2016-06-17 19:28:16 +00:00
|
|
|
Quickstart
|
|
|
|
==========
|
2016-06-23 14:08:59 +00:00
|
|
|
|
2012-01-11 16:11:11 +00:00
|
|
|
This tutorial is aimed at people learning cdist and shows
|
|
|
|
typical approaches as well as gives an easy start into
|
|
|
|
the world of configuration management.
|
|
|
|
|
|
|
|
For those who just want to configure a system with the
|
|
|
|
cdist configuration management and do not need (or want)
|
|
|
|
to understand everything.
|
|
|
|
|
2016-06-17 19:28:16 +00:00
|
|
|
This tutorial assumes you are configuring **localhost**, because
|
|
|
|
it is always available. Just replace **localhost** with your target
|
|
|
|
host for real life usage.
|
|
|
|
|
2012-01-11 16:11:11 +00:00
|
|
|
Cdist uses **ssh** for communication and transportation
|
|
|
|
and usually logs into the **target host** as the
|
|
|
|
**root** user. So you need to configure the **ssh server**
|
|
|
|
of the target host to allow root logins: Edit
|
|
|
|
the file **/etc/ssh/sshd_config** and add one of the following
|
2016-05-20 06:50:56 +00:00
|
|
|
lines::
|
2012-01-11 16:11:11 +00:00
|
|
|
|
2016-05-20 06:50:56 +00:00
|
|
|
# Allow login only via public key
|
|
|
|
PermitRootLogin without-password
|
2012-01-11 16:11:11 +00:00
|
|
|
|
2016-05-20 06:50:56 +00:00
|
|
|
# Allow login via password and public key
|
|
|
|
PermitRootLogin yes
|
2012-01-11 16:11:11 +00:00
|
|
|
|
|
|
|
As cdist uses ssh intensively, it is recommended to setup authentication
|
2016-05-20 06:50:56 +00:00
|
|
|
with public keys::
|
2012-01-11 16:11:11 +00:00
|
|
|
|
2016-05-20 06:50:56 +00:00
|
|
|
# Generate pubkey pair as a normal user
|
|
|
|
ssh-keygen
|
2012-01-11 16:11:11 +00:00
|
|
|
|
2016-05-20 06:50:56 +00:00
|
|
|
# Copy pubkey over to target host
|
|
|
|
ssh-copy-id root@localhost
|
2012-01-11 16:11:11 +00:00
|
|
|
|
|
|
|
Have a look at ssh-agent(1) and ssh-add(1) on how to cache the password for
|
2016-05-20 06:50:56 +00:00
|
|
|
your public key. Usually it looks like this::
|
2012-01-11 16:11:11 +00:00
|
|
|
|
2016-05-20 06:50:56 +00:00
|
|
|
# Start agent and export variables
|
|
|
|
eval `ssh-agent`
|
2012-01-11 16:11:11 +00:00
|
|
|
|
2016-05-20 06:50:56 +00:00
|
|
|
# Add keys (requires password for every identity file)
|
|
|
|
ssh-add
|
2012-01-11 16:11:11 +00:00
|
|
|
|
2016-05-20 06:50:56 +00:00
|
|
|
At this point you should be able to **ssh root@localhost** without
|
2012-01-11 16:11:11 +00:00
|
|
|
re-entering the password. If something failed until here, ensure that
|
|
|
|
all steps went successfully and you have read and understood the
|
|
|
|
documentation.
|
|
|
|
|
|
|
|
As soon as you are able to login without password to localhost,
|
|
|
|
we can use cdist to configure it. You can copy and paste the following
|
2016-05-20 06:50:56 +00:00
|
|
|
code into your shell to get started and configure localhost::
|
|
|
|
|
|
|
|
# Get cdist
|
2019-05-09 06:26:42 +00:00
|
|
|
git clone git@code.ungleich.ch:ungleich-public/cdist.git
|
2012-01-11 16:11:11 +00:00
|
|
|
|
2016-05-20 06:50:56 +00:00
|
|
|
# Create manifest (maps configuration to host(s)
|
|
|
|
cd cdist
|
|
|
|
echo '__file /etc/cdist-configured' > cdist/conf/manifest/init
|
2012-01-11 16:11:11 +00:00
|
|
|
|
2016-05-20 06:50:56 +00:00
|
|
|
# Configure localhost in verbose mode
|
|
|
|
./bin/cdist config -v localhost
|
2012-01-11 16:11:11 +00:00
|
|
|
|
2016-05-20 06:50:56 +00:00
|
|
|
# Find out that cdist created /etc/cdist-configured
|
|
|
|
ls -l /etc/cdist-configured
|
2012-01-11 16:11:11 +00:00
|
|
|
|
2016-07-19 11:00:14 +00:00
|
|
|
Note: cdist/conf is configuration directory shipped with cdist distribution.
|
|
|
|
If exists, ~/.cdist, is also automatically used as cdist configuration
|
|
|
|
directory. So in the above example you could create ~/.cdist directory,
|
|
|
|
then ~/.cdist/manifest sub-directory and create init manifest
|
|
|
|
~/.cdist/manifest/init.
|
|
|
|
|
2012-01-11 16:11:11 +00:00
|
|
|
That's it, you've successfully used cdist to configure your first host!
|
|
|
|
Continue reading the next sections, to understand what you did and how
|
|
|
|
to create a more sophisticated configuration.
|