Salt managed network boot

Transcript

1. Ondrej Holecek (aaannz) Software Engineer @ SUSE [email protected] Saltboot Salt

   managed PXE boot

2. Agenda • Network boot • Salt • Saltboot – client

   side – server side

3. Network boot

4. Network boot • A method of having computer boot using

   only its network card • Purpose? – Thin client – Computer provisioning

5. Network boot • A method of having computer boot using

   only its network card • Purpose? – Thin client – Computer provisioning • How does it work? – BIOS → PXE → DHCP → Download NBP via TFTP → NBP → Boot

6. Preboot eXecution Environment (PXE) • Part of the NIC firmware

   or UEFI • Client side configuration – enable PXE/Network boot option in BIOS/UEFI • Server side configuration – DHCP – DHCP response must include PXE related information

7. DHCP with network boot support • subnet configuration with location

   of tftp server and NBP file option domain-name-servers 1.1.1.1, 8.8.8.8; default-lease-time 86400; max-lease-time 604800; authoritative; subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.70 192.168.1.100; filename "pxelinux.0"; next-server 192.168.1.50; option subnet-mask 255.255.255.0; option broadcast-address 192.168.1.255; option routers 192.168.1.1; }

8. TFTP, PXELINUX (NBD) • Trivial FTP for Network Boot Program

   provisioning – Default configuration is usually fine • PXELINUX (part of syslinux package) – /usr/share/syslinux/pxelinux.0 → /srv/tftpboot/pxelinux.0

9. pxelinux.cfg • /srv/tftpboot/pxelinux.cfg: DEFAULT netboot LABEL netboot kernel linux append

   initrd=initrd.gz panic=60 ramdisk_size=710000 ramdisk_blocksize=4096 vga=0x314 splash=silent console=tty0 console=ttyS0,115200 ramdisk_size=1310000 IPAPPEND 3 LABEL localboot localboot 0

10. Boot image • netboot image – kernel – netboot initrd

    • downloaded via tftp

11. Salt

12. SaltStack Salt “The most intelligent, powerful and flexible open source

    software for remote execution, configuration automation, cloud control and event-driven orchestration”

13. SaltStack Salt “The most intelligent, powerful and flexible open source

    software for remote execution, configuration automation, cloud control and event-driven orchestration” • Keywords: – event driven – remote execution – configuration automation

14. Architecture • Salt Master – Central node

15. Architecture • Salt Master • Salt Minions – Managed systems

16. Architecture • Salt Master • Salt Minion • Execution Modules

    – Ad hoc commands

17. Architecture • Salt Master • Salt Minion • Execution Modules

    • States – Representation of system configuration

18. Architecture • Salt Master • Salt Minion • Execution Modules

    • States • Pillars – Data stored on the Salt Master – Treated as trusted

19. Architecture • Salt Minion • Execution Modules • States •

    Pillars • Grains – Variable provided by minions – Not necessarily trustworthy

20. Architecture • Execution Modules • States • Pillars • Grains

    • Runners – Modules running on Salt Master – Orchestrate runner for coordination across many minions

21. Architecture • States • Pillars • Grains • Runners •

    Reactor – Predefined and custom events – Trigger states based on events

22. Saltboot

23. Saltboot stack • Client – Initrd – Grains, Events •

    Server – States, Runners, Execution modules, Reactor handlers – Pillars

24. Saltboot Initrd aka Salt boot control • LinuxRC script ends

    with system boot – need a way to stop the execution

25. Saltboot Initrd aka Salt boot control • LinuxRC script ends

    with system boot – need a way to stop the execution → insert start of salt-minion in the process • salt-minion must be started as foreground process

26. Saltboot Initrd aka Salt boot control • salt-minion blocks linuxrc

    execution until it is told to terminate • control of the machine is now handled to Salt master → Last command to continue boot must be salt-minion termination

27. Salt minion registration • By default minion wait until approved

    on master • Successful registration ends with generic minion event `salt/minion/*/start` • Salt master reactor configuration: reactor: - 'salt/minion/*/start': - salt://saltboot-reactor/minion_start.sls

28. saltboot-reactor/minion_start.sls • Salt master saltboot entry point disk_partitioned: module.run: -

    name: partition.mkpartfs - device: /dev/sda - part_type: primary - fs_type: btrfs - start: 2048 - end: 65535 stop_minion: cmd_run: - name: “kill `cat /var/run/salt-minion.pid`” - require: - module: disk_partitioned

29. Jinja for the rescue {% set disks = pillar.get(‘disks’) %}

    {% set start = 2048 %} {% for d, s in disks.items() %} disk_{{ p }}_partitioned: module.run: - name: partition.mkpartfs - device: {{ p }} - part_type: primary - fs_type: btrfs - start: {{ start }} - end: {{ s }} {% start = start + s %} {% endfor %} …

30. Pythonado • _states/saltboot.py → • saltboot.sls: def check_existing(partitions, device): ok

    = True existing = __salt__['partition.list'](device) for idx, part_id in enumerate(sorted(partitions)): p['exists'] = False for enum in existing['partitions'].keys(): e = existing['partitions'][enum] if e[‘end’] - e['start'] != p[‘size’]: ok = False if not ok: repartition_disk(partitions, device) ... check_partitions: saltboot.check_existing: - partitions: {{ partitions }} - device: {{ d }} ...

31. Taking server notes • Salt states executes on minions

32. Taking server notes • Salt states executes on minions →

    send event to start a runner … {% set name = “groot” %} i_am_{{ name }}: module.run: - name: event.send - tag: Home/Machines/Update - with_env: False - with_grains: True ...

33. Taking server notes • Salt states executes on minions →

    send event to start a runner … {% set name = “groot” %} i_am_{{ name }}: module.run: - name: event.send - tag: Home/Machines/Update - with_env: False - with_grains: True ... reactor: - 'salt/minion/*/start': - salt://saltboot-reactor/minion_start.sls - ‘Home/Machine/Update’: - salt://saltboot-reactor/machinelist.sls machinelist: salt.runner: - name: salt.cmd - fun: file.append - path: “/srv/mymachinelist.list” - args: “minion_id: {{ minion_id }}, {{ grains }}”

34. Sweet result

35. None
36. None
37. None
38. None
39. None
40. None

41. Q&A

42. Join Us at www.opensuse.org

43. License This slide deck is licensed under the Creative Commons

    Attribution-ShareAlike 4.0 International license. It can be shared and adapted for any purpose (even commercially) as long as Attribution is given and any derivative work is distributed under the same license. Details can be found at https://creativecommons.org/licenses/by-sa/4.0/ General Disclaimer This document is not to be construed as a promise by any participating organisation to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. openSUSE makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for openSUSE products remains at the sole discretion of openSUSE. Further, openSUSE reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All openSUSE marks referenced in this presentation are trademarks or registered trademarks of SUSE LLC, in the United States and other countries. All third-party trademarks are the property of their respective owners. Credits Template Richard Brown [email protected] Design & Inspiration openSUSE Design Team http://opensuse.github.io/branding- guidelines/