Hi, I did not read this whole threads, but yes, here we are currently managing a FAI server through SaltStack. It configures pxelinux files and my DHCP server. FAI rootfs installs the SaltStack repository with a script class, and my SaltStack server auto-accept keys from known hostnames through a SaltStack reactor or orchestrator, depending on the machine. When the key is accepted, a highstate is deployed to finish the install when the orchestrator is launched. All my machines configurations are stored on the SaltStack pillars. Those pillars contains the SaltStack minion's name, the hostname, the mac address, the IP address, the boot state and some other useful informations. When a machine is finally installed, the orchestrator change the value "boot" in my pillar corresponding to the machine to "OS" instead of "install" and the value is deployed to the tftp FAI server to changed the pxelinux file like fai-chboot would have done with states tftp and dhcp. When a machine needs to be reinstalled, orchestrator starts by changing its boot state, deploys the tftp state, reboot the machine and removes the key. Then the machine is installed; there is a big timeout in order to wait for the reinstall. Then the machine tries to reconnect to the machine "salt", key is auto-accepted, highstate is deployed, etc..
Problem with the orchestrator is that it is only one machine by one machine, contrary to a fully reactor system. Hope it helps, Best regards, Rémy Le mer. 11 oct. 2023, 13:33, Markus Köberl via linux-fai < linux-fai@uni-koeln.de> a écrit : > Diese Nachricht wurde eingewickelt um DMARC-kompatibel zu sein. Die > eigentliche Nachricht steht dadurch in einem Anhang. > > This message was wrapped to be DMARC compliant. The actual message > text is therefore in an attachment. > > > ---------- Forwarded message ---------- > From: "Markus Köberl" <markus.koeb...@tugraz.at> > To: linux-fai@uni-koeln.de > Cc: > Bcc: > Date: Wed, 11 Oct 2023 13:32:46 +0200 > Subject: Re: FAI + SaltStack anybody? > On Thursday, 5 October 2023 14:59:40 CEST Diego Zuccato wrote: > > Hello all. > > > > Does someone use FAI to install the base system that will be managed by > > Salt? > > I'm trying to integrate 'em but there's still something that doesn't > > "click"... > > > > My current idea is to use Salt to orchestrate the install, but maybe > > it's better left to FAI? How can I "pass around" minion key so I don't > > have to manually re-approve the new key every time? > > The ideal scenario would be: target generates its keypair, sends the > > pubkey to FAI that "certifies" it's from the system being installed and > > passes it to Salt. Should I write a custom fai-monitor (that would be > > needed anyway to disable netboot once system is reinstalled)? > > > > TIA. > > My solution at the moment is non-interactive. > In classes I have a script which asks for username and password for the > salt > api to save a cookie which is valid for a 30min. > Later during the fai installation a script uses the cookie to get the salt > key > via the salt api. After the first boot salt is doing the rest... > > Instead of using the non-interactive approach I guess you could also > provide > the cookie base64 encoded via boot parameter or dhcp. > > > regards > Markus > -- > Markus Koeberl > Graz University of Technology > Signal Processing and Speech Communication Laboratory > E-mail: markus.koeb...@tugraz.at