This commit is contained in:
jonas 2021-10-17 20:03:37 +02:00
parent 319c84835d
commit f8661902dc
6 changed files with 43 additions and 140 deletions

View File

@ -1,3 +1,8 @@
Start firewalld:
service.running:
- name: firewalld
- enable: True
Configure wireguard service: Configure wireguard service:
firewalld.service: firewalld.service:
- name: wireguard - name: wireguard

View File

View File

@ -10,20 +10,22 @@ Disable wayland login:
- group: root - group: root
- mode: "0644" - mode: "0644"
Check that passwd file has correct settings:
file.managed:
- name: /home/{{ pillar['username'] }}/.vnc/passwd
- source: salt://remote-desktop/files/passwd
- replace: False
- user: {{ pillar['username'] }}
- group: users
- mode: "0600"
- makedirs: True
- dir_mode: "0700"
Set vnc password if no passwd file: Set vnc password if no passwd file:
cmd.run: cmd.run:
- name: bash -c "echo {{ pillar['remote-desktop']['password'] }} | vncpasswd -f > /home/{{ pillar['username'] }}/.vnc/passwd" - name: bash -c "echo {{ pillar['remote-desktop']['password'] }} | vncpasswd -f > /home/{{ pillar['username'] }}/.vnc/passwd"
- runas: {{ pillar['username'] }} - runas: {{ pillar['username'] }}
- unless: bash -c "[[ -f /home/{{ pillar['username'] }}/.vnc/passwd ]]" - unless: bash -c "[[ -s /home/{{ pillar['username'] }}/.vnc/passwd ]]"
Check that passwd file has correct settings:
file.managed:
- name: /home/{{ pillar['username'] }}/.vnc/passwd
- replace: False
- user: {{ pillar['username'] }}
- group: users
- mode: "0600"
Create x0vncserver desktop file: Create x0vncserver desktop file:
file.managed: file.managed:

View File

@ -1,6 +1,8 @@
base: base:
'*': '*':
- hosts - hosts
- vlan
- firewalld
- ssh - ssh
- chrony - chrony
- atftp - atftp
@ -12,5 +14,4 @@ base:
- docker.registry - docker.registry
- remote-desktop - remote-desktop
- hostapd - hostapd
- firewalld
- wol - wol

25
salt/states/vlan/init.sls Normal file
View File

@ -0,0 +1,25 @@
{% for vlan in pillar['network']['vlan'] -%}
{% set ifname = 'vlan.' + vlan['id']|string %}
create device {{ ifname }}:
cmd.run:
- name: nmcli connection add type vlan con-name {{ ifname }} ifname {{ ifname }} dev {{ pillar['network']['interface'] }} id {{ vlan['id'] }}
- unless: nmcli device show {{ ifname }}
set ip address on {{ ifname }}:
cmd.run:
- name: nmcli connection modify {{ ifname }} ipv4.addresses {{ vlan['address'] }}/24
- unless: bash -c "if [[ \"$(nmcli connection show Wired\ connection\ 1 | sed -n 's/^ipv4.addresses.\s*\(.*\)$/\1/p')\" == "{{ vlan['address'] }}/24" ]]; then exit 0; else exit 1;fi"
set ip static on {{ ifname }}:
cmd.run:
- name: nmcli connection modify {{ ifname }} ipv4.method manual
- unless: bash -c "if [[ \"$(nmcli connection show Wired\ connection\ 1 | sed -n 's/^ipv4.method.\s*\(.*\)$/\1/p')\" == "manual" ]]; then exit 0; else exit 1;fi"
bring up {{ ifname }}:
cmd.run:
- name: nmcli connection up {{ ifname }}
- onchanges:
- cmd: create device {{ ifname }}
- cmd: set ip address on {{ ifname }}
- cmd: set ip static on {{ ifname }}
{% endfor %}

130
update.sh
View File

@ -9,12 +9,9 @@ function printHelp(){
cat << EOF cat << EOF
Usage ${0##*/} [options..] Usage ${0##*/} [options..]
-h,-?, --help Show help and exit -h,-?, --help Show help and exit
-N, --network-vlan configure network settings
-s, --salt run a masterless salt-call -s, --salt run a masterless salt-call
-y, --yes answer 'yes' on all questions -y, --yes answer 'yes' on all questions
-i, --image-load pull images so they hits the local proxy
-t, --tools Install/update tools (kubectl, helm, etc) -t, --tools Install/update tools (kubectl, helm, etc)
-a, --airgap Prepera manifests for airgapped Rancher installs
--rmt-sync Sync database with SUSE Customer Center --rmt-sync Sync database with SUSE Customer Center
--rmt-enable-products Enable all preconfigured repositories --rmt-enable-products Enable all preconfigured repositories
--rmt-mirror Mirror repositories --rmt-mirror Mirror repositories
@ -103,34 +100,6 @@ function do_salt_call(){
$salt state.apply pillar="{username: $USER}" $salt state.apply pillar="{username: $USER}"
} }
function configure_network_vlan(){
new_log "Configure network"
if asktobreak; then
return
fi
eval $(parse_yaml salt/pillars/network.sls "SALT_")
if [[ -f salt/pillars/local.sls ]];then
eval $(parse_yaml salt/pillars/local.sls "SALT_")
fi
#configure external interface
sudo nmcli connection modify "$SALT_network_interface_external" ipv4.method auto
sudo nmcli connection up "$SALT_network_interface_external"
#configure vlan interfaces
local len=${#SALT_network_vlan__id[@]}
for (( i=0; i<$len; i++ ));do
ifname="vlan.${SALT_network_vlan__id[$i]}"
if [[ $(nmcli connection show | grep -i "$ifname" | wc -l) == 0 ]]; then
sudo nmcli connection add type vlan con-name "$ifname" ifname "$ifname" dev "$SALT_network_interface_internal" id "${SALT_network_vlan__id[$i]}"
fi
sudo nmcli connection modify "$ifname" ipv4.addresses "${SALT_network_vlan__address[$i]}/${SALT_network_vlan__netmask[$i]}"
sudo nmcli connection modify "$ifname" ipv4.method manual
sudo nmcli connection up "$ifname"
done
}
function rmt_sync(){ function rmt_sync(){
new_log "Sync RMT Database with SUSE Customer Center" new_log "Sync RMT Database with SUSE Customer Center"
@ -165,40 +134,6 @@ function rmt_mirror(){
fi fi
sudo rmt-cli mirror all sudo rmt-cli mirror all
}
function image_load(){
new_log "Pre Load all Images"
for d in "$SCRIPTDIR"/image-lists/*/ ; do
name="${d::-1}"
name="${name##*/}"
for prdir in $SCRIPTDIR/image-lists/$name/*/; do
version="${prdir::-1}"
version="${version##*/}"
echo " * $name $version"
done
done
if asktobreak; then
return
fi
for d in "$SCRIPTDIR"/image-lists/*/ ; do
name="${d::-1}"
name="${name##*/}"
for prdir in $SCRIPTDIR/image-lists/$name/*/; do
version="${prdir::-1}"
version="${version##*/}"
for f in $prdir/*.txt; do
echo "Loading $name $version - ${f##*/}"
cat $f | while read line
do
sudo podman image pull "$line"
done
done
done
done
} }
function install_tools(){ function install_tools(){
@ -247,53 +182,6 @@ function install_tools(){
set -e set -e
} }
function airgap(){
new_log "Prepair manifests for airgapped installs"
for dir in $SCRIPTDIR/image-lists/Rancher/*/; do
version="${dir::-1}"
version="${version##*/}"
echo " * Rancher $version"
done
if asktobreak; then
return
fi
cd $SCRIPTDIR/airgap
helm repo add rancher-latest https://releases.rancher.com/server-charts/latest
helm repo add jetstack https://charts.jetstack.io
helm repo update
#createing manifests for cert-manager
helm fetch jetstack/cert-manager --version v1.5.1
if [[ ! -d ./manifests/cert-manager-v1.5.1 ]];then
mkdir -p ./manifests/cert-manager-v1.5.1
fi
helm template cert-manager ./cert-manager-v1.5.1.tgz --output-dir ./manifests/cert-manager-v1.5.1 \
--namespace cert-manager
#--set image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/quay.io/jetstack/cert-manager-controller \
#--set webhook.image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/quay.io/jetstack/cert-manager-webhook \
#--set cainjector.image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/quay.io/jetstack/cert-manager-cainjector
curl -L -o ./manifests/cert-manager-v1.5.1/cert-manager-crd.yaml \
https://github.com/jetstack/cert-manager/releases/download/v1.5.1/cert-manager.crds.yaml
#creating manifests for Rancher
for dir in $SCRIPTDIR/image-lists/Rancher/*/; do
version="${dir::-1}"
version="${version##*/}"
helm template rancher ./rancher-${version#?}.tgz --output-dir ./manifests/Rancher-$version \
--no-hooks \
--namespace cattle-system \
--set useBundledSystemChart=true # Use the packaged Rancher system charts
#--set hostname=<RANCHER.YOURDOMAIN.COM> \
#--set certmanager.version=<CERTMANAGER_VERSION> \
#--set rancherImage=<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher \
#--set systemDefaultRegistry=<REGISTRY.YOURDOMAIN.COM:PORT> \ # Set a default private registry to be used in Rancher
done
}
######################### #########################
# #
@ -304,14 +192,11 @@ function airgap(){
#initialize all options #initialize all options
ALL=true ALL=true
SALT=false SALT=false
NETWORK_VLAN=false
ANSWER_YES=false ANSWER_YES=false
RMT_SYNC=false RMT_SYNC=false
RMT_MIRROR=false RMT_MIRROR=false
RMT_ENABLE_PRODUCTS=false RMT_ENABLE_PRODUCTS=false
IMAGE_LOAD=false
INSTALL_TOOLS=false INSTALL_TOOLS=false
AIRGAP=false
while :; do while :; do
case ${1-noop} in case ${1-noop} in
@ -323,10 +208,6 @@ while :; do
SALT=true SALT=true
ALL=false ALL=false
;; ;;
-N|--network-vlan)
NETWORK_VLAN=true
ALL=false
;;
-y|--yes) -y|--yes)
ANSWER_YES=true ANSWER_YES=true
;; ;;
@ -342,18 +223,10 @@ while :; do
RMT_ENABLE_PRODUCTS=true RMT_ENABLE_PRODUCTS=true
ALL=false ALL=false
;; ;;
-i|--image-load)
IMAGE_LOAD=true
ALL=false
;;
-t|--tools) -t|--tools)
INSTALL_TOOLS=true INSTALL_TOOLS=true
ALL=false ALL=false
;; ;;
-a|--airgap)
AIRGAP=true
ALL=false
;;
--) #End of all options --) #End of all options
shift shift
break break
@ -372,14 +245,11 @@ for cmd in git salt-minion curl;do
check_prerequisites "$cmd" check_prerequisites "$cmd"
done done
[[ $ALL == true ]] || [[ $NETWORK_VLAN == true ]] && configure_network_vlan
[[ $ALL == true ]] || [[ $SALT == true ]] && do_salt_call [[ $ALL == true ]] || [[ $SALT == true ]] && do_salt_call
[[ $ALL == true ]] || [[ $RMT_SYNC == true ]] && rmt_sync [[ $ALL == true ]] || [[ $RMT_SYNC == true ]] && rmt_sync
[[ $ALL == true ]] || [[ $RMT_ENABLE_PRODUCTS == true ]] && rmt_enable_products [[ $ALL == true ]] || [[ $RMT_ENABLE_PRODUCTS == true ]] && rmt_enable_products
[[ $ALL == true ]] || [[ $RMT_MIRROR == true ]] && rmt_mirror [[ $ALL == true ]] || [[ $RMT_MIRROR == true ]] && rmt_mirror
[[ $ALL == true ]] || [[ $IMAGE_LOAD == true ]] && image_load
[[ $ALL == true ]] || [[ $INSTALL_TOOLS == true ]] && install_tools [[ $ALL == true ]] || [[ $INSTALL_TOOLS == true ]] && install_tools
[[ $ALL == true ]] || [[ $AIRGAP == true ]] && airgap
printf "\n DONE!!!!!!!\n" printf "\n DONE!!!!!!!\n"