Base playbook redefined, added autofs, customized nfs server, k8s mas…

…ter etc - lots of changes

01_tcentos7/make_base_image.sh

@@ -0,0 +1,32 @@
+# Create a folder for our new root structure
+export centos_root='/centos_image/rootfs'
+mkdir -p $centos_root
+# initialize rpm database
+rpm --root $centos_root --initdb
+# download and install the centos-release package, it contains our repository sources
+yum reinstall --downloadonly --downloaddir . centos-release
+rpm --root $centos_root -ivh centos-release*.rpm
+rpm --root $centos_root --import  $centos_root/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+install yum without docs and install only the english language files during the process
+yum -y --installroot=$centos_root --setopt=tsflags='nodocs' --setopt=override_install_langs=en_US.utf8 install yum
+# configure yum to avoid installing of docs and other language files than english generally
+sed -i "/distroverpkg=centos-release/a override_install_langs=en_US.utf8\ntsflags=nodocs" $centos_root/etc/yum.conf
+
+# chroot to the environment and install some additional tools
+cp /etc/resolv.conf $centos_root/etc
+chroot $centos_root /bin/bash <<EOF
+yum install -y procps-ng iputils
+yum clean all
+EOF
+
+
+rm -f $centos_root/etc/resolv.conf
+
+# install and enable docker
+yum install -y docker
+
+systemctl start docker
+# create docker image
+
+#tar -C $centos_root -c . | docker import - centos
+tar -C $centos_root -c .

02_freeipa/ansible/01_prepare_nodes.yaml

@@ -0,0 +1,112 @@
+---
+- hosts: localhost
+  become: true
+  gather_facts: no
+  tasks:
+
+  - name: Set variables
+    include: include/_setup_vars.yaml
+
+  - name: "Create ansible group for new hosts"
+    add_host: name="{{ ip }}" groups=newhost
+
+  - name: "Delete ssh keys for template"
+    shell: sed -i -E '/10.1.16.200/d' $HOME/.ssh/known_hosts
+
+  - name: "Delete ssh keys for ip"
+    shell: sed -i -E "/{{ ip }}/d" $HOME/.ssh/known_hosts
+
+  - name: "Create ansible group for ipa server"
+    add_host: name="{{ ipaip }}" groups=ipaserver
+
+  - name: Create data directory
+    shell: mkdir /data/vms/{{ hostname }}.{{ domain }} 
+
+  - name: Clone template
+    shell: virt-clone --original-xml /data/templates/t_centos7/t_centos7.xml --name {{ fqdn }} --file /data/vms/{{ fqdn }}/rootvg.qcow2
+
+  - name: Change rootvg size
+    shell: qemu-img resize /data/vms/{{ fqdn }}/rootvg.qcow2 +{{ rootvg_size - 20 }}G
+    when: rootvg_size is defined
+
+  - name: Set max memory
+    shell: virsh setmaxmem {{ fqdn }} {{ mem }} --config
+
+  - name: Set more memory
+    shell: virsh setmem {{ fqdn }} {{ mem }} --config
+
+  - name: Start machine
+    shell: virsh start {{ fqdn }}
+    ignore_errors: yes
+
+
+
+- hosts: centos7
+  become: true
+  gather_facts: no
+  tasks:
+
+  - pause:
+      seconds: 35
+
+  - name: Set variables
+    include: include/_setup_vars.yaml
+
+  - name: Change hostname
+    shell: echo "{{ fqdn }}" > /etc/hostname
+
+  - name: Add hosts to hostname
+    shell: echo "{{ ip }} {{ hostname }} {{ fqdn }}" >> /etc/hosts
+
+  - name: Resize partition
+    shell: printf 'd\n2\np\nn\np\n2\n\n\nt\n2\n8e\nw' | fdisk /dev/vda
+    ignore_errors: yes
+
+  - name: Partprobe disks
+    shell: partprobe /dev/vda
+
+  - name: PV resize
+    shell: pvresize /dev/vda2
+
+  - name: Add an Ethernet connection with static IP configuration
+    shell: nmcli connection modify eth0 ipv4.addresses {{  ip  }}/24 ipv4.method manual ipv4.dns "{{ ipaip }}"
+
+  - name: Install additional packages
+    shell: yum install -y ipa-client sssd openldap-clients krb5-workstation
+
+  - name: Enable make dir option for new users
+    shell: authconfig --enablemkhomedir --update
+
+  - name: Update sshd config - part 1
+    shell: echo "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys" >> /etc/ssh/sshd_config 
+
+  - name: Update sshd config - part 2
+    shell: echo "AuthorizedKeysCommandUser nobody" >> /etc/ssh/sshd_config
+
+  - name: Update ssh config - non strict host checking
+    shell: echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config
+
+  - name: Set timezone to Prague
+    shell: timedatectl set-timezone 'Europe/Prague'
+
+- hosts: localhost
+  become: true
+  gather_facts: no
+  tasks:
+
+  - name: "Shutdown host"
+    shell: virsh shutdown {{ fqdn }} --mode acpi
+
+  - pause:
+      seconds: 5
+
+  - name: "Destroy domain"
+    shell: "virsh destroy {{ fqdn }}"
+    ignore_errors: yes
+
+  - name: "Change virbr interface"
+    shell: virt-xml {{ fqdn }} --edit -w vnet0 --network bridge=virbr{{ virbr }}
+
+
+  - name: "Start domain"
+    shell: "virsh start {{ fqdn }}"

02_freeipa/ansible/02_install_ipa.yaml

@@ -0,0 +1,50 @@
+---
+- hosts: localhost
+  become: true
+  gather_facts: no
+  tasks:
+
+  - name: Set variables
+    include: include/_setup_vars.yaml
+
+  - name: Create snapshot for the host
+    shell: virsh snapshot-create-as --domain {{ fqdn }} --name "before FreeIPA installation"
+
+  - name: Start machine
+    shell: virsh start {{ fqdn }}
+    ignore_errors: yes
+
+  - name: "Create ansible group for new hosts"
+    add_host: name="{{ ip }}" groups=newhost
+
+- hosts: newhost
+  become: true
+  gather_facts: no
+  tasks:
+  - pause:
+      seconds: 25
+
+  - name: Set variables
+    include: include/_setup_vars.yaml
+
+  - name: Setup temporary external DNS
+    shell: echo "nameserver 8.8.8.8" > /etc/resolv.conf
+
+  - name: Install prereq packages
+    shell: yum install ipa-server ipa-server-dns -y
+
+  - name: hostnamectl workarround 
+    shell: rm -f /usr/bin/hostnamectl ; ln -s /usr/bin/true /usr/bin/hostnamectl
+
+  - name: Allow https on firewalld
+    shell: firewall-cmd --add-service=https --add-service=ldap --add-service=ldaps --add-service=kerberos --add-service=kpasswd --add-service=dns --permanent ; firewall-cmd --reload
+
+  - name: Setup temporary external DNS
+    shell: echo "nameserver {{ ip }}" > /etc/resolv.conf
+
+  - name: Customize /etc/hosts
+    shell: sed -i -E "/{{ ip }}/d" /etc/hosts ; echo "{{ ip }} {{ fqdn }} {{ hostname }}" >> /etc/hosts
+
+  - name: Install ipa server
+    shell: ipa-server-install --ip-address={{ ip }} --hostname={{ fqdn }} --realm={{ realm }} --domain={{ domain }} \
+           --ds-password={{ adminpwd }} --admin-password={{ adminpwd }} --mkhomedir --setup-dns --unattended --no-forwarders

02_freeipa/ansible/03_add_groups.yaml

@@ -0,0 +1,48 @@
+---
+- hosts: freeipa.lab.local
+  become: true
+  gather_facts: no
+  tasks:
+
+  - name: Set variables
+    include: include/_setup_vars.yaml
+
+  - name: Get the krb5 ticket
+    shell: echo "{{ adminpwd }}" | kinit {{ svcadmin }}
+
+  - name: Add groups
+    shell: ipa group-add {{ item.groupname }} --gid={{ item.gid }}
+    loop:
+      - { groupname: 'stuff', gid: '1100' }
+      - { groupname: 'k8s-cluster-admin', gid: '1101' }
+      - { groupname: 'simple-admin', gid: '1102' }
+      - { groupname: 'simple-user', gid: '1103' }
+    ignore_errors: yes
+
+  - name: Add users
+    shell: ipa user-add {{ item.username }} --uid={{ item.uid }} --gid=1100 --homedir=/nfshome/{{ item.username }} --random --shell=/bin/bash --first={{ item.first }} --last={{ item.last }}
+    loop:
+      - { username: 'veldrane', uid: '1001', first: 'Veldrane', last: 'Veldranovic' }
+      - { username: 'valor', uid: '1002',first: 'Valor', last: 'Valorovic' }
+      - { username: 'jdvorak', uid: '2001', first: 'Jan', last: 'Dvorak' }
+      - { username: 'mnovak', uid: '2002', first: 'Martin', last: 'Novak' }
+      - { username: 'ddvorak', uid: '2003', first: 'David', last: 'Dvorak' }
+    ignore_errors: yes
+
+- hosts: nfsnode.lab.local
+  become: true
+  gather_facts: no
+  tasks:
+
+   - name: Create home dir for users
+     shell: cp -r /etc/skel /nfsvg/home/{{ item.username }} && chown {{ item.username }}:stuff -R /nfsvg/home/{{ item.username }}
+     loop:
+      - { username: 'veldrane', uid: '1001', first: 'Veldrane', last: 'Veldranovic' }
+      - { username: 'valor', uid: '1002',first: 'Valor', last: 'Valorovic' }
+      - { username: 'jdvorak', uid: '2001', first: 'Jan', last: 'Dvorak' }
+      - { username: 'mnovak', uid: '2002', first: 'Martin', last: 'Novak' }
+      - { username: 'ddvorak', uid: '2003', first: 'David', last: 'Dvorak' }
+     ignore_errors: yes
+
+   - name: restore selinux context
+     shell: restorecon -R /nfsvg/home

02_freeipa/ansible/04_add_homesdir.yaml

@@ -0,0 +1,18 @@
+- hosts: nfsnode.lab.local
+  become: true
+  gather_facts: no
+  tasks:
+
+   - name: Create home dir for users
+     shell: cp -r /etc/skel /nfsvg/home/{{ item.username }} && chown {{ item.username }}:stuff -R /nfsvg/home/{{ item.username }}
+     loop:
+      - { username: 'veldrane', uid: '1001', first: 'Veldrane', last: 'Veldranovic' }
+      - { username: 'valor', uid: '1002',first: 'Valor', last: 'Valorovic' }
+      - { username: 'jdvorak', uid: '2001', first: 'Jan', last: 'Dvorak' }
+      - { username: 'mnovak', uid: '2002', first: 'Martin', last: 'Novak' }
+      - { username: 'ddvorak', uid: '2003', first: 'David', last: 'Dvorak' }
+     ignore_errors: yes
+
+   - name: restore selinux context
+     shell: restorecon -R /nfsvg/home
+

02_freeipa/ansible/include/_setup_vars.yaml

@@ -0,0 +1,31 @@
+- name: Set global variables
+  set_fact:
+    virbr: "8"
+    netsuffix: "10" 
+    hostname: "freeipa"
+    domain: "lab.local"
+    mem: "2G"
+    ipaserver: "freeipa.lab.local"
+    ipaip: "10.1.8.10"
+    ldapbase: "dc=lab,dc=local"
+    svcadmin: "admin"
+    adminpwd: "admin123"
+    template: "t_centos7"
+    template_dir: "/data/templates"
+    vms_dir: "/data/vms"
+    rootvg_size: 30
+
+
+- name: Set ip
+  set_fact:
+    ip: "10.1.{{ virbr  }}.{{ netsuffix }}"
+
+
+
+- name: Set FQDN
+  set_fact:
+    fqdn: "{{ hostname }}.{{ domain }}"
+
+- name: Set REALM
+  set_fact: 
+    realm: "{{ domain|upper }}"

03_okdv3/02_infra/01_prepare_nodes.yaml

@@ -72,7 +72,7 @@
     shell: nmcli connection modify eth0 ipv4.addresses {{  ip  }}/24 ipv4.method manual ipv4.dns "{{ ipaip }}"
 
   - name: Install additional packages
-    shell: yum install -y ipa-client sssd openldap-clients krb5-workstation
+    shell: yum install -y ipa-client sssd openldap-clients krb5-workstation nfs-client autofs
 
   - name: Enable make dir option for new users
     shell: authconfig --enablemkhomedir --update
@@ -86,6 +86,18 @@
   - name: Update ssh config - non strict host checking
     shell: echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config
 
+  - name: Create nfshome dir 
+    shell: mkdir /nfshome 
+
+  - name: Set nfs home boolean
+    shell: setsebool -P use_nfs_home_dirs 1
+
+  - name: Prepare autofs master
+    shell: echo "/nfshome /etc/auto.nfshome --timeout=180 " >> /etc/auto.master
+
+  - name: Create auto.nfshome
+    shell: echo "*  -fstype=nfs,rw,soft,sec=krb5i,nfsvers=4,minorversion=2,user=&  {{ nfsserver }}:{{ home_export }}/&" >> /etc/auto.nfshome
+
   - name: Set timezone to Prague
     shell: timedatectl set-timezone 'Europe/Prague'
 
@@ -126,3 +138,17 @@
   - name: Join machine to IPA domain
     shell: ipa-client-install -U -p {{ svcadmin }} -w {{ adminpwd }} --mkhomedir
 
+  - name: Get the krb5 ticket
+    shell: echo "{{ adminpwd }}" | kinit {{ svcadmin }}
+
+  - name: Add nfs server to the ipa server
+    shell: ipa service-add nfs/{{ fqdn }}
+
+  - name: Create nfs service for krb5 mount client
+    shell: ipa-getkeytab -s {{ ipaserver }} -p nfs/{{ fqdn }} -k /etc/krb5.keytab
+
+  - name: Enable and start nfs client
+    shell: systemctl enable nfs-client.target && systemctl start nfs-client.target
+
+  - name: Enable and start autofs
+    shell: systemctl enable autofs && systemctl start autofs