forked from Controls/gitea-pages
cleanup test
This commit is contained in:
@@ -1,132 +1,36 @@
|
||||
# Installation
|
||||
# Basic Installation
|
||||
|
||||
# Example Installation
|
||||
Linux systems are installed using PXE and Kickstart. The Kickstart
|
||||
configuration is auto-generated base on the configuration stored in sysdb/bob.
|
||||
|
||||
In this section we describe the deployment of a new server from
|
||||
scratch.
|
||||
All the operations will be performed using `bob`, the command-line
|
||||
client for interacting with `sysdb`.
|
||||
When PXE boot is not an option, e.g. in restricted networks, it is possible to start iPXE from a USB stick or other media.
|
||||
|
||||
The informations we need are:
|
||||
The general process for a installation is:
|
||||
|
||||
- the server name: `logging-ra.psi.ch`
|
||||
- the server MAC address: `23:3d:ef:33:11:22`
|
||||
- optional static or dynamic IP: `static` (RHEL7 & RHEL8 only)
|
||||
- the OS installer: `rhel8install`
|
||||
- the server role: `role::logging_server`
|
||||
- optional the server environment in puppet: `prod`
|
||||
- the sysdb deployment environment: `daas`
|
||||
- optional the group inside the sysdb environment (`default` if not specified): `logging`
|
||||
- optional the subgroup inside the group: `collector`
|
||||
1. Register and configure the system with sysdb
|
||||
2. Tell sysdb to perform an installation on the next boot
|
||||
3. Reboot the system and trigger a PXE boot (usually by pressing F12 during
|
||||
POST)
|
||||
|
||||
## Setting up bob
|
||||
The default way to interact with sysdb is to use [bob](https://git.psi.ch/linux-infra/bob). `bob` is already set up on `lxsup.psi.ch` for general use.
|
||||
|
||||
The `bob` tool is already set up on `lxsup.psi.ch`. You might connect with `ssh` and use it from there.
|
||||
|
||||
Altenatively you many have on your workstation a local copy of `bob`. This can be done by installing the RPM from the pli-misc repository - https://repos.psi.ch/rhel8/latest/pli-misc/
|
||||
Altenatively you many have on your workstation a local copy of `bob`. This can be done by installing the RPM from the pli-misc repository - https://repos.psi.ch/rhel8/latest/pli-misc/ or by installing the Python package manually.
|
||||
|
||||
You might need to set a `PSI_BOB_USER` environment variable (`export PSI_BOB_USER=<you-name-it>`) or use the option `--user` if your local user is different from the one on sysdb.
|
||||
|
||||
## Sysdb configuration
|
||||
## Sysdb Configuration
|
||||
|
||||
We add the node to the environment, specifing `netboot` as
|
||||
the boot action
|
||||
```bash
|
||||
bob node add logging-ra.psi.ch daas netboot
|
||||
```
|
||||
|
||||
We setup its MAC address:
|
||||
```bash
|
||||
bob node add-mac logging-ra.psi.ch 23:3d:ef:33:11:22
|
||||
```
|
||||
|
||||
Next decide how the IP address is configured (`dhcp` or `static`):
|
||||
```bash
|
||||
bob node set-attr logging-ra.psi.ch network=static
|
||||
```
|
||||
|
||||
And which installer is used:
|
||||
```bash
|
||||
bob node set-attr logging-ra.psi.ch ipxe_installer=rhel8install
|
||||
```
|
||||
|
||||
And we finally setup the puppet role and puppet environment:
|
||||
```bash
|
||||
bob node set-attr logging-ra.psi.ch puppet_role=role::log_server
|
||||
bob node set-attr logging-ra.psi.ch puppet_env=prod
|
||||
bob node set-attr logging-ra.psi.ch puppet_group=logging
|
||||
bob node set-attr logging-ra.psi.ch puppet_subgroup=collector
|
||||
```
|
||||
|
||||
## Example
|
||||
|
||||
Full example:
|
||||
|
||||
```bash
|
||||
bob node add lx-test-02.psi.ch lx netboot
|
||||
bob node add-mac lx-test-02 00:50:56:9d:19:76
|
||||
bob node set-attr lx-test-02.psi.ch ipxe_installer=rhel8install puppet_role=role::server
|
||||
bob node netboot lx-test-02.psi.ch
|
||||
bob node list -v lx-test-02
|
||||
```
|
||||
|
||||
Ensure that a potential previous puppet certificate for this server is deleted on the puppet server: https://puppet.psi.ch
|
||||
|
||||
|
||||
## Special Settings
|
||||
|
||||
### Custom Kernel Commandline Arguments
|
||||
For custom kernel commandline arguments for the installer (e.g. to provide drivers) the sysdb attribute `kernel_cmdline` can be used:
|
||||
|
||||
```bash
|
||||
bob node set-attr lx-test-02.psi.ch kernel_cmdline=inst.dd=https://linuxsoft.cern.ch/elrepo/dud/el8/x86_64/dd-megaraid_sas-07.725.01.00-1.el8_9.elrepo.iso
|
||||
```
|
||||
|
||||
### Custom Partitioning
|
||||
|
||||
Please check out the [Partitioning page](partitioning).
|
||||
|
||||
|
||||
|
||||
|
||||
Linux systems are generally deployed using PXE and Kickstart. We use iPXE, which
|
||||
can retrieve its configuration via HTTP(S) and therefore gives us a lot of
|
||||
flexibility, because the iPXE configuration can be generated on the fly with the
|
||||
specific settings needed by the booting client. In the same way the Kickstart
|
||||
configuration for the RHEL installer is auto-generated.
|
||||
|
||||
The information used for generating the iPXE and Kickstart configurations is
|
||||
stored in the sysdb (see below). The sysdb is accessible through a web api, and
|
||||
a command line client is available.
|
||||
|
||||
When PXE boot is not an option, e.g. in restricted networks, it is possible to
|
||||
start iPXE from a USB stick or other media.
|
||||
|
||||
The general process for a deployment/installation is:
|
||||
|
||||
1. Register the system with sysdb (only for new systems).
|
||||
2. Tell sysdb to perform an installation on the next boot.
|
||||
3. Reboot the system and trigger a PXE boot (usually by pressing F12 during
|
||||
POST).
|
||||
|
||||
The easiest way to interact with sysdb is to use `bob`, a command-line client, set up ready to use on `lxsup.psi.ch`.
|
||||
Alternatively it is possible to use the web API directly.
|
||||
|
||||
First, add the new node:
|
||||
Register node:
|
||||
```bash
|
||||
bob node add $FQDN $ENV netboot
|
||||
```
|
||||
|
||||
|
||||
To be able to PXE boot we need to configure at least one MAC address for the new
|
||||
node:
|
||||
To be able to PXE boot we need to configure at least one MAC address for the new node:
|
||||
```bash
|
||||
bob node add-mac $FQDN 00:50:56:aa:fe:9b
|
||||
```
|
||||
|
||||
|
||||
Finally we need to configure the installer to use, and the Puppet-related
|
||||
parameters:
|
||||
Finally we need to configure the installer to use, and the Puppet-related parameters:
|
||||
```bash
|
||||
bob node set-attr $FQDN ipxe_installer=rhel8install
|
||||
bob node set-attr $FQDN puppet_role=role::server
|
||||
@@ -134,15 +38,43 @@ bob node set-attr $FQDN puppet_role=role::server
|
||||
|
||||
and optional:
|
||||
```bash
|
||||
# static IP address (options: static, dhcp)
|
||||
bob node set-attr $FQDN network=static
|
||||
bob node set-attr $FQDN puppet_group=cluster
|
||||
bob node set-attr $FQDN puppet_subgroup=compute
|
||||
bob node set-attr $FQDN network=static
|
||||
bob node set-attr $FQDN puppet_env=prod
|
||||
```
|
||||
|
||||
## Redeployment
|
||||
|
||||
After the initial installation the boot mode has been reset from netboot to local so it will then always boot from the local disk. For a redeployment the netboot needs to be set anew (on UEFI based systems netboot also needs to be always selected by the UEFI menu)):
|
||||
```
|
||||
Finally ensure that the node is set to `netboot`:
|
||||
```bash
|
||||
bob node netboot $FQDN
|
||||
```
|
||||
|
||||
### Example
|
||||
|
||||
Minimal example:
|
||||
|
||||
```bash
|
||||
bob node add lx-test-02.psi.ch lx netboot
|
||||
bob node add-mac lx-test-02 00:50:56:9d:19:76
|
||||
bob node set-attr lx-test-02.psi.ch ipxe_installer=rhel8install puppet_role=role::server
|
||||
bob node netboot lx-test-02.psi.ch
|
||||
|
||||
# show the configuration
|
||||
bob node list -v lx-test-02
|
||||
```
|
||||
|
||||
|
||||
### Special Settings
|
||||
|
||||
#### Custom Kernel Commandline Arguments
|
||||
For custom kernel commandline arguments for the installer (e.g. to provide drivers) the sysdb attribute `kernel_cmdline` can be used:
|
||||
|
||||
```bash
|
||||
bob node set-attr lx-test-02.psi.ch kernel_cmdline=inst.dd=https://linuxsoft.cern.ch/elrepo/dud/el8/x86_64/dd-megaraid_sas-07.725.01.00-1.el8_9.elrepo.iso
|
||||
```
|
||||
|
||||
#### Custom Partitioning
|
||||
|
||||
Please check out the [Partitioning page](partitioning).
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# DMZ Deployment
|
||||
|
||||
The deployment in the DMZ ist the basically the same as [internaly](sample), but there are a few points to consider:
|
||||
The deployment in the DMZ ist the basically the same as [internaly](basic_installation), but there are a few points to consider:
|
||||
|
||||
- a firewall rule for puppet is needed
|
||||
- the commissioning can only be done in the special DMZ commissioning network
|
||||
@@ -15,7 +15,8 @@ Because of this commissioning network we suggest that the DMZ VM gets for commis
|
||||
- get both MAC addresses
|
||||
- prepare the node in Sysdb/`bob` with the "back-door" MAC address
|
||||
- in Hiera following network configuration is suggested which keeps the "front-door" interface disabled for the start:
|
||||
```
|
||||
|
||||
```yaml
|
||||
networking::setup: managed
|
||||
|
||||
networking::connections:
|
||||
@@ -38,7 +39,8 @@ networking::connection::commissioning_network:
|
||||
- for SSH access get assigned IP address from VMWare or Puppet facts or QIP
|
||||
- at the moment puppet will fail, provide the IP address to your fellow friendly Core Linux Team member to manually finish the first boot
|
||||
- if the configuration is fully ready, configure the "front-door" interface:
|
||||
```
|
||||
|
||||
```yaml
|
||||
networking::setup: managed
|
||||
|
||||
networking::connections:
|
||||
@@ -62,7 +64,8 @@ networking::connection::commissioning_network:
|
||||
|
||||
- check if you still have management access (`ssh`) over the front door interface
|
||||
- remove the configuration of the "back-door" interface:
|
||||
```
|
||||
|
||||
```yaml
|
||||
networking::setup: managed
|
||||
|
||||
networking::connections:
|
||||
|
||||
@@ -1,15 +1,18 @@
|
||||
# How to reinstall a machine
|
||||
# Reinstallation
|
||||
|
||||
Generally speaking, a reinstall can be done without doing anything other than doing the PXE boot, but there are some caveats to consider:
|
||||
|
||||
- the puppet server certificate is saved on the puppet server
|
||||
|
||||
- the puppet client certificate is saved by the kickstart script (which obviously can only happen, if the machine is reinstalled to the same drive with an intact file-system)
|
||||
Basically a reinstall can be done without doing anything other than doing the PXE boot, but there are some caveats to consider:
|
||||
|
||||
- if you do a new install to a blank drive, but the puppet server has a certificate saved for the host, the client will generate a new cert, but the server will not, so the certificates saved on the 2 sides, will not match and will never work. In this case both sides need to be cleaned up before a new puppet run is attempted.
|
||||
__Netboot__
|
||||
After the initial installation the boot mode has been reset from netboot to local so it will then always boot from the local disk. For a redeployment the netboot needs to be set anew (on UEFI based systems netboot also needs to be always selected by the UEFI menu))
|
||||
```bash
|
||||
bob node netboot $FQDN
|
||||
```
|
||||
|
||||
- somewhat unrelated to the other points, but a similar case is the ssh server keys, which are stored on the puppet server and are put in place by puppet agent, so they remain unchanged under all reinstall scenarios
|
||||
__Puppet Certificates__
|
||||
The puppet client certificate is saved on the puppet server. By default corresponding certificate on the client is tried to be saved by the kickstart script. If you do a new install to a blank drive, but the puppet server has a certificate saved for the host, the client will generate a new cert, but the server will not, so the certificates saved on the 2 sides, will not match and will never work. In this case both sides need to be cleaned up before a new puppet run is attempted.
|
||||
|
||||
Puppet server certs can be deleted at https://puppet01.psi.ch/ and on that page, the command to delete the client cert is specified.
|
||||
Puppet client certs can be deleted at https://puppet.psi.ch/ and on that page, the command to delete the client cert is specified.
|
||||
|
||||
To access https://puppet01.psi.ch one needs to authenticate with your username/password. The server uses a invalid https certificate that is not accepted by modern safari/chrome any more. Use Firefox as a workaround.
|
||||
To access https://puppet.psi.ch one needs to authenticate with your username/password. The server uses a invalid https certificate that is not accepted by modern safari/chrome any more. Use Firefox as a workaround.
|
||||
|
||||
Reference in New Issue
Block a user