improve documentation for adding new host/environment

This commit is contained in:
2024-03-07 16:29:10 +01:00
parent 8092ec6edb
commit 2bdcf67e04
4 changed files with 202 additions and 82 deletions
+4 -4
View File
@@ -66,13 +66,13 @@ chapters:
- file: admin-guide/guidelines
- file: admin-guide/deployment
sections:
- file: admin-guide/deployment/sample
- file: admin-guide/deployment/reinstall
- file: admin-guide/deployment/partitioning
- file: admin-guide/deployment/sysdb_env
- file: admin-guide/deployment/ipxe
- file: admin-guide/deployment/kickstart
- file: admin-guide/deployment/partitioning
- file: admin-guide/deployment/sample
- file: admin-guide/deployment/infrastructure
- file: admin-guide/deployment/workflow
- file: admin-guide/deployment/reinstall
- file: admin-guide/puppet
sections:
- file: admin-guide/puppet/general
+65
View File
@@ -0,0 +1,65 @@
# Sample deployment of a new server
In this section we describe the deployment of a new server from
scratch.
All the operations will be performed using `bob`, the command-line
client for interacting with `sysdb`.
The informations we need are:
- the server name: `logging-ra.psi.ch`
- the server MAC address: `23:3d:ef:33:11:22`
- static or dynamic IP: `static`
- the OS installer: `rhel8install`
- the server role: `role::logging_server`
- the server environment in puppet: `prod`
- the sysdb deployment environment: `daas`
- optional the group inside the sysdb environment (`default` if not specified): `logging`
## Setting up bob
The `bob` tool is already set up on `lxsup.psi.ch`.
You might connect with `ssh` and use it from there.
Altenatively you many have on your workstation a local copy of `bob`. This can be done by installing the RPM from the pli-misc repository - https://repos.psi.ch/rhel8/latest/pli-misc/
You might need to set a `PSI_BOB_USER` environment variable (`export PSI_BOB_USER=<you-name-it>`) or use the option `--user` if your local user is different from
the one on sysdb.
## Sysdb configuration
We add the node to the environment, specifing `netboot` as
the boot action
bob node add logging-ra.psi.ch daas netboot
We setup its MAC address:
bob node add-mac logging-ra.psi.ch 23:3d:ef:33:11:22
Next decide how the IP address is configured (`dhcp` or `static`):
bob node set-attr syslog-ra.psi.ch network=static
And which installer is used:
bob node set-attr syslog-ra.psi.ch ipxe_installer=rhel8install
And we finally setup the puppet role and puppet environment:
bob node set-attr syslog-ra.psi.ch puppet_role=role::log_server
bob node set-attr syslog-ra.psi.ch puppet_env=prod
bob node set-attr syslog-ra.psi.ch puppet_group=logging
## Example
Full example:
bob node add lx-test-02.psi.ch lx netboot
bob node add-mac lx-test-02 00:50:56:9d:19:76
bob node set-attr lx-test-02.psi.ch ipxe_installer=rhel8install puppet_env=prod puppet_group=default puppet_role=role::server
bob node netboot lx-test-02.psi.ch
bob node list -v lx-test-02
Ensure that a potential previous puppet certificate for this server is deleted on the puppet server: https://puppet.psi.ch
-78
View File
@@ -1,78 +0,0 @@
Sample deployment of a new server
=================================
In this section we describe the deployment of a new server from
scratch.
All the operations will be performed using `bob`, the command-line
client for interacting with `sysdb`.
The informations we need are:
- the server name: ``logging-ra.psi.ch``
- the server MAC address: ``23:3d:ef:33:11:22``
- static or dynamic IP: ``static``
- the OS installer: ``rhel8install``
- the server role: ``role::logging_server``
- the server environment in puppet: ``prod``
- the sysdb environment: ``daas``
- optional the group inside the sysdb environment (``default`` if not specified): ``logging``
Setting up bob
--------------
The `bob` tool is already set up on `lxsup.psi.ch`.
You might connect with `ssh` and use it from there.
Altenatively you many have on your workstation a local copy of `bob`. This can be done by installing the RPM from the pli-misc repository - https://repos.psi.ch/rhel7/latest/pli-misc/
You might need to set a `PSI_BOB_USER` environment variable (`export PSI_BOB_USER=<you-name-it>`) or use the option `--user` if your local user is different from
the one on sysdb.
Sysdb configuration
-------------------
We then create a deployment environment::
bob env add daas talamo_i daas-admins 'DaaS Cluster'
We add the node to the environment, specifing ``netboot`` as
the boot action ::
bob node add logging-ra.psi.ch daas netboot
We setup its MAC address: ::
bob node add-mac logging-ra.psi.ch 23:3d:ef:33:11:22
Next decide how the IP address is configured (``dhcp`` or ``static``): ::
bob node set-attr syslog-ra.psi.ch network=static
And which installer is used: ::
bob node set-attr syslog-ra.psi.ch ipxe_installer=rhel8install
And we finally setup the puppet role and puppet environment: ::
bob node set-attr syslog-ra.psi.ch puppet_role=role::log_server
bob node set-attr syslog-ra.psi.ch puppet_env=prod
bob node set-attr syslog-ra.psi.ch puppet_group=logging
Example
-------
Full example: ::
bob node add lx-test-02.psi.ch lx netboot
bob node add-mac lx-test-02 00:50:56:9d:19:76
bob node set-attr lx-test-02.psi.ch ipxe_installer=rhel8install
bob node set-attr lx-test-02.psi.ch puppet_env=prod
bob node set-attr lx-test-02.psi.ch puppet_group=default
bob node set-attr lx-test-02.psi.ch puppet_role=role::server
bob node netboot lx-test-02.psi.ch
bob node list -v lx-test-02
Ensure that a potential previous puppet certificate for this server is deleted on the puppet server: https://puppet.psi.ch
+133
View File
@@ -0,0 +1,133 @@
# New Sysdb Deploment Environment
## Introduction
Deploying a new environment requires the following:
1. Configuring the environment in **bob**
2. Configuring the environment in GIT (`https://git.psi.ch/linux-infra/hiera`)
- Environment format: `data-<environment_name>`
- And change permissions accordingly
- Configure the necessary webhooks for the Puppet and Sysdb server
3. Configuring the environment in Puppet (e.g. `puppet01.psi.ch`)
## Configuring the environment in sysdb
Bob allows to create a new environment in `sysdb` by using the `bob env` option.
You must have permissions to do that.
You must belong to the `sysdb-admins` group that is actually
configured on the local `/etc/group` file. A migration to Active
Directory should be done for that group.
To list current defined environments run
bob env list
To add a new environment, run
bob env add <environment_name> <owner> <admin_group> "<description>"
In example, for the MeG cluster
bob env add meg caubet_m unx-hpc_adm "MeG Cluster"
### Test new environment in BOB
In order to test that environment was successfully created
bob env list | grep <environment_name>
An example
caubet_m@caubet-laptop:~/GIT/admin-guide/deployment$ bob env list | grep meg
meg caubet_m unx-hpc_adm MeG Cluster
## Configuring the environment in GIT
You must belong to the `unx-puppet_adm` Active Directory group in order to be able to create new projects.
In order to create a new environment in **GIT**, you should access and login in the following link: https://git.psi.ch/linux-infra/hiera/.
Here you can see the different environments.
The steps to create and configure a new **GIT** project are:
1. Create a new project (environment). It can be done here: https://git.psi.ch/projects/new
- Go to `[Blank project] Tab` (which is the *default* tab)
- Change `[Project Path]` as follows:
- `https://git.psi.ch/` + `linux-infra/hiera`
- Define `[Project Name]`, which *must* have the following format:
- `data-<environment_name>` where `<environment_name>` is the one defined in **Bob**
- *[Optional]* Specify `[Project description]`
- Specify `[Visibility Level]`:
- Should be `Internal` or `Private`
2. Configure project permissions as follows:
- `[data-<environment_name]->[Settings]->[Repository]`, or directly: https://git.psi.ch/linux-infra/hiera/data-(environment_name)/-/settings/repository
- `[Deploy Keys]` -> `[Privately accessible deploy keys]` -> select `root@puppet01.psi.ch'` -> click on `'Enable'`
- `[data-<environment_name]->[Settings]->[Members]`, or directly: https://git.psi.ch/linux-infra/hiera/data-(environment_name)/project_members
- Setup specific permissions for specific users or groups. In example:
- Set project `Master`:
- `[Select members to invite]` (`caubet_m`) + `[Choose a role permission]` (`Master`) + `[Add to project]`
- Set other roles:
- `[Select members to invite]` (`dorigo_a`) + `[Choose a role permission]` (`Developer`) + `[Add to project]`
- `[data-<environment_name]->[Settings]->[Integrations]`, or directly: https://git.psi.ch/linux-infra/hiera/data-(environment_name)/-/hooks
- Add WebHooks as follows:
- `[URL]`: http://puppet01.psi.ch/events/dataupdate
- `[URL]`: http://sysdb.psi.ch/events/dataupdate
- (Checked) `[Push events]`. Uncheck the rest.
- `[SSL verification]` -> (uncheck) `[Enable SSL verification]`
- Confirm information from above, and click on `[Add webhook]` to add the new WebHook.
### Test new environment in GIT
In order to test that environment was successfully created
git clone git@git.psi.ch:linux-infra/hiera/data-<environment_name>.git
An example
caubet_m@caubet-laptop:~/GIT$ git clone git@git.psi.ch:linux-infra/hiera/data-meg.git
Cloning into 'data-meg'...
X11 forwarding request failed
warning: You appear to have cloned an empty repository.
## Configuring the environment in Puppet server
In [bootstrap](https://git.psi.ch/linux-infra/bootstrap) add the new repo to `instcode/puppet/puppet_server/manifests/data.pp` and run the bootstrap for the Puppet server.
## Configuring the environment in Sysdb Server
In [bootstrap](https://git.psi.ch/linux-infra/bootstrap) add the new repo to the suitable inventory file (eg. `ansible/inventory.yaml` for production) and run the playbook for the Sysdb server.
## Test new environment in Puppet
In order to test that environment was successfully created
git clone git@git.psi.ch:linux-infra/data-<environment_name>.git
Add a new file <environment_name>.yaml in to the project:
cd data-<environment_name>
touch <environment_name>.yaml
git add <environment_name>.yaml
git commit -a -m "Added first empty file"
git push
After a few seconds (needs time to trigger the change), check in `puppet01.psi.ch:/srv/puppet/data/<environment_name>` that file was successfully triggered (copied) to the puppet server from **GIT**
ssh root@puppet01.psi.ch ls /srv/puppet/data/<environment_name>/<environment_name>.yaml
Full real example:
git clone git@git.psi.ch:linux-infra/data-meg.git
cd data-meg
touch meg.yaml
git add meg.yaml
git commit -a -m "Added first empty file"
git push
sleep 5
ssh root@puppet01.psi.ch ls /srv/puppet/data/meg/meg.yaml