Skip to content

Latest commit

 

History

History
94 lines (62 loc) · 3.58 KB

README.md

File metadata and controls

94 lines (62 loc) · 3.58 KB

Universal Blue - Forge

On-premises Universal Blue. This projects intended is to provide the service units necessary to set up a self-hosted OS forge for custom images.

Warning This project is "work in progress" and not ready for production

Vision

Imagine something like a home lab or a university lab:

  1. Deploy forge
  2. Go into the WebUI, clone in your favorite uBlue repo and make changes
  3. Forge automatically starts to build the images
  4. PXE boot the clients, select ublue in the menu
  5. Eat tacos
  6. Return to a fully deployed lab with centralized package management

What we have so far

We are still working on making the vision a reality. The following has been implemented so far:

Certificate Authority

We use a Minica as simple CA to generate a key pair and a root certificate for *.ublue.local. The wildcard certificate is then made available to all other components and are valid for 2 years and 30 days.

Reverse Proxy

As an entry point for all web components we use Traefik as a reverse proxy. Based on URL routing it will redirect the traffic to the right container instance.

The reverse proxy dashboard is available at https://traefik.ublue.local

Container Registry

As container registry we make use of the Docker Registry 2.0 implementation for storing and distributing container images.

The container registry API is available at https://registry.ublue.local/v2

Anvil

The blacksmith's work is done with Ansible.

There are two methods of operating the forge, either via a GUI available at https://forge.ublue.local or via just command runner.

Details about the project and usage instructions are available in the documentation section.

Installation

Pre-requisites

As many tools as possible are built-in but still we rely on some pre-requisites. These tools and service are necessary to get started:

  • Podman
    Must be installed and a podman socket in the user space must be active.

  • jq
    Must be installed. It it currently needed in the setup process to parse certain parameters automatically for you

  • The kernel parameter net.ipv4.ip_unprivileged_port_start must be set to 80
    This is because of podman's shortcoming to bind to ports < 1024. Our reverse-proxy is listening on port 80 and 443 for incoming traffic.

  • OpenSSH
    Must be installed and the service activated. Ansible needs this to execute all the fancy commands on your host for you.

Setup / Heat-Up / Cool-Down

For the initial setup and maintenance of the forge you can use the forge.sh script:

Command Description
./forge.sh setup Setup the forge for the first time or update existing setup
./forge.sh heat-up Start the forge
./forge.sh cool-down Stop the forge

Details about what the setup does can be found here.