5.6 KiB
5.6 KiB
📦 Provisioning — boot, instalace, správa serverů
Síťový boot (PXE / iPXE)
PXE boot flow
1. Server power-on → PXE ROM v NIC / UEFI
2. DHCP Broadcast → DHCP server nabídne IP + next-server (TFTP) + boot file
3. TFTP stáhne pxelinux.0 (BIOS) / bootx64.efi (UEFI)
4. Načte konfiguraci (pxelinux.cfg/default nebo MAC/IP-based)
5. Stáhne kernel + initrd přes TFTP/HTTP (iPXE)
6. Kernel boot → automatická instalace (Kickstart / Preseed / AutoYaST)
DHCP konfigurace (ISC DHCP)
subnet 10.0.0.0 netmask 255.255.255.0 {
next-server 10.0.0.10; # TFTP server
filename "ipxe.efi"; # Boot file (UEFI)
option domain-name-servers 10.0.0.10;
option routers 10.0.0.1;
}
iPXE (moderní náhrada PXE)
- HTTP místo TFTP (rychlejší, spolehlivější)
- HTTPS support (Image verification, secure boot)
- iSCSI boot, FCoE boot
- Scriptable:
chain http://boot.example.com/script.ipxe - Embedded: iPXE ROM flashnutá přímo do NIC
Vergleich PXE vs iPXE
| Vlastnost | PXE | iPXE |
|---|---|---|
| Protokol | TFTP (pomalý, 512B/blok) | HTTP/HTTPS/iSCSI |
| Šifrování | Ne | HTTPS, TLS |
| Scripting | Pouze menu | Plný scripting engine |
| Debugging | Omezený | Vestavěný shell |
| UEFI/BIOS | Oba | Oba |
Automatická instalace
Kickstart (RHEL/Alma/Rocky)
# Minimal kickstart pro RHEL 9
text
url --url="http://10.0.0.10/install/rhel9"
lang en_US.UTF-8
keyboard us
timezone Europe/Prague --isUtc
rootpw --iscrypted $6$...
%packages
@^minimal-environment
vim
net-tools
%end
%post
echo "node001" > /etc/hostname
%end
reboot
Preseed (Debian/Ubuntu)
d-i debian-installer/locale string en_US.UTF-8
d-i keyboard-configuration/xkb-keymap us
d-i netcfg/choose_interface select auto
d-i netcfg/get_hostname string node001
d-i clock-setup/utc boolean true
d-i time/zone string Europe/Prague
d-i partman-auto/method string regular
d-i partman-auto/choose_recipe select atomic
d-i passwd/root-login boolean true
d-i passwd/root-password password securepass
d-i passwd/root-password-again password securepass
d-i pkgsel/include string openssh-server vim
d-i finish-install/reboot_in_progress note
Metal as a Service
MAAS (Canonical)
- Discovery: DHCP → PXE boot → hardware detection (CPU, RAM, disk, MAC)
- Komisionování: node projde commissioning, uloží inventory do DB
- Deploy: obraz OS (Ubuntu, RHEL, ESXi) nahrán na disk → reboot
- Integrace: Juju, OpenStack, Kubernetes (Charmed Kubernetes)
- Networking: VLAN, subnet, DNS/DHCP management, BGP peering
Digital Rebar / RackN
- Provisioning: workflow-based (stages: discovery → firmware → OS → config)
- Multi-cloud: bare metal + cloud + edge
- Template: šablony pro OS deployment (RHEL, Ubuntu, VMware)
- API: plně REST API, Terraform provider
Management API — Redfish
Standard DMTF
REST API (JSON) → nástupce IPMI.
| Endpoint | Účel |
|---|---|
/redfish/v1/Systems/ |
Server management (power, boot, inventory) |
/redfish/v1/Chassis/ |
Fyzický hardware (PSU, fan, temp, sensors) |
/redfish/v1/Managers/ |
BMC (iLO, iDRAC, XClarity) |
/redfish/v1/UpdateService/ |
Firmware updates |
/redfish/v1/EventService/ |
Event subscription (webhook) |
Redfish příklady
# Power on server
POST /redfish/v1/Systems/1/Actions/ComputerSystem.Reset
Body: {"ResetType": "On"}
# Set boot override (one-shot PXE)
PATCH /redfish/v1/Systems/1
Body: {"Boot": {"BootSourceOverrideTarget": "Pxe", "BootSourceOverrideEnabled": "Once"}}
# Get sensor data
GET /redfish/v1/Chassis/1/Thermal
→ {"Temperatures": [{"Name": "CPU1", "ReadingCelsius": 45}], "Fans": [...]}
IPMI (legacy)
- Port 623/UDP (RMCP)
ipmitool power on/off/statusipmitool sensor listipmitool chassis bootdev pxe- Serial over LAN:
ipmitool sol activate
Terraform pro provisioning
# Terraform provider pro VMware vSphere
provider "vsphere" {
user = var.vsphere_user
password = var.vsphere_password
vsphere_server = var.vsphere_server
}
resource "vsphere_virtual_machine" "web" {
name = "web-${count.index}"
resource_pool_id = data.vsphere_resource_pool.pool.id
datastore_id = data.vsphere_datastore.ds.id
num_cpus = 4
memory = 16384
guest_id = "rhel9_64Guest"
network_interface { network_id = data.vsphere_network.net.id }
disk { label = "os", size = 80 }
}
Více v CICD.md.
Firmware management
- BIOS/UEFI settings: profilový update při provisioningu (Redfish
PATCH /Systems/1/Bios) - Firmware updates: Redfish UpdateService, SUU (Dell), SUM (HPE), SMM (Supermicro)
- Lifecycle Controller (Dell LC): integrovaný OS pro firmware management
- Baseline management: udržovat konzistentní firmware verze napříč fleetem
- Boot: UEFI vs Legacy BIOS:
- UEFI: Secure Boot, GPT, větší disky, rychlejší boot
- Legacy BIOS: MBR, kompatibilita, limit 2 TB boot disk
Configuration management (post-provisioning)
| Nástroj | Jazyk | Push/Pull | Use case |
|---|---|---|---|
| Ansible | YAML | Push (SSH) | General config management, ad-hoc |
| Puppet | Ruby DSL | Pull (agent) | State management, enterprise |
| Chef | Ruby DSL | Pull (agent) | Compliance, infrastructure automation |
| SaltStack | YAML/Python | Both (salt-minion) | High-speed config, event-driven |
Více v CICD.md.
Zdroje
Odkazy, knihy a standardy: sources/infrastructure/sources.md