Last active
August 25, 2020 13:55
-
-
Save ssplatt/d0fdfe993237a6bb9b5972935cb8a58d to your computer and use it in GitHub Desktop.
saltstack api based reactors and orchestration to configure and cleanup pxe install files. similar to The Foreman.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
######### | |
# setup | |
######## | |
curl -sSk https://192.168.50.2:8000/hook/pxe_setup \ | |
-H 'Content-type: application/json' \ | |
-H 'X-Salt-API-Key: testsecret' \ | |
-d '{ | |
"id": "myhost01", | |
"dc_id": "vagrant", | |
"master": "salt", | |
"mac_address": "02:8a:72:89:10:fa", | |
"random_hash": "asdasdasdasdasdasdasdasd", | |
"pxe_menu": { | |
"globals": [ | |
{ | |
"SERIAL": "0 115200" | |
}, | |
{ | |
"default": "vesamenu.c32" | |
}, | |
{ | |
"PROMPT": 0 | |
}, | |
{ | |
"MENU TITLE": "PXE Menu" | |
}, | |
{ | |
"TIMEOUT": 200 | |
}, | |
{ | |
"TOTALTIMEOUT": 6000 | |
}, | |
{ | |
"ONTIMEOUT": "install" | |
} | |
], | |
"labels": [ | |
{ | |
"local": [ | |
{ | |
"MENU LABEL": "Local Boot" | |
}, | |
{ | |
"MENU": "DEFAULT" | |
}, | |
{ | |
"LOCALBOOT": 0 | |
} | |
] | |
}, | |
{ | |
"install": [ | |
{ | |
"MENU LABEL": "Install" | |
}, | |
{ | |
"KERNEL": "debian-installer/amd64/linux" | |
}, | |
{ | |
"APPEND": "console=tty0 console=ttyS0,115200n8 initrd=debian-installer/amd64/initrd.gz preseed/url=http://192.168.50.2/preseed/asdasdasdasdasdasdasdasd debian-installer=en_US locale=en_US kbd-chooser/method=us keyboard-configuration/xkb-keymap=us netcfg/get_hostname=myhost01 netcfg/get_domain=example.com grub-installer/bootdev=/dev/sda" | |
} | |
] | |
} | |
] | |
}, | |
"preseed": { | |
"source": "salt://pxe/files/preseed/preseed.j2", | |
"postinstall_url": "http://192.168.50.2/postinstall", | |
"nic": "auto", | |
"domain": "local", | |
"root_password": "rootpw4kitchen" | |
} | |
}' | |
############## | |
# cleanup | |
#### | |
curl -sSk https://192.168.50.2:8000/hook/pxe_cleanup \ | |
-H 'Content-type: application/json' \ | |
-H 'X-Salt-API-Key: testsecret' \ | |
-d '{ | |
"id": "myhost01", | |
"dc_id": "vagrant", | |
"master": "salt", | |
"mac_address": "02:8a:72:89:10:fa", | |
"random_hash": "asdasdasdasdasdasdasdasd" | |
}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{% set data = salt.pillar.get('event_data') %} | |
# remove minion ID from autoaccept file | |
orch_remove_minion_from_autoaccept: | |
salt.function: | |
- name: file.line | |
- tgt: {{ data.master }} | |
- arg: | |
- /etc/salt/autosign.conf | |
- {{ data.id }} | |
- mode=delete | |
# delete preseed script | |
orch_remove_preseed_script: | |
salt.function: | |
- name: file.remove | |
- tgt: pxeserver | |
- arg: | |
- /var/www/html/{{ data.random_hash }} | |
# delete pxe menu | |
orch_remove_pxe_menu: | |
salt.function: | |
- name: file.remove | |
- tgt: pxeserver | |
- arg: | |
- /srv/tftpboot/pxelinux.cfg/01-{{ data.mac_address | replace(":","-") }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# requires saltstack-formula and pxe-formula | |
{% set data = salt.pillar.get('event_data') %} | |
# enable autosign in master config | |
# add minion ID to autosign file | |
orch_add_minion_to_autoaccept: | |
salt.state: | |
- tgt: {{ data.master }} | |
- sls: | |
- saltstack.master | |
- pillar: | |
saltstack: | |
master: | |
autosign_file: | |
state: 'append' | |
minions: | |
- {{ data.id }} | |
# create preseed script | |
# create pxe menu with default set to install | |
orch_create_pxe_menu_and_preseed: | |
salt.state: | |
- tgt: pxeserver | |
- sls: | |
- pxe.config | |
- pillar: | |
pxe: | |
pxe_menus: | |
01-{{ data.mac_address | replace(":","-") }}: {{ data.pxe_menu }} | |
preseed_configs: | |
{{ data.random_hash }}: {{ data.preseed }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{% set secret_key = data.get('headers', {}).get('X-Salt-Api-Key') %} | |
{% set postdata = data.get('post', {}) %} | |
{% set configsecret = salt['config.get']('api:webhook:secret') %} | |
{% if configsecret != "" and secret_key != "" and secret_key == configsecret %} | |
invoke_pxe_cleanup_orchestration: | |
runner.state.orchestrate: | |
- mods: pxe.orch.disable_pxe | |
- pillar: | |
event_data: {{ postdata | json() }} | |
{% endif %} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{% set secret_key = data.get('headers', {}).get('X-Salt-Api-Key') %} | |
{% set postdata = data.get('post', {}) %} | |
{% set configsecret = salt['config.get']('api:webhook:secret') %} | |
{% if configsecret != "" and secret_key != "" and secret_key == configsecret %} | |
invoke_pxe_setup_orchestration: | |
runner.state.orchestrate: | |
- mods: pxe.orch.enable_pxe | |
- pillar: | |
event_data: {{ postdata | json() }} | |
{% endif %} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
saltstack: | |
reactors: | |
enabled: True | |
events: | |
- tag: salt/netapi/hook/pxe_setup | |
action: pxe_setup | |
- tag: salt/netapi/hook/pxe_cleanup | |
action: pxe_cleanup | |
api: | |
enabled: True | |
service: | |
state: running | |
enable: True | |
cherrypy_from_pip: True | |
cherrypy: | |
port: 8000 | |
directory: /etc/salt/pki/cherrypi | |
webhook_disable_auth: True | |
webhook_url: /hook | |
cert: | |
name: localhost.crt | |
key: | |
name: localhost.key | |
webhook: | |
secret: testsecret |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment