feat: add cobbler profile
- add datavol to cobbler nodes - add cobbler profile - add cobbler role hieradata - manage selinux where required for cobbler - manage service cname
This commit is contained in:
@@ -0,0 +1,46 @@
|
||||
# profiles::cobbler::ipxebins
|
||||
class profiles::cobbler::ipxebins {
|
||||
|
||||
# download the custom undionly.kpxe file
|
||||
# https://gist.github.com/rikka0w0/50895b82cbec8a3a1e8c7707479824c1
|
||||
exec { 'download_undionly_kpxe':
|
||||
command => 'wget -O /var/lib/tftpboot/undionly.kpxe http://repos.main.unkin.net/unkin/8/x86_64/os/Archives/undionly.kpxe',
|
||||
path => ['/bin', '/usr/bin'],
|
||||
creates => '/var/lib/tftpboot/undionly.kpxe',
|
||||
}
|
||||
|
||||
# set correct permissions ipxe boot image to tftpboot
|
||||
file { '/var/lib/tftpboot/undionly.kpxe':
|
||||
ensure => 'file',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
require => [
|
||||
Package['ipxe-bootimgs'],
|
||||
Package['cobbler'],
|
||||
Exec['download_undionly_kpxe']
|
||||
],
|
||||
}
|
||||
|
||||
# download the custom ipxe.efi file
|
||||
# https://gist.github.com/rikka0w0/50895b82cbec8a3a1e8c7707479824c1
|
||||
exec { 'download_ipxe_efi':
|
||||
command => 'wget -O /var/lib/tftpboot/ipxe.efi http://repos.main.unkin.net/unkin/8/x86_64/os/Archives/ipxe.efi',
|
||||
path => ['/bin', '/usr/bin'],
|
||||
creates => '/var/lib/tftpboot/ipxe.efi',
|
||||
}
|
||||
|
||||
# set correct permissions ipxe boot image to tftpboot
|
||||
file { '/var/lib/tftpboot/ipxe.efi':
|
||||
ensure => 'file',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
require => [
|
||||
Package['ipxe-bootimgs'],
|
||||
Package['cobbler'],
|
||||
Exec['download_ipxe_efi']
|
||||
],
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,119 @@
|
||||
# profiles::cobbler::server
|
||||
class profiles::cobbler::server (
|
||||
Stdlib::Fqdn $service_cname,
|
||||
String $default_password_crypted,
|
||||
Stdlib::Absolutepath $httpd_ssl_certificate = '/etc/pki/tls/vault/certificate.crt',
|
||||
Stdlib::Absolutepath $httpd_ssl_privatekey = '/etc/pki/tls/vault/private.key',
|
||||
Stdlib::Absolutepath $tftpboot_path = '/var/lib/tftpboot/boot',
|
||||
String $server = $::facts['networking']['ip'],
|
||||
String $next_server = $::facts['networking']['ip'],
|
||||
Boolean $pxe_just_once = true,
|
||||
) {
|
||||
|
||||
include profiles::cobbler::ipxebins
|
||||
|
||||
# manage the cobbler settings file
|
||||
file { '/etc/cobbler/settings.yaml':
|
||||
ensure => 'file',
|
||||
content => template('profiles/cobbler/settings.yaml.erb'),
|
||||
group => 'apache',
|
||||
owner => 'root',
|
||||
mode => '0640',
|
||||
require => Package['cobbler'],
|
||||
notify => Service['cobblerd'],
|
||||
}
|
||||
|
||||
# fix permissions in /var/lib/cobbler/web.ss
|
||||
file {'/var/lib/cobbler/web.ss':
|
||||
ensure => 'file',
|
||||
group => 'root',
|
||||
owner => 'apache',
|
||||
mode => '0660',
|
||||
require => Package['cobbler'],
|
||||
notify => Service['cobblerd'],
|
||||
}
|
||||
|
||||
# manage the debmirror config to meet cobbler requirements
|
||||
file { '/etc/debmirror.conf':
|
||||
ensure => 'file',
|
||||
content => template('profiles/cobbler/debmirror.conf.erb'),
|
||||
group => 'root',
|
||||
owner => 'root',
|
||||
mode => '0644',
|
||||
require => Package['debmirror'],
|
||||
}
|
||||
|
||||
# manage the httpd ssl configuration
|
||||
file { '/etc/httpd/conf.d/ssl.conf':
|
||||
ensure => 'file',
|
||||
content => template('profiles/cobbler/httpd_ssl.conf.erb'),
|
||||
group => 'root',
|
||||
owner => 'root',
|
||||
mode => '0644',
|
||||
require => Package['httpd'],
|
||||
notify => Service['httpd'],
|
||||
}
|
||||
|
||||
# manage the main ipxe menu script
|
||||
file { '/var/lib/tftpboot/main.ipxe':
|
||||
ensure => 'file',
|
||||
content => template('profiles/cobbler/main.ipxe.erb'),
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
require => Package['cobbler'],
|
||||
}
|
||||
|
||||
# ensure cobblerd is running
|
||||
service {'cobblerd':
|
||||
ensure => 'running',
|
||||
enable => true,
|
||||
require => File['/etc/cobbler/settings.yaml'],
|
||||
}
|
||||
|
||||
# ensure httpd is running
|
||||
service {'httpd':
|
||||
ensure => 'running',
|
||||
enable => true,
|
||||
require => File['/etc/httpd/conf.d/ssl.conf'],
|
||||
}
|
||||
|
||||
# export cnames for cobbler
|
||||
profiles::dns::record { "${::facts['networking']['fqdn']}_${service_cname}_CNAME":
|
||||
value => $::facts['networking']['hostname'],
|
||||
type => 'CNAME',
|
||||
record => "${service_cname}.",
|
||||
zone => $::facts['networking']['domain'],
|
||||
order => 10,
|
||||
}
|
||||
|
||||
# manage selinux requirements for cobbler
|
||||
if $::facts['os']['selinux']['config_mode'] == 'enforcing' {
|
||||
|
||||
$enable_sebooleans = [
|
||||
'httpd_can_network_connect_cobbler',
|
||||
'httpd_serve_cobbler_files',
|
||||
'cobbler_can_network_connect'
|
||||
]
|
||||
|
||||
$enable_sebooleans.each |$bool| {
|
||||
selboolean { $bool:
|
||||
value => on,
|
||||
persistent => true,
|
||||
}
|
||||
}
|
||||
|
||||
selinux::fcontext { $tftpboot_path:
|
||||
ensure => 'present',
|
||||
seltype => 'cobbler_var_lib_t',
|
||||
pathspec => "${tftpboot_path}(/.*)?",
|
||||
}
|
||||
|
||||
exec { "restorecon_${tftpboot_path}":
|
||||
path => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
|
||||
command => "restorecon -Rv ${tftpboot_path}",
|
||||
refreshonly => true,
|
||||
subscribe => Selinux::Fcontext[$tftpboot_path],
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user