From f8661902dc87a8ecd701dbd6284caa6e40861883 Mon Sep 17 00:00:00 2001 From: jonas Date: Sun, 17 Oct 2021 20:03:37 +0200 Subject: [PATCH] . --- salt/states/firewalld/init.sls | 5 + salt/states/remote-desktop/files/passwd | 0 salt/states/remote-desktop/init.sls | 20 ++-- salt/states/top.sls | 3 +- salt/states/vlan/init.sls | 25 +++++ update.sh | 130 ------------------------ 6 files changed, 43 insertions(+), 140 deletions(-) create mode 100644 salt/states/remote-desktop/files/passwd create mode 100644 salt/states/vlan/init.sls diff --git a/salt/states/firewalld/init.sls b/salt/states/firewalld/init.sls index f7c0b69..2843ee2 100644 --- a/salt/states/firewalld/init.sls +++ b/salt/states/firewalld/init.sls @@ -1,3 +1,8 @@ +Start firewalld: + service.running: + - name: firewalld + - enable: True + Configure wireguard service: firewalld.service: - name: wireguard diff --git a/salt/states/remote-desktop/files/passwd b/salt/states/remote-desktop/files/passwd new file mode 100644 index 0000000..e69de29 diff --git a/salt/states/remote-desktop/init.sls b/salt/states/remote-desktop/init.sls index e38bdcd..48a005e 100644 --- a/salt/states/remote-desktop/init.sls +++ b/salt/states/remote-desktop/init.sls @@ -10,20 +10,22 @@ Disable wayland login: - group: root - mode: "0644" +Check that passwd file has correct settings: + file.managed: + - name: /home/{{ pillar['username'] }}/.vnc/passwd + - source: salt://remote-desktop/files/passwd + - replace: False + - user: {{ pillar['username'] }} + - group: users + - mode: "0600" + - makedirs: True + - dir_mode: "0700" Set vnc password if no passwd file: cmd.run: - name: bash -c "echo {{ pillar['remote-desktop']['password'] }} | vncpasswd -f > /home/{{ pillar['username'] }}/.vnc/passwd" - runas: {{ pillar['username'] }} - - unless: bash -c "[[ -f /home/{{ pillar['username'] }}/.vnc/passwd ]]" - -Check that passwd file has correct settings: - file.managed: - - name: /home/{{ pillar['username'] }}/.vnc/passwd - - replace: False - - user: {{ pillar['username'] }} - - group: users - - mode: "0600" + - unless: bash -c "[[ -s /home/{{ pillar['username'] }}/.vnc/passwd ]]" Create x0vncserver desktop file: file.managed: diff --git a/salt/states/top.sls b/salt/states/top.sls index 837fb32..ecfe57a 100644 --- a/salt/states/top.sls +++ b/salt/states/top.sls @@ -1,6 +1,8 @@ base: '*': - hosts + - vlan + - firewalld - ssh - chrony - atftp @@ -12,5 +14,4 @@ base: - docker.registry - remote-desktop - hostapd - - firewalld - wol diff --git a/salt/states/vlan/init.sls b/salt/states/vlan/init.sls new file mode 100644 index 0000000..a931fc0 --- /dev/null +++ b/salt/states/vlan/init.sls @@ -0,0 +1,25 @@ +{% for vlan in pillar['network']['vlan'] -%} +{% set ifname = 'vlan.' + vlan['id']|string %} +create device {{ ifname }}: + cmd.run: + - name: nmcli connection add type vlan con-name {{ ifname }} ifname {{ ifname }} dev {{ pillar['network']['interface'] }} id {{ vlan['id'] }} + - unless: nmcli device show {{ ifname }} + +set ip address on {{ ifname }}: + cmd.run: + - name: nmcli connection modify {{ ifname }} ipv4.addresses {{ vlan['address'] }}/24 + - unless: bash -c "if [[ \"$(nmcli connection show Wired\ connection\ 1 | sed -n 's/^ipv4.addresses.\s*\(.*\)$/\1/p')\" == "{{ vlan['address'] }}/24" ]]; then exit 0; else exit 1;fi" + +set ip static on {{ ifname }}: + cmd.run: + - name: nmcli connection modify {{ ifname }} ipv4.method manual + - unless: bash -c "if [[ \"$(nmcli connection show Wired\ connection\ 1 | sed -n 's/^ipv4.method.\s*\(.*\)$/\1/p')\" == "manual" ]]; then exit 0; else exit 1;fi" + +bring up {{ ifname }}: + cmd.run: + - name: nmcli connection up {{ ifname }} + - onchanges: + - cmd: create device {{ ifname }} + - cmd: set ip address on {{ ifname }} + - cmd: set ip static on {{ ifname }} +{% endfor %} diff --git a/update.sh b/update.sh index 0edcc94..fad22d0 100755 --- a/update.sh +++ b/update.sh @@ -9,12 +9,9 @@ function printHelp(){ cat << EOF Usage ${0##*/} [options..] -h,-?, --help Show help and exit --N, --network-vlan configure network settings -s, --salt run a masterless salt-call -y, --yes answer 'yes' on all questions --i, --image-load pull images so they hits the local proxy -t, --tools Install/update tools (kubectl, helm, etc) --a, --airgap Prepera manifests for airgapped Rancher installs --rmt-sync Sync database with SUSE Customer Center --rmt-enable-products Enable all preconfigured repositories --rmt-mirror Mirror repositories @@ -103,34 +100,6 @@ function do_salt_call(){ $salt state.apply pillar="{username: $USER}" } -function configure_network_vlan(){ - new_log "Configure network" - if asktobreak; then - return - fi - eval $(parse_yaml salt/pillars/network.sls "SALT_") - if [[ -f salt/pillars/local.sls ]];then - eval $(parse_yaml salt/pillars/local.sls "SALT_") - fi - - #configure external interface - sudo nmcli connection modify "$SALT_network_interface_external" ipv4.method auto - sudo nmcli connection up "$SALT_network_interface_external" - - #configure vlan interfaces - local len=${#SALT_network_vlan__id[@]} - for (( i=0; i<$len; i++ ));do - ifname="vlan.${SALT_network_vlan__id[$i]}" - if [[ $(nmcli connection show | grep -i "$ifname" | wc -l) == 0 ]]; then - sudo nmcli connection add type vlan con-name "$ifname" ifname "$ifname" dev "$SALT_network_interface_internal" id "${SALT_network_vlan__id[$i]}" - fi - sudo nmcli connection modify "$ifname" ipv4.addresses "${SALT_network_vlan__address[$i]}/${SALT_network_vlan__netmask[$i]}" - sudo nmcli connection modify "$ifname" ipv4.method manual - sudo nmcli connection up "$ifname" - done - - -} function rmt_sync(){ new_log "Sync RMT Database with SUSE Customer Center" @@ -165,40 +134,6 @@ function rmt_mirror(){ fi sudo rmt-cli mirror all -} - -function image_load(){ - new_log "Pre Load all Images" - for d in "$SCRIPTDIR"/image-lists/*/ ; do - name="${d::-1}" - name="${name##*/}" - for prdir in $SCRIPTDIR/image-lists/$name/*/; do - version="${prdir::-1}" - version="${version##*/}" - echo " * $name $version" - done - done - if asktobreak; then - return - fi - for d in "$SCRIPTDIR"/image-lists/*/ ; do - name="${d::-1}" - name="${name##*/}" - for prdir in $SCRIPTDIR/image-lists/$name/*/; do - version="${prdir::-1}" - version="${version##*/}" - for f in $prdir/*.txt; do - echo "Loading $name $version - ${f##*/}" - cat $f | while read line - do - sudo podman image pull "$line" - done - done - done - done - - - } function install_tools(){ @@ -247,53 +182,6 @@ function install_tools(){ set -e } -function airgap(){ - new_log "Prepair manifests for airgapped installs" - for dir in $SCRIPTDIR/image-lists/Rancher/*/; do - version="${dir::-1}" - version="${version##*/}" - echo " * Rancher $version" - done - if asktobreak; then - return - fi - cd $SCRIPTDIR/airgap - - helm repo add rancher-latest https://releases.rancher.com/server-charts/latest - helm repo add jetstack https://charts.jetstack.io - helm repo update - - - #createing manifests for cert-manager - helm fetch jetstack/cert-manager --version v1.5.1 - if [[ ! -d ./manifests/cert-manager-v1.5.1 ]];then - mkdir -p ./manifests/cert-manager-v1.5.1 - fi - helm template cert-manager ./cert-manager-v1.5.1.tgz --output-dir ./manifests/cert-manager-v1.5.1 \ - --namespace cert-manager - #--set image.repository=/quay.io/jetstack/cert-manager-controller \ - #--set webhook.image.repository=/quay.io/jetstack/cert-manager-webhook \ - #--set cainjector.image.repository=/quay.io/jetstack/cert-manager-cainjector - curl -L -o ./manifests/cert-manager-v1.5.1/cert-manager-crd.yaml \ - https://github.com/jetstack/cert-manager/releases/download/v1.5.1/cert-manager.crds.yaml - - #creating manifests for Rancher - - for dir in $SCRIPTDIR/image-lists/Rancher/*/; do - version="${dir::-1}" - version="${version##*/}" - - helm template rancher ./rancher-${version#?}.tgz --output-dir ./manifests/Rancher-$version \ - --no-hooks \ - --namespace cattle-system \ - --set useBundledSystemChart=true # Use the packaged Rancher system charts - #--set hostname= \ - #--set certmanager.version= \ - #--set rancherImage=/rancher/rancher \ - #--set systemDefaultRegistry= \ # Set a default private registry to be used in Rancher - - done -} ######################### # @@ -304,14 +192,11 @@ function airgap(){ #initialize all options ALL=true SALT=false -NETWORK_VLAN=false ANSWER_YES=false RMT_SYNC=false RMT_MIRROR=false RMT_ENABLE_PRODUCTS=false -IMAGE_LOAD=false INSTALL_TOOLS=false -AIRGAP=false while :; do case ${1-noop} in @@ -323,10 +208,6 @@ while :; do SALT=true ALL=false ;; - -N|--network-vlan) - NETWORK_VLAN=true - ALL=false - ;; -y|--yes) ANSWER_YES=true ;; @@ -342,18 +223,10 @@ while :; do RMT_ENABLE_PRODUCTS=true ALL=false ;; - -i|--image-load) - IMAGE_LOAD=true - ALL=false - ;; -t|--tools) INSTALL_TOOLS=true ALL=false ;; - -a|--airgap) - AIRGAP=true - ALL=false - ;; --) #End of all options shift break @@ -372,14 +245,11 @@ for cmd in git salt-minion curl;do check_prerequisites "$cmd" done -[[ $ALL == true ]] || [[ $NETWORK_VLAN == true ]] && configure_network_vlan [[ $ALL == true ]] || [[ $SALT == true ]] && do_salt_call [[ $ALL == true ]] || [[ $RMT_SYNC == true ]] && rmt_sync [[ $ALL == true ]] || [[ $RMT_ENABLE_PRODUCTS == true ]] && rmt_enable_products [[ $ALL == true ]] || [[ $RMT_MIRROR == true ]] && rmt_mirror -[[ $ALL == true ]] || [[ $IMAGE_LOAD == true ]] && image_load [[ $ALL == true ]] || [[ $INSTALL_TOOLS == true ]] && install_tools -[[ $ALL == true ]] || [[ $AIRGAP == true ]] && airgap printf "\n DONE!!!!!!!\n"