Bootstrapping

There is considerable complexity in set up/deployment of a minimal DC. Here is the order of operation…

Libvirt/Host

This Dom0 needs to be stood up; and you should not really run anything else here then libvirtd so as not to complicate future upgrades with unnecessary dependencies.

Then there is an order of deployment of VMs():

  1. Chef/Orchestration so you can orchestrate both the Dom0 and the VM’s

  2. LDAP; you need users/service accounts

  3. Gerrit/Git - you’re probably going to be adding/editing your orchestration stack

  4. Jenkins for running/logging jobs and console; it’ll need your git to access repos

LDAP

We use SSO for everything. There are/may be some out-of-band elements; specifically our gerrit set up requires an administrator group:

dn: ou=gerrit,ou=Groups,o=last-bastion.net,dc=last-bastion,dc=net
changetype: add
ou: gerrit
objectClass: organizationalUnit

And then for staff administrators:

dn: cn=administrators,ou=gerrit,ou=Groups,o=last-bastion.net,dc=last-bastion,dc=net
changetype: add
cn: administrators
objectClass: organizationalRole
roleOccupant: cn=alan,ou=Users,o=last-bastion.net,dc=last-bastion,dc=net

The jenkins CICD user must also be in LDAP so they can access gerrit repos:

dn: cn=jenkins,ou=Users,o=last-bastion.net,dc=last-bastion,dc=net
changetype: add
cn: jenkins
objectClass: top
objectClass: posixAccount
homeDirectory: /var/lib/jenkins
uid: jenkins
uidNumber: 962
gidNumber: 958
userPassword: XXXXXX
loginShell: /sbin/nologin
description: Jenkins User