= V2 and MAPS Setup in Production = '''[[V2Master]]''' - '''[[V2Deployment]]''' <> '''''This Page Is Incomplete''''' = Introduction = This pages describe how to setup MAPS and V2 systems in a production environment such that MAPS is used for authentication management for V2 systems. Two use cases are considered: 1. Installation of prototype systems 1. Installation of a true customer facing production system = Installation of zg-2.softxs.ch = == Hardware == 1. 2 x Intel Xeon E5504, 2.0 GHz, e.g. 2 x quad-core 1. 32 GB Main Memory 1. 500 GB SSD, ''Samsung SSD 840'' 1. 2 x 4 TB disk drives, ''WDC WD4001FAEX-0'' 1. Ensure '''''VT-x''''' is enabled in the BIOS == Disk Partitions == == Memory Stick Preparation == 1. Download Ubuntu Server 16.04.2 LTS * [[http://releases.ubuntu.com/16.04]] 1. Use ''lsblk'' command to find USB device 1. Command to download and copy of memory stick: {{{ cd /home/backup wget http://releases.ubuntu.com/16.04/ubuntu-16.04.2-server-amd64.iso dd bs=4M if=ubuntu-16.04.2-server-amd64.iso of=/dev/sdd }}} 1. Memory stick should boot == Unbuntu Installation == 1. Boot from Memory Stick 1. Language: ''English'' (install language) 1. Install: ''Install Ubuntu Server'' 1. Language: ''English'' 1. Location: ''Other --> Europe --> Switzerland'' 1. Configure Locales: ''United States en_US.UTF-8'' 1. Configure keyboard: ''English (US) --> English (US)'' 1. Ethernet: {{{ enp0s25 <-- Select this one (where cable is plugged in) enp1s0 }}} 1. Hostname: ''zg-2'' 1. User: * Full name: ''Alan Hodgkinson'' * User name: ''alan'' * Password: ''*****'' 1. Encrypt home directory: ''No'' 1. Time zone: ''Europe/Zurich'' 1. Partitions: * Unmount Partitions in use: ''Yes'' (''/dev/sdb'') 1. Partition disks: ''Manually'' {{{ SCSI1 (0,0,0) sda #1 4 TB SCSI1 (0,1,0) sdb Part. Label Size Mount Point Types/Notes ------------------------------------------------------------- #1 zg2_boot 1 GB /boot ext4, bootable #2 N/A 16 GB swap #3 zg2_root 16 GB / ext4 #4 zg2_tmp 32 GB /tmp ext4 #5 zg2_home 435 GB /home ext4 SCSI2 (0,0,0) sdc #1 4 TB }}} 1. ''System installed...'' 1. Configure Package Manager: HTTP Proxy: ''none'' 1. Configuring toolset: ''No automatic updates'' 1. Software Selection: Select the following (leave everything else unselected): * ''Open SSH server'' * ''Standard system utilities'' 1. Install GRUB boot loader on hard disk: ''Yes'', /dev/sdb, SAMSUNG_SSD_... == Post Installation Config == 1. Login on console as ''alan'' and ''sudo bash'' 1. Set root passwd 1. Allow root SSH login: {{{ vi /etc/ssh/sshd_config # Change PermitRootLogin prohibit-password # To PermitRootLogin yes :x service sshd restart }}} 1. Setup Networking * Interfaces {{{ cd /etc/network cat interfaces ... # The primary network interface auto enp0s25 iface enp0s25 inet static address 94.231.88.101 netmask 255.255.255.240 network 94.231.88.96 broadcast 94.231.88.111 gateway 94.231.88.99 #dns-nameservers 94.231.88.100 94.231.88.102 dns-nameservers 127.0.0.1 dns-search softxs.ch }}} * Hostname {{{ cat /etc/hostname 127.0.0.1 localhost 127.0.1.1 zg-2.softxs.ch zg-2 94.231.88.101 zg-2.softxs.ch zg-2 # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters }}} == Software RAID Setup == === Warning === * You must create the RAID components from partitions, rather than entire devices. * E.g. use '/dev/sda1' not '/dev/sda'. * When you use the device names, the procedure works, but the RAID filesystem disappears after a reboot * See: [[http://askubuntu.com/questions/741994/raid5-disappears-after-reboot]] === Procedure === 1. See which devices should be used {{{ lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 3.7T 0 disk `-sda1 8:1 0 3.7T 0 part <--- This is one RAID device sdb 8:16 0 465.8G 0 disk |-sdb1 8:17 0 953M 0 part /boot |-sdb2 8:18 0 14.9G 0 part [SWAP] |-sdb3 8:19 0 14.9G 0 part / |-sdb4 8:20 0 1K 0 part |-sdb5 8:21 0 29.8G 0 part /tmp `-sdb6 8:22 0 405.2G 0 part /home sdc 8:32 0 3.7T 0 disk `-sdc1 8:33 0 3.7T 0 part <--- This is the other RAID device }}} 1. Ensure no existing RAID partition present * Note: The 2 x 4TB disks contained RAID partitions from a previously installed Unbuntu 12.04 LTS system {{{ mdadm --stop --force /dev/md0 mdadm: stopped /dev/md0 mdadm --fail /dev/md0 mdadm --remove /dev/md0 /dev/sda mdadm --remove /dev/md0 /dev/sdc cat /proc/mdstat Personalities : [raid1] [linear] [multipath] [raid0] [raid6] [raid5] [raid4] [raid10] unused devices: mdadm --zero-superblock /dev/sda1 # This is critical, if the devices have mdadm --zero-superblock /dev/sdc1 # been previously used as RAID components }}} 1. Setup the new RAID partition * Note: Use '/dev/sda1 /dev/sdc1' not '/dev/sda /dev/sdc' * See: [[http://www.ducea.com/2009/03/08/mdadm-cheat-sheet]] {{{ mdadm --create --verbose /dev/md0 --level=1 --raid-devices=2 /dev/sda1 /dev/sdc1 mdadm --examine --scan --config=mdadm.conf ARRAY /dev/md/0 metadata=1.2 UUID=9f1f7269:051e8a26:0fc08997:aab6d251 name=zg-2:0 vi /etc/mdadm/mdadm.conf # Add the following ARRAY /dev/md/0 metadata=1.2 UUID=9f1f7269:051e8a26:0fc08997:aab6d251 name=zg-2:0 :x }}} 1. Update etc/fstab and create file system and mount point {{{ vi /etc/fstab # Add the following: # 2 x 4TB RAID /dev/md0 /v01 ext4 defaults,nofail,discard 0 2 :x mkfs.ext4 -F /dev/md0 mkdir /vo1 }}} 1. Write ramfs to disk to ensure RAID starts correctly after reboot. '''This step is critical!''' {{{ update-initramfs -u }}} === Useful Commands for RAID Management === 1. What Disk & RAID partitions * Note: md0 is build from sda1 & sdc1 and should be mounted on /v01 {{{ lsblk -o NAME,SIZE,FSTYPE,TYPE,MOUNTPOINT NAME SIZE FSTYPE TYPE MOUNTPOINT sda 3.7T zfs_member disk └─sda1 3.7T linux_raid_member part └─md0 3.7T ext4 raid1 sdb 465.8G disk ├─sdb1 953M ext4 part /boot ├─sdb2 14.9G swap part [SWAP] ├─sdb3 14.9G ext4 part / ├─sdb4 1K part ├─sdb5 29.8G ext4 part /tmp └─sdb6 405.2G ext4 part /home sdc 3.7T zfs_member disk └─sdc1 3.7T linux_raid_member part └─md0 3.7T ext4 raid1 }}} 1. State of RAID partition {{{ mdadm --detail /dev/md0 /dev/md0: Version : 1.2 Creation Time : Sat Jan 4 12:38:45 2014 Raid Level : raid1 Array Size : 3906885440 (3725.90 GiB 4000.65 GB) Used Dev Size : 3906885440 (3725.90 GiB 4000.65 GB) Raid Devices : 2 Total Devices : 2 Persistence : Superblock is persistent Update Time : Wed Mar 22 18:41:51 2017 State : clean, resyncing Active Devices : 2 Working Devices : 2 Failed Devices : 0 Spare Devices : 0 Resync Status : 50% complete Name : skuld:0 UUID : beea1d17:495df676:643ce455:8fc966de Events : 67 Number Major Minor RaidDevice State 0 8 1 0 active sync /dev/sda1 1 8 33 1 active sync /dev/sdc1 }}} 1. Disk information {{{ fdisk -l ... Disk /dev/sda: 3.7 TiB, 4000787030016 bytes, 7814037168 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: gpt Disk identifier: 7C8CD71C-D6FF-402F-A2B9-0DD3E3D75734 Device Start End Sectors Size Type /dev/sda1 2048 7814035455 7814033408 3.7T Microsoft basic data Disk /dev/sdb: 465.8 GiB, 500107862016 bytes, 976773168 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0x000c8d26 Device Boot Start End Sectors Size Id Type /dev/sdb1 * 2048 1953791 1951744 953M 83 Linux /dev/sdb2 1953792 33204223 31250432 14.9G 82 Linux swap / Solaris /dev/sdb3 33204224 64454655 31250432 14.9G 83 Linux /dev/sdb4 64456702 976771071 912314370 435G 5 Extended /dev/sdb5 64456704 126955519 62498816 29.8G 83 Linux /dev/sdb6 126957568 976771071 849813504 405.2G 83 Linux Disk /dev/sdc: 3.7 TiB, 4000787030016 bytes, 7814037168 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: gpt Disk identifier: BEC07DAE-E3F4-4F8D-908A-1425F2A31BB5 Device Start End Sectors Size Type /dev/sdc1 2048 7814035455 7814033408 3.7T Microsoft basic data Disk /dev/md0: 3.7 TiB, 4000650887168 bytes, 7813771264 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes }}} == Puppet Setup == 1. Puppet Installation {{{ REPO_DEB_URL="http://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb" apt-get update repo_deb_path=$(mktemp) wget --output-document=${repo_deb_path} ${REPO_DEB_URL} dpkg -i ${repo_deb_path} apt-get update apt-get install -y puppet puppet --version 3.8.5 }}} 1. Disable Automatic Running {{{ service puppet stop systemctl disable puppet }}} 1. Puppet Configuration {{{ vi /etc/puppet.conf # The the file so that it contains only the following [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter :x }}} 1. Puppet Test Run & Certificate Setup * As root@zg-2 {{{ puppet agent --test Exiting; no certificate found and waitforcert is disabled }}} * As root@mgt {{{ puppet cert --list "zg-2.softxs.ch" (SHA256) 33:7E:CE:92:CD:71:21:05:8C:79:83:19:66:A2:7E:1D:78:65:E9:8D:FB:83:42:EF:A5:67:84:65:39:F2:57:A1 puppet cert sign zg-2.softxs.ch Notice: Signed certificate request for zg-2.softxs.ch }}} * As root@zg-2 {{{ puppet agent --enable puppet agent --onetime --no-daemonize --verbose }}}