Difference between revisions of "SUSE Manager/bootstrapping-salt-scripted"

From MicroFocusInternationalWiki
Jump to: navigation, search
(Minion Registration using a bootstrap script)
(Minion Registration using a bootstrap script)
 
Line 27: Line 27:
  
 
== Minion Registration using a bootstrap script ==
 
== Minion Registration using a bootstrap script ==
1. If needed, regenerate the bootstrap script on the server with the Salt option enabled  
+
1. If needed, regenerate the bootstrap script on the server with the Salt option enabled
 +
 
 +
 
For SUSE Manager 3.0.X:
 
For SUSE Manager 3.0.X:
 
   <br/> <tt>mgr-bootstrap --salt --script=bootstrap-salt.sh --ssl-cert='/srv/www/htdocs/pub/RHN-ORG-TRUSTED-SSL-CERT'</tt>
 
   <br/> <tt>mgr-bootstrap --salt --script=bootstrap-salt.sh --ssl-cert='/srv/www/htdocs/pub/RHN-ORG-TRUSTED-SSL-CERT'</tt>

Latest revision as of 18:46, 19 December 2017

SUSE Manager Main Page

Bootstrap salt minions with bootstrap scripts

Since SUMA 3.0.2, you can create salt-specific bootstrap scripts that can be incorporated into your onboarding or build processes. While there are other ways to onboard a salt minion, this method provides consistency and scalability.

Prerequisites

Apply the latest updates to SUSE Manager 3, minimum update required is version 3.0.2.

Required channels

Make sure you have the corresponding product enabled and the channels synced. This must be completed before creating the bootstrap repositories. For example:

  • SLES11 SP4 x86_64
- Product: SUSE Linux Enterprise Server 11 SP4 (x86_64)
- Mandatory channels: sles11-sp4-pool-x86_64, sles11-sp4-suse-manager-tools-x86_64, sles11-sp4-updates-x86_64

In order to check if the channels have finished syncing:

  • Go to "Admin -> Setup Wizard" and look under tab "SUSE Products" You will see a Green indicator and the last sync time for completed products.
  • Go to Channels, and select the channel in question. Under "Basic Information", the "Last Modified" and "Last Repo Build" date/time stamps should agree, and the "Repo Cache Status" must be "Completed"
  • Optionally check the sync log file under /var/log/rhn/reposync/<channel-label>.log

Bootstrap repositories

On the server, create a bootstrap repository for each distribution/architecture with
mgr-create-bootstrap-repo
Ensure that this script finishes properly, and if not, re-check the channel sync. You can optionally include all the channels under the parent with this command option -
mgr-create-bootstrap-repo --with-custom-channels
You can safely re-run this command at any time, and you SHOULD whenever a new version of salt-minion is released, and your tools channel gets updated. The repositories are created under
/srv/www/htdocs/pub/repositories
, and are meant to be used in the registration/bootstrap process only.

Minion Registration using a bootstrap script

1. If needed, regenerate the bootstrap script on the server with the Salt option enabled


For SUSE Manager 3.0.X:

 
mgr-bootstrap --salt --script=bootstrap-salt.sh --ssl-cert='/srv/www/htdocs/pub/RHN-ORG-TRUSTED-SSL-CERT'

For SUSE Manager 3.1.X:

 
mgr-bootstrap --script=bootstrap-salt.sh --ssl-cert='/srv/www/htdocs/pub/RHN-ORG-TRUSTED-SSL-CERT'

This places the script in /srv/www/htdocs/pub/bootstrap by default.

2. Copy this for your specific use case, editing the script to reflect the correct activation key, and any other relevant content. Here are some examples of changes:

a. Add an activation key reference like this:

 ACTIVATION_KEYS=1-11sp4-x86_64

b. Comment out the removal of the certificate to prevent repository issues. Search for this section and ensure it looks like this:

  #echo  "* removing TLS certificate used for bootstrap"
  #echo "  (will be re-added via salt state)"
  #removeTLSCertificate

This prevents interference in some cases with proper channel certification.

3. Download and run the appropriately edited bootstrap script after completing the edits. The bootstrap script validates installation of the necessary Salt packages, sets the proper activation key, and starts the salt-minion service.

 
curl -Sks http://<server FQDN>/pub/bootstrap/bootstrap-salt.sh | /bin/bash

The script also creates a file on the minion: /etc/salt/minion.d/susemanager.conf with content that looks like this:

 master: <server FQDN>
 grains:
   susemanager:
       activation_key: "1-11sp4-x86_64"


4. Go to the Server web UI to Salt -> Onboarding and accept the minion's key. After a few minutes, the new minion will appear in your list of systems with the channels assigned in the activation key you specified in the bootstrap process.

Automatic Minion Registration using a bootstrap script in AutoYast

1. Do all of the above to set up the bootstrap repository and scripts.

2. Create a registration script like:

#!/bin/sh

echo "Installing Salt and Salt-Minion"
curl -Sks http://suma.yourcompany.com/pub/bootstrap/bootstrap-salt.sh | /bin/bash

echo "Configuring Salt Minion (/etc/salt/minion)"
/usr/bin/sed --in-place 's/#master: salt/master: suma.yourcompany.com\n\n# ---------------------------------------------------------\n#\nmgr_mine:config:\n  file.managed:\n    - name: \/etc\/salt\/minion.d\/susemanager-mine.conf\n    - contents:\n      - mine_return_job: True\nrestart_salt_minion:\n  cmd.run:\n      - name: service salt-minion restart\n      - shell: \/bin\/bash\n      - runas: root \n#\n# ---------------------------------------------------------\n/' /etc/salt/minion

echo "Removing Salt Registration from after.local"
grep -v salt-minion-registration /etc/rc.d/after.local > /etc/rc.d/after.local2
mv /etc/rc.d/after.local2 /etc/rc.d/after.local

(Substitute your SUSE Manager server host name for "suma.yourcompany.com") here, of course.

3. Base64 encode your script:

 base64 < salt-minion-registration.sh > salt-minion-registration.b64

4. Add a <post-script> to your AutoYast profile to call this registration script 5 minutes after system boot:

    <script>
        <debug config:type="boolean">true</debug>
        <feedback config:type="boolean">false</feedback>
        <feedback_type/>
        <filename>Minion</filename>
        <interpreter>shell</interpreter>
        <location><![CDATA[]]></location>
        <network_needed config:type="boolean">true</network_needed>
        <notification>Salt Minion Configuration</notification>
        <param-list config:type="list"/>
        <source><![CDATA[
#!/bin/sh
echo "(sleep 300 ; /root/salt-minion-registration.sh > /var/adm/autoinstall/logs/salt-minion-registration.log) &" >> /etc/rc.d/after.local
/bin/cat <<EOS > /root/salt-minion-registration.b64
IyEvYmluL3NoCgplY2hvICJJbnN0YWxsaW5nIFNhbHQgYW5kIFNhbHQtTWluaW9uIgpjdXJsIC1T
a3MgaHR0cDovL3N1bWEueW91cmNvbXBhbnkuY29tL3B1Yi9ib290c3RyYXAvYm9vdHN0cmFwLXNh
bHQuc2ggfCAvYmluL2Jhc2gKCmVjaG8gIkNvbmZpZ3VyaW5nIFNhbHQgTWluaW9uICgvZXRjL3Nh
bHQvbWluaW9uKSIKL3Vzci9iaW4vc2VkIC0taW4tcGxhY2UgJ3MvI21hc3Rlcjogc2FsdC9tYXN0
ZXI6IHN1bWEueW91cmNvbXBhbnkuY29tXG5cbiMgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tXG4jXG5tZ3JfbWluZTpjb25maWc6XG4gIGZp
bGUubWFuYWdlZDpcbiAgICAtIG5hbWU6IFwvZXRjXC9zYWx0XC9taW5pb24uZFwvc3VzZW1hbmFn
ZXItbWluZS5jb25mXG4gICAgLSBjb250ZW50czpcbiAgICAgIC0gbWluZV9yZXR1cm5fam9iOiBU
cnVlXG5yZXN0YXJ0X3NhbHRfbWluaW9uOlxuICBjbWQucnVuOlxuICAgICAgLSBuYW1lOiBzZXJ2
aWNlIHNhbHQtbWluaW9uIHJlc3RhcnRcbiAgICAgIC0gc2hlbGw6IFwvYmluXC9iYXNoXG4gICAg
ICAtIHJ1bmFzOiByb290IFxuI1xuIyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbi8nIC9ldGMvc2FsdC9taW5pb24KCmVjaG8gIlJlbW92
aW5nIFNhbHQgUmVnaXN0cmF0aW9uIGZyb20gYWZ0ZXIubG9jYWwiCmdyZXAgLXYgc2FsdC1taW5p
b24tcmVnaXN0cmF0aW9uIC9ldGMvcmMuZC9hZnRlci5sb2NhbCA+IC9ldGMvcmMuZC9hZnRlci5s
b2NhbDIKbXYgL2V0Yy9yYy5kL2FmdGVyLmxvY2FsMiAvZXRjL3JjLmQvYWZ0ZXIubG9jYWwKCmVj
aG8gIkRvbmUuIgoK
EOS
cd /root
base64 -d /root/salt-minion-registration.b64 > /root/salt-minion-registration.sh
chmod 700 /root/salt-minion-registration.sh
]]>
        </source>
      </script>

This gives everything time to settle down after initial boot, then calls the script to register with the SUSE Manager server.