LAN topology with NAT and DNS/DHCP where boxes register their own names, i.e.
after spawning a new box called
voyager, the existing boxes
ds9 should be able to ping it by using its hostname
Host system should have a simple REST API around VBoxManage that is exposed for the salt-master which would function as a provider for salt-cloud.
Configurable Access Key
In order for any tool to talk to boxes created automatically for us, we need
a passwordless SSH key pair:
This is an image with eth0, expecting DHCP and running an SSH server accepting
shared-minion-key on root. It only has basic hardening like fail2ban and
Effort for Ubuntu/Debian: 1-2h
Why not automate it? Because the alternatives are cumbersome with little gain since this only changes for new distro releases. For Ubuntu: 1/2 year and 3 years respectively (LTS).
fixed size 1 root device with LVM enabled to allow growth.
Should be faster, says Virtualbox.
Idea: Move from Base Image (1/2 year longevity) to „latest“ base image (monthly maybe) including latest Salt.
This can be run headless on CI or manually.
Virtualbox: clone base.ova into
Virtualbox: set NAT for eth0, forward 22
wget -O - https://raw.github.com/saltstack/salt-bootstrap/stable/bootstrap-salt.sh | sh
Don’t do this for salt-master, because either it is a long-living server or you can do it manually for this single instance.
New Node „www1“
Virtualbox: clone salt-latest.ova into www1
Virtualbox: set network to host-only, forward 22
SSH: set hostname, /etc/hostname and /etc/hosts
SSH: copy access key
Virtualbox: remove host-only network
Virtualbox: set internal network
NAT SSH: port-forward (iptables)