Bootstrap (not yet) minions using salt-ssh
a project by j_renner
Updated over 6 years ago. 2 hacker ♥️.

In SUSE Manager we want to offer support for bootstrapping systems that don't have the salt-minion installed and configured yet. This can be done using salt-ssh given just a hostname, username and password. See the docs about salt rosters for even more options. What we are missing:

  • Support for using salt-ssh in our library
  • User interface allowing users to input the needed parameters so they can bootstrap their systems

Join this project

Looking for hackers with the skills:

saltstack ssh java manager reactjs

This project is part of:

Hack Week 13

Activity

  • almost 10 years ago: joachimwerner liked this project.
  • almost 10 years ago: j_renner started this project.
  • almost 10 years ago: j_renner added keyword "saltstack" to this project.
  • almost 10 years ago: j_renner added keyword "ssh" to this project.
  • almost 10 years ago: j_renner added keyword "java" to this project.
  • almost 10 years ago: j_renner added keyword "manager" to this project.
  • almost 10 years ago: j_renner added keyword "reactjs" to this project.
  • almost 10 years ago: j_renner liked this project.
  • almost 10 years ago: j_renner originated this project.


    • Comments

    • joachimwerner
      almost 10 years ago by joachimwerner | Reply

      BTW, the next logical step would be to use a network scanning roster (or do the network scanning separately). I used salt-ssh with the scan roster for my SUSECon SE training. In landscapes where there is one root PW or the SSH key has been pre-distributed, mass on-boarding of systems can work really easily that way.

    Similar Projects

    Ansible to Salt integration by vizhestkov

    Description

    We already have initial integration of Ansible in Salt with the possibility to run playbooks from the salt-master on the salt-minion used as an Ansible Control node.

    In this project I want to check if it possible to make Ansible working on the transport of Salt. Basically run playbooks with Ansible through existing established Salt (ZeroMQ) transport and not using ssh at all.

    It could be a good solution for the end users to reuse Ansible playbooks or run Ansible modules they got used to with no effort of complex configuration with existing Salt (or Uyuni/SUSE Multi Linux Manager) infrastructure.

    Goals

    • [v] Prepare the testing environment with Salt and Ansible installed
    • [v] Discover Ansible codebase to figure out possible ways of integration
    • [v] Create Salt/Uyuni inventory module
    • [v] Make basic modules to work with no using separate ssh connection, but reusing existing Salt connection
    • [v] Test some most basic playbooks

    Resources

    GitHub page

    Video of the demo

    (Finish) Implementing SSH in Zig by lmulling

    Description

    Following Zig's philosophy of reinventing the wheel -- for the better, a while ago I've started implementing the ssh protocol in it. I've got as far as implementing all of the primitives, keys, certs, and most of the agent protocol -- what I needed at the time. Now, the aim is to finish the implementation.

    Current implementation: git.sr.ht/~mulling/zssh

    Goals

    • Have a working implementation of the ssh protocol in Zig.
    • Be flexible, as to allow for hacking of the protocol (i.e. testing PQC algorithms).
    • Be agnostic of cryptography libraries (i.e. libcrypto, leancrypto).

    Resources

    Testing and adding GNU/Linux distributions on Uyuni by juliogonzalezgil

    Join the Gitter channel! https://gitter.im/uyuni-project/hackweek

    Uyuni is a configuration and infrastructure management tool that saves you time and headaches when you have to manage and update tens, hundreds or even thousands of machines. It also manages configuration, can run audits, build image containers, monitor and much more!

    Currently there are a few distributions that are completely untested on Uyuni or SUSE Manager (AFAIK) or just not tested since a long time, and could be interesting knowing how hard would be working with them and, if possible, fix whatever is broken.

    For newcomers, the easiest distributions are those based on DEB or RPM packages. Distributions with other package formats are doable, but will require adapting the Python and Java code to be able to sync and analyze such packages (and if salt does not support those packages, it will need changes as well). So if you want a distribution with other packages, make sure you are comfortable handling such changes.

    No developer experience? No worries! We had non-developers contributors in the past, and we are ready to help as long as you are willing to learn. If you don't want to code at all, you can also help us preparing the documentation after someone else has the initial code ready, or you could also help with testing :-)

    The idea is testing Salt (including bootstrapping with bootstrap script) and Salt-ssh clients

    To consider that a distribution has basic support, we should cover at least (points 3-6 are to be tested for both salt minions and salt ssh minions):

    1. Reposync (this will require using spacewalk-common-channels and adding channels to the .ini file)
    2. Onboarding (salt minion from UI, salt minion from bootstrap scritp, and salt-ssh minion) (this will probably require adding OS to the bootstrap repository creator)
    3. Package management (install, remove, update...)
    4. Patching
    5. Applying any basic salt state (including a formula)
    6. Salt remote commands
    7. Bonus point: Java part for product identification, and monitoring enablement
    8. Bonus point: sumaform enablement (https://github.com/uyuni-project/sumaform)
    9. Bonus point: Documentation (https://github.com/uyuni-project/uyuni-docs)
    10. Bonus point: testsuite enablement (https://github.com/uyuni-project/uyuni/tree/master/testsuite)

    If something is breaking: we can try to fix it, but the main idea is research how supported it is right now. Beyond that it's up to each project member how much to hack :-)

    • If you don't have knowledge about some of the steps: ask the team
    • If you still don't know what to do: switch to another distribution and keep testing.

    This card is for EVERYONE, not just developers. Seriously! We had people from other teams helping that were not developers, and added support for Debian and new SUSE Linux Enterprise and openSUSE Leap versions :-)

    In progress/done for Hack Week 25

    Guide

    We started writin a Guide: Adding a new client GNU Linux distribution to Uyuni at https://github.com/uyuni-project/uyuni/wiki/Guide:-Adding-a-new-client-GNU-Linux-distribution-to-Uyuni, to make things easier for everyone, specially those not too familiar wht Uyuni or not technical.

    openSUSE Leap 16.0

    The distribution will all love!

    https://en.opensuse.org/openSUSE:Roadmap#DRAFTScheduleforLeap16.0

    Curent Status We started last year, it's complete now for Hack Week 25! :-D

    • [W] Reposync (this will require using spacewalk-common-channels and adding channels to the .ini file) NOTE: Done, client tools for SLMicro6 are using as those for SLE16.0/openSUSE Leap 16.0 are not available yet
    • [W] Onboarding (salt minion from UI, salt minion from bootstrap scritp, and salt-ssh minion) (this will probably require adding OS to the bootstrap repository creator)
    • [W] Package management (install, remove, update...). Works, even reboot requirement detection