Ben Vincent
80b7ad8639
- add datavol to cobbler nodes - add cobbler profile - add cobbler role hieradata - manage selinux where required for cobbler - manage service cname
120 lines
3.4 KiB
Puppet
120 lines
3.4 KiB
Puppet
# profiles::cobbler::server
|
|
class profiles::cobbler::server (
|
|
Stdlib::Fqdn $service_cname,
|
|
String $default_password_crypted,
|
|
Stdlib::Absolutepath $httpd_ssl_certificate = '/etc/pki/tls/vault/certificate.crt',
|
|
Stdlib::Absolutepath $httpd_ssl_privatekey = '/etc/pki/tls/vault/private.key',
|
|
Stdlib::Absolutepath $tftpboot_path = '/var/lib/tftpboot/boot',
|
|
String $server = $::facts['networking']['ip'],
|
|
String $next_server = $::facts['networking']['ip'],
|
|
Boolean $pxe_just_once = true,
|
|
) {
|
|
|
|
include profiles::cobbler::ipxebins
|
|
|
|
# manage the cobbler settings file
|
|
file { '/etc/cobbler/settings.yaml':
|
|
ensure => 'file',
|
|
content => template('profiles/cobbler/settings.yaml.erb'),
|
|
group => 'apache',
|
|
owner => 'root',
|
|
mode => '0640',
|
|
require => Package['cobbler'],
|
|
notify => Service['cobblerd'],
|
|
}
|
|
|
|
# fix permissions in /var/lib/cobbler/web.ss
|
|
file {'/var/lib/cobbler/web.ss':
|
|
ensure => 'file',
|
|
group => 'root',
|
|
owner => 'apache',
|
|
mode => '0660',
|
|
require => Package['cobbler'],
|
|
notify => Service['cobblerd'],
|
|
}
|
|
|
|
# manage the debmirror config to meet cobbler requirements
|
|
file { '/etc/debmirror.conf':
|
|
ensure => 'file',
|
|
content => template('profiles/cobbler/debmirror.conf.erb'),
|
|
group => 'root',
|
|
owner => 'root',
|
|
mode => '0644',
|
|
require => Package['debmirror'],
|
|
}
|
|
|
|
# manage the httpd ssl configuration
|
|
file { '/etc/httpd/conf.d/ssl.conf':
|
|
ensure => 'file',
|
|
content => template('profiles/cobbler/httpd_ssl.conf.erb'),
|
|
group => 'root',
|
|
owner => 'root',
|
|
mode => '0644',
|
|
require => Package['httpd'],
|
|
notify => Service['httpd'],
|
|
}
|
|
|
|
# manage the main ipxe menu script
|
|
file { '/var/lib/tftpboot/main.ipxe':
|
|
ensure => 'file',
|
|
content => template('profiles/cobbler/main.ipxe.erb'),
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0644',
|
|
require => Package['cobbler'],
|
|
}
|
|
|
|
# ensure cobblerd is running
|
|
service {'cobblerd':
|
|
ensure => 'running',
|
|
enable => true,
|
|
require => File['/etc/cobbler/settings.yaml'],
|
|
}
|
|
|
|
# ensure httpd is running
|
|
service {'httpd':
|
|
ensure => 'running',
|
|
enable => true,
|
|
require => File['/etc/httpd/conf.d/ssl.conf'],
|
|
}
|
|
|
|
# export cnames for cobbler
|
|
profiles::dns::record { "${::facts['networking']['fqdn']}_${service_cname}_CNAME":
|
|
value => $::facts['networking']['hostname'],
|
|
type => 'CNAME',
|
|
record => "${service_cname}.",
|
|
zone => $::facts['networking']['domain'],
|
|
order => 10,
|
|
}
|
|
|
|
# manage selinux requirements for cobbler
|
|
if $::facts['os']['selinux']['config_mode'] == 'enforcing' {
|
|
|
|
$enable_sebooleans = [
|
|
'httpd_can_network_connect_cobbler',
|
|
'httpd_serve_cobbler_files',
|
|
'cobbler_can_network_connect'
|
|
]
|
|
|
|
$enable_sebooleans.each |$bool| {
|
|
selboolean { $bool:
|
|
value => on,
|
|
persistent => true,
|
|
}
|
|
}
|
|
|
|
selinux::fcontext { $tftpboot_path:
|
|
ensure => 'present',
|
|
seltype => 'cobbler_var_lib_t',
|
|
pathspec => "${tftpboot_path}(/.*)?",
|
|
}
|
|
|
|
exec { "restorecon_${tftpboot_path}":
|
|
path => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
|
|
command => "restorecon -Rv ${tftpboot_path}",
|
|
refreshonly => true,
|
|
subscribe => Selinux::Fcontext[$tftpboot_path],
|
|
}
|
|
}
|
|
}
|