mirror of
https://github.com/jbowdre/vagrant-saltlab.git
synced 2024-11-29 08:02:19 +00:00
Compare commits
5 commits
1ed83037ad
...
fc50bd1884
Author | SHA1 | Date | |
---|---|---|---|
fc50bd1884 | |||
c3f229ad89 | |||
ebfe38e51e | |||
c668bf171b | |||
117095ed5e |
14 changed files with 190 additions and 50 deletions
109
README.md
109
README.md
|
@ -1,31 +1,85 @@
|
|||
# vagrant-saltlab
|
||||
|
||||
Using Vagrant to run a portable [Salt](https://saltproject.io/) lab environment [on my Chromebook](https://runtimeterror.dev/create-vms-chromebook-hashicorp-vagrant/). The included Vagrantfile spawns a environment with a single Salt Master (named `salt`) and four Salt Minions (named `minion##`) running a few different common Linux distributions for learning, testing, and development. It leverages the `libvirt` provider to interact with native Linux virtualization, and has a few tweaks to work around limitations imposed by running this all within ChromeOS's LXC-based [Linux development environment](https://support.google.com/chromebook/answer/9145439).
|
||||
Using [HashiCorp Vagrant](https://github.com/hashicorp/vagrant) to run a portable, redeployable [Salt](https://saltproject.io/) lab environment [on my Chromebook](https://runtimeterror.dev/create-vms-chromebook-hashicorp-vagrant/).
|
||||
|
||||
The included Vagrantfile spawns a environment with a single Salt Master (named `salt`) and four Salt Minions (named `minion##`) running different common Linux distributions for learning, testing, and development. It leverages the [`libvirt` provider](https://github.com/vagrant-libvirt/vagrant-libvirt) to interact with native Linux virtualization, and has a few tweaks to work around limitations imposed by running this all within ChromeOS's LXC-based [Linux development environment](https://support.google.com/chromebook/answer/9145439).
|
||||
|
||||
To make it easier to deploy, test, break, tear down, and redeploy the environment:
|
||||
1. The Salt master blindly auto-accepts all minion keys.
|
||||
2. The minions register the `roles:saltlab` grain to aid in targeting.
|
||||
3. The master uses `gitfs` to pull the Salt content from this very Github repo.
|
||||
4. Additionally, the contents of `salt_content/local` get `rsync`ed to `/srv/` when the master starts up to make it easier to write/test Salt content locally. This is a one-way `rsync` from host to VM (and not the other way around), so make sure to write your Salt content on the host and use `vagrant rsync` to push changes into the VM.
|
||||
- The Salt master blindly auto-accepts all minion keys.
|
||||
- The minions register the `roles:saltlab` grain to aid in targeting.
|
||||
- The master uses `gitfs` to pull the starter Salt content from this very Github repo.
|
||||
- Additionally, the contents of `salt_content/local` get `rsync`ed to `/srv/` when the master starts up to make it easier to write/test Salt content locally. This is a one-way `rsync` from host to VM (and not the other way around), so make sure to write your Salt content on the host and use `vagrant rsync` to push changes into the VM.
|
||||
|
||||
## Preparation
|
||||
See [the blog post](https://runtimeterror.dev/create-vms-chromebook-hashicorp-vagrant/) for full details on how I've configured my environment.
|
||||
|
||||
<details><summary>Here's the crash course:</summary>
|
||||
|
||||
1. Verify support for nested virtualization:
|
||||
```shell
|
||||
ls -l /dev/kvm
|
||||
```
|
||||
2. Install prerequisites:
|
||||
```shell
|
||||
sudo apt update && sudo apt install \
|
||||
build-essential \
|
||||
gpg \
|
||||
lsb-release \
|
||||
rsync \
|
||||
wget
|
||||
```
|
||||
3. Install `virt-manager` and `libvirt-dev`:
|
||||
```shell
|
||||
sudo apt install virt-manager libvirt-dev
|
||||
```
|
||||
4. Configure libvirt:
|
||||
```shell
|
||||
sudo gpasswd -a $USER libvirt ; newgrp libvirt
|
||||
echo "remember_owner = 0" | sudo tee -a /etc/libvirt/qemu.conf
|
||||
echo "namespaces = []" | sudo tee -a /etc/libvirt/qemu.conf
|
||||
sudo systemctl restart libvirtd
|
||||
```
|
||||
5. Install Vagrant
|
||||
```shell
|
||||
wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
|
||||
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
|
||||
sudo apt update
|
||||
sudo apt install vagrant
|
||||
```
|
||||
6. Install `vagrant-libvirt` plugin:
|
||||
```shell
|
||||
vagrant plugin install vagrant-libvirt
|
||||
```
|
||||
</details>
|
||||
|
||||
## Usage
|
||||
|
||||
Clone this repo:
|
||||
```shell
|
||||
git clone https://github.com/jbowdre/vagrant-saltlab.git
|
||||
cd vagrant-saltlab
|
||||
```
|
||||
|
||||
Review the Vagrantfile, and adjust `CPU_COUNT` and `MEMORY_MB` if needed. Note that some of the machines won't function correctly with less than `1024` MB.
|
||||
```shell
|
||||
vim Vagrantfile
|
||||
```
|
||||
|
||||
Provision the virtual environment:
|
||||
```shell
|
||||
vagrant up
|
||||
```
|
||||
|
||||
The master and four minions will be deployed; this will take a few minutes. Once complete, you can verify status with `vagrant status`:
|
||||
The master and four minions will be deployed; this will take several minutes. Once complete, you can verify status with `vagrant status`:
|
||||
```shell
|
||||
; vagrant status
|
||||
vagrant status
|
||||
Current machine states:
|
||||
|
||||
salt running (libvirt)
|
||||
minion01 running (libvirt)
|
||||
minion02 running (libvirt)
|
||||
minion03 running (libvirt)
|
||||
minion04 running (libvirt)
|
||||
salt running (libvirt) # master, ubuntu 22.04
|
||||
minion01 running (libvirt) # ubuntu 22.04
|
||||
minion02 running (libvirt) # ubuntu 20.04
|
||||
minion03 running (libvirt) # rocky 8
|
||||
minion04 running (libvirt) # rocky 9
|
||||
|
||||
This environment represents multiple VMs. The VMs are all listed
|
||||
above with their current state. For more information about a specific
|
||||
|
@ -34,12 +88,24 @@ VM, run `vagrant status NAME`.
|
|||
|
||||
Access an SSH shell on the master with `vagrant ssh salt`:
|
||||
```shell
|
||||
; vagrant ssh salt
|
||||
Welcome to Ubuntu 20.04.6 LTS (GNU/Linux 5.4.0-139-generic x86_64)
|
||||
vagrant ssh salt
|
||||
Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 5.15.0-83-generic x86_64)
|
||||
|
||||
* Documentation: https://help.ubuntu.com
|
||||
* Management: https://landscape.canonical.com
|
||||
* Support: https://ubuntu.com/advantage
|
||||
* Support: https://ubuntu.com/pro
|
||||
|
||||
System information as of Tue Feb 6 04:28:02 PM UTC 2024
|
||||
|
||||
System load: 0.072265625 Processes: 104
|
||||
Usage of /: 14.3% of 30.34GB Users logged in: 0
|
||||
Memory usage: 59% IPv4 address for eth0: 192.168.121.69
|
||||
Swap usage: 0% IPv4 address for eth1: 192.168.100.120
|
||||
|
||||
|
||||
This system is built by the Bento project by Chef Software
|
||||
More information can be found at https://github.com/chef/bento
|
||||
Last login: Tue Feb 6 14:37:44 2024 from 192.168.121.1
|
||||
vagrant@salt:~$
|
||||
```
|
||||
|
||||
|
@ -76,10 +142,8 @@ And confirm that the local and remote content has been successfully merged into
|
|||
```shell
|
||||
vagrant@salt:~$ sudo salt-run fileserver.file_list
|
||||
- _reactor/sync_grains.sls # gitfs
|
||||
- acg/.gitkeep # local
|
||||
- acg/neofetch/init.sls # local
|
||||
- acg/neofetch/uninstall.sls # local
|
||||
- acg/top.sls # local
|
||||
- neofetch/init.sls # local
|
||||
- neofetch/uninstall.sls # local
|
||||
- top.sls # gitfs
|
||||
- users/init.sls # gitfs
|
||||
- vim/init.sls # gitfs
|
||||
|
@ -90,7 +154,12 @@ vagrant@salt:~$ sudo salt-run fileserver.file_list
|
|||
- webserver/uninstall.sls # gitfs
|
||||
```
|
||||
|
||||
You can then apply a state like so:
|
||||
```shell
|
||||
vagrant@salt:~$ sudo salt '*' state.apply neofetch
|
||||
```
|
||||
|
||||
Happy Salting!
|
||||
|
||||
## Cleanup
|
||||
To blow it all away for a fresh start, just run `vagrant destroy -f`.
|
||||
To blow it all away for a fresh start, just run `vagrant destroy -f`. You can then re-do `vagrant up`.
|
||||
|
|
79
Vagrantfile
vendored
79
Vagrantfile
vendored
|
@ -3,22 +3,30 @@
|
|||
|
||||
# Salt lab environment with one master and various minions
|
||||
|
||||
# hardware specs
|
||||
CPU_COUNT = 2
|
||||
MEMORY_MB = 1024
|
||||
|
||||
Vagrant.configure("2") do |config|
|
||||
config.nfs.verify_installed = false
|
||||
config.vm.synced_folder ".", "/vagrant", disabled: true
|
||||
config.vm.define "salt", primary: true do |salt|
|
||||
salt.vm.box = "peru/ubuntu-20.04-server-amd64"
|
||||
salt.vm.box = "bento/ubuntu-22.04"
|
||||
salt.vm.hostname = "salt"
|
||||
salt.vm.network "private_network", ip: "192.168.100.120"
|
||||
salt.vm.network :private_network,
|
||||
:ip => "192.168.100.120",
|
||||
:libvirt__dhcp_enabled => false
|
||||
salt.vm.provider :libvirt do |libvirt|
|
||||
libvirt.memory = 1024
|
||||
libvirt.cpus = CPU_COUNT
|
||||
libvirt.memory = MEMORY_MB
|
||||
end
|
||||
salt.vm.synced_folder 'salt_content/local', '/srv', type: 'rsync'
|
||||
salt.vm.provision "shell", inline: <<-SHELL
|
||||
apt-get update
|
||||
apt-get install curl vim python3-pygit2 -y
|
||||
apt-get install curl vim -y
|
||||
curl -o bootstrap-salt.sh -L https://bootstrap.saltproject.io
|
||||
sh bootstrap-salt.sh -M -X -U stable 3005
|
||||
sh bootstrap-salt.sh -M -X -U stable 3006
|
||||
salt-pip install pygit2
|
||||
cat << EOF > /etc/salt/master.d/lab.conf
|
||||
auto_accept: True
|
||||
file_roots:
|
||||
|
@ -55,14 +63,20 @@ EOF
|
|||
SHELL
|
||||
end
|
||||
config.vm.define "minion01" do |minion01|
|
||||
minion01.vm.box = "peru/ubuntu-20.04-server-amd64"
|
||||
minion01.vm.box = "bento/ubuntu-22.04"
|
||||
minion01.vm.hostname = "minion01"
|
||||
minion01.vm.network "private_network", ip: "192.168.100.121"
|
||||
minion01.vm.network :private_network,
|
||||
:ip => "192.168.100.121",
|
||||
:libvirt__dhcp_enabled => false
|
||||
minion01.vm.provider :libvirt do |libvirt|
|
||||
libvirt.cpus = CPU_COUNT
|
||||
libvirt.memory = MEMORY_MB
|
||||
end
|
||||
minion01.vm.provision "shell", inline: <<-SHELL
|
||||
apt-get update
|
||||
apt-get install curl -y
|
||||
curl -o bootstrap-salt.sh -L https://bootstrap.saltproject.io
|
||||
sh bootstrap-salt.sh -A 192.168.100.120 -U stable 3005
|
||||
sh bootstrap-salt.sh -A 192.168.100.120 -U stable 3006
|
||||
cat << EOF > /etc/salt/minion.d/grains.conf
|
||||
grains:
|
||||
roles:
|
||||
|
@ -72,14 +86,20 @@ EOF
|
|||
SHELL
|
||||
end
|
||||
config.vm.define "minion02" do |minion02|
|
||||
minion02.vm.box = "debian/bullseye64"
|
||||
minion02.vm.box = "peru/ubuntu-20.04-server-amd64"
|
||||
minion02.vm.hostname = "minion02"
|
||||
minion02.vm.network "private_network", ip: "192.168.100.122"
|
||||
minion02.vm.network :private_network,
|
||||
:ip => "192.168.100.122",
|
||||
:libvirt__dhcp_enabled => false
|
||||
minion02.vm.provider :libvirt do |libvirt|
|
||||
libvirt.cpus = CPU_COUNT
|
||||
libvirt.memory = MEMORY_MB
|
||||
end
|
||||
minion02.vm.provision "shell", inline: <<-SHELL
|
||||
apt-get update
|
||||
apt-get install curl -y
|
||||
curl -o bootstrap-salt.sh -L https://bootstrap.saltproject.io
|
||||
sh bootstrap-salt.sh -A 192.168.100.120 -U stable 3005
|
||||
sh bootstrap-salt.sh -A 192.168.100.120 -U stable 3006
|
||||
cat << EOF > /etc/salt/minion.d/grains.conf
|
||||
grains:
|
||||
roles:
|
||||
|
@ -90,19 +110,18 @@ EOF
|
|||
SHELL
|
||||
end
|
||||
config.vm.define "minion03" do |minion03|
|
||||
minion03.vm.box = "generic/rocky9"
|
||||
minion03.vm.box = "bento/rockylinux-8"
|
||||
minion03.vm.hostname = "minion03"
|
||||
minion03.vm.network "private_network", ip: "192.168.100.123"
|
||||
minion03.vm.network :private_network,
|
||||
:ip => "192.168.100.123",
|
||||
:libvirt__dhcp_enabled => false
|
||||
minion03.vm.provider :libvirt do |libvirt|
|
||||
libvirt.cpus = CPU_COUNT
|
||||
libvirt.memory = MEMORY_MB
|
||||
end
|
||||
minion03.vm.provision "shell", inline: <<-SHELL
|
||||
echo -n "> Waiting for network..."
|
||||
while ! host bootstrap.saltproject.io >/dev/null; do
|
||||
echo -n "."
|
||||
sleep 1
|
||||
done
|
||||
echo "Proceeding!"
|
||||
curl -o bootstrap-salt.sh -L https://bootstrap.saltproject.io
|
||||
# workaround for EL > 9 (https://github.com/saltstack/salt-bootstrap/issues/1903)
|
||||
sh bootstrap-salt.sh -A 192.168.100.120 -U -P -x python3 onedir 3005
|
||||
sh bootstrap-salt.sh -A 192.168.100.120 -U stable 3006
|
||||
systemctl enable salt-minion
|
||||
cat << EOF > /etc/salt/minion.d/grains.conf
|
||||
grains:
|
||||
|
@ -113,18 +132,18 @@ EOF
|
|||
SHELL
|
||||
end
|
||||
config.vm.define "minion04" do |minion04|
|
||||
minion04.vm.box = "generic/centos7"
|
||||
minion04.vm.box = "rockylinux/9"
|
||||
minion04.vm.hostname = "minion04"
|
||||
minion04.vm.network "private_network", ip: "192.168.100.124"
|
||||
minion04.vm.network :private_network,
|
||||
:ip => "192.168.100.124",
|
||||
:libvirt__dhcp_enabled => false
|
||||
minion04.vm.provider :libvirt do |libvirt|
|
||||
libvirt.cpus = CPU_COUNT
|
||||
libvirt.memory = MEMORY_MB
|
||||
end
|
||||
minion04.vm.provision "shell", inline: <<-SHELL
|
||||
echo -n "> Waiting for network..."
|
||||
while ! host bootstrap.saltproject.io >/dev/null; do
|
||||
echo -n "."
|
||||
sleep 1
|
||||
done
|
||||
echo "Proceeding!"
|
||||
curl -o bootstrap-salt.sh -L https://bootstrap.saltproject.io
|
||||
sh bootstrap-salt.sh -A 192.168.100.120 -U stable 3005
|
||||
sh bootstrap-salt.sh -A 192.168.100.120 -U stable 3006
|
||||
cat << EOF > /etc/salt/minion.d/grains.conf
|
||||
grains:
|
||||
roles:
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# vim: ft=yaml
|
||||
---
|
||||
pkgs:
|
||||
{% if grains['os_family'] == 'RedHat' %}
|
||||
apache: httpd
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# vim: ft=yaml
|
||||
---
|
||||
base:
|
||||
'*':
|
||||
- users
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# vim: ft=yaml
|
||||
---
|
||||
users:
|
||||
jake: 1001
|
||||
jason: 1002
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# vim: ft=yaml
|
||||
---
|
||||
sync_grains:
|
||||
local.saltutil.sync_grains:
|
||||
- tgt: {{ data['id'] }}
|
|
@ -1,3 +1,6 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# vim: ft=yaml
|
||||
---
|
||||
base:
|
||||
'*':
|
||||
- vim
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# vim: ft=yaml
|
||||
---
|
||||
{% for user, uid in pillar.get('users', {}).items() %}
|
||||
{{user}}:
|
||||
user.present:
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# vim: ft=yaml
|
||||
---
|
||||
install_vim:
|
||||
pkg.installed:
|
||||
- name: {{ pillar['pkgs']['vim'] }}
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# vim: ft=yaml
|
||||
---
|
||||
uninstall_vim:
|
||||
pkg.removed:
|
||||
- name: {{ pillar['pkgs']['vim'] }}
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# vim: ft=yaml
|
||||
---
|
||||
install_apache:
|
||||
pkg.installed:
|
||||
- name: {{ pillar['pkgs']['apache'] }}
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# vim: ft=yaml
|
||||
---
|
||||
uninstall_apache:
|
||||
pkg.removed:
|
||||
- name: {{ pillar['pkgs']['apache'] }}
|
||||
|
|
16
salt_content/local/salt/neofetch/init.sls
Normal file
16
salt_content/local/salt/neofetch/init.sls
Normal file
|
@ -0,0 +1,16 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# vim: ft=yaml
|
||||
---
|
||||
{% if grains['os_family'] == 'RedHat' %}
|
||||
install_epel_repo:
|
||||
pkg.installed:
|
||||
- name: epel-release
|
||||
{% endif %}
|
||||
|
||||
install_neofetch:
|
||||
pkg.installed:
|
||||
- name: neofetch
|
||||
{% if grains['os_family'] == 'RedHat' %}
|
||||
- require:
|
||||
- pkg: install_epel_repo
|
||||
{% endif %}
|
6
salt_content/local/salt/neofetch/uninstall.sls
Normal file
6
salt_content/local/salt/neofetch/uninstall.sls
Normal file
|
@ -0,0 +1,6 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# vim: ft=yaml
|
||||
---
|
||||
uninstall_neofetch:
|
||||
pkg.removed:
|
||||
- name: neofetch
|
Loading…
Reference in a new issue