diff --git a/.gitignore b/.gitignore index c336b6e..df4f351 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ repos/ .vagrant/ +/salt/keys diff --git a/Vagrantfile b/Vagrantfile index 593c904..55d2317 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -1,122 +1,239 @@ # -*- mode: ruby -*- # vi: set ft=ruby : +system("scripts/pregen_keys.sh") + Vagrant.configure("2") do |config| - config.vm.box = "debian/contrib-jessie64" + config.vm.box = "debian/buster64" config.vm.post_up_message = nil config.vm.synced_folder ".", "/vagrant", disabled: true - config.vm.provision "shell", - inline: "sed -i 's/^mesg n$/tty -s \\&\\& mesg n/g' /root/.profile" + config.vm.provision :shell, + path: "scripts/change-vmdebootstrap-default-dhcp.sh" + #config.vm.provision "shell", + # inline: "sed -i 's/^mesg n$/tty -s \\&\\& mesg n/g' /root/.profile" config.vm.provision "shell", path: "scripts/add_salt_to_etc_hosts.sh" - config.vm.provision :salt do |salt| - salt.masterless = false - salt.minion_config = "salt/minion" - salt.run_highstate = false - salt.install_type = "stable" - end config.vm.define "salt" do |node| - node.vm.hostname = "salt.gva.dev" - node.vm.synced_folder "repos/gvasalt/states", "/srv/salt" - node.vm.synced_folder "repos/gvasalt/pillar", "/srv/pillar" + node.vm.hostname = "salt" + node.vm.synced_folder "../gvasalt/states", "/srv/salt" + node.vm.synced_folder "../gvasalt/pillar", "/srv/pillar" node.vm.network "private_network", ip: "172.16.4.10" - node.vm.provider "virtualbox" do |vb| - vb.memory = "256" + node.vm.provider :libvirt do |libvirt| + libvirt.memory = 1024 end node.vm.provision :salt do |salt| + salt.bootstrap_options = "-x python3" + salt.grains_config = "salt/grains/salt" salt.install_master = true + salt.masterless = false salt.minion_id = "salt" + salt.run_highstate = false + salt.minion_key = "salt/keys/salt.pem" + salt.minion_pub = "salt/keys/salt.pub" + salt.seed_master = { + dns: "salt/keys/dns.pub", + file: "salt/keys/file.pub", + ldap: "salt/keys/ldap.pub", + mail: "salt/keys/mail.pub", + mq: "salt/keys/mq.pub", + mysql: "salt/keys/mysql.pub", + pgsql: "salt/keys/pgsql.pub", + salt: "salt/keys/salt.pub", + service: "salt/keys/service.pub", + syslog: "salt/keys/syslog.pub", + web: "salt/keys/web.pub", + } end end config.vm.define "mq" do |node| - node.vm.hostname = "mq.gva.dev" + node.vm.hostname = "mq" node.vm.network "private_network", ip: "172.16.4.20" - node.vm.provider "virtualbox" do |vb| - vb.memory = "256" + node.vm.provider :libvirt do |libvirt| + libvirt.memory = 1024 + end + + node.vm.provision :salt do |salt| + salt.bootstrap_options = "-x python3" + salt.grains_config = "salt/grains/mq" + salt.masterless = false + salt.minion_id = "mq" + salt.minion_key = "salt/keys/mq.pem" + salt.minion_pub = "salt/keys/mq.pub" + salt.run_highstate = false end end config.vm.define "syslog" do |node| node.vm.hostname = "syslog" node.vm.network "private_network", ip: "172.16.4.30" - node.vm.provider "virtualbox" do |vb| - vb.memory = "256" + node.vm.provider :libvirt do |libvirt| + libvirt.memory = 1024 + end + + node.vm.provision :salt do |salt| + salt.bootstrap_options = "-x python3" + salt.grains_config = "salt/grains/syslog" + salt.masterless = false + salt.minion_id = "syslog" + salt.minion_key = "salt/keys/syslog.pem" + salt.minion_pub = "salt/keys/syslog.pub" + salt.run_highstate = false end end config.vm.define "pgsql" do |node| node.vm.hostname = "pgsql" - node.vm.synced_folder "repos/gvapgsql", "/srv/gvapgsql" + #node.vm.synced_folder "repos/gvapgsql", "/srv/gvapgsql" node.vm.network "private_network", ip: "172.16.4.40" - node.vm.provider "virtualbox" do |vb| - vb.memory = "256" + node.vm.provider :libvirt do |libvirt| + libvirt.memory = 1024 + end + + node.vm.provision :salt do |salt| + salt.bootstrap_options = "-x python3" + salt.grains_config = "salt/grains/pgsql" + salt.masterless = false + salt.minion_id = "pgsql" + salt.minion_key = "salt/keys/pgsql.pem" + salt.minion_pub = "salt/keys/pgsql.pub" + salt.run_highstate = false end end config.vm.define "dns" do |node| node.vm.hostname = "dns" node.vm.network "private_network", ip: "172.16.4.50" - node.vm.provider "virtualbox" do |vb| - vb.memory = "256" + node.vm.provider :libvirt do |libvirt| + libvirt.memory = 1024 + end + + node.vm.provision :salt do |salt| + salt.bootstrap_options = "-x python3" + salt.grains_config = "salt/grains/dns" + salt.masterless = false + salt.minion_id = "dns" + salt.minion_key = "salt/keys/dns.pem" + salt.minion_pub = "salt/keys/dns.pub" + salt.run_highstate = false end end config.vm.define "ldap" do |node| node.vm.hostname = "ldap" - node.vm.synced_folder "repos/gvaldap", "/srv/gvaldap" + #node.vm.synced_folder "repos/gvaldap", "/srv/gvaldap" node.vm.network "private_network", ip: "172.16.4.60" - node.vm.provider "virtualbox" do |vb| - vb.memory = "256" + node.vm.provider :libvirt do |libvirt| + libvirt.memory = 1024 + end + + node.vm.provision :salt do |salt| + salt.bootstrap_options = "-x python3" + salt.grains_config = "salt/grains/ldap" + salt.masterless = false + salt.minion_id = "ldap" + salt.minion_key = "salt/keys/ldap.pem" + salt.minion_pub = "salt/keys/ldap.pub" + salt.run_highstate = false end end config.vm.define "file" do |node| node.vm.hostname = "file" - node.vm.synced_folder "repos/gvafile", "/srv/gvafile" + #node.vm.synced_folder "repos/gvafile", "/srv/gvafile" node.vm.network "private_network", ip: "172.16.4.70" - node.vm.provider "virtualbox" do |vb| - vb.memory = "256" + node.vm.provider :libvirt do |libvirt| + libvirt.memory = 1024 + end + + node.vm.provision :salt do |salt| + salt.bootstrap_options = "-x python3" + salt.grains_config = "salt/grains/file" + salt.masterless = false + salt.minion_id = "file" + salt.minion_key = "salt/keys/file.pem" + salt.minion_pub = "salt/keys/file.pub" + salt.run_highstate = false end end config.vm.define "mail" do |node| node.vm.hostname = "mail" node.vm.network "private_network", ip: "172.16.4.80" - node.vm.provider "virtualbox" do |vb| - vb.memory = "256" + node.vm.provider :libvirt do |libvirt| + libvirt.memory = 1024 + end + + node.vm.provision :salt do |salt| + salt.bootstrap_options = "-x python3" + salt.grains_config = "salt/grains/mail" + salt.masterless = false + salt.minion_id = "mail" + salt.minion_key = "salt/keys/mail.pem" + salt.minion_pub = "salt/keys/mail.pub" + salt.run_highstate = false end end config.vm.define "mysql" do |node| node.vm.hostname = "mysql" - node.vm.synced_folder "repos/gvamysql", "/srv/gvamysql" + #node.vm.synced_folder "repos/gvamysql", "/srv/gvamysql" node.vm.network "private_network", ip: "172.16.4.90" - node.vm.provider "virtualbox" do |vb| - vb.memory = "256" + node.vm.provider :libvirt do |libvirt| + libvirt.memory = 1024 + end + + node.vm.provision :salt do |salt| + salt.bootstrap_options = "-x python3" + salt.grains_config = "salt/grains/mysql" + salt.masterless = false + salt.minion_id = "mysql" + salt.minion_key = "salt/keys/mysql.pem" + salt.minion_pub = "salt/keys/mysql.pub" + salt.run_highstate = false end end config.vm.define "web" do |node| node.vm.hostname = "web" - node.vm.synced_folder "repos/gvaweb", "/srv/gvaweb" + #node.vm.synced_folder "repos/gvaweb", "/srv/gvaweb" node.vm.network "private_network", ip: "172.16.4.100" - node.vm.provider "virtualbox" do |vb| - vb.memory = "256" + node.vm.provider :libvirt do |libvirt| + libvirt.memory = 1024 + end + + node.vm.provision :salt do |salt| + salt.bootstrap_options = "-x python3" + salt.grains_config = "salt/grains/web" + salt.masterless = false + salt.minion_id = "web" + salt.minion_key = "salt/keys/web.pem" + salt.minion_pub = "salt/keys/web.pub" + salt.run_highstate = false end end config.vm.define "service" do |node| node.vm.hostname = "service" - node.vm.synced_folder "repos/gva", "/srv/gva" + #node.vm.synced_folder "repos/gva", "/srv/gva" node.vm.network "forwarded_port", guest: 443, host:8443 node.vm.network "private_network", ip: "172.16.4.110" node.vm.post_up_message = "Use https://localhost:8443/ to access the gva web interface" - node.vm.provider "virtualbox" do |vb| - vb.memory = "256" + node.vm.provider :libvirt do |libvirt| + libvirt.memory = 1024 + end + + node.vm.provision :salt do |salt| + salt.bootstrap_options = "-x python3" + salt.grains_config = "salt/grains/service" + salt.masterless = false + salt.minion_id = "service" + salt.minion_key = "salt/keys/service.pem" + salt.minion_pub = "salt/keys/service.pub" + salt.run_highstate = false end end end diff --git a/salt/grains/dns b/salt/grains/dns new file mode 100644 index 0000000..e69de29 diff --git a/salt/grains/file b/salt/grains/file new file mode 100644 index 0000000..e69de29 diff --git a/salt/grains/ldap b/salt/grains/ldap new file mode 100644 index 0000000..93bef48 --- /dev/null +++ b/salt/grains/ldap @@ -0,0 +1,4 @@ +roles: + - vagrant + - ldapserver + - gnuviechadmin.gvaldap diff --git a/salt/grains/mail b/salt/grains/mail new file mode 100644 index 0000000..e69de29 diff --git a/salt/grains/mq b/salt/grains/mq new file mode 100644 index 0000000..e69de29 diff --git a/salt/grains/mysql b/salt/grains/mysql new file mode 100644 index 0000000..e69de29 diff --git a/salt/grains/pgsql b/salt/grains/pgsql new file mode 100644 index 0000000..e69de29 diff --git a/salt/grains/salt b/salt/grains/salt new file mode 100644 index 0000000..e69de29 diff --git a/salt/grains/service b/salt/grains/service new file mode 100644 index 0000000..e69de29 diff --git a/salt/grains/syslog b/salt/grains/syslog new file mode 100644 index 0000000..e69de29 diff --git a/salt/grains/web b/salt/grains/web new file mode 100644 index 0000000..6d42a2f --- /dev/null +++ b/salt/grains/web @@ -0,0 +1,7 @@ +roles: + - vagrant + - ldapclient + - webserver + - gnuviechadmin.gvaweb +nginx: + default_servername: web.local diff --git a/scripts/change-vmdebootstrap-default-dhcp.sh b/scripts/change-vmdebootstrap-default-dhcp.sh new file mode 100644 index 0000000..a5f3c38 --- /dev/null +++ b/scripts/change-vmdebootstrap-default-dhcp.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +set -e + +debootstrap_network=/etc/systemd/network/99-dhcp.network + +if grep -q '^Name=\\*' "${debootstrap_network}"; then + primary_nic=$(ls -1 /sys/class/net | grep -v lo |sort | head -1) + sed -i "s/^Name=e\\*/Name=${primary_nic}/" \ + "${debootstrap_network}" + systemctl restart systemd-networkd.service + echo "Changed systemd network configuration" +else + echo "Systemd network configuration has already been changed" +fi diff --git a/scripts/pregen_keys.sh b/scripts/pregen_keys.sh new file mode 100755 index 0000000..40b7f00 --- /dev/null +++ b/scripts/pregen_keys.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +set -e + +if [ ! -d salt/keys ]; then + mkdir -p salt/keys +fi +ls -1 salt/grains | while read a; do + if [ ! -f salt/keys/$a.pem ]; then + openssl genrsa -out salt/keys/$a.pem 2048 + fi + if [ ! -f salt/keys/$a.pub ]; then + openssl rsa -in salt/keys/$a.pem -pubout -out salt/keys/$a.pub + fi +done