Before proceeding with the AutomatedSystemInstall new nodes must be added to HCoop's infrastructure. == Network == After deciding on the host name through a poll of the members: 1. Allocate an addresses from the free list on IpAddresses (and update the page!) 1. Using the peer1 request portal, add a reverse dns mapping to the hostname * You cannot install the machine until the reverse dns mapping has been created; various services rely on the rdns mapping to behave correctly. 1. Add basic node information to DomTool config 1. Edit `/afs/hcoop.net/common/etc/domtool/lib/hcoop.dtl` and add definitions for `HOSTNAME_ip`, `HOSTNAME_private_ip`, and `HOSTNAME_ipv6` 1. Edit `/afs/hcoop.net/user/h/hc/hcoop/.domtool/hcoop.net` to add a DNS entry for `$HOST.hcoop.net`, using `HOSTNAME_ip` for the `A` record and `HOSTNAME_ipv6` for the `AAAA` record; and `$HOST-private.hcoop.net` using `HOSTNAME_private_ip`. 1. Apply DomTool configuration (run `DOMTOOL_USER=hcoop domtool hcoop.net`) 1. Synchronize DomTool library with source code git repository == Documentation == Create a `ServerHOST` page and add the machine to the [[Hardware]] page. KernelVirtualMachine``s go into a sub-section of their current physical node. Note any relevant information such as the resources available for the node, intended purpose, etc. Make sure the machine is listed on the [[IpAddresses]] page. After install, update the server notes with any quirks of the install (ideally: none, but reality is a work in progress). == Add to Infrastructure == === Kerberos === Add the server key to Kerberos. At the `kadmin` console (`$SERVER` is the fully qualified domain name): {{{ add_principal -randkey host/$SERVER@HCOOP.NET }}} Update `create-user` to synchronize keytabs to the new node if applicable. === Puppet === TODO: Create full page on Puppet Create class `hcoop::server::$SERVER` and include service classes required for the server (see existing servers for examples). Add `node '$SERVER' { include ::hcoop::server::$SERVER }` to `manifests/site.pp` on master. After server is installed, set up puppet: * Install https://apt.puppetlabs.com/puppet6-release-buster.deb and then package `puppet-agent` * Run `systemctl stop puppet ; systemctl disable puppet` before proceeding so that puppet does not start itself before the system is ready * Request certificate on new server (`/opt/puppetlabs/bin/puppet agent --test --onetime --noop --waitforcert 60`) * Sign certificate request on puppet master (`puppetserver ca sign --certname $server.hcoop.net`) * Run `puppet agent --test --noop` to review initial changes, tweak manifests as needed * Run `puppet agent --test` to set up the server * ''TODO: Setup is still in initial stages and it is not quite safe to automatically update servers yet'' Once setup is confirmed working, enable puppet agent to fetch changes automatically === Mail === Enable mail routing by adding to exim configuration on the mail server (unless [[https://bugzilla.hcoop.net/show_bug.cgi?id=939|Bug 939]] has been fixed, in which case update this documentation with the domtool managed procedure). In the exim config directory: * `update-exim4.conf.conf`: Add to `dc_relay_nets` * `conf.d/main/01_exim4-config_listmacrosdefs`: Add to `unix_domains` * Run `update-exim4.conf` === Portal === Create `WebNode` for portal according to [[DaemonAdmin/Portal]] so that users may request packages, firewall rules, etc. === Domtool === To control the node with DomTool minimally: * Add to `Config.nodeIps` * Add to `Config.Firewall.firewallNodes` if it will have fwtool managed rules (user and web server nodes) If you are configuring the node for a specific purpose, you'll need to add it to more configuration. See the DomTool documentation where it exists. Prepare DomTool for deployment: [[DomTool/Installation]]. ---- CategorySystemAdministration