Puppet Razor

Requirements:  

Setup Razor server on a separate server from Puppet Master. 

On a Centos/Redhat 7, setup the following:

Step: 1 install dnsmasq

yum install dnsmasq

Step:2 create a directory for tftp boot

mkdir /var/lib/tftpboot

chmod 655 /var/lib/tftpboot/

STEP:3 disable SELinux if necessary,

sestatus

if enabled, you can disable it

vi /etc/sysconfig/selinux

SELINUX=disabled

STEP:4 set hostname

Hostnamectl set-hostname razor.zippyops.com

STEP: 5 Once up, modify the /etc/dnsmaq.conf and add an IP address range, with a 12 or 24 hr lease.

In this example, the range is from .20 - .50


# Uncomment this to enable the integrated DHCP server, you need

# to supply the range of addresses available for lease and optionally

# a lease time. If you have more than one network, you will need to

# repeat this for each network on which you want to supply DHCP service.

dhcp-range=10.0.0.20,10.0.0.50,24h

edit the same file to enable PXE boot

conf-dir=/etc/dnsmasq.d

STEP:6 Create the file /etc/dnsmasq.d/razor and add the following configuration information:


# This works for dnsmasq 2.45

# iPXE sets option 175, mark it for network IPXEBOOT

dhcp-match=IPXEBOOT,175

dhcp-boot=net:IPXEBOOT,bootstrap.ipxe

dhcp-boot=undionly-20140116.kpxe

# TFTP setup

enable-tftp

tftp-root=/var/lib/tftpboot

STEP: 7 Enable dnsmaq on boot

systemctl enable dnsmasq.service

STEP: 8 Start dnsmasq service

systemctl start  dnsmasq.service

STEP:8 make sure dnsmasq is running

[root@razor tftpboot]# systemctl status dnsmasq.service

● dnsmasq.service - DNS caching server.

   Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled)

   Active: active (running) since Sat 2019-08-25 17:10:11 EDT; 4s ago

 Main PID: 22241 (dnsmasq)

   CGroup: /system.slice/dnsmasq.service

           └─22241 /usr/sbin/dnsmasq –k


install Razor server

on the same Centos/Redhat server, install Razor

Step1: edit env vars

edit ~/.bash_profile, add to the end of file

RAZOR_HOSTNAME=`hostname`

HTTP_PORT=8150

HTTPS_PORT=8151

Step2: Install Razor on the node, open Console, create a new Node Group called Razor

First, you can add razor server as a node to the puppet master,

So,  you can run unsigned certificate in razor server,

curl -k https://puppetmaster.zippyops.com:8140/packages/current/install.bash | sudo bash

After that accept the certificate,

You can go to console -> classification,

You can add the new group as a razor,

To click add a new group.

To click razor group,

Here you can pin razor node in it,


Next , go to configuration 

on Class tab, add "pe_razor" class and commit change.

Go back to razer server , to run puppet agent ,

[root@razor ~]# puppet agent –t

This will take time depending on network

Step 3: Once Razor is installed, check that it's working

wget https://razor.zippyops.com:8151/api -O test.out --no-check-certificate

This will generate a JSON out file

Check:

[root@razor ~]# systemctl status pe-razor-server

● pe-razor-server.service - Razor Server

   Loaded: loaded (/usr/lib/systemd/system/pe-razor-server.service; enabled; vendor preset: disabled)

   Active: active (running) since Fri 2019-04-26 11:33:44 IST; 1h 32min ago

 Main PID: 3067 (standalone.sh)

   CGroup: /system.slice/pe-razor-server.service

           ├─3067 /bin/sh /opt/puppetlabs/server/apps/razor-server/share/torquebox/jboss/bin/standalone.sh -Djboss.server.log.dir=/var/log/puppetlabs/razor-server -Dhttp.port=8150 -Dhttps.port=8...

           └─3461 /opt/puppetlabs/server/bin/java -D[Standalone] -server -XX:+UseCompressedOops -Xms128m -Xmx1024m -XX:MaxPermSize=256m -Djava.net.preferIPv4Stack=true -Dorg.jboss.boot.log.file=...


STEP 4: Check that Razor server RPM is installed

[root@razor ~]# rpm -qa | grep razor

pe-razor-server-1.9.3.0-1.el7.noarch

pe-razor-libs-1.0.1-9.pe.el7.noarch

Install Razor client

On Razor machine, install gem for pe_razor_client

gem install pe-razor-client

check Razor version 

[root@razor ~]# razor -v

        Razor Server version: 1.9.3

        Razor Client version: 1.3.0

check any existing nodes using Razors API

[root@razor tftpboot]# razor --url https://razor.zippyops.com:8151/api nodes

From https://razor:8151/api/collections/nodes:

There are no items for this query

Stock the TFTP dir with iPXE boot image

Step 1: Download iPXE boot image and move it to /var/lib/tftpboot directory on Razor machine

wget https://s3.amazonaws.com/pe-razor-resources/undionly-20140116.kpxe

After that copy undionly-20140116.kpxe ,

cp undionly-20140116.kpxe /var/lib/tftpboot

step 2: Download the PXE bootstrap script from localhost, here Im using --no-check-certificate due to cert issues

wget "https://razor.zippyops.com:8151/api/microkernel/bootstrap?nic_max=1&http_port=8150" -O /var/lib/tftpboot/bootstrap.ipxe --no-check-certificate

step 3: check your /var/lib/tftpboot, there should be 2 files there now,

[root@razor tftpboot]# ls

bootstrap.ipxe  undionly-20140116.kpxe

SETp 4: file permission

chmod 655 on both files

chmod 655 /var/lib/tftpboot/*


create an OS Repo

On Razor machine, create a new Repo for Ubuntu

razor create-repo --name ubuntu-14.04 --task ubuntu/trusty --iso url http://releases.ubuntu.com/trusty/ubuntu-14.04.6-server-amd64.iso

This will download the ISO and create a new repo in /opt/puppetlabs/server/data/razor-server/repo/ubuntu14.04

[root@razor ~]# ls /opt/puppetlabs/server/data/razor-server/repo/ubuntu14.04/

boot disks doc EFI install isolinux md5sum.txt pics pool preseed README.disk defines Ubuntu

To check all your REPOS :

[root@razor repo]# razor repos

From https://localhost:8151/api/collections/repos:

To delete a repo, use razor delete-repo –name

To query all repos, razor repos


Create a tag

Here we can  use the mac address for the Ubuntu tag,

razor create-tag --name ubuntu --rule '["=", ["fact", "macaddress"], "08:00:27:df:a4:10"]'

Tasks

PE Razor comes with bunch of pre-built Tasks (directions on how to provision)

on Razor, run razor tasks

[root@razor ~]# razor tasks

From https://localhost:8151/api/collections/tasks:

Query an entry by including its name, e.g. `razor tasks centos`

check to make sure the Ubuntu 14.04 REPO is linked up to this correct task

[root@razor repo]# razor update-repo-task --repo ubuntu-14.04 --task ubuntu/trusty

From https://localhost:8151/api/commands/update-repo-task:

   result: repo ubuntu-14.04 updated to use task ubuntu/trusty

  command: https://localhost:8151/api/collections/commands/5

Broker

To hand off the new VM for Config Management, configure the Broker to be PE Master. Here the hostname of PE Master is 'puppetmaster.zippyops.com'

[root@razor]# razor create-broker --name pe --broker-type puppet-pe --configuration server=puppetmaster.zippyops.com

From https://localhost:8151/api/collections/brokers/pe:

name: pe

broker_type: puppet-pe
configuration:
server: puppetmaster.zippyops.com
policies: 0
command: https://localhost:8151/api/collections/commands/4


Policy

create a new policy to tie all the elements together 

check existing settings

razor repos

razor brokers

razor tags

razor tasks

razor policies

razor create-policy --name ubuntuTest --repo ubuntu-14.04 --broker pe --tag ubuntutest --hostname 'ubuntu-test' --root-password myPassword

test booting VM to Razor's TFTP and PXE


Note: if the VM cant load the kernel due to timeout, check the /var/lib/tftpboot/bootstrap.ipxe, change the Razor hostname to a direct IP, this could be related to DNS not resolving the hostname






Relevant Blogs:

Puppet loops 

Puppet schedule 

Terraform execution in pipeline 

Types of Openstack configuration



Recent Comments

No comments

Leave a Comment