jonas/tlu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3ff432d92e
tlu/doc/salt-states.md
Jonas Forsberg 2c36f06963
.
2021-11-06 13:05:40 +01:00

222 lines
6.0 KiB
Markdown
Raw Blame History

# Components - Salt States
- [chrony](#chrony)
- [dnsmasq](#dnsmasq)
- [docker](#docker)
- [firewalld](#firewalld)
- [hostapd](#hostapd)
- [hosts](#hosts)
- [mariadb](#mariadb)
- [nfs-server](#nfs-server)
- [nginx](#nginx)
- [packages](#packages)
- [podman](#podman)
- [pxe](#pxe)
- [rancher](#rancher)
- [remote-desktop](#remote-desktop)
- [rmt](#rmt)
- [ssh](#ssh)
- [tlu-harvester](#tlu-harvester)
- [vlan](#vlan)
- [wol](#wol)
## chrony
Chrony is an implementation of the Network Time Protocol (NTP).
This step will install chrony and configure upstream pools and start serving NTP on internal networks
```
# salt/pillars/chrony.sls
chrony:
pool:
- 0.se.pool.ntp.org
- 1.se.pool.ntp.org
- 2.se.pool.ntp.org
- 3.se.pool.ntp.org
```
## dnsmasq
Serves dhcp and dns for internal network
This step will install dnsmasq and configure dhcp for all internal networks defined in `salt/pillars/network.sls`
It will also configure the pxe next step, etc.
## docker
This step will create podman container running a local docker registry pull through instance, also a systemd service called `registry-container.service` is created.
```
# salt/pillars/docker.sls
docker:
username:
access_token:
url: docker.io/registry
tag: 2.7.1
```
## firewalld
Configures firewalld services and networks
Installs and configures hostapd to use the wireless interface as a access point
```
# salt/pillars/hostapd.sls
hostapd:
country_code: SE
ssid: Transportable Lab Unit
channel: 6
wpa_passphrase: linux2linux
```
## hosts
Configures the hostname and `/etc/hosts` file so [dnsmasq](#dnsmasq) has correct information
### mariadb
Installs and configures mariadb, [rmt](#rmt) needs a database
```
# salt/pillars/mysql.sls
mysql:
root_password: linux
```
## nfs-server
Installs nfs-server and creates a backup export `/srv/exports/backups <internal network>/24(rw,no_root_squash,sync,no_subtree_check)`
## nginx
Installs nginx and configures the www.suse.lan web site
## packages
installs additional packages
```
# salt/pillars/packages.sls
packages:
- vim
- jq
```
## podman
Installs podman and configures it to use the [docker registry proxy](#docker)
## rancher
Installs rancher server in a podman container, creates a systemd unit called `rancher`
The container redirects host port `6080->80` and `6443->443` to the container.
It also adds a [nginx](#nginx) reverse proxy configuration to `rancher.suse.lan`
```
# salt/pillars/rancher.sls
rancher:
ca_passphrase: rancher
url: docker.io/rancher/rancher
tag: v2.6.1
bootstrapPassword: rancher
```
## remote-desktop
installs `xorg-x11-Xvnc` disables wayland logins
and creates a vnc login session for the user running update.sh
```
# salt/pillars/remote-desktop.sls
remote-desktop:
password: linux0
```
## rmt
installs and configures rmt
```
# salt/pillars/rmt.sls
rmt:
ca_passphrase: linux
db_password: linux
scc:
username:
password:
stopped_services:
- rmt-server-mirror.timer
- rmt-server-sync.timer
- rmt-server-systems-scc-sync.timer
products:
-
name: SUSE Linux Enterprise Server 15 SP3 x86_64
id: 2140
-
name: SUSE Linux Enterprise High Performance Computing 15 SP3 x86_64
id: 2133
-
name: Containers Module 15 SP3 x86_64
id: 2157
-
name: SUSE Linux Enterprise Micro 5.0 x86_64
id: 2202
-
name: SUSE Linux Enterprise Micro 5.1 x86_64
id: 2283
-
name: SUSE Linux Enterprise High Availability Extension 15 SP3 x86_64
id: 2195
-
name: openSUSE Leap 15.3 aarch64
id: 2233
-
name: openSUSE Leap 15.3 x86_64
id: 2236
-
name: Public Cloud Module 15 SP3 x86_64
id: 2175
```
## ssh
installs openSSH server and start the daemon.
It also configures the authorized keys for remote sessions to the admin server.
add ssh public keys to the user-pub-keys in your local.sls and they will be added
```
# salt/pillars/ssh.sls
ssh:
user-pub-keys: []
```
## tlu-harvester
This state creates all files necessary to install a harvester cluster on node1, node2 and node3.
It will create the [pxe](#pxe) configurations and also manifests that can be applied to your harvester cluster when it's up and running. The manifests will land in the `$HOME/tlu-havester` directory, just apply them with kubectl
It will also download some images and place them in corresponding folder on the [www.suse.lan](#nginx).
Id you download SUSE images and place them in `/srv/www/htdocs/images/suse/` and run this state, manifests for them will be created and added to the `$HOME/tlu-harvester` directory
```
# salt/pillars/tlu-harvester.sls
tlu-harvester:
version: 0.3.0
dns_host: harvester
password: rancher
token: ThisShouldBeConfiguredInYour_local.sls
os:
ssh_authorized_keys: []
password: rancher
install:
mgmt-interface: enp2s0f0
device: /dev/nvme0n1
images:
opensuse:
- name: openSUSE Leap 15.3
url: https://download.opensuse.org/distribution/leap/15.3/appliances/openSUSE-Leap-15.3-JeOS.x86_64-OpenStack-Cloud.qcow2
checksum: 7207cce5b77d9d040610c39cd3d09437489797882b1b834acfb8b0f9d82be26c
ns: default
- name: openSUSE MicroOS
url: https://download.opensuse.org/tumbleweed/appliances/openSUSE-MicroOS.x86_64-kvm-and-xen.qcow2
ubuntu:
- name: ubuntu 20.04 (Focal Fossa)
url: https://cloud-images.ubuntu.com/focal/20211015/focal-server-cloudimg-amd64.img
checksum: c7adca2038a5fdda38328ecd461462bf4ab2cbaec2cc1bfd9340d9ee6bc543a8
ns: default
- name: ubuntu 21.04 (Hirsute Hippo)
url: https://cloud-images.ubuntu.com/hirsute/20211017/hirsute-server-cloudimg-amd64.img
checksum: 2d8c7f872aab587f70268a34f031c6380197f6940b29eb5f241050bb98ba420e
```
## vlan
configures the vlan configuration, settings are in `salt/pillar/network.sls`
## wol
Creates `$HOME/wol` bash script so I can send Wake on LAN packages to node1, node2 and node3.
mac address needs to be set in your local.sls
```
network:
wol:
1: xx:xx:xx:xx:xx:9b
2: xx:xx:xx:xx:xx:0a
3: xx:xx:xx:xx:xx:58
```
Reference in New Issue View Git Blame Copy Permalink