The WolfspyreLabs Blog/ 2022/ June/ Host server setup/ Host server setup Setting up Tinkerbell #This documents my adventure in setting up Tinkerbell In This post (Part One) we’ll get the system ready. and go over some fundamental stuff. In the followups, part two, and part three, we’ll actually use tinkerbell for awesomeness. References / Shoulders I’m standing on #This is ground broken by many before me. Adam Otto at The container-solutions-blog has done a great job walking someone through this process in a three part blog: Part 1 Part 2 Part 3 As well as the following Aaron’s “geek gone crazy” blog post on tinkerbell based on the above blogpost: Tinkerbell’s baremetal walkthrough in Part 1 of the container-solutions-blog blog series, Adam describes the moving parts. Pre Requisites #To follow along here, You’ll need: a host from which to run the various tinkerbell components. This host should have (at least) two network interfaces. The host should be using hardware which runs linux well. This host will run several docker containers which comprise the Tinkerbell Stack. We cover installing Docker in This Blog post A network segment allocated for Tinkerbell to use to provision hosts. Physical hardware #HP T730 additional ethernet interface for pxe Hardware setup #installed ubuntu 22.04 root@tinky:~# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 22.04 LTS Release: 22.04 Codename: jammy root@tinky:~# Software #Packages #Quick oneliner to install any needed packages: apt-get install apt-transport-https ca-certificates curl dialog git gnupg-agent ifupdown \ jq libjq1 libmaxminddb0 libnginx-mod-http-geoip2 libnginx-mod-http-image-filter \ libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream libnginx-mod-stream-geoip2 \ libonig5 libxslt1.1 net-tools nginx nginx-common nginx-core nginx-doc software-properties-common Note Not strictly necessary packages These aren’t NECESSARY, but I’ve found them useful to have: root@tinky:~# apt-get install memtest86+ htop silversearcher-ag tcputils sockstat silversearcher-ag bpytop Software setup #Systemd #Configure journald #Journald is cool, but it’s a good idea to set the local log to be small and push all yer systemic logs to a log ingestion host. cat << EOF >> /etc/systemd/journald.conf [Journal] Storage=volatile ForwardToSyslog=yes Compress=no SystemMaxFileSize=10M SystemMaxFiles=100 RuntimeMaxFileSize=10M RuntimeMaxFiles=100 EOF Configure systemd-resolved #systemd-resolved is a pretty nifty local caching nameserver. Note Documentation for systemd-resolved can be found here Check to see if it’s enabled by running resolvectl: If systemd-resolved isn’t configured, you’ll see a message like this: root@tinky:~# resolvectl Failed to get global data: Unit dbus-org.freedesktop.resolve1.service not found. Enable systemd-resolved #This is fairly straightforward: root@tinky:~# systemctl enable systemd-resolved && systemctl start systemd-resolved See shell output โ ``` root@tinky:~# systemctl enable systemd-resolved Created symlink /etc/systemd/system/dbus-org.freedesktop.resolve1.service โ /lib/systemd/system/systemd-resolved.service. Created symlink /etc/systemd/system/multi-user.target.wants/systemd-resolved.service โ /lib/systemd/system/systemd-resolved.service. root@tinky:~# systemctl start systemd-resolved root@tinky:~# ``` There are a few files that need be put in place which are specific to your environment: /etc/systemd/resolved.conf /etc/systemd/resolved.conf /etc/systemd/resolved.conf, /etc/resolv.conf This file controls how systemd-resolved works overall. Documentation: [here][resolved.conf] Here’s an example file. Obviously, adjust the DNS, FallbackDNS, and Domains entries to be relevant to your environment. [Resolve] LLMNR=false DNS=256.2.3.4 256.6.7.8 FallbackDNS=256.0.0.1 MulticastDNS=false DNSSEC=allow-downgrade Domains=localdomain1 localsearchdomain otherlocalsearchdomain? ~. Cache=no-negative DNSStubListener=yes # listens on tcp/udp on 127.0.0.53:53 ReadEtcHosts=yes /etc/resolv.conf nameserver 127.0.0.53 options edns0 trust-ad search localdomain1 localsearchdomain otherlocalsearchdomain? root@tinky:~# apt-get install libnss-mymachines libnss-resolve dialog Next! Onward to Part Two! #Lets continue to Part Two, where we configure Tinkerbell or Part Three, where we provision our first node!