Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
SaltStack: manage multiple gentoo systems
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo
View previous topic :: View next topic  
Author Message
geki
Advocate
Advocate


Joined: 13 May 2004
Posts: 2387
Location: Germania

PostPosted: Tue Dec 29, 2015 8:50 pm    Post subject: SaltStack: manage multiple gentoo systems Reply with quote

I know, quite an old topic, discussions happened here and there and I just missed a collection of necessities for administration.

so, here I am - this post may be updated in future, on my way to automate stuff.

[OT]
I luckily have my server box to serve.
for my laptops sake, I had to move away from Win10.
served anything but my nerves and the laptops heatsink.
and in future, I do not want to support Win10 for family.
until then, this is somewhat automated, hopefully. :roll:
[/OT]

Questions
- I wonder if it is necessary to push and manage the gentoo overlays to/on client side?

TODO
- create boot image with SaltStack + scripts to automate installation


help much appreciated!


basic setup - gentoo featured
build a server to host binary packages and serve as local rsync mirror

build binary packages for clients - https://wiki.gentoo.org/wiki/Binary_package_guide
start rsync server - https://wiki.gentoo.org/wiki/Local_Mirror

bugs
eselect opencl - complains about bad symlinks into PORTAGE_TMPDIR
perl xml parser - complains about missing ini file to set sax parser as default

if anyone is interested fixing these non-stopper ...

manage remote systems - SaltStack
package: app-admin/salt USE="zeromq"

clone files and directories, manage symlinks and file/directory modes - https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html
run commands remotely - https://docs.saltstack.com/en/latest/ref/states/requisites.html

basic setup
configuration like key management - https://docs.saltstack.com/en/latest/ref/configuration/index.html

configuration
server system
grep -v -E "^#|^$" /etc/salt/master:
interface: <ip address>
user: nobody
max_open_files: 100
worker_threads: 3
pidfile: /run/salt-master.pid
sock_dir: /run/salt/master
file_roots:
  base:
    - /var/salt/base
  xorg-mate-intel:
    - /var/salt/xorg-mate-intel
    - /var/salt/base
  xorg-mate-intel-uxa:
    - /var/salt/xorg-mate-intel-uxa
    - /var/salt/xorg-mate-intel
    - /var/salt/base
log_level: error
log_level_logfile: warning
client systems
grep -v -E "^#|^$" /etc/salt/minion:
master: <master fqdn or ip>
log_level: error

gekis salt configuration
- https://github.com/geki-yaba/gekis-salt-seed

edit /etc/salt/minion_id to select environment to clone configuration from. mixing of environments is not supported.
- i.e.: 'username_xorg-mate-intel' - or - 'username_xorg-mate-intel-uxa'

clone configuration files
example +geki-overlay +oz123/mate-de-gentoo-overlay:
/var/salt/
/var/salt/etc
/var/salt/etc/conf.d
/var/salt/etc/conf.d/xdm
/var/salt/etc/cron.daily
/var/salt/etc/cron.daily/salt
/var/salt/etc/fstab
/var/salt/etc/timezone
/var/salt/etc/portage
/var/salt/etc/portage/package.mask
/var/salt/etc/portage/package.unmask
/var/salt/etc/portage/make.conf
/var/salt/etc/portage/repos.conf
/var/salt/etc/portage/repos.conf/geki.conf
/var/salt/etc/portage/repos.conf/mate.conf
/var/salt/etc/portage/repos.conf/gentoo.conf
/var/salt/etc/portage/package.use
/var/salt/etc/portage/package.use/32bit.conf
/var/salt/etc/portage/package.use/various.conf

execute remote commands
example:
emerge-depclean:
  cmd.run:
    - name: emerge --depclean

eclean-pkg-deep:
  cmd.run:
    - name: eclean-pkg --deep

cleanup environment
remove superfluous files and directories:
cleanup-conf:
  file.absent:
    - name: /path/to/file_or_directory

create pre-built kernel
helper scripts in gekis-salt-seed:
root/make_kernel
root/pkg_kernel-intel_64
root/pkg_kernel


well, with this my laptop operates quite happily.

I guess the boot image happens as soon as I have to install another client.
that, sadly, may take a long time. :o
_________________
hear hear


Last edited by geki on Sat Jan 02, 2016 4:02 pm; edited 3 times in total
Back to top
View user's profile Send private message
geki
Advocate
Advocate


Joined: 13 May 2004
Posts: 2387
Location: Germania

PostPosted: Wed Dec 30, 2015 7:39 pm    Post subject: Reply with quote

just as a sidenode: manage server access

yes, just because I want to do it this way! :twisted:

rsync is fine with dynamic DNS clients, like dyndns.org accounts.
/etc/rsyncd.conf example:
hosts allow = 192.168.2.* <fqdn> ...

apache is sadly not fine with dynamic DNS clients.
therefore extend the Require statement of apache's module_authz_host.

edit #1
apache version 2.4.20 incorporated my patch.
require statement for dyndns:
Require forward-dns <fqdn>


old
patch - http://geki.selfhost.eu/hacks/module_authz-require-dyndns.diff
bashrc - http://geki.selfhost.eu/hacks/etc-portage-bashrc
extend require statement with keyword dyndns:
Require dyndns <fqdn>

have fun!
_________________
hear hear


Last edited by geki on Fri Apr 15, 2016 7:06 pm; edited 4 times in total
Back to top
View user's profile Send private message
geki
Advocate
Advocate


Joined: 13 May 2004
Posts: 2387
Location: Germania

PostPosted: Mon Jan 04, 2016 11:29 am    Post subject: Reply with quote

update #1
- manage stackable file server roots: replace files for specific environments (i.e.: xorg-mate-intel vs xorg-mate-intel-uxa)
- manage order of salt stacks to execute
- add /etc/skel/ skeleton for environment xorg-mate-intel
_________________
hear hear
Back to top
View user's profile Send private message
geki
Advocate
Advocate


Joined: 13 May 2004
Posts: 2387
Location: Germania

PostPosted: Sat Jan 30, 2016 10:07 am    Post subject: Reply with quote

update #2
base
- cron.daily/salt checks internet connection before updating minion

environment: xorg-mate-intel
- switch from firefox to inox (support Amazon Instant Video streaming via widevine)
- set global themeing to Green-Submarine/mate
- add patch for logitech unifying receiver to upower-pm-utils rule
_________________
hear hear


Last edited by geki on Sat Jan 30, 2016 11:32 pm; edited 1 time in total
Back to top
View user's profile Send private message
geki
Advocate
Advocate


Joined: 13 May 2004
Posts: 2387
Location: Germania

PostPosted: Mon Feb 15, 2016 7:38 pm    Post subject: Reply with quote

update #3
base
- cron.daily/salt protect system update somewhat
_________________
hear hear
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Mon Feb 15, 2016 8:16 pm    Post subject: Reply with quote

geki wrote:
update #3
base
- cron.daily/salt protect system update somewhat

geki ... you might wan to add a #comment there about it requiring the '-a' flag in /etc/inittab.

best ... khay
Back to top
View user's profile Send private message
geki
Advocate
Advocate


Joined: 13 May 2004
Posts: 2387
Location: Germania

PostPosted: Tue Feb 16, 2016 7:08 am    Post subject: Reply with quote

khayyam
Thanks once more! Done.
_________________
hear hear
Back to top
View user's profile Send private message
geki
Advocate
Advocate


Joined: 13 May 2004
Posts: 2387
Location: Germania

PostPosted: Fri Apr 15, 2016 7:07 pm    Post subject: Reply with quote

update #4
apache version 2.4.20 incorporated my patch.
require statement for dyndns:
Require forward-dns <fqdn>

_________________
hear hear
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum