 +++++++++ docker/build/cobbler/conf/tftpd.template | 21 + docker/build/cobbler/scripts/start | 17 + docker/build/compass/Dockerfile | 137 ++++++ docker/build/compass/conf/setup.conf | 5 + docker/build/compass/scripts/refresh.sh | 9 + docker/build/compass/scripts/sample_start | 56 +++ examples/Dockerfile | 13 + examples/conf/chef-client.pem | 28 ++ examples/conf/chef-icehouse.conf | 11 + examples/conf/cobbler.conf | 9 + examples/conf/compass.setting | 33 ++ examples/scripts/start | 36 ++ install/allinone.yml | 9 + install/allinone_nochef.yml | 8 + install/cobbler_nodocker.yml | 7 + install/compass_nodocker.yml | 10 + install/group_vars/all | 225 +++++++++ install/inventories/allinone | 2 + install/inventories/chef | 2 + install/inventories/cobbler | 2 + install/inventories/compass | 2 + install/inventories/hosts_test | 6 + install/inventories/ubuntu_test | 6 + install/precheck.yml | 16 + install/regtest.yml | 45 ++ install/roles/chef/files/chef-server.rb | 4 + install/roles/chef/files/compass.json | 8 + install/roles/chef/files/knife.rb | 9 + install/roles/chef/files/knife.sh | 5 + install/roles/chef/tasks/Debian.yml | 30 ++ install/roles/chef/tasks/RedHat.yml | 30 ++ install/roles/chef/tasks/chef-server.yml | 14 + install/roles/chef/tasks/compass.yml | 60 +++ install/roles/chef/tasks/docker-debian.yml | 0 install/roles/chef/tasks/docker-redhat.yml | 0 install/roles/chef/tasks/docker.yml | 4 + install/roles/chef/tasks/knife.yml | 17 + install/roles/chef/tasks/main.yml | 22 + install/roles/chef/vars/main.yml | 16 + install/roles/cobbler/files/cobbler_web.conf | 10 + install/roles/cobbler/files/debmirror.conf | 79 +++ install/roles/cobbler/files/distributions | 8 + install/roles/cobbler/files/rsync | 14 + install/roles/cobbler/files/ssl.conf | 221 +++++++++ install/roles/cobbler/handlers/main.yml | 12 + install/roles/cobbler/tasks/Debian.yml | 0 install/roles/cobbler/tasks/RedHat.yml | 321 +++++++++++++ .../roles/cobbler/tasks/dhcp-relay-debian.yml | 11 + .../roles/cobbler/tasks/dhcp-relay-redhat.yml | 6 + install/roles/cobbler/tasks/docker.yml | 133 ++++++ install/roles/cobbler/tasks/main.yml | 10 + install/roles/cobbler/templates/Dockerfile.j2 | 21 + .../roles/cobbler/templates/dhcp.template.j2 | 121 +++++ .../templates/dhcp.template.nodocker.j2 | 123 +++++ install/roles/cobbler/templates/distributions | 8 + .../cobbler/templates/fix_ks_server.py.j2 | 18 + install/roles/cobbler/templates/id_rsa.pub.j2 | 1 + install/roles/cobbler/templates/modules.conf | 83 ++++ .../roles/cobbler/templates/named.template.j2 | 31 ++ .../templates/named.template.nodocker.j2 | 31 ++ install/roles/cobbler/templates/settings.j2 | 450 ++++++++++++++++++ install/roles/cobbler/templates/start.sh.j2 | 34 ++ .../roles/cobbler/templates/tftpd.template | 20 + install/roles/cobbler/vars/main.yml | 15 + install/roles/common/files/docker.list | 1 + install/roles/common/tasks/Debian.yml | 0 install/roles/common/tasks/RedHat.yml | 0 install/roles/common/tasks/docker-common.yml | 48 ++ .../common/tasks/docker-debian-precise.yml | 28 ++ .../common/tasks/docker-debian-trusty.yml | 0 install/roles/common/tasks/docker-debian.yml | 5 + install/roles/common/tasks/docker-prepare.yml | 0 install/roles/common/tasks/docker-redhat.yml | 31 ++ install/roles/common/tasks/main.yml | 16 + install/roles/compass/files/ods-server.conf | 18 + install/roles/compass/files/start.sh | 36 ++ install/roles/compass/handlers/main.yml | 10 + install/roles/compass/tasks/Debian.yml | 0 install/roles/compass/tasks/RedHat.yml | 231 +++++++++ install/roles/compass/tasks/docker.yml | 72 +++ install/roles/compass/tasks/main.yml | 10 + install/roles/compass/templates/Dockerfile.j2 | 17 + .../compass/templates/chef-icehouse.conf.j2 | 10 + .../roles/compass/templates/cobbler.conf.j2 | 9 + .../templates/cobbler.conf.nodocker.j2 | 9 + .../compass/templates/compass.setting.j2 | 33 ++ install/roles/compass/templates/start.sh.j2 | 42 ++ .../compass/templates/switch_machines_file.j2 | 4 + install/roles/compass/vars/main.yml | 4 + install/roles/precheck/tasks/chef.yml | 1 + install/roles/precheck/tasks/cobbler.yml | 0 install/roles/precheck/tasks/compass.yml | 0 install/roles/precheck/tasks/docker.yml | 14 + install/roles/precheck/tasks/main.yml | 7 + install/roles/precheck/tasks/no-docker.yml | 10 + install/roles/regtest-compass/files/setting | 5 + install/roles/regtest-compass/tasks/main.yml | 45 ++ .../regtest-compass/templates/client.sh.j2 | 17 + install/site.yml | 18 + 123 files changed, 5028 insertions(+), 7 deletions(-) create mode 100644 .gitignore create mode 100644 .gitreview create mode 100644 README.md delete mode 100644 README.rst create mode 100644 Vagrantfile create mode 100644 ci/Vagrantfile create mode 100644 ci/conf/four-ansible.conf create mode 100644 ci/conf/two.conf create mode 100644 ci/deploy-vm.sh create mode 100755 ci/deploy.sh create mode 100644 ci/func.sh create mode 100755 ci/mac_generator.sh create mode 100644 ci/prepare.sh create mode 100644 ci/setup-env.sh create mode 100644 ci/test.sh create mode 100644 docker/build/cobbler/Dockerfile create mode 100644 docker/build/cobbler/conf/1404_distributions create mode 100644 docker/build/cobbler/conf/cobbler.settings create mode 100644 docker/build/cobbler/conf/cobbler_web.conf create mode 100644 docker/build/cobbler/conf/dhcp.template create mode 100644 docker/build/cobbler/conf/distributions create mode 100644 docker/build/cobbler/conf/modules.conf create mode 100755 docker/build/cobbler/conf/setup.conf create mode 100644 docker/build/cobbler/conf/ssl.conf create mode 100644 docker/build/cobbler/conf/tftpd.template create mode 100644 docker/build/cobbler/scripts/start create mode 100644 docker/build/compass/Dockerfile create mode 100644 docker/build/compass/conf/setup.conf create mode 100644 docker/build/compass/scripts/refresh.sh create mode 100644 docker/build/compass/scripts/sample_start create mode 100644 examples/Dockerfile create mode 100644 examples/conf/chef-client.pem create mode 100644 examples/conf/chef-icehouse.conf create mode 100644 examples/conf/cobbler.conf create mode 100644 examples/conf/compass.setting create mode 100644 examples/scripts/start create mode 100644 install/allinone.yml create mode 100644 install/allinone_nochef.yml create mode 100644 install/cobbler_nodocker.yml create mode 100644 install/compass_nodocker.yml create mode 100644 install/group_vars/all create mode 100644 install/inventories/allinone create mode 100644 install/inventories/chef create mode 100644 install/inventories/cobbler create mode 100644 install/inventories/compass create mode 100644 install/inventories/hosts_test create mode 100644 install/inventories/ubuntu_test create mode 100644 install/precheck.yml create mode 100644 install/regtest.yml create mode 100644 install/roles/chef/files/chef-server.rb create mode 100644 install/roles/chef/files/compass.json create mode 100644 install/roles/chef/files/knife.rb create mode 100644 install/roles/chef/files/knife.sh create mode 100644 install/roles/chef/tasks/Debian.yml create mode 100644 install/roles/chef/tasks/RedHat.yml create mode 100644 install/roles/chef/tasks/chef-server.yml create mode 100644 install/roles/chef/tasks/compass.yml create mode 100644 install/roles/chef/tasks/docker-debian.yml create mode 100644 install/roles/chef/tasks/docker-redhat.yml create mode 100644 install/roles/chef/tasks/docker.yml create mode 100644 install/roles/chef/tasks/knife.yml create mode 100644 install/roles/chef/tasks/main.yml create mode 100644 install/roles/chef/vars/main.yml create mode 100644 install/roles/cobbler/files/cobbler_web.conf create mode 100644 install/roles/cobbler/files/debmirror.conf create mode 100644 install/roles/cobbler/files/distributions create mode 100644 install/roles/cobbler/files/rsync create mode 100644 install/roles/cobbler/files/ssl.conf create mode 100644 install/roles/cobbler/handlers/main.yml create mode 100644 install/roles/cobbler/tasks/Debian.yml create mode 100644 install/roles/cobbler/tasks/RedHat.yml create mode 100644 install/roles/cobbler/tasks/dhcp-relay-debian.yml create mode 100644 install/roles/cobbler/tasks/dhcp-relay-redhat.yml create mode 100644 install/roles/cobbler/tasks/docker.yml create mode 100644 install/roles/cobbler/tasks/main.yml create mode 100644 install/roles/cobbler/templates/Dockerfile.j2 create mode 100644 install/roles/cobbler/templates/dhcp.template.j2 create mode 100644 install/roles/cobbler/templates/dhcp.template.nodocker.j2 create mode 100644 install/roles/cobbler/templates/distributions create mode 100644 install/roles/cobbler/templates/fix_ks_server.py.j2 create mode 100644 install/roles/cobbler/templates/id_rsa.pub.j2 create mode 100644 install/roles/cobbler/templates/modules.conf create mode 100644 install/roles/cobbler/templates/named.template.j2 create mode 100644 install/roles/cobbler/templates/named.template.nodocker.j2 create mode 100644 install/roles/cobbler/templates/settings.j2 create mode 100644 install/roles/cobbler/templates/start.sh.j2 create mode 100644 install/roles/cobbler/templates/tftpd.template create mode 100644 install/roles/cobbler/vars/main.yml create mode 100644 install/roles/common/files/docker.list create mode 100644 install/roles/common/tasks/Debian.yml create mode 100644 install/roles/common/tasks/RedHat.yml create mode 100644 install/roles/common/tasks/docker-common.yml create mode 100644 install/roles/common/tasks/docker-debian-precise.yml create mode 100644 install/roles/common/tasks/docker-debian-trusty.yml create mode 100644 install/roles/common/tasks/docker-debian.yml create mode 100644 install/roles/common/tasks/docker-prepare.yml create mode 100644 install/roles/common/tasks/docker-redhat.yml create mode 100644 install/roles/common/tasks/main.yml create mode 100644 install/roles/compass/files/ods-server.conf create mode 100644 install/roles/compass/files/start.sh create mode 100644 install/roles/compass/handlers/main.yml create mode 100644 install/roles/compass/tasks/Debian.yml create mode 100644 install/roles/compass/tasks/RedHat.yml create mode 100644 install/roles/compass/tasks/docker.yml create mode 100644 install/roles/compass/tasks/main.yml create mode 100644 install/roles/compass/templates/Dockerfile.j2 create mode 100644 install/roles/compass/templates/chef-icehouse.conf.j2 create mode 100644 install/roles/compass/templates/cobbler.conf.j2 create mode 100644 install/roles/compass/templates/cobbler.conf.nodocker.j2 create mode 100644 install/roles/compass/templates/compass.setting.j2 create mode 100644 install/roles/compass/templates/start.sh.j2 create mode 100644 install/roles/compass/templates/switch_machines_file.j2 create mode 100644 install/roles/compass/vars/main.yml create mode 100644 install/roles/precheck/tasks/chef.yml create mode 100644 install/roles/precheck/tasks/cobbler.yml create mode 100644 install/roles/precheck/tasks/compass.yml create mode 100644 install/roles/precheck/tasks/docker.yml create mode 100644 install/roles/precheck/tasks/main.yml create mode 100644 install/roles/precheck/tasks/no-docker.yml create mode 100644 install/roles/regtest-compass/files/setting create mode 100644 install/roles/regtest-compass/tasks/main.yml create mode 100644 install/roles/regtest-compass/templates/client.sh.j2 create mode 100644 install/site.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..37d0537 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +install/inventories +.vagrant diff --git a/.gitreview b/.gitreview new file mode 100644 index 0000000..4453a7c --- /dev/null +++ b/.gitreview @@ -0,0 +1,4 @@ +[gerrit] +host=review.openstack.org +port=29418 +project=stackforge/compass-install.git diff --git a/README.md b/README.md new file mode 100644 index 0000000..acca6f1 --- /dev/null +++ b/README.md @@ -0,0 +1,23 @@ +Compass Install +=============== + +How to use examples/compass? +--------------------------------------------- +1. Make sure you have docker installed. +2. Make sure you have working cobbler and chef servers, where all adapter related code has been updated to the latest. +3. Go to your chef server's web UI and create a client with admin privileges, name it as docker-controller. +4. You will have ONE CHANCE to copy the private key, copy it and paste it to replace `conf/chef-client.pem` +5. Go to `examples/compass/conf` directory +6. Edit chef-icehouse.conf, change '10.145.89.140' to your chef server's IP. +7. Edit cobbler.conf and change the IP to your cobbler server's IP. +8. Edit compass.setting + - COMPASS\_SUPPORTED\_PROXY: this is not supported in containerized compass, use the default value + - COMPASS\_SUPPORTED\_DEFAULT_NOPROXY: default value + - COMPASS\_SUPPORTED\_NTP\_SERVER: I am planning to move ntpd to cobbler container, so for now just point this value to any working compass server. + - COMPASS\_DNS\_SERVERS: cobbler server takes care of dns, use cobbler server IP + - COMPASS\_SUPPROTED\_DOMAINS: default + - COMPASS\_SUPPORTED\_DEFAULT_GATEWAY: default + - COMPASS\_SUPPORTED\_LOCAL\_REPO: use `http://$your\_host\_for\_docker:8080` +9. Go to `examples/compass` and run `docker build -t {image_name} .` +10. Once build finishes, run `docker run -d -p 8080:80 -i -t {image_name}` +11. celery log will be displayed on terminal, once the start script finishes running, open your web browser and go to `http://$your\_host\_for\_docker:8080` diff --git a/README.rst b/README.rst deleted file mode 100644 index 9006052..0000000 --- a/README.rst +++ /dev/null @@ -1,7 +0,0 @@ -This project is no longer maintained. - -The contents of this repository are still available in the Git source code -management system. To see the contents of this repository before it reached -its end of life, please check out the previous commit with -"git checkout HEAD^1". - diff --git a/Vagrantfile b/Vagrantfile new file mode 100644 index 0000000..4ebd303 --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,43 @@ +Vagrant.configure("2") do |config| + config.vm.define :compass_vm do |compass_vm| + compass_vm.vm.box = "precise64" + compass_vm.vm.network :private_network, :ip=>"10.1.0.11", :libvirt__dhcp_enabled=>false + compass_vm.vm.provider :libvirt do |domain| + domain.memory = 2048 + domain.cpus =2 + domain.nested =true + domain.graphics_ip="0.0.0.0" + end + compass_vm.vm.provision "ansible" do |ansible| + ansible.playbook="install/allinone_nochef.yml" + end + end + config.vm.define :compass_nodocker do |compass_nodocker| + compass_nodocker.vm.box = "centos65" + compass_nodocker.vm.network :private_network, :ip=>"10.1.0.12", :libvirt__dhcp_enabled=>false + compass_nodocker.vm.provider :libvirt do |domain| + domain.memory = 4096 + domain.cpus =4 + domain.nested =true + domain.graphics_ip="0.0.0.0" + domain.management_network_address="192.168.200.0/24" + end + compass_nodocker.vm.provision "ansible" do |ansible| + ansible.playbook="install/compass_nodocker.yml" +# ansible.tags="debug" + end + end + config.vm.define :regtest_vm do |regtest_vm| + regtest_vm.vm.box = "centos65" + regtest_vm.vm.network :private_network, :ip=>"10.1.0.253", :libvirt__dhcp_enabled=>false + regtest_vm.vm.provider :libvirt do |domain| + domain.memory = 1024 + domain.cpus = 2 + domain.nested = true + domain.graphics_ip="0.0.0.0" + end + regtest_vm.vm.provision "ansible" do |ansible| + ansible.playbook="install/regtest.yml" + end + end +end diff --git a/ci/Vagrantfile b/ci/Vagrantfile new file mode 100644 index 0000000..4ebd303 --- /dev/null +++ b/ci/Vagrantfile @@ -0,0 +1,43 @@ +Vagrant.configure("2") do |config| + config.vm.define :compass_vm do |compass_vm| + compass_vm.vm.box = "precise64" + compass_vm.vm.network :private_network, :ip=>"10.1.0.11", :libvirt__dhcp_enabled=>false + compass_vm.vm.provider :libvirt do |domain| + domain.memory = 2048 + domain.cpus =2 + domain.nested =true + domain.graphics_ip="0.0.0.0" + end + compass_vm.vm.provision "ansible" do |ansible| + ansible.playbook="install/allinone_nochef.yml" + end + end + config.vm.define :compass_nodocker do |compass_nodocker| + compass_nodocker.vm.box = "centos65" + compass_nodocker.vm.network :private_network, :ip=>"10.1.0.12", :libvirt__dhcp_enabled=>false + compass_nodocker.vm.provider :libvirt do |domain| + domain.memory = 4096 + domain.cpus =4 + domain.nested =true + domain.graphics_ip="0.0.0.0" + domain.management_network_address="192.168.200.0/24" + end + compass_nodocker.vm.provision "ansible" do |ansible| + ansible.playbook="install/compass_nodocker.yml" +# ansible.tags="debug" + end + end + config.vm.define :regtest_vm do |regtest_vm| + regtest_vm.vm.box = "centos65" + regtest_vm.vm.network :private_network, :ip=>"10.1.0.253", :libvirt__dhcp_enabled=>false + regtest_vm.vm.provider :libvirt do |domain| + domain.memory = 1024 + domain.cpus = 2 + domain.nested = true + domain.graphics_ip="0.0.0.0" + end + regtest_vm.vm.provision "ansible" do |ansible| + ansible.playbook="install/regtest.yml" + end + end +end diff --git a/ci/conf/four-ansible.conf b/ci/conf/four-ansible.conf new file mode 100644 index 0000000..c7b8393 --- /dev/null +++ b/ci/conf/four-ansible.conf @@ -0,0 +1,40 @@ +export VIRT_NUMBER=4 +export VIRT_CPUS=4 +export VIRT_MEM=4096 +export VIRT_DISK=30G +export COMPASS_SERVER_URL="http://10.1.0.12/api" +export COMPASS_USER_EMAIL="admin@huawei.com" +export COMPASS_USER_PASSWORD="admin" +export CLUSTER_NAME="opnfv" +export LANGUAGE="EN" +export TIMEZONE="America/Los_Angeles" +export HOSTNAMES="host1,host2,host3,host4" +export NTP_SERVER="10.1.0.12" +export NAMESERVERS="10.1.0.12" +export DOMAIN="ods.com" +export PARTITIONS="/home=5%,/tmp=5%,/var=20%" +export SUBNETS="10.1.0.0/24,172.16.2.0/24,172.16.3.0/24,172.16.4.0/24" +export 'ADAPTER_OS_PATTERN=(?i)ubuntu-14\.04.*' +#export 'ADAPTER_OS_PATTERN=(?i)centos-6\.5.*' +export ADAPTER_NAME="openstack_juno" +export ADAPTER_TARGET_SYSTEM_PATTERN="^openstack$" +export ADAPTER_FLAVOR_PATTERN="single-controller" +export HOST_ROLES="host1=controller;host2=network;host3=compute;host4=storage" +export DEFAULT_ROLES="controller" +export PROXY="" +export IGNORE_PROXY="" +export SEARCH_PATH="ods.com" +export GATEWAY="10.1.0.1" +export SERVER_CREDENTIAL="root" +export LOCAL_REPO_URL="" +export OS_CONFIG_FILENAME="" +export SERVICE_CREDENTIALS="service" +export CONSOLE_CREDENTIALS="console" +export HOST_NETWORKS="host1:eth0=10.1.0.100|is_mgmt,eth1=172.16.2.100,eth2=172.16.3.100,eth3=172.16.4.100;host2:eth0=10.1.0.101|is_mgmt,eth1=172.16.2.101,eth2=172.16.3.101,eth3=172.16.4.101;host3:eth0=10.1.0.102|is_mgmt,eth1=172.16.2.102;host4:eth0=10.1.0.103|is_mgmt,eth1=172.16.2.103" +export NETWORK_MAPPING="management=eth0,tenant=eth1,storage=eth3,external=eth2" +export PACKAGE_CONFIG_FILENAME="" +export SWITCH_IPS="1.1.1.1" +export SWITCH_CREDENTIAL="version=2c,community=public" +export DEPLOYMENT_TIMEOUT="90" +export POLL_SWITCHES_FLAG="nopoll_switches" +export DASHBOARD_URL="" diff --git a/ci/conf/two.conf b/ci/conf/two.conf new file mode 100644 index 0000000..b923418 --- /dev/null +++ b/ci/conf/two.conf @@ -0,0 +1,40 @@ +export VIRT_NUMBER=2 +export VIRT_CPUS=4 +export VIRT_MEM=4096 +export VIRT_DISK=30G +export COMPASS_SERVER_URL="http://10.1.0.12/api" +export COMPASS_USER_EMAIL="admin@huawei.com" +export COMPASS_USER_PASSWORD="admin" +export CLUSTER_NAME="opnfv" +export LANGUAGE="EN" +export TIMEZONE="America/Los_Angeles" +export HOSTNAMES="host1,host2" +export NTP_SERVER="10.1.0.12" +export NAMESERVERS="10.1.0.12" +export DOMAIN="ods.com" +export PARTITIONS="/home=5%,/tmp=5%,/var=20%" +export SUBNETS="10.1.0.0/24,172.16.2.0/24,172.16.3.0/24,172.16.4.0/24" +export 'ADAPTER_OS_PATTERN=(?i)ubuntu-14\.04.*' +#export 'ADAPTER_OS_PATTERN=(?i)centos-6\.5.*' +export ADAPTER_NAME="os_only" +export ADAPTER_TARGET_SYSTEM_PATTERN="" +export ADAPTER_FLAVOR_PATTERN="" +export PROXY="" +export IGNORE_PROXY="" +export SEARCH_PATH="ods.com" +export GATEWAY="10.1.0.1" +export SERVER_CREDENTIAL="root" +export LOCAL_REPO_URL="" +export OS_CONFIG_FILENAME="" +export SERVICE_CREDENTIALS="service" +export CONSOLE_CREDENTIALS="console" +export HOST_NETWORKS="host1:eth0=10.1.0.100|is_mgmt,eth1=172.16.2.100,eth2=172.16.3.100,eth3=172.16.4.100;host2:eth0=10.1.0.101|is_mgmt,eth1=172.16.2.101,eth2=172.16.3.101,eth3=172.16.4.101" +export NETWORK_MAPPING="management=eth0,tenant=eth1,storage=eth3,external=eth2" +export PACKAGE_CONFIG_FILENAME="" +export HOST_ROLES="" +export DEFAULT_ROLES="" +export SWITCH_IPS="1.1.1.1" +export SWITCH_CREDENTIAL="version=2c,community=public" +export DEPLOYMENT_TIMEOUT="90" +export POLL_SWITCHES_FLAG="nopoll_switches" +export DASHBOARD_URL="" diff --git a/ci/deploy-vm.sh b/ci/deploy-vm.sh new file mode 100644 index 0000000..be536b5 --- /dev/null +++ b/ci/deploy-vm.sh @@ -0,0 +1,44 @@ +cd .. +rm -rf compass-core +git clone http://git.openstack.org/stackforge/compass-core -b dev/experimental +cd compass-core +virtualenv venv +source venv/bin/activate +pip install -e . +if [[ ! -f /var/log/compass ]]; then + sudo mkdir /var/log/compass + sudo chown -R 777 /var/log/compass +fi +if [[ ! -f /etc/compass ]]; then + sudo mkdir /etc/compass + sudo cp -rf conf/setting /etc/compass/. +fi +cp bin/switch_virtualenv.py.template bin/switch_virtualenv.py +sed -i "s|\$PythonHome|$VIRTUAL_ENV|g" bin/switch_virtualenv.py +#source ../compass-install/ci/allinone.conf +bin/client.py --logfile= --loglevel=debug --logdir= --compass_server="${COMPASS_SERVER_URL}" \ +--compass_user_email="${COMPASS_USER_EMAIL}" --compass_user_password="${COMPASS_USER_PASSWORD}" \ +--cluster_name="${CLUSTER_NAME}" --language="${LANGUAGE}" --timezone="${TIMEZONE}" \ +--hostnames="${HOSTNAMES}" --partitions="${PARTITIONS}" --subnets="${SUBNETS}" \ +--adapter_os_pattern="${ADAPTER_OS_PATTERN}" --adapter_name="${ADAPTER_NAME}" \ +--adapter_target_system_pattern="${ADAPTER_TARGET_SYSTEM_PATTERN}" \ +--adapter_flavor_pattern="${ADAPTER_FLAVOR_PATTERN}" \ +--http_proxy="${PROXY}" --https_proxy="${PROXY}" --no_proxy="${IGNORE_PROXY}" \ +--ntp_server="${NTP_SERVER}" --dns_servers="${NAMESERVERS}" --domain="${DOMAIN}" \ +--search_path="${SEARCH_PATH}" --default_gateway="${GATEWAY}" \ +--server_credential="${SERVER_CREDENTIAL}" --local_repo_url="${LOCAL_REPO_URL}" \ +--os_config_json_file="${OS_CONFIG_FILENAME}" --service_credentials="${SERVICE_CREDENTIALS}" \ +--console_credentials="${CONSOLE_CREDENTIALS}" --host_networks="${HOST_NETWORKS}" \ +--network_mapping="${NETWORK_MAPPING}" --package_config_json_file="${PACKAGE_CONFIG_FILENAME}" \ +--host_roles="${HOST_ROLES}" --default_roles="${DEFAULT_ROLES}" --switch_ips="${SWITCH_IPS}" \ +--machines=${machines//\'} --switch_credential="${SWITCH_CREDENTIAL}" \ +--deployment_timeout="${DEPLOYMENT_TIMEOUT}" --${POLL_SWITCHES_FLAG} --dashboard_url="${DASHBOARD_URL}" +tear_down_machines +#cd ../compass-install +#sudo vagrant destroy compass_nodocker +if [[ $? != 0 ]]; then + echo "deployment failed" + exit 1 +else + echo "deployment complete" +fi diff --git a/ci/deploy.sh b/ci/deploy.sh new file mode 100755 index 0000000..38498e7 --- /dev/null +++ b/ci/deploy.sh @@ -0,0 +1,4 @@ +SCRIPT_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) +source ${SCRIPT_DIR}/prepare.sh || exit $? +source ${SCRIPT_DIR}/setup-env.sh || exit $? +source ${SCRIPT_DIR}/deploy-vm.sh || exit $? diff --git a/ci/func.sh b/ci/func.sh new file mode 100644 index 0000000..29c2c23 --- /dev/null +++ b/ci/func.sh @@ -0,0 +1,20 @@ +function tear_down_machines() { + virtmachines=$(virsh list --name |grep pxe) + for virtmachine in $virtmachines; do + echo "destroy $virtmachine" + virsh destroy $virtmachine + if [[ "$?" != "0" ]]; then + echo "destroy instance $virtmachine failed" + exit 1 + fi + done + virtmachines=$(virsh list --all --name |grep pxe) + for virtmachine in $virtmachines; do + echo "undefine $virtmachine" + virsh undefine $virtmachine + if [[ "$?" != "0" ]]; then + echo "undefine instance $virtmachine failed" + exit 1 + fi + done +} diff --git a/ci/mac_generator.sh b/ci/mac_generator.sh new file mode 100755 index 0000000..1ee5ebf --- /dev/null +++ b/ci/mac_generator.sh @@ -0,0 +1,23 @@ +#!/bin/bash +function mac_address_part() { + hex_number=$(printf '%02x' $RANDOM) + number_length=${#hex_number} + number_start=$(expr $number_length - 2) + echo ${hex_number:$number_start:2} +} + +function mac_address() { + echo "'00:00:$(mac_address_part):$(mac_address_part):$(mac_address_part):$(mac_address_part)'" +} + +machines='' +for i in `seq $1`; do + mac=$(mac_address) + + if [[ -z $machines ]]; then + machines="${mac}" + else + machines="${machines} ${mac}" + fi +done +echo ${machines} diff --git a/ci/prepare.sh b/ci/prepare.sh new file mode 100644 index 0000000..9f87812 --- /dev/null +++ b/ci/prepare.sh @@ -0,0 +1,35 @@ +sudo apt-get update -y +sudo apt-get install git python-pip python-dev -y +vagrant --version +if [[ $? != 0 ]]; then + vagrant_pkg_url=https://dl.bintray.com/mitchellh/vagrant/vagrant_1.7.2_x86_64.deb + wget ${vagrant_pkg_url} + sudo dpkg -i $(basename ${vagrant_pkg_url}) +else + echo "vagrant is already installed" +fi +sudo apt-get install libxslt-dev libxml2-dev libvirt-dev build-essential qemu-utils qemu-kvm libvirt-bin virtinst libmysqld-dev -y +sudo service libvirt-bin restart + +for plugin in vagrant-libvirt vagrant-mutate; do + vagrant plugin list |grep $plugin + if [[ $? != 0 ]]; then + vagrant plugin install $plugin + else + echo "$plugin plugin is already installed" + fi +done + +#precise_box_vb_url=https://cloud-images.ubuntu.com/vagrant/precise/current/precise-server-cloudimg-amd64-vagrant-disk1.box +#precise_box_vb_filename=$(basename ${precise_box_vb_url}) +centos65_box_vb_url=https://developer.nrel.gov/downloads/vagrant-boxes/CentOS-6.5-x86_64-v20140504.box +centos65_box_vb_filename=$(basename ${centos65_box_vb_url}) +#wget ${precise_box_vb_url} +vagrant box list |grep centos65 +if [[ $? != 0 ]]; then + wget ${centos65_box_vb_url} + mv ${centos65_box_vb_filename} centos65.box + vagrant mutate centos65.box libvirt +else + echo "centos65 box already exists" +fi diff --git a/ci/setup-env.sh b/ci/setup-env.sh new file mode 100644 index 0000000..d3613b8 --- /dev/null +++ b/ci/setup-env.sh @@ -0,0 +1,60 @@ +#rm -rf compass-install +#git clone http://git.openstack.org/stackforge/compass-install +#cd compass-install + +function join { local IFS="$1"; shift; echo "$*"; } +source ${SCRIPT_DIR}/conf/two.conf +source ${SCRIPT_DIR}/func.sh +if [[ ! -z $VIRT_NUMBER ]]; then + mac_array=$(${SCRIPT_DIR}/mac_generator.sh $VIRT_NUMBER) + mac_list=$(join , $mac_array) + echo "pxe_boot_macs: [${mac_list}]" >> ${SCRIPT_DIR}/../install/group_vars/all + echo "test: true" >> ${SCRIPT_DIR}/../install/group_vars/all +fi +virsh list |grep compass_nodocker +if [[ $? != 0 ]]; then + sudo vagrant up compass_nodocker +else + sudo vagrant provision compass_nodocker +fi +if [[ $? != 0 ]]; then + echo "installation of compass failed" + sudo vagrant destroy compass_nodocker + exit 1 +fi +echo "compass is up" + +tear_down_machines +if [[ -n $mac_array ]]; then + echo "bringing up pxe boot vms" + i=0 + for mac in $mac_array; do + echo "creating vm disk for instance pxe${i}" + sudo qemu-img create -f raw /home/pxe${i}.raw ${VIRT_DISK} + sudo virt-install --accelerate --hvm --connect qemu:///system \ + --name pxe$i --ram=$VIRT_MEM --pxe --disk /home/pxe$i.raw,format=raw \ + --vcpus=$VIRT_CPUS --graphics vnc,listen=0.0.0.0 \ + --network=bridge:virbr2,mac=$mac \ + --network=bridge:virbr2 \ + --network=bridge:virbr2 \ + --network=bridge:virbr2 \ + --noautoconsole --autostart --os-type=linux --os-variant=rhel6 + if [[ $? != 0 ]]; then + echo "launching pxe${i} failed" + exit 1 + fi + echo "checking pxe${i} state" + state=$(virsh domstate pxe${i}) + if [[ "$state" == "running" ]]; then + echo "pxe${i} is running" + sudo virsh destroy pxe${i} + fi + echo "add network boot option and make pxe${i} reboot if failing" + sudo sed -i "// a\ " /etc/libvirt/qemu/pxe${i}.xml + sudo sed -i "// a\ " /etc/libvirt/qemu/pxe${i}.xml + sudo virsh define /etc/libvirt/qemu/pxe${i}.xml + sudo virsh start pxe${i} + let i=i+1 + done +fi +machines=${mac_list} diff --git a/ci/test.sh b/ci/test.sh new file mode 100644 index 0000000..71c2fde --- /dev/null +++ b/ci/test.sh @@ -0,0 +1,127 @@ +sudo apt-get update -y +sudo apt-get install git python-pip python-dev -y +vagrant_pkg_url=https://dl.bintray.com/mitchellh/vagrant/vagrant_1.7.2_x86_64.deb +wget ${vagrant_pkg_url} +sudo dpkg -i $(basename ${vagrant_pkg_url}) +sudo apt-get install libxslt-dev libxml2-dev libvirt-dev build-essential qemu-utils qemu-kvm libvirt-bin virtinst -y +sudo service libvirt-bin restart +vagrant plugin install vagrant-libvirt +vagrant plugin install vagrant-mutate +precise_box_vb_url=https://cloud-images.ubuntu.com/vagrant/precise/current/precise-server-cloudimg-amd64-vagrant-disk1.box +precise_box_vb_filename=$(basename ${precise_box_vb_url}) +centos65_box_vb_url=https://developer.nrel.gov/downloads/vagrant-boxes/CentOS-6.5-x86_64-v20140504.box +centos65_box_vb_filename=$(basename ${centos65_box_vb_url}) +wget ${precise_box_vb_url} +wget ${centos65_box_vb_url} +mv ${precise_box_vb_filename} precise64.box +mv ${centos65_box_vb_filename} centos65.box +vagrant mutate precise64.box libvirt +vagrant mutate centos65.box libvirt +sudo pip install ansible +git clone http://git.openstack.org/stackforge/compass-install +cd compass-install + +function join { local IFS="$1"; shift; echo "$*"; } + +if [[ ! -z $VIRT_NUMBER ]]; then + mac_array=$(ci/mac_generator.sh $VIRT_NUMBER) + mac_list=$(join , $mac_array) + echo "pxe_boot_macs: [${mac_list}]" >> install/group_vars/all + echo "test: true" >> install/group_vars/all +fi +sudo vagrant up compass_vm +if [[ $? != 0 ]]; then + sudo vagrant provision compass_vm + if [[ $? != 0 ]]; then + echo "provisioning of compass failed" + exit 1 + fi +fi +echo "compass is up" + +if [[ -n $mac_array ]] + echo "bringing up pxe boot vms" + i=0 + for mac in "$mac_array"; do + virsh list |grep pxe${i} + if [[ $? == 0 ]]; then + virsh destroy pxe${i} + virsh undefine pxe${i} + fi + virsh list --all |grep pxe${i} + if [[ $? == 0 ]]; then + virsh undefine pxe${i} + fi + echo "creating vm disk for instance pxe${i}" + sudo qemu-img create -f raw /home/pxe${i}.raw ${VIRT_DISK} + sudo virt-install --accelerate --hvm --connect qemu:///system \ + --name pxe$i --ram=$VIRT_MEM --pxe --disk /home/pxe$i.raw,format=raw \ + --vcpus=$VIRT_CPUS --graphics vnc,listen=0.0.0.0 \ + --network=bridge:virbr2,mac=$mac \ + --network=bridge:virbr2 + --network=bridge:virbr2 + --network=bridge:virbr2 + --noautoconsole --autostart --os-type=linux --os-variant=rhel6 + if [[ $? != 0 ]]; then + echo "launching pxe${i} failed" + exit 1 + fi + echo "checking pxe${i} state" + state=$(virsh domstate pxe${i}) + if [[ "$state" == "running" ]]; then + echo "pxe${i} is running" + sudo virsh destroy pxe${i} + fi + echo "add network boot option and make pxe${i} reboot if failing" + sudo sed -i "// a\ " /etc/libvirt/qemu/pxe${i}.xml + sudo sed -i "// a\ " /etc/libvirt/qemu/pxe${i}.xml + sudo virsh define /etc/libvirt/qemu/pxe${i}.xml + sudo virsh start pxe${i} + let i=i+1 + done +fi + +rm -rf compass-core +git clone http://git.openstack.org/stackforge/compass-core -b dev/experimental +cd compass-core +virtualenv venv +source venv/bin/activate +pip install -e . +if [[ ! -f /var/log/compass ]]; then + sudo mkdir /var/log/compass + sudo chown -R 777 /var/log/compass +fi +if [[ ! -f /etc/compass ]]; then + sudo mkdir /etc/compass + sudo cp -rf conf/setting /etc/compass/. +fi +cp bin/switch_virtualenv.py.template bin/switch_virtualenv.py +sed -i "s|\$PythonHome|$VIRTUAL_ENV|g" /opt/compass/bin/switch_virtualenv.py +source ../compass-install/ci/allinone.conf +bin/client.py --logfile= --loglevel=debug --logdir= --compass_server="${COMPASS_SERVER_URL}" \ +--compass_user_email="${COMPASS_USER_EMAIL}" --compass_user_password="${COMPASS_USER_PASSWORD}" \ +--cluster_name="${CLUSTER_NAME}" --language="${LANGUAGE}" --timezone="${TIMEZONE}" \ +--hostnames="${HOSTNAMES}" --partitions="${PARTITIONS}" --subnets="${SUBNETS}" \ +--adapter_os_pattern="${ADAPTER_OS_PATTERN}" --adapter_name="${ADAPTER_NAME}" \ +--adapter_target_system_pattern="${ADAPTER_TARGET_SYSTEM_PATTERN}" \ +--adapter_flavor_pattern="${ADAPTER_FLAVOR_PATTERN}" \ +--http_proxy="${PROXY}" --https_proxy="${PROXY}" --no_proxy="${IGNORE_PROXY}" \ +--ntp_server="${NTP_SERVER}" --dns_servers="${NAMESERVERS}" --domain="${DOMAIN}" \ +--search_path="${SEARCH_PATH}" --default_gateway="${GATEWAY}" \ +--server_credential="${SERVER_CREDENTIAL}" --local_repo_url="${LOCAL_REPO_URL}" \ +--os_config_json_file="${OS_CONFIG_FILENAME}" --service_credentials="${SERVICE_CREDENTIALS}" \ +--console_credentials="${CONSOLE_CREDENTIALS}" --host_networks="${HOST_NETWORKS}" \ +--network_mapping="${NETWORK_MAPPING}" --package_config_json_file="${PACKAGE_CONFIG_FILENAME}" \ +--host_roles="${HOST_ROLES}" --default_roles="${DEFAULT_ROLES}" --switch_ips="${SWITCH_IPS}" \ +--machines="${machines}" --switch_credential="${SWITCH_CREDENTIAL}" \ +--deployment_timeout="${DEPLOYMENT_TIMEOUT}" --${POLL_SWITCHES_FLAG} --dashboard_url="${DASHBOARD_URL}" +#sudo vagrant up regtest_vm +#if [[ $? != 0 ]]; then +# sudo vagrant provision regtest_vm +# if [[ $? != 0 ]]; then +# echo "deployment of cluster failed" +# exit 1 +# fi +#fi +#echo "deployment of cluster complete" + diff --git a/docker/build/cobbler/Dockerfile b/docker/build/cobbler/Dockerfile new file mode 100644 index 0000000..20e2be7 --- /dev/null +++ b/docker/build/cobbler/Dockerfile @@ -0,0 +1,150 @@ +FROM centos:centos6 + +ADD conf/setup.conf /tmp/setup.conf +ADD conf/cobbler_web.conf /etc/httpd/conf.d/cobbler_web.conf +ADD conf/ssl.conf /etc/httpd/conf.d/ssl.conf +ADD conf/tftpd.template /etc/cobbler/tftpd.template +ADD conf/modules.conf /etc/cobbler/modules.conf +ADD conf/distributions /tmp/distributions +ADD conf/dhcp.template /etc/cobbler/dhcp.template +RUN chmod +x /tmp/setup.conf + +# add epel repo and atomic(for installing reprepro: a command tool to build debian repos) repo +RUN source /tmp/setup.conf && \ + rpm -Uvh $EPEL7 && \ + sed -i 's/^mirrorlist=https/mirrorlist=http/g' /etc/yum.repos.d/epel.repo && \ + rpm -Uvh $ATOMIC && \ + sed -i 's/^mirrorlist=https/mirrorlist=http/g' /etc/yum.repos.d/atomic.repo + +RUN yum clean all && \ + yum update -y --skip-broken && \ + yum install -y syslinux bind rsync dhcp xinetd tftp-server gcc httpd cobbler cobbler-web createrepo mkisofs python-cheetah python-simplejson python-urlgrabber PyYAML PyYAML Django cman pykickstart reprepro git wget debmirror cman openssl openssl098e + +# configure cobbler web and ssl +RUN mkdir -p /root/backup/cobbler && \ + cp -rn /etc/httpd/conf.d /root/backup/cobbler && \ + chmod 644 /etc/httpd/conf.d/cobbler_web.conf && \ + chmod 644 /etc/httpd/conf.d/ssl.conf + +# update tftpd template +RUN chmod 644 /etc/cobbler/tftpd.template + +# update modules conf +RUN chmod 644 /etc/cobbler/modules.conf + +# setup cobbler default web username password: cobbler/cobbler +RUN (echo -n "cobbler:Cobbler:" && echo -n "cobbler:Cobbler:cobbler" | md5sum - | cut -d' ' -f1) > /etc/cobbler/users.digest + + +# get adapters code +WORKDIR /root/ +RUN git clone -b dev/experimental https://git.openstack.org/stackforge/compass-adapters.git && \ + cp -rn /var/lib/cobbler/snippets /root/backup/cobbler/ && \ + cp -rn /var/lib/cobbler/scripts /root/backup/cobbler && \ + cp -rn /var/lib/cobbler/kickstarts/ /root/backup/cobbler/ && \ + cp -rn /var/lib/cobbler/triggers /root/backup/cobbler/ && \ + rm -rf /var/lib/cobbler/snippets/* && \ + cp -rf compass-adapters/cobbler/snippets/* /var/lib/cobbler/snippets/ && \ + cp -rf compass-adapters/cobbler/scripts/* /var/lib/cobbler/scripts/ && \ + cp -rf compass-adapters/cobbler/triggers/* /var/lib/cobbler/triggers/ && \ + chmod 777 /var/lib/cobbler/snippets && \ + chmod 777 /var/lib/cobbler/scripts && \ + chmod -R 666 /var/lib/cobbler/snippets/* && \ + chmod -R 666 /var/lib/cobbler/scripts/* && \ + chmod -R 755 /var/lib/cobbler/triggers && \ + rm -f /var/lib/cobbler/kickstarts/default.ks && \ + rm -f /var/lib/cobbler/kickstarts/default.seed && \ + cp -rf compass-adapters/cobbler/kickstarts/default.ks /var/lib/cobbler/kickstarts/ && \ + cp -rf compass-adapters//cobbler/kickstarts/default.seed /var/lib/cobbler/kickstarts/ && \ + chmod 666 /var/lib/cobbler/kickstarts/default.ks && \ + chmod 666 /var/lib/cobbler/kickstarts/default.seed && \ + mkdir -p /var/www/cblr_ks && \ + chmod 755 /var/www/cblr_ks && \ + cp -rf compass-adapters/cobbler/conf/cobbler.conf /etc/httpd/conf.d/ && \ + chmod 644 /etc/httpd/conf.d/cobbler.conf && \ + export passwd=$(openssl passwd -1 -salt 'huawei' '123456') && \ + sed -i "s,^default_password_crypted:[ \t]\+\"\(.*\)\",default_password_crypted: \"$cobbler_passwd\",g" /etc/cobbler/settings && \ + chmod 644 /etc/cobbler/settings + + +# disable selinux +RUN echo 0 > /selinux/enforce + +# create log dirs +RUN mkdir -p /var/log/cobbler && \ + mkdir -p /var/log/cobbler/tasks && \ + mkdir -p /var/log/cobbler/anamon && \ + chmod -R 777 /var/log/cobbler + +# create centos ppa repo dir +RUN rm -rf /var/lib/cobbler/repo_mirror/centos_ppa_repo && \ + mkdir -p /var/lib/cobbler/repo_mirror/centos_ppa_repo + +# download centos repo pkgs +WORKDIR /var/lib/cobbler/repo_mirror/centos_ppa_repo +ADD conf/setup.conf /tmp/setup.conf +RUN source /tmp/setup.conf && \ + wget $NTP && \ + wget $SSH_CLIENTS && \ + wget $OPENSSH && \ + wget $IPROUTE && \ + wget $WGET && \ + wget $NTPDATE && \ + wget $YUM_PRIORITIES && \ + wget $JSONC && \ + wget $LIBESTR && \ + wget $LIBGT && \ + wget $LIBLOGGING && \ + wget $RSYSLOG && \ + wget $CHEF_CLIENT_CENTOS + +# creating ubuntu repo +RUN rm -rf /var/lib/cobbler/repo_mirror/ubuntu_ppa_repo && \ + mkdir -p /var/lib/cobbler/repo_mirror/ubuntu_ppa_repo/conf && \ + mv /tmp/distributions /var/lib/cobbler/repo_mirror/ubuntu_ppa_repo/conf/distributions && \ + chmod 644 /var/lib/cobbler/repo_mirror/ubuntu_ppa_repo/conf/distributions && \ + wget -O /var/lib/cobbler/repo_mirror/ubuntu_ppa_repo/chef_11.8.0-1.ubuntu.12.04_amd64.deb http://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef_11.8.0-1.ubuntu.12.04_amd64.deb + +ADD conf/1404_distributions /tmp/1404_distributions + +RUN rm -rf /var/lib/cobbler/repo_mirror/ubuntu_14_04_ppa_repo && \ + mkdir -p /var/lib/cobbler/repo_mirror/ubuntu_14_04_ppa_repo/conf && \ + mv /tmp/1404_distributions /var/lib/cobbler/repo_mirror/ubuntu_14_04_ppa_repo/conf/distributions && \ + chmod 644 /var/lib/cobbler/repo_mirror/ubuntu_14_04_ppa_repo/conf/distributions && \ + wget -O /var/lib/cobbler/repo_mirror/ubuntu_14_04_ppa_repo/chef_12.1.1-1_amd64.deb https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/13.04/x86_64/chef_12.1.1-1_amd64.deb + + +# create repos +WORKDIR /var/lib/cobbler/repo_mirror +RUN createrepo centos_ppa_repo && \ + find ubuntu_ppa_repo -name \*.deb -exec reprepro -Vb ubuntu_ppa_repo includedeb ppa {} \; && \ + find ubuntu_14_04_ppa_repo -name \*.deb -exec reprepro -Vb ubuntu_14_04_ppa_repo includedeb ppa {} \; + +# add repos to cobbler repo and get loaders +RUN /usr/sbin/apachectl -k start && \ + /usr/bin/cobblerd start \& && \ + cobbler repo add --mirror=/var/lib/cobbler/repo_mirror/centos_ppa_repo --name=centos_ppa_repo --mirror-locally=Y --arch=x86_64 && \ + cobbler repo add --mirror=/var/lib/cobbler/repo_mirror/ubuntu_ppa_repo --name=ubuntu_ppa_repo --mirror-locally=Y --arch=x86_64 && \ + cobbler repo add --mirror=/var/lib/cobbler/repo_mirror/ubuntu_14_04_ppa_repo --name=ubuntu_14_04_ppa_repo --mirror-locally=Y --arch=x86_64 && \ + cobbler reposync && \ + cobbler get-loaders + +ADD conf/cobbler.settings /etc/cobbler/settings +RUN sed -i 's/disable\([ \t]\+\)=\([ \t]\+\)yes/disable\1=\2no/g' /etc/xinetd.d/rsync && \ + sed -i 's/^@dists=/# @dists=/g' /etc/debmirror.conf && \ + sed -i 's/^@arches=/# @arches=/g' /etc/debmirror.conf + +# create mount points +RUN mkdir -p /var/lib/cobbler/mount_point +VOLUME ["/var/lib/cobbler/mount_point"] +ADD scripts/start /root/start +RUN chmod +x /root/start +CMD ["/root/start"] + + +EXPOSE 80 +EXPOSE 69 69/udp +EXPOSE 53 53/udp +EXPOSE 25151 +EXPOSE 443 +EXPOSE 873 diff --git a/docker/build/cobbler/conf/1404_distributions b/docker/build/cobbler/conf/1404_distributions new file mode 100644 index 0000000..7f61215 --- /dev/null +++ b/docker/build/cobbler/conf/1404_distributions @@ -0,0 +1,8 @@ +Origin: ppa +Label: ppa_repo +Suite: stable +Codename: ppa +Version: 0.1 +Architectures: i386 amd64 source +Components: main +Description: ppa repo diff --git a/docker/build/cobbler/conf/cobbler.settings b/docker/build/cobbler/conf/cobbler.settings new file mode 100644 index 0000000..eb965d2 --- /dev/null +++ b/docker/build/cobbler/conf/cobbler.settings @@ -0,0 +1,450 @@ +--- +# cobbler settings file +# restart cobblerd and run "cobbler sync" after making changes +# This config file is in YAML 1.0 format +# see http://yaml.org +# ========================================================== +# if 1, cobbler will allow insertions of system records that duplicate +# the --dns-name information of other system records. In general, +# this is undesirable and should be left 0. +allow_duplicate_hostnames: 0 + +# if 1, cobbler will allow insertions of system records that duplicate +# the ip address information of other system records. In general, +# this is undesirable and should be left 0. +allow_duplicate_ips: 0 + +# if 1, cobbler will allow insertions of system records that duplicate +# the mac address information of other system records. In general, +# this is undesirable. +allow_duplicate_macs: 0 + +# if 1, cobbler will allow settings to be changed dynamically without +# a restart of the cobblerd daemon. You can only change this variable +# by manually editing the settings file, and you MUST restart cobblerd +# after changing it. +allow_dynamic_settings: 0 + +# by default, installs are *not* set to send installation logs to the cobbler +# # # server. With 'anamon_enabled', kickstart templates may use the pre_anamon +# # # snippet to allow remote live monitoring of their installations from the +# # # cobbler server. Installation logs will be stored under +# # # /var/log/cobbler/anamon/. NOTE: This does allow an xmlrpc call to send logs +# # # to this directory, without authentication, so enable only if you are +# # # ok with this limitation. +anamon_enabled: 1 + +# If using authn_pam in the modules.conf, this can be configured +# to change the PAM service authentication will be tested against. +# The default value is "login". +authn_pam_service: "login" + +# Email out a report when cobbler finishes installing a system. +# enabled: set to 1 to turn this feature on +# sender: optional +# email: which addresses to email +# smtp_server: used to specify another server for an MTA +# subject: use the default subject unless overridden +build_reporting_enabled: 0 +build_reporting_sender: "" +build_reporting_email: [ 'root@localhost' ] +build_reporting_smtp_server: "localhost" +build_reporting_subject: "" + +# Cheetah-language kickstart templates can import Python modules. +# while this is a useful feature, it is not safe to allow them to +# import anything they want. This whitelists which modules can be +# imported through Cheetah. Users can expand this as needed but +# should never allow modules such as subprocess or those that +# allow access to the filesystem as Cheetah templates are evaluated +# by cobblerd as code. +cheetah_import_whitelist: + - "random" + - "re" + - "time" + +# Default createrepo_flags to use for new repositories. If you have +# createrepo >= 0.4.10, consider "-c cache --update -C", which can +# dramatically improve your "cobbler reposync" time. "-s sha" +# enables working with Fedora repos from F11/F12 from EL-4 or +# EL-5 without python-hashlib installed (which is not available +# on EL-4) +createrepo_flags: "-c cache -s sha" + +# if no kickstart is specified to profile add, use this template +default_kickstart: /var/lib/cobbler/kickstarts/default.ks + +# configure all installed systems to use these nameservers by default +# unless defined differently in the profile. For DHCP configurations +# you probably do /not/ want to supply this. +default_name_servers: ['10.145.89.100'] + +# if using the authz_ownership module (see the Wiki), objects +# created without specifying an owner are assigned to this +# owner and/or group. Can be a comma seperated list. +default_ownership: + - "admin" + +# cobbler has various sample kickstart templates stored +# in /var/lib/cobbler/kickstarts/. This controls +# what install (root) password is set up for those +# systems that reference this variable. The factory +# default is "cobbler" and cobbler check will warn if +# this is not changed. +# The simplest way to change the password is to run +# openssl passwd -1 +# and put the output between the "" below. +default_password_crypted: "$1$huawei$9OkoVJwO4W8vavlXd1bUS/" + +# the default template type to use in the absence of any +# other detected template. If you do not specify the template +# with '#template=' on the first line of your +# templates/snippets, cobbler will assume try to use the +# following template engine to parse the templates. +# +# Current valid values are: cheetah, jinja2 +default_template_type: "cheetah" + +# for libvirt based installs in koan, if no virt bridge +# is specified, which bridge do we try? For EL 4/5 hosts +# this should be xenbr0, for all versions of Fedora, try +# "virbr0". This can be overriden on a per-profile +# basis or at the koan command line though this saves +# typing to just set it here to the most common option. +default_virt_bridge: xenbr0 + +# use this as the default disk size for virt guests (GB) +default_virt_file_size: 5 + +# use this as the default memory size for virt guests (MB) +default_virt_ram: 512 + +# if koan is invoked without --virt-type and no virt-type +# is set on the profile/system, what virtualization type +# should be assumed? Values: xenpv, xenfv, qemu, vmware +# (NOTE: this does not change what virt_type is chosen by import) +default_virt_type: xenpv + +# enable gPXE booting? Enabling this option will cause cobbler +# to copy the undionly.kpxe file to the tftp root directory, +# and if a profile/system is configured to boot via gpxe it will +# chain load off pxelinux.0. +# Default: 0 +enable_gpxe: 0 + +# controls whether cobbler will add each new profile entry to the default +# PXE boot menu. This can be over-ridden on a per-profile +# basis when adding/editing profiles with --enable-menu=0/1. Users +# should ordinarily leave this setting enabled unless they are concerned +# with accidental reinstalls from users who select an entry at the PXE +# boot menu. Adding a password to the boot menus templates +# may also be a good solution to prevent unwanted reinstallations +enable_menu: 0 + +# enable Func-integration? This makes sure each installed machine is set up +# to use func out of the box, which is a powerful way to script and control +# remote machines. +# Func lives at http://fedorahosted.org/func +# read more at https://github.com/cobbler/cobbler/wiki/Func-integration +# you will need to mirror Fedora/EPEL packages for this feature, so see +# https://github.com/cobbler/cobbler/wiki/Manage-yum-repos if you want cobbler +# to help you with this +func_auto_setup: 0 +func_master: overlord.example.org + +# change this port if Apache is not running plaintext on port +# 80. Most people can leave this alone. +http_port: 80 + +# kernel options that should be present in every cobbler installation. +# kernel options can also be applied at the distro/profile/system +# level. +kernel_options: + ksdevice: bootif + lang: ' ' + text: ~ + +# s390 systems require additional kernel options in addition to the +# above defaults +kernel_options_s390x: + RUNKS: 1 + ramdisk_size: 40000 + root: /dev/ram0 + ro: ~ + ip: off + vnc: ~ + +# configuration options if using the authn_ldap module. See the +# the Wiki for details. This can be ignored if you are not using +# LDAP for WebUI/XMLRPC authentication. +ldap_server: "ldap.example.com" +ldap_base_dn: "DC=example,DC=com" +ldap_port: 389 +ldap_tls: 1 +ldap_anonymous_bind: 1 +ldap_search_bind_dn: '' +ldap_search_passwd: '' +ldap_search_prefix: 'uid=' +ldap_tls_cacertfile: '' +ldap_tls_keyfile: '' +ldap_tls_certfile: '' + +# cobbler has a feature that allows for integration with config management +# systems such as Puppet. The following parameters work in conjunction with +# --mgmt-classes and are described in furhter detail at: +# https://github.com/cobbler/cobbler/wiki/Using-cobbler-with-a-configuration-management-system +mgmt_classes: [] +mgmt_parameters: + from_cobbler: 1 + +# if enabled, this setting ensures that puppet is installed during +# machine provision, a client certificate is generated and a +# certificate signing request is made with the puppet master server +puppet_auto_setup: 0 + +# when puppet starts on a system after installation it needs to have +# its certificate signed by the puppet master server. Enabling the +# following feature will ensure that the puppet server signs the +# certificate after installation if the puppet master server is +# running on the same machine as cobbler. This requires +# puppet_auto_setup above to be enabled +sign_puppet_certs_automatically: 0 + +# location of the puppet executable, used for revoking certificates +puppetca_path: "/usr/bin/puppet" + +# when a puppet managed machine is reinstalled it is necessary to +# remove the puppet certificate from the puppet master server before a +# new certificate is signed (see above). Enabling the following +# feature will ensure that the certificate for the machine to be +# installed is removed from the puppet master server if the puppet +# master server is running on the same machine as cobbler. This +# requires puppet_auto_setup above to be enabled +remove_old_puppet_certs_automatically: 0 + +# choose a --server argument when running puppetd/puppet agent during kickstart +#puppet_server: 'puppet' + +# let cobbler know that you're using a newer version of puppet +# choose version 3 to use: 'puppet agent'; version 2 uses status quo: 'puppetd' +#puppet_version: 2 + +# choose whether to enable puppet parameterized classes or not. +# puppet versions prior to 2.6.5 do not support parameters +#puppet_parameterized_classes: 1 + +# set to 1 to enable Cobbler's DHCP management features. +# the choice of DHCP management engine is in /etc/cobbler/modules.conf +manage_dhcp: 1 + +# set to 1 to enable Cobbler's DNS management features. +# the choice of DNS mangement engine is in /etc/cobbler/modules.conf +manage_dns: 1 + +# set to path of bind chroot to create bind-chroot compatible bind +# configuration files. This should be automatically detected. +bind_chroot_path: "" + +# set to the ip address of the master bind DNS server for creating secondary +# bind configuration files +bind_master: 127.0.0.1 + +# set to 1 to enable Cobbler's TFTP management features. +# the choice of TFTP mangement engine is in /etc/cobbler/modules.conf +manage_tftpd: 1 + +# set to 1 to enable Cobbler's RSYNC management features. +manage_rsync: 0 + +# if using BIND (named) for DNS management in /etc/cobbler/modules.conf +# and manage_dns is enabled (above), this lists which zones are managed +# See the Wiki (https://github.com/cobbler/cobbler/wiki/Dns-management) for more info +manage_forward_zones: ['ods.com'] +manage_reverse_zones: ['10','172.16'] + +# if using cobbler with manage_dhcp, put the IP address +# of the cobbler server here so that PXE booting guests can find it +# if you do not set this correctly, this will be manifested in TFTP open timeouts. +next_server: 192.168.100.1 + +# settings for power management features. optional. +# see https://github.com/cobbler/cobbler/wiki/Power-management to learn more +# choices (refer to codes.py): +# apc_snmp bladecenter bullpap drac ether_wake ilo integrity +# ipmilan ipmitool lpar rsa virsh wti +power_management_default_type: 'ipmitool' + +# the commands used by the power management module are sourced +# from what directory? +power_template_dir: "/etc/cobbler/power" + +# if this setting is set to 1, cobbler systems that pxe boot +# will request at the end of their installation to toggle the +# --netboot-enabled record in the cobbler system record. This eliminates +# the potential for a PXE boot loop if the system is set to PXE +# first in it's BIOS order. Enable this if PXE is first in your BIOS +# boot order, otherwise leave this disabled. See the manpage +# for --netboot-enabled. +pxe_just_once: 1 + +# the templates used for PXE config generation are sourced +# from what directory? +pxe_template_dir: "/etc/cobbler/pxe" + +# Path to where system consoles are +consoles: "/var/consoles" + +# Are you using a Red Hat management platform in addition to Cobbler? +# Cobbler can help you register to it. Choose one of the following: +# "off" : I'm not using Red Hat Network, Satellite, or Spacewalk +# "hosted" : I'm using Red Hat Network +# "site" : I'm using Red Hat Satellite Server or Spacewalk +# You will also want to read: https://github.com/cobbler/cobbler/wiki/Tips-for-RHN +redhat_management_type: "off" + +# if redhat_management_type is enabled, choose your server +# "management.example.org" : For Satellite or Spacewalk +# "xmlrpc.rhn.redhat.com" : For Red Hat Network +# This setting is also used by the code that supports using Spacewalk/Satellite users/passwords +# within Cobbler Web and Cobbler XMLRPC. Using RHN Hosted for this is not supported. +# This feature can be used even if redhat_management_type is off, you just have +# to have authn_spacewalk selected in modules.conf +redhat_management_server: "xmlrpc.rhn.redhat.com" + +# specify the default Red Hat authorization key to use to register +# system. If left blank, no registration will be attempted. Similarly +# you can set the --redhat-management-key to blank on any system to +# keep it from trying to register. +redhat_management_key: "" + +# if using authn_spacewalk in modules.conf to let cobbler authenticate +# against Satellite/Spacewalk's auth system, by default it will not allow per user +# access into Cobbler Web and Cobbler XMLRPC. +# in order to permit this, the following setting must be enabled HOWEVER +# doing so will permit all Spacewalk/Satellite users of certain types to edit all +# of cobbler's configuration. +# these roles are: config_admin and org_admin +# users should turn this on only if they want this behavior and +# do not have a cross-multi-org seperation concern. If you have +# a single org in your satellite, it's probably safe to turn this +# on and then you can use CobblerWeb alongside a Satellite install. +redhat_management_permissive: 0 + +# if set to 1, allows /usr/bin/cobbler-register (part of the koan package) +# to be used to remotely add new cobbler system records to cobbler. +# this effectively allows for registration of new hardware from system +# records. +register_new_installs: 0 + +# Flags to use for yum's reposync. If your version of yum reposync +# does not support -l, you may need to remove that option. +reposync_flags: "-l -n -d" + +# These options will be used for an rsync initiated by cobbler replicate +replicate_rsync_options: "-avzH" + +# when DHCP and DNS management are enabled, cobbler sync can automatically +# restart those services to apply changes. The exception for this is +# if using ISC for DHCP, then omapi eliminates the need for a restart. +# omapi, however, is experimental and not recommended for most configurations. +# If DHCP and DNS are going to be managed, but hosted on a box that +# is not on this server, disable restarts here and write some other +# script to ensure that the config files get copied/rsynced to the destination +# box. This can be done by modifying the restart services trigger. +# Note that if manage_dhcp and manage_dns are disabled, the respective +# parameter will have no effect. Most users should not need to change +# this. +restart_dns: 1 +restart_dhcp: 1 + +# install triggers are scripts in /var/lib/cobbler/triggers/install +# that are triggered in kickstart pre and post sections. Any +# executable script in those directories is run. They can be used +# to send email or perform other actions. They are currently +# run as root so if you do not need this functionality you can +# disable it, though this will also disable "cobbler status" which +# uses a logging trigger to audit install progress. +run_install_triggers: 1 + +# enables a trigger which version controls all changes to /var/lib/cobbler +# when add, edit, or sync events are performed. This can be used +# to revert to previous database versions, generate RSS feeds, or for +# other auditing or backup purposes. "git" and "hg" are currently suported, +# but git is the recommend SCM for use with this feature. +scm_track_enabled: 0 +scm_track_mode: "git" + +# this is the address of the cobbler server -- as it is used +# by systems during the install process, it must be the address +# or hostname of the system as those systems can see the server. +# if you have a server that appears differently to different subnets +# (dual homed, etc), you need to read the --server-override section +# of the manpage for how that works. +server: 192.168.100.1 + +# If set to 1, all commands will be forced to use the localhost address +# instead of using the above value which can force commands like +# cobbler sync to open a connection to a remote address if one is in the +# configuration and would traceback. +client_use_localhost: 0 + +# If set to 1, all commands to the API (not directly to the XMLRPC +# server) will go over HTTPS instead of plaintext. Be sure to change +# the http_port setting to the correct value for the web server +client_use_https: 0 + +# this is a directory of files that cobbler uses to make +# templating easier. See the Wiki for more information. Changing +# this directory should not be required. +snippetsdir: /var/lib/cobbler/snippets + +# Normally if a kickstart is specified at a remote location, this +# URL will be passed directly to the kickstarting system, thus bypassing +# the usual snippet templating Cobbler does for local kickstart files. If +# this option is enabled, Cobbler will fetch the file contents internally +# and serve a templated version of the file to the client. +template_remote_kickstarts: 0 + +# should new profiles for virtual machines default to auto booting with the physical host when the physical host reboots? +# this can be overridden on each profile or system object. +virt_auto_boot: 1 + +# cobbler's web directory. Don't change this setting -- see the +# Wiki on "relocating your cobbler install" if your /var partition +# is not large enough. +webdir: /var/www/cobbler + +# cobbler's public XMLRPC listens on this port. Change this only +# if absolutely needed, as you'll have to start supplying a new +# port option to koan if it is not the default. +xmlrpc_port: 25151 + +# "cobbler repo add" commands set cobbler up with repository +# information that can be used during kickstart and is automatically +# set up in the cobbler kickstart templates. By default, these +# are only available at install time. To make these repositories +# usable on installed systems (since cobbler makes a very convient) +# mirror, set this to 1. Most users can safely set this to 1. Users +# who have a dual homed cobbler server, or are installing laptops that +# will not always have access to the cobbler server may wish to leave +# this as 0. In that case, the cobbler mirrored yum repos are still +# accessable at http://cobbler.example.org/cblr/repo_mirror and yum +# configuration can still be done manually. This is just a shortcut. +yum_post_install_mirror: 1 + +# the default yum priority for all the distros. This is only used +# if yum-priorities plugin is used. 1=maximum. Tweak with caution. +yum_distro_priority: 1 + +# Flags to use for yumdownloader. Not all versions may support +# --resolve. +yumdownloader_flags: "--resolve" + +# sort and indent JSON output to make it more human-readable +serializer_pretty_json: 0 + +# replication rsync options for distros, kickstarts, snippets set to override default value of "-avzH" +replicate_rsync_options: "-avzH" + +# replication rsync options for repos set to override default value of "-avzH" +replicate_repo_rsync_options: "-avzH" diff --git a/docker/build/cobbler/conf/cobbler_web.conf b/docker/build/cobbler/conf/cobbler_web.conf new file mode 100644 index 0000000..f03d4fe --- /dev/null +++ b/docker/build/cobbler/conf/cobbler_web.conf @@ -0,0 +1,10 @@ +# This configuration file enables the cobbler web +# interface (django version) + +# Force everything to go to https +RewriteEngine on +RewriteCond %{HTTPS} off +RewriteCond %{REQUEST_URI} ^/cobbler_web +# RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} + +WSGIScriptAlias /cobbler_web /usr/share/cobbler/web/cobbler.wsgi diff --git a/docker/build/cobbler/conf/dhcp.template b/docker/build/cobbler/conf/dhcp.template new file mode 100644 index 0000000..f18ec37 --- /dev/null +++ b/docker/build/cobbler/conf/dhcp.template @@ -0,0 +1,98 @@ +# ****************************************************************** +# Cobbler managed dhcpd.conf file +# +# generated from cobbler dhcp.conf template ($date) +# Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes +# in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be +# overwritten. +# +# ****************************************************************** + +ddns-update-style interim; + +allow booting; +allow bootp; +deny unknown-clients; +local-address 192.168.100.100; +log-facility local6; + +ignore client-updates; +set vendorclass = option vendor-class-identifier; + +option pxe-system-type code 93 = unsigned integer 16; +option space pxelinux; +option pxelinux.magic code 208 = string; +option pxelinux.configfile code 209 = text; +option pxelinux.pathprefix code 210 = text; +option pxelinux.reboottime code 211 = unsigned integer 32; + +subnet 192.168.100.0 netmask 255.255.254.0 { + option routers 192.168.100.1; + option domain-name-servers 192.168.100.1; + option subnet-mask 255.255.254.0; + range dynamic-bootp 192.168.100.10 192.168.101.250; + default-lease-time 21600; + max-lease-time 43200; + next-server $next_server; + class "pxeclients" { + match if substring (option vendor-class-identifier, 0, 9) = "PXEClient"; + if option pxe-system-type = 00:02 { + filename "ia64/elilo.efi"; + } else if option pxe-system-type = 00:06 { + filename "grub/grub-x86.efi"; + } else if option pxe-system-type = 00:07 { + filename "grub/grub-x86_64.efi"; + } else { + filename "pxelinux.0"; + } + } + +} + +#for dhcp_tag in $dhcp_tags.keys(): + ## group could be subnet if your dhcp tags line up with your subnets + ## or really any valid dhcpd.conf construct ... if you only use the + ## default dhcp tag in cobbler, the group block can be deleted for a + ## flat configuration +# group for Cobbler DHCP tag: $dhcp_tag +group { + #for mac in $dhcp_tags[$dhcp_tag].keys(): + #set iface = $dhcp_tags[$dhcp_tag][$mac] + host $iface.name { + hardware ethernet $mac; + site-option-space "pxelinux"; + option pxelinux.magic f1:00:74:7e; + if exists dhcp-parameter-request-list { + # Always send the PXELINUX options (specified in hexadecimal) + option dhcp-parameter-request-list = concat(option dhcp-parameter-request-list,d0,d1,d2,d3); + } + option pxelinux.reboottime 30; + #if $iface.hostname: + option host-name "$iface.hostname"; + #end if + #if $iface.netmask: + option subnet-mask $iface.netmask; + #end if + #if $iface.gateway: + option routers $iface.gateway; + #end if + #if $iface.enable_gpxe: + if exists user-class and option user-class = "gPXE" { + filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner"; + } else if exists user-class and option user-class = "iPXE" { + filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner"; + } else { + filename "undionly.kpxe"; + } + #else + filename "$iface.filename"; + #end if + ## Cobbler defaults to $next_server, but some users + ## may like to use $iface.system.server for proxied setups + next-server $next_server; + ## next-server $iface.next_server; + } + #end for +} +#end for + diff --git a/docker/build/cobbler/conf/distributions b/docker/build/cobbler/conf/distributions new file mode 100644 index 0000000..7f61215 --- /dev/null +++ b/docker/build/cobbler/conf/distributions @@ -0,0 +1,8 @@ +Origin: ppa +Label: ppa_repo +Suite: stable +Codename: ppa +Version: 0.1 +Architectures: i386 amd64 source +Components: main +Description: ppa repo diff --git a/docker/build/cobbler/conf/modules.conf b/docker/build/cobbler/conf/modules.conf new file mode 100644 index 0000000..5c3b941 --- /dev/null +++ b/docker/build/cobbler/conf/modules.conf @@ -0,0 +1,84 @@ +# cobbler module configuration file +# ================================= + +# authentication: +# what users can log into the WebUI and Read-Write XMLRPC? +# choices: +# authn_denyall -- no one (default) +# authn_configfile -- use /etc/cobbler/users.digest (for basic setups) +# authn_passthru -- ask Apache to handle it (used for kerberos) +# authn_ldap -- authenticate against LDAP +# authn_spacewalk -- ask Spacewalk/Satellite (experimental) +# authn_pam -- use PAM facilities +# authn_testing -- username/password is always testing/testing (debug) +# (user supplied) -- you may write your own module +# WARNING: this is a security setting, do not choose an option blindly. +# for more information: +# https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface +# https://github.com/cobbler/cobbler/wiki/Security-overview +# https://github.com/cobbler/cobbler/wiki/Kerberos +# https://github.com/cobbler/cobbler/wiki/Ldap + +[authentication] +module = authn_configfile + +# authorization: +# once a user has been cleared by the WebUI/XMLRPC, what can they do? +# choices: +# authz_allowall -- full access for all authneticated users (default) +# authz_ownership -- use users.conf, but add object ownership semantics +# (user supplied) -- you may write your own module +# WARNING: this is a security setting, do not choose an option blindly. +# If you want to further restrict cobbler with ACLs for various groups, +# pick authz_ownership. authz_allowall does not support ACLs. configfile +# does but does not support object ownership which is useful as an additional +# layer of control. + +# for more information: +# https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface +# https://github.com/cobbler/cobbler/wiki/Security-overview +# https://github.com/cobbler/cobbler/wiki/Web-authorization + +[authorization] +module = authz_allowall + +# dns: +# chooses the DNS management engine if manage_dns is enabled +# in /etc/cobbler/settings, which is off by default. +# choices: +# manage_bind -- default, uses BIND/named +# manage_dnsmasq -- uses dnsmasq, also must select dnsmasq for dhcp below +# NOTE: more configuration is still required in /etc/cobbler +# for more information: +# https://github.com/cobbler/cobbler/wiki/Dns-management + +[dns] +module = manage_bind + +# dhcp: +# chooses the DHCP management engine if manage_dhcp is enabled +# in /etc/cobbler/settings, which is off by default. +# choices: +# manage_isc -- default, uses ISC dhcpd +# manage_dnsmasq -- uses dnsmasq, also must select dnsmasq for dns above +# NOTE: more configuration is still required in /etc/cobbler +# for more information: +# https://github.com/cobbler/cobbler/wiki/Dhcp-management + +[dhcp] +module = manage_isc + +# tftpd: +# chooses the TFTP management engine if manage_tftp is enabled +# in /etc/cobbler/settings, which is ON by default. +# +# choices: +# manage_in_tftpd -- default, uses the system's tftp server +# manage_tftpd_py -- uses cobbler's tftp server +# + +[tftpd] +module = manage_in_tftpd + +#-------------------------------------------------- + diff --git a/docker/build/cobbler/conf/setup.conf b/docker/build/cobbler/conf/setup.conf new file mode 100755 index 0000000..db6e4b6 --- /dev/null +++ b/docker/build/cobbler/conf/setup.conf @@ -0,0 +1,25 @@ +#centos6.5 +NTP=http://mirror.centos.org/centos/6.6/os/x86_64/Packages/ntp-4.2.6p5-1.el6.centos.x86_64.rpm +SSH_CLIENTS=ftp://mirror.switch.ch/pool/4/mirror/scientificlinux/6.5/x86_64/os/Packages/openssh-clients-5.3p1-94.el6.x86_64.rpm +OPENSSH=ftp://mirror.switch.ch/pool/4/mirror/scientificlinux/6.3/x86_64/updates/security/openssh-5.3p1-94.el6.x86_64.rpm +IPROUTE=ftp://mirror.switch.ch/pool/4/mirror/scientificlinux/6.5/x86_64/os/Packages/iproute-2.6.32-31.el6.x86_64.rpm +WGET=ftp://mirror.switch.ch/pool/4/mirror/scientificlinux/6.5/x86_64/os/Packages/wget-1.12-1.8.el6.x86_64.rpm +NTPDATE=http://mirror.centos.org/centos/6.6/os/x86_64/Packages/ntpdate-4.2.6p5-1.el6.centos.x86_64.rpm +YUM_PRIORITIES=ftp://mirror.switch.ch/pool/4/mirror/scientificlinux/6.3/i386/os/Packages/yum-plugin-priorities-1.1.30-14.el6.noarch.rpm +JSONC=http://rpms.adiscon.com/v7-stable/epel-6/x86_64/RPMS/json-c-0.9-4.el6.x86_64.rpm +LIBESTR=http://rpms.adiscon.com/v7-stable/epel-6/x86_64/RPMS/libestr-0.1.9-1.el6.x86_64.rpm +LIBGT=http://rpms.adiscon.com/v7-stable/epel-6/x86_64/RPMS/libgt-0.3.11-1.el6.x86_64.rpm +LIBLOGGING=http://rpms.adiscon.com/v7-stable/epel-6/x86_64/RPMS/liblogging-1.0.4-1.el6.x86_64.rpm +RSYSLOG=http://rpms.adiscon.com/v7-stable/epel-6/x86_64/RPMS/rsyslog-7.6.3-1.el6.src.rpm +CHEF_CLIENT_CENTOS=http://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-11.8.0-1.el6.x86_64.rpm + +#ubuntu12.04 +CHEF_CLIENT_UBUNTU=http://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef_11.8.0-1.ubuntu.12.04_amd64.deb + +#iso +CENTOS_ISO=https://s3-us-west-1.amazonaws.com/compass-local-repo/centos/6.5/CentOS-6.5-x86_64.iso +UBUNTU_ISO=http://releases.ubuntu.com/12.04/ubuntu-12.04.4-server-amd64.iso + +#repos +EPEL7=http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm +ATOMIC=http://www6.atomicorp.com/channels/atomic/centos/7/x86_64/RPMS/atomic-release-1.0-19.el7.art.noarch.rpm diff --git a/docker/build/cobbler/conf/ssl.conf b/docker/build/cobbler/conf/ssl.conf new file mode 100644 index 0000000..07f1e22 --- /dev/null +++ b/docker/build/cobbler/conf/ssl.conf @@ -0,0 +1,221 @@ +# +# This is the Apache server configuration file providing SSL support. +# It contains the configuration directives to instruct the server how to +# serve pages over an https connection. For detailing information about these +# directives see +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# + +LoadModule ssl_module modules/mod_ssl.so + +# +# When we also provide SSL we have to listen to the +# the HTTPS port in addition. +# +Listen 443 + +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is a internal +# terminal dialog) has to provide the pass phrase on stdout. +SSLPassPhraseDialog builtin + +# Inter-Process Session Cache: +# Configure the SSL Session Cache: First the mechanism +# to use and second the expiring timeout (in seconds). +SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) +SSLSessionCacheTimeout 300 + +# Semaphore: +# Configure the path to the mutual exclusion semaphore the +# SSL engine uses internally for inter-process synchronization. +# SSLMutex default + +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the +# SSL library. The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. This means you then cannot use the /dev/random device +# because it would lead to very long connection times (as long as +# it requires to make more entropy available). But usually those +# platforms additionally provide a /dev/urandom device which doesn't +# block. So, if available, use this one instead. Read the mod_ssl User +# Manual for more details. +SSLRandomSeed startup file:/dev/urandom 256 +SSLRandomSeed connect builtin +#SSLRandomSeed startup file:/dev/random 512 +#SSLRandomSeed connect file:/dev/random 512 +#SSLRandomSeed connect file:/dev/urandom 512 + +# +# Use "SSLCryptoDevice" to enable any supported hardware +# accelerators. Use "openssl engine -v" to list supported +# engine names. NOTE: If you enable an accelerator and the +# server does not start, consult the error logs and ensure +# your accelerator is functioning properly. +# +SSLCryptoDevice builtin +#SSLCryptoDevice ubsec + +## +## SSL Virtual Host Context +## + + + +# General setup for the virtual host, inherited from global configuration +#DocumentRoot "/var/www/html" +#ServerName www.example.com:443 + +# Use separate log files for the SSL virtual host; note that LogLevel +# is not inherited from httpd.conf. +ErrorLog logs/ssl_error_log +TransferLog logs/ssl_access_log +LogLevel warn + +# SSL Engine Switch: +# Enable/Disable SSL for this virtual host. +SSLEngine on + +# SSL Protocol support: +# List the enable protocol levels with which clients will be able to +# connect. Disable SSLv2 access by default: +SSLProtocol all -SSLv2 + +# SSL Cipher Suite: +# List the ciphers that the client is permitted to negotiate. +# See the mod_ssl documentation for a complete list. +SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW + +# Server Certificate: +# Point SSLCertificateFile at a PEM encoded certificate. If +# the certificate is encrypted, then you will be prompted for a +# pass phrase. Note that a kill -HUP will prompt again. A new +# certificate can be generated using the genkey(1) command. +SSLCertificateFile /etc/pki/tls/certs/localhost.crt + +# Server Private Key: +# If the key is not combined with the certificate, use this +# directive to point at the key file. Keep in mind that if +# you've both a RSA and a DSA private key you can configure +# both in parallel (to also allow the use of DSA ciphers, etc.) +SSLCertificateKeyFile /etc/pki/tls/private/localhost.key + +# Server Certificate Chain: +# Point SSLCertificateChainFile at a file containing the +# concatenation of PEM encoded CA certificates which form the +# certificate chain for the server certificate. Alternatively +# the referenced file can be the same as SSLCertificateFile +# when the CA certificates are directly appended to the server +# certificate for convinience. +#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt + +# Certificate Authority (CA): +# Set the CA certificate verification path where to find CA +# certificates for client authentication or alternatively one +# huge file containing all of them (file must be PEM encoded) +#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt + +# Client Authentication (Type): +# Client certificate verification type and depth. Types are +# none, optional, require and optional_no_ca. Depth is a +# number which specifies how deeply to verify the certificate +# issuer chain before deciding the certificate is not valid. +#SSLVerifyClient require +#SSLVerifyDepth 10 + +# Access Control: +# With SSLRequire you can do per-directory access control based +# on arbitrary complex boolean expressions containing server +# variable checks and other lookup directives. The syntax is a +# mixture between C and Perl. See the mod_ssl documentation +# for more details. +# +#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ +# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ +# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ +# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ +# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ +# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ +# + +# SSL Engine Options: +# Set various options for the SSL engine. +# o FakeBasicAuth: +# Translate the client X.509 into a Basic Authorisation. This means that +# the standard Auth/DBMAuth methods can be used for access control. The +# user name is the `one line' version of the client's X.509 certificate. +# Note that no password is obtained from the user. Every entry in the user +# file needs this password: `xxj31ZMTZzkVA'. +# o ExportCertData: +# This exports two additional environment variables: SSL_CLIENT_CERT and +# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the +# server (always existing) and the client (only existing when client +# authentication is used). This can be used to import the certificates +# into CGI scripts. +# o StdEnvVars: +# This exports the standard SSL/TLS related `SSL_*' environment variables. +# Per default this exportation is switched off for performance reasons, +# because the extraction step is an expensive operation and is usually +# useless for serving static content. So one usually enables the +# exportation for CGI and SSI requests only. +# o StrictRequire: +# This denies access when "SSLRequireSSL" or "SSLRequire" applied even +# under a "Satisfy any" situation, i.e. when it applies access is denied +# and no other module can change it. +# o OptRenegotiate: +# This enables optimized SSL connection renegotiation handling when SSL +# directives are used in per-directory context. +#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + +# SSL Protocol Adjustments: +# The safe and default but still SSL/TLS standard compliant shutdown +# approach is that mod_ssl sends the close notify alert but doesn't wait for +# the close notify alert from client. When you need a different shutdown +# approach you can use one of the following variables: +# o ssl-unclean-shutdown: +# This forces an unclean shutdown when the connection is closed, i.e. no +# SSL close notify alert is send or allowed to received. This violates +# the SSL/TLS standard but is needed for some brain-dead browsers. Use +# this when you receive I/O errors because of the standard approach where +# mod_ssl sends the close notify alert. +# o ssl-accurate-shutdown: +# This forces an accurate shutdown when the connection is closed, i.e. a +# SSL close notify alert is send and mod_ssl waits for the close notify +# alert of the client. This is 100% SSL/TLS standard compliant, but in +# practice often causes hanging connections with brain-dead browsers. Use +# this only for browsers where you know that their SSL implementation +# works correctly. +# Notice: Most problems of broken clients are also related to the HTTP +# keep-alive facility, so you usually additionally want to disable +# keep-alive for those clients, too. Use variable "nokeepalive" for this. +# Similarly, one has to force some clients to use HTTP/1.0 to workaround +# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and +# "force-response-1.0" for this. +SetEnvIf User-Agent ".*MSIE.*" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + +# Per-Server Logging: +# The home of a custom SSL log file. Use this when you want a +# compact non-error SSL logfile on a virtual host basis. +CustomLog logs/ssl_request_log \ + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + + diff --git a/docker/build/cobbler/conf/tftpd.template b/docker/build/cobbler/conf/tftpd.template new file mode 100644 index 0000000..31f4d36 --- /dev/null +++ b/docker/build/cobbler/conf/tftpd.template @@ -0,0 +1,21 @@ +# default: off +# description: The tftp server serves files using the trivial file transfer \ +# protocol. The tftp protocol is often used to boot diskless \ +# workstations, download configuration files to network-aware printers, \ +# and to start the installation process for some operating systems. +service tftp +{ + disable = no + log_type = SYSLOG local5 info + socket_type = dgram + protocol = udp + wait = yes + user = $user + server = $binary + server_args = -B 1380 -v -s $args + instances = 1000 + per_source = 1000 + cps = 1000 2 + flags = IPv4 +} + diff --git a/docker/build/cobbler/scripts/start b/docker/build/cobbler/scripts/start new file mode 100644 index 0000000..055ffe6 --- /dev/null +++ b/docker/build/cobbler/scripts/start @@ -0,0 +1,17 @@ +#!/bin/bash + +service httpd start +service cobblerd start + +# import distros +cobbler import --path=/var/lib/cobbler/mount_point/CentOS-6.5-x86_64 --name=CentOS-6.5-x86_64 --arch=x86_64 --kickstart=/var/lib/cobbler/kickstarts/default.ks --breed=redhat +cobbler import --path=/var/lib/cobbler/mount_point/Ubuntu-12.04-x86_64 --name=Ubuntu-12.04-x86_64 --arch=x86_64 --kickstart=/var/lib/cobbler/kickstarts/default.seed --breed=ubuntu + +# add profiles +cobbler profile add --name=CentOS-6.5-x86_64 --repo=centos_ppa_repo --distro=CentOS-6.5-x86_64 --ksmeta="tree=http://10.145.89.200:8080/cobbler/ks_mirror/CentOS-6.5-x86_64 compass_server=10.145.89.200" --kickstart=/var/lib/cobbler/kickstarts/default.ks +cobbler profile add --name=Ubuntu-12.04-x86_64 --repo=ubuntu_ppa_repo --distro=Ubuntu-12.04-x86_64 --ksmeta="tree=http://10.145.89.200:8080/cobbler/ks_mirror/Ubuntu-12.04-x86_64 compass_server=10.145.89.200" --kickstart=/var/lib/cobbler/kickstarts/default.seed --kopts="netcfg/choose_interface=auto" + + +cobbler reposync +cobbler sync +cobbler check diff --git a/docker/build/compass/Dockerfile b/docker/build/compass/Dockerfile new file mode 100644 index 0000000..d31f11d --- /dev/null +++ b/docker/build/compass/Dockerfile @@ -0,0 +1,137 @@ +FROM centos:centos7 + +ADD conf/setup.conf /root/setup.conf +RUN chmod +x /root/setup.conf +## install yum repos and then packages +RUN source /root/setup.conf && \ + rpm -Uvh $EPEL7 >& /dev/null && \ + sed -i 's/^mirrorlist=https/mirrorlist=http/g' /etc/yum.repos.d/epel.repo && \ + rpm -Uvh $ATOMIC >& /dev/null && \ + sed -i 's/^mirrorlist=https/mirrorlist=http/g' /etc/yum.repos.d/atomic.repo +RUN yum clean all >& /dev/null && \ + yum update -y --skip-broken >&/dev/null && \ + yum install -y rsyslog logrotate ntp iproute openssh-clients python python-devel git wget rabbitmq-server mod_wsgi httpd squid yum-utils gcc net-snmp-utils net-snmp net-snmp-python openssl openssl098e ca-certificates redis mariadb mariadb-server mariadb-devel python-virtualenv python-setuptools MySQL-python + +# set up pip and install python virtual environment +RUN easy_install --upgrade pip +RUN pip install virtualenvwrapper + +# get compass-core code +WORKDIR /root +RUN source /root/setup.conf && \ + git clone $COMPASS_CORE +WORKDIR /root/compass-core +RUN mkdir /root/backup + +# update rsyslog conf +RUN cp -rn /etc/rsyslog.conf /root/backup +RUN rm -rf /etc/rsyslog.conf +RUN cp -rf misc/rsyslog/rsyslog.conf /etc/rsyslog.conf +RUN chmod 644 /etc/rsyslog.conf + +# update logrotate.d +RUN cp -rn /etc/logrotate.d /root/backup +RUN rm -rf /etc/logrotate.d/* +RUN cp -rf misc/logrotate.d/* /etc/logrotate.d/ +RUN chmod 644 /etc/logrotate.d/* + +# grant permission to httpd and mysqld log dirs +RUN mkdir /var/log/mysql +RUN chmod 777 /var/log/httpd +RUN chmod 777 /var/log/mysql + +# clone compass web +WORKDIR /root +RUN source /root/setup.conf && \ + git clone $COMPASS_WEB + +# setup python requirements +# remove 'mysql-python' from requirements as centos 7 supports the yum package +WORKDIR /root/compass-core +RUN sed -i 's/MySQL-python/#MySQL-python/g' requirements.txt +RUN source `which virtualenvwrapper.sh` && \ + mkvirtualenv --system-site-packages compass-core && \ + workon compass-core && \ + pip install -U -r requirements.txt + +# download local repo +WORKDIR /tmp +RUN source /root/setup.conf && \ + wget $LOCAL_REPO + +# snmp +# instead of moving mibs to /usr/local/share/snmp/mibs, centos7 puts mibs file at /usr/share/snmp/mibs/ + +WORKDIR /root/compass-core +RUN yes|cp -rf mibs/* /usr/share/snmp/mibs/ +RUN cp -rf misc/snmp/snmp.conf /etc/snmp/snmp.conf +RUN chmod 644 /etc/snmp/snmp.conf +RUN mkdir -p /var/lib/net-snmp/mib_indexes +RUN chmod 755 /var/lib/net-snmp/mib_indexes + +# install compass-core +WORKDIR /root/compass-core +RUN mkdir -p /etc/compass +RUN mkdir -p /opt/compass/bin +RUN mkdir -p /var/log/compass +RUN mkdir -p /var/log/chef +RUN mkdir -p /var/www/compass + +RUN cp -rf misc/apache/ods-server.conf /etc/httpd/conf.d/ods-server.conf +RUN cp -rf conf/* /etc/compass/ +RUN cp -rf bin/*.py /opt/compass/bin/ +RUN cp -rf bin/*.sh /opt/compass/bin/ +RUN cp -rf bin/compassd /usr/bin/ +RUN cp -rf bin/switch_virtualenv.py.template /opt/compass/bin/switch_virtualenv.py +RUN ln -s -f /opt/compass/bin/compass_check.py /usr/bin/compass +RUN ln -s -f /opt/compass/bin/compass_wsgi.py /var/www/compass/compass.wsgi +RUN cp -rf bin/chef/* /opt/compass/bin/ +RUN cp -rf bin/cobbler/* /opt/compass/bin/ +RUN cp -rf /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so + +# setup compass-core and related confs +RUN mkdir -p /opt/compass/db && \ + chmod -R 777 /opt/compass/db +RUN chmod -R 777 /var/log/compass +RUN chmod -R 777 /var/log/chef +RUN echo "export C_FORCE_ROOT=1" > /etc/profile.d/celery_env.sh +RUN chmod +x /etc/profile.d/celery_env.sh +WORKDIR /root/compass-core +RUN source `which virtualenvwrapper.sh` && \ + workon compass-core && \ + python setup.py install + +# compass web +WORKDIR /root/compass-web +RUN yum -y install tar +RUN mkdir -p /var/www/compass_web +RUN cp -rf v2 /var/www/compass_web/ +WORKDIR /tmp +RUN tar -xzvf local_repo.tar.gz +RUN mv -f local_repo/* /var/www/compass_web/v2/ + +# enable start-up script +ADD scripts/sample_start /root/sample_start +RUN chmod +x /root/sample_start + +# start: perform some post-installation tasks +# modify compass refresh to make it work in containers +ADD scripts/refresh.sh /opt/compass/bin/refresh.sh +RUN chmod +x /opt/compass/bin/refresh.sh + +# set python home for virtualenv +RUN sed -i "s|\$PythonHome|\/root\/\.virtualenvs\/compass-core|g" /opt/compass/bin/switch_virtualenv.py + +# add apache to root group +RUN usermod -a -G `groups root|awk '{print$3}'` apache + +# configure mysql +RUN /usr/bin/mysql_install_db && \ + chown -R mysql:mysql /var/lib/mysql + +# CMD ["/root/sample_start"] + +EXPOSE 80 +EXPOSE 22 +EXPOSE 123 +EXPOSE 3306 diff --git a/docker/build/compass/conf/setup.conf b/docker/build/compass/conf/setup.conf new file mode 100644 index 0000000..429eaab --- /dev/null +++ b/docker/build/compass/conf/setup.conf @@ -0,0 +1,5 @@ +LOCAL_REPO="https://s3-us-west-1.amazonaws.com/compass-local-repo/local_repo.tar.gz" +EPEL7="http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm" +ATOMIC="http://www6.atomicorp.com/channels/atomic/centos/7/x86_64/RPMS/atomic-release-1.0-19.el7.art.noarch.rpm" +COMPASS_CORE="https://git.openstack.org/stackforge/compass-core.git" +COMPASS_WEB="https://git.openstack.org/stackforge/compass-web.git" diff --git a/docker/build/compass/scripts/refresh.sh b/docker/build/compass/scripts/refresh.sh new file mode 100644 index 0000000..8da8788 --- /dev/null +++ b/docker/build/compass/scripts/refresh.sh @@ -0,0 +1,9 @@ +#/bin/bash +set -e +/opt/compass/bin/manage_db.py createdb +# /opt/compass/bin/clean_installers.py +# /opt/compass/bin/clean_installation_logs.py +/usr/sbin/apachectl -D NO_DETACH -D FOREGROUND +/usr/bin/redis-server & +CELERY_CONFIG_MODULE=compass.utils.celeryconfig_wrapper C_FORCE_ROOT=1 /opt/compass/bin/celery worker &> /tmp/celery-worker.log & +/opt/compass/bin/progress_update.py &> /tmp/progress_update.log diff --git a/docker/build/compass/scripts/sample_start b/docker/build/compass/scripts/sample_start new file mode 100644 index 0000000..71d0159 --- /dev/null +++ b/docker/build/compass/scripts/sample_start @@ -0,0 +1,56 @@ +#!/bin/bash + +# set python home +# sed -i "s|\$PythonHome|\/root\/\.virtualenvs\/compass-core|g" /opt/compass/bin/switch_virtualenv.py + +# add apache to root user group +# usermod -a -G `groups root|awk '{print$3}'` apache + +# activate virtualenv +source `which virtualenvwrapper.sh` +workon compass-core + +## mysql +# install db +# grant permission to mysql data dir +# /usr/bin/mysql_install_db +# chown mysql:mysql /var/lib/mysql +# chown mysql:mysql /var/lib/mysql/* +# chown mysql:mysql /var/lib/mysql/mysql/* +# chown mysql:mysql /var/lib/mysql/performance_schema/* + +# start mysqld service, push it to bg +/usr/bin/mysqld_safe > /dev/null 2>&1 & + +RET=1 +while [[ RET -ne 0 ]]; do + echo "waiting for mariadb to startup" + sleep 5 + mysql -uroot -e "status" > /dev/null 2>&1 + RET=$? +done + +echo "mariadb started" + +# set mysql with default username and password +mysqladmin -h127.0.0.1 --port=3306 -u root password root + +# create db 'compass' +mysql -h127.0.0.1 --port=3306 -uroot -proot -e "create database compass" + +## virtualenv +# create virtualenv +# source `which virtualenvwrapper.sh` +# mkvirtualenv --system-site-packages compass-core + +# install compass requirements + +# start compass services +/opt/compass/bin/manage_db.py createdb +/usr/sbin/apachectl -k start +/usr/sbin/rabbitmq-server & +/usr/bin/redis-server & +ln -s /root/.virtualenvs/compass-core/bin/celery /opt/compass/bin/celery +CELERY_CONFIG_MODULE=compass.utils.celeryconfig_wrapper C_FORCE_ROOT=1 /opt/compass/bin/celery worker &> /tmp/celery-worker.log & +/opt/compass/bin/progress_update.py &> /tmp/progress_update.log & +tail -f /dev/null diff --git a/examples/Dockerfile b/examples/Dockerfile new file mode 100644 index 0000000..d13c631 --- /dev/null +++ b/examples/Dockerfile @@ -0,0 +1,13 @@ +FROM compassindocker/compass:test + +ADD scripts/start /root/start +ADD conf/compass.setting /etc/compass/setting +ADD conf/cobbler.conf /etc/compass/os_installer/cobbler.conf +ADD conf/chef-icehouse.conf /etc/compass/package_installer/chef-icehouse.conf +ADD conf/chef-client.pem /etc/chef-client.pem + +RUN chmod +x /root/start + +CMD ["/root/start"] +EXPOSE 80 +EXPOSE 123 diff --git a/examples/conf/chef-client.pem b/examples/conf/chef-client.pem new file mode 100644 index 0000000..aaf83ec --- /dev/null +++ b/examples/conf/chef-client.pem @@ -0,0 +1,28 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA16JNckh4jk4B/yuw42OkHTix7cFWr7DLvpUOFHecmw6IcfP2 +mLvY2FI+RFFtM91/hWy648TtNzK5/iUJeTNLjGAuthzGeTfGS9SR8rSfVjDd6zHt +gbHBTPPCeAydy9TfJpOhXWy8DHNiGjQKQd/RM8Sgzbp0JW1yMqSg+o64MgR8VFLL +VMG6kA1VFzLs+/3W14vaHZqF0y8N0ZQeAXnsx51zNQL2rlEpF3PMMAhgyJIZ+UZk +vDPu+i6wcabrq7yfmYg5B9OzAHkccAacCLjMz/2KCxHysuxkiElZ5g6qpHAlBQCw +yt/GY6+UYBWtKd7UrHCN9+k5a4hXom1VbSYmGQIDAQABAoIBAQDQtT7QhmRpGAfG +ursS27ZUsjNFNAR7OFt7szlVhhAF5CMcaE0dt3NCrReneEiCErkCoyKgolIXQvnS +inaI4KUW0WFk0qUnXlyHuM8qYrh17AZfRovjI/E8UhK/rzZruzXhWLKugjfgtS0W +v5fN+pu5x278sKMKNsx5R+6nlMujW/ztk6zFh4XQPH4WjbpEwNbGWtwktUu1ogTu +AKLUZUvjNej+qBo/rxaTvKnUw9YW7KRNmD97CJwiyATEMW3uCs/K+S1gMIW/pkOt +Nl3cokF94FwPxcSuJZMc6ZuGJrdjuUiwExO5Q9x5pxskbwYfK6Sq/cLy9ssqV8aL +Mam7xkKBAoGBAPR2Q+br5TXZHYv3y4FCKo6tcALloIdHAoVLrfSXeKe81b70j/Za +hGE9Wm5F0hbMK70l+NgDJnSbUUKmwDeU4eJbhrW68xuu8XP1jblwWLZ/RrqX4w8F +WqNbN4LokEu285xTZc2/MGyI4E7IB0LzCh7YvNyD8Mw5hoQeZqne76yNAoGBAOHP +uHOgu2lFokW8hvYg1tG1WqDAxNEThz+F6K1AhCh/rrKFqsns5baAr0A0nBOzfF52 +hnuQwjivoQ4LxapwDyYmbs0qmPSgOnKUAKuAlGYgiPzoqqAu7rPU6IsmbIa6Jex0 +JgbNNlFflvogQ7Ws1MJkVflBXtCRmIEC+dUeX0q9AoGBAM1H1oM+Sc6rEDWuEnTr +lAMVvz6fhuqyBXrbbys6WvY4CyF8CrvrjMh/FcYN2XqNXplKHql+E7fNiTI4Bqdl +3T0QcJGAeI8hm94tMCKtJcGyJTmhO+ksLM2KVpYWJr191xnJqm5YgxhQ5FMjg32D +y1bV19ow7W8BS2T8hmdVLtwtAoGAdf/9THcW2EkqJjUBdcbtWwLhDBYQA42n5HsO +ftKy/RLT8LhG6mQgGkGe0vdrBCSL/jUDy7h2tfaZO+TM82bBk9cLma0D5vl/8XYD +75sucTvZOgg/eZts446DwotetPy7ape7c1xzYQyJscWAfISHXdnez3TonicnQWuT +sFnBxCUCgYAmFe++2rfIDyTn/gYcZcTQeF9Ei9jAo8fGXuS/mqBNBwRLuctqoWsX +Qw4XZ+sMZQ2nQED9mC5skEpSKdetXZ0eMLd/JfnJhyqSlGqEbauD01mEdV/POYxG +oxpSg7bPw05mpaIzUCXw1mQpq7bZ/dQRArNs0wJwFi7sL1Pkf+/AHg== +-----END RSA PRIVATE KEY----- + diff --git a/examples/conf/chef-icehouse.conf b/examples/conf/chef-icehouse.conf new file mode 100644 index 0000000..8cb6e85 --- /dev/null +++ b/examples/conf/chef-icehouse.conf @@ -0,0 +1,11 @@ +NAME = 'chef_installer' +INSTANCE_NAME = 'chef_installer' +SETTINGS = { + 'chef_url': 'https://10.145.89.140', + 'chef_server_ip': '10.145.89.140', + 'chef_server_dns': 'compass', + 'key_dir': '/etc/chef-client.pem', + 'client_name': 'docker-controller', + 'databags': [] +} + diff --git a/examples/conf/cobbler.conf b/examples/conf/cobbler.conf new file mode 100644 index 0000000..3928d6b --- /dev/null +++ b/examples/conf/cobbler.conf @@ -0,0 +1,9 @@ +NAME = 'cobbler' +INSTANCE_NAME = 'cobbler' +SETTINGS = { + 'cobbler_url': 'http://10.145.89.140/cobbler_api', + 'credentials': { + 'username': 'cobbler', + 'password': 'cobbler' + } +} diff --git a/examples/conf/compass.setting b/examples/conf/compass.setting new file mode 100644 index 0000000..e4b2aaa --- /dev/null +++ b/examples/conf/compass.setting @@ -0,0 +1,33 @@ +CONFIG_DIR = '/etc/compass' +DATABASE_TYPE = 'mysql' +DATABASE_USER = 'root' +DATABASE_PASSWORD = 'root' +DATABASE_SERVER = '127.0.0.1:3306' +DATABASE_NAME = 'compass' +SQLALCHEMY_DATABASE_URI = '%s://%s:%s@%s/%s' % (DATABASE_TYPE, DATABASE_USER, DATABASE_PASSWORD, DATABASE_SERVER, DATABASE_NAME) +SQLALCHEMY_DATABASE_POOL_TYPE = 'instant' +INSTALLATION_LOGDIR = { + 'CobblerInstaller': '/var/log/cobbler/anamon', + 'ChefInstaller': '/var/log/chef' +} +DEFAULT_LOGLEVEL = 'info' +DEFAULT_LOGDIR = '/var/log/compass' +DEFAULT_LOGINTERVAL = 6 +DEFAULT_LOGINTERVAL_UNIT = 'h' +DEFAULT_LOGFORMAT = '%(asctime)s - %(filename)s - %(lineno)d - %(levelname)s - %(message)s' +WEB_LOGFILE = 'compass.log' +CELERY_LOGFILE = 'celery.log' +CELERYCONFIG_DIR = '/etc/compass' +CELERYCONFIG_FILE = 'celeryconfig' +PROGRESS_UPDATE_INTERVAL=30 +POLLSWITCH_INTERVAL=60 +SWITCHES = [ +] +TMPL_DIR = '/etc/compass/templates' +COMPASS_SUPPORTED_PROXY = 'http://10.145.89.140:3128' +COMPASS_SUPPORTED_DEFAULT_NOPROXY = ['127.0.0.1','10.145.89.140','comapss'] +COMPASS_SUPPORTED_NTP_SERVER = '10.145.89.140' +COMPASS_SUPPORTED_DNS_SERVERS = ['10.145.89.140'] +COMPASS_SUPPORTED_DOMAINS = ['ods.com'] +COMPASS_SUPPORTED_DEFAULT_GATEWAY = '10.145.88.1' +COMPASS_SUPPORTED_LOCAL_REPO = 'http://10.145.89.140' diff --git a/examples/scripts/start b/examples/scripts/start new file mode 100644 index 0000000..767b1ec --- /dev/null +++ b/examples/scripts/start @@ -0,0 +1,36 @@ +#!/bin/bash + +# activate virtualenv +source `which virtualenvwrapper.sh` +workon compass-core + +# start mysqld service, push it to bg +/usr/bin/mysqld_safe > /dev/null 2>&1 & + +RET=1 +while [[ RET -ne 0 ]]; do + echo "waiting for mariadb to startup" + sleep 5 + mysql -uroot -e "status" > /dev/null 2>&1 + RET=$? +done + +echo "mariadb started" + +# set mysql with default username and password +mysqladmin -h127.0.0.1 --port=3306 -u root password root + +# create db 'compass' +mysql -h127.0.0.1 --port=3306 -uroot -proot -e "create database compass" + +# start compass services +/opt/compass/bin/manage_db.py createdb +/usr/sbin/apachectl -k start +/usr/sbin/rabbitmq-server & +/usr/bin/redis-server & +/usr/sbin/ntpd & +ln -s /root/.virtualenvs/compass-core/bin/celery /opt/compass/bin/celery +CELERY_CONFIG_MODULE=compass.utils.celeryconfig_wrapper C_FORCE_ROOT=1 /opt/compass/bin/celery worker &> /tmp/celery-worker.log & +/opt/compass/bin/progress_update.py &> /tmp/progress_update.log & +touch /var/log/compass/celery.log +tail -f /var/log/compass/celery.log diff --git a/install/allinone.yml b/install/allinone.yml new file mode 100644 index 0000000..3da3c93 --- /dev/null +++ b/install/allinone.yml @@ -0,0 +1,9 @@ +--- + +- hosts: allinone + sudo: True + roles: + - common + - chef + - cobbler + - compass diff --git a/install/allinone_nochef.yml b/install/allinone_nochef.yml new file mode 100644 index 0000000..3ad8e08 --- /dev/null +++ b/install/allinone_nochef.yml @@ -0,0 +1,8 @@ +--- + +- hosts: compass_vm + sudo: True + roles: + - common + - cobbler + - compass diff --git a/install/cobbler_nodocker.yml b/install/cobbler_nodocker.yml new file mode 100644 index 0000000..110b374 --- /dev/null +++ b/install/cobbler_nodocker.yml @@ -0,0 +1,7 @@ +--- + +- hosts: cobbler_ansible_test + sudo: True + roles: + - common + - cobbler diff --git a/install/compass_nodocker.yml b/install/compass_nodocker.yml new file mode 100644 index 0000000..9f59262 --- /dev/null +++ b/install/compass_nodocker.yml @@ -0,0 +1,10 @@ +--- + +- hosts: compass_nodocker + sudo: True + roles: + - common + - cobbler + - compass + vars: + - dockerized: False diff --git a/install/group_vars/all b/install/group_vars/all new file mode 100644 index 0000000..47eea89 --- /dev/null +++ b/install/group_vars/all @@ -0,0 +1,225 @@ +--- + +# Once rebuild is marked as True, all docker images and/or packages will be destroyed and re-established +rebuild: True + +# Auto-generated IP values +chef_server: "10.145.89.139" +cobbler_server: "{{ mgmt_next_ip }}" +compass-server: "{{ mgmt_next_ip }}" + +internal_nic: eth1 +internal_interface: "ansible_{{ internal_nic }}" +internal_ip: "{{ hostvars[inventory_hostname][internal_interface]['ipv4']['address'] }}" + +# Auto-generated +dockerized_cobbler: True +dockerized_chef: False + +# shared_dir on local machine +shared_dir: "~/compass/shared" + +# pkg installer +pkg_installer: ['ansible'] + +## default urls + +# centos +epel_6: "https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm" + +# compass adapters +compass_adapters: "git://git.openstack.org/stackforge/compass-adapters.git" + +## cobbler +# cidr for docker bridge: compass0 +compass0_subnet: "192.168.100.1/24" + +# subnet ip for docker bridge: compass0 +compass0_subnet_ip: "192.168.100.0" + +# subnet mask for docker bridge: compass0 +compass0_subnet_mask: "255.255.255.0" + +# router ip for docker bridge: compass0 +compass0_router: "192.168.100.1" + +# dhcp range for docker bridge: compass0 +compass0_dhcp_range: "192.168.100.150 192.168.100.160" + +# management nic +mgmt_nic: "eth1" +mgmt_nic_ip: "hostvars[inventory_hostname][ansible_{{ mgmt_nic }}]['ipv4']['address']" +# management pxe server +mgmt_next_ip: "10.1.0.12" + +# management subnet ip of the cluster you want to deploy +mgmt_subnet_ip: "10.1.0.0" + +# mangement cidr of the cluster you want to deploy +mgmt_subnet: "10.1.0.0/24" + +# management subnet router ip +mgmt_router: "10.1.0.1" + +# management subnet subnet mask +mgmt_subnet_mask: "255.255.255.0" + +# management subnet dhcp range +mgmt_dhcp_range: "10.1.0.100 10.1.0.150" + + + +## ports for cobbler ## + +# http port on host that maps to the cobbler container +cobbler_mapped_http_port_on_host: "8080" + +# rsyslog port on host that maps to the compass container +rsyslog_port_mapped_on_host: "12514" + +# tftp port on host that maps to the cobbler container +tftp_port: "69" + +# xmlrpc port on host that maps to the cobbler container +xmlrpc_port: "25151" + +# dns port on host that maps to the cobbler container +dns_port: "53" + +# mysql port +mysql_port: "3306" + +# port mapping as a paramter for running cobbler container +cobbler_port_mapping: -p {{ cobbler_mapped_http_port_on_host }}:80 -p {{ tftp_port }}:69/udp -p {{ dns_port }}:53/udp -p {{ xmlrpc_port }}:25151 -p {{ rsyslog_port_mapped_on_host }}:514 + + + +## ports for compass ## + +# http port on host that maps to the compass container +compass_mapped_http_port_on_host: "5000" + +# ntp port on host that maps to the compass container +ntp_port: "123" + +# squid proxy port on host that maps to the compass container +proxy_port: "3128" + +# port mapping as a parameter for running compass container +compass_port_mapping: -p {{ compass_mapped_http_port_on_host }}:80 -p {{ ntp_port }}:123 -p {{ proxy_port }}:3128 -p {{ mysql_port }}:3306 + + +## isos +# centos iso url +centos_url: "{{ centos_65_url }}" + +# ubuntu iso url +ubuntu_url: "{{ ubuntu_1204_url }}" + +# centos 6.5 url +centos_65_url: "https://s3-us-west-1.amazonaws.com/compass-local-repo/centos/6.5/CentOS-6.5-x86_64.iso" + +# ubuntu 12.04 url +ubuntu_1204_url: "https://s3-us-west-1.amazonaws.com/compass-local-repo/ubuntu/12.04/Ubuntu-12.04-x86_64.iso" + +# os name of centos +centos: "{{ centos_65 }}" + +# os name of ubuntu +ubuntu: "{{ ubuntu_1204 }}" + +# centos 6.5 os name +centos_65: "CentOS-6.5-x86_64" + +# ubuntu 12.04 os name +ubuntu_1204: "Ubuntu-12.04-x86_64" + +# ubuntu 14.04 url +ubuntu_1404_url: "https://s3-us-west-1.amazonaws.com/compass-local-repo/ubuntu/14.04/Ubuntu-14.04-x86_64.iso" + +# ubuntu 14.04 os name +ubuntu_1404: "Ubuntu-14.04-x86_64" + +region: "lab" + +distros: + - { + name: "Ubuntu-14.04-x86_64", + iso_us_url: "https://s3-us-west-1.amazonaws.com/compass-local-repo/ubuntu/14.04/Ubuntu-14.04-x86_64.iso", + ppa_us_url: "https://s3-us-west-1.amazonaws.com/compass-local-repo/ubuntu/14.04/ubuntu_14_04_ppa_repo.tar.gz", + iso_lab_url: "http://192.168.120.2/cobbler/iso/ubuntu/Ubuntu-14.04-x86_64.iso", + ppa_lab_url: "http://192.168.120.2/cobbler/ppa_repo/ubuntu_14_04_ppa_repo.tar.gz", + ppa_repo_name: "ubuntu_14_04_ppa_repo", + breed: "ubuntu", + kickstart: "default.seed", + kopts: "netcfg/choose_interface=auto" + } + + - { + name: "CentOS-6.5-x86_64", + iso_us_url: "https://s3-us-west-1.amazonaws.com/compass-local-repo/centos/6.5/CentOS-6.5-x86_64.iso", + ppa_us_url: "https://s3-us-west-1.amazonaws.com/compass-local-repo/centos/6.5/centos_6_5_ppa_repo.tar.gz", + iso_lab_url: "http://192.168.120.2/cobbler/iso/centos/CentOS-6.5-x86_64.iso", + ppa_lab_url: "http://192.168.120.2/cobbler/ppa_repo/centos_6_5_ppa_repo.tar.gz", + ppa_repo_name: "centos_6_5_ppa_repo", + breed: "redhat", + kickstart: "default.ks", + kopts: "" + } + +## volume mapping for cobbler ## + +# mount point for isos on cobbler host +host_mount_point: "/root/docker-cobbler/images" + +# mount point inside cobbler container +container_mount_point: "/var/lib/cobbler/mount_point" + +# combined mount syntax for docker run +image_volume_mapping: "-v {{ host_mount_point }}:{{ container_mount_point }}" + +# log dir on cobbler host +cobbler_host_log_dir: "/var/log/cobbler" + +# log dir inside cobbler container +cobbler_container_log_dir: "/var/log/cobbler" + +# log the logs from container into host for future use +log_volume_mapping: "-v {{ cobbler_host_log_dir }}:{{ cobbler_container_log_dir }}" + + + +## volume mapping for compass ## + +# log dir on compass host +compass_host_log_dir: "/var/log/compass" + +# log dir on inside compass container +compass_container_log_dir: "/var/log/cobbler" + +# sync logs inside out of the container +compass_volume_mapping: "-v {{ compass_host_log_dir }}:{{ compass_container_log_dir }}" + + + +## docker ## + +# install docker on ubuntu +docker_apt_key_server: hkp://keyserver.ubuntu.com:80 +docker_apt_key: 36A1D7869245C8950F966E92D8576A8BA88D21E9 + +# epel version +epel_file_name: epel-release-6-8.noarch.rpm +epel_base_url: http://download.fedoraproject.org/pub/epel/6/x86_64/ + +# atomic version +atomic_file_name: atomic-release-1.0-19.el6.art.noarch.rpm +atomic_base_url: http://www6.atomicorp.com/channels/atomic/centos/6/x86_64/RPMS/ + +# pxe boot macs +#pxe_boot_macs: ['00:00:37:ed:95:4e', '00:00:79:ad:ce:6b', '00:00:0a:f6:6e:d7'] +#test: true + +# the key to be authorized on pxe boot machines so passwordless login can be +# done from the machine where you grab the key. +#push_ssh_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUuKnIXwxS9w+Rxb4+CL3iqNQXB+kriQyr89YeLg5X7B0h+r91okw2bgodVvoynH8n7d7afHYew4KH7pMc5a3QMf/gwhhnlfoeyimQg0IOTQ6pvNxifRi5IN9xa3mB3kL9/xVmfo9rUE6ZZ4dNQ91As706SLBzEJWUuICT7fFJqCqHbxNT9aO//TWcoJJH+d+GLfLagyfVxBHb8DcoNSKTq1rFjZCFVs9pg6aO0d6Z3FcyICxOaacsAoRZOsx8+2WsHaZRk6udbqZJHt7LBs9Bc38+YCRhc31Q2jyrm37xT3QchRl4sihqq38N03cTYBksuRfV1dJaso9MUQapa/Lv root@host-1" diff --git a/install/inventories/allinone b/install/inventories/allinone new file mode 100644 index 0000000..ea3dcbf --- /dev/null +++ b/install/inventories/allinone @@ -0,0 +1,2 @@ +[allinone] +xc-ansible-test1 ansible_ssh_host=10.145.89.128 ansible_ssh_user=root ansible_ssh_pass=root type=allinone diff --git a/install/inventories/chef b/install/inventories/chef new file mode 100644 index 0000000..1f866bc --- /dev/null +++ b/install/inventories/chef @@ -0,0 +1,2 @@ +[chefnodes] +xc-ansible-test1 ansible_ssh_host=10.145.89.128 ansible_ssh_user=root ansible_ssh_pass=root dockerized=False type=chef diff --git a/install/inventories/cobbler b/install/inventories/cobbler new file mode 100644 index 0000000..e739247 --- /dev/null +++ b/install/inventories/cobbler @@ -0,0 +1,2 @@ +[cobblernodes] +docker-base ansible_ssh_host=10.145.89.139 ansible_ssh_user=root ansible_ssh_pass=root dockerized=True container_name=cobbler-dev type=cobbler diff --git a/install/inventories/compass b/install/inventories/compass new file mode 100644 index 0000000..9fa8fa4 --- /dev/null +++ b/install/inventories/compass @@ -0,0 +1,2 @@ +[compassnodes] +xc-ansible-test1 ansible_ssh_host=10.145.89.128 ansible_ssh_user=root ansible_ssh_pass=root dockerized=True container_name=compass-dev type=compass diff --git a/install/inventories/hosts_test b/install/inventories/hosts_test new file mode 100644 index 0000000..9bacea2 --- /dev/null +++ b/install/inventories/hosts_test @@ -0,0 +1,6 @@ +[chefnodes] +xc-precise-server ansible_ssh_host=10.145.89.133 ansible_ssh_user=root ansible_ssh_pass=root type=chef +[cobblernodes] +xc-ansible-test1 ansible_ssh_host=10.145.89.128 ansible_ssh_user=root ansible_ssh_pass=root type=cobbler +[compassnodes] +xc-precise-server ansible_ssh_host=10.145.89.133 ansible_ssh_user=root ansible_ssh_pass=root type=compass diff --git a/install/inventories/ubuntu_test b/install/inventories/ubuntu_test new file mode 100644 index 0000000..3a5953a --- /dev/null +++ b/install/inventories/ubuntu_test @@ -0,0 +1,6 @@ +# [chefnodes] +# xc-precise-server ansible_ssh_host=10.145.89.133 ansible_ssh_user=root ansible_ssh_pass=root type=chef +[cobblernodes] +xc-precise-server ansible_ssh_host=10.145.89.133 ansible_ssh_user=root ansible_ssh_pass=root type=cobbler +[compassnodes] +xc-precise-server ansible_ssh_host=10.145.89.133 ansible_ssh_user=root ansible_ssh_pass=root type=compass diff --git a/install/precheck.yml b/install/precheck.yml new file mode 100644 index 0000000..939fb81 --- /dev/null +++ b/install/precheck.yml @@ -0,0 +1,16 @@ +--- + +- hosts: chefnodes + sudo: True + roles: + - precheck + +- hosts: cobblernodes + sudo: True + roles: + - precheck + +- hosts: compassnodes + sudo: True + roles: + - precheck diff --git a/install/regtest.yml b/install/regtest.yml new file mode 100644 index 0000000..4d88328 --- /dev/null +++ b/install/regtest.yml @@ -0,0 +1,45 @@ +--- + +- hosts: regtest_vm + sudo: True + roles: + - regtest-compass +# - regtest-ansible-openstack + vars: + - COMPASS_PATH: "/opt/compass-core" + - COMPASS_SERVER_URL: "http://10.1.0.11:5000/api" + - COMPASS_USER_EMAIL: "admin@huawei.com" + - COMPASS_USER_PASSWORD: "admin" + - CLUSTER_NAME: "opnfv" + - LANGUAGE: "EN" + - TIMEZONE: "America/Los_Angeles" + - HOSTNAMES: "allinone" + - NTP_SERVER: "10.1.0.11" + - NAMESERVERS: "10.1.0.11" + - DOMAIN: "ods.com" + - PARTITIONS: "/home=5%,/tmp=5%,/var=20%" + - SUBNETS: "10.1.0.0/24,172.16.2.0/24,172.16.3.0/24,172.16.4.0/24" + - ADAPTER_OS_PATTERN: '"(?i)ubuntu-14\.04.*"' + - ADAPTER_NAME: "os_only" + - ADAPTER_TARGET_SYSTEM_PATTERN: "" + - ADAPTER_FLAVOR_PATTERN: "" + - PROXY: "" + - IGNORE_PROXY: "" + - SEARCH_PATH: "ods.com" + - GATEWAY: "10.1.0.1" + - SERVER_CREDENTIAL: "root" + - LOCAL_REPO_URL: "" + - OS_CONFIG_FILENAME: "" + - SERVICE_CREDENTIALS: "service" + - CONSOLE_CREDENTIALS: "console" + - HOST_NETWORKS: "allinone:eth0=10.1.0.100|is_mgmt,eth1=172.16.2.100,eth2=172.16.3.100,eth3=172.16.4.100" + - NETWORK_MAPPING: "management=eth0,tenant=eth1,storage=eth3,external=eth2" + - PACKAGE_CONFIG_FILENAME: "" + - HOST_ROLES: "" + - DEFAULT_ROLES: "" + - SWITCH_IPS: "1.1.1.1" + - MACHINES: "" + - SWITCH_CREDENTIAL: "version=2c,community=public" + - DEPLOYMENT_TIMEOUT: "90" + - POLL_SWITCHES_FLAG: "nopoll_switches" + - DASHBOARD_URL: "" diff --git a/install/roles/chef/files/chef-server.rb b/install/roles/chef/files/chef-server.rb new file mode 100644 index 0000000..b0f1851 --- /dev/null +++ b/install/roles/chef/files/chef-server.rb @@ -0,0 +1,4 @@ +nginx['non_ssl_port'] = 80 +nginx['enable_non_ssl'] = true +nginx['ssl_port'] = 443 +nginx['url'] = "https://#{node['fqdn']}" diff --git a/install/roles/chef/files/compass.json b/install/roles/chef/files/compass.json new file mode 100644 index 0000000..9eeba78 --- /dev/null +++ b/install/roles/chef/files/compass.json @@ -0,0 +1,8 @@ +{ + "name": "compass", + "public_key": null, + "validator": false, + "admin": true, + "json_class": "Chef::ApiClient", + "chef_type": "client" +} diff --git a/install/roles/chef/files/knife.rb b/install/roles/chef/files/knife.rb new file mode 100644 index 0000000..834e4a1 --- /dev/null +++ b/install/roles/chef/files/knife.rb @@ -0,0 +1,9 @@ +log_level :info +log_location STDOUT +node_name 'admin' +client_key '/etc/chef-server/admin.pem' +validation_client_name 'chef-validator' +validation_key '/etc/chef-server/chef-validator.pem' +chef_server_url 'https://localhost:443' +syntax_check_cache_path '/root/.chef/syntax_check_cache' +cookbook_path [ '/root/chef-repo/cookbooks' ] diff --git a/install/roles/chef/files/knife.sh b/install/roles/chef/files/knife.sh new file mode 100644 index 0000000..8e3145a --- /dev/null +++ b/install/roles/chef/files/knife.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +knife configure -y -i --defaults -r ~/chef-repo -s https://localhost:443 -u root --admin-client-name admin --admin-client-key /etc/chef-server/admin.pem --validation-client-name chef-validator --validation-key /etc/chef-server/chef-validator.pem<> knife.txt chdir=/tmp/ + when: result.stdout.find('root') == -1 + +- name: replace knife config file + copy: src=knife.rb dest=/root/.chef/knife.rb mode=0644 diff --git a/install/roles/chef/tasks/main.yml b/install/roles/chef/tasks/main.yml new file mode 100644 index 0000000..3e3ff04 --- /dev/null +++ b/install/roles/chef/tasks/main.yml @@ -0,0 +1,22 @@ +--- + +- include: RedHat.yml + when: ansible_os_family == 'RedHat' and not dockerized + +- include: Debian.yml + when: ansible_os_family == 'Debian' and not dockerized + +- include: docker-redhat.yml + when: ansible_os_family == 'Redhat' and dockerized + +- include: docker-debian.yml + when: ansible_os_family == 'Debian' and dockerized + +- include: chef-server.yml + when: not dockerized + +- include: knife.yml + when: not dockerized + +- include: compass.yml + when: not dockerized diff --git a/install/roles/chef/vars/main.yml b/install/roles/chef/vars/main.yml new file mode 100644 index 0000000..2ae4e12 --- /dev/null +++ b/install/roles/chef/vars/main.yml @@ -0,0 +1,16 @@ +--- + +# chef server specific environment variables + +chef_server_el6_rpm: "https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-server-11.0.8-1.el6.x86_64.rpm" +# open source chef server does not support centos7/el7 yet +chef_server_el7_rpm: "" +chef_server_precise: "https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef-server_11.0.8-1.ubuntu.12.04_amd64.deb" +chef_server_trusty: "" + +# chef client rpm +chef_client_el6_rpm: "https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-11.8.0-1.el6.x86_64.rpm" + +dockerized: False + + diff --git a/install/roles/cobbler/files/cobbler_web.conf b/install/roles/cobbler/files/cobbler_web.conf new file mode 100644 index 0000000..f03d4fe --- /dev/null +++ b/install/roles/cobbler/files/cobbler_web.conf @@ -0,0 +1,10 @@ +# This configuration file enables the cobbler web +# interface (django version) + +# Force everything to go to https +RewriteEngine on +RewriteCond %{HTTPS} off +RewriteCond %{REQUEST_URI} ^/cobbler_web +# RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} + +WSGIScriptAlias /cobbler_web /usr/share/cobbler/web/cobbler.wsgi diff --git a/install/roles/cobbler/files/debmirror.conf b/install/roles/cobbler/files/debmirror.conf new file mode 100644 index 0000000..dbd187f --- /dev/null +++ b/install/roles/cobbler/files/debmirror.conf @@ -0,0 +1,79 @@ +# Default config for debmirror + +# The config file is a perl script so take care to follow perl syntax. +# Any setting in /etc/debmirror.conf overrides these defaults and +# ~/.debmirror.conf overrides those again. Take only what you need. +# +# The syntax is the same as on the command line and variable names +# loosely match option names. If you don't recognize something here +# then just stick to the command line. +# +# Options specified on the command line override settings in the config +# files. + +# Location of the local mirror (use with care) +# $mirrordir="/path/to/mirrordir" + +# Output options +$verbose=0; +$progress=0; +$debug=0; + +# Download options +$host="ftp.debian.org"; +$user="anonymous"; +$passwd="anonymous@"; +$remoteroot="debian"; +$download_method="ftp"; +# @dists="sid"; +@sections="main,main/debian-installer,contrib,non-free"; +# @arches="i386"; +# @ignores=""; +# @excludes=""; +# @includes=""; +# @excludes_deb_section=""; +# @limit_priority=""; +$omit_suite_symlinks=0; +$skippackages=0; +# @rsync_extra="doc,tools"; +$i18n=0; +$getcontents=0; +$do_source=1; +$max_batch=0; + +# @di_dists="dists"; +# @di_archs="arches"; + +# Save mirror state between runs; value sets validity of cache in days +$state_cache_days=0; + +# Security/Sanity options +$ignore_release_gpg=0; +$ignore_release=0; +$check_md5sums=0; +$ignore_small_errors=0; + +# Cleanup +$cleanup=0; +$post_cleanup=1; + +# Locking options +$timeout=300; + +# Rsync options +$rsync_batch=200; +$rsync_options="-aIL --partial"; + +# FTP/HTTP options +$passive=0; +# $proxy="http://proxy:port/"; + +# Dry run +$dry_run=0; + +# Don't keep diff files but use them +$diff_mode="use"; + +# The config file must return true or perl complains. +# Always copy this. +1; diff --git a/install/roles/cobbler/files/distributions b/install/roles/cobbler/files/distributions new file mode 100644 index 0000000..7f61215 --- /dev/null +++ b/install/roles/cobbler/files/distributions @@ -0,0 +1,8 @@ +Origin: ppa +Label: ppa_repo +Suite: stable +Codename: ppa +Version: 0.1 +Architectures: i386 amd64 source +Components: main +Description: ppa repo diff --git a/install/roles/cobbler/files/rsync b/install/roles/cobbler/files/rsync new file mode 100644 index 0000000..1f8b9b1 --- /dev/null +++ b/install/roles/cobbler/files/rsync @@ -0,0 +1,14 @@ +# default: off +# description: The rsync server is a good addition to an ftp server, as it \ +# allows crc checksumming etc. +service rsync +{ + disable = no + flags = IPv6 + socket_type = stream + wait = no + user = root + server = /usr/bin/rsync + server_args = --daemon + log_on_failure += USERID +} diff --git a/install/roles/cobbler/files/ssl.conf b/install/roles/cobbler/files/ssl.conf new file mode 100644 index 0000000..73220d3 --- /dev/null +++ b/install/roles/cobbler/files/ssl.conf @@ -0,0 +1,221 @@ +# +# This is the Apache server configuration file providing SSL support. +# It contains the configuration directives to instruct the server how to +# serve pages over an https connection. For detailing information about these +# directives see +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# + +LoadModule ssl_module modules/mod_ssl.so + +# +# When we also provide SSL we have to listen to the +# the HTTPS port in addition. +# +Listen 443 + +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is a internal +# terminal dialog) has to provide the pass phrase on stdout. +SSLPassPhraseDialog builtin + +# Inter-Process Session Cache: +# Configure the SSL Session Cache: First the mechanism +# to use and second the expiring timeout (in seconds). +SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) +SSLSessionCacheTimeout 300 + +# Semaphore: +# Configure the path to the mutual exclusion semaphore the +# SSL engine uses internally for inter-process synchronization. +# SSLMutex default + +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the +# SSL library. The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. This means you then cannot use the /dev/random device +# because it would lead to very long connection times (as long as +# it requires to make more entropy available). But usually those +# platforms additionally provide a /dev/urandom device which doesn't +# block. So, if available, use this one instead. Read the mod_ssl User +# Manual for more details. +SSLRandomSeed startup file:/dev/urandom 256 +SSLRandomSeed connect builtin +#SSLRandomSeed startup file:/dev/random 512 +#SSLRandomSeed connect file:/dev/random 512 +#SSLRandomSeed connect file:/dev/urandom 512 + +# +# Use "SSLCryptoDevice" to enable any supported hardware +# accelerators. Use "openssl engine -v" to list supported +# engine names. NOTE: If you enable an accelerator and the +# server does not start, consult the error logs and ensure +# your accelerator is functioning properly. +# +SSLCryptoDevice builtin +#SSLCryptoDevice ubsec + +## +## SSL Virtual Host Context +## + + + +# General setup for the virtual host, inherited from global configuration +#DocumentRoot "/var/www/html" +#ServerName www.example.com:443 + +# Use separate log files for the SSL virtual host; note that LogLevel +# is not inherited from httpd.conf. +ErrorLog logs/ssl_error_log +TransferLog logs/ssl_access_log +LogLevel warn + +# SSL Engine Switch: +# Enable/Disable SSL for this virtual host. +SSLEngine on + +# SSL Protocol support: +# List the enable protocol levels with which clients will be able to +# connect. Disable SSLv2 access by default: +SSLProtocol all -SSLv2 + +# SSL Cipher Suite: +# List the ciphers that the client is permitted to negotiate. +# See the mod_ssl documentation for a complete list. +SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW + +# Server Certificate: +# Point SSLCertificateFile at a PEM encoded certificate. If +# the certificate is encrypted, then you will be prompted for a +# pass phrase. Note that a kill -HUP will prompt again. A new +# certificate can be generated using the genkey(1) command. +SSLCertificateFile /etc/pki/tls/certs/localhost.crt + +# Server Private Key: +# If the key is not combined with the certificate, use this +# directive to point at the key file. Keep in mind that if +# you've both a RSA and a DSA private key you can configure +# both in parallel (to also allow the use of DSA ciphers, etc.) +SSLCertificateKeyFile /etc/pki/tls/private/localhost.key + +# Server Certificate Chain: +# Point SSLCertificateChainFile at a file containing the +# concatenation of PEM encoded CA certificates which form the +# certificate chain for the server certificate. Alternatively +# the referenced file can be the same as SSLCertificateFile +# when the CA certificates are directly appended to the server +# certificate for convinience. +#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt + +# Certificate Authority (CA): +# Set the CA certificate verification path where to find CA +# certificates for client authentication or alternatively one +# huge file containing all of them (file must be PEM encoded) +#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt + +# Client Authentication (Type): +# Client certificate verification type and depth. Types are +# none, optional, require and optional_no_ca. Depth is a +# number which specifies how deeply to verify the certificate +# issuer chain before deciding the certificate is not valid. +#SSLVerifyClient require +#SSLVerifyDepth 10 + +# Access Control: +# With SSLRequire you can do per-directory access control based +# on arbitrary complex boolean expressions containing server +# variable checks and other lookup directives. The syntax is a +# mixture between C and Perl. See the mod_ssl documentation +# for more details. +# +#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ +# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ +# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ +# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ +# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ +# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ +# + +# SSL Engine Options: +# Set various options for the SSL engine. +# o FakeBasicAuth: +# Translate the client X.509 into a Basic Authorisation. This means that +# the standard Auth/DBMAuth methods can be used for access control. The +# user name is the `one line' version of the client's X.509 certificate. +# Note that no password is obtained from the user. Every entry in the user +# file needs this password: `xxj31ZMTZzkVA'. +# o ExportCertData: +# This exports two additional environment variables: SSL_CLIENT_CERT and +# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the +# server (always existing) and the client (only existing when client +# authentication is used). This can be used to import the certificates +# into CGI scripts. +# o StdEnvVars: +# This exports the standard SSL/TLS related `SSL_*' environment variables. +# Per default this exportation is switched off for performance reasons, +# because the extraction step is an expensive operation and is usually +# useless for serving static content. So one usually enables the +# exportation for CGI and SSI requests only. +# o StrictRequire: +# This denies access when "SSLRequireSSL" or "SSLRequire" applied even +# under a "Satisfy any" situation, i.e. when it applies access is denied +# and no other module can change it. +# o OptRenegotiate: +# This enables optimized SSL connection renegotiation handling when SSL +# directives are used in per-directory context. +#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + +# SSL Protocol Adjustments: +# The safe and default but still SSL/TLS standard compliant shutdown +# approach is that mod_ssl sends the close notify alert but doesn't wait for +# the close notify alert from client. When you need a different shutdown +# approach you can use one of the following variables: +# o ssl-unclean-shutdown: +# This forces an unclean shutdown when the connection is closed, i.e. no +# SSL close notify alert is send or allowed to received. This violates +# the SSL/TLS standard but is needed for some brain-dead browsers. Use +# this when you receive I/O errors because of the standard approach where +# mod_ssl sends the close notify alert. +# o ssl-accurate-shutdown: +# This forces an accurate shutdown when the connection is closed, i.e. a +# SSL close notify alert is send and mod_ssl waits for the close notify +# alert of the client. This is 100% SSL/TLS standard compliant, but in +# practice often causes hanging connections with brain-dead browsers. Use +# this only for browsers where you know that their SSL implementation +# works correctly. +# Notice: Most problems of broken clients are also related to the HTTP +# keep-alive facility, so you usually additionally want to disable +# keep-alive for those clients, too. Use variable "nokeepalive" for this. +# Similarly, one has to force some clients to use HTTP/1.0 to workaround +# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and +# "force-response-1.0" for this. +SetEnvIf User-Agent ".*MSIE.*" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + +# Per-Server Logging: +# The home of a custom SSL log file. Use this when you want a +# compact non-error SSL logfile on a virtual host basis. +CustomLog logs/ssl_request_log \ + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + + diff --git a/install/roles/cobbler/handlers/main.yml b/install/roles/cobbler/handlers/main.yml new file mode 100644 index 0000000..a382468 --- /dev/null +++ b/install/roles/cobbler/handlers/main.yml @@ -0,0 +1,12 @@ +--- +- name: restart dhcp-relay + shell: service isc-dhcp-relay restart + +- name: restart httpd + service: name=httpd state=restarted enabled=yes + +- name: restart cobbler + service: name=cobblerd state=restarted enabled=yes + +- name: cobbler sync + command: cobbler sync diff --git a/install/roles/cobbler/tasks/Debian.yml b/install/roles/cobbler/tasks/Debian.yml new file mode 100644 index 0000000..e69de29 diff --git a/install/roles/cobbler/tasks/RedHat.yml b/install/roles/cobbler/tasks/RedHat.yml new file mode 100644 index 0000000..ef7ad39 --- /dev/null +++ b/install/roles/cobbler/tasks/RedHat.yml @@ -0,0 +1,321 @@ +--- + +- name: install base packages + yum: name={{ item }} state=present + with_items: + - wget + - git + +- name: check epel presence + command: rpm -q epel-release + register: epel_presence + ignore_errors: yes + +- name: check atomic repo presence + command: rpm -q atomic-release + register: atomic_presence + ignore_errors: yes + +#- name: get epel version +# command: > +# wget -q {{ epel_base_url }} -O - | grep -oE "(href=\"epel-release-6-[0-9,.].*)" | cut -d\" -f2 +# register: epel_file_name +# when: epel_presence.rc != 0 + +- name: install epel + yum: name={{ epel_base_url }}/{{ epel_file_name }} state=present + when: epel_presence.rc != 0 + +- name: install atomic repo + yum: name={{ atomic_base_url }}/{{ atomic_file_name }} state=present + when: atomic_presence.rc != 0 + +- name: yum update + yum: name=* state=latest update_cache=yes + +- name: install related packages + yum: name={{ item }} state=present + with_items: + - cobbler + - cobbler-web + - createrepo + - mkisofs + - syslinux + - debmirror + - pykickstart + - cman + - bind + - rsync + - dhcp + - xinetd + - tftp-server + - gcc + - httpd + - libselinux-python + +- name: turn off iptables + service: name=iptables state=stopped enabled=no + +- name: replace config files + copy: src={{ item.name }} dest={{ item.dest }} + with_items: + - { name: rsync, dest: /etc/xinetd.d/rsync } + - { name: debmirror.conf, dest: /etc/debmirror.conf } + +- name: restart xinetd service + service: name=xinetd state=restarted enabled=yes + +- name: configure interface for dhcp + command: ifconfig {{ mgmt_nic }}:1 {{ mgmt_next_ip }} netmask {{ mgmt_subnet_mask }} + when: not mgmt_ip_same + +- name: copy httpd configuration files + file: src={{ item }} dest=/etc/httpd/conf.d/{{ item }} mode=0644 + with_items: + - cobbler_web.conf + - ssl.conf + notify: + restart httpd + +- name: disable selinux + selinux: state=disabled + +- name: disable selinux real time + shell: echo 0 > /selinux/enforce + +- name: copy cobbler configuration files + template: src={{ item.name }} dest=/etc/cobbler/{{ item.file_name }} mode=0644 + with_items: + - { name: tftpd.template, file_name: tftpd.template } + - { name: modules.conf, file_name: modules.conf } + - { name: dhcp.template.nodocker.j2, file_name: dhcp.template } + - { name: named.template.nodocker.j2, file_name: named.template } + - { name: settings.j2, file_name: settings } + notify: + - restart cobbler + - cobbler sync + +- meta: flush_handlers + +- name: clone snippets + git: repo={{ compass_adapter_source }} + dest=/opt/compass-adapters + version={{ compass_adapter_version }} + update=yes + force=yes + +- name: remove old cobbler folders + shell: rm -rf path=/var/lib/cobbler/{{ item }} + with_items: + - snippets + - scripts + - triggers + - kickstarts + +- name: create cobbler folders + file: path=/var/lib/cobbler/{{ item }} state=directory mode=0755 + with_items: + - snippets + - scripts + - triggers + - kickstarts + +- name: copy snippets to cobbler folder + shell: cp -rf /opt/compass-adapters/cobbler/{{ item }}/* /var/lib/cobbler/{{ item }}/ + with_items: + - snippets + - scripts + - triggers + - kickstarts + notify: + cobbler sync + +- name: change snippets mode + file: path=/var/lib/cobbler mode=0755 recurse=yes + +- name: create cblr_ks folder + file: path=/var/www/cblr_ks mode=0755 state=directory + +- name: change kickstart mode + file: path=/var/lib/cobbler/kickstarts mode=0666 recurse=yes + +- name: disable selinux + selinux: state=disabled + +- name: disable selinux real time + command: echo 0 > /selinux/enforce + +- name: clean cobbler log folder + file: path=/var/log/cobbler state=absent + +- name: create cobbler log directories + file: path={{ item }} mode=0777 state=directory recurse=yes + with_items: + - /var/log/cobbler + - /var/log/cobbler/anamon + - /var/log/cobbler/tasks + +- name: create cobbler ppa repo dir + file: path=/var/lib/cobbler/repo_mirror/{{ item.ppa_repo_name }}/conf + state=directory + mode=0644 + recurse=yes + with_items: distros + +- name: copy distributions to ubuntu ppa repo + template: src=distributions + dest=/var/lib/cobbler/repo_mirror/ubuntu_12_04_ppa_repo/conf/distributions + mode=0644 + when: ubuntu_1204 in distros + +- name: copy distribution to ubuntu 14.04 ppa repo + template: src=distributions + dest=/var/lib/cobbler/repo_mirror/ubuntu_14_04_ppa_repo/conf/distributions + mode=0644 + when: ubuntu_1404 in distros + +- name: start cobbler and httpd services + service: name={{ item }} state=restarted enabled=yes + with_items: + - httpd + - cobblerd + +- name: download ppa repo images + get_url: url={{ item.ppa_lab_url }} dest=/var/lib/cobbler/repo_mirror/{{ item.ppa_repo_name }}.tar.gz + with_items: distros + when: region == "lab" + +- name: download ppa repo images + get_url: url={{ item.ppa_us_url }} dest=/var/lib/cobbler/repo_mirror/{{ item.ppa_repo_name }}.tar.gz + with_items: distros + when: region == "us" + +- name: untar ppa repo images + unarchive: src=/var/lib/cobbler/repo_mirror/{{ item.ppa_repo_name }}.tar.gz + dest=/var/lib/cobbler/repo_mirror/ + copy=no + with_items: distros + +- name: add repos + command: cobbler repo add --name {{ item.ppa_repo_name }} --mirror=/var/lib/cobbler/repo_mirror/{{ item.ppa_repo_name }} --mirror-locally=Y --arch=x86_64 + with_items: distros + args: + creates: /opt/repo_added.txt + ignore_errors: yes + run_once: True + +- name: remove ubuntu default repo + command: cobbler repo remove --name {{ item }} + with_items: + - "{{ ubuntu }}" + - "{{ ubuntu_1404 }}" + ignore_errors: yes + +- name: cobbler repo sync + command: cobbler reposync + +- name: download loader files + get_url: url={{ cobbler_loaders_url }} dest=/var/lib/cobbler/ + +- name: untar loaders file + unarchive: src=/var/lib/cobbler/loaders.tar.gz dest=/var/lib/cobbler/ + copy=no + +- name: cobbler get loaders + command: cobbler get-loaders + +- name: create directory for images + file: path=/var/lib/cobbler/iso state=directory + +- name: download images + get_url: url={{ item.iso_lab_url }} dest=/var/lib/cobbler/iso/{{ item.name }}.iso mode=0644 + with_items: distros + when: region == "lab" + +- name: download images + get_url: url={{ item.iso_us_url }} dest=/var/lib/cobbler/iso/{{ item.name }}.iso mode=0644 + with_items: distros + when: region == "us" + +- name: mount_info + command: mount + register: mount_info + +- name: create mount point + file: name=/mnt/{{ item.name }} state=directory + with_items: distros + when: mount_info.stdout.find('CentOS') == -1 and mount_info.stdout.find('Ubuntu') == -1 + ignore_errors: yes + +- name: mount images + shell: mount -o loop /var/lib/cobbler/iso/{{ item.name }}.iso /mnt/{{ item.name }} + with_items: distros + when: mount_info.stdout.find('CentOS') == -1 and mount_info.stdout.find('Ubuntu') == -1 + args: + creates: /opt/image_mounted.txt + ignore_errors: yes + run_once: True + +- name: import distros + command: cobbler import --path=/mnt/{{ item.name }} --name {{ item.name }} --arch=x86_64 --kickstart=/var/lib/cobbler/kickstarts/default.ks --breed={{ item.breed }} + with_items: distros + args: + creates: /opt/distro_imported.txt + ignore_errors: yes + run_once: True + +#- name: add profiles +# command: cobbler profile add --name={{ item.name }} --repo={{ item.ppa_repo_name }} --distro={{ item.name }} --ksmeta="tree=http://{{ mgmt_next_ip }}/cobbler/ks_mirror/{{ item.name }}" --kickstart=/var/lib/cobbler/kickstarts/{{ item.kickstart }} --kopts="{{ item.kopts }}" +# with_items: distros +# args: +# creates: /opt/profile_added.txt +# ignore_errors: yes +# run_once: True + +- name: generate public key file for ssh + template: src=id_rsa.pub.j2 dest=/var/lib/cobbler/id_rsa.pub + when: push_ssh_key is defined + +- name: generate ssh key for root + user: name=root generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa + when: push_ssh_key is not defined + +- name: edit profiles + shell: cobbler profile edit --name={{ item.name }} --repo={{ item.ppa_repo_name }} --distro={{ item.name }} --ksmeta="tree=http://{{ mgmt_next_ip }}/cobbler/ks_mirror/{{ item.name }}" --kickstart=/var/lib/cobbler/kickstarts/{{ item.kickstart }} --kopts="{{ item.kopts }}" + with_items: distros + +- name: edit profiles with push ssh key option + shell: cobbler profile edit --name={{ item.name }} --repo={{ item.ppa_repo_name }} --distro={{ item.name }} --ksmeta="tree=http://{{ mgmt_next_ip }}/cobbler/ks_mirror/{{ item.name }} push_ssh_keys=/var/lib/cobbler/id_rsa.pub" --kickstart=/var/lib/cobbler/kickstarts/{{ item.kickstart }} --kopts="{{ item.kopts }}" + with_items: distros + when: push_ssh_key is defined + +- name: remove ubuntu default repo + command: cobbler repo remove --name {{ item }} + with_items: + - "{{ ubuntu }}" + - "{{ ubuntu_1404 }}" + ignore_errors: yes + +- name: cobbler repo sync again + shell: cobbler reposync + +- name: cobbler sync + shell: cobbler sync + +- name: restart xinetd + service: name=xinetd state=restarted + +- name: restart dhcpd + service: name=dhcpd state=restarted enabled=yes + +- name: cobbler check + shell: cobbler check + +- name: get all systems + shell: cobbler system list + register: cobbler_systems + +- name: remove all systems + shell: cobbler system remove --name {{ item }} + with_items: cobbler_systems.stdout_lines + when: cobbler_systems and test is defined and test == True diff --git a/install/roles/cobbler/tasks/dhcp-relay-debian.yml b/install/roles/cobbler/tasks/dhcp-relay-debian.yml new file mode 100644 index 0000000..6467a91 --- /dev/null +++ b/install/roles/cobbler/tasks/dhcp-relay-debian.yml @@ -0,0 +1,11 @@ +--- + +- name: get isc-dhcp-relay agent + apt: pkg=isc-dhcp-relay state=installed + +- name: make dhcp-relay agent listen to cobbler + lineinfile: dest=/etc/default/isc-dhcp-relay + regexp='^SERVERS' + line='SERVERS="{{ cobbler_docker_ip }}"' + notify: + restart dhcp-relay diff --git a/install/roles/cobbler/tasks/dhcp-relay-redhat.yml b/install/roles/cobbler/tasks/dhcp-relay-redhat.yml new file mode 100644 index 0000000..d3d0ce5 --- /dev/null +++ b/install/roles/cobbler/tasks/dhcp-relay-redhat.yml @@ -0,0 +1,6 @@ +- name: install dhcp on cobbler host for relay + yum: pkg=dhcp state=installed + when: ansible_os_family == "RedHat" + +- name: configure dhcprelay + shell: dhcrelay {{ cobbler_docker_ip }} diff --git a/install/roles/cobbler/tasks/docker.yml b/install/roles/cobbler/tasks/docker.yml new file mode 100644 index 0000000..be94503 --- /dev/null +++ b/install/roles/cobbler/tasks/docker.yml @@ -0,0 +1,133 @@ +--- + +- name: install mkisofs + yum: pkg=mkisofs state=installed + when: ansible_os_family == "Redhat" + +- name: install mkisofs in debian + apt: pkg=mkisofs state=installed + when: ansible_os_family == "Debian" + +- name: clean up docker directory + file: path=~/docker-cobbler/{{ item }} state=absent + with_items: + - Dockerfile + - files + +- name: clean up log directory + file: path=/var/log/cobbler state=absent + +- name: create directory for docker and files + file: path=~/docker-cobbler/files state=directory + +- name: create directories for images + file: path=~/docker-cobbler/images/{{ item }} state=directory + with_items: + - "{{ centos }}" + - "{{ ubuntu }}" + - "{{ ubuntu_1404 }}" + +- name: download images + get_url: url={{ item.name }} dest=/tmp/{{ item.filename }} mode=0644 + with_items: + - { name: "{{ centos_url }}", filename: "{{ centos }}.iso" } + - { name: "{{ ubuntu_url }}", filename: "{{ ubuntu }}.iso" } + - { name: "{{ ubuntu_1404_url }}", filename: "{{ ubuntu_1404 }}.iso" } + +- name: mount info + command: mount + register: mount_info + +- name: mount images + shell: mount -o loop /tmp/{{ item }}.iso ~/docker-cobbler/images/{{ item }} +# mount: name=~/docker-cobbler/images/{{ item }} src=/tmp/{{ item }}.iso opts=loop fstype=iso9660 state=mounted + with_items: + - "{{ centos }}" + - "{{ ubuntu }}" + - "{{ ubuntu_1404 }}" + when: mount_info.stdout.find('CentOS') == -1 + +- name: copy Dockerfile to ~/docker-cobbler + template: src=Dockerfile.j2 dest=~/docker-cobbler/Dockerfile mode=0644 + +- name: copy dhcp.template + template: src=dhcp.template.j2 + dest=~/docker-cobbler/files/dhcp.template + mode=0644 + +- name: copy named.template + template: src=named.template.j2 + dest=~/docker-cobbler/files/named.template + mode=0644 + +- name: copy start script + template: src=start.sh.j2 + dest=~/docker-cobbler/files/start.sh + mode=0755 + +- name: copy post sync script + template: src=fix_ks_server.py.j2 + dest=~/docker-cobbler/files/fix_ks_server.py + mode=0755 + +- name: copy admin key + copy: src={{ shared_dir }}/keys/admin.pem + dest=~/docker-cobbler/files/admin.pem + mode=0644 + when: "'chef' in {{ pkg_installer }}" + +- name: copy chef validator key + copy: src={{ shared_dir }}/keys/chef-validator.pem + dest=~/docker-cobbler/files/chef-validator.pem + mode=0644 + when: "'chef' in {{ pkg_installer }}" + +- name: cobbler container? + command: docker ps -a + register: containers + +- name: remove cobbler container if any + shell: docker rm -f cobbler-dev + when: containers.stdout.find('cobbler-dev') != -1 + +- name: check if 'cobbler' image already exists + command: docker images cobbler + register: image + +- name: remove image 'cobbler' if it exists and --rebuild is specified + shell: docker rmi -f cobbler + when: image.stdout.find('cobbler') != -1 and rebuild + +- name: restart docker daemon if debian + service: name=docker state=restarted + when: ansible_os_family == "Debian" + +- name: build a docker image for cobbler + shell: docker build -t cobbler ~/docker-cobbler + when: image.stdout.find('cobbler') == -1 or rebuild + +- name: fork image and run a new cobbler container + shell: docker run --name=cobbler-dev -d {{ cobbler_port_mapping }} {{ image_volume_mapping }} -i -t cobbler + notify: + restart dhcp-relay + +- name: extract cobbler ip info + shell: echo `docker inspect cobbler-dev | awk -F '"' '/IPAdd/ {print $4}'` > /tmp/ip + +- name: quote the ip first + shell: echo `sed 's/\(.*\)/"\1"/g' /tmp/ip` > /tmp/dynamic.yml + +- name: add cobbler_docker_ip before cobbler ip + shell: "echo `sed '/^/ s/^/cobbler_docker_ip: /' /tmp/dynamic.yml` > /tmp/dynamic.yml" + +- name: write cobbler_ip to local var + fetch: src=/tmp/dynamic.yml dest={{ shared_dir }}/dynamic.yml mode=0644 flat=yes + +- name: include cobbler dynamic vars + include_vars: "{{ shared_dir }}/dynamic.yml" + +- include: dhcp-relay-redhat.yml + when: ansible_os_family == "Redhat" + +- include: dhcp-relay-debian.yml + when: ansible_os_family == "Debian" diff --git a/install/roles/cobbler/tasks/main.yml b/install/roles/cobbler/tasks/main.yml new file mode 100644 index 0000000..0e2c0a8 --- /dev/null +++ b/install/roles/cobbler/tasks/main.yml @@ -0,0 +1,10 @@ +--- + +- include: RedHat.yml + when: ansible_os_family == 'RedHat' and not dockerized + +- include: Debian.yml + when: ansible_os_family == 'Debian' and not dockerized + +- include: docker.yml + when: dockerized diff --git a/install/roles/cobbler/templates/Dockerfile.j2 b/install/roles/cobbler/templates/Dockerfile.j2 new file mode 100644 index 0000000..8c32ca5 --- /dev/null +++ b/install/roles/cobbler/templates/Dockerfile.j2 @@ -0,0 +1,21 @@ +FROM compassindocker/cobbler + +ADD files/dhcp.template /etc/cobbler/dhcp.template +ADD files/named.template /etc/cobbler/named.template +ADD files/start.sh /root/start.sh +{% if 'chef' in pkg_installer %} +ADD files/admin.pem /etc/cobbler/admin.pem +ADD files/chef-validator.pem /etc/cobbler/chef-validator.pem +{% endif %} +ADD files/fix_ks_server.py /var/lib/cobbler/triggers/sync/post/fix_ks_server.py + +RUN chmod +x /root/start.sh +CMD ["/root/start.sh"] + +EXPOSE 80 +EXPOSE 67 67/udp +EXPOSE 69 69/udp +EXPOSE 53 53/udp +EXPOSE 25151 +EXPOSE 443 +EXPOSE 873 diff --git a/install/roles/cobbler/templates/dhcp.template.j2 b/install/roles/cobbler/templates/dhcp.template.j2 new file mode 100644 index 0000000..3e899d6 --- /dev/null +++ b/install/roles/cobbler/templates/dhcp.template.j2 @@ -0,0 +1,121 @@ +# ****************************************************************** +# Cobbler managed dhcpd.conf file +# +# generated from cobbler dhcp.conf template ($date) +# Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes +# in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be +# overwritten. +# +# ****************************************************************** + +ddns-update-style interim; + +allow booting; +allow bootp; +deny unknown-clients; +local-address 192.168.100.100; +log-facility local6; + +ignore client-updates; +set vendorclass = option vendor-class-identifier; + +option pxe-system-type code 93 = unsigned integer 16; +option space pxelinux; +option pxelinux.magic code 208 = string; +option pxelinux.configfile code 209 = text; +option pxelinux.pathprefix code 210 = text; +option pxelinux.reboottime code 211 = unsigned integer 32; + +subnet {{ compass0_subnet_ip }} netmask {{ compass0_subnet_mask }} { + option routers {{ compass0_router }}; + option domain-name-servers {{ compass0_router }}; + option subnet-mask {{ compass0_subnet_mask }}; + range dynamic-bootp {{ compass0_dhcp_range }}; + default-lease-time 21600; + max-lease-time 43200; + next-server $next_server; + class "pxeclients" { + match if substring (option vendor-class-identifier, 0, 9) = "PXEClient"; + if option pxe-system-type = 00:02 { + filename "ia64/elilo.efi"; + } else if option pxe-system-type = 00:06 { + filename "grub/grub-x86.efi"; + } else if option pxe-system-type = 00:07 { + filename "grub/grub-x86_64.efi"; + } else { + filename "pxelinux.0"; + } + } + +} + +subnet {{ mgmt_subnet_ip }} netmask {{ mgmt_subnet_mask }} { + option routers {{ mgmt_router }}; + option domain-name-servers {{ mgmt_router }}; + option subnet-mask {{ mgmt_subnet_mask }}; + range dynamic-bootp {{ mgmt_dhcp_range }}; + default-lease-time 21600; + max-lease-time 43200; + next-server $next_server; + class "pxeclients" { + match if substring (option vendor-class-identifier, 0, 9) = "PXEClient"; + if option pxe-system-type = 00:02 { + filename "ia64/elilo.efi"; + } else if option pxe-system-type = 00:06 { + filename "grub/grub-x86.efi"; + } else if option pxe-system-type = 00:07 { + filename "grub/grub-x86_64.efi"; + } else { + filename "pxelinux.0"; + } + } + +} + +#for dhcp_tag in $dhcp_tags.keys(): + ## group could be subnet if your dhcp tags line up with your subnets + ## or really any valid dhcpd.conf construct ... if you only use the + ## default dhcp tag in cobbler, the group block can be deleted for a + ## flat configuration +# group for Cobbler DHCP tag: $dhcp_tag +group { + #for mac in $dhcp_tags[$dhcp_tag].keys(): + #set iface = $dhcp_tags[$dhcp_tag][$mac] + host $iface.name { + hardware ethernet $mac; + site-option-space "pxelinux"; + option pxelinux.magic f1:00:74:7e; + if exists dhcp-parameter-request-list { + # Always send the PXELINUX options (specified in hexadecimal) + option dhcp-parameter-request-list = concat(option dhcp-parameter-request-list,d0,d1,d2,d3); + } + option pxelinux.reboottime 30; + #if $iface.hostname: + option host-name "$iface.hostname"; + #end if + #if $iface.netmask: + option subnet-mask $iface.netmask; + #end if + #if $iface.gateway: + option routers $iface.gateway; + #end if + #if $iface.enable_gpxe: + if exists user-class and option user-class = "gPXE" { + filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner"; + } else if exists user-class and option user-class = "iPXE" { + filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner"; + } else { + filename "undionly.kpxe"; + } + #else + filename "$iface.filename"; + #end if + ## Cobbler defaults to $next_server, but some users + ## may like to use $iface.system.server for proxied setups + next-server $next_server; + ## next-server $iface.next_server; + } + #end for +} +#end for + diff --git a/install/roles/cobbler/templates/dhcp.template.nodocker.j2 b/install/roles/cobbler/templates/dhcp.template.nodocker.j2 new file mode 100644 index 0000000..ef90eb3 --- /dev/null +++ b/install/roles/cobbler/templates/dhcp.template.nodocker.j2 @@ -0,0 +1,123 @@ +# ****************************************************************** +# Cobbler managed dhcpd.conf file +# +# generated from cobbler dhcp.conf template ($date) +# Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes +# in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be +# overwritten. +# +# ****************************************************************** + +ddns-update-style interim; + +allow booting; +allow bootp; +deny unknown-clients; +local-address {{ cobbler_server }}; +log-facility local6; + +ignore client-updates; +set vendorclass = option vendor-class-identifier; + +option pxe-system-type code 93 = unsigned integer 16; +option space pxelinux; +option pxelinux.magic code 208 = string; +option pxelinux.configfile code 209 = text; +option pxelinux.pathprefix code 210 = text; +option pxelinux.reboottime code 211 = unsigned integer 32; + +{% if dockerized %} +subnet {{ compass0_subnet_ip }} netmask {{ compass0_subnet_mask }} { + option routers {{ compass0_router }}; + option domain-name-servers {{ compass0_router }}; + option subnet-mask {{ compass0_subnet_mask }}; + range dynamic-bootp {{ compass0_dhcp_range }}; + default-lease-time 21600; + max-lease-time 43200; + next-server $next_server; + class "pxeclients" { + match if substring (option vendor-class-identifier, 0, 9) = "PXEClient"; + if option pxe-system-type = 00:02 { + filename "ia64/elilo.efi"; + } else if option pxe-system-type = 00:06 { + filename "grub/grub-x86.efi"; + } else if option pxe-system-type = 00:07 { + filename "grub/grub-x86_64.efi"; + } else { + filename "pxelinux.0"; + } + } + +} +{% endif %} + +subnet {{ mgmt_subnet_ip }} netmask {{ mgmt_subnet_mask }} { + option routers {{ mgmt_router }}; + option domain-name-servers {{ mgmt_router }}; + option subnet-mask {{ mgmt_subnet_mask }}; + range dynamic-bootp {{ mgmt_dhcp_range }}; + default-lease-time 21600; + max-lease-time 43200; + next-server {{ mgmt_next_ip }}; + class "pxeclients" { + match if substring (option vendor-class-identifier, 0, 9) = "PXEClient"; + if option pxe-system-type = 00:02 { + filename "ia64/elilo.efi"; + } else if option pxe-system-type = 00:06 { + filename "grub/grub-x86.efi"; + } else if option pxe-system-type = 00:07 { + filename "grub/grub-x86_64.efi"; + } else { + filename "pxelinux.0"; + } + } + +} + +#for dhcp_tag in $dhcp_tags.keys(): + ## group could be subnet if your dhcp tags line up with your subnets + ## or really any valid dhcpd.conf construct ... if you only use the + ## default dhcp tag in cobbler, the group block can be deleted for a + ## flat configuration +# group for Cobbler DHCP tag: $dhcp_tag +group { + #for mac in $dhcp_tags[$dhcp_tag].keys(): + #set iface = $dhcp_tags[$dhcp_tag][$mac] + host $iface.name { + hardware ethernet $mac; + site-option-space "pxelinux"; + option pxelinux.magic f1:00:74:7e; + if exists dhcp-parameter-request-list { + # Always send the PXELINUX options (specified in hexadecimal) + option dhcp-parameter-request-list = concat(option dhcp-parameter-request-list,d0,d1,d2,d3); + } + option pxelinux.reboottime 30; + #if $iface.hostname: + option host-name "$iface.hostname"; + #end if + #if $iface.netmask: + option subnet-mask $iface.netmask; + #end if + #if $iface.gateway: + option routers $iface.gateway; + #end if + #if $iface.enable_gpxe: + if exists user-class and option user-class = "gPXE" { + filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner"; + } else if exists user-class and option user-class = "iPXE" { + filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner"; + } else { + filename "undionly.kpxe"; + } + #else + filename "$iface.filename"; + #end if + ## Cobbler defaults to $next_server, but some users + ## may like to use $iface.system.server for proxied setups + next-server $next_server; + ## next-server $iface.next_server; + } + #end for +} +#end for + diff --git a/install/roles/cobbler/templates/distributions b/install/roles/cobbler/templates/distributions new file mode 100644 index 0000000..7f61215 --- /dev/null +++ b/install/roles/cobbler/templates/distributions @@ -0,0 +1,8 @@ +Origin: ppa +Label: ppa_repo +Suite: stable +Codename: ppa +Version: 0.1 +Architectures: i386 amd64 source +Components: main +Description: ppa repo diff --git a/install/roles/cobbler/templates/fix_ks_server.py.j2 b/install/roles/cobbler/templates/fix_ks_server.py.j2 new file mode 100644 index 0000000..e893ead --- /dev/null +++ b/install/roles/cobbler/templates/fix_ks_server.py.j2 @@ -0,0 +1,18 @@ +#!/usr/bin/python +import logging + +from cobbler import api +from subprocess import call + +SERVER='{{ cobbler_server }}:{{ cobbler_mapped_http_port_on_host }}' + +def main(): + """main entry""" + cobbler_api = api.BootAPI() + for system in cobbler_api.systems(): + sys_name = system.name + call(["cobbler", "system", "edit", "--name=%s" % sys_name, "--server=%s" % SERVER]) + return + +if __name__ == '__main__': + main() diff --git a/install/roles/cobbler/templates/id_rsa.pub.j2 b/install/roles/cobbler/templates/id_rsa.pub.j2 new file mode 100644 index 0000000..1aac40e --- /dev/null +++ b/install/roles/cobbler/templates/id_rsa.pub.j2 @@ -0,0 +1 @@ +{{ push_ssh_key }} diff --git a/install/roles/cobbler/templates/modules.conf b/install/roles/cobbler/templates/modules.conf new file mode 100644 index 0000000..8087910 --- /dev/null +++ b/install/roles/cobbler/templates/modules.conf @@ -0,0 +1,83 @@ +# cobbler module configuration file +# ================================= + +# authentication: +# what users can log into the WebUI and Read-Write XMLRPC? +# choices: +# authn_denyall -- no one (default) +# authn_configfile -- use /etc/cobbler/users.digest (for basic setups) +# authn_passthru -- ask Apache to handle it (used for kerberos) +# authn_ldap -- authenticate against LDAP +# authn_spacewalk -- ask Spacewalk/Satellite (experimental) +# authn_pam -- use PAM facilities +# authn_testing -- username/password is always testing/testing (debug) +# (user supplied) -- you may write your own module +# WARNING: this is a security setting, do not choose an option blindly. +# for more information: +# https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface +# https://github.com/cobbler/cobbler/wiki/Security-overview +# https://github.com/cobbler/cobbler/wiki/Kerberos +# https://github.com/cobbler/cobbler/wiki/Ldap + +[authentication] +module = authn_configfile + +# authorization: +# once a user has been cleared by the WebUI/XMLRPC, what can they do? +# choices: +# authz_allowall -- full access for all authneticated users (default) +# authz_ownership -- use users.conf, but add object ownership semantics +# (user supplied) -- you may write your own module +# WARNING: this is a security setting, do not choose an option blindly. +# If you want to further restrict cobbler with ACLs for various groups, +# pick authz_ownership. authz_allowall does not support ACLs. configfile +# does but does not support object ownership which is useful as an additional +# layer of control. + +# for more information: +# https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface +# https://github.com/cobbler/cobbler/wiki/Security-overview +# https://github.com/cobbler/cobbler/wiki/Web-authorization + +[authorization] +module = authz_allowall + +# dns: +# chooses the DNS management engine if manage_dns is enabled +# in /etc/cobbler/settings, which is off by default. +# choices: +# manage_bind -- default, uses BIND/named +# manage_dnsmasq -- uses dnsmasq, also must select dnsmasq for dhcp below +# NOTE: more configuration is still required in /etc/cobbler +# for more information: +# https://github.com/cobbler/cobbler/wiki/Dns-management + +[dns] +module = manage_bind + +# dhcp: +# chooses the DHCP management engine if manage_dhcp is enabled +# in /etc/cobbler/settings, which is off by default. +# choices: +# manage_isc -- default, uses ISC dhcpd +# manage_dnsmasq -- uses dnsmasq, also must select dnsmasq for dns above +# NOTE: more configuration is still required in /etc/cobbler +# for more information: +# https://github.com/cobbler/cobbler/wiki/Dhcp-management + +[dhcp] +module = manage_isc + +# tftpd: +# chooses the TFTP management engine if manage_tftp is enabled +# in /etc/cobbler/settings, which is ON by default. +# +# choices: +# manage_in_tftpd -- default, uses the system's tftp server +# manage_tftpd_py -- uses cobbler's tftp server +# + +[tftpd] +module = manage_in_tftpd + +#-------------------------------------------------- diff --git a/install/roles/cobbler/templates/named.template.j2 b/install/roles/cobbler/templates/named.template.j2 new file mode 100644 index 0000000..6ddb30c --- /dev/null +++ b/install/roles/cobbler/templates/named.template.j2 @@ -0,0 +1,31 @@ +options { + listen-on port 53 { $listen_ip; }; + directory "/var/named"; + dump-file "/var/named/data/cache_dump.db"; + statistics-file "/var/named/data/named_stats.txt"; + memstatistics-file "/var/named/data/named_mem_stats.txt"; + allow-query { 127.0.0.0/8; {{ compass0_subnet }}; }; + recursion yes; +}; + +logging { + channel default_debug { + file "data/named.run"; + severity dynamic; + }; +}; + +#for $zone in $forward_zones +zone "${zone}." { + type master; + file "$zone"; +}; + +#end for +#for $zone, $arpa in $reverse_zones +zone "${arpa}." { + type master; + file "$zone"; +}; + +#end for diff --git a/install/roles/cobbler/templates/named.template.nodocker.j2 b/install/roles/cobbler/templates/named.template.nodocker.j2 new file mode 100644 index 0000000..74344fd --- /dev/null +++ b/install/roles/cobbler/templates/named.template.nodocker.j2 @@ -0,0 +1,31 @@ +options { + listen-on port 53 { {{ cobbler_server }}; }; + directory "/var/named"; + dump-file "/var/named/data/cache_dump.db"; + statistics-file "/var/named/data/named_stats.txt"; + memstatistics-file "/var/named/data/named_mem_stats.txt"; + allow-query { 127.0.0.0/8; {{ mgmt_subnet }}; }; + recursion yes; +}; + +logging { + channel default_debug { + file "data/named.run"; + severity dynamic; + }; +}; + +#for $zone in $forward_zones +zone "${zone}." { + type master; + file "$zone"; +}; + +#end for +#for $zone, $arpa in $reverse_zones +zone "${arpa}." { + type master; + file "$zone"; +}; + +#end for diff --git a/install/roles/cobbler/templates/settings.j2 b/install/roles/cobbler/templates/settings.j2 new file mode 100644 index 0000000..bd3201c --- /dev/null +++ b/install/roles/cobbler/templates/settings.j2 @@ -0,0 +1,450 @@ +--- +# cobbler settings file +# restart cobblerd and run "cobbler sync" after making changes +# This config file is in YAML 1.0 format +# see http://yaml.org +# ========================================================== +# if 1, cobbler will allow insertions of system records that duplicate +# the --dns-name information of other system records. In general, +# this is undesirable and should be left 0. +allow_duplicate_hostnames: 0 + +# if 1, cobbler will allow insertions of system records that duplicate +# the ip address information of other system records. In general, +# this is undesirable and should be left 0. +allow_duplicate_ips: 0 + +# if 1, cobbler will allow insertions of system records that duplicate +# the mac address information of other system records. In general, +# this is undesirable. +allow_duplicate_macs: 0 + +# if 1, cobbler will allow settings to be changed dynamically without +# a restart of the cobblerd daemon. You can only change this variable +# by manually editing the settings file, and you MUST restart cobblerd +# after changing it. +allow_dynamic_settings: 0 + +# by default, installs are *not* set to send installation logs to the cobbler +# # # server. With 'anamon_enabled', kickstart templates may use the pre_anamon +# # # snippet to allow remote live monitoring of their installations from the +# # # cobbler server. Installation logs will be stored under +# # # /var/log/cobbler/anamon/. NOTE: This does allow an xmlrpc call to send logs +# # # to this directory, without authentication, so enable only if you are +# # # ok with this limitation. +anamon_enabled: 1 + +# If using authn_pam in the modules.conf, this can be configured +# to change the PAM service authentication will be tested against. +# The default value is "login". +authn_pam_service: "login" + +# Email out a report when cobbler finishes installing a system. +# enabled: set to 1 to turn this feature on +# sender: optional +# email: which addresses to email +# smtp_server: used to specify another server for an MTA +# subject: use the default subject unless overridden +build_reporting_enabled: 0 +build_reporting_sender: "" +build_reporting_email: [ 'root@localhost' ] +build_reporting_smtp_server: "localhost" +build_reporting_subject: "" + +# Cheetah-language kickstart templates can import Python modules. +# while this is a useful feature, it is not safe to allow them to +# import anything they want. This whitelists which modules can be +# imported through Cheetah. Users can expand this as needed but +# should never allow modules such as subprocess or those that +# allow access to the filesystem as Cheetah templates are evaluated +# by cobblerd as code. +cheetah_import_whitelist: + - "random" + - "re" + - "time" + +# Default createrepo_flags to use for new repositories. If you have +# createrepo >= 0.4.10, consider "-c cache --update -C", which can +# dramatically improve your "cobbler reposync" time. "-s sha" +# enables working with Fedora repos from F11/F12 from EL-4 or +# EL-5 without python-hashlib installed (which is not available +# on EL-4) +createrepo_flags: "-c cache -s sha" + +# if no kickstart is specified to profile add, use this template +default_kickstart: /var/lib/cobbler/kickstarts/default.ks + +# configure all installed systems to use these nameservers by default +# unless defined differently in the profile. For DHCP configurations +# you probably do /not/ want to supply this. +default_name_servers: ['10.145.89.100'] + +# if using the authz_ownership module (see the Wiki), objects +# created without specifying an owner are assigned to this +# owner and/or group. Can be a comma seperated list. +default_ownership: + - "admin" + +# cobbler has various sample kickstart templates stored +# in /var/lib/cobbler/kickstarts/. This controls +# what install (root) password is set up for those +# systems that reference this variable. The factory +# default is "cobbler" and cobbler check will warn if +# this is not changed. +# The simplest way to change the password is to run +# openssl passwd -1 +# and put the output between the "" below. +default_password_crypted: "$1$huawei$9OkoVJwO4W8vavlXd1bUS/" + +# the default template type to use in the absence of any +# other detected template. If you do not specify the template +# with '#template=' on the first line of your +# templates/snippets, cobbler will assume try to use the +# following template engine to parse the templates. +# +# Current valid values are: cheetah, jinja2 +default_template_type: "cheetah" + +# for libvirt based installs in koan, if no virt bridge +# is specified, which bridge do we try? For EL 4/5 hosts +# this should be xenbr0, for all versions of Fedora, try +# "virbr0". This can be overriden on a per-profile +# basis or at the koan command line though this saves +# typing to just set it here to the most common option. +default_virt_bridge: xenbr0 + +# use this as the default disk size for virt guests (GB) +default_virt_file_size: 5 + +# use this as the default memory size for virt guests (MB) +default_virt_ram: 512 + +# if koan is invoked without --virt-type and no virt-type +# is set on the profile/system, what virtualization type +# should be assumed? Values: xenpv, xenfv, qemu, vmware +# (NOTE: this does not change what virt_type is chosen by import) +default_virt_type: xenpv + +# enable gPXE booting? Enabling this option will cause cobbler +# to copy the undionly.kpxe file to the tftp root directory, +# and if a profile/system is configured to boot via gpxe it will +# chain load off pxelinux.0. +# Default: 0 +enable_gpxe: 0 + +# controls whether cobbler will add each new profile entry to the default +# PXE boot menu. This can be over-ridden on a per-profile +# basis when adding/editing profiles with --enable-menu=0/1. Users +# should ordinarily leave this setting enabled unless they are concerned +# with accidental reinstalls from users who select an entry at the PXE +# boot menu. Adding a password to the boot menus templates +# may also be a good solution to prevent unwanted reinstallations +enable_menu: 0 + +# enable Func-integration? This makes sure each installed machine is set up +# to use func out of the box, which is a powerful way to script and control +# remote machines. +# Func lives at http://fedorahosted.org/func +# read more at https://github.com/cobbler/cobbler/wiki/Func-integration +# you will need to mirror Fedora/EPEL packages for this feature, so see +# https://github.com/cobbler/cobbler/wiki/Manage-yum-repos if you want cobbler +# to help you with this +func_auto_setup: 0 +func_master: overlord.example.org + +# change this port if Apache is not running plaintext on port +# 80. Most people can leave this alone. +http_port: 80 + +# kernel options that should be present in every cobbler installation. +# kernel options can also be applied at the distro/profile/system +# level. +kernel_options: + ksdevice: bootif + lang: ' ' + text: ~ + +# s390 systems require additional kernel options in addition to the +# above defaults +kernel_options_s390x: + RUNKS: 1 + ramdisk_size: 40000 + root: /dev/ram0 + ro: ~ + ip: off + vnc: ~ + +# configuration options if using the authn_ldap module. See the +# the Wiki for details. This can be ignored if you are not using +# LDAP for WebUI/XMLRPC authentication. +ldap_server: "ldap.example.com" +ldap_base_dn: "DC=example,DC=com" +ldap_port: 389 +ldap_tls: 1 +ldap_anonymous_bind: 1 +ldap_search_bind_dn: '' +ldap_search_passwd: '' +ldap_search_prefix: 'uid=' +ldap_tls_cacertfile: '' +ldap_tls_keyfile: '' +ldap_tls_certfile: '' + +# cobbler has a feature that allows for integration with config management +# systems such as Puppet. The following parameters work in conjunction with +# --mgmt-classes and are described in furhter detail at: +# https://github.com/cobbler/cobbler/wiki/Using-cobbler-with-a-configuration-management-system +mgmt_classes: [] +mgmt_parameters: + from_cobbler: 1 + +# if enabled, this setting ensures that puppet is installed during +# machine provision, a client certificate is generated and a +# certificate signing request is made with the puppet master server +puppet_auto_setup: 0 + +# when puppet starts on a system after installation it needs to have +# its certificate signed by the puppet master server. Enabling the +# following feature will ensure that the puppet server signs the +# certificate after installation if the puppet master server is +# running on the same machine as cobbler. This requires +# puppet_auto_setup above to be enabled +sign_puppet_certs_automatically: 0 + +# location of the puppet executable, used for revoking certificates +puppetca_path: "/usr/bin/puppet" + +# when a puppet managed machine is reinstalled it is necessary to +# remove the puppet certificate from the puppet master server before a +# new certificate is signed (see above). Enabling the following +# feature will ensure that the certificate for the machine to be +# installed is removed from the puppet master server if the puppet +# master server is running on the same machine as cobbler. This +# requires puppet_auto_setup above to be enabled +remove_old_puppet_certs_automatically: 0 + +# choose a --server argument when running puppetd/puppet agent during kickstart +#puppet_server: 'puppet' + +# let cobbler know that you're using a newer version of puppet +# choose version 3 to use: 'puppet agent'; version 2 uses status quo: 'puppetd' +#puppet_version: 2 + +# choose whether to enable puppet parameterized classes or not. +# puppet versions prior to 2.6.5 do not support parameters +#puppet_parameterized_classes: 1 + +# set to 1 to enable Cobbler's DHCP management features. +# the choice of DHCP management engine is in /etc/cobbler/modules.conf +manage_dhcp: 1 + +# set to 1 to enable Cobbler's DNS management features. +# the choice of DNS mangement engine is in /etc/cobbler/modules.conf +manage_dns: 1 + +# set to path of bind chroot to create bind-chroot compatible bind +# configuration files. This should be automatically detected. +bind_chroot_path: "" + +# set to the ip address of the master bind DNS server for creating secondary +# bind configuration files +bind_master: 127.0.0.1 + +# set to 1 to enable Cobbler's TFTP management features. +# the choice of TFTP mangement engine is in /etc/cobbler/modules.conf +manage_tftpd: 1 + +# set to 1 to enable Cobbler's RSYNC management features. +manage_rsync: 0 + +# if using BIND (named) for DNS management in /etc/cobbler/modules.conf +# and manage_dns is enabled (above), this lists which zones are managed +# See the Wiki (https://github.com/cobbler/cobbler/wiki/Dns-management) for more info +manage_forward_zones: ['ods.com'] +manage_reverse_zones: ['10','172.16'] + +# if using cobbler with manage_dhcp, put the IP address +# of the cobbler server here so that PXE booting guests can find it +# if you do not set this correctly, this will be manifested in TFTP open timeouts. +next_server: {{ cobbler_server }} + +# settings for power management features. optional. +# see https://github.com/cobbler/cobbler/wiki/Power-management to learn more +# choices (refer to codes.py): +# apc_snmp bladecenter bullpap drac ether_wake ilo integrity +# ipmilan ipmitool lpar rsa virsh wti +power_management_default_type: 'ipmitool' + +# the commands used by the power management module are sourced +# from what directory? +power_template_dir: "/etc/cobbler/power" + +# if this setting is set to 1, cobbler systems that pxe boot +# will request at the end of their installation to toggle the +# --netboot-enabled record in the cobbler system record. This eliminates +# the potential for a PXE boot loop if the system is set to PXE +# first in it's BIOS order. Enable this if PXE is first in your BIOS +# boot order, otherwise leave this disabled. See the manpage +# for --netboot-enabled. +pxe_just_once: 1 + +# the templates used for PXE config generation are sourced +# from what directory? +pxe_template_dir: "/etc/cobbler/pxe" + +# Path to where system consoles are +consoles: "/var/consoles" + +# Are you using a Red Hat management platform in addition to Cobbler? +# Cobbler can help you register to it. Choose one of the following: +# "off" : I'm not using Red Hat Network, Satellite, or Spacewalk +# "hosted" : I'm using Red Hat Network +# "site" : I'm using Red Hat Satellite Server or Spacewalk +# You will also want to read: https://github.com/cobbler/cobbler/wiki/Tips-for-RHN +redhat_management_type: "off" + +# if redhat_management_type is enabled, choose your server +# "management.example.org" : For Satellite or Spacewalk +# "xmlrpc.rhn.redhat.com" : For Red Hat Network +# This setting is also used by the code that supports using Spacewalk/Satellite users/passwords +# within Cobbler Web and Cobbler XMLRPC. Using RHN Hosted for this is not supported. +# This feature can be used even if redhat_management_type is off, you just have +# to have authn_spacewalk selected in modules.conf +redhat_management_server: "xmlrpc.rhn.redhat.com" + +# specify the default Red Hat authorization key to use to register +# system. If left blank, no registration will be attempted. Similarly +# you can set the --redhat-management-key to blank on any system to +# keep it from trying to register. +redhat_management_key: "" + +# if using authn_spacewalk in modules.conf to let cobbler authenticate +# against Satellite/Spacewalk's auth system, by default it will not allow per user +# access into Cobbler Web and Cobbler XMLRPC. +# in order to permit this, the following setting must be enabled HOWEVER +# doing so will permit all Spacewalk/Satellite users of certain types to edit all +# of cobbler's configuration. +# these roles are: config_admin and org_admin +# users should turn this on only if they want this behavior and +# do not have a cross-multi-org seperation concern. If you have +# a single org in your satellite, it's probably safe to turn this +# on and then you can use CobblerWeb alongside a Satellite install. +redhat_management_permissive: 0 + +# if set to 1, allows /usr/bin/cobbler-register (part of the koan package) +# to be used to remotely add new cobbler system records to cobbler. +# this effectively allows for registration of new hardware from system +# records. +register_new_installs: 0 + +# Flags to use for yum's reposync. If your version of yum reposync +# does not support -l, you may need to remove that option. +reposync_flags: "-l -n -d" + +# These options will be used for an rsync initiated by cobbler replicate +replicate_rsync_options: "-avzH" + +# when DHCP and DNS management are enabled, cobbler sync can automatically +# restart those services to apply changes. The exception for this is +# if using ISC for DHCP, then omapi eliminates the need for a restart. +# omapi, however, is experimental and not recommended for most configurations. +# If DHCP and DNS are going to be managed, but hosted on a box that +# is not on this server, disable restarts here and write some other +# script to ensure that the config files get copied/rsynced to the destination +# box. This can be done by modifying the restart services trigger. +# Note that if manage_dhcp and manage_dns are disabled, the respective +# parameter will have no effect. Most users should not need to change +# this. +restart_dns: 1 +restart_dhcp: 1 + +# install triggers are scripts in /var/lib/cobbler/triggers/install +# that are triggered in kickstart pre and post sections. Any +# executable script in those directories is run. They can be used +# to send email or perform other actions. They are currently +# run as root so if you do not need this functionality you can +# disable it, though this will also disable "cobbler status" which +# uses a logging trigger to audit install progress. +run_install_triggers: 1 + +# enables a trigger which version controls all changes to /var/lib/cobbler +# when add, edit, or sync events are performed. This can be used +# to revert to previous database versions, generate RSS feeds, or for +# other auditing or backup purposes. "git" and "hg" are currently suported, +# but git is the recommend SCM for use with this feature. +scm_track_enabled: 0 +scm_track_mode: "git" + +# this is the address of the cobbler server -- as it is used +# by systems during the install process, it must be the address +# or hostname of the system as those systems can see the server. +# if you have a server that appears differently to different subnets +# (dual homed, etc), you need to read the --server-override section +# of the manpage for how that works. +server: {{ cobbler_server }} + +# If set to 1, all commands will be forced to use the localhost address +# instead of using the above value which can force commands like +# cobbler sync to open a connection to a remote address if one is in the +# configuration and would traceback. +client_use_localhost: 0 + +# If set to 1, all commands to the API (not directly to the XMLRPC +# server) will go over HTTPS instead of plaintext. Be sure to change +# the http_port setting to the correct value for the web server +client_use_https: 0 + +# this is a directory of files that cobbler uses to make +# templating easier. See the Wiki for more information. Changing +# this directory should not be required. +snippetsdir: /var/lib/cobbler/snippets + +# Normally if a kickstart is specified at a remote location, this +# URL will be passed directly to the kickstarting system, thus bypassing +# the usual snippet templating Cobbler does for local kickstart files. If +# this option is enabled, Cobbler will fetch the file contents internally +# and serve a templated version of the file to the client. +template_remote_kickstarts: 0 + +# should new profiles for virtual machines default to auto booting with the physical host when the physical host reboots? +# this can be overridden on each profile or system object. +virt_auto_boot: 1 + +# cobbler's web directory. Don't change this setting -- see the +# Wiki on "relocating your cobbler install" if your /var partition +# is not large enough. +webdir: /var/www/cobbler + +# cobbler's public XMLRPC listens on this port. Change this only +# if absolutely needed, as you'll have to start supplying a new +# port option to koan if it is not the default. +xmlrpc_port: 25151 + +# "cobbler repo add" commands set cobbler up with repository +# information that can be used during kickstart and is automatically +# set up in the cobbler kickstart templates. By default, these +# are only available at install time. To make these repositories +# usable on installed systems (since cobbler makes a very convient) +# mirror, set this to 1. Most users can safely set this to 1. Users +# who have a dual homed cobbler server, or are installing laptops that +# will not always have access to the cobbler server may wish to leave +# this as 0. In that case, the cobbler mirrored yum repos are still +# accessable at http://cobbler.example.org/cblr/repo_mirror and yum +# configuration can still be done manually. This is just a shortcut. +yum_post_install_mirror: 1 + +# the default yum priority for all the distros. This is only used +# if yum-priorities plugin is used. 1=maximum. Tweak with caution. +yum_distro_priority: 1 + +# Flags to use for yumdownloader. Not all versions may support +# --resolve. +yumdownloader_flags: "--resolve" + +# sort and indent JSON output to make it more human-readable +serializer_pretty_json: 0 + +# replication rsync options for distros, kickstarts, snippets set to override default value of "-avzH" +replicate_rsync_options: "-avzH" + +# replication rsync options for repos set to override default value of "-avzH" +replicate_repo_rsync_options: "-avzH" diff --git a/install/roles/cobbler/templates/start.sh.j2 b/install/roles/cobbler/templates/start.sh.j2 new file mode 100644 index 0000000..023a479 --- /dev/null +++ b/install/roles/cobbler/templates/start.sh.j2 @@ -0,0 +1,34 @@ +#!/bin/bash + +export ipaddr=$(ip addr show eth0 | grep 'inet ' | awk '{ print $2}'|cut -d/ -f1) +sed -i "/^local-address/c\local-address $ipaddr;" /etc/cobbler/dhcp.template +sed -i "s/listen-on port 53 { \$listen_ip; }/listen-on port 53 \{ $ipaddr; \}/g" /etc/cobbler/named.template +sed -i "/^server/c\server: $ipaddr" /etc/cobbler/settings +sed -i "/^next_server/c\next_server: {{ cobbler_server }}" /etc/cobbler/settings +sed -i "s/http_server/server/g" /var/lib/cobbler/snippets/preseed_apt_repo_config +sed -i "/^manage_dhcp/c\manage_dhcp: 1" /etc/cobbler/settings + +service httpd restart +service cobblerd restart + +# import distros +cobbler import --path=/var/lib/cobbler/mount_point/CentOS-6.5-x86_64 --name=CentOS-6.5-x86_64 --arch=x86_64 --kickstart=/var/lib/cobbler/kickstarts/default.ks --breed=redhat +cobbler import --path=/var/lib/cobbler/mount_point/Ubuntu-12.04-x86_64 --name=Ubuntu-12.04-x86_64 --arch=x86_64 --kickstart=/var/lib/cobbler/kickstarts/default.seed --breed=ubuntu +cobbler import --path=/var/lib/cobbler/mount_point/Ubuntu-14.04-x86_64 --name=Ubuntu-14.04-x86_64 --arch=x86_64 --kickstart=/var/lib/cobbler/kickstarts/default.seed --breed=ubuntu + +# add profiles +cobbler profile edit --name=CentOS-6.5-x86_64 --repo=centos_ppa_repo --distro=CentOS-6.5-x86_64 --ksmeta="tree=http://{{ cobbler_server }}:{{ cobbler_mapped_http_port_on_host }}/cobbler/ks_mirror/CentOS-6.5-x86_64 http_port={{ cobbler_mapped_http_port_on_host }} cblr_server={{ cobbler_server }} rsyslog_port={{ rsyslog_port_mapped_on_host }} chef_validation_file=/etc/cobbler/chef-validator.pem chef_admin_file=/etc/cobbler/admin.pem" --kickstart=/var/lib/cobbler/kickstarts/default.ks +cobbler profile edit --name=Ubuntu-12.04-x86_64 --repo=ubuntu_ppa_repo --distro=Ubuntu-12.04-x86_64 --ksmeta="tree=http://{{ cobbler_server }}:{{ cobbler_mapped_http_port_on_host }}/cobbler/ks_mirror/Ubuntu-12.04-x86_64 http_port={{ cobbler_mapped_http_port_on_host }} cblr_server={{ cobbler_server }} rsyslog_port={{ rsyslog_port_mapped_on_host }} chef_validation_file=/etc/cobbler/chef-validator.pem chef_admin_file=/etc/cobbler/admin.pem" --kickstart=/var/lib/cobbler/kickstarts/default.seed --kopts="netcfg/choose_interface=auto" +cobbler profile edit --name=Ubuntu-14.04-x86_64 --repo=ubuntu_14_04_ppa_repo --distro=Ubuntu-14.04-x86_64 --ksmeta="tree=http://{{ cobbler_server }}:{{ cobbler_mapped_http_port_on_host }}/cobbler/ks_mirror/Ubuntu-14.04-x86_64 http_port={{ cobbler_mapped_http_port_on_host }} cblr_server={{ cobbler_server }} rsyslog_port={{ rsyslog_port_mapped_on_host }} chef_validation_file=/etc/cobbler/chef-validator.pem chef_admin_file=/etc/cobbler/admin.pem" --kickstart=/var/lib/cobbler/kickstarts/default.seed --kopts="netcfg/choose_interface=auto" + + +cobbler sync +cobbler check +service xinetd restart + +if [ ! -e /root/.ssh/id_rsa.pub ]; then + rm -rf /root/.ssh/id_rsa + ssh-keygen -t rsa -f /root/.ssh/id_rsa -q -N '' +fi + +tail -f /var/log/cobbler/cobbler.log diff --git a/install/roles/cobbler/templates/tftpd.template b/install/roles/cobbler/templates/tftpd.template new file mode 100644 index 0000000..0651a4f --- /dev/null +++ b/install/roles/cobbler/templates/tftpd.template @@ -0,0 +1,20 @@ +# default: off +# description: The tftp server serves files using the trivial file transfer \ +# protocol. The tftp protocol is often used to boot diskless \ +# workstations, download configuration files to network-aware printers, \ +# and to start the installation process for some operating systems. +service tftp +{ + disable = no + log_type = SYSLOG local5 info + socket_type = dgram + protocol = udp + wait = yes + user = $user + server = $binary + server_args = -B 1380 -v -s $args + instances = 1000 + per_source = 1000 + cps = 1000 2 + flags = IPv4 +} diff --git a/install/roles/cobbler/vars/main.yml b/install/roles/cobbler/vars/main.yml new file mode 100644 index 0000000..d25e134 --- /dev/null +++ b/install/roles/cobbler/vars/main.yml @@ -0,0 +1,15 @@ +#dockerized: True +compass_adapter_source: http://git.openstack.org/stackforge/compass-adapters +compass_adapter_version: dev/experimental +epel_file_name: epel-release-6-8.noarch.rpm +epel_base_url: http://download.fedoraproject.org/pub/epel/6/x86_64/ +epel7_base_url: http://download.fedoraproject.org/pub/epel/7/x86_64/e/ +cobbler_loaders_url: http://192.168.120.2/cobbler/loaders/loaders.tar.gz +ubuntu_14_04_ppa_repo_url: https://s3-us-west-1.amazonaws.com/compass-local-repo/ubuntu/14.04/ubuntu_14_04_ppa_repo.tar.gz +ubuntu_12_04_ppa_repo_url: https://s3-us-west-1.amazonaws.com/compass-local-repo/ubuntu/12.04/ubuntu_12_04_ppa_repo.tar.gz +centos_6_5_ppa_repo_url: https://s3-us-west-1.amazonaws.com/compass-local-repo/centos/6.5/centos_6_5_ppa_repo.tar.gz +mgmt_nic_ip: "{{ hostvars[inventory_hostname][mgmt_ansible_interface]['ipv4']['address'] }}" +mgmt_ansible_interface: "ansible_{{ mgmt_nic }}" +mgmt_ip_same: "{{ mgmt_nic_ip == mgmt_next_ip }}" +ppa_repo_url: "ppa_repo_{{ region }}_url" +iso_url: "iso_{{ region }}_url" diff --git a/install/roles/common/files/docker.list b/install/roles/common/files/docker.list new file mode 100644 index 0000000..0ee9ae0 --- /dev/null +++ b/install/roles/common/files/docker.list @@ -0,0 +1 @@ +deb https://get.docker.com/ubuntu docker main diff --git a/install/roles/common/tasks/Debian.yml b/install/roles/common/tasks/Debian.yml new file mode 100644 index 0000000..e69de29 diff --git a/install/roles/common/tasks/RedHat.yml b/install/roles/common/tasks/RedHat.yml new file mode 100644 index 0000000..e69de29 diff --git a/install/roles/common/tasks/docker-common.yml b/install/roles/common/tasks/docker-common.yml new file mode 100644 index 0000000..9043763 --- /dev/null +++ b/install/roles/common/tasks/docker-common.yml @@ -0,0 +1,48 @@ +- name: get all bridges + command: brctl show + register: bridges + +- name: bring down docker0 if found + shell: ip link set dev docker0 down + when: bridges.stdout.find('docker0') != -1 + +- name: remove docker0 if found + shell: brctl delbr docker0 + when: bridges.stdout.find('docker0') != -1 + +- name: bring down compass0 if found + shell: ip link set dev compass0 down + when: bridges.stdout.find('compass0') != -1 + +- name: remove compass0 if found + shell: brctl delbr compass0 + when: bridges.stdout.find('compass0') != -1 + +- name: add bridge compass0 + shell: brctl addbr compass0 + +- name: get compass0 info + command: ip addr + register: compass0_info + +- name: add ip addr to compass0 + shell: ip addr add {{ compass0_subnet }} dev compass0 + when: compass0_info.stdout.find("{{ compass0_subnet }}") == -1 + +- name: bring up compass0 + shell: ip link set dev compass0 up + +- name: register compass0 to docker daemon + lineinfile: dest=/etc/sysconfig/docker regexp=^other_args line=other_args=-b=compass0 + when: ansible_os_family == 'RedHat' + +- name: register compass0 when it's debian + lineinfile: dest=/etc/default/docker line=DOCKER_OPTS=-b=compass0 + when: ansible_os_family == 'Debian' + +- name: start docker daemon + service: name=docker state=started + +- name: remove all containers + shell: docker rm -f $(docker ps -aq) + ignore_errors: yes diff --git a/install/roles/common/tasks/docker-debian-precise.yml b/install/roles/common/tasks/docker-debian-precise.yml new file mode 100644 index 0000000..fb56f93 --- /dev/null +++ b/install/roles/common/tasks/docker-debian-precise.yml @@ -0,0 +1,28 @@ +- name: apt-get update + apt: update_cache=yes + +- name: find out if https exists in apt methods + stat: path=/usr/lib/apt/methods/https + register: existence + +- name: install apt-transport-https if https not in methods + apt: name=apt-transport-https + state=present + when: not existence.stat.exists + +- name: add docker repository key + shell: apt-key adv --keyserver {{ docker_apt_key_server }} --recv-keys {{ docker_apt_key }} + +- name: add a docker.list file to apt source list + copy: src=docker.list dest=/etc/apt/sources.list.d/docker.list + mode=0644 + +- name: update again + apt: update_cache=yes + +- name: get docker and brctl + apt: name={{ item }} + state=installed + with_items: + - lxc-docker + - bridge-utils diff --git a/install/roles/common/tasks/docker-debian-trusty.yml b/install/roles/common/tasks/docker-debian-trusty.yml new file mode 100644 index 0000000..e69de29 diff --git a/install/roles/common/tasks/docker-debian.yml b/install/roles/common/tasks/docker-debian.yml new file mode 100644 index 0000000..b93cf62 --- /dev/null +++ b/install/roles/common/tasks/docker-debian.yml @@ -0,0 +1,5 @@ +- include: docker-debian-precise.yml + when: ansible_distribution_major_version == '12' + +- include: docker-debian-trusty.yml + when: ansible_distribution_major_version == '14' diff --git a/install/roles/common/tasks/docker-prepare.yml b/install/roles/common/tasks/docker-prepare.yml new file mode 100644 index 0000000..e69de29 diff --git a/install/roles/common/tasks/docker-redhat.yml b/install/roles/common/tasks/docker-redhat.yml new file mode 100644 index 0000000..0e51bda --- /dev/null +++ b/install/roles/common/tasks/docker-redhat.yml @@ -0,0 +1,31 @@ +--- + +- name: get epel 6 + yum: name={{ epel_6 }} state=present + when: ansible_distribution_major_version == '6' + +# I've tried to do a "variable in variable" to dynamically load +# major version, so that getting the correct epel url is way easier. +# but ansible is not friendly with it, will need to dive more into +# it to see if there is a way. +- name: get epel 7 + yum: name={{ epel_7 }} state=present + when: ansible_distribution_major_version == '7' + +- name: get docker + yum: pkg=docker-io state=installed + when: ansible_distribution_major_version == '6' + +- name: get docker if el7 + yum: pkg=docker state=installed + when: ansible_distribution_major_version == '7' + +# install bridge util/python-pip package +- name: install brctl + yum: pkg={{ item }} state=installed + with_items: + - bridge-utils + - python-pip + +- name: pip install dockerpy + pip: name=docker-py diff --git a/install/roles/common/tasks/main.yml b/install/roles/common/tasks/main.yml new file mode 100644 index 0000000..a31e387 --- /dev/null +++ b/install/roles/common/tasks/main.yml @@ -0,0 +1,16 @@ +--- + +- include: RedHat.yml + when: ansible_os_family == 'RedHat' and not dockerized + +- include: Debian.yml + when: ansible_os_family == 'Debian' and not dockerized + +- include: docker-redhat.yml + when: ansible_os_family == 'RedHat' and dockerized + +- include: docker-debian.yml + when: ansible_os_family == 'Debian' and dockerized + +- include: docker-common.yml + when: dockerized diff --git a/install/roles/compass/files/ods-server.conf b/install/roles/compass/files/ods-server.conf new file mode 100644 index 0000000..a313dd8 --- /dev/null +++ b/install/roles/compass/files/ods-server.conf @@ -0,0 +1,18 @@ +# Apache config for ods server +# +# Specify python path if you use virtualenv + +WSGIDaemonProcess compass threads=4 display-name=%{GROUP} +WSGIProcessGroup compass +WSGIScriptAlias /api /var/www/compass/compass.wsgi +WSGISocketPrefix /var/run/wsgi + + + DocumentRoot /var/www/compass_web/v2 + + + Options Indexes FollowSymLinks + Order allow,deny + Allow from all + + diff --git a/install/roles/compass/files/start.sh b/install/roles/compass/files/start.sh new file mode 100644 index 0000000..767b1ec --- /dev/null +++ b/install/roles/compass/files/start.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +# activate virtualenv +source `which virtualenvwrapper.sh` +workon compass-core + +# start mysqld service, push it to bg +/usr/bin/mysqld_safe > /dev/null 2>&1 & + +RET=1 +while [[ RET -ne 0 ]]; do + echo "waiting for mariadb to startup" + sleep 5 + mysql -uroot -e "status" > /dev/null 2>&1 + RET=$? +done + +echo "mariadb started" + +# set mysql with default username and password +mysqladmin -h127.0.0.1 --port=3306 -u root password root + +# create db 'compass' +mysql -h127.0.0.1 --port=3306 -uroot -proot -e "create database compass" + +# start compass services +/opt/compass/bin/manage_db.py createdb +/usr/sbin/apachectl -k start +/usr/sbin/rabbitmq-server & +/usr/bin/redis-server & +/usr/sbin/ntpd & +ln -s /root/.virtualenvs/compass-core/bin/celery /opt/compass/bin/celery +CELERY_CONFIG_MODULE=compass.utils.celeryconfig_wrapper C_FORCE_ROOT=1 /opt/compass/bin/celery worker &> /tmp/celery-worker.log & +/opt/compass/bin/progress_update.py &> /tmp/progress_update.log & +touch /var/log/compass/celery.log +tail -f /var/log/compass/celery.log diff --git a/install/roles/compass/handlers/main.yml b/install/roles/compass/handlers/main.yml new file mode 100644 index 0000000..77340d6 --- /dev/null +++ b/install/roles/compass/handlers/main.yml @@ -0,0 +1,10 @@ +--- + +- name: restart compass service + service: name={{ item }} state=restarted enabled=yes + with_items: + - compass-celeryd + - compass-progress-updated + +- name: restart http service + service: name=httpd state=restarted enabled=yes diff --git a/install/roles/compass/tasks/Debian.yml b/install/roles/compass/tasks/Debian.yml new file mode 100644 index 0000000..e69de29 diff --git a/install/roles/compass/tasks/RedHat.yml b/install/roles/compass/tasks/RedHat.yml new file mode 100644 index 0000000..2ebffe9 --- /dev/null +++ b/install/roles/compass/tasks/RedHat.yml @@ -0,0 +1,231 @@ +--- + +- name: install base packages + yum: name={{ item }} state=present + with_items: + - wget + - git + +- name: check epel presence + command: rpm -q epel-release + register: epel_presence + ignore_errors: yes + +- name: check atomic repo presence + command: rpm -q atomic-release + register: atomic_presence + ignore_errors: yes + +#- name: get epel version +# command: 'wget -q {{ epel_base_url }} -O - |grep -oE "(href=\"epel-release-6-[0-9,.].*)" | cut -d'"' -f2' +# register: epel_file_name +# when: epel_presence.rc != 0 + +- name: install epel + yum: name={{ epel_base_url }}/{{ epel_file_name }} state=present + when: epel_presence.rc != 0 + +- name: install atomic repo + yum: name={{ atomic_base_url }}/{{ atomic_file_name }} state=present + when: atomic_presence.rc != 0 + +- name: yum update + yum: name=* state=latest + +- name: install essentials + yum: name={{ item }} state=present + with_items: + - git + - python-setuptools + - python-devel + - mysql-devel + - httpd + - mysql-server + - mysql + - MySQL-python + - redis + - mod_wsgi + - rabbitmq-server + +- name: stop iptables + service: name=iptables state=stopped enabled=no + +- name: disable selinux + selinux: state=disabled + +- name: disable selinux real time + shell: echo 0 > /selinux/enforce + +# TODO: currently compass use root user and group, apache has to +# be in root group to write wsgi logs in /var/log/compass/, need +# to run compass as its own user in the future. +# - name: append compass group to apache user groups +# user: name=apache groups=root append=yes + +- name: start mysqld + service: name=mysqld state=started enabled=yes + +- name: start rabbitmq server + service: name=rabbitmq-server state=started enabled=yes + +- name: initialize mysql password + mysql_user: user={{ compass_db_user }} password={{ compass_db_pass }} + priv=compass.*:ALL,GRANT state=present + +- name: create compass database + mysql_db: name=compass state=present + +- name: install pip + easy_install: name=pip + +- name: install virtualenv + pip: name=virtualenv extra_args='-i http://pypi.douban.com/simple/' + +- name: cloning compass-core + git: repo=http://git.openstack.org/stackforge/compass-core.git + dest={{ COMPASS_PATH }} + version=dev/experimental + force=yes + +- name: pip install compass into virtualenv + pip: name={{ COMPASS_PATH }} virtualenv={{ COMPASS_PATH }}/venv + extra_args='-i http://pypi.douban.com/simple/' + +- name: pip install latest setuptools + pip: name=setuptools + extra_args='-i http://pypi.douban.com/simple/' + state=latest + +- name: pip install latest setuptools2 + pip: name=setuptools + extra_args='-i http://pypi.douban.com/simple/' + state=latest + +- name: pip install ansible + pip: name=ansible + extra_args='-i http://pypi.douban.com/simple/' + state=latest + +- name: create compass directories + file: path={{ item }} state=directory + with_items: + - /etc/compass + - /opt/compass/bin + - /var/www/compass + - /var/www/compass_web + +- name: create /var/log/compass + file: path=/var/log/compass mode=0777 state=directory + +- name: create ansible folder + file: path=/var/ansible/run state=directory + when: "'ansible' in {{ pkg_installer }}" + +- name: clone recipes + git: repo={{ compass_adapter_source }} + dest=/opt/compass-adapters + version={{ compass_adapter_version }} + update=yes + force=yes + +- name: copy ansible scripts into ansible folder + shell: cp -rf /opt/compass-adapters/ansible/openstack_juno /var/ansible/. + when: "'ansible' in {{ pkg_installer }}" + +- name: write python home into switch virtualenv + lineinfile: dest={{ COMPASS_PATH }}/bin/switch_virtualenv.py.template + regexp="^virtual\_env\ \=\ \'\$PythonHome\'" + line="virtual_env = '/opt/compass-core/venv'" + +- name: rename switch_virtualenv template + command: cp {{ COMPASS_PATH }}/bin/switch_virtualenv.py.template {{ COMPASS_PATH }}/bin/switch_virtualenv.py + +- name: copy compass config files + shell: cp -rf {{ COMPASS_PATH }}/conf/* /etc/compass/ + +- name: copy service init file + shell: cp -rf {{ COMPASS_PATH }}/service/* /etc/init.d/ + +- name: copy compass bin file + shell: cp -rf {{ COMPASS_PATH }}/bin/*.py /opt/compass/bin/ + +- name: copy compass shell script + shell: cp -rf {{ COMPASS_PATH }}/bin/*.sh /opt/compass/bin/ + +- name: copy compass ansible callback + shell: cp -rf {{ COMPASS_PATH }}/bin/ansible_callbacks /opt/compass/bin/ + +- name: copy compass executable + shell: cp {{ COMPASS_PATH }}/bin/compassd /usr/bin/ + +- name: link compass check + file: src=/opt/compass/bin/compass_check.py dest=/usr/bin/compass state=link + +- name: link compass wsgi + file: src=/opt/compass/bin/compass_wsgi.py dest=/var/www/compass/compass.wsgi state=link + +- name: change celery env + shell: echo "export C_FORCE_ROOT=1" > /etc/profile.d/celery_env.sh + +- name: change file mode + file: path=/etc/profile.d/celery_env.sh mode=0755 + +- name: add compass setting + template: src=compass.setting.j2 dest=/etc/compass/setting + notify: + - restart compass service + - restart http service + +- name: add cobbler setting + template: src=cobbler.conf.nodocker.j2 dest=/etc/compass/os_installer/cobbler.conf + notify: + - restart compass service + - restart http service + +- name: link celery bin file + file: src={{ COMPASS_PATH }}/venv/bin/celery dest=/opt/compass/bin/celery state=link + notify: + - restart compass service + - restart http service + +- name: create redis folders + file: path={{ item }} state=directory owner=redis group=root + with_items: + - /var/log/redis + - /var/lib/redis + - /var/run/redis + +- name: make sure redis service not running + command: killall -9 redis-server + ignore_errors: yes + +- name: restart redis service + service: name=redis state=restarted enabled=yes + +- name: initialize db for compass + shell: /opt/compass/bin/manage_db.py createdb + run_once: True + +- name: copy ods-server httpd config + copy: src=ods-server.conf dest=/etc/httpd/conf.d/ods-server.conf + notify: + restart http service + +- name: clone compass web + git: repo=http://git.openstack.org/stackforge/compass-web.git + dest=/opt/compass-web + force=yes + +- name: copy web ui files + shell: cp -rf /opt/compass-web/v2 /var/www/compass_web/ + +- name: create switch file if test mode enabled + template: src=switch_machines_file.j2 + dest=/etc/compass/switch_machines_file + when: test is defined and test == True + +- name: inject switches and mac addresses + shell: /opt/compass/bin/manage_db.py set_switch_machines --switch_machines_file /etc/compass/switch_machines_file + when: test is defined and test == True +#- name: run compass check +# command: compass check diff --git a/install/roles/compass/tasks/docker.yml b/install/roles/compass/tasks/docker.yml new file mode 100644 index 0000000..672fadd --- /dev/null +++ b/install/roles/compass/tasks/docker.yml @@ -0,0 +1,72 @@ +--- + +# - name: load dynamic variable +# include_vars: "{{ shared_dir }}/dynamic.yml" + +- name: clean up docker directory + file: path=~/docker-compass state=absent + +- name: clean up log directory + file: path=/var/log/compass state=absent + +- name: create directory for docker and files + file: path=~/docker-compass/files state=directory + +- name: copy Dockerfile + template: src=Dockerfile.j2 dest=~/docker-compass/Dockerfile mode=0644 + +- name: copy switch machines file + template: src=switch_machines_file.j2 dest=~/docker-compass/files/switch_machines_file mode=0644 + when: test + +- name: copy start script + template: src=start.sh.j2 + dest=~/docker-compass/files/start.sh + mode=0755 + +- name: copy compass.pem + copy: src={{ shared_dir }}/keys/compass.pem + dest=~/docker-compass/files/compass.pem + mode=0644 + when: "'chef' in {{ pkg_installer }}" + +- name: copy chef config + template: src=chef-icehouse.conf.j2 dest=~/docker-compass/files/chef-icehouse.conf + mode=0644 + +- name: copy cobber conf + template: src=cobbler.conf.j2 dest=~/docker-compass/files/cobbler.conf + mode=0644 + +- name: copy compass setting + template: src=compass.setting.j2 dest=~/docker-compass/files/compass.setting + mode=0644 + +- name: get containers + command: docker ps -a + register: containers + +- name: remove compass container if any + shell: docker rm compass-dev + when: containers.stdout.find('compass-dev') != -1 + +- name: check if compass image already exists + command: docker images compass + register: image + +- name: remove image 'compass' if it exists and --rebuild is specified + shell: docker rmi -f compass + when: image.stdout.find('compass') != -1 and rebuild + +- name: build a docker image for compass + shell: docker build -t compass ~/docker-compass + when: image.stdout.find('compass') == -1 or rebuild + +- name: fork image and run a new compass container + shell: docker run --name=compass-dev -d {{ compass_port_mapping }} -i -t compass + +- name: remove dynamic generated vars + local_action: file path={{ shared_dir }}/{{ item }} state=absent + with_items: + - dynamic.yml + - keys diff --git a/install/roles/compass/tasks/main.yml b/install/roles/compass/tasks/main.yml new file mode 100644 index 0000000..0e2c0a8 --- /dev/null +++ b/install/roles/compass/tasks/main.yml @@ -0,0 +1,10 @@ +--- + +- include: RedHat.yml + when: ansible_os_family == 'RedHat' and not dockerized + +- include: Debian.yml + when: ansible_os_family == 'Debian' and not dockerized + +- include: docker.yml + when: dockerized diff --git a/install/roles/compass/templates/Dockerfile.j2 b/install/roles/compass/templates/Dockerfile.j2 new file mode 100644 index 0000000..1188823 --- /dev/null +++ b/install/roles/compass/templates/Dockerfile.j2 @@ -0,0 +1,17 @@ +FROM compassindocker/compass + +ADD files/start.sh /root/start.sh +ADD files/compass.setting /etc/compass/setting +ADD files/cobbler.conf /etc/compass/os_installer/cobbler.conf +{% if test%} +ADD files/switch_machines_file /etc/compass/switch_machines_file +{% endif %} +{% if 'chef' in pkg_installer %} +ADD files/chef-icehouse.conf /etc/compass/package_installer/chef-icehouse.conf +ADD files/compass.pem /etc/compass.pem +{% endif %} + +CMD ["/root/start.sh"] +EXPOSE 80 +EXPOSE 123 +EXPOSE 3128 diff --git a/install/roles/compass/templates/chef-icehouse.conf.j2 b/install/roles/compass/templates/chef-icehouse.conf.j2 new file mode 100644 index 0000000..eeab424 --- /dev/null +++ b/install/roles/compass/templates/chef-icehouse.conf.j2 @@ -0,0 +1,10 @@ +NAME = 'chef_installer' +INSTANCE_NAME = 'chef_installer' +SETTINGS = { + 'chef_url': 'https://{{ chef_server }}', + 'chef_server_ip': '{{ chef_server }}', + 'chef_server_dns': 'compass', + 'key_dir': '/etc/compass.pem', + 'client_name': 'compass', + 'databags': [] +} diff --git a/install/roles/compass/templates/cobbler.conf.j2 b/install/roles/compass/templates/cobbler.conf.j2 new file mode 100644 index 0000000..36002c4 --- /dev/null +++ b/install/roles/compass/templates/cobbler.conf.j2 @@ -0,0 +1,9 @@ +NAME = 'cobbler' +INSTANCE_NAME = 'cobbler' +SETTINGS = { + 'cobbler_url': 'http://{{ cobbler_server }}:{{ cobbler_mapped_http_port_on_host }}/cobbler_api', + 'credentials': { + 'username': 'cobbler', + 'password': 'cobbler' + } +} diff --git a/install/roles/compass/templates/cobbler.conf.nodocker.j2 b/install/roles/compass/templates/cobbler.conf.nodocker.j2 new file mode 100644 index 0000000..ee6cfc2 --- /dev/null +++ b/install/roles/compass/templates/cobbler.conf.nodocker.j2 @@ -0,0 +1,9 @@ +NAME = 'cobbler' +INSTANCE_NAME = 'cobbler' +SETTINGS = { + 'cobbler_url': 'http://{{ cobbler_server }}/cobbler_api', + 'credentials': { + 'username': 'cobbler', + 'password': 'cobbler' + } +} diff --git a/install/roles/compass/templates/compass.setting.j2 b/install/roles/compass/templates/compass.setting.j2 new file mode 100644 index 0000000..a8d79c6 --- /dev/null +++ b/install/roles/compass/templates/compass.setting.j2 @@ -0,0 +1,33 @@ +CONFIG_DIR = '/etc/compass' +DATABASE_TYPE = 'mysql' +DATABASE_USER = '{{ compass_db_user }}' +DATABASE_PASSWORD = '{{ compass_db_pass }}' +DATABASE_SERVER = '127.0.0.1:3306' +DATABASE_NAME = 'compass' +SQLALCHEMY_DATABASE_URI = '%s://%s:%s@%s/%s' % (DATABASE_TYPE, DATABASE_USER, DATABASE_PASSWORD, DATABASE_SERVER, DATABASE_NAME) +SQLALCHEMY_DATABASE_POOL_TYPE = 'instant' +INSTALLATION_LOGDIR = { + 'CobblerInstaller': '/var/log/cobbler/anamon', + 'ChefInstaller': '/var/log/chef' +} +DEFAULT_LOGLEVEL = 'debug' +DEFAULT_LOGDIR = '/var/log/compass' +DEFAULT_LOGINTERVAL = 6 +DEFAULT_LOGINTERVAL_UNIT = 'h' +DEFAULT_LOGFORMAT = '%(asctime)s - %(filename)s - %(lineno)d - %(levelname)s - %(message)s' +WEB_LOGFILE = 'compass.log' +CELERY_LOGFILE = 'celery.log' +CELERYCONFIG_DIR = '/etc/compass' +CELERYCONFIG_FILE = 'celeryconfig' +PROGRESS_UPDATE_INTERVAL=30 +POLLSWITCH_INTERVAL=60 +SWITCHES = [ +] +TMPL_DIR = '/etc/compass/templates' +#COMPASS_SUPPORTED_PROXY = 'http://{{ ansible_ssh_host }}:3128' +#COMPASS_SUPPORTED_DEFAULT_NOPROXY = ['127.0.0.1','{{ ansible_ssh_host }}','compass'] +#COMPASS_SUPPORTED_NTP_SERVER = '{{ ansible_ssh_host }}' +#COMPASS_SUPPORTED_DNS_SERVERS = ['{{ ansible_ssh_host }}'] +#COMPASS_SUPPORTED_DOMAINS = ['ods.com'] +#COMPASS_SUPPORTED_DEFAULT_GATEWAY = '{{ mgmt_router }}' +#COMPASS_SUPPORTED_LOCAL_REPO = 'http://{{ ansible_ssh_host }}' diff --git a/install/roles/compass/templates/start.sh.j2 b/install/roles/compass/templates/start.sh.j2 new file mode 100644 index 0000000..87dc01f --- /dev/null +++ b/install/roles/compass/templates/start.sh.j2 @@ -0,0 +1,42 @@ +#!/bin/bash + +# activate virtualenv +source `which virtualenvwrapper.sh` +workon compass-core + +# start mysqld service, push it to bg +/usr/bin/mysqld_safe > /dev/null 2>&1 & + +RET=1 +while [[ RET -ne 0 ]]; do + echo "waiting for mariadb to startup" + sleep 5 + mysql -uroot -e "status" > /dev/null 2>&1 + RET=$? +done + +echo "mariadb started" + +# set mysql with default username and password +mysqladmin -h127.0.0.1 --port=3306 -u root password root + +# create db 'compass' +mysql -h127.0.0.1 --port=3306 -uroot -proot -e "create database compass" + +# start compass services +/opt/compass/bin/manage_db.py createdb + +# insert pxe boot machines for test +{% if test %} +/opt/compass/bin/manage_db.py set_switch_machines --switch_machines_file /etc/compass/switch_machines_file +{% endif %} + +/usr/sbin/apachectl -k start +/usr/sbin/rabbitmq-server & +/usr/bin/redis-server & +/usr/sbin/ntpd & +ln -s /root/.virtualenvs/compass-core/bin/celery /opt/compass/bin/celery +CELERY_CONFIG_MODULE=compass.utils.celeryconfig_wrapper C_FORCE_ROOT=1 /opt/compass/bin/celery worker &> /tmp/celery-worker.log & +/opt/compass/bin/progress_update.py &> /tmp/progress_update.log & +touch /var/log/compass/celery.log +tail -f /var/log/compass/celery.log diff --git a/install/roles/compass/templates/switch_machines_file.j2 b/install/roles/compass/templates/switch_machines_file.j2 new file mode 100644 index 0000000..489befc --- /dev/null +++ b/install/roles/compass/templates/switch_machines_file.j2 @@ -0,0 +1,4 @@ +switch,1.1.1.1,huawei,2c,public,under_monitoring +{% for mac in pxe_boot_macs %} +machine,1.1.1.1,8,{{ mac }} +{% endfor %} diff --git a/install/roles/compass/vars/main.yml b/install/roles/compass/vars/main.yml new file mode 100644 index 0000000..17cee8f --- /dev/null +++ b/install/roles/compass/vars/main.yml @@ -0,0 +1,4 @@ +dockerized: False +compass_db_user: compass +compass_db_pass: compass +COMPASS_PATH: /opt/compass-core diff --git a/install/roles/precheck/tasks/chef.yml b/install/roles/precheck/tasks/chef.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/install/roles/precheck/tasks/chef.yml @@ -0,0 +1 @@ +--- diff --git a/install/roles/precheck/tasks/cobbler.yml b/install/roles/precheck/tasks/cobbler.yml new file mode 100644 index 0000000..e69de29 diff --git a/install/roles/precheck/tasks/compass.yml b/install/roles/precheck/tasks/compass.yml new file mode 100644 index 0000000..e69de29 diff --git a/install/roles/precheck/tasks/docker.yml b/install/roles/precheck/tasks/docker.yml new file mode 100644 index 0000000..1201483 --- /dev/null +++ b/install/roles/precheck/tasks/docker.yml @@ -0,0 +1,14 @@ +--- + +- name: check if docker is running + command: ps -ef + register: processes + +- name: check if there is containers if docker is running + command: docker ps -a + register: containers + when: processes.stdout.find("docker") != -1 + +- name: write files if container exists + local_action: file path="/tmp/{{ container_name }}" mode=0644 state=touch + when: processes.stdout.find("docker") != -1 and containers.stdout.find("{{ container_name }}") != -1 diff --git a/install/roles/precheck/tasks/main.yml b/install/roles/precheck/tasks/main.yml new file mode 100644 index 0000000..90ee914 --- /dev/null +++ b/install/roles/precheck/tasks/main.yml @@ -0,0 +1,7 @@ +--- + +- include: no-docker.yml + when: not dockerized + +- include: docker.yml + when: dockerized diff --git a/install/roles/precheck/tasks/no-docker.yml b/install/roles/precheck/tasks/no-docker.yml new file mode 100644 index 0000000..1181fa2 --- /dev/null +++ b/install/roles/precheck/tasks/no-docker.yml @@ -0,0 +1,10 @@ +--- + +- include: chef.yml + when: type == "chef" + +- include: cobbler.yml + when: type == "cobbler" + +- include: compass.yml + when: type == "compass" diff --git a/install/roles/regtest-compass/files/setting b/install/roles/regtest-compass/files/setting new file mode 100644 index 0000000..1ac04da --- /dev/null +++ b/install/roles/regtest-compass/files/setting @@ -0,0 +1,5 @@ +DEFAULT_LOGLEVEL = 'info' +DEFAULT_LOGDIR = '/var/log/compass' +DEFAULT_LOGINTERVAL = 6 +DEFAULT_LOGINTERVAL_UNIT = 'h' +DEFAULT_LOGFORMAT = '%(asctime)s - %(filename)s - %(lineno)d - %(levelname)s - %(message)s' diff --git a/install/roles/regtest-compass/tasks/main.yml b/install/roles/regtest-compass/tasks/main.yml new file mode 100644 index 0000000..f5812e8 --- /dev/null +++ b/install/roles/regtest-compass/tasks/main.yml @@ -0,0 +1,45 @@ +--- + +- name: install essentials + yum: name={{ item }} state=present + with_items: + - git + - python-setuptools + - python-devel + - mysql-devel + +- name: install pip + easy_install: name=pip + +- name: install virtualenv + pip: name=virtualenv + +- name: cloning compass-core + git: repo=http://git.openstack.org/stackforge/compass-core.git + dest={{ COMPASS_PATH }} + version=dev/experimental + +- name: pip install compass into virtualenv + pip: name={{ COMPASS_PATH }} virtualenv={{ COMPASS_PATH }}/venv + +- name: write compass setting file + copy: src=setting dest=/etc/compass/setting + +- name: create log dir + file: path=/var/log/compass state=directory + +- name: write python home into switch virtualenv + lineinfile: dest={{ COMPASS_PATH }}/bin/switch_virtualenv.py.template + regexp="^virtual\_env\ \=\ \'\$PythonHome\'" + line="virtual_env = '/opt/compass-core/venv'" + +- name: rename switch_virtualenv template + command: mv {{ COMPASS_PATH }}/bin/switch_virtualenv.py.template {{ COMPASS_PATH }}/bin/switch_virtualenv.py + +- name: copy client script + template: src=client.sh.j2 dest=/opt/client.sh mode=0755 + +- name: initiate deployment + shell: /opt/client.sh > /var/log/regtest.log + async: 360 + poll: 60 diff --git a/install/roles/regtest-compass/templates/client.sh.j2 b/install/roles/regtest-compass/templates/client.sh.j2 new file mode 100644 index 0000000..2aebccd --- /dev/null +++ b/install/roles/regtest-compass/templates/client.sh.j2 @@ -0,0 +1,17 @@ +{{ COMPASS_PATH }}/bin/client.py --logfile= --loglevel=debug --logdir= --compass_server={{ COMPASS_SERVER_URL }} \ +--compass_user_email={{ COMPASS_USER_EMAIL }} --compass_user_password={{ COMPASS_USER_PASSWORD }} \ +--cluster_name={{ CLUSTER_NAME }} --language={{ LANGUAGE }} --timezone={{ TIMEZONE }} \ +--hostnames={{ HOSTNAMES }} --partitions={{ PARTITIONS }} --subnets={{ SUBNETS }} \ +--adapter_os_pattern={{ ADAPTER_OS_PATTERN }} --adapter_name={{ ADAPTER_NAME }} \ +--adapter_target_system_pattern={{ ADAPTER_TARGET_SYSTEM_PATTERN }} \ +--adapter_flavor_pattern={{ ADAPTER_FLAVOR_PATTERN }} \ +--http_proxy={{ PROXY }} --https_proxy={{ PROXY }} --no_proxy={{ IGNORE_PROXY }} \ +--ntp_server={{ NTP_SERVER }} --dns_servers={{ NAMESERVERS }} --domain={{ DOMAIN }} \ +--search_path={{ SEARCH_PATH }} --default_gateway={{ GATEWAY }} \ +--server_credential={{ SERVER_CREDENTIAL }} --local_repo_url={{ LOCAL_REPO_URL }} \ +--os_config_json_file={{ OS_CONFIG_FILENAME }} --service_credentials={{ SERVICE_CREDENTIALS }} \ +--console_credentials={{ CONSOLE_CREDENTIALS }} --host_networks={{ HOST_NETWORKS }} \ +--network_mapping={{ NETWORK_MAPPING }} --package_config_json_file={{ PACKAGE_CONFIG_FILENAME }} \ +--host_roles={{ HOST_ROLES }} --default_roles={{ DEFAULT_ROLES }} --switch_ips={{ SWITCH_IPS }} \ +--machines={{ pxe_boot_macs |join(',') }} --switch_credential={{ SWITCH_CREDENTIAL }} \ +--deployment_timeout={{ DEPLOYMENT_TIMEOUT }} --${POLL_SWITCHES_FLAG} --dashboard_url={{ DASHBOARD_URL }} diff --git a/install/site.yml b/install/site.yml new file mode 100644 index 0000000..389987d --- /dev/null +++ b/install/site.yml @@ -0,0 +1,18 @@ +--- + +- hosts: chefnodes + sudo: True + roles: + - chef + +- hosts: cobblernodes + sudo: True + roles: + - common + - cobbler + +- hosts: compassnodes + sudo: True + roles: + - common + - compass