InstallationProcedure/CommonInstallSteps142020-07-19 21:49:28ClintonEbadiinstall puppet from buster on new machines132018-11-14 03:31:36ClintonEbadinew command to sign certs122018-11-14 03:26:48ClintonEbadiinstall puppet6 instead of puppet5112018-04-20 04:43:04ClintonEbadihow to not make puppet run when you don't want it to102018-04-18 00:17:12ClintonEbadiactual commands to run for puppet92018-04-17 04:16:06ClintonEbadifix exim listmacrodefs filename82018-04-17 04:05:04ClintonEbadibasic puppet instructions, reorganize a bit72014-04-29 05:10:29ClintonEbadino need to use dc_other_hostnames62012-12-30 23:02:35ClintonEbadikerberos and portal52012-12-30 21:33:18ClintonEbadimail42012-12-29 07:13:21ClintonEbadi32012-12-24 02:15:16ClintonEbadimail22012-12-24 02:04:23ClintonEbadiadding to domtool12012-12-20 22:16:42ClintonEbadistart at replacement for SetupNewMachinesBefore proceeding with the AutomatedSystemInstall new nodes must be added to HCoop's infrastructure. NetworkAfter deciding on the host name through a poll of the members: Allocate an addresses from the free list on IpAddresses (and update the page!) Using the peer1 request portal, add a reverse dns mapping to the hostname You cannot install the machine until the reverse dns mapping has been created; various services rely on the rdns mapping to behave correctly. Add basic node information to DomTool config Edit /afs/hcoop.net/common/etc/domtool/lib/hcoop.dtl
and add definitions for HOSTNAME_ip
, HOSTNAME_private_ip
, and HOSTNAME_ipv6
Edit /afs/hcoop.net/user/h/hc/hcoop/.domtool/hcoop.net
to add a DNS entry for $HOST.hcoop.net
, using HOSTNAME_ip
for the A
record and HOSTNAME_ipv6
for the AAAA
record; and $HOST-private.hcoop.net
using HOSTNAME_private_ip
. Apply DomTool configuration (run DOMTOOL_USER=hcoop domtool hcoop.net
) Synchronize DomTool library with source code git repository DocumentationCreate a ServerHOST
page and add the machine to the Hardware page. KernelVirtualMachines go into a sub-section of their current physical node. Note any relevant information such as the resources available for the node, intended purpose, etc. Make sure the machine is listed on the IpAddresses page. After install, update the server notes with any quirks of the install (ideally: none, but reality is a work in progress). Add to InfrastructureKerberosAdd the server key to Kerberos. At the kadmin
console ($SERVER
is the fully qualified domain name): Update create-user
to synchronize keytabs to the new node if applicable. PuppetTODO: Create full page on Puppet Create class hcoop::server::$SERVER
and include service classes required for the server (see existing servers for examples). Add node '$SERVER' { include ::hcoop::server::$SERVER }
to manifests/site.pp
on master. After server is installed, set up puppet: Install and then package puppet-agent
Run systemctl stop puppet ; systemctl disable puppet
before proceeding so that puppet does not start itself before the system is ready Request certificate on new server (/opt/puppetlabs/bin/puppet agent --test --onetime --noop --waitforcert 60
) Sign certificate request on puppet master (puppetserver ca sign --certname $server.hcoop.net
) Run puppet agent --test --noop
to review initial changes, tweak manifests as needed Run puppet agent --test
to set up the server TODO: Setup is still in initial stages and it is not quite safe to automatically update servers yet Once setup is confirmed working, enable puppet agent to fetch changes automatically MailEnable mail routing by adding to exim configuration on the mail server (unless Bug 939 has been fixed, in which case update this documentation with the domtool managed procedure). In the exim config directory: update-exim4.conf.conf
: Add to dc_relay_nets
conf.d/main/01_exim4-config_listmacrosdefs
: Add to unix_domains
Run update-exim4.conf
PortalCreate WebNode
for portal according to DaemonAdmin/Portal so that users may request packages, firewall rules, etc. DomtoolTo control the node with DomTool minimally: Add to Config.nodeIps
Add to Config.Firewall.firewallNodes
if it will have fwtool managed rules (user and web server nodes) If you are configuring the node for a specific purpose, you'll need to add it to more configuration. See the DomTool documentation where it exists. Prepare DomTool for deployment: DomTool/Installation. CategorySystemAdministration