feat(core): Added changed playbooks for new vms, vlans, nfstables, fr…

…eeipa, k8s, consul, vault, etc
veldrane · Jul 31, 2024 · 867fea8 · 867fea8
1 parent aad3d91
commit 867fea8
Show file tree

Hide file tree

Showing 57 changed files with 2,019 additions and 276 deletions.
diff --git a/00_proliant/00_addumy.sh b/00_proliant/00_addumy.sh
diff --git a/00_proliant/00_packages.sh b/00_proliant/00_packages.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+dnf -y install mc openvswitch3.3 git qemu-kvm libvirt virt-manager virt-install uuid
+
diff --git a/00_proliant/01_newnet.sh b/00_proliant/01_newnet.sh
diff --git a/00_proliant/02_iptables.sh b/00_proliant/02_iptables.sh
diff --git a/00_proliant/02_libvirtd.sh b/00_proliant/02_libvirtd.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+systemctl enable libvirtd
+systemctl start libvirtd
diff --git a/00_proliant/03_storage.sh b/00_proliant/03_storage.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+lvcreate -L+20G -n iso rootvg
+lvcreate -L+100G -n vms rootvg
+
diff --git a/00_proliant/04_libvirt-network.sh b/00_proliant/04_libvirt-network.sh
@@ -0,0 +1,14 @@
+#!/bin/bash 
+
+ovs-vsctl add-br br-pub0
+#nmcli con up br-pub0
+ip link set dev br-pub0 up
+#nmcli con modify br-pub0 connection.autoconnect true
+nmcli con add type vlan con-name vlan8 ifname vlan8 dev br-pub0 id 8 ip4 10.1.8.1/24 connection.autoconnect true
+nmcli con up vlan8
+echo "net.ipv4.conf.vlan8.forwarding=1" > /etc/sysctl.d/10-vlan8-forwarding.conf
+echo "net.ipv4.conf.eno1.forwarding=1" > /etc/sysctl.d/10-eno1-forwarding.conf
+
+virsh net-define libvirt-network/public.xml 
+virsh net-start public
+virsh net-autostart public
diff --git a/00_proliant/05_vlan8-nat.sh b/00_proliant/05_vlan8-nat.sh
@@ -0,0 +1,4 @@
+nft add table nat
+nft 'add chain nat postrouting { type nat hook postrouting priority 100 ; }'
+
+nft add rule nat postrouting ip saddr 10.1.8.0/24 oif eno1 masquerade
diff --git a/00_proliant/06_nftables-bsegment.sh b/00_proliant/06_nftables-bsegment.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# Flush existing rules
+nft flush ruleset
+
+# Create NAT table and chains
+nft add table ip nat
+nft add chain ip nat prerouting { type nat hook prerouting priority 0 \; }
+nft add chain ip nat postrouting { type nat hook postrouting priority 100 \; }
+
+# NAT rule for outgoing traffic to the internet
+nft add rule ip nat postrouting oif "eno1" ip saddr 10.1.0.0/16 ip daddr != 192.168.1.0/24 ip daddr != 10.2.0.0/16 ip daddr != 10.1.0.0/16 counter snat to 192.168.1.228
+
+# Accept rule for local traffic to 192.168.1.0/24 and 10.2.0.0/16
+nft add rule ip nat postrouting oif "eno1" ip daddr { 192.168.1.0/24, 10.2.0.0/16 } counter accept
diff --git a/00_proliant/06_nftables.sh b/00_proliant/06_nftables.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# Flush existing rules
+nft flush ruleset
+
+# Create NAT table and chains
+nft add table ip nat
+nft add chain ip nat prerouting { type nat hook prerouting priority 0 \; }
+nft add chain ip nat postrouting { type nat hook postrouting priority 100 \; }
+
+# NAT rule for outgoing traffic to the internet
+nft add rule ip nat postrouting oif "eno1" ip saddr 10.1.4.0/24 ip daddr != 192.168.1.0/24 ip daddr != 10.2.0.0/16 counter snat to 192.168.1.228
+nft add rule ip nat postrouting oif "eno1" ip saddr 10.1.8.0/24 ip daddr != 192.168.1.0/24 ip daddr != 10.2.0.0/16 counter snat to 192.168.1.228
+nft add rule ip nat postrouting oif "eno1" ip saddr 10.1.16.0/24 ip daddr != 192.168.1.0/24 ip daddr != 10.2.0.0/16 counter snat to 192.168.1.228
+
+# Accept rule for local traffic to 192.168.1.0/24 and 10.2.0.0/16
+nft add rule ip nat postrouting oif "eno1" ip daddr { 192.168.1.0/24, 10.2.0.0/16 } counter accept
diff --git a/00_proliant/99_service.sh b/00_proliant/99_service.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+SERVICE=$1
+
+systemctl enable $1
+systemctl start $1
diff --git a/00_proliant/99_vlans.sh b/00_proliant/99_vlans.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+ID=$1
+RE='^[0-9]+$'
+
+
+ ! [[ "$1" =~ $RE ]] && echo "Add correct vlan id"
+ [[ "$1" -ge 4095 ]] && echo "Add correct vlan id"
+
+nmcli con add type vlan con-name vlan$ID ifname vlan$ID dev br-pub0 id $ID ip4 10.1.$ID.1/24 connection.autoconnect true
+nmcli con up vlan$ID
+
+sysctl -w net.ipv4.conf.vlan$ID.forwarding=1
+
+echo "net.ipv4.conf.vlan$ID.forwarding=1" > /etc/sysctl.d/10-vlan$ID-forwarding.conf
diff --git a/00_proliant/include/anaconda-ks.cfg b/00_proliant/include/anaconda-ks.cfg
diff --git a/00_proliant/include/[email protected] b/00_proliant/include/[email protected]
diff --git a/00_proliant/include/iptables.save b/00_proliant/include/iptables.save
diff --git a/00_proliant/include/sysctl.conf b/00_proliant/include/sysctl.conf
diff --git a/00_proliant/isolation-cpu.md b/00_proliant/isolation-cpu.md
diff --git a/00_proliant/issue-readme.md b/00_proliant/issue-readme.md
diff --git a/00_proliant/libvirt-network/public.xml b/00_proliant/libvirt-network/public.xml
@@ -0,0 +1,17 @@
+<network>
+  <name>public</name>
+  <uuid>9cdde189-9298-4de1-a513-d2e4d8ac8cef</uuid>
+  <forward mode='bridge'/>
+  <bridge name='br-pub0'/>
+  <virtualport type='openvswitch'/>
+  <vlan trunk='yes'>
+    <tag id='1' nativeMode='untagged'/>
+    <tag id='2'/>
+    <tag id='3'/>
+    <tag id='4'/>
+    <tag id='5'/>
+    <tag id='6'/>
+    <tag id='7'/>
+    <tag id='8'/>
+  </vlan>
+</network>
diff --git a/01_template/kickstart/kickstart.cfg b/01_template/kickstart/kickstart.cfg
@@ -0,0 +1,75 @@
+# Perform a text based installation
+text
+
+# Set the installation language
+lang en_US.UTF-8
+
+# Set the keyboard layout
+keyboard us
+
+# Enable the firewall
+firewall --enabled
+
+# Set the local timezone
+timezone Europe/Prague
+
+# Network configuration via static ip
+network --bootproto static --ip=10.1.8.100 --netmask=255.255.255.0 --gateway=10.1.8.1 --onboot=yes --noipv6 --hostname=localhost.localdomain --nameserver=8.8.8.8
+
+# Create a new user with wheel group access
+user --name=veldrane --password=heslo123 --groups=wheel --plaintext
+
+# Set the root user password
+rootpw --plaintext root
+
+# Clear the existing storage
+zerombr
+clearpart --all --initlabel
+# Disk partitioning information
+part pv.375 --fstype="lvmpv" --ondisk=vda --size=19455
+part /boot --fstype="ext4" --ondisk=vda --size=1024 --label=boot
+volgroup rootvg --pesize=4096 pv.375
+logvol swap  --fstype="swap" --size=2048 --name=swap --vgname=rootvg
+logvol /  --fstype="ext4" --size=2048 --label="root" --name=root --vgname=rootvg
+logvol /home  --fstype="ext4" --size=2048 --label="home" --name=home --vgname=rootvg
+logvol /tmp  --fstype="ext4" --size=4096 --label="tmp" --name=tmp --vgname=rootvg
+logvol /usr  --fstype="ext4" --size=4096 --label="usr" --name=usr --vgname=rootvg
+logvol /var  --fstype="ext4" --size=2048 --label="var" --name=var --vgname=rootvg
+
+# Included packages
+%packages
+@^minimal-environment
+@core
+chrony
+kexec-tools
+net-tools
+traceroute
+freeipa-client
+sssd 
+openldap-clients 
+krb5-workstation 
+nfs-utils
+autofs 
+policycoreutils-python-utils 
+python3-policycoreutils.noarch
+%end
+
+# Post install
+%post --log=/root/ks-post.log
+
+mkdir -m0700 /root/.ssh/
+cat <<EOF >/root/.ssh/authorized_keys
+ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGTWpkHDuiMAZYkTfaAqcCRoPXgpMRMSa1+unxzhUO9/SZyBr2w0sWQGUeDp1+3g54HZ8ItV0fUK4acDKCckOkSTQGkQDNXAvJ1sZIQP2/7CbwVOOs5B3ZLY63pdqwL2i3nWZbZ4spGzepJ8oPGYXv5Egb/KWt+6W5vPb8RcM/YltWFCw== localhost
+EOF
+
+chmod 0600 /root/.ssh/authorized_keys
+
+restorecon -R /root/.ssh/
+
+systemctl enable sshd.service
+
+yum upgrade -y
+%end
+
+# Reboot the node
+reboot
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,4 @@
		#!/bin/bash

		dnf -y install mc openvswitch3.3 git qemu-kvm libvirt virt-manager virt-install uuid