From d785894473da5494295f4c23b169347fb9802087 Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Sat, 12 Jul 2025 14:52:21 +1000
Subject: [PATCH] feat: add new cobbler master

- change cobbler.main.unkin.net to 2098
- change to networkd
- add anycast address for pxeserver
- update dhcp::server hiera with pxeserver address
- frr for el8 cannot set nice
- replace ipxebins class with rpm
---
 .../nodes/ausyd1nxvm1017.main.unkin.net.yaml  |  1 -
 .../nodes/ausyd1nxvm2098.main.unkin.net.yaml  |  2 +
 hieradata/roles/infra/cobbler/server.yaml     | 57 +++++++++++++++++--
 hieradata/roles/infra/dhcp/server.yaml        | 16 +++---
 modules/frrouting/manifests/init.pp           | 11 ++++
 site/profiles/manifests/cobbler/init.pp       |  2 -
 site/profiles/manifests/cobbler/ipxebins.pp   | 48 ----------------
 7 files changed, 75 insertions(+), 62 deletions(-)
 create mode 100644 hieradata/nodes/ausyd1nxvm2098.main.unkin.net.yaml
 delete mode 100644 site/profiles/manifests/cobbler/ipxebins.pp

diff --git a/hieradata/nodes/ausyd1nxvm1017.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1017.main.unkin.net.yaml
index de40d38..1dee584 100644
--- a/hieradata/nodes/ausyd1nxvm1017.main.unkin.net.yaml
+++ b/hieradata/nodes/ausyd1nxvm1017.main.unkin.net.yaml
@@ -1,5 +1,4 @@
 ---
-profiles::cobbler::params::is_cobbler_master: true
 networking::interfaces:
   ens18:
     ipaddress: 198.18.13.27
diff --git a/hieradata/nodes/ausyd1nxvm2098.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm2098.main.unkin.net.yaml
new file mode 100644
index 0000000..f7ad64b
--- /dev/null
+++ b/hieradata/nodes/ausyd1nxvm2098.main.unkin.net.yaml
@@ -0,0 +1,2 @@
+---
+profiles::cobbler::params::is_cobbler_master: true
diff --git a/hieradata/roles/infra/cobbler/server.yaml b/hieradata/roles/infra/cobbler/server.yaml
index 441fd47..aa58290 100644
--- a/hieradata/roles/infra/cobbler/server.yaml
+++ b/hieradata/roles/infra/cobbler/server.yaml
@@ -1,4 +1,8 @@
 ---
+hiera_include:
+  - profiles::selinux::setenforce
+  - frrouting
+
 profiles::packages::include:
   cobbler: {}
   cobbler3.2-web: {}
@@ -10,12 +14,57 @@ profiles::packages::include:
   fence-agents: {}
   selinux-policy-devel: {}
   ipxe-bootimgs: {}
+  unkin-undionly-kpxe: {}
 
 profiles::pki::vault::alt_names:
   - cobbler.main.unkin.net
 
-profiles::cobbler::params::service_cname: 'cobbler.main.unkin.net'
-profiles::selinux::setenforce::mode: permissive
+# networking
+anycast_ip: 198.18.19.19
+systemd::manage_networkd: true
+systemd::manage_all_network_files: true
+networking::interfaces:
+  eth0:
+    type: physical
+    forwarding: true
+    dhcp: true
+  anycast0:
+    type: dummy
+    ipaddress: "%{hiera('anycast_ip')}"
+    netmask: 255.255.255.255
+    mtu: 1500
 
-hiera_include:
-  - profiles::selinux::setenforce
+# frrouting
+frrouting::ospfd_router_id: "%{facts.networking.ip}"
+frrouting::ospfd_redistribute:
+  - connected
+frrouting::ospfd_interfaces:
+  eth0:
+    area: 0.0.0.0
+  anycast0:
+    area: 0.0.0.0
+frrouting::daemons:
+  ospfd: true
+
+# additional repos
+profiles::yum::global::repos:
+  frr-extras:
+    name: frr-extras
+    descr: frr-extras repository
+    target: /etc/yum.repos.d/frr-extras.repo
+    baseurl: https://packagerepo.service.consul/frr/el%{facts.os.release.major}/extras-daily/%{facts.os.architecture}/os
+    gpgkey: https://packagerepo.service.consul/frr/el%{facts.os.release.major}/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
+    mirrorlist: absent
+  frr-stable:
+    name: frr-stable
+    descr: frr-stable repository
+    target: /etc/yum.repos.d/frr-stable.repo
+    baseurl: https://packagerepo.service.consul/frr/el%{facts.os.release.major}/stable-daily/%{facts.os.architecture}/os
+    gpgkey: https://packagerepo.service.consul/frr/el%{facts.os.release.major}/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
+    mirrorlist: absent
+
+# cobbler settings
+profiles::cobbler::params::service_cname: 'cobbler.main.unkin.net'
+profiles::cobbler::params::next_server: "%{hiera('anycast_ip')}"
+profiles::cobbler::params::server: "%{hiera('anycast_ip')}"
+profiles::selinux::setenforce::mode: permissive
diff --git a/hieradata/roles/infra/dhcp/server.yaml b/hieradata/roles/infra/dhcp/server.yaml
index 39820b9..dc7dc97 100644
--- a/hieradata/roles/infra/dhcp/server.yaml
+++ b/hieradata/roles/infra/dhcp/server.yaml
@@ -48,8 +48,10 @@ profiles::yum::global::repos:
     mirrorlist: absent
 
 profiles::dhcp::server::ntpservers:
-  - ntp01.main.unkin.net
-  - ntp02.main.unkin.net
+  - 0.au.pool.ntp.org
+  - 1.au.pool.ntp.org
+  - 2.au.pool.ntp.org
+  - 3.au.pool.ntp.org
 profiles::dhcp::server::interfaces:
   - eth0
 profiles::dhcp::server::default_lease_time: 1200
@@ -65,7 +67,7 @@ profiles::dhcp::server::pools:
     gateway: 198.18.15.254
     nameservers: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
     domain_name: main.unkin.net
-    pxeserver: 198.18.13.27
+    pxeserver: 198.18.19.19
   syd1-test:
     network: 198.18.16.0
     mask: 255.255.255.0
@@ -74,7 +76,7 @@ profiles::dhcp::server::pools:
     gateway: 198.18.16.254
     nameservers: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
     domain_name: main.unkin.net
-    pxeserver: 198.18.13.27
+    pxeserver: 198.18.19.19
   syd1-prod1:
     network: 198.18.13.0
     mask: 255.255.255.0
@@ -83,7 +85,7 @@ profiles::dhcp::server::pools:
     gateway: 198.18.13.254
     nameservers: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
     domain_name: main.unkin.net
-    pxeserver: 198.18.13.27
+    pxeserver: 198.18.19.19
   syd1-prod2:
     network: 198.18.14.0
     mask: 255.255.255.0
@@ -92,7 +94,7 @@ profiles::dhcp::server::pools:
     gateway: 198.18.14.254
     nameservers: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
     domain_name: main.unkin.net
-    pxeserver: 198.18.13.27
+    pxeserver: 198.18.19.19
   drw1-prod:
     network: 198.18.17.0
     mask: 255.255.255.0
@@ -101,7 +103,7 @@ profiles::dhcp::server::pools:
     gateway: 198.18.17.1
     nameservers: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
     domain_name: main.unkin.net
-    pxeserver: 198.18.13.27
+    pxeserver: 198.18.19.19
 
   # UFI 64-bit
 profiles::dhcp::server::classes:
diff --git a/modules/frrouting/manifests/init.pp b/modules/frrouting/manifests/init.pp
index 007aa37..6c7d755 100644
--- a/modules/frrouting/manifests/init.pp
+++ b/modules/frrouting/manifests/init.pp
@@ -59,6 +59,17 @@ class frrouting (
     }
   }
 
+  if $facts['os']['release']['major'] == '8' {
+    systemd::manage_dropin { 'default_nice_level.conf':
+      ensure        => present,
+      unit          => 'frr.service',
+      service_entry => {
+        'Nice' => 0,
+      },
+      notify        => Service['frr'],
+    }
+  }
+
   if $manage_service {
     service { $service_name:
       ensure     => running,
diff --git a/site/profiles/manifests/cobbler/init.pp b/site/profiles/manifests/cobbler/init.pp
index 24b1555..db6d158 100644
--- a/site/profiles/manifests/cobbler/init.pp
+++ b/site/profiles/manifests/cobbler/init.pp
@@ -5,13 +5,11 @@ class profiles::cobbler::init (
   if $facts['enc_role'] == 'roles::infra::cobbler::server' {
     include profiles::cobbler::config
     include profiles::cobbler::install
-    include profiles::cobbler::ipxebins
     include profiles::cobbler::selinux
     include profiles::cobbler::service
 
     Class['profiles::cobbler::install']
     -> Class['profiles::cobbler::config']
-    -> Class['profiles::cobbler::ipxebins']
     -> Class['profiles::cobbler::selinux']
   }
 }
diff --git a/site/profiles/manifests/cobbler/ipxebins.pp b/site/profiles/manifests/cobbler/ipxebins.pp
deleted file mode 100644
index 35e5394..0000000
--- a/site/profiles/manifests/cobbler/ipxebins.pp
+++ /dev/null
@@ -1,48 +0,0 @@
-# profiles::cobbler::ipxebins
-class profiles::cobbler::ipxebins {
-
-  include profiles::cobbler::params
-
-  # download the custom undionly.kpxe file
-  # https://gist.github.com/rikka0w0/50895b82cbec8a3a1e8c7707479824c1
-  exec { 'download_undionly_kpxe':
-    command => 'wget -O /var/lib/tftpboot/undionly.kpxe http://boot.ipxe.org/undionly.kpxe',
-    path    => ['/bin', '/usr/bin'],
-    creates => '/var/lib/tftpboot/undionly.kpxe',
-  }
-
-  # set correct permissions ipxe boot image to tftpboot
-  file { '/var/lib/tftpboot/undionly.kpxe':
-    ensure  => 'file',
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0644',
-    require => [
-      Package['ipxe-bootimgs'],
-      Package['cobbler'],
-      Exec['download_undionly_kpxe']
-    ],
-  }
-
-  # download the custom ipxe.efi file
-  # https://gist.github.com/rikka0w0/50895b82cbec8a3a1e8c7707479824c1
-  exec { 'download_ipxe_efi':
-    command => 'wget -O /var/lib/tftpboot/ipxe.efi http://boot.ipxe.org/ipxe.efi',
-    path    => ['/bin', '/usr/bin'],
-    creates => '/var/lib/tftpboot/ipxe.efi',
-  }
-
-  # set correct permissions ipxe boot image to tftpboot
-  file { '/var/lib/tftpboot/ipxe.efi':
-    ensure  => 'file',
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0644',
-    require => [
-      Package['ipxe-bootimgs'],
-      Package['cobbler'],
-      Exec['download_ipxe_efi']
-    ],
-  }
-}
-