This assignment was completed in full from my personal desktop, with a live-USB running Xubuntu 18.04.1 and a virtual machine running Ubuntu 18.04.1
Setting up salt (11:40) 02.11
My virtual machine already has salt-master installed and configured from the previous assignment. (Read it here)
sudo apt-get update sudo apt-get install salt-minion # Configure minion (/etc/salt/minion) cat /etc/salt/minion master: masters IP id: h2 # restart minion sudo systemctl restart salt-minion.service
# accept keys @ master sudo salt-key -A The following keys are going to be accepted: Unaccepted Keys: h2 Proceed? [n/Y] Y Key for minion h2 accepted.
b) Install SSH via Pkg-File-Server model (12:03)
States are stored in /srv/salt
I used this article as a reference
cat top.sls base: 'h2': - ssh_installer
sudo mkdir ssh_installer cd ssh_installer # create the .sls file sudo nano ssh_installer.sls cat ssh_installer.sls openssh-server: pkg.installed /etc/ssh/sshd_config: file.managed - source: salt://sshd_config sshd: service.running: - watch: - file: /etc/ssh/sshd_config
I created the idempotent version of sshd_config
sudo nano sshd_config cat sshd_config # MANAGED FILE - changes will be overwritten Port 8888 Protocol 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key UsePrivilegeSeparation yes KeyRegenerationInterval 3600 ServerKeyBits 1024 SyslogFacility AUTH LogLevel INFO LoginGraceTime 120 PermitRootLogin prohibit-password StrictModes yes RSAAuthentication yes PubkeyAuthentication yes IgnoreRhosts yes RhostsRSAAuthentication no HostbasedAuthentication no PermitEmptyPasswords no ChallengeResponseAuthentication no X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server UsePAM yes # This is the default sshd_config file for Ubuntu - # but without comments and a different port.
I then ran this command to test the configuration…
sudo salt "h2" state.highstate
…and got a mixed response:
ID: /etc/ssh/sshd_config Function: file.managed Result: False Comment: Source file salt://sshd_config not found Started: 10:42:46.100583 Duration: 177.801 ms Changes:
The actual installation went fine, but salt was unable to find “sshd_config” from the master’s side. This is because i forgot to include the whole path to said file. Here’s the fix:
# /srv/salt/ssh_installer/init.sls #BEFORE /etc/ssh/sshd_config: file.managed: - source: salt://sshd_config #AFTER /etc/ssh/sshd_config: file.managed: - source: salt://ssh_installer/sshd_config
As the picture demonstrates, everything works great!
Connecting to minion with the new 8888 port given by the master config file also works:
ssh -p 8888 firstname.lastname@example.org
State also successfully restarts the daemon if it finds the watched “sshd_config file has been tampered with.
I re-commented some rows in sshd_config and ran the state:
ID: /etc/ssh/sshd_config Function: file.managed Result: True Comment: File /etc/ssh/sshd_config updated Started: 11:28:20.021568 Duration: 265.946 ms Changes: ---------- diff: --- +++ @@ -11,9 +11,9 @@ SyslogFacility AUTH LogLevel INFO LoginGraceTime 120 -#PermitRootLogin prohibit-password -#StrictModes yes -#RSAAuthentication yes +PermitRootLogin prohibit-password +StrictModes yes +RSAAuthentication yes PubkeyAuthentication yes IgnoreRhosts yes RhostsRSAAuthentication no ---------- ID: sshd Function: service.running Result: True Comment: Service restarted Started: 11:28:20.315405 Duration: 16.848 ms Changes: ---------- sshd: True
c) Apache with salt. (5.11 – 12:29)
I first went through the process of installing apache2 manually.
sudo apt-get update sudo apt-get install apache2 sudo a2enmod userdir sudo systemctl restart apache2
cd ~ mkdir public_html cd public_html nano index.html
As the picture illustrates, these are the steps necessary to both install apache2, and enable user homepages.
Installing apache2 with a salt state.
I used this article as a reference to create the state.
apache2: pkg.installed /var/www/html/index.html: file.managed: - source: salt://apache_installer/index.html /etc/apache2/mods-enabled/userdir.conf: file.symlink: - target: ../mods-available/userdir.conf /etc/apache2/mods-enabled/userdir.load: file.symlink: - target: ../mods-available/userdir.load apache2service: service.running: - name: apache2 - watch: - file: /etc/apache2/mods-enabled/userdir.conf - file: /etc/apache2/mods-enabled/userdir.load
master$ sudo salt "h2" state.highstate
d) Something new with salt (12:53)
So we now have a state that installs apache, creates symlinks to enable userdir, and keeps an eye on those links.
I think the next logical step would be to modify the state to create the user homepage-directories.
I modified my init.sls by appending the following:
/home/xubuntu/public_html: file.recurse: - source: salt://apache_installer/public_html - include_empty: True
file.recurse is a function used to copy directories. (documentation found here) Just like file.managed, the first line tells salt where to place the directories, and source: tells salt where the directories to be copied can be found.
Setting include_empty to True allows salt to make empty directories.
(Not necessary here, since public_html contains index.html)
I then created the source material in the aforementioned location, and ran the module.
master$ sudo salt "h2" state.highstate
It works! Here are some pictures: