This page documents the procedure for creating a new KVM guest on a mayfirst server. = Creating a new KVM guest = In these direcitons, the host (or ) refers to the name of the kvm host computer (e.g. negri, or bolivar, etc.). The guest (or ) refers to the name of the virtualized server you are creating. The examples use negri as the host and hay as the guest. == Initial steps == * Pick an activist to name the server after. Find the wikipedia page (or a similar page) describing your activist. * Edit the [wiki:ip_allocation ip allocation] wiki page, assigning yourself a new IP address * Add a Host record in the May First/People Link -> mayfirst.org -> DNS section of the control panel matching your server name with the IP you have allocated for it. * Copy an existing puppet node file, preferably one from the same host, naming it after your activist (pick either the first or last name of the activist, up to you) * Replace all instances of the old guest name with your new guest name and change the namesake URL and description text and anything else (be sure that the onsite/rdiff-backup server is in the same colo center as the server you are creating). * Replace the IP address in the nagios stanza with the correct IP address * Edit the puppet configuration file for the host server. Copy an existing m_kvm::guest stanza, replacing values as needed * commit changes to the puppet repo and git push to the host machine == While root on the host machine == * Create a symlink to the ISO in the newly created user's home directory... {{{ ln -s /usr/local/share/ISOs/.iso /home//vms//cd.iso }}} * Add access to the new guest to all root users: {{{ cat /root/.monkeysphere/authorized_user_ids >> /home//.monkeysphere/authorized_user_ids monkeysphere-authentication update-users }}} * Start the new guest {{{ update-service --add /etc/sv/kvm/ }}} * Remove the symlink to the ISO in the newly created user's home directory... {{{ rm /home//vms//cd.iso }}} == While logged in as @ == * Enter the screen session: {{{ screen -x }}} * Press enter to start the install. Confirm the disk format. * Afer installation, Login with root and no password * The preseed file will leave all leftover space on the disk in a logical volume called "delete". You can remove this logical volume with: {{{ lvremove vg_0/delete }}} * Replace with the name of the server, e.g.: {{{ lvremove vg_hay0/delete }}} * To create one or more new volumes from the remaining free space {{{ lvcreate --size -n vg_0 }}} E.g. {{{ lvcreate --size 80G -n home vg_goldman0 lvcreate --size 10G -n var.lib.mysql vg_goldman0 }}} * Edit fstab with the mount point(s) for the new logical volume(s) {{{ /dev/mapper/vg_0- }}} E.g. {{{ /dev/mapper/vg_goldman0-home /home ext3 defaults,relatime,nosuid,nodev 0 2 /dev/mapper/vg_goldman0-var.lib.mysql /var/lib/mysql ext3 defaults,relatime 0 2 }}} You may need to create a file system for the new volume group. {{{ mkfs.ext3 /dev/mapper/vg_0- }}} * Mount the new logical volume(s). This will test the syntax of fstab to ensure successful mount(s) on the next reboot. {{{ mount }}} E.g. {{{ mount /home mount /var/lib/mysql }}} * Set the root password. Generate one locally with pwgen. * Record new password in MFPL [wiki:keyringer keyringer] * Check the ssh host fingerprint (for comparison during steps below) {{{ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub }}} == While in your puppet conf directory on your local machine == * Setup a remote for the new server: {{{ freepuppet-helper gsr: }}} * Initialize the new server for puppet with: {{{ freepuppet-helper is: }}} * Push git repo to guest: {{{ freepuppet-helper gp: }}} * If you get errors during this process, which is likely--they show up in some attention grabbing color, purple for me--rerun the process with the following: {{{ freepuppet-helper pr: }}} * Sign host key: {{{ freepuppet-helper shgk: }}} * Sign root user key: {{{ freepuppet-helper srgk: }}} * Push changes to the nagios server and to each of the backup servers {{{ freepuppet-helper gp:jojobe freepuppet-helper gp: freepuppet-helper gp: }}} * Restart the server! == MOSH servers == If you are installing a MOSH server: * Grant access to the Control panel database, from your local machine: {{{ freepuppet-helper rda: }}} * Add the server to the red_server table in the red/seso database. Setting accepting = 1 will enable it to show up in the drop down list for everyone: {{{ ssh root@hay.mayfirst.org mysql -e "INSERT INTO red_server SET server = '.mayfirst.org', accepting = 1" seso }}} * Purchase an SSL certificate from http://rapidssl.com/. The certificate signing request will already be generated by puppet and is on the guest server in /etc/ssl/.mayfirst.org.csr. * Once you have the certificate: * remove the symlink /etc/ssl/.mayfirst.org.crt * create a new file with the same name containing the cert and the intermediate cert. * remove the symlink /etc/ssl/private/.mayfirst.org.pem. * rename /etc/ssl/private/.mayfirst.org.key.uncertified to /etc/ssl/private/.mayfirst.org.pem * add the cert and intermediate cert to this file (courier needs both the key and cert in the same file