diff --git a/adhoc-provision-node.yml b/adhoc-provision-node.yml index 2407d94..872b52c 100644 --- a/adhoc-provision-node.yml +++ b/adhoc-provision-node.yml @@ -25,12 +25,12 @@ gather_facts: false vars_prompt: - name: "init_hosts" - prompt: "[WARNING] Nodes to be fully wiped/reinstalled with CentOS => " + prompt: "[WARNING] Nodes to be fully wiped/reinstalled from scratch [!] => " private: no tasks: - - name: == Hardware provisioning == Creating kickstart to provision VM[s] + - name: == Hardware provisioning == Creating kickstart[s] template: src: "../templates/kickstarts/centos-{{ centos_version }}-ks.cfg.j2" dest: "/var/www/html/ks/{{ inventory_hostname }}-ks.cfg" @@ -39,7 +39,7 @@ tags: - ks - - name: == Hardware provisioning == Creating kickstart to provision VM[s] + - name: == Hardware provisioning == Creating kickstart[s] (RHEL version) template: src: "../templates/kickstarts/rhel-{{ rhel_version }}-ks.cfg.j2" dest: "/var/www/html/ks/{{ inventory_hostname }}-ks.cfg" diff --git a/templates/kickstarts/rhel-9-ks.cfg.j2 b/templates/kickstarts/rhel-9-ks.cfg.j2 new file mode 100644 index 0000000..8c245a1 --- /dev/null +++ b/templates/kickstarts/rhel-9-ks.cfg.j2 @@ -0,0 +1,112 @@ +# Use network installation +url --url="{{ rhel_deploy_mirror_url }}/{{ rhel_version }}/{{ arch }}/" + +text +# Disabling Setup Agent on first boot +firstboot --disable +# Keyboard layouts +# old format: keyboard be-latin1 +# new format: +keyboard --vckeymap=be-latin1 --xlayouts='us' +# System language +lang en_GB.UTF-8 + +# Network information +network --hostname={{ inventory_hostname }} +{% if bridge_nic is defined and bridge_nic %} +network --bootproto=static --device={{ bridge_name | default('br0') }} --bridgeslaves={{ pxe_bootdev }} --gateway={{ gateway }} --ip={{ ip }} {% for ns in dns %} --nameserver={{ ns }} {% endfor %} --netmask={{ netmask }} --ipv6=auto --activate +{% else %} +network --bootproto=static --device={{ pxe_bootdev }} --gateway={{ gateway }} --ip={{ ip }} {% for ns in dns %} --nameserver={{ ns }} {% endfor %} --netmask={{ netmask }} --ipv6=auto --activate +{% endif %} + +# Root password +rootpw --iscrypted {{ root_pass | password_hash('sha512') }} + +# System timezone +timezone Etc/UTC --utc +# System bootloader configuration +bootloader --location=mbr --boot-drive={{ hdd_install_dev | default('sda')}} +# Partition clearing information +clearpart --all --initlabel +zerombr + +# Disk partitioning information +# Adding first reqpart to automatically add /boot/efi or prepboot for aarch64, uefi, or IBM Power architectures +reqpart + +{% if use_md_raid and md_raid_level == 1 %} +# Using software raid 1 +part raid.603 --fstype="mdmember" --ondisk=sdb --size=20000 --grow +part raid.469 --fstype="mdmember" --ondisk=sda --size=1024 +part raid.597 --fstype="mdmember" --ondisk=sda --size=20000 --grow +part raid.475 --fstype="mdmember" --ondisk=sdb --size=1024 +raid pv.609 --device=pv00 --fstype="lvmpv" --level=RAID1 raid.597 raid.603 +raid /boot --device=boot --fstype="ext4" --level=RAID1 raid.469 raid.475 +volgroup vg_{{ inventory_hostname_short }} --pesize=4096 pv.609 + +{% elif use_md_raid and md_raid_level == 0 %} +# Using software raid 0 +part raid.603 --fstype="mdmember" --ondisk=sdb --size=20000 --grow +part raid.469 --fstype="mdmember" --ondisk=sda --size=1024 +part raid.597 --fstype="mdmember" --ondisk=sda --size=20000 --grow +part raid.475 --fstype="mdmember" --ondisk=sdb --size=1024 +raid pv.609 --device=pv00 --fstype="lvmpv" --level=RAID0 raid.597 raid.603 +raid /boot --device=boot --fstype="ext4" --level=RAID0 raid.469 raid.475 +volgroup vg_{{ inventory_hostname_short }} --pesize=4096 pv.609 + +{% else %} +# Not using software raid +part /boot --fstype="ext4" --ondisk={{ hdd_install_dev | default('sda')}} --size=1024 +part pv.14 --fstype="lvmpv" --ondisk={{ hdd_install_dev | default('sda')}} --size=20000 --grow +volgroup vg_{{ inventory_hostname_short }} --pesize=4096 pv.14 +{% endif %} +# Common section for partitions : on top of VG, despite md device or not, see above +{% if lv_root_expand %} +logvol / --fstype="ext4" --size={{ lv_root_size }} --name=root --vgname=vg_{{ inventory_hostname_short }} --grow +{% else %} +logvol / --fstype="ext4" --size={{ lv_root_size }} --name=root --vgname=vg_{{ inventory_hostname_short }} +{% endif %} +logvol /home --fstype="ext4" --size={{ lv_home_size }} --name=home --vgname=vg_{{ inventory_hostname_short }} +logvol swap --fstype="swap" --size=2048 --name=swap --vgname=vg_{{ inventory_hostname_short }} + + +#Ensuring rebooting at the end +reboot + +%post +# Ensuring that sshd is locked on reboot with key-based auth only +sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config + +# Using Ansible vars to automatically render template and add users +{% for user in admins_list %} +# Adding user,ssh pub key and sudo right for {{ user.login_name }} +/sbin/useradd {{ user.login_name}} -c "{{ user.full_name }}" +mkdir /home/{{ user.login_name }}/.ssh +{% for key in user.ssh_pub_key %} + echo "{{ key }}" >> /home/{{ user.login_name }}/.ssh/authorized_keys +{% endfor %} +chmod 700 /home/{{ user.login_name }}/.ssh +chmod 600 /home/{{ user.login_name }}/.ssh/* ; chcon -v -R -t ssh_home_t /home/{{ user.login_name }}/.ssh* +chown -R {{ user.login_name }}.{{ user.login_name}} /home/{{ user.login_name }}/ +echo "{{ user.login_name }} ALL=(ALL) NOPASSWD: ALL" >/etc/sudoers.d/{{ user.login_name }} +{% endfor %} + +# Disable subscription-manager yum plugins +sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/product-id.conf +sed -i 's|^enabled=1|enabled=0|' /etc/yum/pluginconf.d/subscription-manager.conf + + +%end + +%packages +@^minimal-environment +@standard +chrony + +%end + +%addon com_redhat_kdump --disable --reserve-mb='auto' + +%end + +