This repository contains Salt files to deploy various wlan slovenija servers. Expected to be used with Ubuntu Server 16.04, but it might work with other distributions as well.
To deploy a server you first have to configure your machine. Then you run Salt which connects to the target server and deploys it.
Clone the repository, including all submodules:
$ git clone --recursive git@github.com:wlanslovenija/wlanslovenija-servers.git
If you need to refresh submodules at any point, you can run:
$ git submodule update --init --recursive
Install salt-ssh
using virtualenv
:
# Create a Python 2 virtualenv, for example:
$ virtualenv --python=python2.7 --no-site-packages salt-virtualenv
$ source salt-virtualenv/bin/activate
# Install salt and all dependencies:
$ pip install -r requirements.txt
# Check version of salt-ssh
$ salt-ssh --version
# salt-ssh 2017.7.2 (Nitrogen)
We are currently using an old version of Salt (2017.7.2) and Python 2.
You should create a config/roster
file with something like (replacing <username>
with your username):
{% for host in [
'aggregator.wlan-si.net',
] %}
{{ host.split('.')[0] }}:
host: {{ host }}
port: 22
user: <username>
sudo: True
{% endfor %}
Import all used GPG keys:
$ gpg --import gpg-keys/*.pub
If server has already been deployed with Salt in the past, then syncing the new sate to the server can done by:
$ salt-ssh '<servername>' state.highstate
This will update everything, pull down new/updated Docker images, and update/restart/recreate Docker containers. You can run it against multiple servers at once. For each server you should look for summary like:
Summary for aggregator
--------------
Succeeded: 123 (changed=9)
Failed: 0
Warnings: 11
--------------
Total states run: 123
Total run time: 104.469 s
If there are any failures, you should investigate them, fix them, and re-deploy.
If you are connecting to the server for the first time by running a Salt command, you should run it as
salt-ssh --ignore-host-keys ...
to auto-accept the server's SSH key.
If you are making any changes to files in this repository and deploying a server, do not forget to commit and push your changes as soon as possible. The repository and deployed servers should be out of sync as little as possible.
Secrets are encrypted with GPG keys to be protected.
New secrets can be encrypted using (with all keys from gpg-keys
):
$ echo -n "supersecret" | gpg --armor --encrypt -r 86CBB63B98C753FC -r D2C5CA66EBF32285
You can also just run the gpg
command above and copy-paste the secret in.
Do note that copy-pasting will add a newline at the end of the secret, which might not be what you want.
To decrypt existing secret so that you can modify it, copy-paste it into:
$ gpg --decrypt
See Salt GPG renderer documentation for more information.
Currently we support Ubuntu Server 16.04 installed on the server, but it might work with newer versions as well.
Adding a new server is slightly a chicken and an egg problem. The best is to first create a
user with your username and add it to the sudo
group.
Add your public SSH key to /home/<username>/.ssh/authorized_keys
.
Your user on the target server should have sudo permissions without needing to provide a password.
You can configure that in /etc/sudoers
on the target server with such line (you can replace existing
one without NOPASSWD
):
# Allow members of group sudo to execute any command
%sudo ALL=(ALL) NOPASSWD: ALL
Also run on the server:
$ apt-get update
$ apt-get install python2 python-concurrent.futures
This installs dependencies Salt needs to run on the server.
New server should then be added to:
config/roster
template in this README filestates/top.sls
(if needed to configure special states for the server)pillars/<new server>.sls
andpillars/top.sls
For development wlan slovenija open wireless network development Trac is used, so you can see existing open tickets or open a new one there. Source code is available on GitHub. If you have any questions or if you want to discuss the project, use development mailing list.