読者です 読者をやめる 読者になる 読者になる

カメニッキ

カメとインコと釣りの人です

Ansibleを使ってCobblerのサーバを作ってみた

小ネタと独り言

VagrantfileとAnsibleのファイルを以下においた

yasuaki-tahira/cobbler-server 汚いので修正してあげてくださいね

手順

[PMAC226S test4]$ git clone git@github.com:yasuaki-tahira/cobbler-server.git
[PMAC226S test4]$ cd cobbler-server/
[PMAC226S cobbler-server]$ vagrant up
[PMAC226S cobbler-server]$ vagrant ssh
[vagrant@cobbler-server ~]$ sudo mount -t iso9660 -o loop /vagrant/CentOS-6.6-x86_64-minimal.iso /mnt
[vagrant@cobbler-server ~]$ sudo cobbler import --name CentOS-6.6 --path=/mnt
[vagrant@cobbler-server ~]$ sudo cobbler distro list
   CentOS-6.6-x86_64
[vagrant@cobbler-server ~]$ sudo cobbler profile list
   CentOS-6.6-x86_64
[vagrant@cobbler-server ~]$ sudo cobbler system add --name=sample001.com --profile=CentOS-6.6-x86_64 --hostname=sample001.com
[vagrant@cobbler-server ~]$ sudo cobbler system edit --name=sample001.com --ip-address=192.168.20.15 --subnet=255.255.255.0 --mac=08:00:27:CE:8C:47 --interface=eth0
[vagrant@cobbler-server ~]$ sudo cobbler sync

あとは、内部ネットワーク「cobbler-net」に属する仮想マシンを新規作成して、起動すれば勝手にインストールが走ります。

f:id:tapira:20150601182611p:plain

f:id:tapira:20150601182616p:plain

補足

構成

|--README.md
|--Vagrantfile
|--roles
|  |--cobbler
|  |  |--handlers
|  |  |  |--main.yml
|  |  |--tasks
|  |  |  |--main.yml
|  |  |--templates
|  |  |  |--dnsmasq.template.j2
|  |  |  |--modules.conf.j2
|  |  |  |--settings.j2
|  |  |--vars
|  |  |  |--main.yml
|  |--common
|  |  |--tasks
|  |  |  |--main.yml
|--site.yml

README.md

りーどみーです。

Vagrantfile

Vagrant.configure(2) do |config|
  config.vm.box = "CentOS6.6"
  config.vm.hostname = "cobbler-server"
  # 内部ネットワークを「cobbler-net」という名前で定義。合わせて固定IPも。
  config.vm.network :private_network, ip: "192.168.20.2", virtualbox__intnet: "cobbler-net"

  # プロビジョニングの設定。Ansibleを使ってsite.ymlを流している
  config.vm.provision "ansible" do |ansible|
    ansible.playbook = "site.yml"
    ansible.limit = "all"
  end
end

site.yml

- name: Install Cobbler
  hosts: all
  sudo: yes

  # roleを2つ流してます
  roles:
    - common
    - cobbler

roles/common/tasks/main.yml

# 必要なパッケージをまとめて入れる
# selinuxモジュールを使用するため、libselinux-pythonを入れてる
- name: Installing Required Packages
  yum: name={{ item }} state=latest
  with_items:
    - epel-release
    - libselinux-python

# SElinuxを止めて自動起動しなくしている
- name: disabled SELinux
  selinux: state=disabled

# iptablesもとめておく
- name: disabled iptables
  service: name=iptables state=stopped enabled=no

roles/cobbler/vars/main.yml

# roles/cobbler/templates/の下で{{hoge}}と使用する変数定義
cobbler_manage_dhcp: 1
cobbler_manage_dns: 1
# サーバの固定IPを指定
cobbler_next_server: 192.168.20.2
cobbler_server: 192.168.20.2
# $ openssl passwd -1で生成。下記は「cobbler」
cobbler_default_password_crypted: $1$FBpFkrpD$fu5NLQhZwDDb4Zsc4mf9s.
cobbler_dhcp_start_ip: 192.168.20.10
cobbler_dhcp_end_ip: 192.168.20.100
cobbler_dns_module: manage_dnsmasq
cobbler_dhcp_module: manage_dnsmasq

roles/cobbler/templates/dnsmasq.template.j2

# dnsmasqを使ってるのでそれの設定ファイルテンプレ
read-ethers
addn-hosts = /var/lib/cobbler/cobbler_hosts

# このへんでvarsに定義した変数を読んでる
dhcp-range={{cobbler_dhcp_start_ip}},{{cobbler_dhcp_end_ip}}
dhcp-option=3,$next_server
dhcp-lease-max=1000
dhcp-authoritative
dhcp-boot=pxelinux.0
dhcp-boot=net:normalarch,pxelinux.0
dhcp-boot=net:ia64,$elilo

$insert_cobbler_system_definitions

roles/cobbler/templates/module.conf.j2

# これはcobblerでどのモジュール使うかの設定してる
[authentication]
module = authn_configfile
[authorization]
module = authz_allowall
[dns]
module = {{cobbler_dns_module}}
[dhcp]
module = {{cobbler_dhcp_module}}
[tftpd]
module = manage_in_tftpd

roles/cobbler/templates/settings.js

# cobblerのsettings。dhcpとかdnsをcobbler配下におくか、とか決めてる
---
allow_duplicate_hostnames: 0
allow_duplicate_ips: 0
allow_duplicate_macs: 0
allow_dynamic_settings: 0
anamon_enabled: 0
authn_pam_service: "login"
auth_token_expiration: 3600
build_reporting_enabled: 0
build_reporting_sender: ""
build_reporting_email: [ 'root@localhost' ]
build_reporting_smtp_server: "localhost"
build_reporting_subject: ""
build_reporting_ignorelist: [ "" ]
cheetah_import_whitelist:
 - "random"
 - "re"
 - "time"
createrepo_flags: "-c cache -s sha"
default_kickstart: /var/lib/cobbler/kickstarts/default.ks
default_name_servers: []
default_ownership:
 - "admin"
default_password_crypted: "{{cobbler_default_password_crypted}}"
default_template_type: "cheetah"
default_virt_bridge: xenbr0
default_virt_file_size: 5
default_virt_ram: 512
default_virt_type: xenpv
enable_gpxe: 0
enable_menu: 1
func_auto_setup: 0
func_master: overlord.example.org
http_port: 80
kernel_options:
 ksdevice: bootif
 lang: ' '
 text: ~
kernel_options_s390x:
 RUNKS: 1
 ramdisk_size: 40000
 root: /dev/ram0
 ro: ~
 ip: off
 vnc: ~
ldap_server: "ldap.example.com"
ldap_base_dn: "DC=example,DC=com"
ldap_port: 389
ldap_tls: 1
ldap_anonymous_bind: 1
ldap_search_bind_dn: ''
ldap_search_passwd: ''
ldap_search_prefix: 'uid='
ldap_tls_cacertfile: ''
ldap_tls_keyfile: ''
ldap_tls_certfile: ''
mgmt_classes: []
mgmt_parameters:
 from_cobbler: 1
puppet_auto_setup: 0
sign_puppet_certs_automatically: 0
puppetca_path: "/usr/bin/puppet"
remove_old_puppet_certs_automatically: 0
manage_dhcp: {{cobbler_manage_dhcp}}
manage_dns: {{cobbler_manage_dns}}
bind_chroot_path: ""
bind_master: 127.0.0.1
manage_tftpd: 1
manage_rsync: 0
manage_forward_zones: []
manage_reverse_zones: []
next_server: {{cobbler_next_server}}
power_management_default_type: 'ipmitool'
power_template_dir: "/etc/cobbler/power"
pxe_just_once: 0
pxe_template_dir: "/etc/cobbler/pxe"
consoles: "/var/consoles"
redhat_management_type: "off"
redhat_management_server: "xmlrpc.rhn.redhat.com"
redhat_management_key: ""
redhat_management_permissive: 0
register_new_installs: 0
reposync_flags: "-l -n -d"
restart_dns: 1
restart_dhcp: 1
run_install_triggers: 1
scm_track_enabled: 0
scm_track_mode: "git"
server: {{cobbler_server}}
client_use_localhost: 0
client_use_https: 0
snippetsdir: /var/lib/cobbler/snippets
template_remote_kickstarts: 0
virt_auto_boot: 1
webdir: /var/www/cobbler
xmlrpc_port: 25151
yum_post_install_mirror: 1
yum_distro_priority: 1
yumdownloader_flags: "--resolve"
serializer_pretty_json: 0
replicate_rsync_options: "-avzH"
replicate_repo_rsync_options: "-avzH"
always_write_dhcp_entries: 0

めも

  • テンプレ使う方法と既存ファイル置換の方法で悩んだ。
  • テンプレだったら正規表現いっぱい書かなくていいので楽だけど、ソフトウェアの構成が変わったときとかどうする?
  • 置換だったら本当に想定の箇所だけ変わったか不安。あと↑と同じでデフォの値が変わった時なんかに、ちゃんと置換が動くか微妙

roles/cobbler/handlers/main.yml

# notifyで使うコマンドのショートカット的なの作ってる
- name: restart cobbler
  command: cobbler sync
  notify: restart cobblerd

- name: restart cobblerd
  service: name=cobblerd state=restarted

roles/cobbler/tasks/main.yml

# 必要なパッケージをまとめて入れる
- name: Installing Required Packages
  yum: name={{ item }} state=latest
  with_items:
    - cobbler
    - debmirror
    - pykickstart
    - dnsmasq

# 後の設定ファイルで使うための環境情報をregisterしておく→もともと置換で設定ファイルいじるつもりだった結局使ってない
# 実際、今回1サーバだけなので、varsにベタ書きでもいいと思うけど、複数あった時は環境に応じた値を当てはめるようにしなくてはいけない(IPとかMACアドレスとか・・・)
- name: get static ip
  shell: /sbin/ifconfig eth1|grep inet|awk '{print $2}'|cut -d ':' -f2
  register: eth1_static_ip

# テンプレ使ってファイル配置
- name: configure settings
  template: src=settings.j2 dest=/etc/cobbler/settings owner=root group=root mode=0644
  notify: restart cobbler

- name: configure modules.conf
  template: src=modules.conf.j2 dest=/etc/cobbler/modules.conf owner=root group=root mode=0644
  notify: restart cobbler

- name: configure dnsmasq.template
  template: src=dnsmasq.template.j2 dest=/etc/cobbler/dnsmasq.template owner=root group=root mode=0644
  notify: restart cobbler

# xinetdのrsyncとtftpを有効化
- name: config xinetd rsync
  lineinfile: >
    dest=/etc/xinetd.d/rsync
    backup=yes
    backrefs=yes
    regexp='disable.*=\syes'
    line='disable = no'
  notify: restart cobbler

- name: config xinetd tftp
  lineinfile: >
    dest=/etc/xinetd.d/tftp
    backup=yes
    backrefs=yes
    regexp='disable.*=\syes'
    line='disable = no'
  notify: restart cobbler

# cobbler導入後やる作業
- name: cobbler get-loader
  command: /usr/bin/cobbler get-loaders

# サービス立ち上げ
- name: service up
  service: name={{ item }} state=started enabled=yes
  with_items:
    - cobblerd
    - httpd
    - xinetd
    - dnsmasq

# いろいろ設定いじったので同期
- name: cobbler sync
  command: /usr/bin/cobbler sync

# 同じく再起動
- name: cobbler restart
  service: name=cobblerd state=restarted