Bare Metal Management With Razor (1/N)

Last episode, I spent a little time messing around with Foreman, and eventually came to the conclusion that it's not quite the tool that I was looking for. Foreman wants a lot of fairly involved configuration up front, and (based on my limited experimentation) wants you to have a good idea what you're going to do with hardware ahead of time. Many other candidate systems (see my list) seem to operate under a similar paradigm. What I really want is something that will let me painlessly boot up machines and do basic hardware work (inventory/diagnostics/configuration) before making any decisions about if/how to image them.

One tool which stands out from the crowd in this regard is Razor. It provides a microkernel and some interesting PXE capabilities which let you get things up and running while deferring decisions about imaging to a later date. So it seems like a good candidate to experiment with further.

Start by building the same same base VM we used for Foreman, with the exception it only needs 1G of RAM.

Razor makes use of Postgres for data persistence, so we'll need to get that up and running as well. Here are some instruction for CentOS 7:

yum install -y postgresql-server postgresql-contrib
postgresql-setup initdb
systemctl start postgresql

And then the Razor-specific setup:

su - postgres
createuser -P razor
createdb -O razor razor_prd

The snippet above creates a user named razor and a DB named razor_prd owned by this user. This concludes the basic configuration of the Postgres DB; schema creation will follow in a bit.

Moving on, we need to install the Razor server itself. Again, here's a distillation of the official instructions:

yum install -y http://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
yum install -y razor-server

So far, so good. Next we need to set up the DB schema, using the tools provided by the Razor package:

su - razor -c 'razor-admin -e production migrate-database'

The first time I did this I got

Sequel::DatabaseConnectionError: Java::OrgPostgresqlUtil::PSQLException: FATAL: Ident authentication failed for user "razor"

which indicates that something is wrong with the auth configuration for the Postgres DB. After a little Googling I found this post, which provided a fix. If you get the above error, open pg_hba.conf, wherever it may reside, and change the line which reads

host    all             all             127.0.0.1/32           ident

to

host    all             all             127.0.0.1/32           trust

The observant reader will note that we never set a password for the razor DB user. By default Razor expects to just be able to access the DB without a password, so the above change accommodates this requirement by making the DB trust any connection originating from localhost.

Alrighty, we should be all set. Fire up the server:

service razor-server start

Disable the firewall:

systemctl disable firewalld
iptables -F

And, on your host system, add a port forwarding rule to reach the Razor web interface:

VBoxManage natnetwork modify --netname natnet1 --port-forward-4 'razor:tcp:[127.0.0.1]:8150:[192.168.15.254]:8150'

Now, if you navigate to http://127.0.0.1:8150/api, you should get back a bunch of JSON showing the available server commands. This tells you that the Razor server is up and running and talking to the Postgres DB. This concludes installation of the Razor server proper, but there's still some work to be done to get the PXE infrastructure deployed.

First, a handful of bootstrappy things need to be put in various locations; don't think too hard about this part unless you really, really want to know the gory details. Grab the latest microkernel and put it in the appropriate location:

yum install -y wget
wget http://pup.pt/razor-microkernel-latest
tar -C /opt/puppetlabs/server/data/razor-server/repo -xf razor-microkernel-latest

Ditto the PXE script for UNDI systems:

wget -O /var/lib/tftpboot/undionly.kpxe http://boot.ipxe.org/undionly.kpxe

Add a line to /etc/hosts which will allow Razor to generate a bootstrap script:

192.168.15.254 razor.localdomain razor

and then call the Razor API to generate it:

wget -O /var/lib/tftpboot/bootstrap.ipxe http://razor.localdomain:8150/api/microkernel/bootstrap

This concludes the mindless copying of the aforementioned bootstrappy things... back to the interesting bits.

Now here's a bit of a complication that we haven't had to deal with before. 'razor.localdomain' gets embedded into the bootstrap script, which means it needs to be resolvable by client systems. Usually, when experimenting, you can hack around this by adding appropriate entries to /etc/hosts, but since there's no equivalent to /etc/hosts in the PXE environment that won't work. Instead, razor.localdomain will have to be genuinely resolvable via DNS, which which means we have to stand up some sort of DNS server.

I don't want to set up BIND, or any of the other enterprise-grade servers, for something as simple as providing DNS service for a single subnet. The PXE/DHCP/TFTP setup docs for Razor provide info on configuring Dnsmasq which, incidentally, can also be used for DNS:

Dnsmasq is a lightweight, easy to configure DNS forwarder, designed to provide DNS (and optionally DHCP and TFTP) services to a small-scale network. It can serve the names of local machines which are not in the global DNS.

Dnsmasq is an example of super awesome design. It has a bunch of really smart defaults, like reading records from /etc/hosts and setting up server forwarding on the basis of /etc/resolv.conf. It basically just Does The Right Thing™. So let's get Dnsmasq installed and configured:

yum install -y dnsmasq

Create a file /etc/dnsmasq.conf and paste in the configuration from the Razor docs:

dhcp-match=IPXEBOOT,175
dhcp-boot=net:IPXEBOOT,bootstrap.ipxe
dhcp-boot=undionly.kpxe
# TFTP setup
enable-tftp
tftp-root=/var/lib/tftpboot

We also need to specify the network configuration for DHCP:

dhcp-range=enp0s3,192.168.15.2,192.168.15.253,4h
dhcp-option=3,192.168.15.1

The first line says that requests received from internface enp0s3 will get IPs in the range of 192.168.15.2 - 192.168.15.253 with a lease time of 4 hours. The second line sets the default gateway to 192.168.15.1.

That concludes configuration of Dnsmaq. Once that's done, start it up:

service dnsmasq start

Ok, how are we looking?

[root@razor ~]# dig @127.0.0.1 razor.localdomain | grep -v '^;'

razor.localdomain.	0	IN	A	192.168.15.254

Bueno!

Alright, to recap what we did, since this was more involved than usual:

1. Set up Postgres, and create a DB and user for use by Razor.
2. Install Razor, and then use the provided utilities to set up the DB schema.
3. Put the materials in place to support PXE boot.
4. Install and configure Dnsmasq, which will provide PXE/DHCP, TFTP, and DNS services for our tiny little subnet.

Next time we'll use this collection of infrastructure to PXE boot a couple of VMs.