Ondrej Holecek (aaannz) Software Engineer @ SUSE [email protected] Saltboot Salt managed PXE boot 

Agenda ● Network boot ● Salt ● Saltboot – client side – server side 

Network boot 

Network boot ● A method of having computer boot using only its network card ● Purpose? – Thin client – Computer provisioning 

Network boot ● A method of having computer boot using only its network card ● Purpose? – Thin client – Computer provisioning ● How does it work? – BIOS → PXE → DHCP → Download NBP via TFTP → NBP → Boot 

Preboot eXecution Environment (PXE) ● Part of the NIC firmware or UEFI ● Client side configuration – enable PXE/Network boot option in BIOS/UEFI ● Server side configuration – DHCP – DHCP response must include PXE related information 

DHCP with network boot support ● subnet configuration with location of tftp server and NBP file option domain-name-servers 1.1.1.1, 8.8.8.8; default-lease-time 86400; max-lease-time 604800; authoritative; subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.70 192.168.1.100; filename "pxelinux.0"; next-server 192.168.1.50; option subnet-mask 255.255.255.0; option broadcast-address 192.168.1.255; option routers 192.168.1.1; } 

TFTP, PXELINUX (NBD) ● Trivial FTP for Network Boot Program provisioning – Default configuration is usually fine ● PXELINUX (part of syslinux package) – /usr/share/syslinux/pxelinux.0 → /srv/tftpboot/pxelinux.0 

pxelinux.cfg ● /srv/tftpboot/pxelinux.cfg: DEFAULT netboot LABEL netboot kernel linux append initrd=initrd.gz panic=60 ramdisk_size=710000 ramdisk_blocksize=4096 vga=0x314 splash=silent console=tty0 console=ttyS0,115200 ramdisk_size=1310000 IPAPPEND 3 LABEL localboot localboot 0 

Boot image ● netboot image – kernel – netboot initrd ● downloaded via tftp 

Salt 

SaltStack Salt “The most intelligent, powerful and flexible open source software for remote execution, configuration automation, cloud control and event-driven orchestration” 

SaltStack Salt “The most intelligent, powerful and flexible open source software for remote execution, configuration automation, cloud control and event-driven orchestration” ● Keywords: – event driven – remote execution – configuration automation 

Architecture ● Salt Master – Central node 

Architecture ● Salt Master ● Salt Minions – Managed systems 

Architecture ● Salt Master ● Salt Minion ● Execution Modules – Ad hoc commands 

Architecture ● Salt Master ● Salt Minion ● Execution Modules ● States – Representation of system configuration 

Architecture ● Salt Master ● Salt Minion ● Execution Modules ● States ● Pillars – Data stored on the Salt Master – Treated as trusted 

Architecture ● Salt Minion ● Execution Modules ● States ● Pillars ● Grains – Variable provided by minions – Not necessarily trustworthy 

Architecture ● Execution Modules ● States ● Pillars ● Grains ● Runners – Modules running on Salt Master – Orchestrate runner for coordination across many minions 

Architecture ● States ● Pillars ● Grains ● Runners ● Reactor – Predefined and custom events – Trigger states based on events 

Saltboot 

Saltboot stack ● Client – Initrd – Grains, Events ● Server – States, Runners, Execution modules, Reactor handlers – Pillars 

Saltboot Initrd aka Salt boot control ● LinuxRC script ends with system boot – need a way to stop the execution 

Saltboot Initrd aka Salt boot control ● LinuxRC script ends with system boot – need a way to stop the execution → insert start of salt-minion in the process ● salt-minion must be started as foreground process 

Saltboot Initrd aka Salt boot control ● salt-minion blocks linuxrc execution until it is told to terminate ● control of the machine is now handled to Salt master → Last command to continue boot must be salt-minion termination 

Salt minion registration ● By default minion wait until approved on master ● Successful registration ends with generic minion event `salt/minion/*/start` ● Salt master reactor configuration: reactor: - 'salt/minion/*/start': - salt://saltboot-reactor/minion_start.sls 

saltboot-reactor/minion_start.sls ● Salt master saltboot entry point disk_partitioned: module.run: - name: partition.mkpartfs - device: /dev/sda - part_type: primary - fs_type: btrfs - start: 2048 - end: 65535 stop_minion: cmd_run: - name: “kill `cat /var/run/salt-minion.pid`” - require: - module: disk_partitioned 

Jinja for the rescue {% set disks = pillar.get(‘disks’) %} {% set start = 2048 %} {% for d, s in disks.items() %} disk_{{ p }}_partitioned: module.run: - name: partition.mkpartfs - device: {{ p }} - part_type: primary - fs_type: btrfs - start: {{ start }} - end: {{ s }} {% start = start + s %} {% endfor %} … 

Pythonado ● _states/saltboot.py → ● saltboot.sls: def check_existing(partitions, device): ok = True existing = __salt__['partition.list'](device) for idx, part_id in enumerate(sorted(partitions)): p['exists'] = False for enum in existing['partitions'].keys(): e = existing['partitions'][enum] if e[‘end’] - e['start'] != p[‘size’]: ok = False if not ok: repartition_disk(partitions, device) ... check_partitions: saltboot.check_existing: - partitions: {{ partitions }} - device: {{ d }} ... 

Taking server notes ● Salt states executes on minions 

Taking server notes ● Salt states executes on minions → send event to start a runner … {% set name = “groot” %} i_am_{{ name }}: module.run: - name: event.send - tag: Home/Machines/Update - with_env: False - with_grains: True ... 

Taking server notes ● Salt states executes on minions → send event to start a runner … {% set name = “groot” %} i_am_{{ name }}: module.run: - name: event.send - tag: Home/Machines/Update - with_env: False - with_grains: True ... reactor: - 'salt/minion/*/start': - salt://saltboot-reactor/minion_start.sls - ‘Home/Machine/Update’: - salt://saltboot-reactor/machinelist.sls machinelist: salt.runner: - name: salt.cmd - fun: file.append - path: “/srv/mymachinelist.list” - args: “minion_id: {{ minion_id }}, {{ grains }}” 

Sweet result 

No content

No content

No content

No content

No content

No content

Q&A 

Join Us at www.opensuse.org 

License This slide deck is licensed under the Creative Commons Attribution-ShareAlike 4.0 International license. It can be shared and adapted for any purpose (even commercially) as long as Attribution is given and any derivative work is distributed under the same license. Details can be found at https://creativecommons.org/licenses/by-sa/4.0/ General Disclaimer This document is not to be construed as a promise by any participating organisation to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. openSUSE makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for openSUSE products remains at the sole discretion of openSUSE. Further, openSUSE reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All openSUSE marks referenced in this presentation are trademarks or registered trademarks of SUSE LLC, in the United States and other countries. All third-party trademarks are the property of their respective owners. Credits Template Richard Brown [email protected] Design & Inspiration openSUSE Design Team http://opensuse.github.io/branding- guidelines/