|
Size: 1546
Comment: start at replacement for SetupNewMachines
|
Size: 2499
Comment: kerberos and portal
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 12: | Line 12: |
| 1. Edit `/afs/hcoop.net/user/h/hc/hcoop/.domtool/hcoop.net` to add the new DNS entry, using `HOSTNAME_ip` | 1. Edit `/afs/hcoop.net/user/h/hc/hcoop/.domtool/hcoop.net` to add a DNS entry for `$HOST.hcoop.net`, using `HOSTNAME_ip` |
| Line 26: | Line 26: |
| * domtool node [[DomTool/Installation]] / configure for services (firewall, ...) * Add to Kerberos SetupNewMachines#ConfigureSSHServer |
To control the node with DomTool minimally: * Add to `Config.nodeIps` * Add to `Config.Firewall.firewallNodes` If you are configuring the node for a specific purpose, you'll need to add it to more configuration. See the DomTool documentation where it exists. Prepare DomTool for deployment: [[DomTool/Installation]]. Enable mail routing by adding to exim configuration on the mail server (unless [[https://bugzilla.hcoop.net/show_bug.cgi?id=939|Bug 939]] has been fixed, in which case update this documentation with the domtool managed procedure). In the exim config directory: * `update-exim4.conf.conf`: Add to `dc_other_hostnames` and `dc_relay_nets` * `conf.d/main/01_exim4-config_listmacrosdefs.conf`: Add to `unix_domains` * Run `update-exim4.conf` Add the server key to Kerberos. At the `kadmin` console (`$SERVER` is the fully qualified domain name): {{{ add_principal -randkey host/$SERVER@HCOOP.NET }}} Update `create-user` to synchronize keytabs to the new node. Create `WebNode` for portal according to [[DaemonAdmin/Portal]] |
Before proceeding with the AutomatedSystemInstall new nodes must be added to HCoop's infrastructure.
1. Network
After deciding on the host name through a poll of the members:
Allocate an addresses from the free list on IpAddresses (and update the page!)
- Using the peer1 request portal, add a reverse dns mapping to the hostname
- You cannot install the machine until the reverse dns mapping has been created; various services rely on the rdns mapping to behave correctly.
Add basic node information to DomTool config
Edit /afs/hcoop.net/common/etc/domtool/lib/hcoop.dtl and add definition for HOSTNAME_ip
Edit /afs/hcoop.net/user/h/hc/hcoop/.domtool/hcoop.net to add a DNS entry for $HOST.hcoop.net, using HOSTNAME_ip
Apply DomTool configuration (run DOMTOOL_USER=hcoop domtool hcoop.net)
Synchronize DomTool library with source code git repository
2. Documentation
Add the machine to the Hardware page. KernelVirtualMachines go into a sub-section of their current physical node. Note any relevant information such as the resources available for the node, intended purpose, etc.
Make sure the machine is listed on the IpAddresses page.
After install, update the notes with any quirks of the install (ideally: none, but reality is a work in progress).
3. Add to Infrastructure
To control the node with DomTool minimally:
Add to Config.nodeIps
Add to Config.Firewall.firewallNodes
If you are configuring the node for a specific purpose, you'll need to add it to more configuration. See the DomTool documentation where it exists.
Prepare DomTool for deployment: DomTool/Installation.
Enable mail routing by adding to exim configuration on the mail server (unless Bug 939 has been fixed, in which case update this documentation with the domtool managed procedure). In the exim config directory:
update-exim4.conf.conf: Add to dc_other_hostnames and dc_relay_nets
conf.d/main/01_exim4-config_listmacrosdefs.conf: Add to unix_domains
Run update-exim4.conf
Add the server key to Kerberos. At the kadmin console ($SERVER is the fully qualified domain name):
add_principal -randkey host/$SERVER@HCOOP.NET
Update create-user to synchronize keytabs to the new node.
Create WebNode for portal according to DaemonAdmin/Portal