142020-07-19 21:49:28ClintonEbadiinstall puppet from buster on new machines132018-11-14 03:31:36ClintonEbadinew command to sign certs122018-11-14 03:26:48ClintonEbadiinstall puppet6 instead of puppet5112018-04-20 04:43:04ClintonEbadihow to not make puppet run when you don't want it to102018-04-18 00:17:12ClintonEbadiactual commands to run for puppet92018-04-17 04:16:06ClintonEbadifix exim listmacrodefs filename82018-04-17 04:05:04ClintonEbadibasic puppet instructions, reorganize a bit72014-04-29 05:10:29ClintonEbadino need to use dc_other_hostnames62012-12-30 23:02:35ClintonEbadikerberos and portal52012-12-30 21:33:18ClintonEbadimail42012-12-29 07:13:21ClintonEbadi32012-12-24 02:15:16ClintonEbadimail22012-12-24 02:04:23ClintonEbadiadding to domtool12012-12-20 22:16:42ClintonEbadistart at replacement for SetupNewMachinesBefore proceeding with the AutomatedSystemInstall new nodes must be added to HCoop's infrastructure.

After deciding on the host name through a poll of the members: Allocate an addresses from the free list on IpAddresses (and update the page!) Using the peer1 request portal, add a reverse dns mapping to the hostname You cannot install the machine until the reverse dns mapping has been created; various services rely on the rdns mapping to behave correctly. Add basic node information to DomTool config Edit /afs/hcoop.net/common/etc/domtool/lib/hcoop.dtl and add definitions for HOSTNAME_ip, HOSTNAME_private_ip, and HOSTNAME_ipv6 Edit /afs/hcoop.net/user/h/hc/hcoop/.domtool/hcoop.net to add a DNS entry for $HOST.hcoop.net, using HOSTNAME_ip for the A record and HOSTNAME_ipv6 for the AAAA record; and $HOST-private.hcoop.net using HOSTNAME_private_ip. Apply DomTool configuration (run DOMTOOL_USER=hcoop domtool hcoop.net) Synchronize DomTool library with source code git repository

Create a ServerHOST page and add the machine to the Hardware page. KernelVirtualMachines go into a sub-section of their current physical node. Note any relevant information such as the resources available for the node, intended purpose, etc. Make sure the machine is listed on the IpAddresses page. After install, update the server notes with any quirks of the install (ideally: none, but reality is a work in progress).

Add the server key to Kerberos. At the kadmin console ($SERVER is the fully qualified domain name): Update create-user to synchronize keytabs to the new node if applicable.

TODO: Create full page on Puppet Create class hcoop::server::$SERVER and include service classes required for the server (see existing servers for examples). Add node '$SERVER' { include ::hcoop::server::$SERVER } to manifests/site.pp on master. After server is installed, set up puppet: Install and then package puppet-agent Run systemctl stop puppet ; systemctl disable puppet before proceeding so that puppet does not start itself before the system is ready Request certificate on new server (/opt/puppetlabs/bin/puppet agent --test --onetime --noop --waitforcert 60) Sign certificate request on puppet master (puppetserver ca sign --certname $server.hcoop.net) Run puppet agent --test --noop to review initial changes, tweak manifests as needed Run puppet agent --test to set up the server TODO: Setup is still in initial stages and it is not quite safe to automatically update servers yet Once setup is confirmed working, enable puppet agent to fetch changes automatically

Enable mail routing by adding to exim configuration on the mail server (unless Bug 939 has been fixed, in which case update this documentation with the domtool managed procedure). In the exim config directory: update-exim4.conf.conf: Add to dc_relay_nets conf.d/main/01_exim4-config_listmacrosdefs: Add to unix_domains Run update-exim4.conf

Create WebNode for portal according to DaemonAdmin/Portal so that users may request packages, firewall rules, etc.

To control the node with DomTool minimally: Add to Config.nodeIps Add to Config.Firewall.firewallNodes if it will have fwtool managed rules (user and web server nodes) If you are configuring the node for a specific purpose, you'll need to add it to more configuration. See the DomTool documentation where it exists. Prepare DomTool for deployment: DomTool/Installation. CategorySystemAdministration