View previous topic :: View next topic |
Author |
Message |
geki Advocate
Joined: 13 May 2004 Posts: 2387 Location: Germania
|
Posted: Tue Dec 29, 2015 8:50 pm Post subject: SaltStack: manage multiple gentoo systems |
|
|
I know, quite an old topic, discussions happened here and there and I just missed a collection of necessities for administration.
so, here I am - this post may be updated in future, on my way to automate stuff.
[OT]
I luckily have my server box to serve.
for my laptops sake, I had to move away from Win10.
served anything but my nerves and the laptops heatsink.
and in future, I do not want to support Win10 for family.
until then, this is somewhat automated, hopefully.
[/OT]
Questions
- I wonder if it is necessary to push and manage the gentoo overlays to/on client side?
TODO
- create boot image with SaltStack + scripts to automate installation
help much appreciated!
basic setup - gentoo featured
build a server to host binary packages and serve as local rsync mirror
build binary packages for clients - https://wiki.gentoo.org/wiki/Binary_package_guide
start rsync server - https://wiki.gentoo.org/wiki/Local_Mirror
bugs
eselect opencl - complains about bad symlinks into PORTAGE_TMPDIR
perl xml parser - complains about missing ini file to set sax parser as default
if anyone is interested fixing these non-stopper ...
manage remote systems - SaltStack
package: app-admin/salt USE="zeromq"
clone files and directories, manage symlinks and file/directory modes - https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html
run commands remotely - https://docs.saltstack.com/en/latest/ref/states/requisites.html
basic setup
configuration like key management - https://docs.saltstack.com/en/latest/ref/configuration/index.html
configuration
server system
grep -v -E "^#|^$" /etc/salt/master: | interface: <ip address>
user: nobody
max_open_files: 100
worker_threads: 3
pidfile: /run/salt-master.pid
sock_dir: /run/salt/master
file_roots:
base:
- /var/salt/base
xorg-mate-intel:
- /var/salt/xorg-mate-intel
- /var/salt/base
xorg-mate-intel-uxa:
- /var/salt/xorg-mate-intel-uxa
- /var/salt/xorg-mate-intel
- /var/salt/base
log_level: error
log_level_logfile: warning | client systems
grep -v -E "^#|^$" /etc/salt/minion: | master: <master fqdn or ip>
log_level: error |
gekis salt configuration
- https://github.com/geki-yaba/gekis-salt-seed
edit /etc/salt/minion_id to select environment to clone configuration from. mixing of environments is not supported.
- i.e.: 'username_xorg-mate-intel' - or - 'username_xorg-mate-intel-uxa'
clone configuration files
example +geki-overlay +oz123/mate-de-gentoo-overlay: | /var/salt/
/var/salt/etc
/var/salt/etc/conf.d
/var/salt/etc/conf.d/xdm
/var/salt/etc/cron.daily
/var/salt/etc/cron.daily/salt
/var/salt/etc/fstab
/var/salt/etc/timezone
/var/salt/etc/portage
/var/salt/etc/portage/package.mask
/var/salt/etc/portage/package.unmask
/var/salt/etc/portage/make.conf
/var/salt/etc/portage/repos.conf
/var/salt/etc/portage/repos.conf/geki.conf
/var/salt/etc/portage/repos.conf/mate.conf
/var/salt/etc/portage/repos.conf/gentoo.conf
/var/salt/etc/portage/package.use
/var/salt/etc/portage/package.use/32bit.conf
/var/salt/etc/portage/package.use/various.conf |
execute remote commands
example: | emerge-depclean:
cmd.run:
- name: emerge --depclean
eclean-pkg-deep:
cmd.run:
- name: eclean-pkg --deep |
cleanup environment
remove superfluous files and directories: | cleanup-conf:
file.absent:
- name: /path/to/file_or_directory |
create pre-built kernel
helper scripts in gekis-salt-seed: | root/make_kernel
root/pkg_kernel-intel_64
root/pkg_kernel |
well, with this my laptop operates quite happily.
I guess the boot image happens as soon as I have to install another client.
that, sadly, may take a long time. _________________ hear hear
Last edited by geki on Sat Jan 02, 2016 4:02 pm; edited 3 times in total |
|
Back to top |
|
|
geki Advocate
Joined: 13 May 2004 Posts: 2387 Location: Germania
|
Posted: Wed Dec 30, 2015 7:39 pm Post subject: |
|
|
just as a sidenode: manage server access
yes, just because I want to do it this way!
rsync is fine with dynamic DNS clients, like dyndns.org accounts.
/etc/rsyncd.conf example: | hosts allow = 192.168.2.* <fqdn> ... |
apache is sadly not fine with dynamic DNS clients.
therefore extend the Require statement of apache's module_authz_host.
edit #1
apache version 2.4.20 incorporated my patch.
require statement for dyndns: | Require forward-dns <fqdn> |
old
patch - http://geki.selfhost.eu/hacks/module_authz-require-dyndns.diff
bashrc - http://geki.selfhost.eu/hacks/etc-portage-bashrc
extend require statement with keyword dyndns: | Require dyndns <fqdn> |
have fun! _________________ hear hear
Last edited by geki on Fri Apr 15, 2016 7:06 pm; edited 4 times in total |
|
Back to top |
|
|
geki Advocate
Joined: 13 May 2004 Posts: 2387 Location: Germania
|
Posted: Mon Jan 04, 2016 11:29 am Post subject: |
|
|
update #1
- manage stackable file server roots: replace files for specific environments (i.e.: xorg-mate-intel vs xorg-mate-intel-uxa)
- manage order of salt stacks to execute
- add /etc/skel/ skeleton for environment xorg-mate-intel _________________ hear hear |
|
Back to top |
|
|
geki Advocate
Joined: 13 May 2004 Posts: 2387 Location: Germania
|
Posted: Sat Jan 30, 2016 10:07 am Post subject: |
|
|
update #2
base
- cron.daily/salt checks internet connection before updating minion
environment: xorg-mate-intel
- switch from firefox to inox (support Amazon Instant Video streaming via widevine)
- set global themeing to Green-Submarine/mate
- add patch for logitech unifying receiver to upower-pm-utils rule _________________ hear hear
Last edited by geki on Sat Jan 30, 2016 11:32 pm; edited 1 time in total |
|
Back to top |
|
|
geki Advocate
Joined: 13 May 2004 Posts: 2387 Location: Germania
|
|
Back to top |
|
|
khayyam Watchman
Joined: 07 Jun 2012 Posts: 6227 Location: Room 101
|
Posted: Mon Feb 15, 2016 8:16 pm Post subject: |
|
|
geki ... you might wan to add a #comment there about it requiring the '-a' flag in /etc/inittab.
best ... khay |
|
Back to top |
|
|
geki Advocate
Joined: 13 May 2004 Posts: 2387 Location: Germania
|
Posted: Tue Feb 16, 2016 7:08 am Post subject: |
|
|
khayyam
Thanks once more! Done. _________________ hear hear |
|
Back to top |
|
|
geki Advocate
Joined: 13 May 2004 Posts: 2387 Location: Germania
|
Posted: Fri Apr 15, 2016 7:07 pm Post subject: |
|
|
update #4
apache version 2.4.20 incorporated my patch.
require statement for dyndns: | Require forward-dns <fqdn> |
_________________ hear hear |
|
Back to top |
|
|
|