jonas/tlu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
main
tlu/doc/salt-states.md
Jonas Forsberg 2c36f06963
.
2021-11-06 13:05:40 +01:00

6.0 KiB
Raw Permalink Blame History

Components - Salt States

chrony

Chrony is an implementation of the Network Time Protocol (NTP). This step will install chrony and configure upstream pools and start serving NTP on internal networks

# salt/pillars/chrony.sls
chrony:
  pool:
    - 0.se.pool.ntp.org
    - 1.se.pool.ntp.org
    - 2.se.pool.ntp.org
    - 3.se.pool.ntp.org

dnsmasq

Serves dhcp and dns for internal network This step will install dnsmasq and configure dhcp for all internal networks defined in salt/pillars/network.sls It will also configure the pxe next step, etc.

docker

This step will create podman container running a local docker registry pull through instance, also a systemd service called registry-container.service is created.

# salt/pillars/docker.sls
docker:
  username:
  access_token:
  url: docker.io/registry
  tag: 2.7.1

firewalld

Configures firewalld services and networks

Installs and configures hostapd to use the wireless interface as a access point

# salt/pillars/hostapd.sls
hostapd:
  country_code: SE
  ssid: Transportable Lab Unit
  channel: 6
  wpa_passphrase: linux2linux

hosts

Configures the hostname and /etc/hosts file so dnsmasq has correct information

mariadb

Installs and configures mariadb, rmt needs a database

# salt/pillars/mysql.sls
mysql:
  root_password: linux

nfs-server

Installs nfs-server and creates a backup export /srv/exports/backups <internal network>/24(rw,no_root_squash,sync,no_subtree_check)

nginx

Installs nginx and configures the www.suse.lan web site

packages

installs additional packages

# salt/pillars/packages.sls
packages:
  - vim
  - jq

podman

Installs podman and configures it to use the docker registry proxy

rancher

Installs rancher server in a podman container, creates a systemd unit called rancher The container redirects host port 6080->80 and 6443->443 to the container. It also adds a nginx reverse proxy configuration to rancher.suse.lan

# salt/pillars/rancher.sls
rancher:
  ca_passphrase: rancher
  url: docker.io/rancher/rancher
  tag: v2.6.1
  bootstrapPassword: rancher

remote-desktop

installs xorg-x11-Xvnc disables wayland logins and creates a vnc login session for the user running update.sh

# salt/pillars/remote-desktop.sls
remote-desktop:
  password: linux0

rmt

installs and configures rmt

# salt/pillars/rmt.sls
rmt:
  ca_passphrase: linux
  db_password: linux
  scc:
    username:
    password:
  stopped_services:
    - rmt-server-mirror.timer
    - rmt-server-sync.timer
    - rmt-server-systems-scc-sync.timer

  products:
    -
      name: SUSE Linux Enterprise Server 15 SP3 x86_64
      id: 2140
    -
      name: SUSE Linux Enterprise High Performance Computing 15 SP3 x86_64
      id: 2133
    -
      name: Containers Module 15 SP3 x86_64
      id: 2157
    -
      name: SUSE Linux Enterprise Micro 5.0 x86_64
      id: 2202
    -
      name: SUSE Linux Enterprise Micro 5.1 x86_64
      id: 2283
    - 
      name: SUSE Linux Enterprise High Availability Extension 15 SP3 x86_64
      id: 2195 
    -
      name: openSUSE Leap 15.3 aarch64
      id: 2233
    -
      name: openSUSE Leap  15.3 x86_64
      id: 2236
    - 
      name: Public Cloud Module 15 SP3 x86_64
      id: 2175

ssh

installs openSSH server and start the daemon. It also configures the authorized keys for remote sessions to the admin server. add ssh public keys to the user-pub-keys in your local.sls and they will be added

# salt/pillars/ssh.sls
ssh:
  user-pub-keys: []

tlu-harvester

This state creates all files necessary to install a harvester cluster on node1, node2 and node3. It will create the pxe configurations and also manifests that can be applied to your harvester cluster when it's up and running. The manifests will land in the $HOME/tlu-havester directory, just apply them with kubectl It will also download some images and place them in corresponding folder on the www.suse.lan.

Id you download SUSE images and place them in /srv/www/htdocs/images/suse/ and run this state, manifests for them will be created and added to the $HOME/tlu-harvester directory

# salt/pillars/tlu-harvester.sls
tlu-harvester:
  version: 0.3.0
  dns_host: harvester
  password: rancher
  token: ThisShouldBeConfiguredInYour_local.sls
  os:
    ssh_authorized_keys: []
    password: rancher
  install:
    mgmt-interface: enp2s0f0
  device: /dev/nvme0n1


  images:
    opensuse:
      - name: openSUSE Leap 15.3
        url: https://download.opensuse.org/distribution/leap/15.3/appliances/openSUSE-Leap-15.3-JeOS.x86_64-OpenStack-Cloud.qcow2
        checksum: 7207cce5b77d9d040610c39cd3d09437489797882b1b834acfb8b0f9d82be26c
        ns: default
      - name: openSUSE MicroOS
        url: https://download.opensuse.org/tumbleweed/appliances/openSUSE-MicroOS.x86_64-kvm-and-xen.qcow2
    ubuntu:
      - name: ubuntu 20.04 (Focal Fossa)
        url: https://cloud-images.ubuntu.com/focal/20211015/focal-server-cloudimg-amd64.img
        checksum: c7adca2038a5fdda38328ecd461462bf4ab2cbaec2cc1bfd9340d9ee6bc543a8
        ns: default
      - name: ubuntu 21.04 (Hirsute Hippo)
        url: https://cloud-images.ubuntu.com/hirsute/20211017/hirsute-server-cloudimg-amd64.img
        checksum: 2d8c7f872aab587f70268a34f031c6380197f6940b29eb5f241050bb98ba420e

vlan

configures the vlan configuration, settings are in salt/pillar/network.sls

wol

Creates $HOME/wol bash script so I can send Wake on LAN packages to node1, node2 and node3. mac address needs to be set in your local.sls

network:
  wol:
    1: xx:xx:xx:xx:xx:9b
    2: xx:xx:xx:xx:xx:0a
    3: xx:xx:xx:xx:xx:58