.
This commit is contained in:
jonas
parent
319c84835d
commit
f8661902dc
@ -1,3 +1,8 @@
|
||||
Start firewalld:
|
||||
service.running:
|
||||
- name: firewalld
|
||||
- enable: True
|
||||
|
||||
Configure wireguard service:
|
||||
firewalld.service:
|
||||
- name: wireguard
|
||||
|
||||
0
salt/states/remote-desktop/files/passwd
Normal file
0
salt/states/remote-desktop/files/passwd
Normal file
@ -10,20 +10,22 @@ Disable wayland login:
|
||||
- group: root
|
||||
- mode: "0644"
|
||||
|
||||
Check that passwd file has correct settings:
|
||||
file.managed:
|
||||
- name: /home/{{ pillar['username'] }}/.vnc/passwd
|
||||
- source: salt://remote-desktop/files/passwd
|
||||
- replace: False
|
||||
- user: {{ pillar['username'] }}
|
||||
- group: users
|
||||
- mode: "0600"
|
||||
- makedirs: True
|
||||
- dir_mode: "0700"
|
||||
|
||||
Set vnc password if no passwd file:
|
||||
cmd.run:
|
||||
- name: bash -c "echo {{ pillar['remote-desktop']['password'] }} | vncpasswd -f > /home/{{ pillar['username'] }}/.vnc/passwd"
|
||||
- runas: {{ pillar['username'] }}
|
||||
- unless: bash -c "[[ -f /home/{{ pillar['username'] }}/.vnc/passwd ]]"
|
||||
|
||||
Check that passwd file has correct settings:
|
||||
file.managed:
|
||||
- name: /home/{{ pillar['username'] }}/.vnc/passwd
|
||||
- replace: False
|
||||
- user: {{ pillar['username'] }}
|
||||
- group: users
|
||||
- mode: "0600"
|
||||
- unless: bash -c "[[ -s /home/{{ pillar['username'] }}/.vnc/passwd ]]"
|
||||
|
||||
Create x0vncserver desktop file:
|
||||
file.managed:
|
||||
|
||||
@ -1,6 +1,8 @@
|
||||
base:
|
||||
'*':
|
||||
- hosts
|
||||
- vlan
|
||||
- firewalld
|
||||
- ssh
|
||||
- chrony
|
||||
- atftp
|
||||
@ -12,5 +14,4 @@ base:
|
||||
- docker.registry
|
||||
- remote-desktop
|
||||
- hostapd
|
||||
- firewalld
|
||||
- wol
|
||||
|
||||
25
salt/states/vlan/init.sls
Normal file
25
salt/states/vlan/init.sls
Normal file
@ -0,0 +1,25 @@
|
||||
{% for vlan in pillar['network']['vlan'] -%}
|
||||
{% set ifname = 'vlan.' + vlan['id']|string %}
|
||||
create device {{ ifname }}:
|
||||
cmd.run:
|
||||
- name: nmcli connection add type vlan con-name {{ ifname }} ifname {{ ifname }} dev {{ pillar['network']['interface'] }} id {{ vlan['id'] }}
|
||||
- unless: nmcli device show {{ ifname }}
|
||||
|
||||
set ip address on {{ ifname }}:
|
||||
cmd.run:
|
||||
- name: nmcli connection modify {{ ifname }} ipv4.addresses {{ vlan['address'] }}/24
|
||||
- unless: bash -c "if [[ \"$(nmcli connection show Wired\ connection\ 1 | sed -n 's/^ipv4.addresses.\s*\(.*\)$/\1/p')\" == "{{ vlan['address'] }}/24" ]]; then exit 0; else exit 1;fi"
|
||||
|
||||
set ip static on {{ ifname }}:
|
||||
cmd.run:
|
||||
- name: nmcli connection modify {{ ifname }} ipv4.method manual
|
||||
- unless: bash -c "if [[ \"$(nmcli connection show Wired\ connection\ 1 | sed -n 's/^ipv4.method.\s*\(.*\)$/\1/p')\" == "manual" ]]; then exit 0; else exit 1;fi"
|
||||
|
||||
bring up {{ ifname }}:
|
||||
cmd.run:
|
||||
- name: nmcli connection up {{ ifname }}
|
||||
- onchanges:
|
||||
- cmd: create device {{ ifname }}
|
||||
- cmd: set ip address on {{ ifname }}
|
||||
- cmd: set ip static on {{ ifname }}
|
||||
{% endfor %}
|
||||
130
update.sh
130
update.sh
@ -9,12 +9,9 @@ function printHelp(){
|
||||
cat << EOF
|
||||
Usage ${0##*/} [options..]
|
||||
-h,-?, --help Show help and exit
|
||||
-N, --network-vlan configure network settings
|
||||
-s, --salt run a masterless salt-call
|
||||
-y, --yes answer 'yes' on all questions
|
||||
-i, --image-load pull images so they hits the local proxy
|
||||
-t, --tools Install/update tools (kubectl, helm, etc)
|
||||
-a, --airgap Prepera manifests for airgapped Rancher installs
|
||||
--rmt-sync Sync database with SUSE Customer Center
|
||||
--rmt-enable-products Enable all preconfigured repositories
|
||||
--rmt-mirror Mirror repositories
|
||||
@ -103,34 +100,6 @@ function do_salt_call(){
|
||||
$salt state.apply pillar="{username: $USER}"
|
||||
}
|
||||
|
||||
function configure_network_vlan(){
|
||||
new_log "Configure network"
|
||||
if asktobreak; then
|
||||
return
|
||||
fi
|
||||
eval $(parse_yaml salt/pillars/network.sls "SALT_")
|
||||
if [[ -f salt/pillars/local.sls ]];then
|
||||
eval $(parse_yaml salt/pillars/local.sls "SALT_")
|
||||
fi
|
||||
|
||||
#configure external interface
|
||||
sudo nmcli connection modify "$SALT_network_interface_external" ipv4.method auto
|
||||
sudo nmcli connection up "$SALT_network_interface_external"
|
||||
|
||||
#configure vlan interfaces
|
||||
local len=${#SALT_network_vlan__id[@]}
|
||||
for (( i=0; i<$len; i++ ));do
|
||||
ifname="vlan.${SALT_network_vlan__id[$i]}"
|
||||
if [[ $(nmcli connection show | grep -i "$ifname" | wc -l) == 0 ]]; then
|
||||
sudo nmcli connection add type vlan con-name "$ifname" ifname "$ifname" dev "$SALT_network_interface_internal" id "${SALT_network_vlan__id[$i]}"
|
||||
fi
|
||||
sudo nmcli connection modify "$ifname" ipv4.addresses "${SALT_network_vlan__address[$i]}/${SALT_network_vlan__netmask[$i]}"
|
||||
sudo nmcli connection modify "$ifname" ipv4.method manual
|
||||
sudo nmcli connection up "$ifname"
|
||||
done
|
||||
|
||||
|
||||
}
|
||||
|
||||
function rmt_sync(){
|
||||
new_log "Sync RMT Database with SUSE Customer Center"
|
||||
@ -165,40 +134,6 @@ function rmt_mirror(){
|
||||
fi
|
||||
sudo rmt-cli mirror all
|
||||
|
||||
}
|
||||
|
||||
function image_load(){
|
||||
new_log "Pre Load all Images"
|
||||
for d in "$SCRIPTDIR"/image-lists/*/ ; do
|
||||
name="${d::-1}"
|
||||
name="${name##*/}"
|
||||
for prdir in $SCRIPTDIR/image-lists/$name/*/; do
|
||||
version="${prdir::-1}"
|
||||
version="${version##*/}"
|
||||
echo " * $name $version"
|
||||
done
|
||||
done
|
||||
if asktobreak; then
|
||||
return
|
||||
fi
|
||||
for d in "$SCRIPTDIR"/image-lists/*/ ; do
|
||||
name="${d::-1}"
|
||||
name="${name##*/}"
|
||||
for prdir in $SCRIPTDIR/image-lists/$name/*/; do
|
||||
version="${prdir::-1}"
|
||||
version="${version##*/}"
|
||||
for f in $prdir/*.txt; do
|
||||
echo "Loading $name $version - ${f##*/}"
|
||||
cat $f | while read line
|
||||
do
|
||||
sudo podman image pull "$line"
|
||||
done
|
||||
done
|
||||
done
|
||||
done
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
function install_tools(){
|
||||
@ -247,53 +182,6 @@ function install_tools(){
|
||||
set -e
|
||||
}
|
||||
|
||||
function airgap(){
|
||||
new_log "Prepair manifests for airgapped installs"
|
||||
for dir in $SCRIPTDIR/image-lists/Rancher/*/; do
|
||||
version="${dir::-1}"
|
||||
version="${version##*/}"
|
||||
echo " * Rancher $version"
|
||||
done
|
||||
if asktobreak; then
|
||||
return
|
||||
fi
|
||||
cd $SCRIPTDIR/airgap
|
||||
|
||||
helm repo add rancher-latest https://releases.rancher.com/server-charts/latest
|
||||
helm repo add jetstack https://charts.jetstack.io
|
||||
helm repo update
|
||||
|
||||
|
||||
#createing manifests for cert-manager
|
||||
helm fetch jetstack/cert-manager --version v1.5.1
|
||||
if [[ ! -d ./manifests/cert-manager-v1.5.1 ]];then
|
||||
mkdir -p ./manifests/cert-manager-v1.5.1
|
||||
fi
|
||||
helm template cert-manager ./cert-manager-v1.5.1.tgz --output-dir ./manifests/cert-manager-v1.5.1 \
|
||||
--namespace cert-manager
|
||||
#--set image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/quay.io/jetstack/cert-manager-controller \
|
||||
#--set webhook.image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/quay.io/jetstack/cert-manager-webhook \
|
||||
#--set cainjector.image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/quay.io/jetstack/cert-manager-cainjector
|
||||
curl -L -o ./manifests/cert-manager-v1.5.1/cert-manager-crd.yaml \
|
||||
https://github.com/jetstack/cert-manager/releases/download/v1.5.1/cert-manager.crds.yaml
|
||||
|
||||
#creating manifests for Rancher
|
||||
|
||||
for dir in $SCRIPTDIR/image-lists/Rancher/*/; do
|
||||
version="${dir::-1}"
|
||||
version="${version##*/}"
|
||||
|
||||
helm template rancher ./rancher-${version#?}.tgz --output-dir ./manifests/Rancher-$version \
|
||||
--no-hooks \
|
||||
--namespace cattle-system \
|
||||
--set useBundledSystemChart=true # Use the packaged Rancher system charts
|
||||
#--set hostname=<RANCHER.YOURDOMAIN.COM> \
|
||||
#--set certmanager.version=<CERTMANAGER_VERSION> \
|
||||
#--set rancherImage=<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher \
|
||||
#--set systemDefaultRegistry=<REGISTRY.YOURDOMAIN.COM:PORT> \ # Set a default private registry to be used in Rancher
|
||||
|
||||
done
|
||||
}
|
||||
|
||||
#########################
|
||||
#
|
||||
@ -304,14 +192,11 @@ function airgap(){
|
||||
#initialize all options
|
||||
ALL=true
|
||||
SALT=false
|
||||
NETWORK_VLAN=false
|
||||
ANSWER_YES=false
|
||||
RMT_SYNC=false
|
||||
RMT_MIRROR=false
|
||||
RMT_ENABLE_PRODUCTS=false
|
||||
IMAGE_LOAD=false
|
||||
INSTALL_TOOLS=false
|
||||
AIRGAP=false
|
||||
|
||||
while :; do
|
||||
case ${1-noop} in
|
||||
@ -323,10 +208,6 @@ while :; do
|
||||
SALT=true
|
||||
ALL=false
|
||||
;;
|
||||
-N|--network-vlan)
|
||||
NETWORK_VLAN=true
|
||||
ALL=false
|
||||
;;
|
||||
-y|--yes)
|
||||
ANSWER_YES=true
|
||||
;;
|
||||
@ -342,18 +223,10 @@ while :; do
|
||||
RMT_ENABLE_PRODUCTS=true
|
||||
ALL=false
|
||||
;;
|
||||
-i|--image-load)
|
||||
IMAGE_LOAD=true
|
||||
ALL=false
|
||||
;;
|
||||
-t|--tools)
|
||||
INSTALL_TOOLS=true
|
||||
ALL=false
|
||||
;;
|
||||
-a|--airgap)
|
||||
AIRGAP=true
|
||||
ALL=false
|
||||
;;
|
||||
--) #End of all options
|
||||
shift
|
||||
break
|
||||
@ -372,14 +245,11 @@ for cmd in git salt-minion curl;do
|
||||
check_prerequisites "$cmd"
|
||||
done
|
||||
|
||||
[[ $ALL == true ]] || [[ $NETWORK_VLAN == true ]] && configure_network_vlan
|
||||
[[ $ALL == true ]] || [[ $SALT == true ]] && do_salt_call
|
||||
[[ $ALL == true ]] || [[ $RMT_SYNC == true ]] && rmt_sync
|
||||
[[ $ALL == true ]] || [[ $RMT_ENABLE_PRODUCTS == true ]] && rmt_enable_products
|
||||
[[ $ALL == true ]] || [[ $RMT_MIRROR == true ]] && rmt_mirror
|
||||
[[ $ALL == true ]] || [[ $IMAGE_LOAD == true ]] && image_load
|
||||
[[ $ALL == true ]] || [[ $INSTALL_TOOLS == true ]] && install_tools
|
||||
[[ $ALL == true ]] || [[ $AIRGAP == true ]] && airgap
|
||||
|
||||
|
||||
printf "\n DONE!!!!!!!\n"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user