Fossil/knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Delete PROVISIONING.md

Browse Source
This commit is contained in:
Stanislav Hubacek
2026-06-11 13:54:50 +02:00
parent caefe8f255
commit 592ada3d10
1 changed files with 0 additions and 197 deletions
Download Patch File Download Diff File Expand all files Collapse all files

197
PROVISIONING.md
View File

@@ -1,197 +0,0 @@
# 📦 Provisioning — boot, instalace, správa serverů
## Síťový boot (PXE / iPXE)
### PXE boot flow
```
1. Server power-on → PXE ROM v NIC / UEFI
2. DHCP Broadcast → DHCP server nabídne IP + next-server (TFTP) + boot file
3. TFTP stáhne pxelinux.0 (BIOS) / bootx64.efi (UEFI)
4. Načte konfiguraci (pxelinux.cfg/default nebo MAC/IP-based)
5. Stáhne kernel + initrd přes TFTP/HTTP (iPXE)
6. Kernel boot → automatická instalace (Kickstart / Preseed / AutoYaST)
```
### DHCP konfigurace (ISC DHCP)
```
subnet 10.0.0.0 netmask 255.255.255.0 {
next-server 10.0.0.10; # TFTP server
filename "ipxe.efi"; # Boot file (UEFI)
option domain-name-servers 10.0.0.10;
option routers 10.0.0.1;
}
```
### iPXE (moderní náhrada PXE)
- HTTP místo TFTP (rychlejší, spolehlivější)
- HTTPS support (Image verification, secure boot)
- iSCSI boot, FCoE boot
- Scriptable: `chain http://boot.example.com/script.ipxe`
- Embedded: iPXE ROM flashnutá přímo do NIC
### Porovnání PXE vs iPXE
| Vlastnost | PXE | iPXE |
|-----------|-----|------|
| Protokol | TFTP (pomalý, 512B/blok) | HTTP/HTTPS/iSCSI |
| Šifrování | Ne | HTTPS, TLS |
| Scripting | Pouze menu | Plný scripting engine |
| Debugging | Omezený | Vestavěný shell |
| UEFI/BIOS | Oba | Oba |
## Automatická instalace
### Kickstart (RHEL/Alma/Rocky)
```
# Minimal kickstart pro RHEL 9
text
url --url="http://10.0.0.10/install/rhel9"
lang en_US.UTF-8
keyboard us
timezone Europe/Prague --isUtc
rootpw --iscrypted $6$...
%packages
@^minimal-environment
vim
net-tools
%end
%post
echo "node001" > /etc/hostname
%end
reboot
```
### Preseed (Debian/Ubuntu)
```
d-i debian-installer/locale string en_US.UTF-8
d-i keyboard-configuration/xkb-keymap us
d-i netcfg/choose_interface select auto
d-i netcfg/get_hostname string node001
d-i clock-setup/utc boolean true
d-i time/zone string Europe/Prague
d-i partman-auto/method string regular
d-i partman-auto/choose_recipe select atomic
d-i passwd/root-login boolean true
d-i passwd/root-password password securepass
d-i passwd/root-password-again password securepass
d-i pkgsel/include string openssh-server vim
d-i finish-install/reboot_in_progress note
```
## Metal as a Service
### MAAS (Canonical)
- **Discovery**: DHCP → PXE boot → hardware detection (CPU, RAM, disk, MAC)
- **Komisionování**: node projde commissioning, uloží inventory do DB
- **Deploy**: obraz OS (Ubuntu, RHEL, ESXi) nahrán na disk → reboot
- **Integrace**: Juju, OpenStack, Kubernetes (Charmed Kubernetes)
- **Networking**: VLAN, subnet, DNS/DHCP management, BGP peering
### Digital Rebar / RackN
- **Provisioning**: workflow-based (stages: discovery → firmware → OS → config)
- **Multi-cloud**: bare metal + cloud + edge
- **Template**: šablony pro OS deployment (RHEL, Ubuntu, VMware)
- **API**: plně REST API, Terraform provider
## Management API — Redfish
### Standard DMTF
REST API (JSON) → nástupce IPMI.
| Endpoint | Účel |
|----------|------|
| `/redfish/v1/Systems/` | Server management (power, boot, inventory) |
| `/redfish/v1/Chassis/` | Fyzický hardware (PSU, fan, temp, sensors) |
| `/redfish/v1/Managers/` | BMC (iLO, iDRAC, XClarity) |
| `/redfish/v1/UpdateService/` | Firmware updates |
| `/redfish/v1/EventService/` | Event subscription (webhook) |
### Redfish příklady
```
# Power on server
POST /redfish/v1/Systems/1/Actions/ComputerSystem.Reset
Body: {"ResetType": "On"}
# Set boot override (one-shot PXE)
PATCH /redfish/v1/Systems/1
Body: {"Boot": {"BootSourceOverrideTarget": "Pxe", "BootSourceOverrideEnabled": "Once"}}
# Get sensor data
GET /redfish/v1/Chassis/1/Thermal
→ {"Temperatures": [{"Name": "CPU1", "ReadingCelsius": 45}], "Fans": [...]}
```
### IPMI (legacy)
- Port 623/UDP (RMCP)
- `ipmitool power on/off/status`
- `ipmitool sensor list`
- `ipmitool chassis bootdev pxe`
- Serial over LAN: `ipmitool sol activate`
## Terraform pro provisioning
```hcl
# Terraform provider pro VMware vSphere
provider "vsphere" {
user = var.vsphere_user
password = var.vsphere_password
vsphere_server = var.vsphere_server
}
resource "vsphere_virtual_machine" "web" {
name = "web-${count.index}"
resource_pool_id = data.vsphere_resource_pool.pool.id
datastore_id = data.vsphere_datastore.ds.id
num_cpus = 4
memory = 16384
guest_id = "rhel9_64Guest"
network_interface { network_id = data.vsphere_network.net.id }
disk { label = "os", size = 80 }
}
```
Více v [CICD.md](CICD.md#infrastructure-as-code).
## Firmware management
- **BIOS/UEFI settings**: profilový update při provisioningu (Redfish `PATCH /Systems/1/Bios`)
- **Firmware updates**: Redfish UpdateService, SUU (Dell), SUM (HPE), SMM (Supermicro)
- **Lifecycle Controller** (Dell LC): integrovaný OS pro firmware management
- **Baseline management**: udržovat konzistentní firmware verze napříč fleetem
- **Boot: UEFI vs Legacy BIOS**:
- **UEFI**: Secure Boot, GPT, větší disky, rychlejší boot
- **Legacy BIOS**: MBR, kompatibilita, limit 2 TB boot disk
## Configuration management (post-provisioning)
| Nástroj | Jazyk | Push/Pull | Use case |
|---------|-------|-----------|----------|
| **Ansible** | YAML | Push (SSH) | General config management, ad-hoc |
| **Puppet** | Ruby DSL | Pull (agent) | State management, enterprise |
| **Chef** | Ruby DSL | Pull (agent) | Compliance, infrastructure automation |
| **SaltStack** | YAML/Python | Both (salt-minion) | High-speed config, event-driven |
Více v [CICD.md](CICD.md).
## Zdroje
Odkazy, knihy a standardy: [sources/infrastructure/sources.md](sources/infrastructure/sources.md)
*Poslední revize: 2026-06-03*