feat: add new cobbler master (#355)

- change cobbler.main.unkin.net to 2098 Reviewed-on: #355
2025-07-12 20:31:43 +10:00 · 2025-07-12 20:31:43 +10:00 · 780a97dfe4
commit 780a97dfe4
parent 9aa6472e5b
7 changed files with 75 additions and 62 deletions
--- a/hieradata/nodes/ausyd1nxvm1017.main.unkin.net.yaml
+++ b/hieradata/nodes/ausyd1nxvm1017.main.unkin.net.yaml
@ -1,5 +1,4 @@
 ---
-profiles::cobbler::params::is_cobbler_master: true
 networking::interfaces:
  ens18:
    ipaddress: 198.18.13.27
--- a/hieradata/nodes/ausyd1nxvm2098.main.unkin.net.yaml
+++ b/hieradata/nodes/ausyd1nxvm2098.main.unkin.net.yaml
@ -0,0 +1,2 @@
+---
+profiles::cobbler::params::is_cobbler_master: true
--- a/hieradata/roles/infra/cobbler/server.yaml
+++ b/hieradata/roles/infra/cobbler/server.yaml
@ -1,4 +1,8 @@
 ---
+hiera_include:
+  - profiles::selinux::setenforce
+  - frrouting
+
 profiles::packages::include:
  cobbler: {}
  cobbler3.2-web: {}
@ -10,12 +14,57 @@ profiles::packages::include:
  fence-agents: {}
  selinux-policy-devel: {}
  ipxe-bootimgs: {}
+  unkin-undionly-kpxe: {}

 profiles::pki::vault::alt_names:
  - cobbler.main.unkin.net

-profiles::cobbler::params::service_cname: 'cobbler.main.unkin.net'
-profiles::selinux::setenforce::mode: permissive
+# networking
+anycast_ip: 198.18.19.19
+systemd::manage_networkd: true
+systemd::manage_all_network_files: true
+networking::interfaces:
+  eth0:
+    type: physical
+    forwarding: true
+    dhcp: true
+  anycast0:
+    type: dummy
+    ipaddress: "%{hiera('anycast_ip')}"
+    netmask: 255.255.255.255
+    mtu: 1500

-hiera_include:
-  - profiles::selinux::setenforce
+# frrouting
+frrouting::ospfd_router_id: "%{facts.networking.ip}"
+frrouting::ospfd_redistribute:
+  - connected
+frrouting::ospfd_interfaces:
+  eth0:
+    area: 0.0.0.0
+  anycast0:
+    area: 0.0.0.0
+frrouting::daemons:
+  ospfd: true
+
+# additional repos
+profiles::yum::global::repos:
+  frr-extras:
+    name: frr-extras
+    descr: frr-extras repository
+    target: /etc/yum.repos.d/frr-extras.repo
+    baseurl: https://packagerepo.service.consul/frr/el%{facts.os.release.major}/extras-daily/%{facts.os.architecture}/os
+    gpgkey: https://packagerepo.service.consul/frr/el%{facts.os.release.major}/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
+    mirrorlist: absent
+  frr-stable:
+    name: frr-stable
+    descr: frr-stable repository
+    target: /etc/yum.repos.d/frr-stable.repo
+    baseurl: https://packagerepo.service.consul/frr/el%{facts.os.release.major}/stable-daily/%{facts.os.architecture}/os
+    gpgkey: https://packagerepo.service.consul/frr/el%{facts.os.release.major}/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
+    mirrorlist: absent
+
+# cobbler settings
+profiles::cobbler::params::service_cname: 'cobbler.main.unkin.net'
+profiles::cobbler::params::next_server: "%{hiera('anycast_ip')}"
+profiles::cobbler::params::server: "%{hiera('anycast_ip')}"
+profiles::selinux::setenforce::mode: permissive
--- a/hieradata/roles/infra/dhcp/server.yaml
+++ b/hieradata/roles/infra/dhcp/server.yaml
@ -48,8 +48,10 @@ profiles::yum::global::repos:
    mirrorlist: absent

 profiles::dhcp::server::ntpservers:
-  - ntp01.main.unkin.net
-  - ntp02.main.unkin.net
+  - 0.au.pool.ntp.org
+  - 1.au.pool.ntp.org
+  - 2.au.pool.ntp.org
+  - 3.au.pool.ntp.org
 profiles::dhcp::server::interfaces:
  - eth0
 profiles::dhcp::server::default_lease_time: 1200
@ -65,7 +67,7 @@ profiles::dhcp::server::pools:
    gateway: 198.18.15.254
    nameservers: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
    domain_name: main.unkin.net
-    pxeserver: 198.18.13.27
+    pxeserver: 198.18.19.19
  syd1-test:
    network: 198.18.16.0
    mask: 255.255.255.0
@ -74,7 +76,7 @@ profiles::dhcp::server::pools:
    gateway: 198.18.16.254
    nameservers: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
    domain_name: main.unkin.net
-    pxeserver: 198.18.13.27
+    pxeserver: 198.18.19.19
  syd1-prod1:
    network: 198.18.13.0
    mask: 255.255.255.0
@ -83,7 +85,7 @@ profiles::dhcp::server::pools:
    gateway: 198.18.13.254
    nameservers: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
    domain_name: main.unkin.net
-    pxeserver: 198.18.13.27
+    pxeserver: 198.18.19.19
  syd1-prod2:
    network: 198.18.14.0
    mask: 255.255.255.0
@ -92,7 +94,7 @@ profiles::dhcp::server::pools:
    gateway: 198.18.14.254
    nameservers: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
    domain_name: main.unkin.net
-    pxeserver: 198.18.13.27
+    pxeserver: 198.18.19.19
  drw1-prod:
    network: 198.18.17.0
    mask: 255.255.255.0
@ -101,7 +103,7 @@ profiles::dhcp::server::pools:
    gateway: 198.18.17.1
    nameservers: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
    domain_name: main.unkin.net
-    pxeserver: 198.18.13.27
+    pxeserver: 198.18.19.19

  # UFI 64-bit
 profiles::dhcp::server::classes:
--- a/modules/frrouting/manifests/init.pp
+++ b/modules/frrouting/manifests/init.pp
@ -59,6 +59,17 @@ class frrouting (
    }
  }

+  if $facts['os']['release']['major'] == '8' {
+    systemd::manage_dropin { 'default_nice_level.conf':
+      ensure        => present,
+      unit          => 'frr.service',
+      service_entry => {
+        'Nice' => 0,
+      },
+      notify        => Service['frr'],
+    }
+  }
+
  if $manage_service {
    service { $service_name:
      ensure     => running,
--- a/site/profiles/manifests/cobbler/init.pp
+++ b/site/profiles/manifests/cobbler/init.pp
@ -5,13 +5,11 @@ class profiles::cobbler::init (
  if $facts['enc_role'] == 'roles::infra::cobbler::server' {
    include profiles::cobbler::config
    include profiles::cobbler::install
-    include profiles::cobbler::ipxebins
    include profiles::cobbler::selinux
    include profiles::cobbler::service

    Class['profiles::cobbler::install']
    -> Class['profiles::cobbler::config']
-    -> Class['profiles::cobbler::ipxebins']
    -> Class['profiles::cobbler::selinux']
  }
 }
--- a/site/profiles/manifests/cobbler/ipxebins.pp
+++ b/site/profiles/manifests/cobbler/ipxebins.pp
@ -1,48 +0,0 @@
-# profiles::cobbler::ipxebins
-class profiles::cobbler::ipxebins {
-
-  include profiles::cobbler::params
-
-  # download the custom undionly.kpxe file
-  # https://gist.github.com/rikka0w0/50895b82cbec8a3a1e8c7707479824c1
-  exec { 'download_undionly_kpxe':
-    command => 'wget -O /var/lib/tftpboot/undionly.kpxe http://boot.ipxe.org/undionly.kpxe',
-    path    => ['/bin', '/usr/bin'],
-    creates => '/var/lib/tftpboot/undionly.kpxe',
-  }
-
-  # set correct permissions ipxe boot image to tftpboot
-  file { '/var/lib/tftpboot/undionly.kpxe':
-    ensure  => 'file',
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0644',
-    require => [
-      Package['ipxe-bootimgs'],
-      Package['cobbler'],
-      Exec['download_undionly_kpxe']
-    ],
-  }
-
-  # download the custom ipxe.efi file
-  # https://gist.github.com/rikka0w0/50895b82cbec8a3a1e8c7707479824c1
-  exec { 'download_ipxe_efi':
-    command => 'wget -O /var/lib/tftpboot/ipxe.efi http://boot.ipxe.org/ipxe.efi',
-    path    => ['/bin', '/usr/bin'],
-    creates => '/var/lib/tftpboot/ipxe.efi',
-  }
-
-  # set correct permissions ipxe boot image to tftpboot
-  file { '/var/lib/tftpboot/ipxe.efi':
-    ensure  => 'file',
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0644',
-    require => [
-      Package['ipxe-bootimgs'],
-      Package['cobbler'],
-      Exec['download_ipxe_efi']
-    ],
-  }
-}
-