Images

LAN topology with NAT and DNS/DHCP where boxes register their own names, i.e. after spawning a new box called voyager, the existing boxes enterprise and ds9 should be able to ping it by using its hostname voyager.

Todo

Host system should have a simple REST API around VBoxManage that is exposed for the salt-master which would function as a provider for salt-cloud.

Configurable Access Key

In order for any tool to talk to boxes created automatically for us, we need a passwordless SSH key pair: shared-minion-key

base.ova

This is an image with eth0, expecting DHCP and running an SSH server accepting shared-minion-key on root. It only has basic hardening like fail2ban and passwordless SSH.

Effort for Ubuntu/Debian: 1-2h

Why not automate it? Because the alternatives are cumbersome with little gain since this only changes for new distro releases. For Ubuntu: 1/2 year and 3 years respectively (LTS).

Alternatives:

• http://www.vagrantup.com/

• http://www.packer.io/

Settings:

• fixed size [1] root device with LVM enabled to allow growth.

[1]

Should be faster, says Virtualbox.

salt-${version}.ova

Idea: Move from Base Image (1/2 year longevity) to “latest” base image (monthly maybe) including latest Salt.

This can be run headless on CI or manually.

• Virtualbox: clone base.ova into salt-${version}.ova

• Virtualbox: set NAT for eth0, forward 22

• SSH: wget -O - https://raw.github.com/saltstack/salt-bootstrap/stable/bootstrap-salt.sh | sh

Note

Don’t do this for salt-master, because either it is a long-living server or you can do it manually for this single instance.

New Node “www1”

• Virtualbox: clone salt-latest.ova into www1

• Virtualbox: set network to host-only, forward 22

• SSH: set hostname, /etc/hostname and /etc/hosts

• SSH: copy access key

• Virtualbox: remove host-only network

• Virtualbox: set internal network

• NAT SSH: port-forward (iptables)

• curl