LAN topology with NAT and DNS/DHCP where boxes register their own names, i.e.
after spawning a new box called
voyager, the existing boxes
ds9 should be able to ping it by using its hostname
Configurable Access Key¶
In order for any tool to talk to boxes created automatically for us, we need
a passwordless SSH key pair:
This is an image with eth0, expecting DHCP and running an SSH server accepting
shared-minion-key on root. It only has basic hardening like fail2ban and
Effort for Ubuntu/Debian: 1-2h
Why not automate it? Because the alternatives are cumbersome with little gain since this only changes for new distro releases. For Ubuntu: 1/2 year and 3 years respectively (LTS).
fixed size 1 root device with LVM enabled to allow growth.
Should be faster, says Virtualbox.
Idea: Move from Base Image (1/2 year longevity) to “latest” base image (monthly maybe) including latest Salt.
This can be run headless on CI or manually.
Virtualbox: clone base.ova into
Virtualbox: set NAT for eth0, forward 22
wget -O - https://raw.github.com/saltstack/salt-bootstrap/stable/bootstrap-salt.sh | sh
Don’t do this for salt-master, because either it is a long-living server or you can do it manually for this single instance.
New Node “www1”¶
Virtualbox: clone salt-latest.ova into www1
Virtualbox: set network to host-only, forward 22
SSH: set hostname, /etc/hostname and /etc/hosts
SSH: copy access key
Virtualbox: remove host-only network
Virtualbox: set internal network
NAT SSH: port-forward (iptables)