2.8 KiB
date | title | author | tags | ||||
---|---|---|---|---|---|---|---|
2015-01-25T14:00:00+01:00 | Prepare a minimal lxc image for salt | jochum |
|
These are basic commands i use to prepare a minimal lxc image for saltstack. This requires the howto Install lxc and prepare it for a unprivileged user
Login as lxd
if you have got a unprivileged install like me.
$ ssh lxd@localhost
Download the Image
I use the btrfs backing store driver here, see its man page for more.
$ lxc-create -B btrfs -t download -n trusty64 -- -d ubuntu -r trusty -a amd64
Start and attach
lxc-start -n trusty64
lxc-attach -n trusty64
Upgrade the base system
You'r now in the machine, its like chroot on steroids
apt-get update && apt-get -qy dist-upgrade
Install openssh-server
apt-get -qy install openssh-server
Install salt-minion
apt-get -qy install software-properties-common
add-apt-repository -y ppa:saltstack/salt
apt-get update
apt-get -qy install salt-minion
Configure salt-minion for the first connect
I enable IPv6
here as i use a IPv6 only network to play around.
service salt-minion stop
echo -e "master: salt\nipv6: True" > /etc/salt/minion.d/master.conf
rm -rf /etc/salt/minion_id /etc/salt/pki/
Remove ssh keys, let salt provision it
rm -f /etc/ssh/ssh_host_*_key*
Set the hostname to FQDN so you have it later with a Domain in your saltmaster
Replace lxc.example.lan
with the domain you have in /etc/default/lxc-net
$ sed -i -e's|trusty64|trusty64.lxc.example.lan|' /etc/hosts
Delete default "ubuntu" user (want salt to provision the id:1000 user)
$ userdel -rf ubuntu
Now get back on your machine:
$ exit
and stop the base image you must made:
$ lxc-stop -n trusty64
Do this every time you need a new testing/production machine
Clone it and let your salt master provision it :)
I use the snapshot feature here.
replace jupiter
with your own hostname.
$ lxc-clone -s trusty64 jupiter
$ lxc-start -n jupiter
Get info from your new machine
$ lxc-ls -f
On the Master
$ salt-key -a 'jupiter.*'
If you have a firewalled development saltmaster you may want to activate auto_accept
Wanna do it again?
Destroy the machine (as lxd@localhost)
$ lxc-destroy -n jupiter
Remove the key on the Master
$ salt-key -d 'jupiter.*'
Clone it again and let the master provision it (again as lxd@localhost)
$ lxc-clone -s trusty64 jupiter
$ lxc-start -n jupiter