LAN topology with NAT and DNS/DHCP where boxes register their own names, i.e.
after spawning a new box called
voyager, the existing boxes
ds9 should be able to ping it by using its hostname
Configurable Access Key¶
In order for any tool to talk to boxes created automatically for us, we need
a passwordless SSH key pair:
This is an image with eth0, expecting DHCP and running an SSH server accepting
shared-minion-key on root. It only has basic hardening like fail2ban and
Effort for Ubuntu/Debian: 1-2h
Why not automate it? Because the alternatives are cumbersome with little gain since this only changes for new distro releases. For Ubuntu: 1/2 year and 3 years respectively (LTS).
- fixed size  root device with LVM enabled to allow growth.
|||Should be faster, says Virtualbox.|
Idea: Move from Base Image (1/2 year longevity) to “latest” base image (monthly maybe) including latest Salt.
This can be run headless on CI or manually.
- Virtualbox: clone base.ova into
- Virtualbox: set NAT for eth0, forward 22
wget -O - https://raw.github.com/saltstack/salt-bootstrap/stable/bootstrap-salt.sh | sh
Don’t do this for salt-master, because either it is a long-living server or you can do it manually for this single instance.
New Node “www1”¶
- Virtualbox: clone salt-latest.ova into www1
- Virtualbox: set network to host-only, forward 22
- SSH: set hostname, /etc/hostname and /etc/hosts
- SSH: copy access key
- Virtualbox: remove host-only network
- Virtualbox: set internal network
- NAT SSH: port-forward (iptables)