Various fixes
- Add Debian 11 preseed
- Update Debian 11 installation files
- Fix UEFI specific paths
- Fix download URLs for memtest
- fix lint issues with newer molecule
- Fix meta, specify namespace
- Remove Debian 10 (no longer needed) and only test used distros
Change-Id: I0c901ae798994d113c8c7c0fae58536b1aa0e724
diff --git a/Makefile b/Makefile
index c2182d6..8d30624 100644
--- a/Makefile
+++ b/Makefile
@@ -23,10 +23,13 @@
-d "{extends: default, rules: {line-length: {max: 119}}}" \
-s $(YAML_FILES)
+# List of molecule files, not including base molecule.yml which isn't ansible format
+MOLECULE_FILES ?= $(shell find molecule -type f -name '*.yml' \! -name 'molecule.yml' -print )
+
ansiblelint: ## lint check with ansible-lint
ansible-lint --version
ansible-lint -v .
- ansible-lint -v molecule/*/*
+ ansible-lint -v $(MOLECULE_FILES)
license: ## Check license with the reuse tool
reuse --version
diff --git a/README.md b/README.md
index 0ed4999..fe55a7d 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,8 @@
Configures PXE and iPXE related boot scripts and images on an web server.
+Also creates preseed files used to automate OS installation.
+
See the `ipxe-build` repo for building iPXE payload images.
The iPXE `boot.ipxe` script:
@@ -18,17 +20,19 @@
For fully automated installation, separate Debian/Ubuntu preseed files are
created based on the serial number of the device (and possibly other criteria
-like MAC address in the future). Hosts are defined in the pxeboot_hosts list,
-which has these options:
+like MAC address in the future). Hosts are defined in the ``pxeboot_hosts``
+list of dicts, which each have these keys:
- `domain`: Domain extension for the host
- `hostname`: Hostname of the system
-- `serial`: Serial number, must match the SMBIOS supplied serial for server to
- boot properly.
- `iface`: (optional) Network interface to use when setting up the system.
This is primarily to work around this bug which can cause the wrong interface
to be selected in the install process:
https://bugs.launchpad.net/ubuntu/+source/netcfg/+bug/713385
+- To allow iPXE to load a file specific to the hardware, one or both of these
+ keys must be included:
+ - `serial`: Device serial number, must match value given in SMBIOS
+ - `mac_address`: MAC address of the network card, colon separated format
Documentation of the preseed process can be found in these links:
diff --git a/defaults/main.yml b/defaults/main.yml
index 16dd086..5033b82 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -14,7 +14,6 @@
# List of boot images to include
pxeboot_boot_images:
- memtest
- - debian10
- debian11
- ubuntu1804
- ubuntu2004
@@ -58,23 +57,23 @@
# Debian 11 image
pxeboot_debian11_base_url: "https://deb.debian.org/debian/dists/bullseye/main/installer-amd64"
-pxeboot_debian11_version: "20210731+deb11u2/images/netboot/debian-installer/amd64/"
+pxeboot_debian11_version: "20210731+deb11u3/images/netboot/debian-installer/amd64/"
# checksums from version as of 2021-11-27
pxeboot_debian11_files:
- name: "linux"
- checksum: "sha256:0c30db8be595c063eb7a672f0e3aeb1274dc444cd75bf536b0fd01e2cf7066e1"
+ checksum: "sha256:b8e18400ca9c268334c2c1d5a911c2c1f4f522480a23bcaba1798b5c810edeea"
- name: "initrd.gz"
- checksum: "sha256:c304f5f034996b2200145e3eabf466cbd00ace690944cec01003258abc53d2ce"
+ checksum: "sha256:f8892c6b79817257a05a6d947be00ded56dbec057dff961dd1f526b0ab325320"
pxeboot_debian11_linux_args: ""
pxeboot_debian11_nonfree_url: "http://cdimage.debian.org/cdimage/unofficial/non-free/"
pxeboot_debian11_nonfree_files:
- - path: "firmware/bullseye/20211218"
+ - path: "firmware/bullseye/20220326"
name: "firmware.cpio.gz"
- checksum: "sha256:96b98f5bfdf13e0d4434fd12e42cd49b719221a313c8cf9caa4bc9d6e66b3822"
+ checksum: "sha256:0b4a8e6f8704ab3225946087b0af8b0bedceea9f8a3d28bda5151dccecf94c37"
# Ubuntu 18.04 image
pxeboot_ubuntu1804_base_url: "http://archive.ubuntu.com/ubuntu/dists/bionic-updates/main/installer-amd64"
diff --git a/meta/main.yml b/meta/main.yml
index d5216e7..888678f 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -6,6 +6,7 @@
galaxy_info:
role_name: pxeboot
+ namespace: onf
author: Open Networking Foundation
description: Configures a webserver with iPXE related boot scripts and images
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index bb22131..59cad71 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -9,11 +9,6 @@
driver:
name: docker
platforms:
- - name: "ubuntu-18.04-priv"
- image: "quay.io/paulfantom/molecule-systemd:ubuntu-18.04"
- privileged: true
- volumes:
- - "/sys/fs/cgroup:/sys/fs/cgroup:ro"
- name: "debian-11-priv"
image: "onfinfra/molecule-systemd:debian-11"
privileged: true
@@ -25,13 +20,15 @@
host_vars:
debian-11-priv:
ansible_python_interpreter: /usr/bin/python3
- ubuntu-18.04-priv:
- ansible_python_interpreter: /usr/bin/python3
group_vars:
all:
pxeboot_hosts:
- {domain: 'example.com', hostname: 'server1', serial: 'abc123'}
- {domain: 'example.com', hostname: 'server2', serial: 'def456', iface: 'eno2'}
- {domain: 'example.com', hostname: 'server3', mac_address: '01:23:45:ab:cd:ef'}
+ pxeboot_boot_images:
+ - debian11
+ - ubuntu1804
+
verifier:
name: ansible
diff --git a/tasks/debian11.yml b/tasks/debian11.yml
index 448003f..87a1af4 100644
--- a/tasks/debian11.yml
+++ b/tasks/debian11.yml
@@ -31,3 +31,23 @@
group: "{{ pxeboot_groupname }}"
mode: "0644"
with_items: "{{ pxeboot_debian11_nonfree_files }}"
+
+- name: Create debian11 preseed files (serial)
+ template:
+ src: "debian11_preseed.cfg.j2"
+ dest: "{{ pxeboot_web_root }}/debian11/{{ item['serial'] }}_preseed.cfg"
+ owner: "{{ pxeboot_username }}"
+ group: "{{ pxeboot_groupname }}"
+ mode: "0644"
+ with_items: "{{ pxeboot_hosts }}"
+ when: "'serial' in item and item.serial"
+
+- name: Create preseed files (MAC)
+ template:
+ src: "debian11_preseed.cfg.j2"
+ dest: "{{ pxeboot_web_root }}/debian11/{{ item['mac_address'] | lower }}_preseed.cfg"
+ owner: "{{ pxeboot_username }}"
+ group: "{{ pxeboot_groupname }}"
+ mode: "0644"
+ with_items: "{{ pxeboot_hosts }}"
+ when: "'mac_address' in item and item.mac_address"
diff --git a/tasks/memtest.yml b/tasks/memtest.yml
index 06c5d80..f81a71b 100644
--- a/tasks/memtest.yml
+++ b/tasks/memtest.yml
@@ -14,8 +14,10 @@
- name: Download memtest compressed ISO
get_url:
- url: >
- http://memtest.org/download/{{ pxeboot_memtest_version }}/memtest86+-{{ pxeboot_memtest_version }}.iso.gz
+ url: >-
+ https://memtest.org/download/archives/{{
+ pxeboot_memtest_version }}/memtest86+-{{
+ pxeboot_memtest_version }}.iso.gz
checksum: "{{ pxeboot_memtest_checksum }}"
dest: "{{ pxeboot_dist_dir }}/memtest86+-{{ pxeboot_memtest_version }}.iso.gz"
owner: "root"
diff --git a/templates/boot.ipxe.j2 b/templates/boot.ipxe.j2
index a654db0..a59bbe8 100644
--- a/templates/boot.ipxe.j2
+++ b/templates/boot.ipxe.j2
@@ -27,6 +27,8 @@
{% if "debian11" in pxeboot_boot_images %}
item --key g deb11 Debian 11 Installer
item --key h deb11f Debian 11 Installer (nonfree firmware)
+item --key h deb11afs Debian 11 Installer (nonfree firmware, auto, serial)
+item --key h deb11afm Debian 11 Installer (nonfree firmware, auto, MAC)
{% endif %}
{% if "ubuntu1804" in pxeboot_boot_images %}
item --key u ub1804 Ubuntu 18.04 Installer
@@ -98,16 +100,16 @@
# Debian 10
:deb10
echo Booting Debian 10 Installer
-kernel ${http_server_url}/debian10/linux
-initrd ${http_server_url}/debian10/initrd.gz
+kernel ${http_server_url}/debian10/linux initrd=initrd.gz
+initrd ${http_server_url}/debian10/initrd.gz initrd.gz
boot || goto failed
# Debian 10 with nonfree firmware
:deb10f
echo Booting Debian 10 Installer with nonfree firmware
kernel ${http_server_url}/debian10/linux initrd=initrd.gz initrd=firmware.cpio.gz
-initrd ${http_server_url}/debian10/initrd.gz
-initrd ${http_server_url}/debian10/firmware.cpio.gz
+initrd ${http_server_url}/debian10/initrd.gz initrd.gz
+initrd ${http_server_url}/debian10/firmware.cpio.gz firmware.cpio.gz
boot || goto failed
{% endif %}
{% if "debian11" in pxeboot_boot_images %}
@@ -115,7 +117,7 @@
# Debian 11
:deb11
echo Booting Debian 11 Installer
-kernel ${http_server_url}/debian11/linux
+kernel ${http_server_url}/debian11/linux initrd=initrd.gz
initrd ${http_server_url}/debian11/initrd.gz
boot || goto failed
@@ -123,8 +125,26 @@
:deb11f
echo Booting Debian 11 Installer with nonfree firmware
kernel ${http_server_url}/debian11/linux initrd=initrd.gz initrd=firmware.cpio.gz
-initrd ${http_server_url}/debian11/initrd.gz
-initrd ${http_server_url}/debian11/firmware.cpio.gz
+initrd ${http_server_url}/debian11/initrd.gz initrd.gz
+initrd ${http_server_url}/debian11/firmware.cpio.gz firmware.cpio.gz
+boot || goto failed
+
+# Debian 11 with nonfree firmware, auto, serial
+:deb11afs
+echo Booting Debian 11 Installer with nonfree firmware, auto, serial
+kernel ${http_server_url}/debian11/linux initrd=initrd.gz initrd=firmware.cpio.gz initrd=preseed.cfg
+initrd ${http_server_url}/debian11/initrd.gz initrd.gz
+initrd ${http_server_url}/debian11/firmware.cpio.gz firmware.cpio.gz
+initrd ${http_server_url}/debian11/${serial}_preseed.cfg preseed.cfg
+boot || goto failed
+
+# Debian 11 with nonfree firmware, auto, MAC
+:deb11afm
+echo Booting Debian 11 Installer with nonfree firmware, auto, MAC
+kernel ${http_server_url}/debian11/linux initrd=initrd.gz initrd=firmware.cpio.gz initrd=preseed.cfg
+initrd ${http_server_url}/debian11/initrd.gz initrd.gz
+initrd ${http_server_url}/debian11/firmware.cpio.gz firmware.cpio.gz
+initrd ${http_server_url}/debian11/${net0/mac}_preseed.cfg preseed.cfg
boot || goto failed
{% endif %}
{% if "ubuntu1804" in pxeboot_boot_images %}
@@ -132,8 +152,8 @@
# Ubuntu 18.04
:ub1804
echo Booting Ubuntu 18.04 Installer
-kernel ${http_server_url}/ubuntu1804/linux
-initrd ${http_server_url}/ubuntu1804/initrd.gz
+kernel ${http_server_url}/ubuntu1804/linux initrd=initrd.gz
+initrd ${http_server_url}/ubuntu1804/initrd.gz initrd.gz
boot || goto failed
# Ubuntu 18.04 autoinstall, serial
@@ -141,7 +161,7 @@
:ub1804as
echo Booting Ubuntu 18.04 Installer (autoinstall, serial)
kernel ${http_server_url}/ubuntu1804/linux initrd=initrd.gz initrd=preseed.cfg
-initrd ${http_server_url}/ubuntu1804/initrd.gz
+initrd ${http_server_url}/ubuntu1804/initrd.gz initrd.gz
initrd ${http_server_url}/ubuntu1804/${serial}_preseed.cfg preseed.cfg
boot || goto failed
@@ -150,7 +170,7 @@
:ub1804am
echo Booting Ubuntu 18.04 Installer (autoinstall, MAC)
kernel ${http_server_url}/ubuntu1804/linux initrd=initrd.gz initrd=preseed.cfg
-initrd ${http_server_url}/ubuntu1804/initrd.gz
+initrd ${http_server_url}/ubuntu1804/initrd.gz initrd.gz
initrd ${http_server_url}/ubuntu1804/${net0/mac}_preseed.cfg preseed.cfg
boot || goto failed
{% if pxeboot_image_debug %}
@@ -159,7 +179,7 @@
:ub1804adt
echo Booting Ubuntu 18.04 Installer, text mode, debug
kernel ${http_server_url}/ubuntu1804/linux initrd=initrd.gz initrd=preseed.cfg DEBIAN_FRONTEND=text BOOT_DEBUG=2
-initrd ${http_server_url}/ubuntu1804/initrd.gz
+initrd ${http_server_url}/ubuntu1804/initrd.gz initrd.gz
initrd ${http_server_url}/ubuntu1804/${serial}_preseed.cfg preseed.cfg
boot || goto failed
{% endif %}
@@ -169,8 +189,8 @@
# Ubuntu 18.04
:ub2004
echo Booting Ubuntu 20.04 Installer
-kernel ${http_server_url}/ubuntu2004/linux
-initrd ${http_server_url}/ubuntu2004/initrd.gz
+kernel ${http_server_url}/ubuntu2004/linux initrd=initrd.gz
+initrd ${http_server_url}/ubuntu2004/initrd.gz initrd.gz
boot || goto failed
{% endif %}
{% if "openbsd70" in pxeboot_boot_images %}
diff --git a/templates/debian11_preseed.cfg.j2 b/templates/debian11_preseed.cfg.j2
new file mode 100644
index 0000000..c29b9ca
--- /dev/null
+++ b/templates/debian11_preseed.cfg.j2
@@ -0,0 +1,131 @@
+#_preseed_V1
+{#
+SPDX-FileCopyrightText: © 2022 Open Networking Foundation <support@opennetworking.org>
+SPDX-License-Identifier: Apache-2.0
+#}
+# docs https://www.debian.org/releases/stable/amd64/apb.en.html
+
+# enable automatic install
+d-i auto-install/enable boolean true
+
+# ask only critical level questions
+d-i debconf/priority select critical
+
+# locale and keyboard
+d-i debian-installer/locale string en_US.UTF-8
+d-i console-setup/ask_detect boolean false
+d-i keyboard-configuration/xkb-keymap select us
+
+# clock
+d-i clock-setup/utc boolean true
+d-i time/zone string Etc/UTC
+d-i clock-setup/ntp boolean true
+d-i clock-setup/ntp-server string pool.ntp.org
+
+# network and hostname
+{% if 'iface' in item %}
+d-i netcfg/choose_interface select {{ item['iface'] }}
+{% else %}
+d-i netcfg/choose_interface select auto
+{% endif %}
+d-i netcfg/hostname string {{ item['hostname'] }}
+d-i netcfg/get_domain string {{ item['domain'] }}
+
+# load network card firmware
+d-i hw-detect/load_firmware boolean true
+
+## Storage
+# overwrite previous partitions
+d-i partman-lvm/device_remove_lvm boolean true
+d-i partman-lvm/confirm boolean true
+d-i partman-lvm/confirm_nooverwrite boolean true
+d-i partman-md/device_remove_md boolean true
+d-i partman-md/confirm boolean true
+
+# use lvm
+d-i partman-auto/method string lvm
+d-i partman-auto/init_automatically_partition select biggest_free
+d-i partman-auto-lvm/guided_size string max
+d-i partman-auto-lvm/new_vg_name string primary
+
+# use gpt
+d-i partman-basicfilesystems/choose_label string gpt
+d-i partman-basicfilesystems/default_label string gpt
+d-i partman-partitioning/choose_label string gpt
+d-i partman-partitioning/default_label string gpt
+d-i partman/choose_label string gpt
+d-i partman/default_label string gpt
+
+# use ext4
+d-i partman/default_filesystem string ext4
+
+# partitioning
+d-i partman-auto/choose_recipe select atomic
+d-i partman-partitioning/confirm_write_new_label boolean true
+d-i partman/alignment select optimal
+d-i partman/choose_partition select finish
+d-i partman/confirm boolean true
+d-i partman/confirm_nooverwrite boolean true
+
+# configure grub
+# install to first disk
+d-i grub-installer/bootdev string /dev/sda
+d-i grub-installer/with_other_os boolean true
+d-i grub-installer/only_debian boolean true
+d-i grub-installer/make_active boolean true
+d-i grub-installer/skip boolean false
+
+## Software
+# mirror
+d-i mirror/country string manual
+d-i mirror/http/hostname string http.us.debian.org
+d-i mirror/http/directory string /debian
+d-i mirror/http/proxy string
+
+# base install
+d-i base-installer/install-recommends boolean false
+
+# install only the standard system utils
+tasksel tasksel/first multiselect standard, ssh-server
+
+# install python3
+d-i pkgsel/include string python3
+
+# upgrade all packages on install
+d-i pkgsel/upgrade select full-upgrade
+
+# include nonfree
+d-i apt-setup/non-free boolean true
+
+# don't use popcon
+popularity-contest popularity-contest/participate boolean false
+
+# don't allow root login over SSH
+openssh-server openssh-server/permit-root-login boolean true
+openssh-server openssh-server/password-authentication boolean true
+
+# verbose boot, no splashscreen
+d-i debian-installer/quiet boolean false
+d-i debian-installer/splash boolean false
+
+## Users
+# disable root account
+d-i passwd/root-login boolean false
+d-i passwd/root-password-crypted password !!
+
+# create user
+d-i passwd/username string onfadmin
+d-i passwd/user-fullname string ONFAdmin
+d-i passwd/user-password-crypted password {{ preseed_onfadmin_pw_crypt }}
+
+# add SSH pubkey key to user, secure SSHd
+d-i preseed/late_command string \
+ in-target mkdir -p --mode=0700 /home/onfadmin/.ssh ;\
+ in-target sh -c 'echo "{{ preseed_onfadmin_ssh_pubkey }}" > /home/onfadmin/.ssh/authorized_keys';\
+ in-target chmod 0600 /home/onfadmin/.ssh/authorized_keys;\
+ in-target chown -R onfadmin:onfadmin /home/onfadmin/.ssh;\
+ in-target sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/g' /etc/ssh/sshd_config;\
+ in-target sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config;
+
+## Reboot
+d-i finish-install/reboot_in_progress note