V2 and MAPS Setup in Production

V2Master - V2Deployment

• Contents

  1. V2 and MAPS Setup in Production
  2. Introduction
  3. Installation of zg-2.softxs.ch
     1. Hardware
     2. Disk Partitions
     3. Memory Stick Preparation
     4. Unbuntu Installation
     5. Post Installation Config
     6. Software RAID Setup
        1. Warning
        2. Procedure
        3. Useful Commands for RAID Management
     7. Puppet Installation

This Page Is Incomplete

Introduction

This pages describe how to setup MAPS and V2 systems in a production environment such that MAPS is used for authentication management for V2 systems.

Two use cases are considered:

1. Installation of prototype systems
2. Installation of a true customer facing production system

Installation of zg-2.softxs.ch

Hardware

1. 2 x Intel Xeon E5504, 2.0 GHz, e.g. 2 x quad-core
2. 32 GB Main Memory

3. 500 GB SSD, Samsung SSD 840

4. 2 x 4 TB disk drives, WDC WD4001FAEX-0

5. Ensure VT-x is enabled in the BIOS

Disk Partitions

Memory Stick Preparation

1. Download Ubuntu Server 16.04.2 LTS

   • http://releases.ubuntu.com/16.04

2. Use lsblk command to find USB device

3. Command to download and copy of memory stick:

   cd /home/backup
   wget http://releases.ubuntu.com/16.04/ubuntu-16.04.2-server-amd64.iso
   dd bs=4M if=ubuntu-16.04.2-server-amd64.iso of=/dev/sdd

4. Memory stick should boot

Unbuntu Installation

1. Boot from Memory Stick

2. Language: English (install language)

3. Install: Install Ubuntu Server

4. Language: English

5. Location: Other --> Europe --> Switzerland

6. Configure Locales: United States en_US.UTF-8

7. Configure keyboard: English (US) --> English (US)

8. Ethernet:

   enp0s25 <-- Select this one (where cable is plugged in)
   enp1s0

9. Hostname: zg-2

10. User:

    • Full name: Alan Hodgkinson

    • User name: alan

    • Password: *****

11. Encrypt home directory: No

12. Time zone: Europe/Zurich

13. Partitions:

    • Unmount Partitions in use: Yes (/dev/sdb)

14. Partition disks: Manually

    SCSI1 (0,0,0) sda
        #1    4 TB    
    
    SCSI1 (0,1,0) sdb
        Part. Label          Size   Mount Point    Types/Notes
        -------------------------------------------------------------
        #1    zg2_boot       1 GB   /boot          ext4, bootable
        #2    N/A           16 GB   swap
        #3    zg2_root      16 GB   /              ext4    
        #4    zg2_tmp       32 GB   /tmp           ext4    
        #5    zg2_home     435 GB   /home          ext4    
    
    SCSI2 (0,0,0) sdc
        #1    4 TB   

15. System installed...

16. Configure Package Manager: HTTP Proxy: none

17. Configuring toolset: No automatic updates

    1. Software Selection: Select the following (leave everything else unselected):

       • Open SSH server

       • Standard system utilities

18. Install GRUB boot loader on hard disk: Yes, /dev/sdb, SAMSUNG_SSD_...

Post Installation Config

1. Login on console as alan and sudo bash

2. Set root passwd
3. Allow root SSH login:

   vi /etc/ssh/sshd_config
   # Change
   PermitRootLogin prohibit-password
   # To
   PermitRootLogin yes
   :x
   
   service sshd restart

4. Setup Networking
   • Interfaces

     cd /etc/network
     cat interfaces
     ... 
     # The primary network interface
     auto enp0s25
     iface enp0s25 inet static
             address 94.231.88.101
             netmask 255.255.255.240
             network 94.231.88.96
             broadcast 94.231.88.111
             gateway 94.231.88.99
             #dns-nameservers 94.231.88.100 94.231.88.102
             dns-nameservers 127.0.0.1
             dns-search softxs.ch

   • Hostname

     cat /etc/hostname
     127.0.0.1   localhost
     127.0.1.1   zg-2.softxs.ch zg-2
     94.231.88.101       zg-2.softxs.ch zg-2
     
     # The following lines are desirable for IPv6 capable hosts
     ::1     localhost ip6-localhost ip6-loopback
     ff02::1 ip6-allnodes
     ff02::2 ip6-allrouters

Software RAID Setup

Warning

• You must create the RAID components from partitions, rather than entire devices.
  • E.g. use '/dev/sda1' not '/dev/sda'.
• When you use the device names, the procedure works, but the RAID filesystem disappears after a reboot

• See: http://askubuntu.com/questions/741994/raid5-disappears-after-reboot

Procedure

1. See which devices should be used

   lsblk
   NAME    MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
   sda       8:0    0   3.7T  0 disk  
   `-sda1    8:1    0   3.7T  0 part          <--- This is one RAID device
   sdb       8:16   0 465.8G  0 disk  
   |-sdb1    8:17   0   953M  0 part  /boot
   |-sdb2    8:18   0  14.9G  0 part  [SWAP]
   |-sdb3    8:19   0  14.9G  0 part  /
   |-sdb4    8:20   0     1K  0 part  
   |-sdb5    8:21   0  29.8G  0 part  /tmp
   `-sdb6    8:22   0 405.2G  0 part  /home
   sdc       8:32   0   3.7T  0 disk  
   `-sdc1    8:33   0   3.7T  0 part          <--- This is the other RAID device

2. Ensure no existing RAID partition present
   • Note: The 2 x 4TB disks contained RAID partitions from a previously installed Unbuntu 12.04 LTS system

   mdadm --stop --force /dev/md0
     mdadm: stopped /dev/md0
   
   mdadm --fail /dev/md0
   
   mdadm --remove /dev/md0 /dev/sda
   
   mdadm --remove /dev/md0 /dev/sdc
   
   cat /proc/mdstat
     Personalities : [raid1] [linear] [multipath] [raid0] [raid6] [raid5] [raid4] [raid10]
     unused devices: <none>
   
   mdadm --zero-superblock /dev/sda1   # This is critical, if the devices have
   mdadm --zero-superblock /dev/sdc1   #   been previously used as RAID components

3. Setup the new RAID partition
   • Note: Use '/dev/sda1 /dev/sdc1' not '/dev/sda /dev/sdc'

   • See: http://www.ducea.com/2009/03/08/mdadm-cheat-sheet

   mdadm --create --verbose /dev/md0 --level=1 --raid-devices=2 /dev/sda1 /dev/sdc1
   
   mdadm --examine --scan --config=mdadm.conf
   ARRAY /dev/md/0  metadata=1.2 UUID=9f1f7269:051e8a26:0fc08997:aab6d251 name=zg-2:0
   
   vi /etc/mdadm/mdadm.conf
   # Add the following
   ARRAY /dev/md/0  metadata=1.2 UUID=9f1f7269:051e8a26:0fc08997:aab6d251 name=zg-2:0
   :x  

4. Update etc/fstab and create file system and mount point

   vi /etc/fstab
   # Add the following:
   # 2 x 4TB RAID
   /dev/md0 /v01 ext4 defaults,nofail,discard 0 2
   :x
   
   mkfs.ext4 -F /dev/md0
   
   mkdir /vo1

5. Write ramfs to disk to ensure. This step is critical!

   update-initramfs -u

Useful Commands for RAID Management

1. What Disk & RAID partitions

   • Note: md0 is build from sda1 & sdc1 and should be mounted on /v01

   lsblk -o NAME,SIZE,FSTYPE,TYPE,MOUNTPOINT
   NAME      SIZE FSTYPE            TYPE  MOUNTPOINT
   sda       3.7T zfs_member        disk
   └─sda1    3.7T linux_raid_member part
     └─md0   3.7T ext4              raid1
   sdb     465.8G                   disk
   ├─sdb1    953M ext4              part  /boot
   ├─sdb2   14.9G swap              part  [SWAP]
   ├─sdb3   14.9G ext4              part  /
   ├─sdb4      1K                   part
   ├─sdb5   29.8G ext4              part  /tmp
   └─sdb6  405.2G ext4              part  /home
   sdc       3.7T zfs_member        disk
   └─sdc1    3.7T linux_raid_member part
     └─md0   3.7T ext4              raid1

2. State of RAID partition

   mdadm --detail /dev/md0
   /dev/md0:
           Version : 1.2 
     Creation Time : Sat Jan  4 12:38:45 2014
        Raid Level : raid1
        Array Size : 3906885440 (3725.90 GiB 4000.65 GB) 
     Used Dev Size : 3906885440 (3725.90 GiB 4000.65 GB) 
      Raid Devices : 2 
     Total Devices : 2 
       Persistence : Superblock is persistent
   
       Update Time : Wed Mar 22 18:41:51 2017
             State : clean, resyncing
    Active Devices : 2 
   Working Devices : 2 
    Failed Devices : 0 
     Spare Devices : 0 
   
     Resync Status : 50% complete
   
              Name : skuld:0
              UUID : beea1d17:495df676:643ce455:8fc966de
            Events : 67
   
       Number   Major   Minor   RaidDevice State
          0       8        1        0      active sync   /dev/sda1
          1       8       33        1      active sync   /dev/sdc1

3. Disk information

   fdisk -l
   ... 
   Disk /dev/sda: 3.7 TiB, 4000787030016 bytes, 7814037168 sectors
   Units: sectors of 1 * 512 = 512 bytes
   Sector size (logical/physical): 512 bytes / 512 bytes
   I/O size (minimum/optimal): 512 bytes / 512 bytes
   Disklabel type: gpt 
   Disk identifier: 7C8CD71C-D6FF-402F-A2B9-0DD3E3D75734
       
   Device     Start        End    Sectors  Size Type
   /dev/sda1   2048 7814035455 7814033408  3.7T Microsoft basic data
       
       
   Disk /dev/sdb: 465.8 GiB, 500107862016 bytes, 976773168 sectors
   Units: sectors of 1 * 512 = 512 bytes
   Sector size (logical/physical): 512 bytes / 512 bytes
   I/O size (minimum/optimal): 512 bytes / 512 bytes
   Disklabel type: dos 
   Disk identifier: 0x000c8d26
   
   Device     Boot     Start       End   Sectors   Size Id Type
   /dev/sdb1  *         2048   1953791   1951744   953M 83 Linux
   /dev/sdb2         1953792  33204223  31250432  14.9G 82 Linux swap / Solaris
   /dev/sdb3        33204224  64454655  31250432  14.9G 83 Linux
   /dev/sdb4        64456702 976771071 912314370   435G  5 Extended
   /dev/sdb5        64456704 126955519  62498816  29.8G 83 Linux
   /dev/sdb6       126957568 976771071 849813504 405.2G 83 Linux
   
   
   Disk /dev/sdc: 3.7 TiB, 4000787030016 bytes, 7814037168 sectors
   Units: sectors of 1 * 512 = 512 bytes
   Sector size (logical/physical): 512 bytes / 512 bytes
   I/O size (minimum/optimal): 512 bytes / 512 bytes
   Disklabel type: gpt 
   Disk identifier: BEC07DAE-E3F4-4F8D-908A-1425F2A31BB5
   
   Device     Start        End    Sectors  Size Type
   /dev/sdc1   2048 7814035455 7814033408  3.7T Microsoft basic data
   
   
   Disk /dev/md0: 3.7 TiB, 4000650887168 bytes, 7813771264 sectors
   Units: sectors of 1 * 512 = 512 bytes
   Sector size (logical/physical): 512 bytes / 512 bytes
   I/O size (minimum/optimal): 512 bytes / 512 bytes

Puppet Installation