WIP: PXE boot server (for kickstarting hardware)

ansible/inventory/pxeinventory

@@ -0,0 +1,12 @@
+[pxeserver]
+vmtest1.i.gensoukyou.net ansible_host=10.21.3.31
+
+[pxeserver:vars]
+pxeboot_nameservers=10.21.254.1
+pxeboot_server_address=10.21.3.31
+pxeboot_netmask=255.255.255.0
+pxeboot_gateway=10.21.3.1
+pxeboot_subnet=10.21.3.0
+pxeboot_next_server=127.0.0.1
+pxeboot_range_low=10.21.3.10
+pxeboot_range_high=10.21.3.20

ansible/playbooks/role-pxeserver.yml

@@ -0,0 +1,45 @@
+---
+# Variables for the infrastructure are in inventory/pxeinventory
+- name: Configure PXE Server
+  hosts: pxeserver
+  become: true
+
+  # This is to try to avoid the handler issue in pre/post tasks
+  handlers:
+    - include: handlers/main.yml
+
+  pre_tasks:
+    - name: Check if ansible cannot be run here
+      stat:
+        path: /etc/no-ansible
+      register: no_ansible
+
+    - name: Verify if we can run ansible
+      assert:
+        that:
+          - "not no_ansible.stat.exists"
+        msg: "/etc/no-ansible exists - skipping run on this node"
+        #- name: Verify parameters
+        #  assert:
+        #    that:
+        #      - '{{ pxeboot_nameservers }}'
+        #      - '{{ pxeboot_server_address }}'
+        #      - '{{ pxeboot_netmask }}'
+        #      - '{{ pxeboot_gateway }}'
+        #      - '{{ pxeboot_subnet }}'
+        #      - '{{ pxeboot_next_server }}'
+        #      - '{{ pxeboot_range_low }}'
+        #      - '{{ pxeboot_range_high }}'
+
+  roles:
+    - role: pxeserver
+      state: present
+
+  post_tasks:
+    - name: Touching run file that ansible has ran here
+      file:
+        path: /var/log/ansible.run
+        state: touch
+        mode: '0644'
+        owner: root
+        group: root

ansible/playbooks/roles/pxeserver/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+centos_8_kickstart_mirror: 'https://mirror.phx1.us.spryservers.net/centos/8.3.2011/BaseOS/x86_64/kickstart'

ansible/playbooks/roles/pxeserver/example-grub.cfg

@@ -0,0 +1,30 @@
+# This kind of file should live in /var/lib/tftpboot/uefi/grub.cfg.01-host-mac-here
+# $ cat grub.cfg-01-00-50-56-ba-2b-e6
+set default="Reboot"
+
+function load_video {
+  insmod efi_gop
+  insmod efi_uga
+  insmod video_bochs
+  insmod video_cirrus
+  insmod all_video
+}
+
+load_video
+set gfxpayload=keep
+insmod gzio
+insmod part_gpt
+insmod ext2
+
+# Infinite
+set timeout=-1
+
+menuentry 'Reboot' {
+    reboot
+}
+
+### BEGIN /etc/grub.d/10_linux ###
+menuentry 'Install centos-8-x86_64 for host (DESTROYS DATA!)' --class fedora --class gnu-linux --class gnu --class os {
+	linuxefi centos-8-x86_64-vmlinuz nofb ks=http://10.21.3.31/testkickstart.cfg  mpath console=tty0
+	initrdefi centos-8-x86_64-initrd.img
+}

ansible/playbooks/roles/pxeserver/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: 'reload nginx'
+  service:
+    name: nginx
+    state: restarted
+

ansible/playbooks/roles/pxeserver/tasks/main.yml

@@ -0,0 +1,63 @@
+---
+- name: 'install tftp, nginx for serving kickstart configuration'
+  package:
+    name:
+      - tftp-server
+      - nginx
+
+- name: 'ensure /var/www'
+  file:
+    path: '/var/www'
+    state: directory
+    mode: '0755'
+    owner: root
+    group: root
+
+- name: 'ensure /var/www/html'
+  file:
+    path: '/var/www/html'
+    state: directory
+    mode: '0755'
+    owner: root
+    group: nginx
+
+- name: 'nginx configuration'
+  template:
+    src: nginx.conf.j2
+    dest: /etc/nginx/nginx.conf
+  notify: 'reload nginx'
+
+- name: 'Ensure nginx is running'
+  service:
+    name: nginx
+    state: started
+    enabled: true
+
+- name: Enable tftp server socket
+  systemd:
+    name: tftp.socket
+    state: started
+    enabled: true
+
+- name: 'Create UEFI PXE-boot configuration directory'
+  file:
+    mode: '0755'
+    path: '/var/lib/tftpboot/uefi'
+    state: directory
+
+# Are there better ways to get these same files into the tftpboot directory?
+# Downloading things from the internet feels wrong...
+- name: 'Download CentOS 8 UEFI boot files into the tftpboot directory'
+  get_url:
+    mode: '0644'
+    url: '{{ centos_8_kickstart_mirror | mandatory }}/{{ item.value }}'
+    dest: '/var/lib/tftpboot/{{ item.key }}'
+  loop: "{{ bootfiles | dict2items }}"
+  vars:
+    bootfiles:
+      # values are relative to the value of the mirror
+      'uefi/BOOTX64.EFI': 'EFI/BOOT/BOOTX64.EFI'
+      'uefi/grubx64.efi': 'EFI/BOOT/grubx64.efi'
+      'centos-8-x86_64-vmlinuz': 'images/pxeboot/vmlinuz'
+      'centos-8-x86_64-initrd.img': 'images/pxeboot/initrd.img'
+

ansible/playbooks/roles/pxeserver/templates/nginx.conf.j2

@@ -0,0 +1,42 @@
+# Simple HTTP-only server for serving kickstart files from under /var/www/html
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+pid /run/nginx.pid;
+
+# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
+include /usr/share/nginx/modules/*.conf;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile            on;
+    tcp_nopush          on;
+    tcp_nodelay         on;
+    keepalive_timeout   65;
+    types_hash_max_size 2048;
+
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+    include /etc/nginx/conf.d/*.conf;
+
+    server {
+        listen       80 default_server;
+        listen       [::]:80 default_server;
+        server_name  _;
+        root         /var/www/html;
+
+        location / {
+        }
+    }
+}
+