Slide 1

Slide 1 text

Ondrej Holecek (aaannz) Software Engineer @ SUSE [email protected] Saltboot Salt managed PXE boot

Slide 2

Slide 2 text

Agenda ● Network boot ● Salt ● Saltboot – client side – server side

Slide 3

Slide 3 text

Network boot

Slide 4

Slide 4 text

Network boot ● A method of having computer boot using only its network card ● Purpose? – Thin client – Computer provisioning

Slide 5

Slide 5 text

Network boot ● A method of having computer boot using only its network card ● Purpose? – Thin client – Computer provisioning ● How does it work? – BIOS → PXE → DHCP → Download NBP via TFTP → NBP → Boot

Slide 6

Slide 6 text

Preboot eXecution Environment (PXE) ● Part of the NIC firmware or UEFI ● Client side configuration – enable PXE/Network boot option in BIOS/UEFI ● Server side configuration – DHCP – DHCP response must include PXE related information

Slide 7

Slide 7 text

DHCP with network boot support ● subnet configuration with location of tftp server and NBP file option domain-name-servers 1.1.1.1, 8.8.8.8; default-lease-time 86400; max-lease-time 604800; authoritative; subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.70 192.168.1.100; filename "pxelinux.0"; next-server 192.168.1.50; option subnet-mask 255.255.255.0; option broadcast-address 192.168.1.255; option routers 192.168.1.1; }

Slide 8

Slide 8 text

TFTP, PXELINUX (NBD) ● Trivial FTP for Network Boot Program provisioning – Default configuration is usually fine ● PXELINUX (part of syslinux package) – /usr/share/syslinux/pxelinux.0 → /srv/tftpboot/pxelinux.0

Slide 9

Slide 9 text

pxelinux.cfg ● /srv/tftpboot/pxelinux.cfg: DEFAULT netboot LABEL netboot kernel linux append initrd=initrd.gz panic=60 ramdisk_size=710000 ramdisk_blocksize=4096 vga=0x314 splash=silent console=tty0 console=ttyS0,115200 ramdisk_size=1310000 IPAPPEND 3 LABEL localboot localboot 0

Slide 10

Slide 10 text

Boot image ● netboot image – kernel – netboot initrd ● downloaded via tftp

Slide 11

Slide 11 text

Salt

Slide 12

Slide 12 text

SaltStack Salt “The most intelligent, powerful and flexible open source software for remote execution, configuration automation, cloud control and event-driven orchestration”

Slide 13

Slide 13 text

SaltStack Salt “The most intelligent, powerful and flexible open source software for remote execution, configuration automation, cloud control and event-driven orchestration” ● Keywords: – event driven – remote execution – configuration automation

Slide 14

Slide 14 text

Architecture ● Salt Master – Central node

Slide 15

Slide 15 text

Architecture ● Salt Master ● Salt Minions – Managed systems

Slide 16

Slide 16 text

Architecture ● Salt Master ● Salt Minion ● Execution Modules – Ad hoc commands

Slide 17

Slide 17 text

Architecture ● Salt Master ● Salt Minion ● Execution Modules ● States – Representation of system configuration

Slide 18

Slide 18 text

Architecture ● Salt Master ● Salt Minion ● Execution Modules ● States ● Pillars – Data stored on the Salt Master – Treated as trusted

Slide 19

Slide 19 text

Architecture ● Salt Minion ● Execution Modules ● States ● Pillars ● Grains – Variable provided by minions – Not necessarily trustworthy

Slide 20

Slide 20 text

Architecture ● Execution Modules ● States ● Pillars ● Grains ● Runners – Modules running on Salt Master – Orchestrate runner for coordination across many minions

Slide 21

Slide 21 text

Architecture ● States ● Pillars ● Grains ● Runners ● Reactor – Predefined and custom events – Trigger states based on events

Slide 22

Slide 22 text

Saltboot

Slide 23

Slide 23 text

Saltboot stack ● Client – Initrd – Grains, Events ● Server – States, Runners, Execution modules, Reactor handlers – Pillars

Slide 24

Slide 24 text

Saltboot Initrd aka Salt boot control ● LinuxRC script ends with system boot – need a way to stop the execution

Slide 25

Slide 25 text

Saltboot Initrd aka Salt boot control ● LinuxRC script ends with system boot – need a way to stop the execution → insert start of salt-minion in the process ● salt-minion must be started as foreground process

Slide 26

Slide 26 text

Saltboot Initrd aka Salt boot control ● salt-minion blocks linuxrc execution until it is told to terminate ● control of the machine is now handled to Salt master → Last command to continue boot must be salt-minion termination

Slide 27

Slide 27 text

Salt minion registration ● By default minion wait until approved on master ● Successful registration ends with generic minion event `salt/minion/*/start` ● Salt master reactor configuration: reactor: - 'salt/minion/*/start': - salt://saltboot-reactor/minion_start.sls

Slide 28

Slide 28 text

saltboot-reactor/minion_start.sls ● Salt master saltboot entry point disk_partitioned: module.run: - name: partition.mkpartfs - device: /dev/sda - part_type: primary - fs_type: btrfs - start: 2048 - end: 65535 stop_minion: cmd_run: - name: “kill `cat /var/run/salt-minion.pid`” - require: - module: disk_partitioned

Slide 29

Slide 29 text

Jinja for the rescue {% set disks = pillar.get(‘disks’) %} {% set start = 2048 %} {% for d, s in disks.items() %} disk_{{ p }}_partitioned: module.run: - name: partition.mkpartfs - device: {{ p }} - part_type: primary - fs_type: btrfs - start: {{ start }} - end: {{ s }} {% start = start + s %} {% endfor %} …

Slide 30

Slide 30 text

Pythonado ● _states/saltboot.py → ● saltboot.sls: def check_existing(partitions, device): ok = True existing = __salt__['partition.list'](device) for idx, part_id in enumerate(sorted(partitions)): p['exists'] = False for enum in existing['partitions'].keys(): e = existing['partitions'][enum] if e[‘end’] - e['start'] != p[‘size’]: ok = False if not ok: repartition_disk(partitions, device) ... check_partitions: saltboot.check_existing: - partitions: {{ partitions }} - device: {{ d }} ...

Slide 31

Slide 31 text

Taking server notes ● Salt states executes on minions

Slide 32

Slide 32 text

Taking server notes ● Salt states executes on minions → send event to start a runner … {% set name = “groot” %} i_am_{{ name }}: module.run: - name: event.send - tag: Home/Machines/Update - with_env: False - with_grains: True ...

Slide 33

Slide 33 text

Taking server notes ● Salt states executes on minions → send event to start a runner … {% set name = “groot” %} i_am_{{ name }}: module.run: - name: event.send - tag: Home/Machines/Update - with_env: False - with_grains: True ... reactor: - 'salt/minion/*/start': - salt://saltboot-reactor/minion_start.sls - ‘Home/Machine/Update’: - salt://saltboot-reactor/machinelist.sls machinelist: salt.runner: - name: salt.cmd - fun: file.append - path: “/srv/mymachinelist.list” - args: “minion_id: {{ minion_id }}, {{ grains }}”

Slide 34

Slide 34 text

Sweet result

Slide 35

Slide 35 text

No content

Slide 36

Slide 36 text

No content

Slide 37

Slide 37 text

No content

Slide 38

Slide 38 text

No content

Slide 39

Slide 39 text

No content

Slide 40

Slide 40 text

No content

Slide 41

Slide 41 text

Q&A

Slide 42

Slide 42 text

Join Us at www.opensuse.org

Slide 43

Slide 43 text

License This slide deck is licensed under the Creative Commons Attribution-ShareAlike 4.0 International license. It can be shared and adapted for any purpose (even commercially) as long as Attribution is given and any derivative work is distributed under the same license. Details can be found at https://creativecommons.org/licenses/by-sa/4.0/ General Disclaimer This document is not to be construed as a promise by any participating organisation to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. openSUSE makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for openSUSE products remains at the sole discretion of openSUSE. Further, openSUSE reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All openSUSE marks referenced in this presentation are trademarks or registered trademarks of SUSE LLC, in the United States and other countries. All third-party trademarks are the property of their respective owners. Credits Template Richard Brown [email protected] Design & Inspiration openSUSE Design Team http://opensuse.github.io/branding- guidelines/