Difference between revisions of "New machine setup"

From Software Heritage Wiki
Jump to navigation Jump to search
m (1 revision: import public pages from the intranet wiki)
(add new VM setup)
Line 35: Line 35:
 
* set proper root password, add it to password store
 
* set proper root password, add it to password store
 
* reboot
 
* reboot
 +
 +
= Setting up a new Virtual Machine (manual process) =
 +
 +
Naming scheme: machine_name.<zone>.<hoster>.internal.softwareheritage.org.
 +
 +
* Provision the virtual machine from a Debian image
 +
** Set the admin user to something temporary with an ssh key
 +
** Avoid public IPs if you don't need them
 +
** Add the machine to the internal dns (swh-site + puppet run on pergamon)
 +
* Connect to the machine with the temp admin user
 +
* apt-get update, dist-upgrade, autoremove --purge
 +
* set a root password (xckdpass, add to password store)
 +
* allow root ssh password login
 +
* connect as root
 +
* remove temporary user
 +
** deluser foo
 +
** rm -rf /home/foo
 +
* set the hostname
 +
** /etc/hostname: machine.zone.hoster (e.g. worker01.euwest.azure)
 +
** /etc/hosts: add {{<ip> machine.zone.hoster.internal.softwareheritage.org machine.zone.hoster}}} line
 +
* reboot to get new hostname
 +
* install and setup puppet
 +
** apt-get install puppet
 +
** systemctl disable puppet
 +
** server=pergamon.internal.softwareheritage.org in /etc/puppet/puppet.conf
 +
** puppet agent --enable
 +
** puppet agent -t
 +
** run puppet on pergamon to update munin server config
 +
* reboot to check new services
 +
* update clustershell configuration on louvre
  
 
[[Category:Infrastructure]]
 
[[Category:Infrastructure]]
 
[[Category:System administration]]
 
[[Category:System administration]]

Revision as of 14:11, 23 September 2016

Setting up a new Software Heritage desktop machine

Debian install

  • Stable
  • root w/temporary password; no regular user (after setting up root password, cancel twice and jump forward to clock settings)
  • full disk with LVM; reduce home LV to leave half of the disk free
  • Standard system utilities, ssh server, no desktop environment (puppet will install that)

Base system setup (from console)

  • Login as root
  • Enable password root access in ssh (/etc/ssh/sshd_config, PermitRootLogin yes)
  • Write down IP configuration and add the machine to the Gandi DNS
  • Test SSH login as root from your workstation
  • Stay at your desk :)

Full system setup (from your desk)

  • SSH login as root
  • Edit sources.list to add testing
  • apt-get update, dist-upgrade, autoremove --purge
    • While you wait, create Vpn certificates for the new machine
    • add the machine to the puppet configuration, in the swh_desktop role
  • apt-get install puppet openvpn
  • configure openvpn per Vpn
    • add pergamon IP address to /etc/resolv.conf
    • add louvre.softwareheritage.org to /etc/hosts
  • configure puppet
    • systemctl disable puppet
    • server=pergamon.internal.softwareheritage.org in /etc/puppet/puppet.conf
    • puppet agent --enable
    • puppet agent -t
    • run puppet on pergamon to update munin server config
  • set proper root password, add it to password store
  • reboot

Setting up a new Virtual Machine (manual process)

Naming scheme: machine_name.<zone>.<hoster>.internal.softwareheritage.org.

  • Provision the virtual machine from a Debian image
    • Set the admin user to something temporary with an ssh key
    • Avoid public IPs if you don't need them
    • Add the machine to the internal dns (swh-site + puppet run on pergamon)
  • Connect to the machine with the temp admin user
  • apt-get update, dist-upgrade, autoremove --purge
  • set a root password (xckdpass, add to password store)
  • allow root ssh password login
  • connect as root
  • remove temporary user
    • deluser foo
    • rm -rf /home/foo
  • set the hostname
    • /etc/hostname: machine.zone.hoster (e.g. worker01.euwest.azure)
    • /etc/hosts: add {{<ip> machine.zone.hoster.internal.softwareheritage.org machine.zone.hoster}}} line
  • reboot to get new hostname
  • install and setup puppet
    • apt-get install puppet
    • systemctl disable puppet
    • server=pergamon.internal.softwareheritage.org in /etc/puppet/puppet.conf
    • puppet agent --enable
    • puppet agent -t
    • run puppet on pergamon to update munin server config
  • reboot to check new services
  • update clustershell configuration on louvre