FAI + SaltStack anybody?

Markus Köberl markus.koeberl at tugraz.at
Wed Oct 11 13:32:46 CEST 2023


On Thursday, 5 October 2023 14:59:40 CEST Diego Zuccato wrote:
> Hello all.
> 
> Does someone use FAI to install the base system that will be managed by
> Salt?
> I'm trying to integrate 'em but there's still something that doesn't
> "click"...
> 
> My current idea is to use Salt to orchestrate the install, but maybe
> it's better left to FAI? How can I "pass around" minion key so I don't
> have to manually re-approve the new key every time?
> The ideal scenario would be: target generates its keypair, sends the
> pubkey to FAI that "certifies" it's from the system being installed and
> passes it to Salt. Should I write a custom fai-monitor (that would be
> needed anyway to disable netboot once system is reinstalled)?
> 
> TIA.

My solution at the moment is non-interactive.
In classes I have a script which asks for username and password for the salt 
api to save a cookie which is valid for a 30min.
Later during the fai installation a script uses the cookie to get the salt key 
via the salt api. After the first boot salt is doing the rest...

Instead of using the non-interactive approach I guess you could also provide 
the cookie base64 encoded via boot parameter or dhcp. 


regards
Markus
-- 
Markus Koeberl
Graz University of Technology
Signal Processing and Speech Communication Laboratory
E-mail: markus.koeberl at tugraz.at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.uni-koeln.de/pipermail/linux-fai/attachments/20231011/bb82be67/attachment.sig>


More information about the linux-fai mailing list