profile_xcat
NCSA Common Profiles - Basic xcat master and client setup
This profile does not install xCAT.
For admin tools, see: ncsa/xcat-tools
Dependencies
- inkblot/ipcalc
- ncsa/profile_backup
- ncsa/profile_pam_access
- ncsa/sshd
- puppetlabs/firewall
- puppetlabs/xinetd
- sharumpe/tcpwrappers
Usage
xCAT Client
In a role.pp or profile.pp file:
include profile_xcat::clientHeira data:
---
profile_xcat::master_node_ip: "172.28.28.20"
profile_xcat::master::root::sshkey_pub: "\
ssh-rsa \
AAAAB3NzaC1yc2EAAAADAQAB\
fyXKWY8jNYwxtwSeAWXGIxAZ\
fwq98EgEGMZQV4987g6ehq/o \
root@xcat_server"xCAT Server
In a role.pp or profile.pp file:
include profile_xcat::masterHiera data ... pay close attention to the formatting of the multi-line strings:
- Spaces are added in the proper place in the ssh public key
- Newline is retained in the ssh private key
--- profile_xcat::ipmi_net_cidrs: [] profile_xcat::mgmt_net_cidrs: - "172.28.28.0/24" - "172.28.20.0/23" profile_xcat::master_node_ip: "172.28.28.20" profile_xcat::master::root::sshkey_pub: "\ ssh-rsa \ AAAAB3NzaC1yc2EAAAADAQAB\ fyXKWY8jNYwxtwSeAWXGIxAZ \ root@xcat_server" profile_xcat::master::root::sshkey_priv: | -----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAAB NhAAAAAwEAAQAAAQEA5UTveYT ... -----END OPENSSH PRIVATE KEY-----
When using an xCat server on a VM or a routed network, define the bind ip in hiera for xinetd for the xcat server.
profile_xcat::ipmi_bind_ip: "172.28.16.67"Allowed ports have been trimmed down from security vetting, you can override this hiera value to open up anything extra
profile_xcat::master::firewall::net_port_mapAlso see the defaults for net_port_map set in common.yaml, which has many of the possible ports listed but commented out