SaltStackImplementationNotes

From ProgClub
Jump to: navigation, search

About this page

Notes for the SaltStack implementation - a key component of the Migration_2016 project.

Some components of this page will be migrated into the Administrative_reference page, others may be removed as the system configuration documentation should become the SaltStack configuration (replete with in-line comments where appropriate). Part of this process will be to remove many of the historical build / config addenda described in each of the host-specific pages, as, again, history for these changes is described and defined within the SaltStack configuration repository (git or svn).


Base builds

This section describes a base Ubuntu 2016.04 (LTS) build.

A base build is everything that's done prior to being able to run the first SaltStack 'high state' command. Many of the configurations defined within the base (install) process are later confirmed & maintained by SaltStack, but are documented here for completeness.

Initial lab environment:

  • 2GB RAM
  • 1 x core CPU
  • Single SCSI-emulated 20GB disk
  • Ubuntu 16.04.1 AMD64 CD (iso)
  • VMware ESXi


Initial installation from CD

  1. Boot from CD
  2. Language - Select English
  3. Installation Option - Select Install Ubuntu Server
  4. Langage - Select English
  5. Country - Select Australia
  6. Configure the Keyboard
    1. Do not auto-detect keyboard
    2. English (US)
    3. English (US) again
  7. Network Configuration
    1. DHCP attempt - in lab environment this will fail
    2. Configure network manually
    3. IP address: 10.6.1.200
    4. NetMask: 255.255.255.0
    5. Gateway: 10.6.1.1
    6. DNS: 192.168.1.1
    7. Hostname: baseprogclub (Unique string useful to search for later)
    8. Domain name: .lab
  8. Set up users and passwords
    1. Full name for new user: Jedd
    2. Username for your account: jedd
    3. Password created: redacted
    4. Encrypt home directory: No
  9. Configure the clock
    1. Timezone autodetection successful (Australia / NSW) - Select Yes
  10. Partition Disks
    1. Select - Guided - use entire disk
    2. Disk to partition - lab environment has only single disk - SCSI3 /dev/sda
    3. This defaults to sda1 (ext4) and sda5 (swap) with non-specified capacity
    4. @TODO Revisit this - ideally discard swap partitions in favour of swapfiles
    5. Write changes to disk
  11. Installing the system
  12. Configure the package manager
    1. Select no proxy for HTTP
  13. Configure TaskSel
    1. Select No automatic updates
    2. Software selection - select standard system utilities and OpenSSH server
  14. Install the GRUB boot loader
    1. Select 'Yes
    2. Nota bene: Finalising the installation takes a LONG time - notably building the initramfs on /target/boot
  15. Finish the installation
    1. Eject the (logical) CDROM and select Continue

Initial configuration on first boot

Once the base build has installed and rebooted, we need to configure common items to let us bootstrap SaltStack

Login, and sudo bash (or sudo all these separately)

Run this to get the apt key installed for saltstack:

  wget -O - https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add -

Add this content to the file: /etc/apt/sources.list.d/saltstack.list

  deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest xenial main

Run:

  apt-get update

Confirm by running:

  apt-cache show salt-minion | grep -i version

Should show 2016.3.3+ds-1 or later. (Raw xenial (Ubuntu 16.04) references only version 2015.8.8+ds-1)

For convenience we download, but to not install, Saltstack-minion and its dependencies as part of the base build.

Salt-minion will be installed on all hosts. (Later, on the admin host, we will also install salt-master.)

Run:

 apt-get install -d salt-minion

This downloads 45 new packages. We don't install at this stage as salt-minion will attempt to phone home to 'salt.domain.fqdn' when it is first launched.

Power the appliance off -- at this point it's a 'gold build' for future cloning purposes only.


Using a base build

The process is conceptually straightforward - clone the above base-build, boot the copy, modify a few entries (primarily hostname related), and then execute a salt-stack 'highstate' run against it to install and configure all necessary components.

In the lab environment this is done using VMware ESXi, and the 'vmkfstool' to clone.

In the production environment we may look at using Rackspace's [image backup] feature.

Regardless, the process:

  1. Clone the baseprogclub machine image
    1. On VMware ESXi:
      1. cd /vmfs/volumes/datastore/
      2. mkdir new-host-name
      3. vmkfstools -i baseprogclub/baseprogclub.vmdk -d thin new-host-name/new-host-name.vmdk
      4. cp baseprogclub/baseprogclub.vmx new-host-name/new-host-name.vmx
      5. Edit the new-host-name/new-host-name.vmx and change all 'baseprogclub' to 'new-host-name', and delete the sched.swap.derivedname line
  1. Boot the clone image
    1. On VMware ESXi:
      1. Open Datastore Browser
      2. Navigate to /vmfs/volumes/datastore/new-host-name, right-click the .vmx file and 'Add to Inventory'
      3. Power-on the new machine
      4. When prompted, select I copied it from the two options presented
  1. Login to the new appliance and effect the following changes:
    1. Change hostname references:
      1. /etc/hostname
      2. /etc/hosts
    2. Reboot and confirm new hostname
    3. Re-generate unique and properly labelled host SSH keys:
      1. rm /etc/ssh/ssh_host*
      2. dpkg-reconfigure openssh-server
    4. Install salt-minion
      1. apt-get install salt-minion

Building the new machines

For each of:

  • integrity (replacing charity)
    • Administrator machine - will run salt-master with /srv/salt (git-managed repo)
  • strength (replacing honesty and hope)
    • Primary user machine - will run salt-minion

... run the above 'Using a base build' to get an Ubuntu server running with the right hostname & ssh keys, then use the following process to build the fleet.

Integrity, Salt Master

Install the salt-master software:

 apt-get install salt-master

Decide on how to resolve 'salt.progclub.org' - by default salt minions will look for 'salt.' in their local domain. Alternatively we can configure the master's name/address in /etc/salt/minion.d/* -- the latter is how we'll do this initially, though a CNAME for integrity may make more sense longer term (it means salt minions will automagically find their master on first run).

Create the file /etc/salt/minion.d/progclub.conf with two lines:

 master: 10.6.1.200
 id: integrity

Restart the salt minion:

 systemctl restart salt-minion

It will take several seconds to register with the master. Check with the following:

 salt-key

It will have an entry under 'Unaccepted Keys' paragraph for 'integrity'

Once it's there, authorize the minion with:

 salt-key -a integrity

Obtain the working copy of the salt master configuration and store in /srv/salt (ultimately it will live on this host, and be stored in a VCS - but initially we'll copy it in to place)