Administration
In order to use any of the WindAutomat features on servers and deployed applications, they first need to be entered into the database.
The current recommended method is to use the respective API methods to create the machines and deployments in the database. The most important ones are createMachine and createDeployment. For a full overview of all API methods see methods.
Currently, there is some manual prep work required to enter operating systems and applications into the database (see OSs and Apps). In the future this step will no longer be required as enabling the modules should automatically create the required entries in the database.
Machines
Machines can either be virtual or baremetal.
⚠️⚠️⚠️ With the current development state of the WindAutomat, it is strongly recommended to only use it on virtual machines of which a full image can be taken before any changes are made to the machine. While the system is working and can successfully perform updates, too little time has passed to fully grasp the extent to which this can destroy a system. Proceed with caution.
Hypervisors
Virtual machines require a hypervisor to have been created prior to the machine. This can be done using the createHypervisor API method.
To register a hypervisor, generate a valid API token (see https://pve.proxmox.com/pve-docs/chapter-pveum.html#pveum_tokens) and store it in the bitwarden secret manager, giving the windautomat machine account access.
Afterwards the hypervisor can be created via the API supplying the remaining config variables as outlined in createHypervisor.
Bootstrap Machine
Before a machine can be created in the database, there is also some preparation required on the machine itself. This too, shall be automated in the future, but for now, these steps are necessary to allow the WindAutomat to access the machine.
- Create the user windautomat on the machine (
adduser windautomat) - Generate new SSH key pair (
ssh-keygen -t ed25519 -C "windautomat@windreserve.de") - ssh-copy-id public key to authorized keys or add generated public key to authorized_keys manually
- disable SSH password auth for user windautomat
/etc/ssh/sshd
PasswordAuthentication no
- Store private key in bitwarden (project = hostname/application name)
- create project
- add private key secret
- give access to windautomat machine account
- Add machine to DB (see above)
- Configure passwordless sudo for windautomat user (only for required commands)
Required commands
apt-get updateapt-get upgrade -yapt-get --simulate upgrade
visudo entry
windautomat ALL=(ALL) NOPASSWD:/usr/bin/apt-get update, /usr/bin/apt-get upgrade -y, /usr/bin/apt-get --simulate upgrade
Defaults verifypw = any
Registering machines
After the machine has been successfully prepared, it can be registered via the API. Supply the configuration variables as described in createMachine
Deployments
Deployments are the combination of a machine and an application which is installed on the machine. After the machine has been successfully created following the abovementioned steps, a deployment can be added to it.
Deployment config
Deployments often require additional configurations in order to access and update them. These are stored in the applications config table. This can be achieved using the createConfig method. The application's config schema can be found in applications.
Creating the deployment
After creating the deployment config, the deployment can be registered using the API. To achieve this, the createDeployment method is required.