Provisioning support #295
Provisioning support #295
Conversation
| name: provision | ||
|
|
||
| - name: 'install libvirt gem' | ||
| yum: name=rubygem-ruby-libvirt state=present |
There was a problem hiding this comment.
DHCP not working: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-65343dc650
The update needs another karma to get pushed to EPEL stable.
There was a problem hiding this comment.
In the interim, before running the playbook, run this on the Katello
yum localinstall https://kojipkgs.fedoraproject.org//packages/rubygem-ruby-libvirt/0.6.0/1.el7/x86_64/rubygem-ruby-libvirt-0.6.0-1.el7.x86_64.rpm
There was a problem hiding this comment.
We can throw this into the playbook for now if you want, I added karma to try to help the package along.
|
Awesome idea! What do you think about stacking the shell commands like https://github.com/Katello/forklift/pull/295/files#diff-4fc9c0aa4c54f421837dada92f7c1c01R4 ? I find that to be much more readable (and editable) than a single long line. |
|
We could also (as a future enhancement) consider adding this as we need them to (https://github.com/ansible/ansible-modules-extras/pull/2450/files) or looking into a similar one based on a prototype I did to allow passing "generic" hammer commands. One thing the shell command way lacks is that if you do a create it doesn't check whether the object exists already or not to do an update can error out. |
| name: provision | ||
| xml: '{{ lookup("template", "../templates/provision.xml.j2") }}' | ||
|
|
||
| # Setup TFTP for libvirt |
There was a problem hiding this comment.
This feels like a duplication of the tftp setup that the installer does. Why can't that be used instead?
There was a problem hiding this comment.
Does it do it? I'll have a look. I'm basing it off the blog post for libvirt foreman environments, maybe it's outdated.
There was a problem hiding this comment.
Other than the setuid I think it should do the steps you mention here. I'd be interested if we need to do more to support this properly.
There was a problem hiding this comment.
It needs to be done, at least creating the dierctory, because of a bit of a chicken and egg problem. You can't bring the libvirt network up if /var/lib/tftpboot doesn't exist, but you can't run the installer unless the virbr1 exists.
Evaluation Error: Error while evaluating a Function Call, Could not get the ip address from fact ipaddress_virbr1 at /usr/share/foreman-installer/modules/foreman_proxy/manifests/proxydhcp.pp:8:5 on node centos7-katello-p4-nightly.example.com
I could run the installer twice, once with tftp enable, and then again later with DHCP, but I'd rather not, it's too time consuming especially with Katello.
There was a problem hiding this comment.
If it just requires tftpboot to exist then maybe just leave that in? The installer can then ensure it contains the right data.
|
It should work now, and it's somewhat idempotent. I updated the description of the PR with instructions. |
|
Since theforeman/puppet-foreman_proxy#267 was merged you need to duplicate the tftp stuff again. |
| @@ -0,0 +1 @@ | |||
|
|
|||
| # https://github.com/Katello/hammer-cli-import/pull/31 | ||
| - shell: > | ||
| sudo rm /etc/hammer/cli.modules.d/import.yml | ||
| ignore_errors: True |
There was a problem hiding this comment.
Released here -- Katello/katello-packaging#287
| --- | ||
| # https://github.com/Katello/katello/pull/6311 | ||
| - shell: > | ||
| wget https://raw.githubusercontent.com/bbuckingham/katello/5608b835b01dbe39cbea48ffad11396c83fd684d/app/controllers/katello/concerns/api/v2/hostgroups_controller_extensions.rb -O /opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.2.0/app/controllers/katello/concerns/api/v2/hostgroups_controller_extensions.rb |
There was a problem hiding this comment.
Is this needed for non-master Katello boxes?
There was a problem hiding this comment.
What's a non-master Katello box?
| @@ -0,0 +1 @@ | |||
| /home/stbenjam/git/ansible-modules-extras | |||
| # Product | ||
| - name: 'find product' | ||
| shell: > | ||
| {{ katello_provisioning_hammer }} product info --name "CentOS" --organization "{{ katello_provisioning_organization }}" |
There was a problem hiding this comment.
Nitpick -- I like the stacking method from https://github.com/Katello/forklift/pull/295/files#diff-4fc9c0aa4c54f421837dada92f7c1c01R117 for readability
| # Repo | ||
| - name: 'find repo' | ||
| shell: > | ||
| {{ katello_provisioning_hammer }} repository info --name "CentOS 7" --product "CentOS" --organization "{{ katello_provisioning_organization }}" |
There was a problem hiding this comment.
Nitpick -- I like the stacking method from https://github.com/Katello/forklift/pull/295/files#diff-4fc9c0aa4c54f421837dada92f7c1c01R117 for readability
| # Activation key | ||
| - name: 'find activation key' | ||
| shell: > | ||
| {{ katello_provisioning_hammer }} activation-key info --name "CentOS 7" --organization "{{ katello_provisioning_organization }}" |
There was a problem hiding this comment.
Nitpick -- I like the stacking method from https://github.com/Katello/forklift/pull/295/files#diff-4fc9c0aa4c54f421837dada92f7c1c01R117 for readability
| --environment production | ||
| --puppet-ca-proxy-id {{ katello_provisioning_smart_proxy.Id }} | ||
| --puppet-proxy-id {{ katello_provisioning_smart_proxy.Id }} | ||
| --subnet "192.168.73.0/24" |
There was a problem hiding this comment.
Used in two locations might be worth variablizing
There was a problem hiding this comment.
That'd make users think it's changeable, but they're not. The subnet config is more than just this name.
There's a bunch that could be variablized but I want to get a first iteration in before customizing everything.
| --organizations "{{ katello_provisioning_organization }}" | ||
| --query-organization "{{ katello_provisioning_organization }}" | ||
| --partition-table "Kickstart default" | ||
| --medium "{{ katello_provisioning_organization|regex_replace('\s', '_') }}/Library/CentOS/CentOS_7" |
There was a problem hiding this comment.
You could make this into a variable so you are performing this operation on the data in only one spot
| - hosts: all | ||
| become: true | ||
| roles: | ||
| - test |
stbenjam
force-pushed
the
provisioning
branch
from
e2c2030 to
4331aba
Compare
The idea here is that you can run the playbook on any old box: ansible-playbook -l centos7-katello-p4-nightly playbooks/katello_provisioning.yml Needs a bunch of work to not assume the proxy id being 1 (e.g. you've had the katello for a while).
stbenjam
force-pushed
the
provisioning
branch
from
4331aba to
69a8a20
Compare
|
@beav This should be testable, I'd reccomend using the centos7-provisioning-nightly box included here. See description for full steps. In addition to Katello/katello#6317, you will need to add this to the |
|
@stbenjam the setup steps worked for me, except the nested VM came up in 'paused' state. I am not sure if that is expected or not |
|
@beav Is nested virt working? vmx shows up in |
|
oh i had to do a This PR works as advertised for me 🎆 |
|
@stbenjam what is the best way to get ssh access to the nested guest? I am having some trouble with ping or ssh, but I did see the centos install happen and complete (qemu process used a lot of cpu, then died down and "build" went to "installed" state) |
|
It's a NAT network that only exists on the katello, so you should be able to ssh to the katello, and then ssh to the guest. Password is changeme (set by the host group). Or on the console in the Foreman UI. |
|
My browser didn't have a way to access port 5900 on the provisioning server, but I was able to use vncviewer with an ssh tunnel. |
|
Testing this myself, after clicking submit on the host I hit: |
|
Can you share the foreman production log? Were there any unignored errors in the playbook? You shouldn't hit that, the katello is authoritative for example.com. |
|
Also, did you follow all the manual steps? Including setting the network type to NAT and the name 'provision' for the compute profile? |
|
the |
|
All manual steps as far as I can tell, I am seeing this in the |
|
@stbenjam the manual steps might be good to have in a docs section to easily reference them. For those manual steps, are there open Redmine issues to alleviate the need for them? |
|
@ehelms That error makes me think something is misconfigured in your VM. What is the resolv.conf set to use on that box? |
|
|
Foreman's trying to lookup the host record But, it won't work in a Red Hat office, as we use a DNS sinkhole. You can't connect to anything on port 53 on the internet. |
|
@ehelms Change |
|
Ready for another look. I set query_local_nameservers to true automatically, and broke out libvirt_setup so it could be used standalone. |
|
And added docs. |
|
|
||
| ## How to configure | ||
|
|
||
| 1. Enable nested virt on your phyiscal box. See http://www.rdoxenham.com/?p=275 |
There was a problem hiding this comment.
Could turn the link into something clickable with markdown using []() syntax
EDIT: Ignore me, it does that already if the link is used.
| 5. Configure Activation Key | ||
|
|
||
| - Content/ Activation Keys | ||
| - Assign all available subscriptions to the activation key |
There was a problem hiding this comment.
We in theory should be able to do this with the API or hammer (not requiring it).
There was a problem hiding this comment.
It is possible, but it's a mess of grepping and fact registration, since you need the UUID. I can save it for a future enhancement...
|
Looking good, got a host up except that its been in 'Pending Installation' state for a bit now. One general comment: I assume you are putting the Katello client repo and the puppet repos in the CentOS product for simplification? The downside I see there is it doesn't promote how we generally tell users to layout their products and repositories. I'm OK leaving it as is to get this available to people, just thought it worth commenting on. |
Can you look at the console of the VM and see what it's doing?
I could reorganize it, but was just trying to keep it simple. How would you prefer it to be laid out? |
|
Meh -- that can always be done later if we want. ACK |
|
🎊 |
* [WIP] Provisioning support The idea here is that you can run the playbook on any old box: ansible-playbook -l centos7-katello-p4-nightly playbooks/katello_provisioning.yml
* [WIP] Provisioning support The idea here is that you can run the playbook on any old box: ansible-playbook -l centos7-katello-p4-nightly playbooks/katello_provisioning.yml
How to use this:
Enable nested virt on your phyiscal box: http://www.rdoxenham.com/?p=275. See Dominic's comment on the post, basically this and reboot (or
rmmod kvm-intel; modprobe kvm-intel):Option 1: Use the
centos7-provisioning-nightlybox.Option 2: Use an existing katello box (e.g. centos7-katello-p4-nightly) and run the provisioning playbook (it takes a while, as it syncs (on-demand) centos7, puppet 4). Note: If you are using puppet 4, you need to increase the ram on the box, to something like 8096 otherwise candlepin crashes with OOM.
Login and create a compute profile, because this isn't possible with hammer or the API.
Configure Activation Key
CentOS 7activation key to the host groupClick Hosts/ New Host
Fill in:
- org, location, host group
- deploy on = libvirt
DONE! Click submit 🎉