.
This commit is contained in:
parent
319c84835d
commit
f8661902dc
@ -1,3 +1,8 @@
|
|||||||
|
Start firewalld:
|
||||||
|
service.running:
|
||||||
|
- name: firewalld
|
||||||
|
- enable: True
|
||||||
|
|
||||||
Configure wireguard service:
|
Configure wireguard service:
|
||||||
firewalld.service:
|
firewalld.service:
|
||||||
- name: wireguard
|
- name: wireguard
|
||||||
|
0
salt/states/remote-desktop/files/passwd
Normal file
0
salt/states/remote-desktop/files/passwd
Normal file
@ -10,20 +10,22 @@ Disable wayland login:
|
|||||||
- group: root
|
- group: root
|
||||||
- mode: "0644"
|
- mode: "0644"
|
||||||
|
|
||||||
|
Check that passwd file has correct settings:
|
||||||
|
file.managed:
|
||||||
|
- name: /home/{{ pillar['username'] }}/.vnc/passwd
|
||||||
|
- source: salt://remote-desktop/files/passwd
|
||||||
|
- replace: False
|
||||||
|
- user: {{ pillar['username'] }}
|
||||||
|
- group: users
|
||||||
|
- mode: "0600"
|
||||||
|
- makedirs: True
|
||||||
|
- dir_mode: "0700"
|
||||||
|
|
||||||
Set vnc password if no passwd file:
|
Set vnc password if no passwd file:
|
||||||
cmd.run:
|
cmd.run:
|
||||||
- name: bash -c "echo {{ pillar['remote-desktop']['password'] }} | vncpasswd -f > /home/{{ pillar['username'] }}/.vnc/passwd"
|
- name: bash -c "echo {{ pillar['remote-desktop']['password'] }} | vncpasswd -f > /home/{{ pillar['username'] }}/.vnc/passwd"
|
||||||
- runas: {{ pillar['username'] }}
|
- runas: {{ pillar['username'] }}
|
||||||
- unless: bash -c "[[ -f /home/{{ pillar['username'] }}/.vnc/passwd ]]"
|
- unless: bash -c "[[ -s /home/{{ pillar['username'] }}/.vnc/passwd ]]"
|
||||||
|
|
||||||
Check that passwd file has correct settings:
|
|
||||||
file.managed:
|
|
||||||
- name: /home/{{ pillar['username'] }}/.vnc/passwd
|
|
||||||
- replace: False
|
|
||||||
- user: {{ pillar['username'] }}
|
|
||||||
- group: users
|
|
||||||
- mode: "0600"
|
|
||||||
|
|
||||||
Create x0vncserver desktop file:
|
Create x0vncserver desktop file:
|
||||||
file.managed:
|
file.managed:
|
||||||
|
@ -1,6 +1,8 @@
|
|||||||
base:
|
base:
|
||||||
'*':
|
'*':
|
||||||
- hosts
|
- hosts
|
||||||
|
- vlan
|
||||||
|
- firewalld
|
||||||
- ssh
|
- ssh
|
||||||
- chrony
|
- chrony
|
||||||
- atftp
|
- atftp
|
||||||
@ -12,5 +14,4 @@ base:
|
|||||||
- docker.registry
|
- docker.registry
|
||||||
- remote-desktop
|
- remote-desktop
|
||||||
- hostapd
|
- hostapd
|
||||||
- firewalld
|
|
||||||
- wol
|
- wol
|
||||||
|
25
salt/states/vlan/init.sls
Normal file
25
salt/states/vlan/init.sls
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
{% for vlan in pillar['network']['vlan'] -%}
|
||||||
|
{% set ifname = 'vlan.' + vlan['id']|string %}
|
||||||
|
create device {{ ifname }}:
|
||||||
|
cmd.run:
|
||||||
|
- name: nmcli connection add type vlan con-name {{ ifname }} ifname {{ ifname }} dev {{ pillar['network']['interface'] }} id {{ vlan['id'] }}
|
||||||
|
- unless: nmcli device show {{ ifname }}
|
||||||
|
|
||||||
|
set ip address on {{ ifname }}:
|
||||||
|
cmd.run:
|
||||||
|
- name: nmcli connection modify {{ ifname }} ipv4.addresses {{ vlan['address'] }}/24
|
||||||
|
- unless: bash -c "if [[ \"$(nmcli connection show Wired\ connection\ 1 | sed -n 's/^ipv4.addresses.\s*\(.*\)$/\1/p')\" == "{{ vlan['address'] }}/24" ]]; then exit 0; else exit 1;fi"
|
||||||
|
|
||||||
|
set ip static on {{ ifname }}:
|
||||||
|
cmd.run:
|
||||||
|
- name: nmcli connection modify {{ ifname }} ipv4.method manual
|
||||||
|
- unless: bash -c "if [[ \"$(nmcli connection show Wired\ connection\ 1 | sed -n 's/^ipv4.method.\s*\(.*\)$/\1/p')\" == "manual" ]]; then exit 0; else exit 1;fi"
|
||||||
|
|
||||||
|
bring up {{ ifname }}:
|
||||||
|
cmd.run:
|
||||||
|
- name: nmcli connection up {{ ifname }}
|
||||||
|
- onchanges:
|
||||||
|
- cmd: create device {{ ifname }}
|
||||||
|
- cmd: set ip address on {{ ifname }}
|
||||||
|
- cmd: set ip static on {{ ifname }}
|
||||||
|
{% endfor %}
|
130
update.sh
130
update.sh
@ -9,12 +9,9 @@ function printHelp(){
|
|||||||
cat << EOF
|
cat << EOF
|
||||||
Usage ${0##*/} [options..]
|
Usage ${0##*/} [options..]
|
||||||
-h,-?, --help Show help and exit
|
-h,-?, --help Show help and exit
|
||||||
-N, --network-vlan configure network settings
|
|
||||||
-s, --salt run a masterless salt-call
|
-s, --salt run a masterless salt-call
|
||||||
-y, --yes answer 'yes' on all questions
|
-y, --yes answer 'yes' on all questions
|
||||||
-i, --image-load pull images so they hits the local proxy
|
|
||||||
-t, --tools Install/update tools (kubectl, helm, etc)
|
-t, --tools Install/update tools (kubectl, helm, etc)
|
||||||
-a, --airgap Prepera manifests for airgapped Rancher installs
|
|
||||||
--rmt-sync Sync database with SUSE Customer Center
|
--rmt-sync Sync database with SUSE Customer Center
|
||||||
--rmt-enable-products Enable all preconfigured repositories
|
--rmt-enable-products Enable all preconfigured repositories
|
||||||
--rmt-mirror Mirror repositories
|
--rmt-mirror Mirror repositories
|
||||||
@ -103,34 +100,6 @@ function do_salt_call(){
|
|||||||
$salt state.apply pillar="{username: $USER}"
|
$salt state.apply pillar="{username: $USER}"
|
||||||
}
|
}
|
||||||
|
|
||||||
function configure_network_vlan(){
|
|
||||||
new_log "Configure network"
|
|
||||||
if asktobreak; then
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
eval $(parse_yaml salt/pillars/network.sls "SALT_")
|
|
||||||
if [[ -f salt/pillars/local.sls ]];then
|
|
||||||
eval $(parse_yaml salt/pillars/local.sls "SALT_")
|
|
||||||
fi
|
|
||||||
|
|
||||||
#configure external interface
|
|
||||||
sudo nmcli connection modify "$SALT_network_interface_external" ipv4.method auto
|
|
||||||
sudo nmcli connection up "$SALT_network_interface_external"
|
|
||||||
|
|
||||||
#configure vlan interfaces
|
|
||||||
local len=${#SALT_network_vlan__id[@]}
|
|
||||||
for (( i=0; i<$len; i++ ));do
|
|
||||||
ifname="vlan.${SALT_network_vlan__id[$i]}"
|
|
||||||
if [[ $(nmcli connection show | grep -i "$ifname" | wc -l) == 0 ]]; then
|
|
||||||
sudo nmcli connection add type vlan con-name "$ifname" ifname "$ifname" dev "$SALT_network_interface_internal" id "${SALT_network_vlan__id[$i]}"
|
|
||||||
fi
|
|
||||||
sudo nmcli connection modify "$ifname" ipv4.addresses "${SALT_network_vlan__address[$i]}/${SALT_network_vlan__netmask[$i]}"
|
|
||||||
sudo nmcli connection modify "$ifname" ipv4.method manual
|
|
||||||
sudo nmcli connection up "$ifname"
|
|
||||||
done
|
|
||||||
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
function rmt_sync(){
|
function rmt_sync(){
|
||||||
new_log "Sync RMT Database with SUSE Customer Center"
|
new_log "Sync RMT Database with SUSE Customer Center"
|
||||||
@ -165,40 +134,6 @@ function rmt_mirror(){
|
|||||||
fi
|
fi
|
||||||
sudo rmt-cli mirror all
|
sudo rmt-cli mirror all
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
function image_load(){
|
|
||||||
new_log "Pre Load all Images"
|
|
||||||
for d in "$SCRIPTDIR"/image-lists/*/ ; do
|
|
||||||
name="${d::-1}"
|
|
||||||
name="${name##*/}"
|
|
||||||
for prdir in $SCRIPTDIR/image-lists/$name/*/; do
|
|
||||||
version="${prdir::-1}"
|
|
||||||
version="${version##*/}"
|
|
||||||
echo " * $name $version"
|
|
||||||
done
|
|
||||||
done
|
|
||||||
if asktobreak; then
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
for d in "$SCRIPTDIR"/image-lists/*/ ; do
|
|
||||||
name="${d::-1}"
|
|
||||||
name="${name##*/}"
|
|
||||||
for prdir in $SCRIPTDIR/image-lists/$name/*/; do
|
|
||||||
version="${prdir::-1}"
|
|
||||||
version="${version##*/}"
|
|
||||||
for f in $prdir/*.txt; do
|
|
||||||
echo "Loading $name $version - ${f##*/}"
|
|
||||||
cat $f | while read line
|
|
||||||
do
|
|
||||||
sudo podman image pull "$line"
|
|
||||||
done
|
|
||||||
done
|
|
||||||
done
|
|
||||||
done
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function install_tools(){
|
function install_tools(){
|
||||||
@ -247,53 +182,6 @@ function install_tools(){
|
|||||||
set -e
|
set -e
|
||||||
}
|
}
|
||||||
|
|
||||||
function airgap(){
|
|
||||||
new_log "Prepair manifests for airgapped installs"
|
|
||||||
for dir in $SCRIPTDIR/image-lists/Rancher/*/; do
|
|
||||||
version="${dir::-1}"
|
|
||||||
version="${version##*/}"
|
|
||||||
echo " * Rancher $version"
|
|
||||||
done
|
|
||||||
if asktobreak; then
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
cd $SCRIPTDIR/airgap
|
|
||||||
|
|
||||||
helm repo add rancher-latest https://releases.rancher.com/server-charts/latest
|
|
||||||
helm repo add jetstack https://charts.jetstack.io
|
|
||||||
helm repo update
|
|
||||||
|
|
||||||
|
|
||||||
#createing manifests for cert-manager
|
|
||||||
helm fetch jetstack/cert-manager --version v1.5.1
|
|
||||||
if [[ ! -d ./manifests/cert-manager-v1.5.1 ]];then
|
|
||||||
mkdir -p ./manifests/cert-manager-v1.5.1
|
|
||||||
fi
|
|
||||||
helm template cert-manager ./cert-manager-v1.5.1.tgz --output-dir ./manifests/cert-manager-v1.5.1 \
|
|
||||||
--namespace cert-manager
|
|
||||||
#--set image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/quay.io/jetstack/cert-manager-controller \
|
|
||||||
#--set webhook.image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/quay.io/jetstack/cert-manager-webhook \
|
|
||||||
#--set cainjector.image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/quay.io/jetstack/cert-manager-cainjector
|
|
||||||
curl -L -o ./manifests/cert-manager-v1.5.1/cert-manager-crd.yaml \
|
|
||||||
https://github.com/jetstack/cert-manager/releases/download/v1.5.1/cert-manager.crds.yaml
|
|
||||||
|
|
||||||
#creating manifests for Rancher
|
|
||||||
|
|
||||||
for dir in $SCRIPTDIR/image-lists/Rancher/*/; do
|
|
||||||
version="${dir::-1}"
|
|
||||||
version="${version##*/}"
|
|
||||||
|
|
||||||
helm template rancher ./rancher-${version#?}.tgz --output-dir ./manifests/Rancher-$version \
|
|
||||||
--no-hooks \
|
|
||||||
--namespace cattle-system \
|
|
||||||
--set useBundledSystemChart=true # Use the packaged Rancher system charts
|
|
||||||
#--set hostname=<RANCHER.YOURDOMAIN.COM> \
|
|
||||||
#--set certmanager.version=<CERTMANAGER_VERSION> \
|
|
||||||
#--set rancherImage=<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher \
|
|
||||||
#--set systemDefaultRegistry=<REGISTRY.YOURDOMAIN.COM:PORT> \ # Set a default private registry to be used in Rancher
|
|
||||||
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
#########################
|
#########################
|
||||||
#
|
#
|
||||||
@ -304,14 +192,11 @@ function airgap(){
|
|||||||
#initialize all options
|
#initialize all options
|
||||||
ALL=true
|
ALL=true
|
||||||
SALT=false
|
SALT=false
|
||||||
NETWORK_VLAN=false
|
|
||||||
ANSWER_YES=false
|
ANSWER_YES=false
|
||||||
RMT_SYNC=false
|
RMT_SYNC=false
|
||||||
RMT_MIRROR=false
|
RMT_MIRROR=false
|
||||||
RMT_ENABLE_PRODUCTS=false
|
RMT_ENABLE_PRODUCTS=false
|
||||||
IMAGE_LOAD=false
|
|
||||||
INSTALL_TOOLS=false
|
INSTALL_TOOLS=false
|
||||||
AIRGAP=false
|
|
||||||
|
|
||||||
while :; do
|
while :; do
|
||||||
case ${1-noop} in
|
case ${1-noop} in
|
||||||
@ -323,10 +208,6 @@ while :; do
|
|||||||
SALT=true
|
SALT=true
|
||||||
ALL=false
|
ALL=false
|
||||||
;;
|
;;
|
||||||
-N|--network-vlan)
|
|
||||||
NETWORK_VLAN=true
|
|
||||||
ALL=false
|
|
||||||
;;
|
|
||||||
-y|--yes)
|
-y|--yes)
|
||||||
ANSWER_YES=true
|
ANSWER_YES=true
|
||||||
;;
|
;;
|
||||||
@ -342,18 +223,10 @@ while :; do
|
|||||||
RMT_ENABLE_PRODUCTS=true
|
RMT_ENABLE_PRODUCTS=true
|
||||||
ALL=false
|
ALL=false
|
||||||
;;
|
;;
|
||||||
-i|--image-load)
|
|
||||||
IMAGE_LOAD=true
|
|
||||||
ALL=false
|
|
||||||
;;
|
|
||||||
-t|--tools)
|
-t|--tools)
|
||||||
INSTALL_TOOLS=true
|
INSTALL_TOOLS=true
|
||||||
ALL=false
|
ALL=false
|
||||||
;;
|
;;
|
||||||
-a|--airgap)
|
|
||||||
AIRGAP=true
|
|
||||||
ALL=false
|
|
||||||
;;
|
|
||||||
--) #End of all options
|
--) #End of all options
|
||||||
shift
|
shift
|
||||||
break
|
break
|
||||||
@ -372,14 +245,11 @@ for cmd in git salt-minion curl;do
|
|||||||
check_prerequisites "$cmd"
|
check_prerequisites "$cmd"
|
||||||
done
|
done
|
||||||
|
|
||||||
[[ $ALL == true ]] || [[ $NETWORK_VLAN == true ]] && configure_network_vlan
|
|
||||||
[[ $ALL == true ]] || [[ $SALT == true ]] && do_salt_call
|
[[ $ALL == true ]] || [[ $SALT == true ]] && do_salt_call
|
||||||
[[ $ALL == true ]] || [[ $RMT_SYNC == true ]] && rmt_sync
|
[[ $ALL == true ]] || [[ $RMT_SYNC == true ]] && rmt_sync
|
||||||
[[ $ALL == true ]] || [[ $RMT_ENABLE_PRODUCTS == true ]] && rmt_enable_products
|
[[ $ALL == true ]] || [[ $RMT_ENABLE_PRODUCTS == true ]] && rmt_enable_products
|
||||||
[[ $ALL == true ]] || [[ $RMT_MIRROR == true ]] && rmt_mirror
|
[[ $ALL == true ]] || [[ $RMT_MIRROR == true ]] && rmt_mirror
|
||||||
[[ $ALL == true ]] || [[ $IMAGE_LOAD == true ]] && image_load
|
|
||||||
[[ $ALL == true ]] || [[ $INSTALL_TOOLS == true ]] && install_tools
|
[[ $ALL == true ]] || [[ $INSTALL_TOOLS == true ]] && install_tools
|
||||||
[[ $ALL == true ]] || [[ $AIRGAP == true ]] && airgap
|
|
||||||
|
|
||||||
|
|
||||||
printf "\n DONE!!!!!!!\n"
|
printf "\n DONE!!!!!!!\n"
|
||||||
|
Loading…
Reference in New Issue
Block a user