Giters

Everlag / home2

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

TODO sudo salt-call --local --id=initial-setup state.apply baseline pillar='{"SALT_ROLES": "nebula-ca", "NEBULA_HOSTNAME": "issuer"}'

Preparing

There's some steps we need to execute before salt will be able to execute

prologue: proxmox

IF and only if you're running this on proxmox; drop the licensed repo and adopt the regular

rm /etc/apt/sources.list.d/pve-enterprise.list
echo "deb [arch=amd64] http://download.proxmox.com/debian/pve bullseye pve-no-subscription" > /etc/apt/sources.list.d/pve-install-repo.list

general

Then the remaining dependencies before we install the minion

sudo apt update && sudo apt -y upgrade && sudo apt install -y curl build-essential dkms
# IF non-proxmox
#sudo apt install linux-headers-$(uname -r)
# else, if proxmox
#sudo apt install pve-headers

# if virtualbox
# sudo apt install libxt6 libxmu6
# THEN install guest additions following normal mount + run VBoxLinuxAdditions.run

# install salt minion(edafults to only minion, not master)
curl -o bootstrap-salt.sh -L https://bootstrap.saltproject.io && chmod +x bootstrap-salt.sh && sudo ./bootstrap-salt.sh -P onedir

# ensure minion running
sudo systemctl status salt-minion

salt

Prior to this working, get the contents of the salt directory to /srv/salt, probably with a symlink.

Confirm /srv/salt has this README.md within before proceeding

Note: we use the minion id in a hacky manner

First, initialize our salt minion file with the desired roles. Check the top.sls file to see what roles a given server should have.

# apply critical dependency including minion config
#
# NOTE: the SALT_ROLES here controls what states will be applied
# and how that state will be rendered(ie, for nebula config if applicable)
sudo salt-call --local --id=initial-setup state.apply baseline pillar='{"SALT_ROLES": "role1 role2 role3", "NEBULA_HOSTNAME": "$NEBULA_HOSTNAME"}
# Highstate all configuration

sudo salt-call --local state.apply

# Present depending on enabled roles.
./install_extensions.sh # created by vscode state
./load_x_preferences.sh # created by comfort state

For docker support

# docker fun flakiness, requires manual execution and maybe multiple retries
sudo salt-call --local state.apply.apply docker

Then reboot and get into a graphical env using

startx

Initializing a VM base template

Proxmox base templates are easy to initialize; this generates an image that has salt-minion installed and the baseline state having been run.

  1. boot up a debian image(11 is a known good version) as a fresh VM
  2. run vm/initialize_base_image.sh within the fresh VM
  3. shutdown and create template

nebula

To execute nebula-related states, you need a pillar at /srv/pillar that contains a list of ip:port pairs for lighthouse-related contents.

The recommendation is to keep these as a separate git repo, clone it separately, and then

ln -s /media/pillar /srv/pillar

ie

nebula_external_ips:
  "lighthouse-do": 1.2.3.4:4242

Individual host setup

1m1 - vm host

salt-call --local --id initial-setup state.apply baseline pillar='{"SALT_ROLES": "nebula-node vm-ui docker", "NEBULA_HOSTNAME": "1m1" }'
salt-call --local state.apply

About

Languages

Language:SaltStack 83.6%Language:Shell 12.4%Language:Jinja 4.0%