diff --git a/Makefile b/Makefile index fc31df9..75c43b2 100644 --- a/Makefile +++ b/Makefile @@ -23,6 +23,7 @@ ansible-lint: @echo "Running 'ansible-lint' on selected yaml files" ansible-lint --offline ansible/roles/test/ohpc-huawei-*yml \ ansible/roles/test/ohpc-common-sms.yml \ + ansible/roles/test/ohpc-common-repo.yml \ ansible/roles/test/ohpc-lenovo-*yml \ ansible/roles/common/automatic-updates.yml \ ansible/roles/common/handlers.yml \ diff --git a/ansible/roles/test/ohpc-common-repo.yml b/ansible/roles/test/ohpc-common-repo.yml new file mode 100644 index 0000000..fb9b405 --- /dev/null +++ b/ansible/roles/test/ohpc-common-repo.yml @@ -0,0 +1,238 @@ +--- + +- name: Create directories + ansible.builtin.file: + dest: "{{ item }}" + state: directory + with_items: + - "/var/www/html/openSUSE-Leap-15.3-DVD-{{ arch }}-Media" + - "/var/www/html/openSUSE-Leap-15.5-DVD-{{ arch }}-Media" + - /var/www/html/openEuler-22.03-LTS-SP3-everything + - /var/www/html/AlmaLinux-10-latest + - /var/www/html/AlmaLinux-9-latest + - /var/www/html/Rocky-9-latest + - /var/www/html/Rocky-8-latest + - /root/.cache + - /home/registry + tags: + - skip_ansible_lint + +- name: Include history.yml + ansible.builtin.include_tasks: ../common/history.yml + +- name: Install packages + ansible.builtin.package: + state: present + name: + - git + - squid + - ipmitool + - kea + - tftp-server + - "grub2-efi-{{ arch_short }}" + - httpd + - rsync + - openvpn + - firewalld + - podman + - python3-policycoreutils + - ansible-core + - ansible-collection-community-general + - ansible-collection-ansible-posix + - wget + - screen + - nmap-ncat + - python3-virtualenv + +- name: "Import ohpc-cluster-common.yml for {{ cluster }}" + ansible.builtin.import_tasks: "ohpc-{{ cluster }}-common.yml" + +- name: Create directories + ansible.builtin.file: + dest: "{{ item }}" + state: directory + owner: squid + group: squid + mode: "0755" + with_items: + - /home/cache + +- name: Set file context /home/cache + community.general.sefcontext: + target: '/home/cache(/.*)?' + setype: squid_cache_t + state: present + +- name: Apply new SELinux file context to filesystem + ansible.builtin.command: restorecon -irv /home/ + tags: + - skip_ansible_lint + +- name: Install squid.conf + ansible.builtin.template: + src: squid.conf + dest: /etc/squid/squid.conf + mode: "0644" + notify: + - Restart squid + +- name: Mount iso images as installation source + ansible.posix.mount: + path: "/var/www/html/{{ item }}" + src: "/home/{{ item }}-{{ arch }}-dvd.iso" + opts: defaults,ro + state: mounted + fstype: iso9660 + with_items: + - Rocky-8-latest + - Rocky-9-latest + - AlmaLinux-9-latest + - AlmaLinux-10-latest + - openEuler-22.03-LTS-SP3-everything + +- name: Mount leap 15.5 dvd as installation source + ansible.posix.mount: + path: "/var/www/html/openSUSE-Leap-15.5-DVD-{{ arch }}-Current" + src: "/home/openSUSE-Leap-15.5-DVD-{{ arch }}-Current.iso" + opts: defaults,ro + state: mounted + fstype: iso9660 + +- name: Setup tftp booting + ansible.builtin.copy: + remote_src: true + src: "{{ item }}" + dest: /var/lib/tftpboot/ + mode: "0644" + with_items: + - "/boot/efi/EFI/almalinux/grub{{ arch_short }}.efi" + +- name: Setup tftp booting for openEuler 22.03 + ansible.builtin.copy: + remote_src: true + src: "{{ item }}" + dest: /var/lib/tftpboot/ + mode: "0644" + with_items: + - /var/www/html/openEuler-22.03-LTS-SP3-everything/images/pxeboot/initrd.img + - /var/www/html/openEuler-22.03-LTS-SP3-everything/images/pxeboot/vmlinuz + when: distro == "openEuler_22.03" + +- name: Setup tftp booting for rocky9 + ansible.builtin.copy: + remote_src: true + src: "{{ item }}" + dest: /var/lib/tftpboot/ + mode: "0644" + with_items: + - /var/www/html/Rocky-9-latest/images/pxeboot/initrd.img + - /var/www/html/Rocky-9-latest/images/pxeboot/vmlinuz + when: distro == "rocky9" + +- name: Setup tftp booting for rocky8 + ansible.builtin.copy: + remote_src: true + src: "{{ item }}" + dest: /var/lib/tftpboot/ + mode: "0644" + with_items: + - /var/www/html/Rocky-8-latest/images/pxeboot/initrd.img + - /var/www/html/Rocky-8-latest/images/pxeboot/vmlinuz + when: distro == "rocky8" + +- name: Setup tftp booting for almalinux9 + ansible.builtin.copy: + remote_src: true + src: "{{ item }}" + dest: /var/lib/tftpboot/ + mode: "0644" + with_items: + - /var/www/html/AlmaLinux-9-latest/images/pxeboot/initrd.img + - /var/www/html/AlmaLinux-9-latest/images/pxeboot/vmlinuz + when: distro == "almalinux9" + +- name: Setup tftp booting for leap15.5 + ansible.builtin.copy: + remote_src: true + src: "{{ item }}" + dest: /var/lib/tftpboot/ + mode: "0644" + with_items: + - "/var/www/html/openSUSE-Leap-15.5-DVD-{{ arch }}-Current/boot/{{ arch }}/initrd" + - "/var/www/html/openSUSE-Leap-15.5-DVD-{{ arch }}-Current/boot/{{ arch }}/linux" + when: distro == "leap15.5" + +- name: Setup tftp booting for leap15.3 + ansible.builtin.copy: + remote_src: true + src: "{{ item }}" + dest: /var/lib/tftpboot/ + mode: "0644" + with_items: + - "/var/www/html/openSUSE-Leap-15.3-DVD-{{ arch }}-Media/boot/{{ arch }}/initrd" + - "/var/www/html/openSUSE-Leap-15.3-DVD-{{ arch }}-Media/boot/{{ arch }}/linux" + when: distro == "leap15.3" + +- name: Copy el-kickstart file + ansible.builtin.template: + src: el-kickstart + dest: "/var/www/html/{{ distro }}-kickstart" + mode: "0644" + when: (distro.startswith("rocky")) or (distro == "almalinux9") or (distro == "openEuler_22.03") + +- name: Copy autoyast for "{{ distro }}" + ansible.builtin.template: + src: "{{ distro }}-autoyast.{{ cluster }}" + dest: "/var/www/html/{{ distro }}-autoyast" + mode: "0644" + when: distro.startswith("leap15") + +- name: Network boot grub.cfg "({{ distro }})" + ansible.builtin.template: + src: "grub.cfg.{{ cluster }}" + dest: /var/lib/tftpboot/grub.cfg + mode: "0644" + +- name: Install kea-dhcp4.conf + ansible.builtin.copy: + src: "kea-dhcp4.conf.{{ cluster }}" + dest: /etc/kea/kea-dhcp4.conf + mode: "0644" + notify: + - Restart kea-dhcp4 + +- name: Allow password based login + ansible.builtin.lineinfile: + path: /etc/ssh/sshd_config + state: present + line: 'PermitRootLogin yes' + notify: + - Restart sshd + +- name: Enable services + ansible.builtin.service: + name: "{{ item }}" + enabled: true + state: started + with_items: + - httpd + - tftp + - squid + - firewalld + +- name: Open firewall ports + ansible.posix.firewalld: + zone: public + port: "{{ item }}" + permanent: true + state: enabled + immediate: true + tags: + - skip_ansible_lint + with_items: + - 67/udp + - 68/udp + - 69/udp + - 22/tcp + - 80/tcp + - 3128/tcp diff --git a/ansible/roles/test/ohpc-huawei-repo.yml b/ansible/roles/test/ohpc-huawei-repo.yml index 52cda71..597431d 100644 --- a/ansible/roles/test/ohpc-huawei-repo.yml +++ b/ansible/roles/test/ohpc-huawei-repo.yml @@ -6,45 +6,17 @@ disks: sda,sdb repo: 192.168.243.4 proxy: 175.200.16.14:3128 + cluster: huawei + arch: aarch64 + arch_short: aa64 handlers: - name: Include handlers ansible.builtin.import_tasks: ../common/handlers.yml tasks: - - name: Create directories - file: - dest: "{{ item }}" - state: directory - with_items: - - /var/www/html/openSUSE-Leap-15.3-3-DVD-aarch64-Media - - /var/www/html/openEuler-22.03-LTS-SP3-everything - - /var/www/html/AlmaLinux-10-latest - - /var/www/html/AlmaLinux-9-latest - - /var/www/html/Rocky-9-latest - - /root/.cache - - /home/registry - tags: - - skip_ansible_lint - - - name: Install packages - ansible.builtin.package: - state: present - name: - - git - - squid - - ipmitool - - kea - - tftp-server - - grub2-efi-aa64 - - httpd - - rsync - - openvpn - - firewalld - - podman - - - name: Import ohpc-huawei-common.yml - ansible.builtin.import_tasks: ohpc-huawei-common.yml + - name: Include ohpc-common-repo.yml + ansible.builtin.include_tasks: ohpc-common-repo.yml - name: Configure enp125s0f0 community.general.nmcli: @@ -55,155 +27,6 @@ state: present autoconnect: true - - name: Create directories - ansible.builtin.file: - dest: "{{ item }}" - state: directory - owner: squid - group: squid - mode: "0755" - with_items: - - /home/cache - - - name: Set file context /home/cache - community.general.sefcontext: - target: '/home/cache(/.*)?' - setype: squid_cache_t - state: present - - - name: Install squid.conf - ansible.builtin.template: - src: squid.conf - dest: /etc/squid/squid.conf - mode: "0644" - notify: - - Restart squid - - - name: Mount iso images as installation source - ansible.posix.mount: - path: "/var/www/html/{{ item }}" - src: "/home/{{ item }}-aarch64-dvd.iso" - opts: defaults,ro - state: mounted - fstype: iso9660 - with_items: - - Rocky-9-latest - - AlmaLinux-9-latest - - AlmaLinux-10-latest - - openEuler-22.03-LTS-SP3-everything - - ## - name: mount leap dvd as installation source - ## ansible.posix.mount: - ## path: /var/www/html/openSUSE-Leap-15.5-DVD-aarch64-Current - ## src: /mnt/images/openSUSE-Leap-15.5-DVD-aarch64-Current.iso - ## opts: defaults,ro - ## state: mounted - ## fstype: iso9660 - ## - - - name: Setup tftp booting - ansible.builtin.copy: - remote_src: true - src: "{{ item }}" - dest: /var/lib/tftpboot/ - mode: "0644" - with_items: - - /boot/efi/EFI/almalinux/grubaa64.efi - - - name: Setup tftp booting for openEuler 22.03 - ansible.builtin.copy: - remote_src: true - src: "{{ item }}" - dest: /var/lib/tftpboot/ - mode: "0644" - with_items: - - /var/www/html/openEuler-22.03-LTS-SP3-everything/images/pxeboot/initrd.img - - /var/www/html/openEuler-22.03-LTS-SP3-everything/images/pxeboot/vmlinuz - when: distro == "openEuler_22.03" - - - name: Setup tftp booting for rocky9 - ansible.builtin.copy: - remote_src: true - src: "{{ item }}" - dest: /var/lib/tftpboot/ - mode: "0644" - with_items: - - /var/www/html/Rocky-9-latest/images/pxeboot/initrd.img - - /var/www/html/Rocky-9-latest/images/pxeboot/vmlinuz - when: distro == "rocky9" - - - name: Setup tftp booting for rocky8 - ansible.builtin.copy: - remote_src: true - src: "{{ item }}" - dest: /var/lib/tftpboot/ - mode: "0644" - with_items: - - /home/rocky/8/BaseOS/aarch64/os/images/pxeboot/initrd.img - - /home/rocky/8/BaseOS/aarch64/os/images/pxeboot/vmlinuz - when: distro == "rocky8" - - - name: Setup tftp booting for almalinux9 - ansible.builtin.copy: - remote_src: true - src: "{{ item }}" - dest: /var/lib/tftpboot/ - mode: "0644" - with_items: - - /var/www/html/AlmaLinux-9-latest/images/pxeboot/initrd.img - - /var/www/html/AlmaLinux-9-latest/images/pxeboot/vmlinuz - when: distro == "almalinux9" - - - name: Setup tftp booting for leap15.5 - ansible.builtin.copy: - remote_src: true - src: "{{ item }}" - dest: /var/lib/tftpboot/ - mode: "0644" - with_items: - - /var/www/html/openSUSE-Leap-15.5-DVD-aarch64-Current/boot/aarch64/initrd - - /var/www/html/openSUSE-Leap-15.5-DVD-aarch64-Current/boot/aarch64/linux - when: distro == "leap15.5" - - - name: Setup tftp booting for leap15.3 - ansible.builtin.copy: - remote_src: true - src: "{{ item }}" - dest: /var/lib/tftpboot/ - mode: "0644" - with_items: - - /var/www/html/openSUSE-Leap-15.3-DVD-aarch64-Media/boot/aarch64/initrd - - /var/www/html/openSUSE-Leap-15.3-DVD-aarch64-Media/boot/aarch64/linux - when: distro == "leap15.3" - - - name: Copy el-kickstart file - ansible.builtin.template: - src: el-kickstart - dest: "/var/www/html/{{ distro }}-kickstart" - mode: "0644" - when: (distro.startswith("rocky")) or (distro == "almalinux9") or (distro == "openEuler_22.03") - - - name: Copy autoyast for "{{ distro }}" - ansible.builtin.template: - src: "{{ distro }}-autoyast.huawei" - dest: "/var/www/html/{{ distro }}-autoyast" - mode: "0644" - when: distro.startswith("leap15") - - - name: Network boot grub.cfg "({{ distro }})" - ansible.builtin.template: - src: grub.cfg.huawei - dest: /var/lib/tftpboot/grub.cfg - mode: "0644" - - - name: Install kea-dhcp4.conf - ansible.builtin.copy: - src: kea-dhcp4.conf.huawei - dest: /etc/kea/kea-dhcp4.conf - mode: "0644" - notify: - - Restart kea-dhcp4 - - name: Allow time sync from other test systems ansible.builtin.lineinfile: path: /etc/chrony.conf @@ -215,14 +38,6 @@ notify: - Restart chronyd - - name: Allow password based login - ansible.builtin.lineinfile: - path: /etc/ssh/sshd_config - state: present - line: 'PermitRootLogin yes' - notify: - - Restart sshd - - name: Install openvpn server file ansible.builtin.template: src: server-tun1.conf @@ -255,10 +70,6 @@ enabled: true state: started with_items: - - httpd - - tftp - - squid - - firewalld - openvpn-server@tun1 - registry.service @@ -302,12 +113,6 @@ tags: - skip_ansible_lint with_items: - - 67/udp - - 68/udp - - 69/udp - 123/udp - 1194/udp - - 22/tcp - - 80/tcp - - 3128/tcp - 5000/tcp diff --git a/ansible/roles/test/ohpc-lenovo-repo.yml b/ansible/roles/test/ohpc-lenovo-repo.yml index 9cd844b..02785dd 100644 --- a/ansible/roles/test/ohpc-lenovo-repo.yml +++ b/ansible/roles/test/ohpc-lenovo-repo.yml @@ -7,274 +7,13 @@ repo: 10.241.58.130 proxy: 10.241.58.130:3128 cluster: lenovo + arch: x86_64 + arch_short: x86 handlers: - name: Include handlers ansible.builtin.import_tasks: ../common/handlers.yml tasks: - - name: Include history.yml - ansible.builtin.include_tasks: ../common/history.yml - - - name: Create directories - ansible.builtin.file: - dest: "{{ item }}" - state: directory - with_items: - - /var/www/html/openSUSE-Leap-15.3-DVD-x86_64-Current - - /var/www/html/openSUSE-Leap-15.5-DVD-x86_64-Current - - /var/www/html/openEuler-22.03-LTS-SP3-everything - - /var/www/html/AlmaLinux-10-latest - - /var/www/html/AlmaLinux-9-latest - - /var/www/html/Rocky-9-latest - - /var/www/html/Rocky-8-latest - - /root/.cache - - /home/registry - - /results - tags: - - skip_ansible_lint - - - - name: Install packages - ansible.builtin.package: - state: present - name: - - git - - squid - - ipmitool - - kea - - tftp-server - - grub2-efi-x64 - - httpd - - rsync - - openvpn - - firewalld - - podman - - python3-policycoreutils - - ansible-core - - ansible-collection-community-general - - ansible-collection-ansible-posix - - wget - - screen - - nmap-ncat - - python3-virtualenv - - - name: Import ohpc-lenovo-common.yml - ansible.builtin.import_tasks: ohpc-lenovo-common.yml - - - name: Create directories - ansible.builtin.file: - dest: "{{ item }}" - state: directory - owner: squid - group: squid - mode: "0755" - with_items: - - /home/cache - - - name: Set file context /home/cache - community.general.sefcontext: - target: '/home/cache(/.*)?' - setype: squid_cache_t - state: present - - - name: Set file context /home/almalinux - community.general.sefcontext: - target: '/home/almalinux(/.*)?' - setype: public_content_t - state: present - - - name: Set file context /home/rocky - community.general.sefcontext: - target: '/home/rocky(/.*)?' - setype: public_content_t - state: present - - - name: Set file context /mnt/images - community.general.sefcontext: - target: '/mnt/images(/.*)?' - setype: public_content_t - state: present - - - name: Apply new SELinux file context to filesystem - ansible.builtin.command: restorecon -irv /home/ /mnt/images/ - tags: - - skip_ansible_lint - - - name: Install squid.conf - ansible.builtin.template: - src: squid.conf - dest: /etc/squid/squid.conf - mode: "0644" - notify: - - Restart squid - - - name: Mount iso images as installation source - ansible.posix.mount: - path: "/var/www/html/{{ item }}" - src: "/home/{{ item }}-x86_64-dvd.iso" - opts: defaults,ro - state: mounted - fstype: iso9660 - with_items: - - Rocky-8-latest - - Rocky-9-latest - - AlmaLinux-9-latest - - AlmaLinux-10-latest - - openEuler-22.03-LTS-SP3-everything - - - name: Mount leap 15.5 dvd as installation source - ansible.posix.mount: - path: /var/www/html/openSUSE-Leap-15.5-DVD-x86_64-Current - src: /home/openSUSE-Leap-15.5-DVD-x86_64-Current.iso - opts: defaults,ro - state: mounted - fstype: iso9660 - - - name: Mount leap 15.3 dvd as installation source - ansible.posix.mount: - path: /var/www/html/openSUSE-Leap-15.3-DVD-x86_64-Current - src: /home/openSUSE-Leap-15.3-DVD-x86_64-Current.iso - opts: defaults,ro - state: mounted - fstype: iso9660 - - - name: Setup tftp booting - ansible.builtin.copy: - remote_src: true - src: "{{ item }}" - dest: /var/lib/tftpboot/ - mode: "0644" - with_items: - - /boot/efi/EFI/almalinux/grubx64.efi - - - name: Setup tftp booting for openEuler 22.03 - ansible.builtin.copy: - remote_src: true - src: "{{ item }}" - dest: /var/lib/tftpboot/ - mode: "0644" - with_items: - - /var/www/html/openEuler-22.03-LTS-SP3-x86_64-dvd/images/pxeboot/initrd.img - - /var/www/html/openEuler-22.03-LTS-SP3-x86_64-dvd/images/pxeboot/vmlinuz - when: distro == "openEuler_22.03" - - - name: Setup tftp booting for rocky9 - ansible.builtin.copy: - remote_src: true - src: "{{ item }}" - dest: /var/lib/tftpboot/ - mode: "0644" - with_items: - - /var/www/html/Rocky-9-latest/images/pxeboot/initrd.img - - /var/www/html/Rocky-9-latest/images/pxeboot/vmlinuz - when: distro == "rocky9" - - - name: Setup tftp booting for rocky8 - ansible.builtin.copy: - remote_src: true - src: "{{ item }}" - dest: /var/lib/tftpboot/ - mode: "0644" - with_items: - - /var/www/html/Rocky-8-latest/images/pxeboot/initrd.img - - /var/www/html/Rocky-8-latest/images/pxeboot/vmlinuz - when: distro == "rocky8" - - - name: Setup tftp booting for almalinux9 - ansible.builtin.copy: - remote_src: true - src: "{{ item }}" - dest: /var/lib/tftpboot/ - mode: "0644" - with_items: - - /var/www/html/AlmaLinux-9-latest/images/pxeboot/initrd.img - - /var/www/html/AlmaLinux-9-latest/images/pxeboot/vmlinuz - when: distro == "almalinux9" - - - name: Setup tftp booting for leap15.5 - ansible.builtin.copy: - remote_src: true - src: "{{ item }}" - dest: /var/lib/tftpboot/ - mode: "0644" - with_items: - - /var/www/html/openSUSE-Leap-15.5-DVD-x86_64-Current/boot/x86_64/loader/initrd - - /var/www/html/openSUSE-Leap-15.5-DVD-x86_64-Current/boot/x86_64/loader/linux - when: distro == "leap15.5" - - - name: Setup tftp booting for leap15.3 - ansible.builtin.copy: - remote_src: true - src: "{{ item }}" - dest: /var/lib/tftpboot/ - mode: "0644" - with_items: - - /var/www/html/openSUSE-Leap-15.3-DVD-x86_64-Current/boot/x86_64/loader/initrd - - /var/www/html/openSUSE-Leap-15.3-DVD-x86_64-Current/boot/x86_64/loader/linux - when: distro == "leap15.3" - - - name: Copy el-kickstart file - ansible.builtin.template: - src: el-kickstart - dest: "/var/www/html/{{ distro }}-kickstart" - mode: "0644" - when: (distro.startswith("rocky")) or (distro == "almalinux9") or (distro == "openEuler_22.03") - - - name: Install autoyast definition - ansible.builtin.template: - src: "{{ distro }}-autoyast.lenovo" - dest: "/var/www/html/{{ distro }}-autoyast" - mode: "0644" - when: distro.startswith("leap15") - - - name: Network boot grub.cfg "({{ distro }})" - ansible.builtin.template: - src: grub.cfg.lenovo - dest: /var/lib/tftpboot/grub.cfg - mode: "0644" - - - name: Install kea-dhcp4.conf - ansible.builtin.copy: - src: kea-dhcp4.conf.lenovo - dest: /etc/kea/kea-dhcp4.conf - mode: "0644" - notify: - - Restart kea-dhcp4 - - - name: Allow password based login - ansible.builtin.lineinfile: - path: /etc/ssh/sshd_config - state: present - line: 'PermitRootLogin yes' - notify: - - Restart sshd - - - name: Enable services - ansible.builtin.service: - name: "{{ item }}" - enabled: true - state: started - with_items: - - httpd - - tftp - - squid - - firewalld - - - - name: Open firewall ports - ansible.posix.firewalld: - zone: public - port: "{{ item }}" - permanent: true - state: enabled - immediate: true - tags: - - skip_ansible_lint - with_items: - - 67/udp - - 68/udp - - 69/udp - - 22/tcp - - 80/tcp - - 3128/tcp + - name: Include ohpc-common-repo.yml + ansible.builtin.include_tasks: ohpc-common-repo.yml