-
Notifications
You must be signed in to change notification settings - Fork 42
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Use KVM host to store bastion kickstart file
The bastion kickstart file is stored on a ftp server and then dowloaded from the KVM host. A ftp root password is required to verify http service. We do not have always the root password for an existing ftp server. This patch simplifies the setup and stores the bastion kickstart file on the KVM host. Signed-off-by: Klaus Smolin <smolin@de.ibm.com>
- Loading branch information
Showing
2 changed files
with
42 additions
and
80 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,45 +1,9 @@ | ||
#Prepare KVM host and create bastion node | ||
- hosts: ftp | ||
tags: ftp | ||
# Assume we have an existing ftp/http server already | ||
- name: 4 create bastion | ||
hosts: kvm_host[0] | ||
become: true | ||
gather_facts: true | ||
vars_files: | ||
- "{{ inventory_dir }}/group_vars/all.yaml" | ||
vars: | ||
packages: [ httpd ] | ||
roles: | ||
- install_packages | ||
post_tasks: | ||
|
||
- name: Start httpd | ||
tags: httpd | ||
service: | ||
name: httpd | ||
state: started | ||
|
||
- name: Create directory for mounting iso to HTTP accessible directory, because virt-install's FTP usage is inconsistent. | ||
file: | ||
path: "/var/www/html/{{ env.ftp.iso_mount_dir }}" | ||
state: directory | ||
mode: '777' | ||
|
||
- name: Find FTP home for use in next step | ||
become: false | ||
command: echo $HOME | ||
register: ftp_home | ||
|
||
- name: Mount iso_mount_dir to HTTP accessible directory | ||
ansible.posix.mount: | ||
path: "/var/www/html/{{ env.ftp.iso_mount_dir }}" | ||
src: "{{ ftp_home.stdout }}/{{ env.ftp.iso_mount_dir }}" | ||
fstype: iso9660 | ||
opts: ro,noauto | ||
state: present | ||
|
||
- hosts: kvm_host[0] | ||
become: true | ||
vars_files: | ||
- "{{ inventory_dir }}/group_vars/all.yaml" | ||
- "{{ inventory_dir }}/host_vars/{{ env.z.lpar1.hostname }}.yaml" | ||
roles: | ||
- { role: create_bastion, when: env.bastion.create == True } | ||
- { role: create_bastion, when: env.bastion.create == True } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,83 +1,81 @@ | ||
--- | ||
|
||
- name: Clean up old kickstart for idempotency | ||
tags: create_bastion | ||
become: false | ||
file: | ||
path: "{{ env.ftp.cfgs_dir }}/{{ env.bastion.networking.hostname }}/bastion-ks.cfg" | ||
state: absent | ||
delegate_to: "{{env.ftp.ip}}" | ||
|
||
- name: Create a directory on the FTP server for bastion configuration files. | ||
- name: Create a directory on the KVM host server for bastion configuration files | ||
become: false | ||
tags: create_bastion | ||
file: | ||
ansible.builtin.file: | ||
path: "{{ env.ftp.cfgs_dir }}/{{ env.bastion.networking.hostname }}" | ||
mode: "0755" | ||
state: directory | ||
delegate_to: "{{env.ftp.ip}}" | ||
|
||
- name: Template kickstart file to FTP server. | ||
- name: Copy template kickstart file to KVM host server | ||
tags: create_bastion | ||
become: false | ||
template: | ||
ansible.builtin.template: | ||
src: "bastion-ks.cfg.j2" | ||
dest: "{{ env.ftp.cfgs_dir }}/{{ env.bastion.networking.hostname }}/bastion-ks.cfg" | ||
delegate_to: "{{env.ftp.ip}}" | ||
mode: "0644" | ||
force: true | ||
|
||
- name: Create hash from bastion's root password to input in kickstart file. | ||
- name: Create hash from bastion's root password to input in kickstart file | ||
tags: create_bastion | ||
shell: echo "{{ env.bastion.access.root_pass }}" | openssl passwd -6 -in - | ||
ansible.builtin.shell: | | ||
set -o pipefail | ||
echo "{{ env.bastion.access.root_pass }}" | openssl passwd -6 -in - | ||
register: root_pass_hash | ||
|
||
- name: Add hashed root password to bastion's RHEL kickstart config file. | ||
- name: Add hashed root password to bastion's RHEL kickstart config file | ||
tags: create_bastion | ||
become: false | ||
lineinfile: | ||
ansible.builtin.lineinfile: | ||
path: "{{ env.ftp.cfgs_dir }}/{{ env.bastion.networking.hostname }}/bastion-ks.cfg" | ||
insertafter: "Root password" | ||
line: "rootpw --iscrypted {{ root_pass_hash.stdout }}" | ||
delegate_to: "{{env.ftp.ip}}" | ||
|
||
- name: Create hash from bastion user password to input in kickstart file. | ||
- name: Create hash from bastion user password to input in kickstart file | ||
tags: create_bastion | ||
shell: echo "{{ env.bastion.access.pass }}" | openssl passwd -6 -in - | ||
ansible.builtin.shell: | | ||
set -o pipefail | ||
echo "{{ env.bastion.access.pass }}" | openssl passwd -6 -in - | ||
register: user_pass_hash | ||
|
||
- name: Add hashed user password to bastion's RHEL kickstart config file. | ||
- name: Add hashed user password to bastion's RHEL kickstart config file | ||
tags: create_bastion | ||
become: false | ||
lineinfile: | ||
ansible.builtin.lineinfile: | ||
path: "{{ env.ftp.cfgs_dir }}/{{ env.bastion.networking.hostname }}/bastion-ks.cfg" | ||
insertafter: "Users and Groups Definitions" | ||
line: "user --groups=wheel --name={{env.bastion.access.user}} --password={{user_pass_hash.stdout}} --iscrypted" | ||
delegate_to: "{{env.ftp.ip}}" | ||
|
||
- name: Split iso_mount_dir variable on / for use in virt-install location parameter | ||
tags: create_bastion, virt-install | ||
set_fact: | ||
ins_dir: "{{ env.ftp.iso_mount_dir.split('/') }}" | ||
line: "user --groups=wheel --name={{ env.bastion.access.user }} --password={{ user_pass_hash.stdout }} --iscrypted" | ||
|
||
- name: Find FTP home for use in next step | ||
- name: Get KVM host home for use in next step | ||
tags: create_bastion, virt-install | ||
become: false | ||
command: echo $HOME | ||
register: ftp_home | ||
ansible.builtin.command: pwd | ||
register: kvm_host_home | ||
|
||
- name: Boot and kickstart bastion | ||
- name: Boot and kickstart bastion (up to 3 min). To monitor, login to your KVM host and run 'virsh console <bastion VM name>' | ||
tags: create_bastion, virt-install | ||
shell: | | ||
ansible.builtin.shell: | | ||
set -o pipefail | ||
virsh destroy {{ env.bastion.vm_name }} || true | ||
virsh undefine {{ env.bastion.vm_name }} --remove-all-storage || true | ||
virt-install \ | ||
--name {{ env.bastion.vm_name }} \ | ||
--autostart \ | ||
--memory={{ env.bastion.resources.ram }} \ | ||
--vcpus={{ env.bastion.resources.vcpu }} \ | ||
--os-type linux \ | ||
--os-variant {{ env.bastion.resources.os_variant }} \ | ||
--location http://{{ env.ftp.ip }}/{{ env.ftp.iso_mount_dir }} \ | ||
--disk pool={{ env.cluster.networking.metadata_name }}-vdisk,size={{ env.bastion.resources.disk_size }} \ | ||
--network network={{env.bridge_name}} \ | ||
--network network={{ env.bridge_name }} \ | ||
--graphics=none \ | ||
--noautoconsole --wait=-1 \ | ||
--extra-args "inst.ks=ftp://{{ env.ftp.user }}:{{ env.ftp.pass }}@{{ env.ftp.ip }}/{{ env.ftp.cfgs_dir }}/{{ env.bastion.networking.hostname }}/bastion-ks.cfg ip={{ env.bastion.networking.ip }}::{{ env.bastion.networking.gateway }}:{{ env.bastion.networking.subnetmask }}:{{ env.bastion.networking.hostname }}:enc1:none" | ||
--initrd-inject "/{{ kvm_host_home.stdout }}/{{ env.ftp.cfgs_dir }}/{{ env.bastion.networking.hostname }}/bastion-ks.cfg" \ | ||
--extra-args "inst.ks=file:/bastion-ks.cfg ip={{ env.bastion.networking.ip }}::{{ env.bastion.networking.gateway }}\ | ||
:{{ env.bastion.networking.subnetmask }}:{{ env.bastion.networking.hostname }}:enc1:none console=ttysclp0" | ||
- name: Waiting 3 minutes for automated bastion installation and configuration to complete. To monitor, use a web browser to go to https://your-kvm-host-ip-address-here:9090, sign in, then go to the 'Virtual Machines' tab and click on the bastion's hostname. | ||
- name: Waiting 1 minute for automated bastion installation and configuration to complete | ||
tags: create_bastion, virt-install | ||
pause: | ||
minutes: 3 | ||
ansible.builtin.pause: | ||
minutes: 1 |