Untitled

foreman:
  auth:
    url: {{ foreman_yml_api_url }}
    user: {{ foreman_yml_api_username }}
    pass: {{ foreman_yml_api_password }}
  auth-source-ldap:
    - name: default
      host: {{ openldap_server_domain_name }}
      port: 389
      account: cn=Manager,{{ openldap_server_dc }}
      account-password: {{ vault_openldap_server_rootpw }}
      base-dn: {{ openldap_server_dc }}
      attr-login: uid
      attr-firstname: givenName
      attr-lastname: sn
      attr-mail: mail
      attr-photo:
      onthefly-register: true
      usergroup-sync: true
      tls: false
      groups-base: ou=groups,{{ openldap_server_dc }}
      ldap-filter:
      server-type: posix
  usergroups:
    - name: ldap-admin
      admin: true
      users:
      groups:
        - name: ldap-admin
      ext-usergroups:
        - name: admin
          auth-source-ldap: default
      roles:
        - name: admin

  setting:
    - name: safemode_render
      value: false
    - name: token_duration
      value: 1800
    - name: access_unattended_without_build
      value: true
    - name: update_ip_from_built_request
      value: true
    - name: use_shortname_for_vms
      value: true
    - name: trusted_puppetmaster_hosts
      value: "[{{ ansible_default_ipv4.address }}, 127.0.0.1]"
    #- name: remote_execution_ssh_user
    #  value: root
    #- name: remote_execution_ssh_key
    #  value: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN318oRd1xXDF5N+1wJNlN9Z7ncTck6qTiG5W0VLmZqLpQP/EHXbWEz4YWbyQrUv4yZegVTTbfKGYhj2aqsDQVov0E/vfASriI/pT3Mu20Z2yG17FOH39zWre16jmPMQkTNaUMGXIFsQW58Sn6Pyo9j81VBjgzNdaw1fvx1sSIBM6SIqXlEm185L3vf0e0miKpK1abNQhqorSV5rfIHS6hqKQIH5Uq6wa/fhMpQ+DtoE7xJj0m2A65SC51yTaDrbqHDhAK+1q87nU7JYhUcVC+CxJ25hmVBo1H6RVhHohZG/+9YNWgNT8sHJbNsS9jL+OME184/tfBMtm0XjlbzU1v root@astrotrain

  smart-proxy:
    - name: Smart Proxy
      url: "http://{{ ansible_default_ipv4.address }}:8000"

  domain:
    - name: {{ ansible_domain }}
      fullname:
      dns-proxy:
      parameters:
  subnet:
    - name: default
      network: {{ ansible_default_ipv4.network }}
      mask: {{ ansible_default_ipv4.netmask }}
      gateway: {{ ansible_default_ipv4.gateway }}
      dns-primary: {{ ansible_dns.nameservers[0] | to_json }}
      dns-secondary:
      from:
      to:
      ipam: None
      vlanid: 10
      domain:
        - name: {{ ansible_domain }}
      dhcp-proxy:
      tftp-proxy: Smart Proxy
      dns-proxy:
      boot-mode: DHCP

  cleanup-architecture:
    - name: i386

  cleanup-medium:
    - name: CentOS mirror
    - name: CoreOS mirror
    - name: Debian mirror
    - name: Fedora mirror
    - name: FreeBSD mirror
    - name: OpenSUSE mirror
    - name: Ubuntu mirror

  cleanup-partition-table:
    - name: AutoYaST entire SCSI disk
    - name: AutoYaST entire virtual disk
    - name: AutoYaST LVM
    - name: CoreOS default fake
    - name: FreeBSD
    - name: Jumpstart default
    - name: Jumpstart mirrored
    - name: Junos default fake
    - name: Kickstart default
    - name: Preseed default
    - name: Preseed custom LVM

  architecture:
    - name: x86_64

  medium:
    - name: Ubuntu Mirror
      path: "http://archive.ubuntu.com/ubuntu"
      os-family: Debian

  partition-table:
    - name: Ubuntu Default
      layout: |
              <%#
              kind: ptable
              name: Preseed default LVM
              oses:
              - Debian
              - Ubuntu
              %>
              <%
                partitioning_method = @host.params['partitioning-method'] ? @host.params['partitioning-method'] : 'lvm'
                partitioning_recipe = @host.params['partitioning-recipe'] ? @host.params['partitioning-recipe'] : 'multi'
                partitioning_expert_recipe = @host.params['partitioning-expert-recipe'] ? @host.params['partitioning-expert-recipe'] : ''
                vg_name = @host.params['partitioning-vg-name'] ? @host.params['partitioning-vg-name'] : 'vg00'
                partitioning_filesystem = @host.params['partitioning-filesystem'] ? @host.params['partitioning-filesystem'] : ''
              -%>

              <% if @host.params['install-disk'] -%>
              d-i partman-auto/disk string <%= @host.params['install-disk'] %>
              <% else -%>
              # Use the first detected hard disk as default installation disk
              d-i partman/early_command string debconf-set partman-auto/disk "$(list-devices disk | head -n1)"
              <% end -%>

              ### Partitioning
              # The presently available methods are: "regular", "lvm" and "crypto"
              d-i partman-auto/method string <%= partitioning_method %>

              # If one of the disks that are going to be automatically partitioned
              # contains an old LVM configuration, the user will normally receive a
              # warning. This can be preseeded away...
              d-i partman-lvm/device_remove_lvm boolean true
              # The same applies to pre-existing software RAID array:
              d-i partman-md/device_remove_md boolean true
              # And the same goes for the confirmation to write the lvm partitions.
              d-i partman-lvm/confirm boolean true
              d-i partman-lvm/confirm_nooverwrite boolean true

              <% if partitioning_method == 'lvm' -%>
              # For LVM partitioning, you can select how much of the volume group to use
              # for logical volumes.
              d-i partman-auto-lvm/guided_size string max
              <% if vg_name != '' -%>
              d-i partman-auto-lvm/new_vg_name string <%= vg_name %>
              <% end -%>
              <% end -%>

              # You can choose one of the three predefined partitioning recipes:
              # - atomic: all files in one partition
              # - home:   separate /home partition
              # - multi:  separate /home, /var, and /tmp partitions (/usr was removed in jessie)
              d-i partman-auto/choose_recipe select <%= partitioning_recipe %>

              <% if partitioning_expert_recipe != '' -%>
              # Or provide a recipe of your own...
              # If you have a way to get a recipe file into the d-i environment, you can
              # just point at it.
              d-i partman-auto/expert_recipe string \
              <%= partitioning_expert_recipe.gsub(/$/, " \\") %>

              <% end -%>

              # If you just want to change the default filesystem to something
              # else, you can do that without providing a full recipe.
              <% if partitioning_filesystem != '' -%>
              d-i partman/default_filesystem string <%= partitioning_filesystem %>
              <% end -%>

              # This makes partman automatically partition without confirmation, provided
              # that you told it what to do using one of the methods above.
              d-i partman/confirm_write_new_label boolean true
              d-i partman/choose_partition select finish
              d-i partman/confirm boolean true
              d-i partman/confirm_nooverwrite boolean true

      snippet: false
      audit-comment: initial import
      locked: false
      os-family: Debian

  provisioning-template:
    - name: Ubuntu PXE
      template: |
                <%#
                kind: PXELinux
                name: Preseed default PXELinux
                oses:
                - Debian
                - Ubuntu
                %>
                #
                # This file was deployed via '<%= template_name %>' template
                #
                # Supported host/hostgroup parameters:
                #
                # blacklist = module1, module2
                #   Blacklisted kernel modules
                #
                # lang = en_US
                #   System locale
                #
                <%
                  options = []
                  if @host.params['blacklist']
                    options << @host.params['blacklist'].split(',').collect{|x| "#{x.strip}.blacklist=yes"}.join(' ')
                  end
                  if @host.operatingsystem.name == 'Debian'
                    options << "auto=true"
                    options << "domain=#{@host.domain}"
                  else
                    options << 'console-setup/ask_detect=false console-setup/layout=USA console-setup/variant=USA keyboard-configuration/layoutcode=us localechooser/translation/warn-light=true localechooser/translation/warn-severe=true'
                  end
                  options << "locale=#{@host.params['lang'] || 'en_US'}"
                  options = options.join(' ')
                -%>

                DEFAULT linux

                LABEL linux
                    KERNEL <%= @kernel %>
                    APPEND initrd=<%= @initrd %> interface=auto url=<%= foreman_url('provision')%> ramdisk_size=10800 root=/dev/rd/0 rw auto hostname=<%= @host.name %> <%= options %>
                    IPAPPEND 2
      snippet: false
      audit-comment: initial import
      template-kind-id: 1
      template-combination-attribute:
        - hostgroup:
          environment:
      os:
        - name: Ubuntu 16.04 LTS
      locked: false

    - name: Ubuntu Preseed
      template: |
                <%#
                kind: provision
                name: Ubuntu Preseed
                oses:
                - Debian
                - Ubuntu
                %>
                <%
                  proxy_string = @host.params['http-proxy'] ? " http://#{@host.params['http-proxy']}:#{@host.params['http-proxy-port']}" : ''
                  salt_enabled = @host.params['salt_master'] ? true : false
                  os_major = @host.operatingsystem.major.to_i
                  squeeze_or_older = (@host.operatingsystem.name == 'Debian' && os_major <= 6)
                %>
                # Locale
                d-i debian-installer/locale string <%= @host.params['lang'] || 'en_US' %>
                # country and keyboard settings are automatic. Keep them ...
                # ... for wheezy and newer:
                d-i keyboard-configuration/xkb-keymap seen true
                <% if squeeze_or_older -%>
                # ... for squeeze and older:
                d-i console-keymaps-at/keymap seen true
                <% end -%>

                <% subnet = @host.subnet -%>
                <% if subnet.respond_to?(:dhcp_boot_mode?) -%>
                  <% dhcp = subnet.dhcp_boot_mode? && !@static -%>
                <% else -%>
                  <% dhcp = !@static -%>
                <% end -%>
                <% unless dhcp -%>
                # Static network configuration.
                d-i preseed/early_command string /bin/killall.sh; /bin/netcfg
                d-i netcfg/disable_autoconfig boolean true
                d-i netcfg/dhcp_failed note
                d-i netcfg/dhcp_options select Configure network manually
                d-i netcfg/disable_dhcp boolean true
                d-i netcfg/get_ipaddress string <%= @host.ip %>
                d-i netcfg/get_netmask string <%= subnet.mask %>
                d-i netcfg/get_nameservers string <%= [subnet.dns_primary,subnet.dns_secondary].reject{|n| n.blank?}.join(' ') %>
                d-i netcfg/get_gateway string <%= subnet.gateway %>
                d-i netcfg/confirm_static boolean true
                <% end -%>

                # Network configuration
                d-i netcfg/choose_interface select auto
                d-i netcfg/get_hostname string <%= @host %>
                d-i netcfg/get_domain string <%= @host.domain %>
                d-i netcfg/wireless_wep string

                d-i hw-detect/load_firmware boolean true

                <% if @host.param_true?('preseed-live-installer') -%>
                # Offline live-installer location
                d-i live-installer/net-image string http://<%= @preseed_server %><%= @preseed_path %>/install/filesystem.squashfs
                <% end -%>

                # Mirror settings
                d-i mirror/country string manual
                d-i mirror/http/hostname string <%= @preseed_server %>
                d-i mirror/http/directory string <%= @preseed_path %>
                d-i mirror/http/proxy string<%= proxy_string %>
                d-i mirror/codename string <%= @host.operatingsystem.release_name %>
                d-i mirror/suite string <%= @host.operatingsystem.release_name %>
                d-i mirror/udeb/suite string <%= @host.operatingsystem.release_name %>

                # Time settings
                d-i clock-setup/utc boolean true
                d-i time/zone string <%= @host.params['time-zone'] || 'UTC' %>

                # NTP
                d-i clock-setup/ntp boolean true
                d-i clock-setup/ntp-server string <%= @host.params['ntp-server'] || '0.debian.pool.ntp.org' %>

                # Set alignment for automatic partitioning
                # Choices: cylinder, minimal, optimal
                #d-i partman/alignment select cylinder

                <%= @host.diskLayout %>

                <% if @host.params['preseed-kernel-image'] -%>
                # Install different kernel
                d-i base-installer/kernel/image string <%= @host.params['preseed-kernel-image'] %>
                <% end %>

                # User settings
                d-i passwd/root-password-crypted password <%= root_pass %>
                user-setup-udeb passwd/root-login boolean true
                d-i passwd/make-user boolean false
                user-setup-udeb passwd/make-user boolean false

                <% repos = 0 %>

                <% if salt_enabled -%>
                <% salt_package = 'salt-minion' -%>
                <% if @host.param_true?('enable-saltstack-repo') -%>
                <% if @host.operatingsystem.name == 'Debian' -%>
                d-i apt-setup/local<%= repos %>/repository string http://debian.saltstack.com/debian <%= @host.operatingsystem.release_name %>-saltstack main
                d-i apt-setup/local<%= repos %>/comment string SaltStack Repository
                d-i apt-setup/local<%= repos %>/key string http://debian.saltstack.com/debian-salt-team-joehealy.gpg.key
                <% repos += 1 -%>
                <% end -%>
                <% if @host.operatingsystem.name == 'Ubuntu' -%>
                d-i apt-setup/local<%= repos %>/repository string http://ppa.launchpad.net/saltstack/salt/ubuntu <%= @host.operatingsystem.release_name %> main
                d-i apt-setup/local<%= repos %>/comment string SaltStack Repository
                d-i apt-setup/local<%= repos %>/key string http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x4759FA960E27C0A6
                <% repos += 1 -%>
                <% end -%>
                <% end -%>
                <% else -%>
                <% salt_package = '' -%>
                <% end -%>

                # Install minimal task set (see tasksel --task-packages minimal)
                tasksel tasksel/first multiselect minimal, ssh-server, openssh-server

                # Install some base packages
                d-i pkgsel/include string <%= salt_package %> lsb-release python
                d-i pkgsel/update-policy select <%= @host.params['preseed-update-policy'] || 'unattended-upgrades' %>
                d-i pkgsel/upgrade select <%= @host.params['preseed-post-install-upgrade'] || 'none' %>

                popularity-contest popularity-contest/participate boolean false

                # Boot loader settings
                #grub-pc grub-pc/hidden_timeout boolean false
                #grub-pc grub-pc/timeout string 10
                d-i grub-installer/only_debian boolean true
                d-i grub-installer/with_other_os boolean true
                <% if @host.params['install-disk'] -%>
                d-i grub-installer/bootdev string <%= @host.params['install-disk'] %>
                <% elsif (@host.operatingsystem.name == 'Debian' and @host.operatingsystem.major.to_i >= 8) or (@host.operatingsystem.name == 'Ubuntu' and @host.operatingsystem.major.to_i >= 16) -%>
                d-i grub-installer/bootdev string default
                <% end -%>
                d-i finish-install/reboot_in_progress note

                d-i preseed/late_command string wget -Y off <%= @static ? "'#{foreman_url('finish')}&static=true'" : foreman_url('finish') %> -O /target/tmp/finish.sh && in-target chmod +x /tmp/finish.sh && in-target /tmp/finish.sh

      snippet: false
      audit-comment: initial import
      template-kind-id: 5
      template-combination-attribute:
        - hostgroup:
          environment:
      os:
        - name: Ubuntu 16.04 LTS
      locked: false

    - name: Ubuntu Finish
      template: |
                <%#
                kind: finish
                name: Ubuntu Finish
                oses:
                - Debian
                - Ubuntu
                %>
                <%
                  # safemode renderer does not support unary negation
                  pm_set = @host.puppetmaster.empty? ? false : true
                  puppet_enabled = pm_set || @host.param_true?('force-puppet')
                  salt_enabled = @host.params['salt_master'] ? true : false
                  chef_enabled = @host.respond_to?(:chef_proxy) && @host.chef_proxy
                %>

                <% subnet = @host.subnet -%>
                <% if subnet.respond_to?(:dhcp_boot_mode?) -%>
                <% dhcp = subnet.dhcp_boot_mode? && !@static -%>
                <% else -%>
                <% dhcp = !@static -%>
                <% end -%>
                <% unless dhcp -%>
                # host and domain name need setting as these values may have come from dhcp if pxe booting
                /bin/sed -i "s/^search.*$/search <%= @host.domain %>/g" /etc/resolv.conf
                /bin/sed -i "s/.*dns-search.*/\tdns-search <%= @host.domain %>/g" /etc/network/interfaces
                /bin/sed -i "s/^<%= @host.ip %>.*/<%= @host.ip %>\t<%= @host.shortname %>.<%= @host.domain %>\t<%= @host.shortname %>/g" /etc/hosts
                /bin/echo <%= @host.shortname %> > /etc/hostname
                <% end -%>

                <% if @host.info['parameters']['realm'] && @host.realm && @host.realm.realm_type == 'FreeIPA' -%>
                <%= snippet 'freeipa_register' %>
                <% end -%>

                <%= snippet('remote_execution_ssh_keys') %>

                <% if chef_enabled %>
                <%= snippet 'chef_client' %>
                <% end -%>

                <% if puppet_enabled %>
                <% if @host.param_true?('enable-puppetlabs-pc1-repo') || @host.param_true?('enable-puppetlabs-repo') -%>
                <%= snippet 'puppetlabs_repo' %>
                <% end -%>
                <%= snippet 'puppet_setup' %>
                <% end -%>

                <% if salt_enabled %>
                <%= snippet 'saltstack_setup' %>
                <% end -%>

                <%= snippet 'preseed_networking_setup' %>
                /usr/bin/wget --no-proxy --quiet --output-document=/dev/null --no-check-certificate <%= foreman_url('built') %>

      snippet: false
      audit-comment: initial import
      template-kind-id: 6
      template-combination-attribute:
        - hostgroup:
          environment:
      os:
        - name: Ubuntu 16.04 LTS
      locked: false


  os:
    - name: Ubuntu
      major: 16
      minor: 4
      description: Ubuntu 16.04 LTS
      family: Debian
      release-name: xenial
      password-hash: SHA512
      architecture:
        - name: x86_64
      provisioning-template:
        - name: Ubuntu PXE
        - name: Ubuntu Preseed
        - name: Ubuntu Finish
      medium:
        - name: Ubuntu Mirror
      partition-table:
        - name: Ubuntu Default
      parameters:
        version: "16.04"
        codename: "xenial"

  hostgroup:
    - name: default
      parent:
      environment:
      os: Ubuntu 16.04 LTS
      architecture: x86_64
      medium: Ubuntu Mirror
      partition-table: Ubuntu Default
      subnet: default
      domain: {{ ansible_domain }}
      parameters: