feat: add new cobbler master (#355)

- change cobbler.main.unkin.net to 2098 Reviewed-on: #355
2025-07-12 20:31:43 +10:00 · 2025-07-12 20:31:43 +10:00 · 780a97dfe4
commit 780a97dfe4
parent 9aa6472e5b
7 changed files with 75 additions and 62 deletions
--- a/hieradata/nodes/ausyd1nxvm1017.main.unkin.net.yaml
+++ b/hieradata/nodes/ausyd1nxvm1017.main.unkin.net.yaml
@ -1,5 +1,4 @@
 ---
 profiles::cobbler::params::is_cobbler_master: true
 networking::interfaces:
  ens18:
    ipaddress: 198.18.13.27
--- a/hieradata/nodes/ausyd1nxvm2098.main.unkin.net.yaml
+++ b/hieradata/nodes/ausyd1nxvm2098.main.unkin.net.yaml
@ -0,0 +1,2 @@
 ---
 profiles::cobbler::params::is_cobbler_master: true
--- a/hieradata/roles/infra/cobbler/server.yaml
+++ b/hieradata/roles/infra/cobbler/server.yaml
@ -1,4 +1,8 @@
 ---
 hiera_include:
  - profiles::selinux::setenforce
  - frrouting
 profiles::packages::include:
  cobbler: {}
  cobbler3.2-web: {}
@ -10,12 +14,57 @@ profiles::packages::include:
  fence-agents: {}
  selinux-policy-devel: {}
  ipxe-bootimgs: {}
  unkin-undionly-kpxe: {}
 profiles::pki::vault::alt_names:
  - cobbler.main.unkin.net
-profiles::cobbler::params::service_cname: 'cobbler.main.unkin.net'
+# networking
-profiles::selinux::setenforce::mode: permissive
+anycast_ip: 198.18.19.19
 systemd::manage_networkd: true
 systemd::manage_all_network_files: true
 networking::interfaces:
  eth0:
    type: physical
    forwarding: true
    dhcp: true
  anycast0:
    type: dummy
    ipaddress: "%{hiera('anycast_ip')}"
    netmask: 255.255.255.255
    mtu: 1500
-hiera_include:
+# frrouting
-  - profiles::selinux::setenforce
+frrouting::ospfd_router_id: "%{facts.networking.ip}"
 frrouting::ospfd_redistribute:
  - connected
 frrouting::ospfd_interfaces:
  eth0:
    area: 0.0.0.0
  anycast0:
    area: 0.0.0.0
 frrouting::daemons:
  ospfd: true
 # additional repos
 profiles::yum::global::repos:
  frr-extras:
    name: frr-extras
    descr: frr-extras repository
    target: /etc/yum.repos.d/frr-extras.repo
    baseurl: https://packagerepo.service.consul/frr/el%{facts.os.release.major}/extras-daily/%{facts.os.architecture}/os
    gpgkey: https://packagerepo.service.consul/frr/el%{facts.os.release.major}/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
    mirrorlist: absent
  frr-stable:
    name: frr-stable
    descr: frr-stable repository
    target: /etc/yum.repos.d/frr-stable.repo
    baseurl: https://packagerepo.service.consul/frr/el%{facts.os.release.major}/stable-daily/%{facts.os.architecture}/os
    gpgkey: https://packagerepo.service.consul/frr/el%{facts.os.release.major}/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
    mirrorlist: absent
 # cobbler settings
 profiles::cobbler::params::service_cname: 'cobbler.main.unkin.net'
 profiles::cobbler::params::next_server: "%{hiera('anycast_ip')}"
 profiles::cobbler::params::server: "%{hiera('anycast_ip')}"
 profiles::selinux::setenforce::mode: permissive
--- a/hieradata/roles/infra/dhcp/server.yaml
+++ b/hieradata/roles/infra/dhcp/server.yaml
@ -48,8 +48,10 @@ profiles::yum::global::repos:
    mirrorlist: absent
 profiles::dhcp::server::ntpservers:
-  - ntp01.main.unkin.net
+  - 0.au.pool.ntp.org
-  - ntp02.main.unkin.net
+  - 1.au.pool.ntp.org
  - 2.au.pool.ntp.org
  - 3.au.pool.ntp.org
 profiles::dhcp::server::interfaces:
  - eth0
 profiles::dhcp::server::default_lease_time: 1200
@ -65,7 +67,7 @@ profiles::dhcp::server::pools:
    gateway: 198.18.15.254
    nameservers: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
    domain_name: main.unkin.net
-    pxeserver: 198.18.13.27
+    pxeserver: 198.18.19.19
  syd1-test:
    network: 198.18.16.0
    mask: 255.255.255.0
@ -74,7 +76,7 @@ profiles::dhcp::server::pools:
    gateway: 198.18.16.254
    nameservers: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
    domain_name: main.unkin.net
-    pxeserver: 198.18.13.27
+    pxeserver: 198.18.19.19
  syd1-prod1:
    network: 198.18.13.0
    mask: 255.255.255.0
@ -83,7 +85,7 @@ profiles::dhcp::server::pools:
    gateway: 198.18.13.254
    nameservers: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
    domain_name: main.unkin.net
-    pxeserver: 198.18.13.27
+    pxeserver: 198.18.19.19
  syd1-prod2:
    network: 198.18.14.0
    mask: 255.255.255.0
@ -92,7 +94,7 @@ profiles::dhcp::server::pools:
    gateway: 198.18.14.254
    nameservers: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
    domain_name: main.unkin.net
-    pxeserver: 198.18.13.27
+    pxeserver: 198.18.19.19
  drw1-prod:
    network: 198.18.17.0
    mask: 255.255.255.0
@ -101,7 +103,7 @@ profiles::dhcp::server::pools:
    gateway: 198.18.17.1
    nameservers: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
    domain_name: main.unkin.net
-    pxeserver: 198.18.13.27
+    pxeserver: 198.18.19.19
  # UFI 64-bit
 profiles::dhcp::server::classes:
--- a/modules/frrouting/manifests/init.pp
+++ b/modules/frrouting/manifests/init.pp
@ -59,6 +59,17 @@ class frrouting (
    }
  }
  if $facts['os']['release']['major'] == '8' {
    systemd::manage_dropin { 'default_nice_level.conf':
      ensure        => present,
      unit          => 'frr.service',
      service_entry => {
        'Nice' => 0,
      },
      notify        => Service['frr'],
    }
  }
  if $manage_service {
    service { $service_name:
      ensure     => running,
--- a/site/profiles/manifests/cobbler/init.pp
+++ b/site/profiles/manifests/cobbler/init.pp
@ -5,13 +5,11 @@ class profiles::cobbler::init (
  if $facts['enc_role'] == 'roles::infra::cobbler::server' {
    include profiles::cobbler::config
    include profiles::cobbler::install
    include profiles::cobbler::ipxebins
    include profiles::cobbler::selinux
    include profiles::cobbler::service
    Class['profiles::cobbler::install']
    -> Class['profiles::cobbler::config']
    -> Class['profiles::cobbler::ipxebins']
    -> Class['profiles::cobbler::selinux']
  }
 }
--- a/site/profiles/manifests/cobbler/ipxebins.pp
+++ b/site/profiles/manifests/cobbler/ipxebins.pp
@ -1,48 +0,0 @@
 # profiles::cobbler::ipxebins
 class profiles::cobbler::ipxebins {
  include profiles::cobbler::params
  # download the custom undionly.kpxe file
  # https://gist.github.com/rikka0w0/50895b82cbec8a3a1e8c7707479824c1
  exec { 'download_undionly_kpxe':
    command => 'wget -O /var/lib/tftpboot/undionly.kpxe http://boot.ipxe.org/undionly.kpxe',
    path    => ['/bin', '/usr/bin'],
    creates => '/var/lib/tftpboot/undionly.kpxe',
  }
  # set correct permissions ipxe boot image to tftpboot
  file { '/var/lib/tftpboot/undionly.kpxe':
    ensure  => 'file',
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
    require => [
      Package['ipxe-bootimgs'],
      Package['cobbler'],
      Exec['download_undionly_kpxe']
    ],
  }
  # download the custom ipxe.efi file
  # https://gist.github.com/rikka0w0/50895b82cbec8a3a1e8c7707479824c1
  exec { 'download_ipxe_efi':
    command => 'wget -O /var/lib/tftpboot/ipxe.efi http://boot.ipxe.org/ipxe.efi',
    path    => ['/bin', '/usr/bin'],
    creates => '/var/lib/tftpboot/ipxe.efi',
  }
  # set correct permissions ipxe boot image to tftpboot
  file { '/var/lib/tftpboot/ipxe.efi':
    ensure  => 'file',
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
    require => [
      Package['ipxe-bootimgs'],
      Package['cobbler'],
      Exec['download_ipxe_efi']
    ],
  }
 }
		`@ -0,0 +1,2 @@`
							`---`
							`profiles::cobbler::params::is_cobbler_master: true`