New machine setup

From Software Heritage Wiki
Revision as of 14:11, 23 September 2016 by NicolasDandrimont (talk | contribs) (add new VM setup)
Jump to: navigation, search

Setting up a new Software Heritage desktop machine

Debian install

  • Stable
  • root w/temporary password; no regular user (after setting up root password, cancel twice and jump forward to clock settings)
  • full disk with LVM; reduce home LV to leave half of the disk free
  • Standard system utilities, ssh server, no desktop environment (puppet will install that)

Base system setup (from console)

  • Login as root
  • Enable password root access in ssh (/etc/ssh/sshd_config, PermitRootLogin yes)
  • Write down IP configuration and add the machine to the Gandi DNS
  • Test SSH login as root from your workstation
  • Stay at your desk :)

Full system setup (from your desk)

  • SSH login as root
  • Edit sources.list to add testing
  • apt-get update, dist-upgrade, autoremove --purge
    • While you wait, create Vpn certificates for the new machine
    • add the machine to the puppet configuration, in the swh_desktop role
  • apt-get install puppet openvpn
  • configure openvpn per Vpn
    • add pergamon IP address to /etc/resolv.conf
    • add louvre.softwareheritage.org to /etc/hosts
  • configure puppet
    • systemctl disable puppet
    • server=pergamon.internal.softwareheritage.org in /etc/puppet/puppet.conf
    • puppet agent --enable
    • puppet agent -t
    • run puppet on pergamon to update munin server config
  • set proper root password, add it to password store
  • reboot

Setting up a new Virtual Machine (manual process)

Naming scheme: machine_name.<zone>.<hoster>.internal.softwareheritage.org.

  • Provision the virtual machine from a Debian image
    • Set the admin user to something temporary with an ssh key
    • Avoid public IPs if you don't need them
    • Add the machine to the internal dns (swh-site + puppet run on pergamon)
  • Connect to the machine with the temp admin user
  • apt-get update, dist-upgrade, autoremove --purge
  • set a root password (xckdpass, add to password store)
  • allow root ssh password login
  • connect as root
  • remove temporary user
    • deluser foo
    • rm -rf /home/foo
  • set the hostname
    • /etc/hostname: machine.zone.hoster (e.g. worker01.euwest.azure)
    • /etc/hosts: add {{<ip> machine.zone.hoster.internal.softwareheritage.org machine.zone.hoster}}} line
  • reboot to get new hostname
  • install and setup puppet
    • apt-get install puppet
    • systemctl disable puppet
    • server=pergamon.internal.softwareheritage.org in /etc/puppet/puppet.conf
    • puppet agent --enable
    • puppet agent -t
    • run puppet on pergamon to update munin server config
  • reboot to check new services
  • update clustershell configuration on louvre
Retrieved from "https://wiki.softwareheritage.org/index.php?title=New_machine_setup&oldid=509"