Browse Source

Allow boostrap with Buster

- add script and Vagrantfile code to preseed salt minion keys
- add needed bootstrap_options for Python 3 support
- add grains files and populate those of the ldap and web node
- add script to fix systemd-networkd setup with Debian libvirt Vagrant
  images
- switch from VirtualBox to libvirt
develop
Jan Dittberner 4 months ago
parent
commit
f48eb2caf0
15 changed files with 200 additions and 41 deletions
  1. +1
    -0
      .gitignore
  2. +158
    -41
      Vagrantfile
  3. +0
    -0
      salt/grains/dns
  4. +0
    -0
      salt/grains/file
  5. +4
    -0
      salt/grains/ldap
  6. +0
    -0
      salt/grains/mail
  7. +0
    -0
      salt/grains/mq
  8. +0
    -0
      salt/grains/mysql
  9. +0
    -0
      salt/grains/pgsql
  10. +0
    -0
      salt/grains/salt
  11. +0
    -0
      salt/grains/service
  12. +0
    -0
      salt/grains/syslog
  13. +7
    -0
      salt/grains/web
  14. +15
    -0
      scripts/change-vmdebootstrap-default-dhcp.sh
  15. +15
    -0
      scripts/pregen_keys.sh

+ 1
- 0
.gitignore View File

@@ -1,2 +1,3 @@
repos/
.vagrant/
/salt/keys

+ 158
- 41
Vagrantfile View File

@@ -1,122 +1,239 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :

system("scripts/pregen_keys.sh")

Vagrant.configure("2") do |config|
config.vm.box = "debian/contrib-jessie64"
config.vm.box = "debian/buster64"
config.vm.post_up_message = nil
config.vm.synced_folder ".", "/vagrant", disabled: true

config.vm.provision "shell",
inline: "sed -i 's/^mesg n$/tty -s \\&\\& mesg n/g' /root/.profile"
config.vm.provision :shell,
path: "scripts/change-vmdebootstrap-default-dhcp.sh"
#config.vm.provision "shell",
# inline: "sed -i 's/^mesg n$/tty -s \\&\\& mesg n/g' /root/.profile"
config.vm.provision "shell",
path: "scripts/add_salt_to_etc_hosts.sh"
config.vm.provision :salt do |salt|
salt.masterless = false
salt.minion_config = "salt/minion"
salt.run_highstate = false
salt.install_type = "stable"
end

config.vm.define "salt" do |node|
node.vm.hostname = "salt.gva.dev"
node.vm.synced_folder "repos/gvasalt/states", "/srv/salt"
node.vm.synced_folder "repos/gvasalt/pillar", "/srv/pillar"
node.vm.hostname = "salt"
node.vm.synced_folder "../gvasalt/states", "/srv/salt"
node.vm.synced_folder "../gvasalt/pillar", "/srv/pillar"
node.vm.network "private_network", ip: "172.16.4.10"
node.vm.provider "virtualbox" do |vb|
vb.memory = "256"
node.vm.provider :libvirt do |libvirt|
libvirt.memory = 1024
end

node.vm.provision :salt do |salt|
salt.bootstrap_options = "-x python3"
salt.grains_config = "salt/grains/salt"
salt.install_master = true
salt.masterless = false
salt.minion_id = "salt"
salt.run_highstate = false
salt.minion_key = "salt/keys/salt.pem"
salt.minion_pub = "salt/keys/salt.pub"
salt.seed_master = {
dns: "salt/keys/dns.pub",
file: "salt/keys/file.pub",
ldap: "salt/keys/ldap.pub",
mail: "salt/keys/mail.pub",
mq: "salt/keys/mq.pub",
mysql: "salt/keys/mysql.pub",
pgsql: "salt/keys/pgsql.pub",
salt: "salt/keys/salt.pub",
service: "salt/keys/service.pub",
syslog: "salt/keys/syslog.pub",
web: "salt/keys/web.pub",
}
end
end

config.vm.define "mq" do |node|
node.vm.hostname = "mq.gva.dev"
node.vm.hostname = "mq"
node.vm.network "private_network", ip: "172.16.4.20"
node.vm.provider "virtualbox" do |vb|
vb.memory = "256"
node.vm.provider :libvirt do |libvirt|
libvirt.memory = 1024
end

node.vm.provision :salt do |salt|
salt.bootstrap_options = "-x python3"
salt.grains_config = "salt/grains/mq"
salt.masterless = false
salt.minion_id = "mq"
salt.minion_key = "salt/keys/mq.pem"
salt.minion_pub = "salt/keys/mq.pub"
salt.run_highstate = false
end
end

config.vm.define "syslog" do |node|
node.vm.hostname = "syslog"
node.vm.network "private_network", ip: "172.16.4.30"
node.vm.provider "virtualbox" do |vb|
vb.memory = "256"
node.vm.provider :libvirt do |libvirt|
libvirt.memory = 1024
end

node.vm.provision :salt do |salt|
salt.bootstrap_options = "-x python3"
salt.grains_config = "salt/grains/syslog"
salt.masterless = false
salt.minion_id = "syslog"
salt.minion_key = "salt/keys/syslog.pem"
salt.minion_pub = "salt/keys/syslog.pub"
salt.run_highstate = false
end
end

config.vm.define "pgsql" do |node|
node.vm.hostname = "pgsql"
node.vm.synced_folder "repos/gvapgsql", "/srv/gvapgsql"
#node.vm.synced_folder "repos/gvapgsql", "/srv/gvapgsql"
node.vm.network "private_network", ip: "172.16.4.40"
node.vm.provider "virtualbox" do |vb|
vb.memory = "256"
node.vm.provider :libvirt do |libvirt|
libvirt.memory = 1024
end

node.vm.provision :salt do |salt|
salt.bootstrap_options = "-x python3"
salt.grains_config = "salt/grains/pgsql"
salt.masterless = false
salt.minion_id = "pgsql"
salt.minion_key = "salt/keys/pgsql.pem"
salt.minion_pub = "salt/keys/pgsql.pub"
salt.run_highstate = false
end
end

config.vm.define "dns" do |node|
node.vm.hostname = "dns"
node.vm.network "private_network", ip: "172.16.4.50"
node.vm.provider "virtualbox" do |vb|
vb.memory = "256"
node.vm.provider :libvirt do |libvirt|
libvirt.memory = 1024
end

node.vm.provision :salt do |salt|
salt.bootstrap_options = "-x python3"
salt.grains_config = "salt/grains/dns"
salt.masterless = false
salt.minion_id = "dns"
salt.minion_key = "salt/keys/dns.pem"
salt.minion_pub = "salt/keys/dns.pub"
salt.run_highstate = false
end
end

config.vm.define "ldap" do |node|
node.vm.hostname = "ldap"
node.vm.synced_folder "repos/gvaldap", "/srv/gvaldap"
#node.vm.synced_folder "repos/gvaldap", "/srv/gvaldap"
node.vm.network "private_network", ip: "172.16.4.60"
node.vm.provider "virtualbox" do |vb|
vb.memory = "256"
node.vm.provider :libvirt do |libvirt|
libvirt.memory = 1024
end

node.vm.provision :salt do |salt|
salt.bootstrap_options = "-x python3"
salt.grains_config = "salt/grains/ldap"
salt.masterless = false
salt.minion_id = "ldap"
salt.minion_key = "salt/keys/ldap.pem"
salt.minion_pub = "salt/keys/ldap.pub"
salt.run_highstate = false
end
end

config.vm.define "file" do |node|
node.vm.hostname = "file"
node.vm.synced_folder "repos/gvafile", "/srv/gvafile"
#node.vm.synced_folder "repos/gvafile", "/srv/gvafile"
node.vm.network "private_network", ip: "172.16.4.70"
node.vm.provider "virtualbox" do |vb|
vb.memory = "256"
node.vm.provider :libvirt do |libvirt|
libvirt.memory = 1024
end

node.vm.provision :salt do |salt|
salt.bootstrap_options = "-x python3"
salt.grains_config = "salt/grains/file"
salt.masterless = false
salt.minion_id = "file"
salt.minion_key = "salt/keys/file.pem"
salt.minion_pub = "salt/keys/file.pub"
salt.run_highstate = false
end
end

config.vm.define "mail" do |node|
node.vm.hostname = "mail"
node.vm.network "private_network", ip: "172.16.4.80"
node.vm.provider "virtualbox" do |vb|
vb.memory = "256"
node.vm.provider :libvirt do |libvirt|
libvirt.memory = 1024
end

node.vm.provision :salt do |salt|
salt.bootstrap_options = "-x python3"
salt.grains_config = "salt/grains/mail"
salt.masterless = false
salt.minion_id = "mail"
salt.minion_key = "salt/keys/mail.pem"
salt.minion_pub = "salt/keys/mail.pub"
salt.run_highstate = false
end
end

config.vm.define "mysql" do |node|
node.vm.hostname = "mysql"
node.vm.synced_folder "repos/gvamysql", "/srv/gvamysql"
#node.vm.synced_folder "repos/gvamysql", "/srv/gvamysql"
node.vm.network "private_network", ip: "172.16.4.90"
node.vm.provider "virtualbox" do |vb|
vb.memory = "256"
node.vm.provider :libvirt do |libvirt|
libvirt.memory = 1024
end

node.vm.provision :salt do |salt|
salt.bootstrap_options = "-x python3"
salt.grains_config = "salt/grains/mysql"
salt.masterless = false
salt.minion_id = "mysql"
salt.minion_key = "salt/keys/mysql.pem"
salt.minion_pub = "salt/keys/mysql.pub"
salt.run_highstate = false
end
end

config.vm.define "web" do |node|
node.vm.hostname = "web"
node.vm.synced_folder "repos/gvaweb", "/srv/gvaweb"
#node.vm.synced_folder "repos/gvaweb", "/srv/gvaweb"
node.vm.network "private_network", ip: "172.16.4.100"
node.vm.provider "virtualbox" do |vb|
vb.memory = "256"
node.vm.provider :libvirt do |libvirt|
libvirt.memory = 1024
end

node.vm.provision :salt do |salt|
salt.bootstrap_options = "-x python3"
salt.grains_config = "salt/grains/web"
salt.masterless = false
salt.minion_id = "web"
salt.minion_key = "salt/keys/web.pem"
salt.minion_pub = "salt/keys/web.pub"
salt.run_highstate = false
end
end

config.vm.define "service" do |node|
node.vm.hostname = "service"
node.vm.synced_folder "repos/gva", "/srv/gva"
#node.vm.synced_folder "repos/gva", "/srv/gva"
node.vm.network "forwarded_port", guest: 443, host:8443
node.vm.network "private_network", ip: "172.16.4.110"
node.vm.post_up_message = "Use https://localhost:8443/ to access the gva web interface"
node.vm.provider "virtualbox" do |vb|
vb.memory = "256"
node.vm.provider :libvirt do |libvirt|
libvirt.memory = 1024
end

node.vm.provision :salt do |salt|
salt.bootstrap_options = "-x python3"
salt.grains_config = "salt/grains/service"
salt.masterless = false
salt.minion_id = "service"
salt.minion_key = "salt/keys/service.pem"
salt.minion_pub = "salt/keys/service.pub"
salt.run_highstate = false
end
end
end

+ 0
- 0
salt/grains/dns View File


+ 0
- 0
salt/grains/file View File


+ 4
- 0
salt/grains/ldap View File

@@ -0,0 +1,4 @@
roles:
- vagrant
- ldapserver
- gnuviechadmin.gvaldap

+ 0
- 0
salt/grains/mail View File


+ 0
- 0
salt/grains/mq View File


+ 0
- 0
salt/grains/mysql View File


+ 0
- 0
salt/grains/pgsql View File


+ 0
- 0
salt/grains/salt View File


+ 0
- 0
salt/grains/service View File


+ 0
- 0
salt/grains/syslog View File


+ 7
- 0
salt/grains/web View File

@@ -0,0 +1,7 @@
roles:
- vagrant
- ldapclient
- webserver
- gnuviechadmin.gvaweb
nginx:
default_servername: web.local

+ 15
- 0
scripts/change-vmdebootstrap-default-dhcp.sh View File

@@ -0,0 +1,15 @@
#!/bin/sh

set -e

debootstrap_network=/etc/systemd/network/99-dhcp.network

if grep -q '^Name=\\*' "${debootstrap_network}"; then
primary_nic=$(ls -1 /sys/class/net | grep -v lo |sort | head -1)
sed -i "s/^Name=e\\*/Name=${primary_nic}/" \
"${debootstrap_network}"
systemctl restart systemd-networkd.service
echo "Changed systemd network configuration"
else
echo "Systemd network configuration has already been changed"
fi

+ 15
- 0
scripts/pregen_keys.sh View File

@@ -0,0 +1,15 @@
#!/bin/sh

set -e

if [ ! -d salt/keys ]; then
mkdir -p salt/keys
fi
ls -1 salt/grains | while read a; do
if [ ! -f salt/keys/$a.pem ]; then
openssl genrsa -out salt/keys/$a.pem 2048
fi
if [ ! -f salt/keys/$a.pub ]; then
openssl rsa -in salt/keys/$a.pem -pubout -out salt/keys/$a.pub
fi
done

Loading…
Cancel
Save