V2 and MAPS Setup in Production
This Page Is Incomplete
Introduction
This pages describe how to setup MAPS and V2 systems in a production environment such that MAPS is used for authentication management for V2 systems.
Two use cases are considered:
- Installation of prototype systems
- Installation of a true customer facing production system
Installation of zg-2.softxs.ch
Hardware
- 2 x Intel Xeon E5504, 2.0 GHz, e.g. 2 x quad-core
- 32 GB Main Memory
500 GB SSD, Samsung SSD 840
2 x 4 TB disk drives, WDC WD4001FAEX-0
Ensure VT-x is enabled in the BIOS
Disk Partitions
Memory Stick Preparation
- Download Ubuntu Server 16.04.2 LTS
Use lsblk command to find USB device
- Command to download and copy of memory stick:
cd /home/backup wget http://releases.ubuntu.com/16.04/ubuntu-16.04.2-server-amd64.iso dd bs=4M if=ubuntu-16.04.2-server-amd64.iso of=/dev/sdd
- Memory stick should boot
Unbuntu Installation
- Boot from Memory Stick
Language: English (install language)
Install: Install Ubuntu Server
Language: English
Location: Other --> Europe --> Switzerland
Configure Locales: United States en_US.UTF-8
Configure keyboard: English (US) --> English (US)
- Ethernet:
enp0s25 <-- Select this one (where cable is plugged in) enp1s0
Hostname: zg-2
- User:
Full name: Alan Hodgkinson
User name: alan
Password: *****
Encrypt home directory: No
Time zone: Europe/Zurich
- Partitions:
Unmount Partitions in use: Yes (/dev/sdb)
Partition disks: Manually
SCSI1 (0,0,0) sda #1 4 TB SCSI1 (0,1,0) sdb Part. Label Size Mount Point Types/Notes ------------------------------------------------------------- #1 zg2_boot 1 GB /boot ext4, bootable #2 N/A 16 GB swap #3 zg2_root 16 GB / ext4 #4 zg2_tmp 32 GB /tmp ext4 #5 zg2_home 435 GB /home ext4 SCSI2 (0,0,0) sdc #1 4 TBSystem installed...
Configure Package Manager: HTTP Proxy: none
Configuring toolset: No automatic updates
- Software Selection: Select the following (leave everything else unselected):
Open SSH server
Standard system utilities
- Software Selection: Select the following (leave everything else unselected):
Install GRUB boot loader on hard disk: Yes, /dev/sdb, SAMSUNG_SSD_...
Post Installation Config
Login on console as alan and sudo bash
- Set root passwd
- Allow root SSH login:
vi /etc/ssh/sshd_config # Change PermitRootLogin prohibit-password # To PermitRootLogin yes :x service sshd restart
- Setup Networking
- Interfaces
cd /etc/network cat interfaces ... # The primary network interface auto enp0s25 iface enp0s25 inet static address 94.231.88.101 netmask 255.255.255.240 network 94.231.88.96 broadcast 94.231.88.111 gateway 94.231.88.99 #dns-nameservers 94.231.88.100 94.231.88.102 dns-nameservers 127.0.0.1 dns-search softxs.ch - Hostname
cat /etc/hostname 127.0.0.1 localhost 127.0.1.1 zg-2.softxs.ch zg-2 94.231.88.101 zg-2.softxs.ch zg-2 # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters
- Interfaces
Software RAID Setup
Warning
- You must create the RAID components from partitions, rather than entire devices.
- E.g. use '/dev/sda1' not '/dev/sda'.
- When you use the device names, the procedure works, but the RAID filesystem disappears after a reboot
See: http://askubuntu.com/questions/741994/raid5-disappears-after-reboot
Procedure
- See which devices should be used
lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 3.7T 0 disk `-sda1 8:1 0 3.7T 0 part <--- This is one RAID device sdb 8:16 0 465.8G 0 disk |-sdb1 8:17 0 953M 0 part /boot |-sdb2 8:18 0 14.9G 0 part [SWAP] |-sdb3 8:19 0 14.9G 0 part / |-sdb4 8:20 0 1K 0 part |-sdb5 8:21 0 29.8G 0 part /tmp `-sdb6 8:22 0 405.2G 0 part /home sdc 8:32 0 3.7T 0 disk `-sdc1 8:33 0 3.7T 0 part <--- This is the other RAID device
- Ensure no existing RAID partition present
- Note: The 2 x 4TB disks contained RAID partitions from a previously installed Unbuntu 12.04 LTS system
mdadm --stop --force /dev/md0 mdadm: stopped /dev/md0 mdadm --fail /dev/md0 mdadm --remove /dev/md0 /dev/sda mdadm --remove /dev/md0 /dev/sdc cat /proc/mdstat Personalities : [raid1] [linear] [multipath] [raid0] [raid6] [raid5] [raid4] [raid10] unused devices: <none> mdadm --zero-superblock /dev/sda1 # This is critical, if the devices have mdadm --zero-superblock /dev/sdc1 # been previously used as RAID components
- Setup the new RAID partition
- Note: Use '/dev/sda1 /dev/sdc1' not '/dev/sda /dev/sdc'
mdadm --create --verbose /dev/md0 --level=1 --raid-devices=2 /dev/sda1 /dev/sdc1 mdadm --examine --scan --config=mdadm.conf ARRAY /dev/md/0 metadata=1.2 UUID=9f1f7269:051e8a26:0fc08997:aab6d251 name=zg-2:0 vi /etc/mdadm/mdadm.conf # Add the following ARRAY /dev/md/0 metadata=1.2 UUID=9f1f7269:051e8a26:0fc08997:aab6d251 name=zg-2:0 :x
- Update etc/fstab and create file system and mount point
vi /etc/fstab # Add the following: # 2 x 4TB RAID /dev/md0 /v01 ext4 defaults,nofail,discard 0 2 :x mkfs.ext4 -F /dev/md0 mkdir /vo1
Write ramfs to disk to ensure RAID starts correctly after reboot. This step is critical!
update-initramfs -u
Useful Commands for RAID Management
What Disk & RAID partitions
Note: md0 is build from sda1 & sdc1 and should be mounted on /v01
lsblk -o NAME,SIZE,FSTYPE,TYPE,MOUNTPOINT NAME SIZE FSTYPE TYPE MOUNTPOINT sda 3.7T zfs_member disk └─sda1 3.7T linux_raid_member part └─md0 3.7T ext4 raid1 sdb 465.8G disk ├─sdb1 953M ext4 part /boot ├─sdb2 14.9G swap part [SWAP] ├─sdb3 14.9G ext4 part / ├─sdb4 1K part ├─sdb5 29.8G ext4 part /tmp └─sdb6 405.2G ext4 part /home sdc 3.7T zfs_member disk └─sdc1 3.7T linux_raid_member part └─md0 3.7T ext4 raid1
- State of RAID partition
mdadm --detail /dev/md0 /dev/md0: Version : 1.2 Creation Time : Sat Jan 4 12:38:45 2014 Raid Level : raid1 Array Size : 3906885440 (3725.90 GiB 4000.65 GB) Used Dev Size : 3906885440 (3725.90 GiB 4000.65 GB) Raid Devices : 2 Total Devices : 2 Persistence : Superblock is persistent Update Time : Wed Mar 22 18:41:51 2017 State : clean, resyncing Active Devices : 2 Working Devices : 2 Failed Devices : 0 Spare Devices : 0 Resync Status : 50% complete Name : skuld:0 UUID : beea1d17:495df676:643ce455:8fc966de Events : 67 Number Major Minor RaidDevice State 0 8 1 0 active sync /dev/sda1 1 8 33 1 active sync /dev/sdc1 - Disk information
fdisk -l ... Disk /dev/sda: 3.7 TiB, 4000787030016 bytes, 7814037168 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: gpt Disk identifier: 7C8CD71C-D6FF-402F-A2B9-0DD3E3D75734 Device Start End Sectors Size Type /dev/sda1 2048 7814035455 7814033408 3.7T Microsoft basic data Disk /dev/sdb: 465.8 GiB, 500107862016 bytes, 976773168 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0x000c8d26 Device Boot Start End Sectors Size Id Type /dev/sdb1 * 2048 1953791 1951744 953M 83 Linux /dev/sdb2 1953792 33204223 31250432 14.9G 82 Linux swap / Solaris /dev/sdb3 33204224 64454655 31250432 14.9G 83 Linux /dev/sdb4 64456702 976771071 912314370 435G 5 Extended /dev/sdb5 64456704 126955519 62498816 29.8G 83 Linux /dev/sdb6 126957568 976771071 849813504 405.2G 83 Linux Disk /dev/sdc: 3.7 TiB, 4000787030016 bytes, 7814037168 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: gpt Disk identifier: BEC07DAE-E3F4-4F8D-908A-1425F2A31BB5 Device Start End Sectors Size Type /dev/sdc1 2048 7814035455 7814033408 3.7T Microsoft basic data Disk /dev/md0: 3.7 TiB, 4000650887168 bytes, 7813771264 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes
Puppet Setup
- Puppet Installation
REPO_DEB_URL="http://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb" apt-get update repo_deb_path=$(mktemp) wget --output-document=${repo_deb_path} ${REPO_DEB_URL} dpkg -i ${repo_deb_path} apt-get update apt-get install -y puppet puppet --version 3.8.5 - Disable Automatic Running
service puppet stop systemctl disable puppet
- Puppet Configuration
vi /etc/puppet.conf # The the file so that it contains only the following [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter :x
Puppet Test Run & Certificate Setup
- As root@zg-2
puppet agent --test Exiting; no certificate found and waitforcert is disabled
- As root@mgt
puppet cert --list "zg-2.softxs.ch" (SHA256) 33:7E:CE:92:CD:71:21:05:8C:79:83:19:66:A2:7E:1D:78:65:E9:8D:FB:83:42:EF:A5:67:84:65:39:F2:57:A1 puppet cert sign zg-2.softxs.ch Notice: Signed certificate request for zg-2.softxs.ch
- As root@zg-2
puppet agent --enable puppet agent --onetime --no-daemonize --verbose
- As root@zg-2