forked from Controls/gitea-pages
update documentation
This commit is contained in:
@@ -23,7 +23,7 @@ parts:
|
||||
- file: infrastructure-guide/infrastructure_systems
|
||||
sections:
|
||||
- file: infrastructure-guide/pxeserv01
|
||||
- file: infrastructure-guide/boot00
|
||||
- file: infrastructure-guide/sysdb_server
|
||||
- file: infrastructure-guide/puppet01
|
||||
- file: infrastructure-guide/repo00
|
||||
- file: infrastructure-guide/repo01
|
||||
|
||||
@@ -62,7 +62,7 @@ In addition, the following:
|
||||
======= ============ ================ ===================
|
||||
Source Destination Ports Purpose
|
||||
------- ------------ ---------------- -------------------
|
||||
any boot00 UDP/69, 80, 443 PXE/Kickstart
|
||||
any ??? UDP/69, 80, 443 PXE/Kickstart
|
||||
======= ============ ================ ===================
|
||||
|
||||
Finally, having DHCP is helpful, but not necessary.
|
||||
|
||||
@@ -4,7 +4,7 @@ actor admin
|
||||
participant "BIOS Node\n(legacy boot)" as bootnode
|
||||
participant "QIP DHCP" as dhcp
|
||||
participant "pxeserv01.psi.ch" as pxeserver
|
||||
participant "boot00.psi.ch" as sysdb
|
||||
participant "sysdb.psi.ch" as sysdb
|
||||
participant "repo00.psi.ch" as reposerver
|
||||
|
||||
admin -> bootnode : boots up
|
||||
@@ -29,7 +29,7 @@ note right
|
||||
to "lxprod". At some places this is done the
|
||||
opposite by linking hostname to MAC to "lxprod".
|
||||
Having the **link to "lxprod" loads directly**
|
||||
**the iPXE kernel "boot00.lkrn"**, shortcutting
|
||||
**the iPXE kernel "ipxe.lkrn"**, shortcutting
|
||||
the manual selection below.
|
||||
end note
|
||||
bootnode -> pxeserver : load PXE config tftp:/tftpboot/pxelinux.cfg/$HEX-IP
|
||||
@@ -44,7 +44,7 @@ note right
|
||||
comments from 2013.
|
||||
end note
|
||||
admin -> bootnode : selects "Red Hat 7 Network Install"
|
||||
bootnode -> pxeserver : load iPXE kernel tftp:/tftpboot/boot00.lkrn
|
||||
bootnode -> pxeserver : load iPXE kernel tftp:/tftpboot/ipxe.lkrn
|
||||
note right
|
||||
https://git.psi.ch/linux-infra/ipxe-build
|
||||
The following steps are by embed/pxe.ipxe
|
||||
|
||||
@@ -4,7 +4,7 @@ actor admin
|
||||
participant "UEFI Node" as bootnode
|
||||
participant "QIP DHCP" as dhcp
|
||||
participant "pxeserv01.psi.ch" as pxeserver
|
||||
participant "boot00.psi.ch" as sysdb
|
||||
participant "sysdb.psi.ch" as sysdb
|
||||
participant "repo01.psi.ch" as reposerver
|
||||
|
||||
admin -> bootnode : boots up
|
||||
|
||||
@@ -17,7 +17,7 @@ other for production, with the following hostnames:
|
||||
+--------------------+----------------+-----------------+
|
||||
| Role | testing host | production host |
|
||||
+====================+================+=================+
|
||||
| sysdb server | boot00-test | boot00 |
|
||||
| sysdb server | - | sysdb.psi.ch |
|
||||
+--------------------+----------------+-----------------+
|
||||
| puppet server | puppet00-test | puppet01 |
|
||||
+--------------------+----------------+-----------------+
|
||||
|
||||
@@ -12,7 +12,7 @@ Process
|
||||
|
||||
When a system PXE boots, the DHCP server will boot either pxelinux in legacy
|
||||
mode or grub on UEFI. It is still possible to load ipxe from either of these.
|
||||
With the right option, the boot process is pointed to ``boot00.psi.ch`` and one
|
||||
With the right option, the boot process is pointed to ``sysdb.psi.ch`` and one
|
||||
of the following boot images:
|
||||
|
||||
- ``ipxe.efi`` for systems using UEFI
|
||||
@@ -21,12 +21,12 @@ of the following boot images:
|
||||
The system downloads the image and executes it.
|
||||
|
||||
The image contains a small iPXE script, which makes iPXE retrieve its actual
|
||||
configuration from a web service running (usually) on ``boot00.psi.ch``.
|
||||
configuration from a web service running (usually) on ``sysdb.psi.ch``.
|
||||
Specifically, it queries the URL
|
||||
``https://boot00.psi.ch/ipxe/v1/config?mac=<MAC>``, where ``<MAC>`` is the MAC
|
||||
``https://sysdb.psi.ch/ipxe/v1/config?mac=<MAC>``, where ``<MAC>`` is the MAC
|
||||
address of the interface used by iPXE.
|
||||
|
||||
The web service on ``boot00.psi.ch`` will generate the iPXE configuration on the
|
||||
The web service on ``sysdb.psi.ch`` will generate the iPXE configuration on the
|
||||
fly, depending on whether the system is supposed to be reinstalled and if so,
|
||||
which distribution it is supposed to use. The menu offers other options as well,
|
||||
e.g. an interactive iPXE shell and a memory test.
|
||||
@@ -68,4 +68,4 @@ roughly like the following::
|
||||
|
||||
:dhcp_succeeded
|
||||
|
||||
chain http://boot00.psi.ch/ipxe/v1/config?mac=${netX/mac}
|
||||
chain http://sysdb.psi.ch/ipxe/v1/config?mac=${netX/mac}
|
||||
|
||||
@@ -3,7 +3,7 @@ Kickstart
|
||||
|
||||
The auto-generated Grub or iPXE configuration will, when installing RHEL, instruct
|
||||
the RHEL installer to download the Kickstart configuration from
|
||||
``https://boot00.psi.ch/kickstart/v1/config?fqdn=<FQDN>&instrepo=<INSTREPO>``,
|
||||
``https://sysdb.psi.ch/kickstart/v1/config?fqdn=<FQDN>&instrepo=<INSTREPO>``,
|
||||
where ``<FQDN>`` is the FQDN of the host to be installed, and ``<INSTREPO>`` is
|
||||
the installation repository to be used.
|
||||
|
||||
|
||||
@@ -5,59 +5,7 @@ bob - a CLI sysdb client
|
||||
retrieving information about environments, nodes, MAC addresses and attributes.
|
||||
It can authenticate using Kerberos credentials or username/password pairs.
|
||||
|
||||
|
||||
Installation and setup
|
||||
----------------------
|
||||
|
||||
For production use of bob there will be RPMs for bob and its dependencies.
|
||||
|
||||
For the moment the steps are the following::
|
||||
|
||||
yum -y install python-setuptools python-requests-kerberos
|
||||
git clone git@git.psi.ch:linux-infra/admin-tools.git
|
||||
cd admin-tools
|
||||
python setup.py install
|
||||
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
||||
``bob`` takes a number of arguments, one of which is the base URL of the sysdb
|
||||
instance. It can be passed via ``--url BASEURL`` on the command-line, or using
|
||||
the environment variable ``PSI_BOB_URL``. Therefore it is useful include the
|
||||
following in your ``.bash_profile``::
|
||||
|
||||
PSI_BOB_URL=https://boot00.psi.ch/
|
||||
|
||||
Development
|
||||
-----------
|
||||
For development, the easiest way to use bob is the following::
|
||||
|
||||
pip install --user click
|
||||
git clone XXX
|
||||
cd YYY
|
||||
pip install --user --editable .
|
||||
|
||||
This will place a script ``bob`` in ``~/.local/bin``, which will reference the
|
||||
code in the working directory of the repository clone. This way, local changes
|
||||
in the source are effective immediately. It might be a good idea to use
|
||||
``virtualenv`` to avoid installing dependencies system-wide.
|
||||
|
||||
In addition to the ``PSI_BOB_URL`` it can be handy to also have the following
|
||||
in your ``.bash_profile``::
|
||||
|
||||
alias bobtest='PSI_BOB_URL=https://boot00-test.psi.ch/ bob'
|
||||
alias bobdev='PSI_BOB_URL=http://localhost:5000/ bob'
|
||||
|
||||
During development sysdb usually listens on ``localhost:5000`` and doesn't use
|
||||
SSL, explaining the second alias. It also doesn't support authentication,
|
||||
instead expecting to find the username in the ``REMOTE_USER`` header. The latter
|
||||
can be set using the ``--fake-user`` option in bob or using the ``-H`` option in
|
||||
cURL::
|
||||
|
||||
bobdev --fake-user kaminski_k node set-attr foo.psi.ch ipxe_installer=rhel72server
|
||||
|
||||
curl -X PUT -H REMOTE_USER:talamo_i http://localhost:5000/sysdb/v1/
|
||||
For more information about bob refer to https://git.psi.ch/linux-infra/bob
|
||||
|
||||
Attributes
|
||||
----------
|
||||
|
||||
@@ -15,6 +15,5 @@ including
|
||||
#. arbitrary key-value pairs which can be used to store additional information
|
||||
like the Puppet role of a system.
|
||||
|
||||
sysdb runs on the boot server, ie. ``boot00.psi.ch`` (production) and
|
||||
``boot00-test.psi.ch`` (testing).
|
||||
sysdb runs on the server, ie. ``sysdb.psi.ch`` (production).
|
||||
|
||||
|
||||
@@ -23,9 +23,7 @@ One thing to keep in mind is that several groups at PSI use the Satellite server
|
||||
directly, so not all PSI hosts known to the Satellite belong to the central
|
||||
Linux environment. In particular the network team has a number of systems there.
|
||||
|
||||
Normally only certain infrastructure systems are registered with the Satellite,
|
||||
at this point the Puppet server (``puppet01.psi.ch``), the repository server
|
||||
(``repo00.psi.ch``), and the boot server (``boot00.psi.ch``).
|
||||
Normally only certain infrastructure systems are registered with the Satellite.
|
||||
|
||||
About once a year we report the total number of systems to ETHZ, so they can
|
||||
track subscription usage. When we started using the ETHZ subscriptions in 2016
|
||||
|
||||
@@ -51,8 +51,8 @@ Kickstart
|
||||
|
||||
Typical problems during the Kickstart phase:
|
||||
|
||||
1. The Kickstart file cannot be retrieved from the boot server
|
||||
``boot00.psi.ch``. Typically caused by incorrect sysdb entries or firewalls.
|
||||
1. The Kickstart file cannot be retrieved from the sysdb server
|
||||
``sysdb.psi.ch``. Typically caused by incorrect sysdb entries or firewalls.
|
||||
2. Partitioning fails. This can happen because
|
||||
|
||||
a) No disk is recognized, or the wrong disk is used
|
||||
|
||||
@@ -3,9 +3,9 @@ List of systems and their primary role:
|
||||
|
||||
|
||||
__Core Infrastructure:__
|
||||
* [pxeserv01](pxeserv01) - boot.psi.ch - 129.129.190.59 - TFTP server for PXE booting
|
||||
* [boot.psi.ch](pxeserv01) - TFTP server for PXE booting
|
||||
|
||||
* [boot00](boot00) - sysdb.psi.ch - 129.129.160.210 - Runs sysdb, providing the dynamic iPXE, Grub and kickstart files
|
||||
* [sysdb.psi.ch](sysdb_server) - Runs sysdb, providing the dynamic iPXE, Grub and kickstart files
|
||||
|
||||
* [puppet01](puppet01) - puppet.psi.ch - 129.129.160.118 - Runs the puppet server for the RHEL7 infra
|
||||
|
||||
@@ -40,7 +40,7 @@ __Enduser Systems__
|
||||
|
||||
|
||||
## Metrics
|
||||
* [Overview Infrastructure](https://metrics.psi.ch/d/1SL13Nxmz/gfa-linux-tabular?orgId=1&from=now-6h&to=now&refresh=30s&var-env=telegraf_pli&var-host=boot00.psi.ch&var-host=influx00.psi.ch&var-host=lxweb00.psi.ch&var-host=metrics00.psi.ch&var-host=puppet01.psi.ch&var-host=pxeserv01.psi.ch&var-host=repo00.psi.ch&var-host=reposync.psi.ch)
|
||||
* [Overview Infrastructure](https://metrics.psi.ch/d/1SL13Nxmz/gfa-linux-tabular?orgId=1&from=now-6h&to=now&refresh=30s&var-env=telegraf_pli&var-host=influx00.psi.ch&var-host=lxweb00.psi.ch&var-host=metrics00.psi.ch&var-host=puppet01.psi.ch&var-host=repo00.psi.ch&var-host=reposync.psi.ch)
|
||||
|
||||
# Procedures
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
# How to grand a person access to bob/sysdb
|
||||
|
||||
bob is making http calls to the sysdb app. Authorization (https://git.psi.ch/linux-infra/sysdb#authentication-and-authorization) is done via krb5 tokens. Operations outside of environments (creating/changing the owner of/deleting environments) needs to be done by a sysdb admin, ie someone who is a member of the group sysdb-admins. Group membership of the authenticated users is evaluated on the OS level on boot00. So group memberships can be set both locally or in the AD. This makes it a bit confusing, but both are used.
|
||||
The sysdb-admins specifically is a local group, see boot00:/etc/group
|
||||
bob is making http calls to the sysdb app. Authorization (https://git.psi.ch/linux-infra/sysdb#authentication-and-authorization) is done via krb5 tokens. Operations outside of environments (creating/changing the owner of/deleting environments) needs to be done by a sysdb admin, ie someone who is a member of the group sysdb-admins. Group membership of the authenticated users is evaluated on the OS level on sysdb.psi.ch. So group memberships can be set both locally or in the AD. This makes it a bit confusing, but both are used.
|
||||
The sysdb-admins specifically is a local group, see /etc/group
|
||||
|
||||
|
||||
For the envs (bob env list), only adding and listing are implemented in bob, any other operation, like deletion or modification can only be performed in the sysdb sqlite database itself.
|
||||
|
||||
@@ -16,12 +16,12 @@ https://git.psi.ch/linux-infra/sysdb/blob/prod/sysdb/ipxe_template.py
|
||||
|
||||
https://git.psi.ch/linux-infra/sysdb/blob/prod/sysdb/grub_template.py
|
||||
|
||||
Once the change is committed, the changes have to be pulled on boot00:
|
||||
Once the change is committed, the changes have to be pulled on sysdb.psi.ch:
|
||||
|
||||
```
|
||||
[root@boot00 ~]# cd /var/www/sysdb/app/
|
||||
[root@boot00 app]# git pull
|
||||
[root@boot00 app]# systemctl restart httpd
|
||||
[root@sysdb ~]# cd /var/www/sysdb/app/
|
||||
[root@sysdb ~]# git pull
|
||||
[root@sysdb ~]# systemctl restart httpd
|
||||
```
|
||||
|
||||
The changes only come live after a restart of the httpd.
|
||||
File diff suppressed because one or more lines are too long
|
Before Width: | Height: | Size: 81 KiB After Width: | Height: | Size: 79 KiB |
Reference in New Issue
Block a user