x
/
compass-install
Code Issues Proposed changes

Revert "Retire stackforge/compass-install" 

This reverts commit 2614e5fa95.

The repository is actually maintained, the authors merely
misunderstood the stackforge namespace retirement maintenance
announcements[1] and didn't realize they needed to notify us of that
status. Reverting the repository to its former state in preparation
for a namespace move in a coming project rename maintenance.

[1] http://lists.openstack.org/pipermail/openstack-infra/2015-August/003119.html

Change-Id: I6ccdcd8f8a084711c265e42c77b3b4159af27b24
This commit is contained in:
Xicheng Chang 2015-11-03 17:35:40 -08:00
parent 2614e5fa95
commit fa5f106bf6
123 changed files with 5028 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
install/inventories
.vagrant

4
.gitreview Normal file
View File

@ -0,0 +1,4 @@
[gerrit]
host=review.openstack.org
port=29418
project=stackforge/compass-install.git

23
README.md Normal file
View File

@ -0,0 +1,23 @@
Compass Install
===============
How to use examples/compass?
---------------------------------------------
1. Make sure you have docker installed.
2. Make sure you have working cobbler and chef servers, where all adapter related code has been updated to the latest.
3. Go to your chef server's web UI and create a client with admin privileges, name it as docker-controller.
4. You will have ONE CHANCE to copy the private key, copy it and paste it to replace `conf/chef-client.pem`
5. Go to `examples/compass/conf` directory
6. Edit chef-icehouse.conf, change '10.145.89.140' to your chef server's IP.
7. Edit cobbler.conf and change the IP to your cobbler server's IP.
8. Edit compass.setting
- COMPASS\_SUPPORTED\_PROXY: this is not supported in containerized compass, use the default value
- COMPASS\_SUPPORTED\_DEFAULT_NOPROXY: default value
- COMPASS\_SUPPORTED\_NTP\_SERVER: I am planning to move ntpd to cobbler container, so for now just point this value to any working compass server.
- COMPASS\_DNS\_SERVERS: cobbler server takes care of dns, use cobbler server IP
- COMPASS\_SUPPROTED\_DOMAINS: default
- COMPASS\_SUPPORTED\_DEFAULT_GATEWAY: default
- COMPASS\_SUPPORTED\_LOCAL\_REPO: use `http://$your\_host\_for\_docker:8080`
9. Go to `examples/compass` and run `docker build -t {image_name} .`
10. Once build finishes, run `docker run -d -p 8080:80 -i -t {image_name}`
11. celery log will be displayed on terminal, once the start script finishes running, open your web browser and go to `http://$your\_host\_for\_docker:8080`

7
README.rst
View File

@ -1,7 +0,0 @@
This project is no longer maintained.
The contents of this repository are still available in the Git source code
management system. To see the contents of this repository before it reached
its end of life, please check out the previous commit with
"git checkout HEAD^1".

43
Vagrantfile vendored Normal file
View File

@ -0,0 +1,43 @@
Vagrant.configure("2") do |config|
config.vm.define :compass_vm do |compass_vm|
compass_vm.vm.box = "precise64"
compass_vm.vm.network :private_network, :ip=>"10.1.0.11", :libvirt__dhcp_enabled=>false
compass_vm.vm.provider :libvirt do |domain|
domain.memory = 2048
domain.cpus =2
domain.nested =true
domain.graphics_ip="0.0.0.0"
end
compass_vm.vm.provision "ansible" do |ansible|
ansible.playbook="install/allinone_nochef.yml"
end
end
config.vm.define :compass_nodocker do |compass_nodocker|
compass_nodocker.vm.box = "centos65"
compass_nodocker.vm.network :private_network, :ip=>"10.1.0.12", :libvirt__dhcp_enabled=>false
compass_nodocker.vm.provider :libvirt do |domain|
domain.memory = 4096
domain.cpus =4
domain.nested =true
domain.graphics_ip="0.0.0.0"
domain.management_network_address="192.168.200.0/24"
end
compass_nodocker.vm.provision "ansible" do |ansible|
ansible.playbook="install/compass_nodocker.yml"
# ansible.tags="debug"
end
end
config.vm.define :regtest_vm do |regtest_vm|
regtest_vm.vm.box = "centos65"
regtest_vm.vm.network :private_network, :ip=>"10.1.0.253", :libvirt__dhcp_enabled=>false
regtest_vm.vm.provider :libvirt do |domain|
domain.memory = 1024
domain.cpus = 2
domain.nested = true
domain.graphics_ip="0.0.0.0"
end
regtest_vm.vm.provision "ansible" do |ansible|
ansible.playbook="install/regtest.yml"
end
end
end

43
ci/Vagrantfile vendored Normal file
View File

@ -0,0 +1,43 @@
Vagrant.configure("2") do |config|
config.vm.define :compass_vm do |compass_vm|
compass_vm.vm.box = "precise64"
compass_vm.vm.network :private_network, :ip=>"10.1.0.11", :libvirt__dhcp_enabled=>false
compass_vm.vm.provider :libvirt do |domain|
domain.memory = 2048
domain.cpus =2
domain.nested =true
domain.graphics_ip="0.0.0.0"
end
compass_vm.vm.provision "ansible" do |ansible|
ansible.playbook="install/allinone_nochef.yml"
end
end
config.vm.define :compass_nodocker do |compass_nodocker|
compass_nodocker.vm.box = "centos65"
compass_nodocker.vm.network :private_network, :ip=>"10.1.0.12", :libvirt__dhcp_enabled=>false
compass_nodocker.vm.provider :libvirt do |domain|
domain.memory = 4096
domain.cpus =4
domain.nested =true
domain.graphics_ip="0.0.0.0"
domain.management_network_address="192.168.200.0/24"
end
compass_nodocker.vm.provision "ansible" do |ansible|
ansible.playbook="install/compass_nodocker.yml"
# ansible.tags="debug"
end
end
config.vm.define :regtest_vm do |regtest_vm|
regtest_vm.vm.box = "centos65"
regtest_vm.vm.network :private_network, :ip=>"10.1.0.253", :libvirt__dhcp_enabled=>false
regtest_vm.vm.provider :libvirt do |domain|
domain.memory = 1024
domain.cpus = 2
domain.nested = true
domain.graphics_ip="0.0.0.0"
end
regtest_vm.vm.provision "ansible" do |ansible|
ansible.playbook="install/regtest.yml"
end
end
end

40
ci/conf/four-ansible.conf Normal file
View File

@ -0,0 +1,40 @@
export VIRT_NUMBER=4
export VIRT_CPUS=4
export VIRT_MEM=4096
export VIRT_DISK=30G
export COMPASS_SERVER_URL="http://10.1.0.12/api"
export COMPASS_USER_EMAIL="admin@huawei.com"
export COMPASS_USER_PASSWORD="admin"
export CLUSTER_NAME="opnfv"
export LANGUAGE="EN"
export TIMEZONE="America/Los_Angeles"
export HOSTNAMES="host1,host2,host3,host4"
export NTP_SERVER="10.1.0.12"
export NAMESERVERS="10.1.0.12"
export DOMAIN="ods.com"
export PARTITIONS="/home=5%,/tmp=5%,/var=20%"
export SUBNETS="10.1.0.0/24,172.16.2.0/24,172.16.3.0/24,172.16.4.0/24"
export 'ADAPTER_OS_PATTERN=(?i)ubuntu-14\.04.*'
#export 'ADAPTER_OS_PATTERN=(?i)centos-6\.5.*'
export ADAPTER_NAME="openstack_juno"
export ADAPTER_TARGET_SYSTEM_PATTERN="^openstack$"
export ADAPTER_FLAVOR_PATTERN="single-controller"
export HOST_ROLES="host1=controller;host2=network;host3=compute;host4=storage"
export DEFAULT_ROLES="controller"
export PROXY=""
export IGNORE_PROXY=""
export SEARCH_PATH="ods.com"
export GATEWAY="10.1.0.1"
export SERVER_CREDENTIAL="root"
export LOCAL_REPO_URL=""
export OS_CONFIG_FILENAME=""
export SERVICE_CREDENTIALS="service"
export CONSOLE_CREDENTIALS="console"
export HOST_NETWORKS="host1:eth0=10.1.0.100|is_mgmt,eth1=172.16.2.100,eth2=172.16.3.100,eth3=172.16.4.100;host2:eth0=10.1.0.101|is_mgmt,eth1=172.16.2.101,eth2=172.16.3.101,eth3=172.16.4.101;host3:eth0=10.1.0.102|is_mgmt,eth1=172.16.2.102;host4:eth0=10.1.0.103|is_mgmt,eth1=172.16.2.103"
export NETWORK_MAPPING="management=eth0,tenant=eth1,storage=eth3,external=eth2"
export PACKAGE_CONFIG_FILENAME=""
export SWITCH_IPS="1.1.1.1"
export SWITCH_CREDENTIAL="version=2c,community=public"
export DEPLOYMENT_TIMEOUT="90"
export POLL_SWITCHES_FLAG="nopoll_switches"
export DASHBOARD_URL=""

40
ci/conf/two.conf Normal file
View File

@ -0,0 +1,40 @@
export VIRT_NUMBER=2
export VIRT_CPUS=4
export VIRT_MEM=4096
export VIRT_DISK=30G
export COMPASS_SERVER_URL="http://10.1.0.12/api"
export COMPASS_USER_EMAIL="admin@huawei.com"
export COMPASS_USER_PASSWORD="admin"
export CLUSTER_NAME="opnfv"
export LANGUAGE="EN"
export TIMEZONE="America/Los_Angeles"
export HOSTNAMES="host1,host2"
export NTP_SERVER="10.1.0.12"
export NAMESERVERS="10.1.0.12"
export DOMAIN="ods.com"
export PARTITIONS="/home=5%,/tmp=5%,/var=20%"
export SUBNETS="10.1.0.0/24,172.16.2.0/24,172.16.3.0/24,172.16.4.0/24"
export 'ADAPTER_OS_PATTERN=(?i)ubuntu-14\.04.*'
#export 'ADAPTER_OS_PATTERN=(?i)centos-6\.5.*'
export ADAPTER_NAME="os_only"
export ADAPTER_TARGET_SYSTEM_PATTERN=""
export ADAPTER_FLAVOR_PATTERN=""
export PROXY=""
export IGNORE_PROXY=""
export SEARCH_PATH="ods.com"
export GATEWAY="10.1.0.1"
export SERVER_CREDENTIAL="root"
export LOCAL_REPO_URL=""
export OS_CONFIG_FILENAME=""
export SERVICE_CREDENTIALS="service"
export CONSOLE_CREDENTIALS="console"
export HOST_NETWORKS="host1:eth0=10.1.0.100|is_mgmt,eth1=172.16.2.100,eth2=172.16.3.100,eth3=172.16.4.100;host2:eth0=10.1.0.101|is_mgmt,eth1=172.16.2.101,eth2=172.16.3.101,eth3=172.16.4.101"
export NETWORK_MAPPING="management=eth0,tenant=eth1,storage=eth3,external=eth2"
export PACKAGE_CONFIG_FILENAME=""
export HOST_ROLES=""
export DEFAULT_ROLES=""
export SWITCH_IPS="1.1.1.1"
export SWITCH_CREDENTIAL="version=2c,community=public"
export DEPLOYMENT_TIMEOUT="90"
export POLL_SWITCHES_FLAG="nopoll_switches"
export DASHBOARD_URL=""

44
ci/deploy-vm.sh Normal file
View File

@ -0,0 +1,44 @@
cd ..
rm -rf compass-core
git clone http://git.openstack.org/stackforge/compass-core -b dev/experimental
cd compass-core
virtualenv venv
source venv/bin/activate
pip install -e .
if [[ ! -f /var/log/compass ]]; then
sudo mkdir /var/log/compass
sudo chown -R 777 /var/log/compass
fi
if [[ ! -f /etc/compass ]]; then
sudo mkdir /etc/compass
sudo cp -rf conf/setting /etc/compass/.
fi
cp bin/switch_virtualenv.py.template bin/switch_virtualenv.py
sed -i "s|\$PythonHome|$VIRTUAL_ENV|g" bin/switch_virtualenv.py
#source ../compass-install/ci/allinone.conf
bin/client.py --logfile= --loglevel=debug --logdir= --compass_server="${COMPASS_SERVER_URL}" \
--compass_user_email="${COMPASS_USER_EMAIL}" --compass_user_password="${COMPASS_USER_PASSWORD}" \
--cluster_name="${CLUSTER_NAME}" --language="${LANGUAGE}" --timezone="${TIMEZONE}" \
--hostnames="${HOSTNAMES}" --partitions="${PARTITIONS}" --subnets="${SUBNETS}" \
--adapter_os_pattern="${ADAPTER_OS_PATTERN}" --adapter_name="${ADAPTER_NAME}" \
--adapter_target_system_pattern="${ADAPTER_TARGET_SYSTEM_PATTERN}" \
--adapter_flavor_pattern="${ADAPTER_FLAVOR_PATTERN}" \
--http_proxy="${PROXY}" --https_proxy="${PROXY}" --no_proxy="${IGNORE_PROXY}" \
--ntp_server="${NTP_SERVER}" --dns_servers="${NAMESERVERS}" --domain="${DOMAIN}" \
--search_path="${SEARCH_PATH}" --default_gateway="${GATEWAY}" \
--server_credential="${SERVER_CREDENTIAL}" --local_repo_url="${LOCAL_REPO_URL}" \
--os_config_json_file="${OS_CONFIG_FILENAME}" --service_credentials="${SERVICE_CREDENTIALS}" \
--console_credentials="${CONSOLE_CREDENTIALS}" --host_networks="${HOST_NETWORKS}" \
--network_mapping="${NETWORK_MAPPING}" --package_config_json_file="${PACKAGE_CONFIG_FILENAME}" \
--host_roles="${HOST_ROLES}" --default_roles="${DEFAULT_ROLES}" --switch_ips="${SWITCH_IPS}" \
--machines=${machines//\'} --switch_credential="${SWITCH_CREDENTIAL}" \
--deployment_timeout="${DEPLOYMENT_TIMEOUT}" --${POLL_SWITCHES_FLAG} --dashboard_url="${DASHBOARD_URL}"
tear_down_machines
#cd ../compass-install
#sudo vagrant destroy compass_nodocker
if [[ $? != 0 ]]; then
echo "deployment failed"
exit 1
else
echo "deployment complete"
fi

4
ci/deploy.sh Executable file
View File

@ -0,0 +1,4 @@
SCRIPT_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
source ${SCRIPT_DIR}/prepare.sh || exit $?
source ${SCRIPT_DIR}/setup-env.sh || exit $?
source ${SCRIPT_DIR}/deploy-vm.sh || exit $?

20
ci/func.sh Normal file
View File

@ -0,0 +1,20 @@
function tear_down_machines() {
virtmachines=$(virsh list --name |grep pxe)
for virtmachine in $virtmachines; do
echo "destroy $virtmachine"
virsh destroy $virtmachine
if [[ "$?" != "0" ]]; then
echo "destroy instance $virtmachine failed"
exit 1
fi
done
virtmachines=$(virsh list --all --name |grep pxe)
for virtmachine in $virtmachines; do
echo "undefine $virtmachine"
virsh undefine $virtmachine
if [[ "$?" != "0" ]]; then
echo "undefine instance $virtmachine failed"
exit 1
fi
done
}

23
ci/mac_generator.sh Executable file
View File

@ -0,0 +1,23 @@
#!/bin/bash
function mac_address_part() {
hex_number=$(printf '%02x' $RANDOM)
number_length=${#hex_number}
number_start=$(expr $number_length - 2)
echo ${hex_number:$number_start:2}
}
function mac_address() {
echo "'00:00:$(mac_address_part):$(mac_address_part):$(mac_address_part):$(mac_address_part)'"
}
machines=''
for i in `seq $1`; do
mac=$(mac_address)
if [[ -z $machines ]]; then
machines="${mac}"
else
machines="${machines} ${mac}"
fi
done
echo ${machines}

35
ci/prepare.sh Normal file
View File

@ -0,0 +1,35 @@
sudo apt-get update -y
sudo apt-get install git python-pip python-dev -y
vagrant --version
if [[ $? != 0 ]]; then
vagrant_pkg_url=https://dl.bintray.com/mitchellh/vagrant/vagrant_1.7.2_x86_64.deb
wget ${vagrant_pkg_url}
sudo dpkg -i $(basename ${vagrant_pkg_url})
else
echo "vagrant is already installed"
fi
sudo apt-get install libxslt-dev libxml2-dev libvirt-dev build-essential qemu-utils qemu-kvm libvirt-bin virtinst libmysqld-dev -y
sudo service libvirt-bin restart
for plugin in vagrant-libvirt vagrant-mutate; do
vagrant plugin list |grep $plugin
if [[ $? != 0 ]]; then
vagrant plugin install $plugin
else
echo "$plugin plugin is already installed"
fi
done
#precise_box_vb_url=https://cloud-images.ubuntu.com/vagrant/precise/current/precise-server-cloudimg-amd64-vagrant-disk1.box
#precise_box_vb_filename=$(basename ${precise_box_vb_url})
centos65_box_vb_url=https://developer.nrel.gov/downloads/vagrant-boxes/CentOS-6.5-x86_64-v20140504.box
centos65_box_vb_filename=$(basename ${centos65_box_vb_url})
#wget ${precise_box_vb_url}
vagrant box list |grep centos65
if [[ $? != 0 ]]; then
wget ${centos65_box_vb_url}
mv ${centos65_box_vb_filename} centos65.box
vagrant mutate centos65.box libvirt
else
echo "centos65 box already exists"
fi

60
ci/setup-env.sh Normal file
View File

@ -0,0 +1,60 @@
#rm -rf compass-install
#git clone http://git.openstack.org/stackforge/compass-install
#cd compass-install
function join { local IFS="$1"; shift; echo "$*"; }
source ${SCRIPT_DIR}/conf/two.conf
source ${SCRIPT_DIR}/func.sh
if [[ ! -z $VIRT_NUMBER ]]; then
mac_array=$(${SCRIPT_DIR}/mac_generator.sh $VIRT_NUMBER)
mac_list=$(join , $mac_array)
echo "pxe_boot_macs: [${mac_list}]" >> ${SCRIPT_DIR}/../install/group_vars/all
echo "test: true" >> ${SCRIPT_DIR}/../install/group_vars/all
fi
virsh list |grep compass_nodocker
if [[ $? != 0 ]]; then
sudo vagrant up compass_nodocker
else
sudo vagrant provision compass_nodocker
fi
if [[ $? != 0 ]]; then
echo "installation of compass failed"
sudo vagrant destroy compass_nodocker
exit 1
fi
echo "compass is up"
tear_down_machines
if [[ -n $mac_array ]]; then
echo "bringing up pxe boot vms"
i=0
for mac in $mac_array; do
echo "creating vm disk for instance pxe${i}"
sudo qemu-img create -f raw /home/pxe${i}.raw ${VIRT_DISK}
sudo virt-install --accelerate --hvm --connect qemu:///system \
--name pxe$i --ram=$VIRT_MEM --pxe --disk /home/pxe$i.raw,format=raw \
--vcpus=$VIRT_CPUS --graphics vnc,listen=0.0.0.0 \
--network=bridge:virbr2,mac=$mac \
--network=bridge:virbr2 \
--network=bridge:virbr2 \
--network=bridge:virbr2 \
--noautoconsole --autostart --os-type=linux --os-variant=rhel6
if [[ $? != 0 ]]; then
echo "launching pxe${i} failed"
exit 1
fi
echo "checking pxe${i} state"
state=$(virsh domstate pxe${i})
if [[ "$state" == "running" ]]; then
echo "pxe${i} is running"
sudo virsh destroy pxe${i}
fi
echo "add network boot option and make pxe${i} reboot if failing"
sudo sed -i "/<boot dev='hd'\/>/ a\ <boot dev='network'\/>" /etc/libvirt/qemu/pxe${i}.xml
sudo sed -i "/<boot dev='network'\/>/ a\ <bios useserial='yes' rebootTimeout='0'\/>" /etc/libvirt/qemu/pxe${i}.xml
sudo virsh define /etc/libvirt/qemu/pxe${i}.xml
sudo virsh start pxe${i}
let i=i+1
done
fi
machines=${mac_list}

127
ci/test.sh Normal file
View File

@ -0,0 +1,127 @@
sudo apt-get update -y
sudo apt-get install git python-pip python-dev -y
vagrant_pkg_url=https://dl.bintray.com/mitchellh/vagrant/vagrant_1.7.2_x86_64.deb
wget ${vagrant_pkg_url}
sudo dpkg -i $(basename ${vagrant_pkg_url})
sudo apt-get install libxslt-dev libxml2-dev libvirt-dev build-essential qemu-utils qemu-kvm libvirt-bin virtinst -y
sudo service libvirt-bin restart
vagrant plugin install vagrant-libvirt
vagrant plugin install vagrant-mutate
precise_box_vb_url=https://cloud-images.ubuntu.com/vagrant/precise/current/precise-server-cloudimg-amd64-vagrant-disk1.box
precise_box_vb_filename=$(basename ${precise_box_vb_url})
centos65_box_vb_url=https://developer.nrel.gov/downloads/vagrant-boxes/CentOS-6.5-x86_64-v20140504.box
centos65_box_vb_filename=$(basename ${centos65_box_vb_url})
wget ${precise_box_vb_url}
wget ${centos65_box_vb_url}
mv ${precise_box_vb_filename} precise64.box
mv ${centos65_box_vb_filename} centos65.box
vagrant mutate precise64.box libvirt
vagrant mutate centos65.box libvirt
sudo pip install ansible
git clone http://git.openstack.org/stackforge/compass-install
cd compass-install
function join { local IFS="$1"; shift; echo "$*"; }
if [[ ! -z $VIRT_NUMBER ]]; then
mac_array=$(ci/mac_generator.sh $VIRT_NUMBER)
mac_list=$(join , $mac_array)
echo "pxe_boot_macs: [${mac_list}]" >> install/group_vars/all
echo "test: true" >> install/group_vars/all
fi
sudo vagrant up compass_vm
if [[ $? != 0 ]]; then
sudo vagrant provision compass_vm
if [[ $? != 0 ]]; then
echo "provisioning of compass failed"
exit 1
fi
fi
echo "compass is up"
if [[ -n $mac_array ]]
echo "bringing up pxe boot vms"
i=0
for mac in "$mac_array"; do
virsh list |grep pxe${i}
if [[ $? == 0 ]]; then
virsh destroy pxe${i}
virsh undefine pxe${i}
fi
virsh list --all |grep pxe${i}
if [[ $? == 0 ]]; then
virsh undefine pxe${i}
fi
echo "creating vm disk for instance pxe${i}"
sudo qemu-img create -f raw /home/pxe${i}.raw ${VIRT_DISK}
sudo virt-install --accelerate --hvm --connect qemu:///system \
--name pxe$i --ram=$VIRT_MEM --pxe --disk /home/pxe$i.raw,format=raw \
--vcpus=$VIRT_CPUS --graphics vnc,listen=0.0.0.0 \
--network=bridge:virbr2,mac=$mac \
--network=bridge:virbr2
--network=bridge:virbr2
--network=bridge:virbr2
--noautoconsole --autostart --os-type=linux --os-variant=rhel6
if [[ $? != 0 ]]; then
echo "launching pxe${i} failed"
exit 1
fi
echo "checking pxe${i} state"
state=$(virsh domstate pxe${i})
if [[ "$state" == "running" ]]; then
echo "pxe${i} is running"
sudo virsh destroy pxe${i}
fi
echo "add network boot option and make pxe${i} reboot if failing"
sudo sed -i "/<boot dev='hd'\/>/ a\ <boot dev='network'\/>" /etc/libvirt/qemu/pxe${i}.xml
sudo sed -i "/<boot dev='network'\/>/ a\ <bios useserial='yes' rebootTimeout='0'\/>" /etc/libvirt/qemu/pxe${i}.xml
sudo virsh define /etc/libvirt/qemu/pxe${i}.xml
sudo virsh start pxe${i}
let i=i+1
done
fi
rm -rf compass-core
git clone http://git.openstack.org/stackforge/compass-core -b dev/experimental
cd compass-core
virtualenv venv
source venv/bin/activate
pip install -e .
if [[ ! -f /var/log/compass ]]; then
sudo mkdir /var/log/compass
sudo chown -R 777 /var/log/compass
fi
if [[ ! -f /etc/compass ]]; then
sudo mkdir /etc/compass
sudo cp -rf conf/setting /etc/compass/.
fi
cp bin/switch_virtualenv.py.template bin/switch_virtualenv.py
sed -i "s|\$PythonHome|$VIRTUAL_ENV|g" /opt/compass/bin/switch_virtualenv.py
source ../compass-install/ci/allinone.conf
bin/client.py --logfile= --loglevel=debug --logdir= --compass_server="${COMPASS_SERVER_URL}" \
--compass_user_email="${COMPASS_USER_EMAIL}" --compass_user_password="${COMPASS_USER_PASSWORD}" \
--cluster_name="${CLUSTER_NAME}" --language="${LANGUAGE}" --timezone="${TIMEZONE}" \
--hostnames="${HOSTNAMES}" --partitions="${PARTITIONS}" --subnets="${SUBNETS}" \
--adapter_os_pattern="${ADAPTER_OS_PATTERN}" --adapter_name="${ADAPTER_NAME}" \
--adapter_target_system_pattern="${ADAPTER_TARGET_SYSTEM_PATTERN}" \
--adapter_flavor_pattern="${ADAPTER_FLAVOR_PATTERN}" \
--http_proxy="${PROXY}" --https_proxy="${PROXY}" --no_proxy="${IGNORE_PROXY}" \
--ntp_server="${NTP_SERVER}" --dns_servers="${NAMESERVERS}" --domain="${DOMAIN}" \
--search_path="${SEARCH_PATH}" --default_gateway="${GATEWAY}" \
--server_credential="${SERVER_CREDENTIAL}" --local_repo_url="${LOCAL_REPO_URL}" \
--os_config_json_file="${OS_CONFIG_FILENAME}" --service_credentials="${SERVICE_CREDENTIALS}" \
--console_credentials="${CONSOLE_CREDENTIALS}" --host_networks="${HOST_NETWORKS}" \
--network_mapping="${NETWORK_MAPPING}" --package_config_json_file="${PACKAGE_CONFIG_FILENAME}" \
--host_roles="${HOST_ROLES}" --default_roles="${DEFAULT_ROLES}" --switch_ips="${SWITCH_IPS}" \
--machines="${machines}" --switch_credential="${SWITCH_CREDENTIAL}" \
--deployment_timeout="${DEPLOYMENT_TIMEOUT}" --${POLL_SWITCHES_FLAG} --dashboard_url="${DASHBOARD_URL}"
#sudo vagrant up regtest_vm
#if [[ $? != 0 ]]; then
# sudo vagrant provision regtest_vm
# if [[ $? != 0 ]]; then
# echo "deployment of cluster failed"
# exit 1
# fi
#fi
#echo "deployment of cluster complete"

150
docker/build/cobbler/Dockerfile Normal file
View File

@ -0,0 +1,150 @@
FROM centos:centos6
ADD conf/setup.conf /tmp/setup.conf
ADD conf/cobbler_web.conf /etc/httpd/conf.d/cobbler_web.conf
ADD conf/ssl.conf /etc/httpd/conf.d/ssl.conf
ADD conf/tftpd.template /etc/cobbler/tftpd.template
ADD conf/modules.conf /etc/cobbler/modules.conf
ADD conf/distributions /tmp/distributions
ADD conf/dhcp.template /etc/cobbler/dhcp.template
RUN chmod +x /tmp/setup.conf
# add epel repo and atomic(for installing reprepro: a command tool to build debian repos) repo
RUN source /tmp/setup.conf && \
rpm -Uvh $EPEL7 && \
sed -i 's/^mirrorlist=https/mirrorlist=http/g' /etc/yum.repos.d/epel.repo && \
rpm -Uvh $ATOMIC && \
sed -i 's/^mirrorlist=https/mirrorlist=http/g' /etc/yum.repos.d/atomic.repo
RUN yum clean all && \
yum update -y --skip-broken && \
yum install -y syslinux bind rsync dhcp xinetd tftp-server gcc httpd cobbler cobbler-web createrepo mkisofs python-cheetah python-simplejson python-urlgrabber PyYAML PyYAML Django cman pykickstart reprepro git wget debmirror cman openssl openssl098e
# configure cobbler web and ssl
RUN mkdir -p /root/backup/cobbler && \
cp -rn /etc/httpd/conf.d /root/backup/cobbler && \
chmod 644 /etc/httpd/conf.d/cobbler_web.conf && \
chmod 644 /etc/httpd/conf.d/ssl.conf
# update tftpd template
RUN chmod 644 /etc/cobbler/tftpd.template
# update modules conf
RUN chmod 644 /etc/cobbler/modules.conf
# setup cobbler default web username password: cobbler/cobbler
RUN (echo -n "cobbler:Cobbler:" && echo -n "cobbler:Cobbler:cobbler" | md5sum - | cut -d' ' -f1) > /etc/cobbler/users.digest
# get adapters code
WORKDIR /root/
RUN git clone -b dev/experimental https://git.openstack.org/stackforge/compass-adapters.git && \
cp -rn /var/lib/cobbler/snippets /root/backup/cobbler/ && \
cp -rn /var/lib/cobbler/scripts /root/backup/cobbler && \
cp -rn /var/lib/cobbler/kickstarts/ /root/backup/cobbler/ && \
cp -rn /var/lib/cobbler/triggers /root/backup/cobbler/ && \
rm -rf /var/lib/cobbler/snippets/* && \
cp -rf compass-adapters/cobbler/snippets/* /var/lib/cobbler/snippets/ && \
cp -rf compass-adapters/cobbler/scripts/* /var/lib/cobbler/scripts/ && \
cp -rf compass-adapters/cobbler/triggers/* /var/lib/cobbler/triggers/ && \
chmod 777 /var/lib/cobbler/snippets && \
chmod 777 /var/lib/cobbler/scripts && \
chmod -R 666 /var/lib/cobbler/snippets/* && \
chmod -R 666 /var/lib/cobbler/scripts/* && \
chmod -R 755 /var/lib/cobbler/triggers && \
rm -f /var/lib/cobbler/kickstarts/default.ks && \
rm -f /var/lib/cobbler/kickstarts/default.seed && \
cp -rf compass-adapters/cobbler/kickstarts/default.ks /var/lib/cobbler/kickstarts/ && \
cp -rf compass-adapters//cobbler/kickstarts/default.seed /var/lib/cobbler/kickstarts/ && \
chmod 666 /var/lib/cobbler/kickstarts/default.ks && \
chmod 666 /var/lib/cobbler/kickstarts/default.seed && \
mkdir -p /var/www/cblr_ks && \
chmod 755 /var/www/cblr_ks && \
cp -rf compass-adapters/cobbler/conf/cobbler.conf /etc/httpd/conf.d/ && \
chmod 644 /etc/httpd/conf.d/cobbler.conf && \
export passwd=$(openssl passwd -1 -salt 'huawei' '123456') && \
sed -i "s,^default_password_crypted:[ \t]\+\"\(.*\)\",default_password_crypted: \"$cobbler_passwd\",g" /etc/cobbler/settings && \
chmod 644 /etc/cobbler/settings
# disable selinux
RUN echo 0 > /selinux/enforce
# create log dirs
RUN mkdir -p /var/log/cobbler && \
mkdir -p /var/log/cobbler/tasks && \
mkdir -p /var/log/cobbler/anamon && \
chmod -R 777 /var/log/cobbler
# create centos ppa repo dir
RUN rm -rf /var/lib/cobbler/repo_mirror/centos_ppa_repo && \
mkdir -p /var/lib/cobbler/repo_mirror/centos_ppa_repo
# download centos repo pkgs
WORKDIR /var/lib/cobbler/repo_mirror/centos_ppa_repo
ADD conf/setup.conf /tmp/setup.conf
RUN source /tmp/setup.conf && \
wget $NTP && \
wget $SSH_CLIENTS && \
wget $OPENSSH && \
wget $IPROUTE && \
wget $WGET && \
wget $NTPDATE && \
wget $YUM_PRIORITIES && \
wget $JSONC && \
wget $LIBESTR && \
wget $LIBGT && \
wget $LIBLOGGING && \
wget $RSYSLOG && \
wget $CHEF_CLIENT_CENTOS
# creating ubuntu repo
RUN rm -rf /var/lib/cobbler/repo_mirror/ubuntu_ppa_repo && \
mkdir -p /var/lib/cobbler/repo_mirror/ubuntu_ppa_repo/conf && \
mv /tmp/distributions /var/lib/cobbler/repo_mirror/ubuntu_ppa_repo/conf/distributions && \
chmod 644 /var/lib/cobbler/repo_mirror/ubuntu_ppa_repo/conf/distributions && \
wget -O /var/lib/cobbler/repo_mirror/ubuntu_ppa_repo/chef_11.8.0-1.ubuntu.12.04_amd64.deb http://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef_11.8.0-1.ubuntu.12.04_amd64.deb
ADD conf/1404_distributions /tmp/1404_distributions
RUN rm -rf /var/lib/cobbler/repo_mirror/ubuntu_14_04_ppa_repo && \
mkdir -p /var/lib/cobbler/repo_mirror/ubuntu_14_04_ppa_repo/conf && \
mv /tmp/1404_distributions /var/lib/cobbler/repo_mirror/ubuntu_14_04_ppa_repo/conf/distributions && \
chmod 644 /var/lib/cobbler/repo_mirror/ubuntu_14_04_ppa_repo/conf/distributions && \
wget -O /var/lib/cobbler/repo_mirror/ubuntu_14_04_ppa_repo/chef_12.1.1-1_amd64.deb https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/13.04/x86_64/chef_12.1.1-1_amd64.deb
# create repos
WORKDIR /var/lib/cobbler/repo_mirror
RUN createrepo centos_ppa_repo && \
find ubuntu_ppa_repo -name \*.deb -exec reprepro -Vb ubuntu_ppa_repo includedeb ppa {} \; && \
find ubuntu_14_04_ppa_repo -name \*.deb -exec reprepro -Vb ubuntu_14_04_ppa_repo includedeb ppa {} \;
# add repos to cobbler repo and get loaders
RUN /usr/sbin/apachectl -k start && \
/usr/bin/cobblerd start \& && \
cobbler repo add --mirror=/var/lib/cobbler/repo_mirror/centos_ppa_repo --name=centos_ppa_repo --mirror-locally=Y --arch=x86_64 && \
cobbler repo add --mirror=/var/lib/cobbler/repo_mirror/ubuntu_ppa_repo --name=ubuntu_ppa_repo --mirror-locally=Y --arch=x86_64 && \
cobbler repo add --mirror=/var/lib/cobbler/repo_mirror/ubuntu_14_04_ppa_repo --name=ubuntu_14_04_ppa_repo --mirror-locally=Y --arch=x86_64 && \
cobbler reposync && \
cobbler get-loaders
ADD conf/cobbler.settings /etc/cobbler/settings
RUN sed -i 's/disable\([ \t]\+\)=\([ \t]\+\)yes/disable\1=\2no/g' /etc/xinetd.d/rsync && \
sed -i 's/^@dists=/# @dists=/g' /etc/debmirror.conf && \
sed -i 's/^@arches=/# @arches=/g' /etc/debmirror.conf
# create mount points
RUN mkdir -p /var/lib/cobbler/mount_point
VOLUME ["/var/lib/cobbler/mount_point"]
ADD scripts/start /root/start
RUN chmod +x /root/start
CMD ["/root/start"]
EXPOSE 80
EXPOSE 69 69/udp
EXPOSE 53 53/udp
EXPOSE 25151
EXPOSE 443
EXPOSE 873

8
docker/build/cobbler/conf/1404_distributions Normal file
View File

@ -0,0 +1,8 @@
Origin: ppa
Label: ppa_repo
Suite: stable
Codename: ppa
Version: 0.1
Architectures: i386 amd64 source
Components: main
Description: ppa repo

450
docker/build/cobbler/conf/cobbler.settings Normal file
View File

@ -0,0 +1,450 @@
---
# cobbler settings file
# restart cobblerd and run "cobbler sync" after making changes
# This config file is in YAML 1.0 format
# see http://yaml.org
# ==========================================================
# if 1, cobbler will allow insertions of system records that duplicate
# the --dns-name information of other system records. In general,
# this is undesirable and should be left 0.
allow_duplicate_hostnames: 0
# if 1, cobbler will allow insertions of system records that duplicate
# the ip address information of other system records. In general,
# this is undesirable and should be left 0.
allow_duplicate_ips: 0
# if 1, cobbler will allow insertions of system records that duplicate
# the mac address information of other system records. In general,
# this is undesirable.
allow_duplicate_macs: 0
# if 1, cobbler will allow settings to be changed dynamically without
# a restart of the cobblerd daemon. You can only change this variable
# by manually editing the settings file, and you MUST restart cobblerd
# after changing it.
allow_dynamic_settings: 0
# by default, installs are *not* set to send installation logs to the cobbler
# # # server. With 'anamon_enabled', kickstart templates may use the pre_anamon
# # # snippet to allow remote live monitoring of their installations from the
# # # cobbler server. Installation logs will be stored under
# # # /var/log/cobbler/anamon/. NOTE: This does allow an xmlrpc call to send logs
# # # to this directory, without authentication, so enable only if you are
# # # ok with this limitation.
anamon_enabled: 1
# If using authn_pam in the modules.conf, this can be configured
# to change the PAM service authentication will be tested against.
# The default value is "login".
authn_pam_service: "login"
# Email out a report when cobbler finishes installing a system.
# enabled: set to 1 to turn this feature on
# sender: optional
# email: which addresses to email
# smtp_server: used to specify another server for an MTA
# subject: use the default subject unless overridden
build_reporting_enabled: 0
build_reporting_sender: ""
build_reporting_email: [ 'root@localhost' ]
build_reporting_smtp_server: "localhost"
build_reporting_subject: ""
# Cheetah-language kickstart templates can import Python modules.
# while this is a useful feature, it is not safe to allow them to
# import anything they want. This whitelists which modules can be
# imported through Cheetah. Users can expand this as needed but
# should never allow modules such as subprocess or those that
# allow access to the filesystem as Cheetah templates are evaluated
# by cobblerd as code.
cheetah_import_whitelist:
- "random"
- "re"
- "time"
# Default createrepo_flags to use for new repositories. If you have
# createrepo >= 0.4.10, consider "-c cache --update -C", which can
# dramatically improve your "cobbler reposync" time. "-s sha"
# enables working with Fedora repos from F11/F12 from EL-4 or
# EL-5 without python-hashlib installed (which is not available
# on EL-4)
createrepo_flags: "-c cache -s sha"
# if no kickstart is specified to profile add, use this template
default_kickstart: /var/lib/cobbler/kickstarts/default.ks
# configure all installed systems to use these nameservers by default
# unless defined differently in the profile. For DHCP configurations
# you probably do /not/ want to supply this.
default_name_servers: ['10.145.89.100']
# if using the authz_ownership module (see the Wiki), objects
# created without specifying an owner are assigned to this
# owner and/or group. Can be a comma seperated list.
default_ownership:
- "admin"
# cobbler has various sample kickstart templates stored
# in /var/lib/cobbler/kickstarts/. This controls
# what install (root) password is set up for those
# systems that reference this variable. The factory
# default is "cobbler" and cobbler check will warn if
# this is not changed.
# The simplest way to change the password is to run
# openssl passwd -1
# and put the output between the "" below.
default_password_crypted: "$1$huawei$9OkoVJwO4W8vavlXd1bUS/"
# the default template type to use in the absence of any
# other detected template. If you do not specify the template
# with '#template=<template_type>' on the first line of your
# templates/snippets, cobbler will assume try to use the
# following template engine to parse the templates.
#
# Current valid values are: cheetah, jinja2
default_template_type: "cheetah"
# for libvirt based installs in koan, if no virt bridge
# is specified, which bridge do we try? For EL 4/5 hosts
# this should be xenbr0, for all versions of Fedora, try
# "virbr0". This can be overriden on a per-profile
# basis or at the koan command line though this saves
# typing to just set it here to the most common option.
default_virt_bridge: xenbr0
# use this as the default disk size for virt guests (GB)
default_virt_file_size: 5
# use this as the default memory size for virt guests (MB)
default_virt_ram: 512
# if koan is invoked without --virt-type and no virt-type
# is set on the profile/system, what virtualization type
# should be assumed? Values: xenpv, xenfv, qemu, vmware
# (NOTE: this does not change what virt_type is chosen by import)
default_virt_type: xenpv
# enable gPXE booting? Enabling this option will cause cobbler
# to copy the undionly.kpxe file to the tftp root directory,
# and if a profile/system is configured to boot via gpxe it will
# chain load off pxelinux.0.
# Default: 0
enable_gpxe: 0
# controls whether cobbler will add each new profile entry to the default
# PXE boot menu. This can be over-ridden on a per-profile
# basis when adding/editing profiles with --enable-menu=0/1. Users
# should ordinarily leave this setting enabled unless they are concerned
# with accidental reinstalls from users who select an entry at the PXE
# boot menu. Adding a password to the boot menus templates
# may also be a good solution to prevent unwanted reinstallations
enable_menu: 0
# enable Func-integration? This makes sure each installed machine is set up
# to use func out of the box, which is a powerful way to script and control
# remote machines.
# Func lives at http://fedorahosted.org/func
# read more at https://github.com/cobbler/cobbler/wiki/Func-integration
# you will need to mirror Fedora/EPEL packages for this feature, so see
# https://github.com/cobbler/cobbler/wiki/Manage-yum-repos if you want cobbler
# to help you with this
func_auto_setup: 0
func_master: overlord.example.org
# change this port if Apache is not running plaintext on port
# 80. Most people can leave this alone.
http_port: 80
# kernel options that should be present in every cobbler installation.
# kernel options can also be applied at the distro/profile/system
# level.
kernel_options:
ksdevice: bootif
lang: ' '
text: ~
# s390 systems require additional kernel options in addition to the
# above defaults
kernel_options_s390x:
RUNKS: 1
ramdisk_size: 40000
root: /dev/ram0
ro: ~
ip: off
vnc: ~
# configuration options if using the authn_ldap module. See the
# the Wiki for details. This can be ignored if you are not using
# LDAP for WebUI/XMLRPC authentication.
ldap_server: "ldap.example.com"
ldap_base_dn: "DC=example,DC=com"
ldap_port: 389
ldap_tls: 1
ldap_anonymous_bind: 1
ldap_search_bind_dn: ''
ldap_search_passwd: ''
ldap_search_prefix: 'uid='
ldap_tls_cacertfile: ''
ldap_tls_keyfile: ''
ldap_tls_certfile: ''
# cobbler has a feature that allows for integration with config management
# systems such as Puppet. The following parameters work in conjunction with
# --mgmt-classes and are described in furhter detail at:
# https://github.com/cobbler/cobbler/wiki/Using-cobbler-with-a-configuration-management-system
mgmt_classes: []
mgmt_parameters:
from_cobbler: 1
# if enabled, this setting ensures that puppet is installed during
# machine provision, a client certificate is generated and a
# certificate signing request is made with the puppet master server
puppet_auto_setup: 0
# when puppet starts on a system after installation it needs to have
# its certificate signed by the puppet master server. Enabling the
# following feature will ensure that the puppet server signs the
# certificate after installation if the puppet master server is
# running on the same machine as cobbler. This requires
# puppet_auto_setup above to be enabled
sign_puppet_certs_automatically: 0
# location of the puppet executable, used for revoking certificates
puppetca_path: "/usr/bin/puppet"
# when a puppet managed machine is reinstalled it is necessary to
# remove the puppet certificate from the puppet master server before a
# new certificate is signed (see above). Enabling the following
# feature will ensure that the certificate for the machine to be
# installed is removed from the puppet master server if the puppet
# master server is running on the same machine as cobbler. This
# requires puppet_auto_setup above to be enabled
remove_old_puppet_certs_automatically: 0
# choose a --server argument when running puppetd/puppet agent during kickstart
#puppet_server: 'puppet'
# let cobbler know that you're using a newer version of puppet
# choose version 3 to use: 'puppet agent'; version 2 uses status quo: 'puppetd'
#puppet_version: 2
# choose whether to enable puppet parameterized classes or not.
# puppet versions prior to 2.6.5 do not support parameters
#puppet_parameterized_classes: 1
# set to 1 to enable Cobbler's DHCP management features.
# the choice of DHCP management engine is in /etc/cobbler/modules.conf
manage_dhcp: 1
# set to 1 to enable Cobbler's DNS management features.
# the choice of DNS mangement engine is in /etc/cobbler/modules.conf
manage_dns: 1
# set to path of bind chroot to create bind-chroot compatible bind
# configuration files. This should be automatically detected.
bind_chroot_path: ""
# set to the ip address of the master bind DNS server for creating secondary
# bind configuration files
bind_master: 127.0.0.1
# set to 1 to enable Cobbler's TFTP management features.
# the choice of TFTP mangement engine is in /etc/cobbler/modules.conf
manage_tftpd: 1
# set to 1 to enable Cobbler's RSYNC management features.
manage_rsync: 0
# if using BIND (named) for DNS management in /etc/cobbler/modules.conf
# and manage_dns is enabled (above), this lists which zones are managed
# See the Wiki (https://github.com/cobbler/cobbler/wiki/Dns-management) for more info
manage_forward_zones: ['ods.com']
manage_reverse_zones: ['10','172.16']
# if using cobbler with manage_dhcp, put the IP address
# of the cobbler server here so that PXE booting guests can find it
# if you do not set this correctly, this will be manifested in TFTP open timeouts.
next_server: 192.168.100.1
# settings for power management features. optional.
# see https://github.com/cobbler/cobbler/wiki/Power-management to learn more
# choices (refer to codes.py):
# apc_snmp bladecenter bullpap drac ether_wake ilo integrity
# ipmilan ipmitool lpar rsa virsh wti
power_management_default_type: 'ipmitool'
# the commands used by the power management module are sourced
# from what directory?
power_template_dir: "/etc/cobbler/power"
# if this setting is set to 1, cobbler systems that pxe boot
# will request at the end of their installation to toggle the
# --netboot-enabled record in the cobbler system record. This eliminates
# the potential for a PXE boot loop if the system is set to PXE
# first in it's BIOS order. Enable this if PXE is first in your BIOS
# boot order, otherwise leave this disabled. See the manpage
# for --netboot-enabled.
pxe_just_once: 1
# the templates used for PXE config generation are sourced
# from what directory?
pxe_template_dir: "/etc/cobbler/pxe"
# Path to where system consoles are
consoles: "/var/consoles"
# Are you using a Red Hat management platform in addition to Cobbler?
# Cobbler can help you register to it. Choose one of the following:
# "off" : I'm not using Red Hat Network, Satellite, or Spacewalk
# "hosted" : I'm using Red Hat Network
# "site" : I'm using Red Hat Satellite Server or Spacewalk
# You will also want to read: https://github.com/cobbler/cobbler/wiki/Tips-for-RHN
redhat_management_type: "off"
# if redhat_management_type is enabled, choose your server
# "management.example.org" : For Satellite or Spacewalk
# "xmlrpc.rhn.redhat.com" : For Red Hat Network
# This setting is also used by the code that supports using Spacewalk/Satellite users/passwords
# within Cobbler Web and Cobbler XMLRPC. Using RHN Hosted for this is not supported.
# This feature can be used even if redhat_management_type is off, you just have
# to have authn_spacewalk selected in modules.conf
redhat_management_server: "xmlrpc.rhn.redhat.com"
# specify the default Red Hat authorization key to use to register
# system. If left blank, no registration will be attempted. Similarly
# you can set the --redhat-management-key to blank on any system to
# keep it from trying to register.
redhat_management_key: ""
# if using authn_spacewalk in modules.conf to let cobbler authenticate
# against Satellite/Spacewalk's auth system, by default it will not allow per user
# access into Cobbler Web and Cobbler XMLRPC.
# in order to permit this, the following setting must be enabled HOWEVER
# doing so will permit all Spacewalk/Satellite users of certain types to edit all
# of cobbler's configuration.
# these roles are: config_admin and org_admin
# users should turn this on only if they want this behavior and
# do not have a cross-multi-org seperation concern. If you have
# a single org in your satellite, it's probably safe to turn this
# on and then you can use CobblerWeb alongside a Satellite install.
redhat_management_permissive: 0
# if set to 1, allows /usr/bin/cobbler-register (part of the koan package)
# to be used to remotely add new cobbler system records to cobbler.
# this effectively allows for registration of new hardware from system
# records.
register_new_installs: 0
# Flags to use for yum's reposync. If your version of yum reposync
# does not support -l, you may need to remove that option.
reposync_flags: "-l -n -d"
# These options will be used for an rsync initiated by cobbler replicate
replicate_rsync_options: "-avzH"
# when DHCP and DNS management are enabled, cobbler sync can automatically
# restart those services to apply changes. The exception for this is
# if using ISC for DHCP, then omapi eliminates the need for a restart.
# omapi, however, is experimental and not recommended for most configurations.
# If DHCP and DNS are going to be managed, but hosted on a box that
# is not on this server, disable restarts here and write some other
# script to ensure that the config files get copied/rsynced to the destination
# box. This can be done by modifying the restart services trigger.
# Note that if manage_dhcp and manage_dns are disabled, the respective
# parameter will have no effect. Most users should not need to change
# this.
restart_dns: 1
restart_dhcp: 1
# install triggers are scripts in /var/lib/cobbler/triggers/install
# that are triggered in kickstart pre and post sections. Any
# executable script in those directories is run. They can be used
# to send email or perform other actions. They are currently
# run as root so if you do not need this functionality you can
# disable it, though this will also disable "cobbler status" which
# uses a logging trigger to audit install progress.
run_install_triggers: 1
# enables a trigger which version controls all changes to /var/lib/cobbler
# when add, edit, or sync events are performed. This can be used
# to revert to previous database versions, generate RSS feeds, or for
# other auditing or backup purposes. "git" and "hg" are currently suported,
# but git is the recommend SCM for use with this feature.
scm_track_enabled: 0
scm_track_mode: "git"
# this is the address of the cobbler server -- as it is used
# by systems during the install process, it must be the address
# or hostname of the system as those systems can see the server.
# if you have a server that appears differently to different subnets
# (dual homed, etc), you need to read the --server-override section
# of the manpage for how that works.
server: 192.168.100.1
# If set to 1, all commands will be forced to use the localhost address
# instead of using the above value which can force commands like
# cobbler sync to open a connection to a remote address if one is in the
# configuration and would traceback.
client_use_localhost: 0
# If set to 1, all commands to the API (not directly to the XMLRPC
# server) will go over HTTPS instead of plaintext. Be sure to change
# the http_port setting to the correct value for the web server
client_use_https: 0
# this is a directory of files that cobbler uses to make
# templating easier. See the Wiki for more information. Changing
# this directory should not be required.
snippetsdir: /var/lib/cobbler/snippets
# Normally if a kickstart is specified at a remote location, this
# URL will be passed directly to the kickstarting system, thus bypassing
# the usual snippet templating Cobbler does for local kickstart files. If
# this option is enabled, Cobbler will fetch the file contents internally
# and serve a templated version of the file to the client.
template_remote_kickstarts: 0
# should new profiles for virtual machines default to auto booting with the physical host when the physical host reboots?
# this can be overridden on each profile or system object.
virt_auto_boot: 1
# cobbler's web directory. Don't change this setting -- see the
# Wiki on "relocating your cobbler install" if your /var partition
# is not large enough.
webdir: /var/www/cobbler
# cobbler's public XMLRPC listens on this port. Change this only
# if absolutely needed, as you'll have to start supplying a new
# port option to koan if it is not the default.
xmlrpc_port: 25151
# "cobbler repo add" commands set cobbler up with repository
# information that can be used during kickstart and is automatically
# set up in the cobbler kickstart templates. By default, these
# are only available at install time. To make these repositories
# usable on installed systems (since cobbler makes a very convient)
# mirror, set this to 1. Most users can safely set this to 1. Users
# who have a dual homed cobbler server, or are installing laptops that
# will not always have access to the cobbler server may wish to leave
# this as 0. In that case, the cobbler mirrored yum repos are still
# accessable at http://cobbler.example.org/cblr/repo_mirror and yum
# configuration can still be done manually. This is just a shortcut.
yum_post_install_mirror: 1
# the default yum priority for all the distros. This is only used
# if yum-priorities plugin is used. 1=maximum. Tweak with caution.
yum_distro_priority: 1
# Flags to use for yumdownloader. Not all versions may support
# --resolve.
yumdownloader_flags: "--resolve"
# sort and indent JSON output to make it more human-readable
serializer_pretty_json: 0
# replication rsync options for distros, kickstarts, snippets set to override default value of "-avzH"
replicate_rsync_options: "-avzH"
# replication rsync options for repos set to override default value of "-avzH"
replicate_repo_rsync_options: "-avzH"

10
docker/build/cobbler/conf/cobbler_web.conf Normal file
View File

@ -0,0 +1,10 @@
# This configuration file enables the cobbler web
# interface (django version)
# Force everything to go to https
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/cobbler_web
# RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
WSGIScriptAlias /cobbler_web /usr/share/cobbler/web/cobbler.wsgi

98
docker/build/cobbler/conf/dhcp.template Normal file
View File

@ -0,0 +1,98 @@
# ******************************************************************
# Cobbler managed dhcpd.conf file
#
# generated from cobbler dhcp.conf template ($date)
# Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes
# in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be
# overwritten.
#
# ******************************************************************
ddns-update-style interim;
allow booting;
allow bootp;
deny unknown-clients;
local-address 192.168.100.100;
log-facility local6;
ignore client-updates;
set vendorclass = option vendor-class-identifier;
option pxe-system-type code 93 = unsigned integer 16;
option space pxelinux;
option pxelinux.magic code 208 = string;
option pxelinux.configfile code 209 = text;
option pxelinux.pathprefix code 210 = text;
option pxelinux.reboottime code 211 = unsigned integer 32;
subnet 192.168.100.0 netmask 255.255.254.0 {
option routers 192.168.100.1;
option domain-name-servers 192.168.100.1;
option subnet-mask 255.255.254.0;
range dynamic-bootp 192.168.100.10 192.168.101.250;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
}
#for dhcp_tag in $dhcp_tags.keys():
## group could be subnet if your dhcp tags line up with your subnets
## or really any valid dhcpd.conf construct ... if you only use the
## default dhcp tag in cobbler, the group block can be deleted for a
## flat configuration
# group for Cobbler DHCP tag: $dhcp_tag
group {
#for mac in $dhcp_tags[$dhcp_tag].keys():
#set iface = $dhcp_tags[$dhcp_tag][$mac]
host $iface.name {
hardware ethernet $mac;
site-option-space "pxelinux";
option pxelinux.magic f1:00:74:7e;
if exists dhcp-parameter-request-list {
# Always send the PXELINUX options (specified in hexadecimal)
option dhcp-parameter-request-list = concat(option dhcp-parameter-request-list,d0,d1,d2,d3);
}
option pxelinux.reboottime 30;
#if $iface.hostname:
option host-name "$iface.hostname";
#end if
#if $iface.netmask:
option subnet-mask $iface.netmask;
#end if
#if $iface.gateway:
option routers $iface.gateway;
#end if
#if $iface.enable_gpxe:
if exists user-class and option user-class = "gPXE" {
filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
} else if exists user-class and option user-class = "iPXE" {
filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
} else {
filename "undionly.kpxe";
}
#else
filename "$iface.filename";
#end if
## Cobbler defaults to $next_server, but some users
## may like to use $iface.system.server for proxied setups
next-server $next_server;
## next-server $iface.next_server;
}
#end for
}
#end for

8
docker/build/cobbler/conf/distributions Normal file
View File

@ -0,0 +1,8 @@
Origin: ppa
Label: ppa_repo
Suite: stable
Codename: ppa
Version: 0.1
Architectures: i386 amd64 source
Components: main
Description: ppa repo

84
docker/build/cobbler/conf/modules.conf Normal file
View File

@ -0,0 +1,84 @@
# cobbler module configuration file
# =================================
# authentication:
# what users can log into the WebUI and Read-Write XMLRPC?
# choices:
# authn_denyall -- no one (default)
# authn_configfile -- use /etc/cobbler/users.digest (for basic setups)
# authn_passthru -- ask Apache to handle it (used for kerberos)
# authn_ldap -- authenticate against LDAP
# authn_spacewalk -- ask Spacewalk/Satellite (experimental)
# authn_pam -- use PAM facilities
# authn_testing -- username/password is always testing/testing (debug)
# (user supplied) -- you may write your own module
# WARNING: this is a security setting, do not choose an option blindly.
# for more information:
# https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface
# https://github.com/cobbler/cobbler/wiki/Security-overview
# https://github.com/cobbler/cobbler/wiki/Kerberos
# https://github.com/cobbler/cobbler/wiki/Ldap
[authentication]
module = authn_configfile
# authorization:
# once a user has been cleared by the WebUI/XMLRPC, what can they do?
# choices:
# authz_allowall -- full access for all authneticated users (default)
# authz_ownership -- use users.conf, but add object ownership semantics
# (user supplied) -- you may write your own module
# WARNING: this is a security setting, do not choose an option blindly.
# If you want to further restrict cobbler with ACLs for various groups,
# pick authz_ownership. authz_allowall does not support ACLs. configfile
# does but does not support object ownership which is useful as an additional
# layer of control.
# for more information:
# https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface
# https://github.com/cobbler/cobbler/wiki/Security-overview
# https://github.com/cobbler/cobbler/wiki/Web-authorization
[authorization]
module = authz_allowall
# dns:
# chooses the DNS management engine if manage_dns is enabled
# in /etc/cobbler/settings, which is off by default.
# choices:
# manage_bind -- default, uses BIND/named
# manage_dnsmasq -- uses dnsmasq, also must select dnsmasq for dhcp below
# NOTE: more configuration is still required in /etc/cobbler
# for more information:
# https://github.com/cobbler/cobbler/wiki/Dns-management
[dns]
module = manage_bind
# dhcp:
# chooses the DHCP management engine if manage_dhcp is enabled
# in /etc/cobbler/settings, which is off by default.
# choices:
# manage_isc -- default, uses ISC dhcpd
# manage_dnsmasq -- uses dnsmasq, also must select dnsmasq for dns above
# NOTE: more configuration is still required in /etc/cobbler
# for more information:
# https://github.com/cobbler/cobbler/wiki/Dhcp-management
[dhcp]
module = manage_isc
# tftpd:
# chooses the TFTP management engine if manage_tftp is enabled
# in /etc/cobbler/settings, which is ON by default.
#
# choices:
# manage_in_tftpd -- default, uses the system's tftp server
# manage_tftpd_py -- uses cobbler's tftp server
#
[tftpd]
module = manage_in_tftpd
#--------------------------------------------------

25
docker/build/cobbler/conf/setup.conf Executable file
View File

@ -0,0 +1,25 @@
#centos6.5
NTP=http://mirror.centos.org/centos/6.6/os/x86_64/Packages/ntp-4.2.6p5-1.el6.centos.x86_64.rpm
SSH_CLIENTS=ftp://mirror.switch.ch/pool/4/mirror/scientificlinux/6.5/x86_64/os/Packages/openssh-clients-5.3p1-94.el6.x86_64.rpm
OPENSSH=ftp://mirror.switch.ch/pool/4/mirror/scientificlinux/6.3/x86_64/updates/security/openssh-5.3p1-94.el6.x86_64.rpm
IPROUTE=ftp://mirror.switch.ch/pool/4/mirror/scientificlinux/6.5/x86_64/os/Packages/iproute-2.6.32-31.el6.x86_64.rpm
WGET=ftp://mirror.switch.ch/pool/4/mirror/scientificlinux/6.5/x86_64/os/Packages/wget-1.12-1.8.el6.x86_64.rpm
NTPDATE=http://mirror.centos.org/centos/6.6/os/x86_64/Packages/ntpdate-4.2.6p5-1.el6.centos.x86_64.rpm
YUM_PRIORITIES=ftp://mirror.switch.ch/pool/4/mirror/scientificlinux/6.3/i386/os/Packages/yum-plugin-priorities-1.1.30-14.el6.noarch.rpm
JSONC=http://rpms.adiscon.com/v7-stable/epel-6/x86_64/RPMS/json-c-0.9-4.el6.x86_64.rpm
LIBESTR=http://rpms.adiscon.com/v7-stable/epel-6/x86_64/RPMS/libestr-0.1.9-1.el6.x86_64.rpm
LIBGT=http://rpms.adiscon.com/v7-stable/epel-6/x86_64/RPMS/libgt-0.3.11-1.el6.x86_64.rpm
LIBLOGGING=http://rpms.adiscon.com/v7-stable/epel-6/x86_64/RPMS/liblogging-1.0.4-1.el6.x86_64.rpm
RSYSLOG=http://rpms.adiscon.com/v7-stable/epel-6/x86_64/RPMS/rsyslog-7.6.3-1.el6.src.rpm
CHEF_CLIENT_CENTOS=http://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-11.8.0-1.el6.x86_64.rpm
#ubuntu12.04
CHEF_CLIENT_UBUNTU=http://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef_11.8.0-1.ubuntu.12.04_amd64.deb
#iso
CENTOS_ISO=https://s3-us-west-1.amazonaws.com/compass-local-repo/centos/6.5/CentOS-6.5-x86_64.iso
UBUNTU_ISO=http://releases.ubuntu.com/12.04/ubuntu-12.04.4-server-amd64.iso
#repos
EPEL7=http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
ATOMIC=http://www6.atomicorp.com/channels/atomic/centos/7/x86_64/RPMS/atomic-release-1.0-19.el7.art.noarch.rpm

221
docker/build/cobbler/conf/ssl.conf Normal file
View File

@ -0,0 +1,221 @@
#
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about these
# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
LoadModule ssl_module modules/mod_ssl.so
#
# When we also provide SSL we have to listen to the
# the HTTPS port in addition.
#
Listen 443
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
# SSLMutex default
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
#
# Use "SSLCryptoDevice" to enable any supported hardware
# accelerators. Use "openssl engine -v" to list supported
# engine names. NOTE: If you enable an accelerator and the
# server does not start, consult the error logs and ensure
# your accelerator is functioning properly.
#
SSLCryptoDevice builtin
#SSLCryptoDevice ubsec
##
## SSL Virtual Host Context
##
<VirtualHost _default_:443>
# General setup for the virtual host, inherited from global configuration
#DocumentRoot "/var/www/html"
#ServerName www.example.com:443
# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
SSLProtocol all -SSLv2
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

21
docker/build/cobbler/conf/tftpd.template Normal file
View File

@ -0,0 +1,21 @@
# default: off
# description: The tftp server serves files using the trivial file transfer \
# protocol. The tftp protocol is often used to boot diskless \
# workstations, download configuration files to network-aware printers, \
# and to start the installation process for some operating systems.
service tftp
{
disable = no
log_type = SYSLOG local5 info
socket_type = dgram
protocol = udp
wait = yes
user = $user
server = $binary
server_args = -B 1380 -v -s $args
instances = 1000
per_source = 1000
cps = 1000 2
flags = IPv4
}

17
docker/build/cobbler/scripts/start Normal file
View File

@ -0,0 +1,17 @@
#!/bin/bash
service httpd start
service cobblerd start
# import distros
cobbler import --path=/var/lib/cobbler/mount_point/CentOS-6.5-x86_64 --name=CentOS-6.5-x86_64 --arch=x86_64 --kickstart=/var/lib/cobbler/kickstarts/default.ks --breed=redhat
cobbler import --path=/var/lib/cobbler/mount_point/Ubuntu-12.04-x86_64 --name=Ubuntu-12.04-x86_64 --arch=x86_64 --kickstart=/var/lib/cobbler/kickstarts/default.seed --breed=ubuntu
# add profiles
cobbler profile add --name=CentOS-6.5-x86_64 --repo=centos_ppa_repo --distro=CentOS-6.5-x86_64 --ksmeta="tree=http://10.145.89.200:8080/cobbler/ks_mirror/CentOS-6.5-x86_64 compass_server=10.145.89.200" --kickstart=/var/lib/cobbler/kickstarts/default.ks
cobbler profile add --name=Ubuntu-12.04-x86_64 --repo=ubuntu_ppa_repo --distro=Ubuntu-12.04-x86_64 --ksmeta="tree=http://10.145.89.200:8080/cobbler/ks_mirror/Ubuntu-12.04-x86_64 compass_server=10.145.89.200" --kickstart=/var/lib/cobbler/kickstarts/default.seed --kopts="netcfg/choose_interface=auto"
cobbler reposync
cobbler sync
cobbler check

137
docker/build/compass/Dockerfile Normal file
View File

@ -0,0 +1,137 @@
FROM centos:centos7
ADD conf/setup.conf /root/setup.conf
RUN chmod +x /root/setup.conf
## install yum repos and then packages
RUN source /root/setup.conf && \
rpm -Uvh $EPEL7 >& /dev/null && \
sed -i 's/^mirrorlist=https/mirrorlist=http/g' /etc/yum.repos.d/epel.repo && \
rpm -Uvh $ATOMIC >& /dev/null && \
sed -i 's/^mirrorlist=https/mirrorlist=http/g' /etc/yum.repos.d/atomic.repo
RUN yum clean all >& /dev/null && \
yum update -y --skip-broken >&/dev/null && \
yum install -y rsyslog logrotate ntp iproute openssh-clients python python-devel git wget rabbitmq-server mod_wsgi httpd squid yum-utils gcc net-snmp-utils net-snmp net-snmp-python openssl openssl098e ca-certificates redis mariadb mariadb-server mariadb-devel python-virtualenv python-setuptools MySQL-python
# set up pip and install python virtual environment
RUN easy_install --upgrade pip
RUN pip install virtualenvwrapper
# get compass-core code
WORKDIR /root
RUN source /root/setup.conf && \
git clone $COMPASS_CORE
WORKDIR /root/compass-core
RUN mkdir /root/backup
# update rsyslog conf
RUN cp -rn /etc/rsyslog.conf /root/backup
RUN rm -rf /etc/rsyslog.conf
RUN cp -rf misc/rsyslog/rsyslog.conf /etc/rsyslog.conf
RUN chmod 644 /etc/rsyslog.conf
# update logrotate.d
RUN cp -rn /etc/logrotate.d /root/backup
RUN rm -rf /etc/logrotate.d/*
RUN cp -rf misc/logrotate.d/* /etc/logrotate.d/
RUN chmod 644 /etc/logrotate.d/*
# grant permission to httpd and mysqld log dirs
RUN mkdir /var/log/mysql
RUN chmod 777 /var/log/httpd
RUN chmod 777 /var/log/mysql
# clone compass web
WORKDIR /root
RUN source /root/setup.conf && \
git clone $COMPASS_WEB
# setup python requirements
# remove 'mysql-python' from requirements as centos 7 supports the yum package
WORKDIR /root/compass-core
RUN sed -i 's/MySQL-python/#MySQL-python/g' requirements.txt
RUN source `which virtualenvwrapper.sh` && \
mkvirtualenv --system-site-packages compass-core && \
workon compass-core && \
pip install -U -r requirements.txt
# download local repo
WORKDIR /tmp
RUN source /root/setup.conf && \
wget $LOCAL_REPO
# snmp
# instead of moving mibs to /usr/local/share/snmp/mibs, centos7 puts mibs file at /usr/share/snmp/mibs/
WORKDIR /root/compass-core
RUN yes|cp -rf mibs/* /usr/share/snmp/mibs/
RUN cp -rf misc/snmp/snmp.conf /etc/snmp/snmp.conf
RUN chmod 644 /etc/snmp/snmp.conf
RUN mkdir -p /var/lib/net-snmp/mib_indexes
RUN chmod 755 /var/lib/net-snmp/mib_indexes
# install compass-core
WORKDIR /root/compass-core
RUN mkdir -p /etc/compass
RUN mkdir -p /opt/compass/bin
RUN mkdir -p /var/log/compass
RUN mkdir -p /var/log/chef
RUN mkdir -p /var/www/compass
RUN cp -rf misc/apache/ods-server.conf /etc/httpd/conf.d/ods-server.conf
RUN cp -rf conf/* /etc/compass/
RUN cp -rf bin/*.py /opt/compass/bin/
RUN cp -rf bin/*.sh /opt/compass/bin/
RUN cp -rf bin/compassd /usr/bin/
RUN cp -rf bin/switch_virtualenv.py.template /opt/compass/bin/switch_virtualenv.py
RUN ln -s -f /opt/compass/bin/compass_check.py /usr/bin/compass
RUN ln -s -f /opt/compass/bin/compass_wsgi.py /var/www/compass/compass.wsgi
RUN cp -rf bin/chef/* /opt/compass/bin/
RUN cp -rf bin/cobbler/* /opt/compass/bin/
RUN cp -rf /usr/lib64/libcrypto.so.10 /usr/lib64/libcrypto.so
# setup compass-core and related confs
RUN mkdir -p /opt/compass/db && \
chmod -R 777 /opt/compass/db
RUN chmod -R 777 /var/log/compass
RUN chmod -R 777 /var/log/chef
RUN echo "export C_FORCE_ROOT=1" > /etc/profile.d/celery_env.sh
RUN chmod +x /etc/profile.d/celery_env.sh
WORKDIR /root/compass-core
RUN source `which virtualenvwrapper.sh` && \
workon compass-core && \
python setup.py install
# compass web
WORKDIR /root/compass-web
RUN yum -y install tar
RUN mkdir -p /var/www/compass_web
RUN cp -rf v2 /var/www/compass_web/
WORKDIR /tmp
RUN tar -xzvf local_repo.tar.gz
RUN mv -f local_repo/* /var/www/compass_web/v2/
# enable start-up script
ADD scripts/sample_start /root/sample_start
RUN chmod +x /root/sample_start
# start: perform some post-installation tasks
# modify compass refresh to make it work in containers
ADD scripts/refresh.sh /opt/compass/bin/refresh.sh
RUN chmod +x /opt/compass/bin/refresh.sh
# set python home for virtualenv
RUN sed -i "s|\$PythonHome|\/root\/\.virtualenvs\/compass-core|g" /opt/compass/bin/switch_virtualenv.py
# add apache to root group
RUN usermod -a -G `groups root|awk '{print$3}'` apache
# configure mysql
RUN /usr/bin/mysql_install_db && \
chown -R mysql:mysql /var/lib/mysql
# CMD ["/root/sample_start"]
EXPOSE 80
EXPOSE 22
EXPOSE 123
EXPOSE 3306

5
docker/build/compass/conf/setup.conf Normal file
View File

@ -0,0 +1,5 @@
LOCAL_REPO="https://s3-us-west-1.amazonaws.com/compass-local-repo/local_repo.tar.gz"
EPEL7="http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm"
ATOMIC="http://www6.atomicorp.com/channels/atomic/centos/7/x86_64/RPMS/atomic-release-1.0-19.el7.art.noarch.rpm"
COMPASS_CORE="https://git.openstack.org/stackforge/compass-core.git"
COMPASS_WEB="https://git.openstack.org/stackforge/compass-web.git"

9
docker/build/compass/scripts/refresh.sh Normal file
View File

@ -0,0 +1,9 @@
#/bin/bash
set -e
/opt/compass/bin/manage_db.py createdb
# /opt/compass/bin/clean_installers.py
# /opt/compass/bin/clean_installation_logs.py
/usr/sbin/apachectl -D NO_DETACH -D FOREGROUND
/usr/bin/redis-server &
CELERY_CONFIG_MODULE=compass.utils.celeryconfig_wrapper C_FORCE_ROOT=1 /opt/compass/bin/celery worker &> /tmp/celery-worker.log &
/opt/compass/bin/progress_update.py &> /tmp/progress_update.log

56
docker/build/compass/scripts/sample_start Normal file
View File

@ -0,0 +1,56 @@
#!/bin/bash
# set python home
# sed -i "s|\$PythonHome|\/root\/\.virtualenvs\/compass-core|g" /opt/compass/bin/switch_virtualenv.py
# add apache to root user group
# usermod -a -G `groups root|awk '{print$3}'` apache
# activate virtualenv
source `which virtualenvwrapper.sh`
workon compass-core
## mysql
# install db
# grant permission to mysql data dir
# /usr/bin/mysql_install_db
# chown mysql:mysql /var/lib/mysql
# chown mysql:mysql /var/lib/mysql/*
# chown mysql:mysql /var/lib/mysql/mysql/*
# chown mysql:mysql /var/lib/mysql/performance_schema/*
# start mysqld service, push it to bg
/usr/bin/mysqld_safe > /dev/null 2>&1 &
RET=1
while [[ RET -ne 0 ]]; do
echo "waiting for mariadb to startup"
sleep 5
mysql -uroot -e "status" > /dev/null 2>&1
RET=$?
done
echo "mariadb started"
# set mysql with default username and password
mysqladmin -h127.0.0.1 --port=3306 -u root password root
# create db 'compass'
mysql -h127.0.0.1 --port=3306 -uroot -proot -e "create database compass"
## virtualenv
# create virtualenv
# source `which virtualenvwrapper.sh`
# mkvirtualenv --system-site-packages compass-core
# install compass requirements
# start compass services
/opt/compass/bin/manage_db.py createdb
/usr/sbin/apachectl -k start
/usr/sbin/rabbitmq-server &
/usr/bin/redis-server &
ln -s /root/.virtualenvs/compass-core/bin/celery /opt/compass/bin/celery
CELERY_CONFIG_MODULE=compass.utils.celeryconfig_wrapper C_FORCE_ROOT=1 /opt/compass/bin/celery worker &> /tmp/celery-worker.log &
/opt/compass/bin/progress_update.py &> /tmp/progress_update.log &
tail -f /dev/null

13
examples/Dockerfile Normal file
View File

@ -0,0 +1,13 @@
FROM compassindocker/compass:test
ADD scripts/start /root/start
ADD conf/compass.setting /etc/compass/setting
ADD conf/cobbler.conf /etc/compass/os_installer/cobbler.conf
ADD conf/chef-icehouse.conf /etc/compass/package_installer/chef-icehouse.conf
ADD conf/chef-client.pem /etc/chef-client.pem
RUN chmod +x /root/start
CMD ["/root/start"]
EXPOSE 80
EXPOSE 123

28
examples/conf/chef-client.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA16JNckh4jk4B/yuw42OkHTix7cFWr7DLvpUOFHecmw6IcfP2
mLvY2FI+RFFtM91/hWy648TtNzK5/iUJeTNLjGAuthzGeTfGS9SR8rSfVjDd6zHt
gbHBTPPCeAydy9TfJpOhXWy8DHNiGjQKQd/RM8Sgzbp0JW1yMqSg+o64MgR8VFLL
VMG6kA1VFzLs+/3W14vaHZqF0y8N0ZQeAXnsx51zNQL2rlEpF3PMMAhgyJIZ+UZk
vDPu+i6wcabrq7yfmYg5B9OzAHkccAacCLjMz/2KCxHysuxkiElZ5g6qpHAlBQCw
yt/GY6+UYBWtKd7UrHCN9+k5a4hXom1VbSYmGQIDAQABAoIBAQDQtT7QhmRpGAfG
ursS27ZUsjNFNAR7OFt7szlVhhAF5CMcaE0dt3NCrReneEiCErkCoyKgolIXQvnS
inaI4KUW0WFk0qUnXlyHuM8qYrh17AZfRovjI/E8UhK/rzZruzXhWLKugjfgtS0W
v5fN+pu5x278sKMKNsx5R+6nlMujW/ztk6zFh4XQPH4WjbpEwNbGWtwktUu1ogTu
AKLUZUvjNej+qBo/rxaTvKnUw9YW7KRNmD97CJwiyATEMW3uCs/K+S1gMIW/pkOt
Nl3cokF94FwPxcSuJZMc6ZuGJrdjuUiwExO5Q9x5pxskbwYfK6Sq/cLy9ssqV8aL
Mam7xkKBAoGBAPR2Q+br5TXZHYv3y4FCKo6tcALloIdHAoVLrfSXeKe81b70j/Za
hGE9Wm5F0hbMK70l+NgDJnSbUUKmwDeU4eJbhrW68xuu8XP1jblwWLZ/RrqX4w8F
WqNbN4LokEu285xTZc2/MGyI4E7IB0LzCh7YvNyD8Mw5hoQeZqne76yNAoGBAOHP
uHOgu2lFokW8hvYg1tG1WqDAxNEThz+F6K1AhCh/rrKFqsns5baAr0A0nBOzfF52
hnuQwjivoQ4LxapwDyYmbs0qmPSgOnKUAKuAlGYgiPzoqqAu7rPU6IsmbIa6Jex0
JgbNNlFflvogQ7Ws1MJkVflBXtCRmIEC+dUeX0q9AoGBAM1H1oM+Sc6rEDWuEnTr
lAMVvz6fhuqyBXrbbys6WvY4CyF8CrvrjMh/FcYN2XqNXplKHql+E7fNiTI4Bqdl
3T0QcJGAeI8hm94tMCKtJcGyJTmhO+ksLM2KVpYWJr191xnJqm5YgxhQ5FMjg32D
y1bV19ow7W8BS2T8hmdVLtwtAoGAdf/9THcW2EkqJjUBdcbtWwLhDBYQA42n5HsO
ftKy/RLT8LhG6mQgGkGe0vdrBCSL/jUDy7h2tfaZO+TM82bBk9cLma0D5vl/8XYD
75sucTvZOgg/eZts446DwotetPy7ape7c1xzYQyJscWAfISHXdnez3TonicnQWuT
sFnBxCUCgYAmFe++2rfIDyTn/gYcZcTQeF9Ei9jAo8fGXuS/mqBNBwRLuctqoWsX
Qw4XZ+sMZQ2nQED9mC5skEpSKdetXZ0eMLd/JfnJhyqSlGqEbauD01mEdV/POYxG
oxpSg7bPw05mpaIzUCXw1mQpq7bZ/dQRArNs0wJwFi7sL1Pkf+/AHg==
-----END RSA PRIVATE KEY-----

11
examples/conf/chef-icehouse.conf Normal file
View File

@ -0,0 +1,11 @@
NAME = 'chef_installer'
INSTANCE_NAME = 'chef_installer'
SETTINGS = {
'chef_url': 'https://10.145.89.140',
'chef_server_ip': '10.145.89.140',
'chef_server_dns': 'compass',
'key_dir': '/etc/chef-client.pem',
'client_name': 'docker-controller',
'databags': []
}

9
examples/conf/cobbler.conf Normal file
View File

@ -0,0 +1,9 @@
NAME = 'cobbler'
INSTANCE_NAME = 'cobbler'
SETTINGS = {
'cobbler_url': 'http://10.145.89.140/cobbler_api',
'credentials': {
'username': 'cobbler',
'password': 'cobbler'
}
}

33
examples/conf/compass.setting Normal file
View File

@ -0,0 +1,33 @@
CONFIG_DIR = '/etc/compass'
DATABASE_TYPE = 'mysql'
DATABASE_USER = 'root'
DATABASE_PASSWORD = 'root'
DATABASE_SERVER = '127.0.0.1:3306'
DATABASE_NAME = 'compass'
SQLALCHEMY_DATABASE_URI = '%s://%s:%s@%s/%s' % (DATABASE_TYPE, DATABASE_USER, DATABASE_PASSWORD, DATABASE_SERVER, DATABASE_NAME)
SQLALCHEMY_DATABASE_POOL_TYPE = 'instant'
INSTALLATION_LOGDIR = {
'CobblerInstaller': '/var/log/cobbler/anamon',
'ChefInstaller': '/var/log/chef'
}
DEFAULT_LOGLEVEL = 'info'
DEFAULT_LOGDIR = '/var/log/compass'
DEFAULT_LOGINTERVAL = 6
DEFAULT_LOGINTERVAL_UNIT = 'h'
DEFAULT_LOGFORMAT = '%(asctime)s - %(filename)s - %(lineno)d - %(levelname)s - %(message)s'
WEB_LOGFILE = 'compass.log'
CELERY_LOGFILE = 'celery.log'
CELERYCONFIG_DIR = '/etc/compass'
CELERYCONFIG_FILE = 'celeryconfig'
PROGRESS_UPDATE_INTERVAL=30
POLLSWITCH_INTERVAL=60
SWITCHES = [
]
TMPL_DIR = '/etc/compass/templates'
COMPASS_SUPPORTED_PROXY = 'http://10.145.89.140:3128'
COMPASS_SUPPORTED_DEFAULT_NOPROXY = ['127.0.0.1','10.145.89.140','comapss']
COMPASS_SUPPORTED_NTP_SERVER = '10.145.89.140'
COMPASS_SUPPORTED_DNS_SERVERS = ['10.145.89.140']
COMPASS_SUPPORTED_DOMAINS = ['ods.com']
COMPASS_SUPPORTED_DEFAULT_GATEWAY = '10.145.88.1'
COMPASS_SUPPORTED_LOCAL_REPO = 'http://10.145.89.140'

36
examples/scripts/start Normal file
View File

@ -0,0 +1,36 @@
#!/bin/bash
# activate virtualenv
source `which virtualenvwrapper.sh`
workon compass-core
# start mysqld service, push it to bg
/usr/bin/mysqld_safe > /dev/null 2>&1 &
RET=1
while [[ RET -ne 0 ]]; do
echo "waiting for mariadb to startup"
sleep 5
mysql -uroot -e "status" > /dev/null 2>&1
RET=$?
done
echo "mariadb started"
# set mysql with default username and password
mysqladmin -h127.0.0.1 --port=3306 -u root password root
# create db 'compass'
mysql -h127.0.0.1 --port=3306 -uroot -proot -e "create database compass"
# start compass services
/opt/compass/bin/manage_db.py createdb
/usr/sbin/apachectl -k start
/usr/sbin/rabbitmq-server &
/usr/bin/redis-server &
/usr/sbin/ntpd &
ln -s /root/.virtualenvs/compass-core/bin/celery /opt/compass/bin/celery
CELERY_CONFIG_MODULE=compass.utils.celeryconfig_wrapper C_FORCE_ROOT=1 /opt/compass/bin/celery worker &> /tmp/celery-worker.log &
/opt/compass/bin/progress_update.py &> /tmp/progress_update.log &
touch /var/log/compass/celery.log
tail -f /var/log/compass/celery.log

9
install/allinone.yml Normal file
View File

@ -0,0 +1,9 @@
---
- hosts: allinone
sudo: True
roles:
- common
- chef
- cobbler
- compass

8
install/allinone_nochef.yml Normal file
View File

@ -0,0 +1,8 @@
---
- hosts: compass_vm
sudo: True
roles:
- common
- cobbler
- compass

7
install/cobbler_nodocker.yml Normal file
View File

@ -0,0 +1,7 @@
---
- hosts: cobbler_ansible_test
sudo: True
roles:
- common
- cobbler

10
install/compass_nodocker.yml Normal file
View File

@ -0,0 +1,10 @@
---
- hosts: compass_nodocker
sudo: True
roles:
- common
- cobbler
- compass
vars:
- dockerized: False

225
install/group_vars/all Normal file
View File

@ -0,0 +1,225 @@
---
# Once rebuild is marked as True, all docker images and/or packages will be destroyed and re-established
rebuild: True
# Auto-generated IP values
chef_server: "10.145.89.139"
cobbler_server: "{{ mgmt_next_ip }}"
compass-server: "{{ mgmt_next_ip }}"
internal_nic: eth1
internal_interface: "ansible_{{ internal_nic }}"
internal_ip: "{{ hostvars[inventory_hostname][internal_interface]['ipv4']['address'] }}"
# Auto-generated
dockerized_cobbler: True
dockerized_chef: False
# shared_dir on local machine
shared_dir: "~/compass/shared"
# pkg installer
pkg_installer: ['ansible']
## default urls
# centos
epel_6: "https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm"
# compass adapters
compass_adapters: "git://git.openstack.org/stackforge/compass-adapters.git"
## cobbler
# cidr for docker bridge: compass0
compass0_subnet: "192.168.100.1/24"
# subnet ip for docker bridge: compass0
compass0_subnet_ip: "192.168.100.0"
# subnet mask for docker bridge: compass0
compass0_subnet_mask: "255.255.255.0"
# router ip for docker bridge: compass0
compass0_router: "192.168.100.1"
# dhcp range for docker bridge: compass0
compass0_dhcp_range: "192.168.100.150 192.168.100.160"
# management nic
mgmt_nic: "eth1"
mgmt_nic_ip: "hostvars[inventory_hostname][ansible_{{ mgmt_nic }}]['ipv4']['address']"
# management pxe server
mgmt_next_ip: "10.1.0.12"
# management subnet ip of the cluster you want to deploy
mgmt_subnet_ip: "10.1.0.0"
# mangement cidr of the cluster you want to deploy
mgmt_subnet: "10.1.0.0/24"
# management subnet router ip
mgmt_router: "10.1.0.1"
# management subnet subnet mask
mgmt_subnet_mask: "255.255.255.0"
# management subnet dhcp range
mgmt_dhcp_range: "10.1.0.100 10.1.0.150"
## ports for cobbler ##
# http port on host that maps to the cobbler container
cobbler_mapped_http_port_on_host: "8080"
# rsyslog port on host that maps to the compass container
rsyslog_port_mapped_on_host: "12514"
# tftp port on host that maps to the cobbler container
tftp_port: "69"
# xmlrpc port on host that maps to the cobbler container
xmlrpc_port: "25151"
# dns port on host that maps to the cobbler container
dns_port: "53"
# mysql port
mysql_port: "3306"
# port mapping as a paramter for running cobbler container
cobbler_port_mapping: -p {{ cobbler_mapped_http_port_on_host }}:80 -p {{ tftp_port }}:69/udp -p {{ dns_port }}:53/udp -p {{ xmlrpc_port }}:25151 -p {{ rsyslog_port_mapped_on_host }}:514
## ports for compass ##
# http port on host that maps to the compass container
compass_mapped_http_port_on_host: "5000"
# ntp port on host that maps to the compass container
ntp_port: "123"
# squid proxy port on host that maps to the compass container
proxy_port: "3128"
# port mapping as a parameter for running compass container
compass_port_mapping: -p {{ compass_mapped_http_port_on_host }}:80 -p {{ ntp_port }}:123 -p {{ proxy_port }}:3128 -p {{ mysql_port }}:3306
## isos
# centos iso url
centos_url: "{{ centos_65_url }}"
# ubuntu iso url
ubuntu_url: "{{ ubuntu_1204_url }}"
# centos 6.5 url
centos_65_url: "https://s3-us-west-1.amazonaws.com/compass-local-repo/centos/6.5/CentOS-6.5-x86_64.iso"
# ubuntu 12.04 url
ubuntu_1204_url: "https://s3-us-west-1.amazonaws.com/compass-local-repo/ubuntu/12.04/Ubuntu-12.04-x86_64.iso"
# os name of centos
centos: "{{ centos_65 }}"
# os name of ubuntu
ubuntu: "{{ ubuntu_1204 }}"
# centos 6.5 os name
centos_65: "CentOS-6.5-x86_64"
# ubuntu 12.04 os name
ubuntu_1204: "Ubuntu-12.04-x86_64"
# ubuntu 14.04 url
ubuntu_1404_url: "https://s3-us-west-1.amazonaws.com/compass-local-repo/ubuntu/14.04/Ubuntu-14.04-x86_64.iso"
# ubuntu 14.04 os name
ubuntu_1404: "Ubuntu-14.04-x86_64"
region: "lab"
distros:
- {
name: "Ubuntu-14.04-x86_64",
iso_us_url: "https://s3-us-west-1.amazonaws.com/compass-local-repo/ubuntu/14.04/Ubuntu-14.04-x86_64.iso",
ppa_us_url: "https://s3-us-west-1.amazonaws.com/compass-local-repo/ubuntu/14.04/ubuntu_14_04_ppa_repo.tar.gz",
iso_lab_url: "http://192.168.120.2/cobbler/iso/ubuntu/Ubuntu-14.04-x86_64.iso",
ppa_lab_url: "http://192.168.120.2/cobbler/ppa_repo/ubuntu_14_04_ppa_repo.tar.gz",
ppa_repo_name: "ubuntu_14_04_ppa_repo",
breed: "ubuntu",
kickstart: "default.seed",
kopts: "netcfg/choose_interface=auto"
}
- {
name: "CentOS-6.5-x86_64",
iso_us_url: "https://s3-us-west-1.amazonaws.com/compass-local-repo/centos/6.5/CentOS-6.5-x86_64.iso",
ppa_us_url: "https://s3-us-west-1.amazonaws.com/compass-local-repo/centos/6.5/centos_6_5_ppa_repo.tar.gz",
iso_lab_url: "http://192.168.120.2/cobbler/iso/centos/CentOS-6.5-x86_64.iso",
ppa_lab_url: "http://192.168.120.2/cobbler/ppa_repo/centos_6_5_ppa_repo.tar.gz",
ppa_repo_name: "centos_6_5_ppa_repo",
breed: "redhat",
kickstart: "default.ks",
kopts: ""
}
## volume mapping for cobbler ##
# mount point for isos on cobbler host
host_mount_point: "/root/docker-cobbler/images"
# mount point inside cobbler container
container_mount_point: "/var/lib/cobbler/mount_point"
# combined mount syntax for docker run
image_volume_mapping: "-v {{ host_mount_point }}:{{ container_mount_point }}"
# log dir on cobbler host
cobbler_host_log_dir: "/var/log/cobbler"
# log dir inside cobbler container
cobbler_container_log_dir: "/var/log/cobbler"
# log the logs from container into host for future use
log_volume_mapping: "-v {{ cobbler_host_log_dir }}:{{ cobbler_container_log_dir }}"
## volume mapping for compass ##
# log dir on compass host
compass_host_log_dir: "/var/log/compass"
# log dir on inside compass container
compass_container_log_dir: "/var/log/cobbler"
# sync logs inside out of the container
compass_volume_mapping: "-v {{ compass_host_log_dir }}:{{ compass_container_log_dir }}"
## docker ##
# install docker on ubuntu
docker_apt_key_server: hkp://keyserver.ubuntu.com:80
docker_apt_key: 36A1D7869245C8950F966E92D8576A8BA88D21E9
# epel version
epel_file_name: epel-release-6-8.noarch.rpm
epel_base_url: http://download.fedoraproject.org/pub/epel/6/x86_64/
# atomic version
atomic_file_name: atomic-release-1.0-19.el6.art.noarch.rpm
atomic_base_url: http://www6.atomicorp.com/channels/atomic/centos/6/x86_64/RPMS/
# pxe boot macs
#pxe_boot_macs: ['00:00:37:ed:95:4e', '00:00:79:ad:ce:6b', '00:00:0a:f6:6e:d7']
#test: true
# the key to be authorized on pxe boot machines so passwordless login can be
# done from the machine where you grab the key.
#push_ssh_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUuKnIXwxS9w+Rxb4+CL3iqNQXB+kriQyr89YeLg5X7B0h+r91okw2bgodVvoynH8n7d7afHYew4KH7pMc5a3QMf/gwhhnlfoeyimQg0IOTQ6pvNxifRi5IN9xa3mB3kL9/xVmfo9rUE6ZZ4dNQ91As706SLBzEJWUuICT7fFJqCqHbxNT9aO//TWcoJJH+d+GLfLagyfVxBHb8DcoNSKTq1rFjZCFVs9pg6aO0d6Z3FcyICxOaacsAoRZOsx8+2WsHaZRk6udbqZJHt7LBs9Bc38+YCRhc31Q2jyrm37xT3QchRl4sihqq38N03cTYBksuRfV1dJaso9MUQapa/Lv root@host-1"

2
install/inventories/allinone Normal file
View File

@ -0,0 +1,2 @@
[allinone]
xc-ansible-test1 ansible_ssh_host=10.145.89.128 ansible_ssh_user=root ansible_ssh_pass=root type=allinone

2
install/inventories/chef Normal file
View File

@ -0,0 +1,2 @@
[chefnodes]
xc-ansible-test1 ansible_ssh_host=10.145.89.128 ansible_ssh_user=root ansible_ssh_pass=root dockerized=False type=chef

2
install/inventories/cobbler Normal file
View File

@ -0,0 +1,2 @@
[cobblernodes]
docker-base ansible_ssh_host=10.145.89.139 ansible_ssh_user=root ansible_ssh_pass=root dockerized=True container_name=cobbler-dev type=cobbler

2
install/inventories/compass Normal file
View File

@ -0,0 +1,2 @@
[compassnodes]
xc-ansible-test1 ansible_ssh_host=10.145.89.128 ansible_ssh_user=root ansible_ssh_pass=root dockerized=True container_name=compass-dev type=compass

6
install/inventories/hosts_test Normal file
View File

@ -0,0 +1,6 @@
[chefnodes]
xc-precise-server ansible_ssh_host=10.145.89.133 ansible_ssh_user=root ansible_ssh_pass=root type=chef
[cobblernodes]
xc-ansible-test1 ansible_ssh_host=10.145.89.128 ansible_ssh_user=root ansible_ssh_pass=root type=cobbler
[compassnodes]
xc-precise-server ansible_ssh_host=10.145.89.133 ansible_ssh_user=root ansible_ssh_pass=root type=compass

6
install/inventories/ubuntu_test Normal file
View File

@ -0,0 +1,6 @@
# [chefnodes]
# xc-precise-server ansible_ssh_host=10.145.89.133 ansible_ssh_user=root ansible_ssh_pass=root type=chef
[cobblernodes]
xc-precise-server ansible_ssh_host=10.145.89.133 ansible_ssh_user=root ansible_ssh_pass=root type=cobbler
[compassnodes]
xc-precise-server ansible_ssh_host=10.145.89.133 ansible_ssh_user=root ansible_ssh_pass=root type=compass

16
install/precheck.yml Normal file
View File

@ -0,0 +1,16 @@
---
- hosts: chefnodes
sudo: True
roles:
- precheck
- hosts: cobblernodes
sudo: True
roles:
- precheck
- hosts: compassnodes
sudo: True
roles:
- precheck

45
install/regtest.yml Normal file
View File

@ -0,0 +1,45 @@
---
- hosts: regtest_vm
sudo: True
roles:
- regtest-compass
# - regtest-ansible-openstack
vars:
- COMPASS_PATH: "/opt/compass-core"
- COMPASS_SERVER_URL: "http://10.1.0.11:5000/api"
- COMPASS_USER_EMAIL: "admin@huawei.com"
- COMPASS_USER_PASSWORD: "admin"
- CLUSTER_NAME: "opnfv"
- LANGUAGE: "EN"
- TIMEZONE: "America/Los_Angeles"
- HOSTNAMES: "allinone"
- NTP_SERVER: "10.1.0.11"
- NAMESERVERS: "10.1.0.11"
- DOMAIN: "ods.com"
- PARTITIONS: "/home=5%,/tmp=5%,/var=20%"
- SUBNETS: "10.1.0.0/24,172.16.2.0/24,172.16.3.0/24,172.16.4.0/24"
- ADAPTER_OS_PATTERN: '"(?i)ubuntu-14\.04.*"'
- ADAPTER_NAME: "os_only"
- ADAPTER_TARGET_SYSTEM_PATTERN: ""
- ADAPTER_FLAVOR_PATTERN: ""
- PROXY: ""
- IGNORE_PROXY: ""
- SEARCH_PATH: "ods.com"
- GATEWAY: "10.1.0.1"
- SERVER_CREDENTIAL: "root"
- LOCAL_REPO_URL: ""
- OS_CONFIG_FILENAME: ""
- SERVICE_CREDENTIALS: "service"
- CONSOLE_CREDENTIALS: "console"
- HOST_NETWORKS: "allinone:eth0=10.1.0.100|is_mgmt,eth1=172.16.2.100,eth2=172.16.3.100,eth3=172.16.4.100"
- NETWORK_MAPPING: "management=eth0,tenant=eth1,storage=eth3,external=eth2"
- PACKAGE_CONFIG_FILENAME: ""
- HOST_ROLES: ""
- DEFAULT_ROLES: ""
- SWITCH_IPS: "1.1.1.1"
- MACHINES: ""
- SWITCH_CREDENTIAL: "version=2c,community=public"
- DEPLOYMENT_TIMEOUT: "90"
- POLL_SWITCHES_FLAG: "nopoll_switches"
- DASHBOARD_URL: ""

4
install/roles/chef/files/chef-server.rb Normal file
View File

@ -0,0 +1,4 @@
nginx['non_ssl_port'] = 80
nginx['enable_non_ssl'] = true
nginx['ssl_port'] = 443
nginx['url'] = "https://#{node['fqdn']}"

8
install/roles/chef/files/compass.json Normal file
View File

@ -0,0 +1,8 @@
{
"name": "compass",
"public_key": null,
"validator": false,
"admin": true,
"json_class": "Chef::ApiClient",
"chef_type": "client"
}

9
install/roles/chef/files/knife.rb Normal file
View File

@ -0,0 +1,9 @@
log_level :info
log_location STDOUT
node_name 'admin'
client_key '/etc/chef-server/admin.pem'
validation_client_name 'chef-validator'
validation_key '/etc/chef-server/chef-validator.pem'
chef_server_url 'https://localhost:443'
syntax_check_cache_path '/root/.chef/syntax_check_cache'
cookbook_path [ '/root/chef-repo/cookbooks' ]

5
install/roles/chef/files/knife.sh Normal file
View File

@ -0,0 +1,5 @@
#!/bin/bash
knife configure -y -i --defaults -r ~/chef-repo -s https://localhost:443 -u root --admin-client-name admin --admin-client-key /etc/chef-server/admin.pem --validation-client-name chef-validator --validation-key /etc/chef-server/chef-validator.pem<<EOF
'thisisarandomstring'
EOF

30
install/roles/chef/tasks/Debian.yml Normal file
View File

@ -0,0 +1,30 @@
---
- name: install git
apt: name=git
state=installed
update_cache=yes
- name: fact of chef-server
shell: dpkg -l
register: packages
# get precise chef-server deb pkg if ubuntu is 12.04
- name: get chef-server
get_url: url={{ chef_server_precise }}
dest=/tmp/chef-server.deb
when: "'chef-server' not in packages.stdout and ansible_distribution_major_version == '12'"
- name: install chef-server
apt: deb=/tmp/chef-server.deb
state=installed
- name: get chef-client
get_url: url={{ chef_client_precise }}
dest=/tmp/chef-client.rpm
when: "'chef' not in packages.stdout and ansbile_distribution_major_version == '12'"
- name: install chef-client
apt: deb=/tmp/chef-client.deb
state=installed
when: "'chef' not in packages.stdout"

30
install/roles/chef/tasks/RedHat.yml Normal file
View File

@ -0,0 +1,30 @@
---
- name: fact of chef-server
command: rpm -qa | grep -q chef-server
register: is_installed
- name: get chef-server
get_url: url={{ chef_server_el6_rpm }}
dest=/tmp/chef-server.rpm
when: is_installed.stdout.find('chef-server') == -1 and ansible_distribution_major_version == '6'
- name: install chef-server
shell: rpm -Uvh /tmp/chef-server.rpm
when: "'chef-server' not in is_installed.stdout"
- name: is chef-client installed
command: rpm -q chef
register: chefclient_installed
- name: get chef-client
get_url: url={{ chef_client_el6_rpm }}
dest=/tmp/chef-client.rpm
when: chefclient_installed.stdout.find('chef') == -1 and ansible_distribution_major_version == '6'
- name: install chef-client
shell: rpm -Uvh /tmp/chef-client.rpm
when: chefclient_installed.stdout.find('chef') == -1
- name: install git
yum: name=git

14
install/roles/chef/tasks/chef-server.yml Normal file
View File

@ -0,0 +1,14 @@
- name: chef-server cleanse
shell: chef-server-ctl cleanse
- name: create chef-server directory
file: path=/etc/chef-server state=directory
- name: copy chef-server.rb
copy: src=chef-server.rb dest=/etc/chef-server/chef-server.rb mode=644 backup=yes
- name: reconfigure chef-server
shell: chef-server-ctl reconfigure
- name: test chef-server
shell: chef-server-ctl test

60
install/roles/chef/tasks/compass.yml Normal file
View File

@ -0,0 +1,60 @@
---
- name: create backup dir
file: path=/root/backup state=directory
- name: create cookbook directory
file: path=/var/chef/cookbooks state=directory
- name: backup cookbooks
shell: cp -rf /var/chef/cookbooks /root/backup/cookbooks
- name: remove cookbooks
shell: rm -rf /var/chef/cookbooks/*
- name: clone compass-adapters
git: repo={{ compass_adapters }} dest=/root/compass-adapters version=dev/experimental accept_hostkey=yes recursive=no
- name: copy cookbooks to its directory
shell: cp -rf /root/compass-adapters/chef/cookbooks/* /var/chef/cookbooks/
- name: upload cookbooks using knife
shell: knife cookbook upload -o /var/chef/cookbooks --all
- name: create roles directory
file: path=/var/chef/roles state=directory
- name: backup roles
shell: cp -rf /var/chef/roles /root/backup/roles
- name: remove roles
shell: rm -rf /var/chef/roles/*
- name: copy roles to its directory
shell: cp -rf /root/compass-adapters/chef/roles/* /var/chef/roles/
- name: upload roles from file
shell: knife role from file /var/chef/roles/*.json
- name: copy compass admin knife client config to chef server
copy: src=compass.json dest=/var/chef/compass.json mode=0644
- name: check if compass client exists
command: knife client list
register: result
- name: remove compass client if it exists
shell: knife client delete compass -y
when: result.stdout.find('compass') != -1
- name: create chef admin client for remote control
shell: knife client create -a compass -f /tmp/compass.pem -y -d
- name: fetch compass.pem
fetch: src=/tmp/compass.pem dest={{ shared_dir }}/keys/compass.pem flat=yes
- name: fetch chef admin.pem
fetch: src=/etc/chef-server/admin.pem dest={{ shared_dir }}/keys/admin.pem flat=yes
- name: fetch chef validator.pem
fetch: src=/etc/chef-server/chef-validator.pem dest={{ shared_dir }}/keys/chef-validator.pem flat=yes

0
install/roles/chef/tasks/docker-debian.yml Normal file
View File

0
install/roles/chef/tasks/docker-redhat.yml Normal file
View File

4
install/roles/chef/tasks/docker.yml Normal file
View File

@ -0,0 +1,4 @@
---
- name: hello world
shell: echo hello world

17
install/roles/chef/tasks/knife.yml Normal file
View File

@ -0,0 +1,17 @@
---
- name: make knife directory
file: path=~/.chef state=directory
- name: copy knife setup script
copy: src=knife.sh dest=/tmp/knife.sh mode=0755
- name: check if knife is already configured
command: ls ~/.chef
register: result
- name: run knife setup script
shell: /tmp/knife.sh >> knife.txt chdir=/tmp/
when: result.stdout.find('root') == -1
- name: replace knife config file
copy: src=knife.rb dest=/root/.chef/knife.rb mode=0644

22
install/roles/chef/tasks/main.yml Normal file
View File

@ -0,0 +1,22 @@
---
- include: RedHat.yml
when: ansible_os_family == 'RedHat' and not dockerized
- include: Debian.yml
when: ansible_os_family == 'Debian' and not dockerized
- include: docker-redhat.yml
when: ansible_os_family == 'Redhat' and dockerized
- include: docker-debian.yml
when: ansible_os_family == 'Debian' and dockerized
- include: chef-server.yml
when: not dockerized
- include: knife.yml
when: not dockerized
- include: compass.yml
when: not dockerized

16
install/roles/chef/vars/main.yml Normal file
View File

@ -0,0 +1,16 @@
---
# chef server specific environment variables
chef_server_el6_rpm: "https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-server-11.0.8-1.el6.x86_64.rpm"
# open source chef server does not support centos7/el7 yet
chef_server_el7_rpm: ""
chef_server_precise: "https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef-server_11.0.8-1.ubuntu.12.04_amd64.deb"
chef_server_trusty: ""
# chef client rpm
chef_client_el6_rpm: "https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-11.8.0-1.el6.x86_64.rpm"
dockerized: False

10
install/roles/cobbler/files/cobbler_web.conf Normal file
View File

@ -0,0 +1,10 @@
# This configuration file enables the cobbler web
# interface (django version)
# Force everything to go to https
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/cobbler_web
# RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
WSGIScriptAlias /cobbler_web /usr/share/cobbler/web/cobbler.wsgi

79
install/roles/cobbler/files/debmirror.conf Normal file
View File

@ -0,0 +1,79 @@
# Default config for debmirror
# The config file is a perl script so take care to follow perl syntax.
# Any setting in /etc/debmirror.conf overrides these defaults and
# ~/.debmirror.conf overrides those again. Take only what you need.
#
# The syntax is the same as on the command line and variable names
# loosely match option names. If you don't recognize something here
# then just stick to the command line.
#
# Options specified on the command line override settings in the config
# files.
# Location of the local mirror (use with care)
# $mirrordir="/path/to/mirrordir"
# Output options
$verbose=0;
$progress=0;
$debug=0;
# Download options
$host="ftp.debian.org";
$user="anonymous";
$passwd="anonymous@";
$remoteroot="debian";
$download_method="ftp";
# @dists="sid";
@sections="main,main/debian-installer,contrib,non-free";
# @arches="i386";
# @ignores="";
# @excludes="";
# @includes="";
# @excludes_deb_section="";
# @limit_priority="";
$omit_suite_symlinks=0;
$skippackages=0;
# @rsync_extra="doc,tools";
$i18n=0;
$getcontents=0;
$do_source=1;
$max_batch=0;
# @di_dists="dists";
# @di_archs="arches";
# Save mirror state between runs; value sets validity of cache in days
$state_cache_days=0;
# Security/Sanity options
$ignore_release_gpg=0;
$ignore_release=0;
$check_md5sums=0;
$ignore_small_errors=0;
# Cleanup
$cleanup=0;
$post_cleanup=1;
# Locking options
$timeout=300;
# Rsync options
$rsync_batch=200;
$rsync_options="-aIL --partial";
# FTP/HTTP options
$passive=0;
# $proxy="http://proxy:port/";
# Dry run
$dry_run=0;
# Don't keep diff files but use them
$diff_mode="use";
# The config file must return true or perl complains.
# Always copy this.
1;

8
install/roles/cobbler/files/distributions Normal file
View File

@ -0,0 +1,8 @@
Origin: ppa
Label: ppa_repo
Suite: stable
Codename: ppa
Version: 0.1
Architectures: i386 amd64 source
Components: main
Description: ppa repo

14
install/roles/cobbler/files/rsync Normal file
View File

@ -0,0 +1,14 @@
# default: off
# description: The rsync server is a good addition to an ftp server, as it \
# allows crc checksumming etc.
service rsync
{
disable = no
flags = IPv6
socket_type = stream
wait = no
user = root
server = /usr/bin/rsync
server_args = --daemon
log_on_failure += USERID
}

221
install/roles/cobbler/files/ssl.conf Normal file
View File

@ -0,0 +1,221 @@
#
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about these
# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
LoadModule ssl_module modules/mod_ssl.so
#
# When we also provide SSL we have to listen to the
# the HTTPS port in addition.
#
Listen 443
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
# SSLMutex default
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
#
# Use "SSLCryptoDevice" to enable any supported hardware
# accelerators. Use "openssl engine -v" to list supported
# engine names. NOTE: If you enable an accelerator and the
# server does not start, consult the error logs and ensure
# your accelerator is functioning properly.
#
SSLCryptoDevice builtin
#SSLCryptoDevice ubsec
##
## SSL Virtual Host Context
##
<VirtualHost _default_:443>
# General setup for the virtual host, inherited from global configuration
#DocumentRoot "/var/www/html"
#ServerName www.example.com:443
# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
SSLProtocol all -SSLv2
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

12
install/roles/cobbler/handlers/main.yml Normal file
View File

@ -0,0 +1,12 @@
---
- name: restart dhcp-relay
shell: service isc-dhcp-relay restart
- name: restart httpd
service: name=httpd state=restarted enabled=yes
- name: restart cobbler
service: name=cobblerd state=restarted enabled=yes
- name: cobbler sync
command: cobbler sync

0
install/roles/cobbler/tasks/Debian.yml Normal file
View File

321
install/roles/cobbler/tasks/RedHat.yml Normal file
View File

@ -0,0 +1,321 @@
---
- name: install base packages
yum: name={{ item }} state=present
with_items:
- wget
- git
- name: check epel presence
command: rpm -q epel-release
register: epel_presence
ignore_errors: yes
- name: check atomic repo presence
command: rpm -q atomic-release
register: atomic_presence
ignore_errors: yes
#- name: get epel version
# command: >
# wget -q {{ epel_base_url }} -O - | grep -oE "(href=\"epel-release-6-[0-9,.].*)" | cut -d\" -f2
# register: epel_file_name
# when: epel_presence.rc != 0
- name: install epel
yum: name={{ epel_base_url }}/{{ epel_file_name }} state=present
when: epel_presence.rc != 0
- name: install atomic repo
yum: name={{ atomic_base_url }}/{{ atomic_file_name }} state=present
when: atomic_presence.rc != 0
- name: yum update
yum: name=* state=latest update_cache=yes
- name: install related packages
yum: name={{ item }} state=present
with_items:
- cobbler
- cobbler-web
- createrepo
- mkisofs
- syslinux
- debmirror
- pykickstart
- cman
- bind
- rsync
- dhcp
- xinetd
- tftp-server
- gcc
- httpd
- libselinux-python
- name: turn off iptables
service: name=iptables state=stopped enabled=no
- name: replace config files
copy: src={{ item.name }} dest={{ item.dest }}
with_items:
- { name: rsync, dest: /etc/xinetd.d/rsync }
- { name: debmirror.conf, dest: /etc/debmirror.conf }
- name: restart xinetd service
service: name=xinetd state=restarted enabled=yes
- name: configure interface for dhcp
command: ifconfig {{ mgmt_nic }}:1 {{ mgmt_next_ip }} netmask {{ mgmt_subnet_mask }}
when: not mgmt_ip_same
- name: copy httpd configuration files
file: src={{ item }} dest=/etc/httpd/conf.d/{{ item }} mode=0644
with_items:
- cobbler_web.conf
- ssl.conf
notify:
restart httpd
- name: disable selinux
selinux: state=disabled
- name: disable selinux real time
shell: echo 0 > /selinux/enforce
- name: copy cobbler configuration files
template: src={{ item.name }} dest=/etc/cobbler/{{ item.file_name }} mode=0644
with_items:
- { name: tftpd.template, file_name: tftpd.template }
- { name: modules.conf, file_name: modules.conf }
- { name: dhcp.template.nodocker.j2, file_name: dhcp.template }
- { name: named.template.nodocker.j2, file_name: named.template }
- { name: settings.j2, file_name: settings }
notify:
- restart cobbler
- cobbler sync
- meta: flush_handlers
- name: clone snippets
git: repo={{ compass_adapter_source }}
dest=/opt/compass-adapters
version={{ compass_adapter_version }}
update=yes
force=yes
- name: remove old cobbler folders
shell: rm -rf path=/var/lib/cobbler/{{ item }}
with_items:
- snippets
- scripts
- triggers
- kickstarts
- name: create cobbler folders
file: path=/var/lib/cobbler/{{ item }} state=directory mode=0755
with_items:
- snippets
- scripts
- triggers
- kickstarts
- name: copy snippets to cobbler folder
shell: cp -rf /opt/compass-adapters/cobbler/{{ item }}/* /var/lib/cobbler/{{ item }}/
with_items:
- snippets
- scripts
- triggers
- kickstarts
notify:
cobbler sync
- name: change snippets mode
file: path=/var/lib/cobbler mode=0755 recurse=yes
- name: create cblr_ks folder
file: path=/var/www/cblr_ks mode=0755 state=directory
- name: change kickstart mode
file: path=/var/lib/cobbler/kickstarts mode=0666 recurse=yes
- name: disable selinux
selinux: state=disabled
- name: disable selinux real time
command: echo 0 > /selinux/enforce
- name: clean cobbler log folder
file: path=/var/log/cobbler state=absent
- name: create cobbler log directories
file: path={{ item }} mode=0777 state=directory recurse=yes
with_items:
- /var/log/cobbler
- /var/log/cobbler/anamon
- /var/log/cobbler/tasks
- name: create cobbler ppa repo dir
file: path=/var/lib/cobbler/repo_mirror/{{ item.ppa_repo_name }}/conf
state=directory
mode=0644
recurse=yes
with_items: distros
- name: copy distributions to ubuntu ppa repo
template: src=distributions
dest=/var/lib/cobbler/repo_mirror/ubuntu_12_04_ppa_repo/conf/distributions
mode=0644
when: ubuntu_1204 in distros
- name: copy distribution to ubuntu 14.04 ppa repo
template: src=distributions
dest=/var/lib/cobbler/repo_mirror/ubuntu_14_04_ppa_repo/conf/distributions
mode=0644
when: ubuntu_1404 in distros
- name: start cobbler and httpd services
service: name={{ item }} state=restarted enabled=yes
with_items:
- httpd
- cobblerd
- name: download ppa repo images
get_url: url={{ item.ppa_lab_url }} dest=/var/lib/cobbler/repo_mirror/{{ item.ppa_repo_name }}.tar.gz
with_items: distros
when: region == "lab"
- name: download ppa repo images
get_url: url={{ item.ppa_us_url }} dest=/var/lib/cobbler/repo_mirror/{{ item.ppa_repo_name }}.tar.gz
with_items: distros
when: region == "us"
- name: untar ppa repo images
unarchive: src=/var/lib/cobbler/repo_mirror/{{ item.ppa_repo_name }}.tar.gz
dest=/var/lib/cobbler/repo_mirror/
copy=no
with_items: distros
- name: add repos
command: cobbler repo add --name {{ item.ppa_repo_name }} --mirror=/var/lib/cobbler/repo_mirror/{{ item.ppa_repo_name }} --mirror-locally=Y --arch=x86_64
with_items: distros
args:
creates: /opt/repo_added.txt
ignore_errors: yes
run_once: True
- name: remove ubuntu default repo
command: cobbler repo remove --name {{ item }}
with_items:
- "{{ ubuntu }}"
- "{{ ubuntu_1404 }}"
ignore_errors: yes
- name: cobbler repo sync
command: cobbler reposync
- name: download loader files
get_url: url={{ cobbler_loaders_url }} dest=/var/lib/cobbler/
- name: untar loaders file
unarchive: src=/var/lib/cobbler/loaders.tar.gz dest=/var/lib/cobbler/
copy=no
- name: cobbler get loaders
command: cobbler get-loaders
- name: create directory for images
file: path=/var/lib/cobbler/iso state=directory
- name: download images
get_url: url={{ item.iso_lab_url }} dest=/var/lib/cobbler/iso/{{ item.name }}.iso mode=0644
with_items: distros
when: region == "lab"
- name: download images
get_url: url={{ item.iso_us_url }} dest=/var/lib/cobbler/iso/{{ item.name }}.iso mode=0644
with_items: distros
when: region == "us"
- name: mount_info
command: mount
register: mount_info
- name: create mount point
file: name=/mnt/{{ item.name }} state=directory
with_items: distros
when: mount_info.stdout.find('CentOS') == -1 and mount_info.stdout.find('Ubuntu') == -1
ignore_errors: yes
- name: mount images
shell: mount -o loop /var/lib/cobbler/iso/{{ item.name }}.iso /mnt/{{ item.name }}
with_items: distros
when: mount_info.stdout.find('CentOS') == -1 and mount_info.stdout.find('Ubuntu') == -1
args:
creates: /opt/image_mounted.txt
ignore_errors: yes
run_once: True
- name: import distros
command: cobbler import --path=/mnt/{{ item.name }} --name {{ item.name }} --arch=x86_64 --kickstart=/var/lib/cobbler/kickstarts/default.ks --breed={{ item.breed }}
with_items: distros
args:
creates: /opt/distro_imported.txt
ignore_errors: yes
run_once: True
#- name: add profiles
# command: cobbler profile add --name={{ item.name }} --repo={{ item.ppa_repo_name }} --distro={{ item.name }} --ksmeta="tree=http://{{ mgmt_next_ip }}/cobbler/ks_mirror/{{ item.name }}" --kickstart=/var/lib/cobbler/kickstarts/{{ item.kickstart }} --kopts="{{ item.kopts }}"
# with_items: distros
# args:
# creates: /opt/profile_added.txt
# ignore_errors: yes
# run_once: True
- name: generate public key file for ssh
template: src=id_rsa.pub.j2 dest=/var/lib/cobbler/id_rsa.pub
when: push_ssh_key is defined
- name: generate ssh key for root
user: name=root generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa
when: push_ssh_key is not defined
- name: edit profiles
shell: cobbler profile edit --name={{ item.name }} --repo={{ item.ppa_repo_name }} --distro={{ item.name }} --ksmeta="tree=http://{{ mgmt_next_ip }}/cobbler/ks_mirror/{{ item.name }}" --kickstart=/var/lib/cobbler/kickstarts/{{ item.kickstart }} --kopts="{{ item.kopts }}"
with_items: distros
- name: edit profiles with push ssh key option
shell: cobbler profile edit --name={{ item.name }} --repo={{ item.ppa_repo_name }} --distro={{ item.name }} --ksmeta="tree=http://{{ mgmt_next_ip }}/cobbler/ks_mirror/{{ item.name }} push_ssh_keys=/var/lib/cobbler/id_rsa.pub" --kickstart=/var/lib/cobbler/kickstarts/{{ item.kickstart }} --kopts="{{ item.kopts }}"
with_items: distros
when: push_ssh_key is defined
- name: remove ubuntu default repo
command: cobbler repo remove --name {{ item }}
with_items:
- "{{ ubuntu }}"
- "{{ ubuntu_1404 }}"
ignore_errors: yes
- name: cobbler repo sync again
shell: cobbler reposync
- name: cobbler sync
shell: cobbler sync
- name: restart xinetd
service: name=xinetd state=restarted
- name: restart dhcpd
service: name=dhcpd state=restarted enabled=yes
- name: cobbler check
shell: cobbler check
- name: get all systems
shell: cobbler system list
register: cobbler_systems
- name: remove all systems
shell: cobbler system remove --name {{ item }}
with_items: cobbler_systems.stdout_lines
when: cobbler_systems and test is defined and test == True

11
install/roles/cobbler/tasks/dhcp-relay-debian.yml Normal file
View File

@ -0,0 +1,11 @@
---
- name: get isc-dhcp-relay agent
apt: pkg=isc-dhcp-relay state=installed
- name: make dhcp-relay agent listen to cobbler
lineinfile: dest=/etc/default/isc-dhcp-relay
regexp='^SERVERS'
line='SERVERS="{{ cobbler_docker_ip }}"'
notify:
restart dhcp-relay

6
install/roles/cobbler/tasks/dhcp-relay-redhat.yml Normal file
View File

@ -0,0 +1,6 @@
- name: install dhcp on cobbler host for relay
yum: pkg=dhcp state=installed
when: ansible_os_family == "RedHat"
- name: configure dhcprelay
shell: dhcrelay {{ cobbler_docker_ip }}

133
install/roles/cobbler/tasks/docker.yml Normal file
View File

@ -0,0 +1,133 @@
---
- name: install mkisofs
yum: pkg=mkisofs state=installed
when: ansible_os_family == "Redhat"
- name: install mkisofs in debian
apt: pkg=mkisofs state=installed
when: ansible_os_family == "Debian"
- name: clean up docker directory
file: path=~/docker-cobbler/{{ item }} state=absent
with_items:
- Dockerfile
- files
- name: clean up log directory
file: path=/var/log/cobbler state=absent
- name: create directory for docker and files
file: path=~/docker-cobbler/files state=directory
- name: create directories for images
file: path=~/docker-cobbler/images/{{ item }} state=directory
with_items:
- "{{ centos }}"
- "{{ ubuntu }}"
- "{{ ubuntu_1404 }}"
- name: download images
get_url: url={{ item.name }} dest=/tmp/{{ item.filename }} mode=0644
with_items:
- { name: "{{ centos_url }}", filename: "{{ centos }}.iso" }
- { name: "{{ ubuntu_url }}", filename: "{{ ubuntu }}.iso" }
- { name: "{{ ubuntu_1404_url }}", filename: "{{ ubuntu_1404 }}.iso" }
- name: mount info
command: mount
register: mount_info
- name: mount images
shell: mount -o loop /tmp/{{ item }}.iso ~/docker-cobbler/images/{{ item }}
# mount: name=~/docker-cobbler/images/{{ item }} src=/tmp/{{ item }}.iso opts=loop fstype=iso9660 state=mounted
with_items:
- "{{ centos }}"
- "{{ ubuntu }}"
- "{{ ubuntu_1404 }}"
when: mount_info.stdout.find('CentOS') == -1
- name: copy Dockerfile to ~/docker-cobbler
template: src=Dockerfile.j2 dest=~/docker-cobbler/Dockerfile mode=0644
- name: copy dhcp.template
template: src=dhcp.template.j2
dest=~/docker-cobbler/files/dhcp.template
mode=0644
- name: copy named.template
template: src=named.template.j2
dest=~/docker-cobbler/files/named.template
mode=0644
- name: copy start script
template: src=start.sh.j2
dest=~/docker-cobbler/files/start.sh
mode=0755
- name: copy post sync script
template: src=fix_ks_server.py.j2
dest=~/docker-cobbler/files/fix_ks_server.py
mode=0755
- name: copy admin key
copy: src={{ shared_dir }}/keys/admin.pem
dest=~/docker-cobbler/files/admin.pem
mode=0644
when: "'chef' in {{ pkg_installer }}"
- name: copy chef validator key
copy: src={{ shared_dir }}/keys/chef-validator.pem
dest=~/docker-cobbler/files/chef-validator.pem
mode=0644
when: "'chef' in {{ pkg_installer }}"
- name: cobbler container?
command: docker ps -a
register: containers
- name: remove cobbler container if any
shell: docker rm -f cobbler-dev
when: containers.stdout.find('cobbler-dev') != -1
- name: check if 'cobbler' image already exists
command: docker images cobbler
register: image
- name: remove image 'cobbler' if it exists and --rebuild is specified
shell: docker rmi -f cobbler
when: image.stdout.find('cobbler') != -1 and rebuild
- name: restart docker daemon if debian
service: name=docker state=restarted
when: ansible_os_family == "Debian"
- name: build a docker image for cobbler
shell: docker build -t cobbler ~/docker-cobbler
when: image.stdout.find('cobbler') == -1 or rebuild
- name: fork image and run a new cobbler container
shell: docker run --name=cobbler-dev -d {{ cobbler_port_mapping }} {{ image_volume_mapping }} -i -t cobbler
notify:
restart dhcp-relay
- name: extract cobbler ip info
shell: echo `docker inspect cobbler-dev | awk -F '"' '/IPAdd/ {print $4}'` > /tmp/ip
- name: quote the ip first
shell: echo `sed 's/\(.*\)/"\1"/g' /tmp/ip` > /tmp/dynamic.yml
- name: add cobbler_docker_ip before cobbler ip
shell: "echo `sed '/^/ s/^/cobbler_docker_ip: /' /tmp/dynamic.yml` > /tmp/dynamic.yml"
- name: write cobbler_ip to local var
fetch: src=/tmp/dynamic.yml dest={{ shared_dir }}/dynamic.yml mode=0644 flat=yes
- name: include cobbler dynamic vars
include_vars: "{{ shared_dir }}/dynamic.yml"
- include: dhcp-relay-redhat.yml
when: ansible_os_family == "Redhat"
- include: dhcp-relay-debian.yml
when: ansible_os_family == "Debian"

10
install/roles/cobbler/tasks/main.yml Normal file
View File

@ -0,0 +1,10 @@
---
- include: RedHat.yml
when: ansible_os_family == 'RedHat' and not dockerized
- include: Debian.yml
when: ansible_os_family == 'Debian' and not dockerized
- include: docker.yml
when: dockerized

21
install/roles/cobbler/templates/Dockerfile.j2 Normal file
View File

@ -0,0 +1,21 @@
FROM compassindocker/cobbler
ADD files/dhcp.template /etc/cobbler/dhcp.template
ADD files/named.template /etc/cobbler/named.template
ADD files/start.sh /root/start.sh
{% if 'chef' in pkg_installer %}
ADD files/admin.pem /etc/cobbler/admin.pem
ADD files/chef-validator.pem /etc/cobbler/chef-validator.pem
{% endif %}
ADD files/fix_ks_server.py /var/lib/cobbler/triggers/sync/post/fix_ks_server.py
RUN chmod +x /root/start.sh
CMD ["/root/start.sh"]
EXPOSE 80
EXPOSE 67 67/udp
EXPOSE 69 69/udp
EXPOSE 53 53/udp
EXPOSE 25151
EXPOSE 443
EXPOSE 873

121
install/roles/cobbler/templates/dhcp.template.j2 Normal file
View File

@ -0,0 +1,121 @@
# ******************************************************************
# Cobbler managed dhcpd.conf file
#
# generated from cobbler dhcp.conf template ($date)
# Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes
# in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be
# overwritten.
#
# ******************************************************************
ddns-update-style interim;
allow booting;
allow bootp;
deny unknown-clients;
local-address 192.168.100.100;
log-facility local6;
ignore client-updates;
set vendorclass = option vendor-class-identifier;
option pxe-system-type code 93 = unsigned integer 16;
option space pxelinux;
option pxelinux.magic code 208 = string;
option pxelinux.configfile code 209 = text;
option pxelinux.pathprefix code 210 = text;
option pxelinux.reboottime code 211 = unsigned integer 32;
subnet {{ compass0_subnet_ip }} netmask {{ compass0_subnet_mask }} {
option routers {{ compass0_router }};
option domain-name-servers {{ compass0_router }};
option subnet-mask {{ compass0_subnet_mask }};
range dynamic-bootp {{ compass0_dhcp_range }};
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
}
subnet {{ mgmt_subnet_ip }} netmask {{ mgmt_subnet_mask }} {
option routers {{ mgmt_router }};
option domain-name-servers {{ mgmt_router }};
option subnet-mask {{ mgmt_subnet_mask }};
range dynamic-bootp {{ mgmt_dhcp_range }};
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
}
#for dhcp_tag in $dhcp_tags.keys():
## group could be subnet if your dhcp tags line up with your subnets
## or really any valid dhcpd.conf construct ... if you only use the
## default dhcp tag in cobbler, the group block can be deleted for a
## flat configuration
# group for Cobbler DHCP tag: $dhcp_tag
group {
#for mac in $dhcp_tags[$dhcp_tag].keys():
#set iface = $dhcp_tags[$dhcp_tag][$mac]
host $iface.name {
hardware ethernet $mac;
site-option-space "pxelinux";
option pxelinux.magic f1:00:74:7e;
if exists dhcp-parameter-request-list {
# Always send the PXELINUX options (specified in hexadecimal)
option dhcp-parameter-request-list = concat(option dhcp-parameter-request-list,d0,d1,d2,d3);
}
option pxelinux.reboottime 30;
#if $iface.hostname:
option host-name "$iface.hostname";
#end if
#if $iface.netmask:
option subnet-mask $iface.netmask;
#end if
#if $iface.gateway:
option routers $iface.gateway;
#end if
#if $iface.enable_gpxe:
if exists user-class and option user-class = "gPXE" {
filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
} else if exists user-class and option user-class = "iPXE" {
filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
} else {
filename "undionly.kpxe";
}
#else
filename "$iface.filename";
#end if
## Cobbler defaults to $next_server, but some users
## may like to use $iface.system.server for proxied setups
next-server $next_server;
## next-server $iface.next_server;
}
#end for
}
#end for

123
install/roles/cobbler/templates/dhcp.template.nodocker.j2 Normal file
View File

@ -0,0 +1,123 @@
# ******************************************************************
# Cobbler managed dhcpd.conf file
#
# generated from cobbler dhcp.conf template ($date)
# Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes
# in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be
# overwritten.
#
# ******************************************************************
ddns-update-style interim;
allow booting;
allow bootp;
deny unknown-clients;
local-address {{ cobbler_server }};
log-facility local6;
ignore client-updates;
set vendorclass = option vendor-class-identifier;
option pxe-system-type code 93 = unsigned integer 16;
option space pxelinux;
option pxelinux.magic code 208 = string;
option pxelinux.configfile code 209 = text;
option pxelinux.pathprefix code 210 = text;
option pxelinux.reboottime code 211 = unsigned integer 32;
{% if dockerized %}
subnet {{ compass0_subnet_ip }} netmask {{ compass0_subnet_mask }} {
option routers {{ compass0_router }};
option domain-name-servers {{ compass0_router }};
option subnet-mask {{ compass0_subnet_mask }};
range dynamic-bootp {{ compass0_dhcp_range }};
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
}
{% endif %}
subnet {{ mgmt_subnet_ip }} netmask {{ mgmt_subnet_mask }} {
option routers {{ mgmt_router }};
option domain-name-servers {{ mgmt_router }};
option subnet-mask {{ mgmt_subnet_mask }};
range dynamic-bootp {{ mgmt_dhcp_range }};
default-lease-time 21600;
max-lease-time 43200;
next-server {{ mgmt_next_ip }};
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
}
#for dhcp_tag in $dhcp_tags.keys():
## group could be subnet if your dhcp tags line up with your subnets
## or really any valid dhcpd.conf construct ... if you only use the
## default dhcp tag in cobbler, the group block can be deleted for a
## flat configuration
# group for Cobbler DHCP tag: $dhcp_tag
group {
#for mac in $dhcp_tags[$dhcp_tag].keys():
#set iface = $dhcp_tags[$dhcp_tag][$mac]
host $iface.name {
hardware ethernet $mac;
site-option-space "pxelinux";
option pxelinux.magic f1:00:74:7e;
if exists dhcp-parameter-request-list {
# Always send the PXELINUX options (specified in hexadecimal)
option dhcp-parameter-request-list = concat(option dhcp-parameter-request-list,d0,d1,d2,d3);
}
option pxelinux.reboottime 30;
#if $iface.hostname:
option host-name "$iface.hostname";
#end if
#if $iface.netmask:
option subnet-mask $iface.netmask;
#end if
#if $iface.gateway:
option routers $iface.gateway;
#end if
#if $iface.enable_gpxe:
if exists user-class and option user-class = "gPXE" {
filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
} else if exists user-class and option user-class = "iPXE" {
filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
} else {
filename "undionly.kpxe";
}
#else
filename "$iface.filename";
#end if
## Cobbler defaults to $next_server, but some users
## may like to use $iface.system.server for proxied setups
next-server $next_server;
## next-server $iface.next_server;
}
#end for
}
#end for

8
install/roles/cobbler/templates/distributions Normal file
View File

@ -0,0 +1,8 @@
Origin: ppa
Label: ppa_repo
Suite: stable
Codename: ppa
Version: 0.1
Architectures: i386 amd64 source
Components: main
Description: ppa repo

18
install/roles/cobbler/templates/fix_ks_server.py.j2 Normal file
View File

@ -0,0 +1,18 @@
#!/usr/bin/python
import logging
from cobbler import api
from subprocess import call
SERVER='{{ cobbler_server }}:{{ cobbler_mapped_http_port_on_host }}'
def main():
"""main entry"""
cobbler_api = api.BootAPI()
for system in cobbler_api.systems():
sys_name = system.name
call(["cobbler", "system", "edit", "--name=%s" % sys_name, "--server=%s" % SERVER])
return
if __name__ == '__main__':
main()

1
install/roles/cobbler/templates/id_rsa.pub.j2 Normal file
View File

@ -0,0 +1 @@
{{ push_ssh_key }}

83
install/roles/cobbler/templates/modules.conf Normal file
View File

@ -0,0 +1,83 @@
# cobbler module configuration file
# =================================
# authentication:
# what users can log into the WebUI and Read-Write XMLRPC?
# choices:
# authn_denyall -- no one (default)
# authn_configfile -- use /etc/cobbler/users.digest (for basic setups)
# authn_passthru -- ask Apache to handle it (used for kerberos)
# authn_ldap -- authenticate against LDAP
# authn_spacewalk -- ask Spacewalk/Satellite (experimental)
# authn_pam -- use PAM facilities
# authn_testing -- username/password is always testing/testing (debug)
# (user supplied) -- you may write your own module
# WARNING: this is a security setting, do not choose an option blindly.
# for more information:
# https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface
# https://github.com/cobbler/cobbler/wiki/Security-overview
# https://github.com/cobbler/cobbler/wiki/Kerberos
# https://github.com/cobbler/cobbler/wiki/Ldap
[authentication]
module = authn_configfile
# authorization:
# once a user has been cleared by the WebUI/XMLRPC, what can they do?
# choices:
# authz_allowall -- full access for all authneticated users (default)
# authz_ownership -- use users.conf, but add object ownership semantics
# (user supplied) -- you may write your own module
# WARNING: this is a security setting, do not choose an option blindly.
# If you want to further restrict cobbler with ACLs for various groups,
# pick authz_ownership. authz_allowall does not support ACLs. configfile
# does but does not support object ownership which is useful as an additional
# layer of control.
# for more information:
# https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface
# https://github.com/cobbler/cobbler/wiki/Security-overview
# https://github.com/cobbler/cobbler/wiki/Web-authorization
[authorization]
module = authz_allowall
# dns:
# chooses the DNS management engine if manage_dns is enabled
# in /etc/cobbler/settings, which is off by default.
# choices:
# manage_bind -- default, uses BIND/named
# manage_dnsmasq -- uses dnsmasq, also must select dnsmasq for dhcp below
# NOTE: more configuration is still required in /etc/cobbler
# for more information:
# https://github.com/cobbler/cobbler/wiki/Dns-management
[dns]
module = manage_bind
# dhcp:
# chooses the DHCP management engine if manage_dhcp is enabled
# in /etc/cobbler/settings, which is off by default.
# choices:
# manage_isc -- default, uses ISC dhcpd
# manage_dnsmasq -- uses dnsmasq, also must select dnsmasq for dns above
# NOTE: more configuration is still required in /etc/cobbler
# for more information:
# https://github.com/cobbler/cobbler/wiki/Dhcp-management
[dhcp]
module = manage_isc
# tftpd:
# chooses the TFTP management engine if manage_tftp is enabled
# in /etc/cobbler/settings, which is ON by default.
#
# choices:
# manage_in_tftpd -- default, uses the system's tftp server
# manage_tftpd_py -- uses cobbler's tftp server
#
[tftpd]
module = manage_in_tftpd
#--------------------------------------------------

31
install/roles/cobbler/templates/named.template.j2 Normal file
View File

@ -0,0 +1,31 @@
options {
listen-on port 53 { $listen_ip; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { 127.0.0.0/8; {{ compass0_subnet }}; };
recursion yes;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
#for $zone in $forward_zones
zone "${zone}." {
type master;
file "$zone";
};
#end for
#for $zone, $arpa in $reverse_zones
zone "${arpa}." {
type master;
file "$zone";
};
#end for

31
install/roles/cobbler/templates/named.template.nodocker.j2 Normal file
View File

@ -0,0 +1,31 @@
options {
listen-on port 53 { {{ cobbler_server }}; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { 127.0.0.0/8; {{ mgmt_subnet }}; };
recursion yes;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
#for $zone in $forward_zones
zone "${zone}." {
type master;
file "$zone";
};
#end for
#for $zone, $arpa in $reverse_zones
zone "${arpa}." {
type master;
file "$zone";
};
#end for

450
install/roles/cobbler/templates/settings.j2 Normal file
View File

@ -0,0 +1,450 @@
---
# cobbler settings file
# restart cobblerd and run "cobbler sync" after making changes
# This config file is in YAML 1.0 format
# see http://yaml.org
# ==========================================================
# if 1, cobbler will allow insertions of system records that duplicate
# the --dns-name information of other system records. In general,
# this is undesirable and should be left 0.
allow_duplicate_hostnames: 0
# if 1, cobbler will allow insertions of system records that duplicate
# the ip address information of other system records. In general,
# this is undesirable and should be left 0.
allow_duplicate_ips: 0
# if 1, cobbler will allow insertions of system records that duplicate
# the mac address information of other system records. In general,
# this is undesirable.
allow_duplicate_macs: 0
# if 1, cobbler will allow settings to be changed dynamically without
# a restart of the cobblerd daemon. You can only change this variable
# by manually editing the settings file, and you MUST restart cobblerd
# after changing it.
allow_dynamic_settings: 0
# by default, installs are *not* set to send installation logs to the cobbler
# # # server. With 'anamon_enabled', kickstart templates may use the pre_anamon
# # # snippet to allow remote live monitoring of their installations from the
# # # cobbler server. Installation logs will be stored under
# # # /var/log/cobbler/anamon/. NOTE: This does allow an xmlrpc call to send logs
# # # to this directory, without authentication, so enable only if you are
# # # ok with this limitation.
anamon_enabled: 1
# If using authn_pam in the modules.conf, this can be configured
# to change the PAM service authentication will be tested against.
# The default value is "login".
authn_pam_service: "login"
# Email out a report when cobbler finishes installing a system.
# enabled: set to 1 to turn this feature on
# sender: optional
# email: which addresses to email
# smtp_server: used to specify another server for an MTA
# subject: use the default subject unless overridden
build_reporting_enabled: 0
build_reporting_sender: ""
build_reporting_email: [ 'root@localhost' ]
build_reporting_smtp_server: "localhost"
build_reporting_subject: ""
# Cheetah-language kickstart templates can import Python modules.
# while this is a useful feature, it is not safe to allow them to
# import anything they want. This whitelists which modules can be
# imported through Cheetah. Users can expand this as needed but
# should never allow modules such as subprocess or those that
# allow access to the filesystem as Cheetah templates are evaluated
# by cobblerd as code.
cheetah_import_whitelist:
- "random"
- "re"
- "time"
# Default createrepo_flags to use for new repositories. If you have
# createrepo >= 0.4.10, consider "-c cache --update -C", which can
# dramatically improve your "cobbler reposync" time. "-s sha"
# enables working with Fedora repos from F11/F12 from EL-4 or
# EL-5 without python-hashlib installed (which is not available
# on EL-4)
createrepo_flags: "-c cache -s sha"
# if no kickstart is specified to profile add, use this template
default_kickstart: /var/lib/cobbler/kickstarts/default.ks
# configure all installed systems to use these nameservers by default
# unless defined differently in the profile. For DHCP configurations
# you probably do /not/ want to supply this.
default_name_servers: ['10.145.89.100']
# if using the authz_ownership module (see the Wiki), objects
# created without specifying an owner are assigned to this
# owner and/or group. Can be a comma seperated list.
default_ownership:
- "admin"
# cobbler has various sample kickstart templates stored
# in /var/lib/cobbler/kickstarts/. This controls
# what install (root) password is set up for those
# systems that reference this variable. The factory
# default is "cobbler" and cobbler check will warn if
# this is not changed.
# The simplest way to change the password is to run
# openssl passwd -1
# and put the output between the "" below.
default_password_crypted: "$1$huawei$9OkoVJwO4W8vavlXd1bUS/"
# the default template type to use in the absence of any
# other detected template. If you do not specify the template
# with '#template=<template_type>' on the first line of your
# templates/snippets, cobbler will assume try to use the
# following template engine to parse the templates.
#
# Current valid values are: cheetah, jinja2
default_template_type: "cheetah"
# for libvirt based installs in koan, if no virt bridge
# is specified, which bridge do we try? For EL 4/5 hosts
# this should be xenbr0, for all versions of Fedora, try
# "virbr0". This can be overriden on a per-profile
# basis or at the koan command line though this saves
# typing to just set it here to the most common option.
default_virt_bridge: xenbr0
# use this as the default disk size for virt guests (GB)
default_virt_file_size: 5
# use this as the default memory size for virt guests (MB)
default_virt_ram: 512
# if koan is invoked without --virt-type and no virt-type
# is set on the profile/system, what virtualization type
# should be assumed? Values: xenpv, xenfv, qemu, vmware
# (NOTE: this does not change what virt_type is chosen by import)
default_virt_type: xenpv
# enable gPXE booting? Enabling this option will cause cobbler
# to copy the undionly.kpxe file to the tftp root directory,
# and if a profile/system is configured to boot via gpxe it will
# chain load off pxelinux.0.
# Default: 0
enable_gpxe: 0
# controls whether cobbler will add each new profile entry to the default
# PXE boot menu. This can be over-ridden on a per-profile
# basis when adding/editing profiles with --enable-menu=0/1. Users
# should ordinarily leave this setting enabled unless they are concerned
# with accidental reinstalls from users who select an entry at the PXE
# boot menu. Adding a password to the boot menus templates
# may also be a good solution to prevent unwanted reinstallations
enable_menu: 0
# enable Func-integration? This makes sure each installed machine is set up
# to use func out of the box, which is a powerful way to script and control
# remote machines.
# Func lives at http://fedorahosted.org/func
# read more at https://github.com/cobbler/cobbler/wiki/Func-integration
# you will need to mirror Fedora/EPEL packages for this feature, so see
# https://github.com/cobbler/cobbler/wiki/Manage-yum-repos if you want cobbler
# to help you with this
func_auto_setup: 0
func_master: overlord.example.org
# change this port if Apache is not running plaintext on port
# 80. Most people can leave this alone.
http_port: 80
# kernel options that should be present in every cobbler installation.
# kernel options can also be applied at the distro/profile/system
# level.
kernel_options:
ksdevice: bootif
lang: ' '
text: ~
# s390 systems require additional kernel options in addition to the
# above defaults
kernel_options_s390x:
RUNKS: 1
ramdisk_size: 40000
root: /dev/ram0
ro: ~
ip: off
vnc: ~
# configuration options if using the authn_ldap module. See the
# the Wiki for details. This can be ignored if you are not using
# LDAP for WebUI/XMLRPC authentication.
ldap_server: "ldap.example.com"
ldap_base_dn: "DC=example,DC=com"
ldap_port: 389
ldap_tls: 1
ldap_anonymous_bind: 1
ldap_search_bind_dn: ''
ldap_search_passwd: ''
ldap_search_prefix: 'uid='
ldap_tls_cacertfile: ''
ldap_tls_keyfile: ''
ldap_tls_certfile: ''
# cobbler has a feature that allows for integration with config management
# systems such as Puppet. The following parameters work in conjunction with
# --mgmt-classes and are described in furhter detail at:
# https://github.com/cobbler/cobbler/wiki/Using-cobbler-with-a-configuration-management-system
mgmt_classes: []
mgmt_parameters:
from_cobbler: 1
# if enabled, this setting ensures that puppet is installed during
# machine provision, a client certificate is generated and a
# certificate signing request is made with the puppet master server
puppet_auto_setup: 0
# when puppet starts on a system after installation it needs to have
# its certificate signed by the puppet master server. Enabling the
# following feature will ensure that the puppet server signs the
# certificate after installation if the puppet master server is
# running on the same machine as cobbler. This requires
# puppet_auto_setup above to be enabled
sign_puppet_certs_automatically: 0
# location of the puppet executable, used for revoking certificates
puppetca_path: "/usr/bin/puppet"
# when a puppet managed machine is reinstalled it is necessary to
# remove the puppet certificate from the puppet master server before a
# new certificate is signed (see above). Enabling the following
# feature will ensure that the certificate for the machine to be
# installed is removed from the puppet master server if the puppet
# master server is running on the same machine as cobbler. This
# requires puppet_auto_setup above to be enabled
remove_old_puppet_certs_automatically: 0
# choose a --server argument when running puppetd/puppet agent during kickstart
#puppet_server: 'puppet'
# let cobbler know that you're using a newer version of puppet
# choose version 3 to use: 'puppet agent'; version 2 uses status quo: 'puppetd'
#puppet_version: 2
# choose whether to enable puppet parameterized classes or not.
# puppet versions prior to 2.6.5 do not support parameters
#puppet_parameterized_classes: 1
# set to 1 to enable Cobbler's DHCP management features.
# the choice of DHCP management engine is in /etc/cobbler/modules.conf
manage_dhcp: 1
# set to 1 to enable Cobbler's DNS management features.
# the choice of DNS mangement engine is in /etc/cobbler/modules.conf
manage_dns: 1
# set to path of bind chroot to create bind-chroot compatible bind
# configuration files. This should be automatically detected.
bind_chroot_path: ""
# set to the ip address of the master bind DNS server for creating secondary
# bind configuration files
bind_master: 127.0.0.1
# set to 1 to enable Cobbler's TFTP management features.
# the choice of TFTP mangement engine is in /etc/cobbler/modules.conf
manage_tftpd: 1
# set to 1 to enable Cobbler's RSYNC management features.
manage_rsync: 0
# if using BIND (named) for DNS management in /etc/cobbler/modules.conf
# and manage_dns is enabled (above), this lists which zones are managed
# See the Wiki (https://github.com/cobbler/cobbler/wiki/Dns-management) for more info
manage_forward_zones: ['ods.com']
manage_reverse_zones: ['10','172.16']
# if using cobbler with manage_dhcp, put the IP address
# of the cobbler server here so that PXE booting guests can find it
# if you do not set this correctly, this will be manifested in TFTP open timeouts.
next_server: {{ cobbler_server }}
# settings for power management features. optional.
# see https://github.com/cobbler/cobbler/wiki/Power-management to learn more
# choices (refer to codes.py):
# apc_snmp bladecenter bullpap drac ether_wake ilo integrity
# ipmilan ipmitool lpar rsa virsh wti
power_management_default_type: 'ipmitool'
# the commands used by the power management module are sourced
# from what directory?
power_template_dir: "/etc/cobbler/power"
# if this setting is set to 1, cobbler systems that pxe boot
# will request at the end of their installation to toggle the
# --netboot-enabled record in the cobbler system record. This eliminates
# the potential for a PXE boot loop if the system is set to PXE
# first in it's BIOS order. Enable this if PXE is first in your BIOS
# boot order, otherwise leave this disabled. See the manpage
# for --netboot-enabled.
pxe_just_once: 1
# the templates used for PXE config generation are sourced
# from what directory?
pxe_template_dir: "/etc/cobbler/pxe"
# Path to where system consoles are
consoles: "/var/consoles"
# Are you using a Red Hat management platform in addition to Cobbler?
# Cobbler can help you register to it. Choose one of the following:
# "off" : I'm not using Red Hat Network, Satellite, or Spacewalk
# "hosted" : I'm using Red Hat Network
# "site" : I'm using Red Hat Satellite Server or Spacewalk
# You will also want to read: https://github.com/cobbler/cobbler/wiki/Tips-for-RHN
redhat_management_type: "off"
# if redhat_management_type is enabled, choose your server
# "management.example.org" : For Satellite or Spacewalk
# "xmlrpc.rhn.redhat.com" : For Red Hat Network
# This setting is also used by the code that supports using Spacewalk/Satellite users/passwords
# within Cobbler Web and Cobbler XMLRPC. Using RHN Hosted for this is not supported.
# This feature can be used even if redhat_management_type is off, you just have
# to have authn_spacewalk selected in modules.conf
redhat_management_server: "xmlrpc.rhn.redhat.com"
# specify the default Red Hat authorization key to use to register
# system. If left blank, no registration will be attempted. Similarly
# you can set the --redhat-management-key to blank on any system to
# keep it from trying to register.
redhat_management_key: ""
# if using authn_spacewalk in modules.conf to let cobbler authenticate
# against Satellite/Spacewalk's auth system, by default it will not allow per user
# access into Cobbler Web and Cobbler XMLRPC.
# in order to permit this, the following setting must be enabled HOWEVER
# doing so will permit all Spacewalk/Satellite users of certain types to edit all
# of cobbler's configuration.
# these roles are: config_admin and org_admin
# users should turn this on only if they want this behavior and
# do not have a cross-multi-org seperation concern. If you have
# a single org in your satellite, it's probably safe to turn this
# on and then you can use CobblerWeb alongside a Satellite install.
redhat_management_permissive: 0
# if set to 1, allows /usr/bin/cobbler-register (part of the koan package)
# to be used to remotely add new cobbler system records to cobbler.
# this effectively allows for registration of new hardware from system
# records.
register_new_installs: 0
# Flags to use for yum's reposync. If your version of yum reposync
# does not support -l, you may need to remove that option.
reposync_flags: "-l -n -d"
# These options will be used for an rsync initiated by cobbler replicate
replicate_rsync_options: "-avzH"
# when DHCP and DNS management are enabled, cobbler sync can automatically
# restart those services to apply changes. The exception for this is
# if using ISC for DHCP, then omapi eliminates the need for a restart.
# omapi, however, is experimental and not recommended for most configurations.
# If DHCP and DNS are going to be managed, but hosted on a box that
# is not on this server, disable restarts here and write some other
# script to ensure that the config files get copied/rsynced to the destination
# box. This can be done by modifying the restart services trigger.
# Note that if manage_dhcp and manage_dns are disabled, the respective
# parameter will have no effect. Most users should not need to change
# this.
restart_dns: 1
restart_dhcp: 1
# install triggers are scripts in /var/lib/cobbler/triggers/install
# that are triggered in kickstart pre and post sections. Any
# executable script in those directories is run. They can be used
# to send email or perform other actions. They are currently
# run as root so if you do not need this functionality you can
# disable it, though this will also disable "cobbler status" which
# uses a logging trigger to audit install progress.
run_install_triggers: 1
# enables a trigger which version controls all changes to /var/lib/cobbler
# when add, edit, or sync events are performed. This can be used
# to revert to previous database versions, generate RSS feeds, or for
# other auditing or backup purposes. "git" and "hg" are currently suported,
# but git is the recommend SCM for use with this feature.
scm_track_enabled: 0
scm_track_mode: "git"
# this is the address of the cobbler server -- as it is used
# by systems during the install process, it must be the address
# or hostname of the system as those systems can see the server.
# if you have a server that appears differently to different subnets
# (dual homed, etc), you need to read the --server-override section
# of the manpage for how that works.
server: {{ cobbler_server }}
# If set to 1, all commands will be forced to use the localhost address
# instead of using the above value which can force commands like
# cobbler sync to open a connection to a remote address if one is in the
# configuration and would traceback.
client_use_localhost: 0
# If set to 1, all commands to the API (not directly to the XMLRPC
# server) will go over HTTPS instead of plaintext. Be sure to change
# the http_port setting to the correct value for the web server
client_use_https: 0
# this is a directory of files that cobbler uses to make
# templating easier. See the Wiki for more information. Changing
# this directory should not be required.
snippetsdir: /var/lib/cobbler/snippets
# Normally if a kickstart is specified at a remote location, this
# URL will be passed directly to the kickstarting system, thus bypassing
# the usual snippet templating Cobbler does for local kickstart files. If
# this option is enabled, Cobbler will fetch the file contents internally
# and serve a templated version of the file to the client.
template_remote_kickstarts: 0
# should new profiles for virtual machines default to auto booting with the physical host when the physical host reboots?
# this can be overridden on each profile or system object.
virt_auto_boot: 1
# cobbler's web directory. Don't change this setting -- see the
# Wiki on "relocating your cobbler install" if your /var partition
# is not large enough.
webdir: /var/www/cobbler
# cobbler's public XMLRPC listens on this port. Change this only
# if absolutely needed, as you'll have to start supplying a new
# port option to koan if it is not the default.
xmlrpc_port: 25151
# "cobbler repo add" commands set cobbler up with repository
# information that can be used during kickstart and is automatically
# set up in the cobbler kickstart templates. By default, these
# are only available at install time. To make these repositories
# usable on installed systems (since cobbler makes a very convient)
# mirror, set this to 1. Most users can safely set this to 1. Users
# who have a dual homed cobbler server, or are installing laptops that
# will not always have access to the cobbler server may wish to leave
# this as 0. In that case, the cobbler mirrored yum repos are still
# accessable at http://cobbler.example.org/cblr/repo_mirror and yum
# configuration can still be done manually. This is just a shortcut.
yum_post_install_mirror: 1
# the default yum priority for all the distros. This is only used
# if yum-priorities plugin is used. 1=maximum. Tweak with caution.
yum_distro_priority: 1
# Flags to use for yumdownloader. Not all versions may support
# --resolve.
yumdownloader_flags: "--resolve"
# sort and indent JSON output to make it more human-readable
serializer_pretty_json: 0
# replication rsync options for distros, kickstarts, snippets set to override default value of "-avzH"
replicate_rsync_options: "-avzH"
# replication rsync options for repos set to override default value of "-avzH"
replicate_repo_rsync_options: "-avzH"

34
install/roles/cobbler/templates/start.sh.j2 Normal file
View File

@ -0,0 +1,34 @@
#!/bin/bash
export ipaddr=$(ip addr show eth0 | grep 'inet ' | awk '{ print $2}'|cut -d/ -f1)
sed -i "/^local-address/c\local-address $ipaddr;" /etc/cobbler/dhcp.template
sed -i "s/listen-on port 53 { \$listen_ip; }/listen-on port 53 \{ $ipaddr; \}/g" /etc/cobbler/named.template
sed -i "/^server/c\server: $ipaddr" /etc/cobbler/settings
sed -i "/^next_server/c\next_server: {{ cobbler_server }}" /etc/cobbler/settings
sed -i "s/http_server/server/g" /var/lib/cobbler/snippets/preseed_apt_repo_config
sed -i "/^manage_dhcp/c\manage_dhcp: 1" /etc/cobbler/settings
service httpd restart
service cobblerd restart
# import distros
cobbler import --path=/var/lib/cobbler/mount_point/CentOS-6.5-x86_64 --name=CentOS-6.5-x86_64 --arch=x86_64 --kickstart=/var/lib/cobbler/kickstarts/default.ks --breed=redhat
cobbler import --path=/var/lib/cobbler/mount_point/Ubuntu-12.04-x86_64 --name=Ubuntu-12.04-x86_64 --arch=x86_64 --kickstart=/var/lib/cobbler/kickstarts/default.seed --breed=ubuntu
cobbler import --path=/var/lib/cobbler/mount_point/Ubuntu-14.04-x86_64 --name=Ubuntu-14.04-x86_64 --arch=x86_64 --kickstart=/var/lib/cobbler/kickstarts/default.seed --breed=ubuntu
# add profiles
cobbler profile edit --name=CentOS-6.5-x86_64 --repo=centos_ppa_repo --distro=CentOS-6.5-x86_64 --ksmeta="tree=http://{{ cobbler_server }}:{{ cobbler_mapped_http_port_on_host }}/cobbler/ks_mirror/CentOS-6.5-x86_64 http_port={{ cobbler_mapped_http_port_on_host }} cblr_server={{ cobbler_server }} rsyslog_port={{ rsyslog_port_mapped_on_host }} chef_validation_file=/etc/cobbler/chef-validator.pem chef_admin_file=/etc/cobbler/admin.pem" --kickstart=/var/lib/cobbler/kickstarts/default.ks
cobbler profile edit --name=Ubuntu-12.04-x86_64 --repo=ubuntu_ppa_repo --distro=Ubuntu-12.04-x86_64 --ksmeta="tree=http://{{ cobbler_server }}:{{ cobbler_mapped_http_port_on_host }}/cobbler/ks_mirror/Ubuntu-12.04-x86_64 http_port={{ cobbler_mapped_http_port_on_host }} cblr_server={{ cobbler_server }} rsyslog_port={{ rsyslog_port_mapped_on_host }} chef_validation_file=/etc/cobbler/chef-validator.pem chef_admin_file=/etc/cobbler/admin.pem" --kickstart=/var/lib/cobbler/kickstarts/default.seed --kopts="netcfg/choose_interface=auto"
cobbler profile edit --name=Ubuntu-14.04-x86_64 --repo=ubuntu_14_04_ppa_repo --distro=Ubuntu-14.04-x86_64 --ksmeta="tree=http://{{ cobbler_server }}:{{ cobbler_mapped_http_port_on_host }}/cobbler/ks_mirror/Ubuntu-14.04-x86_64 http_port={{ cobbler_mapped_http_port_on_host }} cblr_server={{ cobbler_server }} rsyslog_port={{ rsyslog_port_mapped_on_host }} chef_validation_file=/etc/cobbler/chef-validator.pem chef_admin_file=/etc/cobbler/admin.pem" --kickstart=/var/lib/cobbler/kickstarts/default.seed --kopts="netcfg/choose_interface=auto"
cobbler sync
cobbler check
service xinetd restart
if [ ! -e /root/.ssh/id_rsa.pub ]; then
rm -rf /root/.ssh/id_rsa
ssh-keygen -t rsa -f /root/.ssh/id_rsa -q -N ''
fi
tail -f /var/log/cobbler/cobbler.log

20
install/roles/cobbler/templates/tftpd.template Normal file
View File

@ -0,0 +1,20 @@
# default: off
# description: The tftp server serves files using the trivial file transfer \
# protocol. The tftp protocol is often used to boot diskless \
# workstations, download configuration files to network-aware printers, \
# and to start the installation process for some operating systems.
service tftp
{
disable = no
log_type = SYSLOG local5 info
socket_type = dgram
protocol = udp
wait = yes
user = $user
server = $binary
server_args = -B 1380 -v -s $args
instances = 1000
per_source = 1000
cps = 1000 2
flags = IPv4
}

15
install/roles/cobbler/vars/main.yml Normal file
View File

@ -0,0 +1,15 @@
#dockerized: True
compass_adapter_source: http://git.openstack.org/stackforge/compass-adapters
compass_adapter_version: dev/experimental
epel_file_name: epel-release-6-8.noarch.rpm
epel_base_url: http://download.fedoraproject.org/pub/epel/6/x86_64/
epel7_base_url: http://download.fedoraproject.org/pub/epel/7/x86_64/e/
cobbler_loaders_url: http://192.168.120.2/cobbler/loaders/loaders.tar.gz
ubuntu_14_04_ppa_repo_url: https://s3-us-west-1.amazonaws.com/compass-local-repo/ubuntu/14.04/ubuntu_14_04_ppa_repo.tar.gz
ubuntu_12_04_ppa_repo_url: https://s3-us-west-1.amazonaws.com/compass-local-repo/ubuntu/12.04/ubuntu_12_04_ppa_repo.tar.gz
centos_6_5_ppa_repo_url: https://s3-us-west-1.amazonaws.com/compass-local-repo/centos/6.5/centos_6_5_ppa_repo.tar.gz
mgmt_nic_ip: "{{ hostvars[inventory_hostname][mgmt_ansible_interface]['ipv4']['address'] }}"
mgmt_ansible_interface: "ansible_{{ mgmt_nic }}"
mgmt_ip_same: "{{ mgmt_nic_ip == mgmt_next_ip }}"
ppa_repo_url: "ppa_repo_{{ region }}_url"
iso_url: "iso_{{ region }}_url"

1
install/roles/common/files/docker.list Normal file
View File

@ -0,0 +1 @@
deb https://get.docker.com/ubuntu docker main

0
install/roles/common/tasks/Debian.yml Normal file
View File

0
install/roles/common/tasks/RedHat.yml Normal file
View File

48
install/roles/common/tasks/docker-common.yml Normal file
View File

@ -0,0 +1,48 @@
- name: get all bridges
command: brctl show
register: bridges
- name: bring down docker0 if found
shell: ip link set dev docker0 down
when: bridges.stdout.find('docker0') != -1
- name: remove docker0 if found
shell: brctl delbr docker0
when: bridges.stdout.find('docker0') != -1
- name: bring down compass0 if found
shell: ip link set dev compass0 down
when: bridges.stdout.find('compass0') != -1
- name: remove compass0 if found
shell: brctl delbr compass0
when: bridges.stdout.find('compass0') != -1
- name: add bridge compass0
shell: brctl addbr compass0
- name: get compass0 info
command: ip addr
register: compass0_info
- name: add ip addr to compass0
shell: ip addr add {{ compass0_subnet }} dev compass0
when: compass0_info.stdout.find("{{ compass0_subnet }}") == -1
- name: bring up compass0
shell: ip link set dev compass0 up
- name: register compass0 to docker daemon
lineinfile: dest=/etc/sysconfig/docker regexp=^other_args line=other_args=-b=compass0
when: ansible_os_family == 'RedHat'
- name: register compass0 when it's debian
lineinfile: dest=/etc/default/docker line=DOCKER_OPTS=-b=compass0
when: ansible_os_family == 'Debian'
- name: start docker daemon
service: name=docker state=started
- name: remove all containers
shell: docker rm -f $(docker ps -aq)
ignore_errors: yes

28
install/roles/common/tasks/docker-debian-precise.yml Normal file
View File

@ -0,0 +1,28 @@
- name: apt-get update
apt: update_cache=yes
- name: find out if https exists in apt methods
stat: path=/usr/lib/apt/methods/https
register: existence
- name: install apt-transport-https if https not in methods
apt: name=apt-transport-https
state=present
when: not existence.stat.exists
- name: add docker repository key
shell: apt-key adv --keyserver {{ docker_apt_key_server }} --recv-keys {{ docker_apt_key }}
- name: add a docker.list file to apt source list
copy: src=docker.list dest=/etc/apt/sources.list.d/docker.list
mode=0644
- name: update again
apt: update_cache=yes
- name: get docker and brctl
apt: name={{ item }}
state=installed
with_items:
- lxc-docker
- bridge-utils

0
install/roles/common/tasks/docker-debian-trusty.yml Normal file
View File

5
install/roles/common/tasks/docker-debian.yml Normal file
View File

@ -0,0 +1,5 @@
- include: docker-debian-precise.yml
when: ansible_distribution_major_version == '12'
- include: docker-debian-trusty.yml
when: ansible_distribution_major_version == '14'

0
install/roles/common/tasks/docker-prepare.yml Normal file
View File

31
install/roles/common/tasks/docker-redhat.yml Normal file
View File

@ -0,0 +1,31 @@
---
- name: get epel 6
yum: name={{ epel_6 }} state=present
when: ansible_distribution_major_version == '6'
# I've tried to do a "variable in variable" to dynamically load
# major version, so that getting the correct epel url is way easier.
# but ansible is not friendly with it, will need to dive more into
# it to see if there is a way.
- name: get epel 7
yum: name={{ epel_7 }} state=present
when: ansible_distribution_major_version == '7'
- name: get docker
yum: pkg=docker-io state=installed
when: ansible_distribution_major_version == '6'
- name: get docker if el7
yum: pkg=docker state=installed
when: ansible_distribution_major_version == '7'
# install bridge util/python-pip package
- name: install brctl
yum: pkg={{ item }} state=installed
with_items:
- bridge-utils
- python-pip
- name: pip install dockerpy
pip: name=docker-py

16
install/roles/common/tasks/main.yml Normal file
View File

@ -0,0 +1,16 @@
---
- include: RedHat.yml
when: ansible_os_family == 'RedHat' and not dockerized
- include: Debian.yml
when: ansible_os_family == 'Debian' and not dockerized
- include: docker-redhat.yml
when: ansible_os_family == 'RedHat' and dockerized
- include: docker-debian.yml
when: ansible_os_family == 'Debian' and dockerized
- include: docker-common.yml
when: dockerized

18
install/roles/compass/files/ods-server.conf Normal file
View File

@ -0,0 +1,18 @@
# Apache config for ods server
#
# Specify python path if you use virtualenv
WSGIDaemonProcess compass threads=4 display-name=%{GROUP}
WSGIProcessGroup compass
WSGIScriptAlias /api /var/www/compass/compass.wsgi
WSGISocketPrefix /var/run/wsgi
<VirtualHost *:80>
DocumentRoot /var/www/compass_web/v2
<Directory "/var/www/compass_web/v2">
Options Indexes FollowSymLinks
Order allow,deny
Allow from all
</Directory>
</VirtualHost>

36
install/roles/compass/files/start.sh Normal file
View File

@ -0,0 +1,36 @@
#!/bin/bash
# activate virtualenv
source `which virtualenvwrapper.sh`
workon compass-core
# start mysqld service, push it to bg
/usr/bin/mysqld_safe > /dev/null 2>&1 &
RET=1
while [[ RET -ne 0 ]]; do
echo "waiting for mariadb to startup"
sleep 5
mysql -uroot -e "status" > /dev/null 2>&1
RET=$?
done
echo "mariadb started"
# set mysql with default username and password
mysqladmin -h127.0.0.1 --port=3306 -u root password root
# create db 'compass'
mysql -h127.0.0.1 --port=3306 -uroot -proot -e "create database compass"
# start compass services
/opt/compass/bin/manage_db.py createdb
/usr/sbin/apachectl -k start
/usr/sbin/rabbitmq-server &
/usr/bin/redis-server &
/usr/sbin/ntpd &
ln -s /root/.virtualenvs/compass-core/bin/celery /opt/compass/bin/celery
CELERY_CONFIG_MODULE=compass.utils.celeryconfig_wrapper C_FORCE_ROOT=1 /opt/compass/bin/celery worker &> /tmp/celery-worker.log &
/opt/compass/bin/progress_update.py &> /tmp/progress_update.log &
touch /var/log/compass/celery.log
tail -f /var/log/compass/celery.log

Some files were not shown because too many files have changed in this diff Show More