Bootstrapping¶
There is considerable complexity in set up/deployment of a minimal DC. Here is the order of operation…
Libvirt/Host¶
This Dom0 needs to be stood up; and you should not really run anything else here then libvirtd so as not to complicate future upgrades with unnecessary dependencies.
Then there is an order of deployment of VMs():
Chef/Orchestration so you can orchestrate both the Dom0 and the VM’s
LDAP; you need users/service accounts
Gerrit/Git - you’re probably going to be adding/editing your orchestration stack
Jenkins for running/logging jobs and console; it’ll need your git to access repos
LDAP¶
We use SSO for everything. There are/may be some out-of-band elements; specifically our gerrit set up requires an administrator group:
dn: ou=gerrit,ou=Groups,o=last-bastion.net,dc=last-bastion,dc=net
changetype: add
ou: gerrit
objectClass: organizationalUnit
And then for staff administrators:
dn: cn=administrators,ou=gerrit,ou=Groups,o=last-bastion.net,dc=last-bastion,dc=net
changetype: add
cn: administrators
objectClass: organizationalRole
roleOccupant: cn=alan,ou=Users,o=last-bastion.net,dc=last-bastion,dc=net
The jenkins CICD user must also be in LDAP so they can access gerrit repos:
dn: cn=jenkins,ou=Users,o=last-bastion.net,dc=last-bastion,dc=net
changetype: add
cn: jenkins
objectClass: top
objectClass: posixAccount
homeDirectory: /var/lib/jenkins
uid: jenkins
uidNumber: 962
gidNumber: 958
userPassword: XXXXXX
loginShell: /sbin/nologin
description: Jenkins User