Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/cybozu-go/sabakan
A versatile network boot server for large data centers
https://github.com/cybozu-go/sabakan
boot dhcp etcd go ignition uefi
Last synced: about 1 month ago
JSON representation
A versatile network boot server for large data centers
- Host: GitHub
- URL: https://github.com/cybozu-go/sabakan
- Owner: cybozu-go
- License: apache-2.0
- Created: 2018-04-05T07:10:02.000Z (over 6 years ago)
- Default Branch: main
- Last Pushed: 2024-03-22T04:40:26.000Z (4 months ago)
- Last Synced: 2024-03-26T16:27:44.106Z (3 months ago)
- Topics: boot, dhcp, etcd, go, ignition, uefi
- Language: Go
- Homepage:
- Size: 10.6 MB
- Stars: 114
- Watchers: 12
- Forks: 7
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG-0.md
- License: LICENSE
- Audit: audit.go
Lists
- my-awesome-stars - sabakan - go | 111 | (Go)
- awesome-stars - cybozu-go/sabakan - A versatile network boot server for large data centers (go)
README
[][releases]
[](https://github.com/cybozu-go/sabakan/actions/workflows/main.yaml)
[](https://pkg.go.dev/github.com/cybozu-go/sabakan)
[](https://goreportcard.com/report/github.com/cybozu-go/sabakan)
Sabakan
=======
Sabakan is a versatile network boot server designed for large on-premise data centers.
Currently, it is made only for [Flatcar Container Linux](https://www.flatcar.org/).
**Project Status**: GA (General Availability)
Features
--------
* High availability
High availability of sabakan is just as easy as running multiple sabakan servers.
Sabakan data are stored and shared in [etcd][]. For example, DHCP lease information
are shared between sabakan instances to avoid conflicts.
* Machine inventory with IPAM (IP address management)
Sabakan keeps an inventory of machines in a data center. Their IP addresses
are automatically assigned by sabakan.
* DHCP service
Sabakan provides DHCP service that supports [UEFI HTTP Boot][HTTPBoot]
and [iPXE][] HTTP Boot. It also supports DHCP relay request to make DHCP service
highly available.
* HTTP service (network file server)
Sabakan provides HTTP service for network boot clients. Users can upload
any kind of files other than OS images to sabakan. Clients can download them
to initialize the system after boot.
* Template system for Ignition
[Ignition][] is a boot provisioning system for Flatcar Container Linux.
Ignition configuration is not friendly for operators as it is written in a plain JSON.
Sabakan provides a friendly and super versatile template system for Ignition configurations.
For each client machine, sabakan renders Ignition configuration from templates.
* Life-cycle management
Machines in the inventory has a life-cycle status. The status can be changed through
REST API. Users can build an automatic status controller to mark machines as unhealthy,
unreachable, retiring, or retired.
* Disk encryption support
To help implementing full disk encryption on client machines, sabakan accepts and stores
encrypted disk encryption keys. The key can be downloaded in the next boot to decrypt
disks.
`sabakan-cryptsetup` is a tool for clients to encrypt disks; the tool generates a disk
encryption key, encrypts it, and sends the encrypted key to sabakan. In the next boot,
it downloads the encrypted key from sabakan, decrypts it, then uses it to decrypt disks.
* Audit logs
To track problems and life-cycle events, sabakan keeps operation logs
within its etcd storage.
Programs
--------
This repository contains these programs:
* `sabakan`: the network service to manage servers.
* `sabactl`: CLI tool for `sabakan`.
* `sabakan-cryptsetup`: a utility to encrypt a block device using [dm-crypt][].
To see their usage, run them with `-h` option.
Documentation
-------------
[docs](docs/) directory contains tutorials and specifications.
Read [getting started](docs/getting_started.md) first.
Examples
--------
[mtest/](./mtest/) directory contains a set of utilities to setup sabakan on Ubuntu virtual machines.
[testadata/](./testdata/) directory contains a sample Ignition template.
An example of production usage can be found in [github.com/cybozu-go/neco](https://github.com/cybozu-go/neco).
The repository bootstraps a full data center system using etcd, vault, sabakan, and many other tools.
Usage
-----
Run sabakan with docker
```console
# create directory to store OS images
$ sudo mkdir -p /var/lib/sabakan
# create server certificate
$ sudo mkdir -p /etc/sabakan
$ make setup-cfssl
$ cd e2e/certs && ./gencerts.sh
$ cd ../..
$ sudo cp e2e/output/certs/server.crt /etc/sabakan/server.crt
$ sudo cp e2e/output/certs/server.key.insecure /etc/sabakan/server.key
# -advertise-url is the canonical URL of this sabakan.
$ docker run -d --read-only --cap-drop ALL --cap-add NET_BIND_SERVICE \
--network host --name sabakan \
--mount type=bind,source=/var/lib/sabakan,target=/var/lib/sabakan \
--mount type=bind,source=/etc/sabakan,target=/etc/sabakan \
ghcr.io/cybozu-go/sabakan:3.1 \
-etcd-endpoints http://foo.bar:2379,http://zot.bar:2379 \
-advertise-url http://12.34.56.78:10080 \
-advertise-url-https http://12.34.56.78:10443
```
License
-------
Sabakan is licensed under the Apache License, Version 2.0.
Docker images
-------------
Docker images are available on [ghcr.io](https://github.com/cybozu-go/sabakan/pkgs/container/sabakan)
[releases]: https://github.com/cybozu-go/sabakan/releases
[etcd]: https://coreos.com/etcd/
[HTTPBoot]: https://github.com/tianocore/tianocore.github.io/wiki/HTTP-Boot
[iPXE]: https://ipxe.org/
[Ignition]: https://coreos.com/ignition/
[dm-crypt]: https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt