randy/rgnet-wiki
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

from wiki

Browse source
This commit is contained in:
Randy Bush 2020-07-04 15:17:56 -07:00
parent 85396c933c
commit 828ae60924
1 changed files with 223 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

223
pages/XenialGuest.md Normal file
View file

@ -0,0 +1,223 @@
# Install a Ubuntu 16.04 Xenial Guest on an RGnet Cluster
For this example, I will use the vm/host name random.sea.rg.net on the Westin cluster. Modify to suit your needs.
Before I start the install, I put the new host in the DNS so that it has time to propagate.
## Create the VM and do the Ubuntu Install
I cheat and use a script.
```
vm0.sea.rg.net:/root# ./do-add vm0 32 4 random.sea.rg.net
Sat Feb 11 23:54:11 2017 * disk 0, size 32.0G
Sat Feb 11 23:54:11 2017 * creating instance disks...
Sat Feb 11 23:54:13 2017 adding instance random.sea.rg.net to cluster config
Sat Feb 11 23:54:13 2017 adding disks to cluster config
Sat Feb 11 23:54:14 2017 - INFO: Waiting for instance random.sea.rg.net to sync disks
Sat Feb 11 23:54:14 2017 - INFO: Instance random.sea.rg.net's disks are in sync
Sat Feb 11 23:54:14 2017 - INFO: Waiting for instance random.sea.rg.net to sync disks
Sat Feb 11 23:54:14 2017 - INFO: Instance random.sea.rg.net's disks are in sync
```
Find the VNC console of the new VM
```
vm0.sea.rg.net:/root# gnt-instance info random.sea.rg.net | grep console
console connection: vnc to 127.0.0.1:11038 (node vm0.sea.rg.net) (display 5138)
serial_console: default (True)
```
Remember that 11038 for VNC.
Spin up the VM but boot from the Ubuntu install CD-ROM
```
gnt-instance start -H boot_order=cdrom,cdrom_image_path=/ISOs/ubuntu-16.04.1-server-amd64.iso random.sea.rg.net
```
From your local host, go for the VNC concole over a nice safe ssh tunnel. Tunnel to vm0.ea.rg.net because that is where the instance lives.
```
$ ssh -N -L 5900:127.0.0.1:11038 vm0.sea.rg.net
```
On my local host, a Mac, I start a VNC client (I use Chicken of the VNC) to localhost, port 5900, display 0, with the password of vnc on the target ganeti node.
1Do the Ubuntu install on the VNC GUI. The options I choose are:
- US English and US keyboard. This means I am not offered the UTC timezone option and have to set manually later. But it sets the `/etc/apt/sources.list` to the US servers.
- Manually set the IP address, but some folk like DHCP.
- Use the entire disk with LVM so that it is easy to expand later.
- Automatic security updates, but I will hack this further later.
- OpenSSH server as well as the standard system utilities
- Install the GRUB boot loader so that I can make serial console work
## Reboot the VM
The installation completes, and the darn thing reboots the CD-ROM. So I get brutal, and back on the VM node I
```
gnt-instance reboot --shutdown-timeout=3 random.sea.rg.net
```
This usually whacks my VNC session, so I have to restart the client.
Because I did not use DHCP but set the address manually, I know where the host is. Because I have never figured out how to paste into the VNC client, I immediately ssh into the new system as the new user.
## First Configuration
The first thing is set the password to something nasty. Ivyuams8
Then I become root, and get the software current.
```
randy@random:~$ sudo bash
root@random:~# apt update
root@random:~# apt upgrade
```
This can take a while.
## Customize VM
If it does not run Emacs, it is not a computer. And install unbound so we have a local nameserver, and ntpd so we have a local chime. We will do detailed configuration of unbound and ntp later.
```
apt install emacs-nox unbound ntp
chown -R unbound:unbound /etc/unbound/
```
I set root's password to something nasty so that I can get in over the serial console if things get wedged during operation.
I want to disable ssh passwording as soon as reasonable, so I install root's ssh credentials. These are not real.
```
cd /root
mkdir .ssh
chmod 700 .ssh
cat > .ssh/authorized_keys
ssh-ed25519 AAAAC3NzaC1lZDI1NE5AAAAIDzOVboz/9daQwQRPkxD/TD4PZ4ZVNgMLqd+zc79Gl+ randy@ryuu.psg.com
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yvE/UBwHdLVDk708/U81ZQdtDLF9Y7grMkVBfUoclF4BGFCcH1bIv6y0p1I/2PATSRnK/B5ndvWP/SrQ6y0DqnQugHKoFMR3idkzVagjjXOhcZkpitcp5hRCdjn/y/88QEiIKItEM66q48nW0OtCgcq7ENXQuYUVt0e6kh6UKRDfrPP3i2D7m8o3/W+xYt8QkYZ0iFanCfhxHAP7w3SOezmThu+p7V6yxVc+G0WTvPHrs2JlgSyaI+4SoJ2btPgqIrmKu1ILfyoAr9/RjSVHr74LijsdUKec7OXnKnV2v1VfMRglBXFgXVaWyX/adA2tMuh9nMk3Y3a3+xDqPIz6RnzQAupqUmPZ/1qbFIrVSNmhygWTC9jgemaNNC/B1nFG7em6m+fmxoIdpybaofWiJElUDBBT4bHU+L8NF7zbNROt1GtaDnbL4W9/asqzPu+aJy7L6uJQHtkc/eoXsheajztFC9I5qxW/29ja+FcQsVoDJpe96XmBtJ7elOGXaq3YtDRURwrdu9fGUBDWqwP1IFECVkeVh/NrXbQRHtgp4v533D+0MubA+hDhVTsUk6G93WLyX3usUprU1cJjyhrVzZ9U23eCPOj8J18Ixw4sJFuNeUhSCaN6j+rmOyGor3PYYysKTp1VfLNAYdcc/AYC0jDy9mYjjfCDwKfQ== randy@ryuu.psg.com
chmod 600 .ssh/authorized_keys
```
Copy the ssk authority to the user account
```
rsync -vlpPStgoHxr .ssh ~randy
chown -R randy:randy ~randy
```
I want my standard dot files, so I go to a recently customized Xenial system and rsync them over.
```
rsync -vlpPStgoHx .bashrc .emacs .exrc .forward .inputrc randy@random.sea:
ssh randy@random.sea chown -R randy:randy .
rsync -vlpPStgoHx .bashrc .emacs .exrc .forward .inputrc root@random.sea:
ssh root@random.sea chown -R root:root .
```
And a bit of decoration from the other system
```
rsync -vlpPStgoHx /usr/bin/xtitle root@random.sea:/usr/bin/xtitle
```
## Configure GRUB and the Network
Configure GRUB for
- longer timeout
- serial console
- use ntp not kvm clock
- make the base ether eth0 instead of ens5
Edit /etc/default/grub
```
GRUB_TIMEOUT=6
...
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0 console=tty0 console=ttyS0,9600n8 no-kvmclock"
...
GRUB_TERMINAL="console serial"
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
```
And remember to update GRUB
```
update-grub
```
IMMEDIATELY udate /etc/network/interfaces to change the name of the ethernet to eth0 and any other tunings.
```
auto eth0
iface eth0 inet static
address 147.28.0.2/24
gateway 147.28.0.1
dns-nameserver 127.0.0.1
dns-nameserver 147.28.0.35
dns-search rg.net psg.com
iface eth0 inet6 static
address 2001:418:1::2/64
gateway 2001:418:1::1
```
## Last Cosmetics Before Reboot
Edit `/etc/hostname` to fill out the full FQDN.
Set the timezone. All my servers are in UTC
```
dpkg-reconfigure tzdata
```
I still have the VNC console open, so it would be a good time to reboot and watch for problems. I could tell the VM to reboot, or whack it from the Ganeti master. To ensure it is really clean, I do the latter. I do not force the timeout so I can ensure that APCI works.
```
gnt-instance reboot random.sea.rg.net
```
## Use Ansible to Install and Configure a Bunch of Things
First, to use Ansible, the host must have python2, and have it linked to be `python`
```
apt install python2.7
ln /usr/bin/python2.7 /usr/bin/python
```
Now the barrage of ansible, which for me is based on my Mac laptop.
```
ansible-playbook -l random.sea.rg.net ntpd.yml
ansible-playbook -l random.sea.rg.net no-depends.yml
ansible-playbook -l random.sea.rg.net snmpd.yml
ansible-playbook -l random.sea.rg.net syslog-ng.yml
ansible-playbook -l random.sea.rg.net unattended-upgrades.yml
ansible-playbook -l random.sea.rg.net unbound.yml
```
## Add the VM to Infrastructure Monitoring Etc.
Create an entry in `srv0.iad.rg.net:/etc/nagios3/conf.d` and enable checks in the GUI
Add the device to snmp monitoring `https://nms.rg.net/`
And finally, use Exim as the mail transport and install a client.
```
apt install exim4 mailutils
dpkg-reconfigure exim4-config
```
Edit `/etc/aliases` to send root mail where you really want it to go, and run `newaliases`