From 592ada3d1049051407f4127d92a7070e02b39e44 Mon Sep 17 00:00:00 2001 From: Stanislav Hubacek Date: Thu, 11 Jun 2026 13:54:50 +0200 Subject: [PATCH] Delete PROVISIONING.md --- PROVISIONING.md | 197 ------------------------------------------------ 1 file changed, 197 deletions(-) delete mode 100644 PROVISIONING.md diff --git a/PROVISIONING.md b/PROVISIONING.md deleted file mode 100644 index 40d2334..0000000 --- a/PROVISIONING.md +++ /dev/null @@ -1,197 +0,0 @@ -# 📦 Provisioning — boot, instalace, správa serverů - -## Síťový boot (PXE / iPXE) - -### PXE boot flow - -``` -1. Server power-on → PXE ROM v NIC / UEFI -2. DHCP Broadcast → DHCP server nabídne IP + next-server (TFTP) + boot file -3. TFTP stáhne pxelinux.0 (BIOS) / bootx64.efi (UEFI) -4. Načte konfiguraci (pxelinux.cfg/default nebo MAC/IP-based) -5. Stáhne kernel + initrd přes TFTP/HTTP (iPXE) -6. Kernel boot → automatická instalace (Kickstart / Preseed / AutoYaST) -``` - -### DHCP konfigurace (ISC DHCP) - -``` -subnet 10.0.0.0 netmask 255.255.255.0 { - next-server 10.0.0.10; # TFTP server - filename "ipxe.efi"; # Boot file (UEFI) - option domain-name-servers 10.0.0.10; - option routers 10.0.0.1; -} -``` - -### iPXE (moderní náhrada PXE) - -- HTTP místo TFTP (rychlejší, spolehlivější) -- HTTPS support (Image verification, secure boot) -- iSCSI boot, FCoE boot -- Scriptable: `chain http://boot.example.com/script.ipxe` -- Embedded: iPXE ROM flashnutá přímo do NIC - -### Porovnání PXE vs iPXE - -| Vlastnost | PXE | iPXE | -|-----------|-----|------| -| Protokol | TFTP (pomalý, 512B/blok) | HTTP/HTTPS/iSCSI | -| Šifrování | Ne | HTTPS, TLS | -| Scripting | Pouze menu | Plný scripting engine | -| Debugging | Omezený | Vestavěný shell | -| UEFI/BIOS | Oba | Oba | - -## Automatická instalace - -### Kickstart (RHEL/Alma/Rocky) - -``` -# Minimal kickstart pro RHEL 9 -text -url --url="http://10.0.0.10/install/rhel9" -lang en_US.UTF-8 -keyboard us -timezone Europe/Prague --isUtc - -rootpw --iscrypted $6$... - -%packages -@^minimal-environment -vim -net-tools -%end - -%post -echo "node001" > /etc/hostname -%end - -reboot -``` - -### Preseed (Debian/Ubuntu) - -``` -d-i debian-installer/locale string en_US.UTF-8 -d-i keyboard-configuration/xkb-keymap us -d-i netcfg/choose_interface select auto -d-i netcfg/get_hostname string node001 -d-i clock-setup/utc boolean true -d-i time/zone string Europe/Prague - -d-i partman-auto/method string regular -d-i partman-auto/choose_recipe select atomic - -d-i passwd/root-login boolean true -d-i passwd/root-password password securepass -d-i passwd/root-password-again password securepass - -d-i pkgsel/include string openssh-server vim -d-i finish-install/reboot_in_progress note -``` - -## Metal as a Service - -### MAAS (Canonical) - -- **Discovery**: DHCP → PXE boot → hardware detection (CPU, RAM, disk, MAC) -- **Komisionování**: node projde commissioning, uloží inventory do DB -- **Deploy**: obraz OS (Ubuntu, RHEL, ESXi) nahrán na disk → reboot -- **Integrace**: Juju, OpenStack, Kubernetes (Charmed Kubernetes) -- **Networking**: VLAN, subnet, DNS/DHCP management, BGP peering - -### Digital Rebar / RackN - -- **Provisioning**: workflow-based (stages: discovery → firmware → OS → config) -- **Multi-cloud**: bare metal + cloud + edge -- **Template**: šablony pro OS deployment (RHEL, Ubuntu, VMware) -- **API**: plně REST API, Terraform provider - -## Management API — Redfish - -### Standard DMTF - -REST API (JSON) → nástupce IPMI. - -| Endpoint | Účel | -|----------|------| -| `/redfish/v1/Systems/` | Server management (power, boot, inventory) | -| `/redfish/v1/Chassis/` | Fyzický hardware (PSU, fan, temp, sensors) | -| `/redfish/v1/Managers/` | BMC (iLO, iDRAC, XClarity) | -| `/redfish/v1/UpdateService/` | Firmware updates | -| `/redfish/v1/EventService/` | Event subscription (webhook) | - -### Redfish příklady - -``` -# Power on server -POST /redfish/v1/Systems/1/Actions/ComputerSystem.Reset -Body: {"ResetType": "On"} - -# Set boot override (one-shot PXE) -PATCH /redfish/v1/Systems/1 -Body: {"Boot": {"BootSourceOverrideTarget": "Pxe", "BootSourceOverrideEnabled": "Once"}} - -# Get sensor data -GET /redfish/v1/Chassis/1/Thermal -→ {"Temperatures": [{"Name": "CPU1", "ReadingCelsius": 45}], "Fans": [...]} -``` - -### IPMI (legacy) - -- Port 623/UDP (RMCP) -- `ipmitool power on/off/status` -- `ipmitool sensor list` -- `ipmitool chassis bootdev pxe` -- Serial over LAN: `ipmitool sol activate` - -## Terraform pro provisioning - -```hcl -# Terraform provider pro VMware vSphere -provider "vsphere" { - user = var.vsphere_user - password = var.vsphere_password - vsphere_server = var.vsphere_server -} - -resource "vsphere_virtual_machine" "web" { - name = "web-${count.index}" - resource_pool_id = data.vsphere_resource_pool.pool.id - datastore_id = data.vsphere_datastore.ds.id - num_cpus = 4 - memory = 16384 - guest_id = "rhel9_64Guest" - network_interface { network_id = data.vsphere_network.net.id } - disk { label = "os", size = 80 } -} -``` - -Více v [CICD.md](CICD.md#infrastructure-as-code). - -## Firmware management - -- **BIOS/UEFI settings**: profilový update při provisioningu (Redfish `PATCH /Systems/1/Bios`) -- **Firmware updates**: Redfish UpdateService, SUU (Dell), SUM (HPE), SMM (Supermicro) -- **Lifecycle Controller** (Dell LC): integrovaný OS pro firmware management -- **Baseline management**: udržovat konzistentní firmware verze napříč fleetem -- **Boot: UEFI vs Legacy BIOS**: - - **UEFI**: Secure Boot, GPT, větší disky, rychlejší boot - - **Legacy BIOS**: MBR, kompatibilita, limit 2 TB boot disk - -## Configuration management (post-provisioning) - -| Nástroj | Jazyk | Push/Pull | Use case | -|---------|-------|-----------|----------| -| **Ansible** | YAML | Push (SSH) | General config management, ad-hoc | -| **Puppet** | Ruby DSL | Pull (agent) | State management, enterprise | -| **Chef** | Ruby DSL | Pull (agent) | Compliance, infrastructure automation | -| **SaltStack** | YAML/Python | Both (salt-minion) | High-speed config, event-driven | - -Více v [CICD.md](CICD.md). - -## Zdroje - -Odkazy, knihy a standardy: [sources/infrastructure/sources.md](sources/infrastructure/sources.md) - -*Poslední revize: 2026-06-03*