This page documents the procedure for creating a new KVM guest on a mayfirst server. = Creating a new KVM guest = In these direcitons, the host (or ) refers to the name of the kvm host computer (e.g. negri, or bolivar, etc.). The guest (or ) refers to the name of the virtualized server you are creating. The examples use negri as the host and hay as the guest. == Initial steps == * Pick an activist to name the server after. Find the wikipedia page (or a similar page) describing your activist. * Edit the [wiki:ip_allocation ip allocation] wiki page, assigning yourself a new IP address * Add a Host record in the May First/People Link -> mayfirst.org -> DNS section of the control panel matching your server name with the IP you have allocated for it. * Copy an existing puppet node file, preferably one from the same host, naming it after your activist (pick either the first or last name of the activist, up to you) * Replace all instances of the old guest name with your new guest name and change the namesake URL and description text and anything else (be sure that the onsite/rdiff-backup server is in the same colo center as the server you are creating). * Replace the IP address in the nagios stanza with the correct IP address * Edit the puppet configuration file for the host server. Copy an existing m_kvm::guest stanza, replacing values as needed * commit changes to the puppet repo and git push to the host machine == While root on the host machine == * Fix the permissions of the created ISO file (hopefully this bug will get fixed soon...). {{{ chmod a+r /usr/local/share/ISOs/.iso }}} * Create a symlink to the ISO in the newly created user's home directory... {{{ ln -s /usr/local/share/ISOs/.iso /home//vms//cd.iso }}} * Add access to the new guest to all root users: {{{ cat /root/.monkeysphere/authorized_user_ids >> /home//.monkeysphere/authorized_user_ids monkeysphere-authentication update-users }}} * Start the new guest {{{ update-server --add /etc/sv/kvm/ }}} * Remove the symlink to the ISO in the newly created user's home directory... {{{ rm /home//vms//cd.iso }}} == While logged in as @ == * Enter the screen session: {{{ screen -x }}} * Press enter to start the install. Confirm the disk format. * Afer installation, Login with root and no password * The preseed file will leave all leftover space on the disk in a logical volume called "delete". You can remove this logical volume (so the extra space is available to enlarge other logical volumes): with: {{{ lvremove vg_0/delete }}} Replace with the name of the server, e.g.: {{{ lvremove vg_hay0/delete }}} * Set the root password. Generate one locally with pwgen. * Record new password in MFPL [wiki:keyringer keyringer] * Check the ssh host fingerprint (for comparison during steps below) {{{ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub }}} == While in your puppet conf directory on your local machine == * Setup a remote for the new server: {{{ freepuppet-helper gsr: }}} * Initialize the new server for puppet with: {{{ freepuppet-helper is: }}} * Push git repo to guest: {{{ freepuppet-helper gp: }}} * Sign host key: {{{ freepuppet-helper gshk: }}} * Sign root user key: {{{ freepuppet-helper gsrk: }}} == MOSH servers == If you are installing a MOSH server: * Grant access to the Control panel database, from your local machine: {{{ freepuppet-helper rda: }}} * Purchase an SSL certificate from http://rapidssl.com/. The certificate signing request will already be generated by puppet and is on the guest server in /etc/ssl/.mayfirst.org.csr. * Once you have the certificate: * remove the symlink /etc/ssl/.mayfirst.org.crt * create a new file with the same name containing the cert and the intermediate cert. * remove the symlink /etc/ssl/private/.mayfirst.org.pem. * rename /etc/ssl/private/.mayfirst.org.key.uncertified to /etc/ssl/private/.mayfirst.org.pem * add the cert and intermediate cert to this file (courier needs both the key and cert in the same file