Palvelinten Hallinta – Harjoitus 2

For this I exercise I am using 2 droplets created in DigitalOcean. Both are xubuntu 18.04

cpu2
FRA1 / 1GB / 25GB Disk
138.68.86.206
cpu1
FRA1 / 1GB / 25GB Disk
104.248.17.94
b) Install SSH to a different port using Package-File-Service
I used tutorial made by Tero Karvinen to do this part.
Firstly I created new file called sshd.sls into /srv/salt
Then I edited my sshd_config file in /etc/ssh/sshd_config by adding another port 8888 into the file and copied into salt folder.
cp /etc/ssh/sshd_config /srv/salt/
After this I simply run the command
sudo salt '*' state.apply sshd
As for testing I logged into my slave with
ssh -p 8888 petri@104.248.17.94
And got in.
Now without -p 8888 I only get
ssh: connect to host 104.248.17.94 port 22: Connection refused
So it seems to be working as intended.
c) Install Apache using salt and to get access to userpages
First I need to create a new folder called apache into /srv/salt/
Next I need a new init.sls file into apache directory
I figured it would be best to do this in parts so if I get errors it will be easier to fix it.
apache2:
  pkg.installed
Run:
sudo salt '*' state.apply apache
State returned with no errors so I can continue
At this point I created new index.html file with text ”User home page” into apache folder.
After this I add new lines for init.sls in apache folder
/var/www/html/index.html:
  file.managed:
    - source: salt://apache/index.html
This should replace the default page.
Now before getting it working I need to add a2enmod userdir
apache2:
  pkg.installed

/var/www/html/index.html:
  file.managed:
    - source: salt://apache/index.html

/etc/apache2/mods-enabled/userdir.conf:
  file.symlink:
    - target: ../mods-available/userdir.conf

/etc/apache2/mods-enabled/userdir.load:
  file.symlink:
    - target: ../mods-available/userdir.load

apache2service:
  service.running:
    - name: apache2
    - watch:
      - file: /etc/apache2/mods-enabled/userdir.load
      - file: /etc/apache2/mods-enabled/userdir.conf
Now I apply sudo salt ’*’ state.apply apache
Seems to be working, but I have to check if the user pages have been replaced from minion.
petri@cpu1:/var/www/html$ cat index.html 
User home page
Seems to be working as intended.
D) Different package-file-service
Since there are not so many different things I’ve taken advantage in Linux yet, I decided to test out how to automate php.
First I need a new folder into /srv/salt let it be called php
Now I create new init.sls file into it.
libapache2-mod-php:
  pkg.installed

/etc/apache2/mods-available/php7.0.conf:
  file.managed:
    - source: salt://php/php7.0.conf

phpservice:
  service.running:
    - service: apache2
    - watch:
      - file: /etc/apache2/mods-available/php7.0.conf

Got state back with no errors and it got installed. Now to test it.
I made new php file into userdir
Seems to be working as intended.
Sources:

Palvelinten hallinta: Harjoitus 1

Started 12:20

For this I exercise I am using 2 droplets created in DigitalOcean. Both are xubuntu 18.04

cpu2
FRA1 / 1GB / 25GB Disk
138.68.86.206
cpu1
FRA1 / 1GB / 25GB Disk
104.248.17.94
c) Install Salt Master and Salt-minion and test it.
I will make cpu2 as my new master.
First I will run update command.
 sudo apt-get update
Then install salt-master
 sudo apt-get install salt-master

And see my hostname with

root@cpu2:~# hostname -I
138.68.86.206 10.19.0.6 

Now I need to install slave-minion to cpu1

sudo apt-get install salt-minion

and edit /etc/salt/minion

I do not need the wall of text in the minion text file so I clear it with

 echo " " | sudo tee /etc/salt/minion

then I sudoedit minion file and add these lines

master: 138.68.86.206
id: slave-cpu1

After this I restarted the minion.service

sudo systemctl restart salt-minion.service

Before accepting the key I need to make two holes to my firewall in master

sudo ufw allow 4505/tcp
sudo ufw allow 4506/tcp

Now I have to accept my slave key

sudo salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
slave-cpu1
Proceed? [n/Y] Y
Key for minion slave-cpu1 accepted.

And as for testing

sudo salt '*' test.ping
[WARNING ] Key 'file_ignore_glob' with value None has an invalid type of NoneType, a list is required for this value
[WARNING ] Key 'file_ignore_glob' with value None has an invalid type of NoneType, a list is required for this value
[WARNING ] Key 'file_ignore_glob' with value None has an invalid type of NoneType, a list is required for this value
[WARNING ] Key 'file_ignore_glob' with value None has an invalid type of NoneType, a list is required for this value
slave-cpu1:
    True

I got true value out from slave so it is tested but I am not sure about the warning.

Done with this part at 12:42

D) Try an example by Laine and test it out.

I will be looking at his user.sls creation.

First I need a new folder salt created into /srv

/srv# mkdir salt

Then I just create new .sls file called user.sls

/srv/salt# cat user.sls 
opiskelija:
  user.present:
    - fullname: opiskelija
    - shell: /bin/bash
    - home: /home/opiskelija
    - password: $6$7o5/CdYSAA9nKCSc$RfBbK6WDmJYdw/BeytFj8nyPWBEJJwenIPxZsgpk4IZMPVNDh5ZXe4WhqYcaMWR4XG0fjPT7ANuBfybOieN1/0
    - enforce_password: True

And after saving .sls run the command

/srv/salt# sudo salt '*' state.apply user

No error’s and to verify there is a folder in my slave now I manually check my cpu1

petri@cpu1:/home$ pwd
/home
petri@cpu1:/home$ ls
opiskelija  petri

Done at 12:59

E) Gather information from machines using grains

With just this simple command you get pretty large amount of information

/srv/salt# sudo salt '*' grains.items

And since I do not want this whole blog entry be filled with one image I will just take out a part that shows ip-related stuff

F) Do something with salt into your server

I want to install a program straight into slave so for this I will be installing geany

I make new .sls file into /srv/salt called apps.sls

install geany:
  pkg.installed:
    - name: geany

Now I just run command sudo salt ’*’ state.apply apps

sudo salt '*' state.apply apps
[WARNING ] Key 'file_ignore_glob' with value None has an invalid type of NoneType, a list is required for this value
[WARNING ] Key 'file_ignore_glob' with value None has an invalid type of NoneType, a list is required for this value
[WARNING ] Key 'file_ignore_glob' with value None has an invalid type of NoneType, a list is required for this value
[WARNING ] Key 'file_ignore_glob' with value None has an invalid type of NoneType, a list is required for this value
slave-cpu1:
----------
          ID: install geany
    Function: pkg.installed
        Name: geany
      Result: True
     Comment: The following packages were installed/updated: geany
     Started: 11:23:42.922268
    Duration: 10558.243 ms
     Changes:   
              ----------
              geany:
                  ----------
                  new:
                      1.32-2
                  old:
              geany-abi-18176:
                  ----------
                  new:
                      1
                  old:
              geany-api-235:
                  ----------
                  new:
                      1
                  old:
              geany-common:
                  ----------
                  new:
                      1.32-2
                  old:

Summary for slave-cpu1
------------
Succeeded: 1 (changed=1)
Failed:    0
------------
Total states run:     1

Now to test it.

petri@cpu1:/$ geany
Unable to init server: Could not connect: Connection refused

Geany: cannot open display

I tried to figure out how to do this easily but couldn’t solve it straight away. Found a good and helpful explanation.

First I ran xhost + command.

xhost +
access control disabled, clients can connect from any host
xhost:  must be on local machine to enable or disable access control.

Then I just exited my slave and took ssh

ssh petri@104.248.17.94 -X

and run geany after this and the program popped up.

Done 13:40

Sources:

http://terokarvinen.com/2018/aikataulu-%e2%80%93-palvelinten-hallinta-ict4tn022-3004-ti-ja-3002-to-%e2%80%93-loppukevat-2018-5p

http://terokarvinen.com/2018/salt-quickstart-salt-stack-master-and-slave-on-ubuntu-linux

https://github.com/joonaleppalahti/CCM/blob/master/salt/srv/salt/user.sls

https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.test.html

https://docs.saltstack.com/en/getstarted/config/functions.html

https://www.ethicalhacx.com/fix-gtk-warning-cannot-open-display/