FAI + SaltStack anybody?

Carsten Aulbert carsten.aulbert at aei.mpg.de
Thu Oct 5 15:17:26 CEST 2023


Hi Diego,

On 10/5/23 14:59, Diego Zuccato wrote:
> Does someone use FAI to install the base system that will be managed by 
> Salt?
> I'm trying to integrate 'em but there's still something that doesn't 
> "click"...

> My current idea is to use Salt to orchestrate the install, but maybe 
> it's better left to FAI? How can I "pass around" minion key so I don't 
> have to manually re-approve the new key every time?

> The ideal scenario would be: target generates its keypair, sends the 
> pubkey to FAI that "certifies" it's from the system being installed and 
> passes it to Salt. Should I write a custom fai-monitor (that would be 
> needed anyway to disable netboot once system is reinstalled)?

we usually try with the hardware level configuration being the "border", 
i.e. everything related to partitioning, initial OS install, at least 
initial networking set-up is done with FAI (well, and salt is installed 
configured as well).

Then FAI reboots the server and upon service start, the server starts a 
highstate and performs the remaining configuration.

To set-up salt, we wrote our own script around fai-chboot which ssh into 
the salt-master, creates a keypair and copies the files to the 
appropriate places. FAI will install the private key during the 
installation and the public key is already known on the master, no need 
to accept the keys anymore.

Does that help a bit?

Cheers

Carsten

-- 
Dr. Carsten Aulbert, Max Planck Institute for Gravitational Physics,
Callinstraße 38, 30167 Hannover, Germany, Phone +49 511 762 17185
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4827 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.uni-koeln.de/pipermail/linux-fai/attachments/20231005/b1f3c4a5/attachment.p7s>


More information about the linux-fai mailing list