feat(repo): create common repo ansible role

Makefile

@@ -23,6 +23,7 @@ ansible-lint:
 	@echo "Running 'ansible-lint' on selected yaml files"
 	ansible-lint --offline ansible/roles/test/ohpc-huawei-*yml \
 		ansible/roles/test/ohpc-common-sms.yml \
+		ansible/roles/test/ohpc-common-repo.yml \
 		ansible/roles/test/ohpc-lenovo-*yml \
 		ansible/roles/common/automatic-updates.yml \
 		ansible/roles/common/handlers.yml \

ansible/roles/test/ohpc-common-repo.yml

@@ -0,0 +1,238 @@
+---
+
+- name: Create directories
+  ansible.builtin.file:
+    dest: "{{ item }}"
+    state: directory
+  with_items:
+    - "/var/www/html/openSUSE-Leap-15.3-DVD-{{ arch }}-Media"
+    - "/var/www/html/openSUSE-Leap-15.5-DVD-{{ arch }}-Media"
+    - /var/www/html/openEuler-22.03-LTS-SP3-everything
+    - /var/www/html/AlmaLinux-10-latest
+    - /var/www/html/AlmaLinux-9-latest
+    - /var/www/html/Rocky-9-latest
+    - /var/www/html/Rocky-8-latest
+    - /root/.cache
+    - /home/registry
+  tags:
+    - skip_ansible_lint
+
+- name: Include history.yml
+  ansible.builtin.include_tasks: ../common/history.yml
+
+- name: Install packages
+  ansible.builtin.package:
+    state: present
+    name:
+      - git
+      - squid
+      - ipmitool
+      - kea
+      - tftp-server
+      - "grub2-efi-{{ arch_short }}"
+      - httpd
+      - rsync
+      - openvpn
+      - firewalld
+      - podman
+      - python3-policycoreutils
+      - ansible-core
+      - ansible-collection-community-general
+      - ansible-collection-ansible-posix
+      - wget
+      - screen
+      - nmap-ncat
+      - python3-virtualenv
+
+- name: "Import ohpc-cluster-common.yml for {{ cluster }}"
+  ansible.builtin.import_tasks: "ohpc-{{ cluster }}-common.yml"
+
+- name: Create directories
+  ansible.builtin.file:
+    dest: "{{ item }}"
+    state: directory
+    owner: squid
+    group: squid
+    mode: "0755"
+  with_items:
+    - /home/cache
+
+- name: Set file context /home/cache
+  community.general.sefcontext:
+    target: '/home/cache(/.*)?'
+    setype: squid_cache_t
+    state: present
+
+- name: Apply new SELinux file context to filesystem
+  ansible.builtin.command: restorecon -irv /home/
+  tags:
+    - skip_ansible_lint
+
+- name: Install squid.conf
+  ansible.builtin.template:
+    src: squid.conf
+    dest: /etc/squid/squid.conf
+    mode: "0644"
+  notify:
+    - Restart squid
+
+- name: Mount iso images as installation source
+  ansible.posix.mount:
+    path: "/var/www/html/{{ item }}"
+    src: "/home/{{ item }}-{{ arch }}-dvd.iso"
+    opts: defaults,ro
+    state: mounted
+    fstype: iso9660
+  with_items:
+    - Rocky-8-latest
+    - Rocky-9-latest
+    - AlmaLinux-9-latest
+    - AlmaLinux-10-latest
+    - openEuler-22.03-LTS-SP3-everything
+
+- name: Mount leap 15.5 dvd as installation source
+  ansible.posix.mount:
+    path: "/var/www/html/openSUSE-Leap-15.5-DVD-{{ arch }}-Current"
+    src: "/home/openSUSE-Leap-15.5-DVD-{{ arch }}-Current.iso"
+    opts: defaults,ro
+    state: mounted
+    fstype: iso9660
+
+- name: Setup tftp booting
+  ansible.builtin.copy:
+    remote_src: true
+    src: "{{ item }}"
+    dest: /var/lib/tftpboot/
+    mode: "0644"
+  with_items:
+    - "/boot/efi/EFI/almalinux/grub{{ arch_short }}.efi"
+
+- name: Setup tftp booting for openEuler 22.03
+  ansible.builtin.copy:
+    remote_src: true
+    src: "{{ item }}"
+    dest: /var/lib/tftpboot/
+    mode: "0644"
+  with_items:
+    - /var/www/html/openEuler-22.03-LTS-SP3-everything/images/pxeboot/initrd.img
+    - /var/www/html/openEuler-22.03-LTS-SP3-everything/images/pxeboot/vmlinuz
+  when: distro == "openEuler_22.03"
+
+- name: Setup tftp booting for rocky9
+  ansible.builtin.copy:
+    remote_src: true
+    src: "{{ item }}"
+    dest: /var/lib/tftpboot/
+    mode: "0644"
+  with_items:
+    - /var/www/html/Rocky-9-latest/images/pxeboot/initrd.img
+    - /var/www/html/Rocky-9-latest/images/pxeboot/vmlinuz
+  when: distro == "rocky9"
+
+- name: Setup tftp booting for rocky8
+  ansible.builtin.copy:
+    remote_src: true
+    src: "{{ item }}"
+    dest: /var/lib/tftpboot/
+    mode: "0644"
+  with_items:
+    - /var/www/html/Rocky-8-latest/images/pxeboot/initrd.img
+    - /var/www/html/Rocky-8-latest/images/pxeboot/vmlinuz
+  when: distro == "rocky8"
+
+- name: Setup tftp booting for almalinux9
+  ansible.builtin.copy:
+    remote_src: true
+    src: "{{ item }}"
+    dest: /var/lib/tftpboot/
+    mode: "0644"
+  with_items:
+    - /var/www/html/AlmaLinux-9-latest/images/pxeboot/initrd.img
+    - /var/www/html/AlmaLinux-9-latest/images/pxeboot/vmlinuz
+  when: distro == "almalinux9"
+
+- name: Setup tftp booting for leap15.5
+  ansible.builtin.copy:
+    remote_src: true
+    src: "{{ item }}"
+    dest: /var/lib/tftpboot/
+    mode: "0644"
+  with_items:
+    - "/var/www/html/openSUSE-Leap-15.5-DVD-{{ arch }}-Current/boot/{{ arch }}/initrd"
+    - "/var/www/html/openSUSE-Leap-15.5-DVD-{{ arch }}-Current/boot/{{ arch }}/linux"
+  when: distro == "leap15.5"
+
+- name: Setup tftp booting for leap15.3
+  ansible.builtin.copy:
+    remote_src: true
+    src: "{{ item }}"
+    dest: /var/lib/tftpboot/
+    mode: "0644"
+  with_items:
+    - "/var/www/html/openSUSE-Leap-15.3-DVD-{{ arch }}-Media/boot/{{ arch }}/initrd"
+    - "/var/www/html/openSUSE-Leap-15.3-DVD-{{ arch }}-Media/boot/{{ arch }}/linux"
+  when: distro == "leap15.3"
+
+- name: Copy el-kickstart file
+  ansible.builtin.template:
+    src: el-kickstart
+    dest: "/var/www/html/{{ distro }}-kickstart"
+    mode: "0644"
+  when: (distro.startswith("rocky")) or (distro == "almalinux9") or (distro == "openEuler_22.03")
+
+- name: Copy autoyast for "{{ distro }}"
+  ansible.builtin.template:
+    src: "{{ distro }}-autoyast.{{ cluster }}"
+    dest: "/var/www/html/{{ distro }}-autoyast"
+    mode: "0644"
+  when: distro.startswith("leap15")
+
+- name: Network boot grub.cfg "({{ distro }})"
+  ansible.builtin.template:
+    src: "grub.cfg.{{ cluster }}"
+    dest: /var/lib/tftpboot/grub.cfg
+    mode: "0644"
+
+- name: Install kea-dhcp4.conf
+  ansible.builtin.copy:
+    src: "kea-dhcp4.conf.{{ cluster }}"
+    dest: /etc/kea/kea-dhcp4.conf
+    mode: "0644"
+  notify:
+    - Restart kea-dhcp4
+
+- name: Allow password based login
+  ansible.builtin.lineinfile:
+    path: /etc/ssh/sshd_config
+    state: present
+    line: 'PermitRootLogin yes'
+  notify:
+    - Restart sshd
+
+- name: Enable services
+  ansible.builtin.service:
+    name: "{{ item }}"
+    enabled: true
+    state: started
+  with_items:
+    - httpd
+    - tftp
+    - squid
+    - firewalld
+
+- name: Open firewall ports
+  ansible.posix.firewalld:
+    zone: public
+    port: "{{ item }}"
+    permanent: true
+    state: enabled
+    immediate: true
+  tags:
+    - skip_ansible_lint
+  with_items:
+    - 67/udp
+    - 68/udp
+    - 69/udp
+    - 22/tcp
+    - 80/tcp
+    - 3128/tcp