Images
LAN topology with NAT and DNS/DHCP where boxes register their own names, i.e.
after spawning a new box called voyager
, the existing boxes enterprise
and
ds9
should be able to ping it by using its hostname voyager
.
Configurable Access Key
In order for any tool to talk to boxes created automatically for us, we need
a passwordless SSH key pair: shared-minion-key
base.ova
This is an image with eth0, expecting DHCP and running an SSH server accepting
shared-minion-key
on root. It only has basic hardening like fail2ban and
passwordless SSH.
Effort for Ubuntu/Debian: 1-2h
Why not automate it? Because the alternatives are cumbersome with little gain since this only changes for new distro releases. For Ubuntu: 1/2 year and 3 years respectively (LTS).
Alternatives:
Settings:
fixed size 1 root device with LVM enabled to allow growth.
- 1
Should be faster, says Virtualbox.
salt-${version}.ova
Idea: Move from Base Image (1/2 year longevity) to „latest“ base image (monthly maybe) including latest Salt.
This can be run headless on CI or manually.
Virtualbox: clone base.ova into
salt-${version}.ova
Virtualbox: set NAT for eth0, forward 22
SSH:
wget -O - https://raw.github.com/saltstack/salt-bootstrap/stable/bootstrap-salt.sh | sh
Bemerkung
Don’t do this for salt-master, because either it is a long-living server or you can do it manually for this single instance.
New Node „www1“
Virtualbox: clone salt-latest.ova into www1
Virtualbox: set network to host-only, forward 22
SSH: set hostname, /etc/hostname and /etc/hosts
SSH: copy access key
Virtualbox: remove host-only network
Virtualbox: set internal network
NAT SSH: port-forward (iptables)
curl