# Install a Ubuntu 16.04 Xenial Guest on an RGnet Cluster For this example, I will use the vm/host name random.sea.rg.net on the Westin cluster. Modify to suit your needs. Before I start the install, I put the new host in the DNS so that it has time to propagate. ## Create the VM and do the Ubuntu Install I cheat and use a script. ``` vm0.sea.rg.net:/root# ./do-add vm0 32 4 random.sea.rg.net Sat Feb 11 23:54:11 2017 * disk 0, size 32.0G Sat Feb 11 23:54:11 2017 * creating instance disks... Sat Feb 11 23:54:13 2017 adding instance random.sea.rg.net to cluster config Sat Feb 11 23:54:13 2017 adding disks to cluster config Sat Feb 11 23:54:14 2017 - INFO: Waiting for instance random.sea.rg.net to sync disks Sat Feb 11 23:54:14 2017 - INFO: Instance random.sea.rg.net's disks are in sync Sat Feb 11 23:54:14 2017 - INFO: Waiting for instance random.sea.rg.net to sync disks Sat Feb 11 23:54:14 2017 - INFO: Instance random.sea.rg.net's disks are in sync ``` Find the VNC console of the new VM ``` vm0.sea.rg.net:/root# gnt-instance info random.sea.rg.net | grep console console connection: vnc to 127.0.0.1:11038 (node vm0.sea.rg.net) (display 5138) serial_console: default (True) ``` Remember that 11038 for VNC. Spin up the VM but boot from the Ubuntu install CD-ROM ``` gnt-instance start -H boot_order=cdrom,cdrom_image_path=/ISOs/ubuntu-16.04.1-server-amd64.iso random.sea.rg.net ``` From your local host, go for the VNC concole over a nice safe ssh tunnel. Tunnel to vm0.ea.rg.net because that is where the instance lives. ``` $ ssh -N -L 5900:127.0.0.1:11038 vm0.sea.rg.net ``` On my local host, a Mac, I start a VNC client (I use Chicken of the VNC) to localhost, port 5900, display 0, with the password of vnc on the target ganeti node. 1Do the Ubuntu install on the VNC GUI. The options I choose are: - US English and US keyboard. This means I am not offered the UTC timezone option and have to set manually later. But it sets the `/etc/apt/sources.list` to the US servers. - Manually set the IP address, but some folk like DHCP. - Use the entire disk with LVM so that it is easy to expand later. - Automatic security updates, but I will hack this further later. - OpenSSH server as well as the standard system utilities - Install the GRUB boot loader so that I can make serial console work ## Reboot the VM The installation completes, and the darn thing reboots the CD-ROM. So I get brutal, and back on the VM node I ``` gnt-instance reboot --shutdown-timeout=3 random.sea.rg.net ``` This usually whacks my VNC session, so I have to restart the client. Because I did not use DHCP but set the address manually, I know where the host is. Because I have never figured out how to paste into the VNC client, I immediately ssh into the new system as the new user. ## First Configuration The first thing is set the password to something nasty. Ivyuams8 Then I become root, and get the software current. ``` randy@random:~$ sudo bash root@random:~# apt update root@random:~# apt upgrade ``` This can take a while. ## Customize VM If it does not run Emacs, it is not a computer. And install unbound so we have a local nameserver, and ntpd so we have a local chime. We will do detailed configuration of unbound and ntp later. ``` apt install emacs-nox unbound ntp chown -R unbound:unbound /etc/unbound/ ``` I set root's password to something nasty so that I can get in over the serial console if things get wedged during operation. I want to disable ssh passwording as soon as reasonable, so I install root's ssh credentials. These are not real. ``` cd /root mkdir .ssh chmod 700 .ssh cat > .ssh/authorized_keys ssh-ed25519 AAAAC3NzaC1lZDI1NE5AAAAIDzOVboz/9daQwQRPkxD/TD4PZ4ZVNgMLqd+zc79Gl+ randy@ryuu.psg.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yvE/UBwHdLVDk708/U81ZQdtDLF9Y7grMkVBfUoclF4BGFCcH1bIv6y0p1I/2PATSRnK/B5ndvWP/SrQ6y0DqnQugHKoFMR3idkzVagjjXOhcZkpitcp5hRCdjn/y/88QEiIKItEM66q48nW0OtCgcq7ENXQuYUVt0e6kh6UKRDfrPP3i2D7m8o3/W+xYt8QkYZ0iFanCfhxHAP7w3SOezmThu+p7V6yxVc+G0WTvPHrs2JlgSyaI+4SoJ2btPgqIrmKu1ILfyoAr9/RjSVHr74LijsdUKec7OXnKnV2v1VfMRglBXFgXVaWyX/adA2tMuh9nMk3Y3a3+xDqPIz6RnzQAupqUmPZ/1qbFIrVSNmhygWTC9jgemaNNC/B1nFG7em6m+fmxoIdpybaofWiJElUDBBT4bHU+L8NF7zbNROt1GtaDnbL4W9/asqzPu+aJy7L6uJQHtkc/eoXsheajztFC9I5qxW/29ja+FcQsVoDJpe96XmBtJ7elOGXaq3YtDRURwrdu9fGUBDWqwP1IFECVkeVh/NrXbQRHtgp4v533D+0MubA+hDhVTsUk6G93WLyX3usUprU1cJjyhrVzZ9U23eCPOj8J18Ixw4sJFuNeUhSCaN6j+rmOyGor3PYYysKTp1VfLNAYdcc/AYC0jDy9mYjjfCDwKfQ== randy@ryuu.psg.com chmod 600 .ssh/authorized_keys ``` Copy the ssk authority to the user account ``` rsync -vlpPStgoHxr .ssh ~randy chown -R randy:randy ~randy ``` I want my standard dot files, so I go to a recently customized Xenial system and rsync them over. ``` rsync -vlpPStgoHx .bashrc .emacs .exrc .forward .inputrc randy@random.sea: ssh randy@random.sea chown -R randy:randy . rsync -vlpPStgoHx .bashrc .emacs .exrc .forward .inputrc root@random.sea: ssh root@random.sea chown -R root:root . ``` And a bit of decoration from the other system ``` rsync -vlpPStgoHx /usr/bin/xtitle root@random.sea:/usr/bin/xtitle ``` ## Configure GRUB and the Network Configure GRUB for - longer timeout - serial console - use ntp not kvm clock - make the base ether eth0 instead of ens5 Edit /etc/default/grub ``` GRUB_TIMEOUT=6 ... GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0 console=tty0 console=ttyS0,9600n8 no-kvmclock" ... GRUB_TERMINAL="console serial" GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1" ``` And remember to update GRUB ``` update-grub ``` IMMEDIATELY udate /etc/network/interfaces to change the name of the ethernet to eth0 and any other tunings. ``` auto eth0 iface eth0 inet static address 147.28.0.2/24 gateway 147.28.0.1 dns-nameserver 127.0.0.1 dns-nameserver 147.28.0.35 dns-search rg.net psg.com iface eth0 inet6 static address 2001:418:1::2/64 gateway 2001:418:1::1 ``` ## Last Cosmetics Before Reboot Edit `/etc/hostname` to fill out the full FQDN. Set the timezone. All my servers are in UTC ``` dpkg-reconfigure tzdata ``` I still have the VNC console open, so it would be a good time to reboot and watch for problems. I could tell the VM to reboot, or whack it from the Ganeti master. To ensure it is really clean, I do the latter. I do not force the timeout so I can ensure that APCI works. ``` gnt-instance reboot random.sea.rg.net ``` ## Use Ansible to Install and Configure a Bunch of Things First, to use Ansible, the host must have python2, and have it linked to be `python` ``` apt install python2.7 ln /usr/bin/python2.7 /usr/bin/python ``` Now the barrage of ansible, which for me is based on my Mac laptop. ``` ansible-playbook -l random.sea.rg.net ntpd.yml ansible-playbook -l random.sea.rg.net no-depends.yml ansible-playbook -l random.sea.rg.net snmpd.yml ansible-playbook -l random.sea.rg.net syslog-ng.yml ansible-playbook -l random.sea.rg.net unattended-upgrades.yml ansible-playbook -l random.sea.rg.net unbound.yml ``` ## Add the VM to Infrastructure Monitoring Etc. Create an entry in `srv0.iad.rg.net:/etc/nagios3/conf.d` and enable checks in the GUI Add the device to snmp monitoring `https://nms.rg.net/` And finally, use Exim as the mail transport and install a client. ``` apt install exim4 mailutils dpkg-reconfigure exim4-config ``` Edit `/etc/aliases` to send root mail where you really want it to go, and run `newaliases`