prep-fog-capture: Refactor, split, re-add cobbler-provided hacks

- Configure netplan on boot for Ubuntu
- Configure NetworkManager on boot for CentOS/Rocky
- No more rc.local

Signed-off-by: David Galloway <david.galloway@ibm.com>

Author: djgalloway

tools/prep-fog-capture.yml

@@ -1,181 +1,14 @@
 ---
-### This standalone playbook can be used to prep a COBBLER-IMAGED testnode
+### This role is used to prep a {FOG|MAAS}-IMAGED testnode
 ### so that it can be used to capture an OS image for FOG.
 ### This playbook is needed for a couple reasons
 ###   - NIC configs get hard coded into the captured FOG images so nodes reimaged by FOG don't come up with network
+###   - SSH host keys need to be deleted
+###   - apt and cloud-init services need to be disabled
 
 - hosts:
     - testnodes
-  become: true
+  roles:
+    - prep-fog-capture
   gather_facts: false
-  tasks:
-
-  # (Missing in RHEL8)
-  - name: Check for /usr/bin/python
-    shell: echo marco
-    register: polo
-    ignore_errors: true
-
-  - name: Set ansible_python_interpreter=/usr/bin/python3
-    set_fact:
-      ansible_python_interpreter: /usr/bin/python3
-    when: polo is failed
-
-  # Now that we know where python is, we can gather_facts
-  - setup:
-
-  # We need to leave /.cephlab_rc_local or else each FOG reimage would tell Cobbler to run ceph-cm-ansible
-  - name: Remove lock files and udev rules
-    file:
-      path: "{{ item }}"
-      state: absent
-    with_items:
-      - /etc/udev/rules.d/70-persistent-net.rules
-      - /.cephlab_net_configured
-      - /ceph-qa-ready
-
-  - name: Get list of ifcfg scripts from host used to capture image
-    shell: "ls -1 /etc/sysconfig/network-scripts/ifcfg-* | grep -v ifcfg-lo"
-    register: ifcfg_scripts
-    when: ansible_os_family == "RedHat"
-    ignore_errors: true
-
-  - name: Get list of ifcfg scripts from host used to capture image
-    shell: "ls -1 /etc/sysconfig/network/ifcfg-* | grep -v ifcfg-lo"
-    register: ifcfg_scripts
-    when: ansible_os_family == "Suse"
-    ignore_errors: true
-
-  - name: Delete ifcfg scripts
-    file:
-      path: "{{ item }}"
-      state: absent
-    with_items: "{{ ifcfg_scripts.stdout_lines|default([]) }}"
-    when: ifcfg_scripts is defined
-
-  - name: Remove /var/lib/ceph mountpoint from fstab
-    shell: sed -i '/\/var\/lib\/ceph/d' /etc/fstab
-
-  - name: Unmount /var/lib/ceph
-    ansible.posix.mount:
-      path: /var/lib/ceph
-      state: unmounted
-
-  - name: Install one-shot service to regenerate SSH host keys on first boot
-    copy:
-      dest: /etc/systemd/system/regen-ssh-hostkeys.service
-      owner: root
-      group: root
-      mode: '0644'
-      content: |
-        [Unit]
-        Description=Regenerate SSH host keys on first boot
-        ConditionPathExists=!/etc/ssh/ssh_host_ed25519_key
-        Before=ssh.service
-  
-        [Service]
-        Type=oneshot
-        ExecStart=/usr/bin/ssh-keygen -A
-        ExecStartPost=/bin/systemctl disable regen-ssh-hostkeys.service
-  
-        [Install]
-        WantedBy=multi-user.target
-  
-  - name: Reload systemd daemon
-    systemd:
-      daemon_reload: true
-  
-  - name: Enable regen-ssh-hostkeys.service
-    systemd:
-      name: regen-ssh-hostkeys.service
-      enabled: true
-
-  - name: Get list of SSH host keys
-    shell: "ls -1 /etc/ssh/ssh_host_*"
-    register: ssh_host_keys
-    ignore_errors: true
-
-  # Key regeneration is done automatically on CentOS firstboot.
-  # For Ubuntu, we'll add `dpkg-reconfigure openssh-server` to rc.local
-  - name: Delete SSH host keys so they're generated during firstboot on cloned machines
-    file:
-      path: "{{ item }}"
-      state: absent
-    with_items: "{{ ssh_host_keys.stdout_lines|default([]) }}"
-    when: ssh_host_keys is defined
-
-  - name: Unsubscribe RHEL
-    command: subscription-manager unregister
-    when: ansible_distribution == "RedHat"
-    failed_when: false
-
-  # A file gets leftover when a testnode is registered with Satellite that caused
-  # each registered subsequent testnode to report the wrong hostname
-  - name: Clean up katello facts
-    file:
-      path: /etc/rhsm/facts/katello.facts
-      state: absent
-    when: ansible_distribution == "RedHat"
-
-  # https://bugzilla.redhat.com/show_bug.cgi?id=1814337
-  - name: Disable dnf-makecache service
-    service:
-      name: dnf-makecache.timer
-      state: stopped
-      enabled: no
-    when:
-      - ansible_os_family == "RedHat"
-      - ansible_distribution_major_version|int >= 8
-
-  # Hopefully fixes https://github.com/ceph/ceph-cm-ansible/pull/544#issuecomment-599076564
-  - name: Clean DNF cache
-    shell: "dnf clean all && rm -rf /var/cache/dnf/*"
-    when:
-      - ansible_os_family == "RedHat"
-      - ansible_distribution_major_version|int >= 8
-
-  - set_fact:
-      ntp_service: ntp
-    when: ansible_os_family == "Debian"
-
-  - set_fact:
-      ntp_service: ntpd
-    when: ansible_os_family == "RedHat" and ansible_distribution_major_version|int <= 7
-
-  - set_fact:
-      ntp_service: chronyd
-    when: (ansible_os_family == "RedHat" and ansible_distribution_major_version|int >= 8) or
-          ansible_os_family == "Suse"
-
-  - name: "Stop {{ ntp_service }} service"
-    service:
-      name: "{{ ntp_service }}"
-      state: stopped
-    when: '"ntp" in ntp_service'
-
-  # The theory here is although we do have the ntp service running on boot,
-  # if the time is off, it slowly drifts back in sync.  Since our testnodes
-  # are ephemeral, they don't ever have enough time to correctly drift
-  # back to the correct time.  So we'll force it in the captured OS images.
-  - name: Install ntpdate command if missing
-    package:
-      name: ntpdate
-      state: present
-    when: '"ntp" in ntp_service'
-
-  - name: Force time synchronization using stepping | ntp
-    command: "ntpdate -b {{ ntp_servers|join(' ') }}"
-    when: '"ntp" in ntp_service'
-
-  - name: "Start {{ ntp_service }}"
-    service:
-      name: "{{ ntp_service }}"
-      state: started
-
-  # chronyd needs to be started in order to force time sync. This differs from ntpd.
-  - name: Force time synchronization using stepping | chrony
-    command: chronyc -a makestep
-    when: '"chrony" in ntp_service'
-
-  - name: Sync the hardware clock
-    command: "hwclock --systohc"
+  become: true

tools/roles/prep-fog-capture/files/cephlab-set-hostname.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Ceph Lab hostname configuration
+After=network-online.target nss-lookup.target
+Wants=nss-lookup.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/sbin/cephlab-set-hostname.sh
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target

tools/roles/prep-fog-capture/files/cephlab-set-hostname.sh

@@ -0,0 +1,137 @@
+#!/usr/bin/env bash
+# Wait for /.cephlab_net_configured, then set hostname + /etc/hostname + /etc/hosts
+# Portable across Ubuntu / CentOS Stream / Rocky (GNU userland).
+set -euo pipefail
+
+WAIT_FOR_FILE="/.cephlab_net_configured"
+HOSTNAME_IS_SET_FILE="/.cephlab_hostname_set"
+LOG="/var/log/cephlab-set-hostname.log"
+
+# Default nameserver, override via env var or arg1
+DEFAULT_NAMESERVER="10.20.192.11"
+NAMESERVER="${NAMESERVER:-${1:-${DEFAULT_NAMESERVER}}}"
+
+MAX_WAIT_SECONDS="300"
+SLEEP_SECONDS="1"
+
+touch "$LOG"
+chmod 0644 "$LOG"
+
+# Send *all* stdout/stderr to logfile, journald, and console
+if [[ -w /dev/ttyS1 ]]; then
+  exec > >(tee -a "$LOG" /dev/ttyS1) 2>&1
+else
+  exec > >(tee -a "$LOG") 2>&1
+fi
+
+log() {
+  echo "$(date -u +%FT%T.%N | cut -c1-23) cephlab-set-hostname: $*" >&2
+}
+
+# Exit if this isn't the first boot and hostname is already set
+if [[ -f "${HOSTNAME_IS_SET_FILE}" ]]; then
+  log "We've already set the hostname before. Exiting..."
+  exit 0
+fi
+
+# Wait for /.cephlab_net_configured
+log "Waiting for ${WAIT_FOR_FILE} (up to ${MAX_WAIT_SECONDS}s)..."
+end=$((SECONDS + MAX_WAIT_SECONDS))
+while [[ ! -f "${WAIT_FOR_FILE}" ]]; do
+  if (( SECONDS >= end )); then
+    log "Timed out waiting for ${WAIT_FOR_FILE}. Exiting."
+    exit 1
+  fi
+  sleep "${SLEEP_SECONDS}"
+done
+log "Flag file present. Proceeding."
+
+# Gather IPv4 addresses
+attempts=0
+myips=""
+while [[ -z "${myips}" && ${attempts} -lt 10 ]]; do
+  # Print global-scope IPv4 addresses, one per line (excludes 127/8)
+  # Works across iproute2 versions on Ubuntu/CentOS/Rocky.
+  myips="$(ip -4 -o addr show scope global 2>/dev/null | awk '$2 != "docker0" {print $4}' | cut -d/ -f1)"
+  attempts=$((attempts + 1))
+  sleep 1
+done
+
+if [[ -z "${myips}" ]]; then
+  log "No non-loopback IPv4 addresses found. Nothing to do."
+  exit 0
+fi
+
+# Reverse lookup helper: prefers dig, then host, then getent (best-effort).
+reverse_lookup() {
+  local ip="$1"
+  local ns="$2"
+  local name=""
+
+  if command -v dig >/dev/null 2>&1; then
+    # +short yields trailing dot; strip it
+    name="$(dig +time=1 +tries=1 +short -x "${ip}" @"${ns}" 2>/dev/null | head -n1 | sed 's/\.$//' || true)"
+  elif command -v host >/dev/null 2>&1; then
+    # host -W 1 sets timeout (bind-utils)
+    name="$(host -W 1 "${ip}" "${ns}" 2>/dev/null | awk '/domain name pointer/ {print $5}' | sed 's/\.$//' | head -n1 || true)"
+  elif command -v getent >/dev/null 2>&1; then
+    # getent hosts does forward lookups usually; reverse may work depending on NSS/DNS config
+    name="$(getent hosts "${ip}" 2>/dev/null | awk '{print $2}' | head -n1 || true)"
+  fi
+
+  echo "${name}"
+}
+
+set_hostname() {
+  local fqdn="$1"
+  # Prefer hostnamectl when available; fall back to hostname
+  if command -v hostnamectl >/dev/null 2>&1; then
+    hostnamectl set-hostname "${fqdn}"
+  else
+    hostname "${fqdn}"
+  fi
+}
+
+# Pick the first IP that can reach the nameserver
+for ip in ${myips}; do
+  log "Testing nameserver reachability from ${ip} -> ${NAMESERVER} ..."
+  if timeout 1s ping -I "${ip}" -nq -c1 "${NAMESERVER}" >/dev/null 2>&1; then
+    log "Nameserver reachable from ${ip}. Doing reverse lookup..."
+    newhostname="$(reverse_lookup "${ip}" "${NAMESERVER}")"
+
+    if [[ -z "${newhostname}" ]]; then
+      log "Reverse lookup returned empty hostname. Not changing anything."
+      exit 0
+    fi
+
+    log "Resolved ${ip} -> ${newhostname}"
+
+    # Set runtime hostname (hostnamectl / hostname)
+    set_hostname "${newhostname}"
+
+    shorthostname="${newhostname%%.*}"
+
+    # Persist hostname (use FQDN)
+    echo "${newhostname}" > /etc/hostname
+
+    log "Rewriting /etc/hosts from scratch"
+
+    cat > /etc/hosts <<EOF
+127.0.0.1 localhost
+${ip} ${newhostname} ${shorthostname}
+
+# IPv6
+::1 localhost ip6-localhost ip6-loopback
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
+EOF
+
+    log "Hostname updated: $(hostname) ; /etc/hostname + /etc/hosts rewritten."
+    touch "$HOSTNAME_IS_SET_FILE"
+    exit 0
+  fi
+done
+
+log "No IP could reach nameserver ${NAMESERVER}. Nothing changed."
+exit 1
+

tools/roles/prep-fog-capture/files/netplan-from-link.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=Write netplan from link carrier once
+After=systemd-networkd.service local-fs.target
+Wants=systemd-networkd.service
+
+[Service]
+StandardOutput=journal+console
+StandardError=journal+console
+Type=oneshot
+ExecStart=/usr/local/sbin/netplan-from-link.sh
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target