TODO sudo salt-call --local --id=initial-setup state.apply baseline pillar='{"SALT_ROLES": "nebula-ca", "NEBULA_HOSTNAME": "issuer"}'
There's some steps we need to execute before salt will be able to execute
IF and only if you're running this on proxmox; drop the licensed repo and adopt the regular
rm /etc/apt/sources.list.d/pve-enterprise.list
echo "deb [arch=amd64] http://download.proxmox.com/debian/pve bullseye pve-no-subscription" > /etc/apt/sources.list.d/pve-install-repo.list
Then the remaining dependencies before we install the minion
sudo apt update && sudo apt -y upgrade && sudo apt install -y curl build-essential dkms
# IF non-proxmox
#sudo apt install linux-headers-$(uname -r)
# else, if proxmox
#sudo apt install pve-headers
# if virtualbox
# sudo apt install libxt6 libxmu6
# THEN install guest additions following normal mount + run VBoxLinuxAdditions.run
# install salt minion(edafults to only minion, not master)
curl -o bootstrap-salt.sh -L https://bootstrap.saltproject.io && chmod +x bootstrap-salt.sh && sudo ./bootstrap-salt.sh -P onedir
# ensure minion running
sudo systemctl status salt-minion
Prior to this working, get the contents of the salt directory to /srv/salt
, probably with a symlink.
Confirm /srv/salt has this README.md within before proceeding
Note: we use the minion id in a hacky manner
First, initialize our salt minion file with the desired roles.
Check the top.sls
file to see what roles a given server should have.
# apply critical dependency including minion config
#
# NOTE: the SALT_ROLES here controls what states will be applied
# and how that state will be rendered(ie, for nebula config if applicable)
sudo salt-call --local --id=initial-setup state.apply baseline pillar='{"SALT_ROLES": "role1 role2 role3", "NEBULA_HOSTNAME": "$NEBULA_HOSTNAME"}
# Highstate all configuration
sudo salt-call --local state.apply
# Present depending on enabled roles.
./install_extensions.sh # created by vscode state
./load_x_preferences.sh # created by comfort state
For docker support
# docker fun flakiness, requires manual execution and maybe multiple retries
sudo salt-call --local state.apply.apply docker
Then reboot and get into a graphical env using
startx
Proxmox base templates are easy to initialize; this generates an image that has salt-minion installed and the baseline
state having been run.
- boot up a debian image(11 is a known good version) as a fresh VM
- run
vm/initialize_base_image.sh
within the fresh VM - shutdown and create template
To execute nebula-related states, you need a pillar at /srv/pillar
that contains a list of ip:port pairs for lighthouse-related contents.
The recommendation is to keep these as a separate git repo, clone it separately, and then
ln -s /media/pillar /srv/pillar
ie
nebula_external_ips:
"lighthouse-do": 1.2.3.4:4242
salt-call --local --id initial-setup state.apply baseline pillar='{"SALT_ROLES": "nebula-node vm-ui docker", "NEBULA_HOSTNAME": "1m1" }'
salt-call --local state.apply