Hi Diego, On 10/5/23 14:59, Diego Zuccato wrote:
Does someone use FAI to install the base system that will be managed by Salt? I'm trying to integrate 'em but there's still something that doesn't "click"...
My current idea is to use Salt to orchestrate the install, but maybe it's better left to FAI? How can I "pass around" minion key so I don't have to manually re-approve the new key every time?
The ideal scenario would be: target generates its keypair, sends the pubkey to FAI that "certifies" it's from the system being installed and passes it to Salt. Should I write a custom fai-monitor (that would be needed anyway to disable netboot once system is reinstalled)?
we usually try with the hardware level configuration being the "border", i.e. everything related to partitioning, initial OS install, at least initial networking set-up is done with FAI (well, and salt is installed configured as well).
Then FAI reboots the server and upon service start, the server starts a highstate and performs the remaining configuration.
To set-up salt, we wrote our own script around fai-chboot which ssh into the salt-master, creates a keypair and copies the files to the appropriate places. FAI will install the private key during the installation and the public key is already known on the master, no need to accept the keys anymore.
Does that help a bit? Cheers Carsten -- Dr. Carsten Aulbert, Max Planck Institute for Gravitational Physics, Callinstraße 38, 30167 Hannover, Germany, Phone +49 511 762 17185
smime.p7s
Description: S/MIME Cryptographic Signature
