wiki:install_kvm

Version 37 (modified by Ross, 7 years ago) (diff)

--

This page documents the procedure for creating a new KVM guest on a mayfirst server.

Creating a new KVM guest

In these direcitons, the host (or <hostname>) refers to the name of the kvm host computer (e.g. negri, or bolivar, etc.). The guest (or <guestname>) refers to the name of the virtualized server you are creating. The examples use negri as the host and hay as the guest.

Initial steps

  • Pick an activist to name the server after. Find the wikipedia page (or a similar page) describing your activist.
  • Edit the ip allocation wiki page, assigning yourself a new IP address
  • Add a Host record in the May First/People Link -> mayfirst.org -> DNS section of the control panel matching your server name with the IP you have allocated for it.
  • Copy an existing puppet node file, preferably one from the same host, naming it after your activist (pick either the first or last name of the activist, up to you)
    • Replace all instances of the old guest name with your new guest name and change the namesake URL and description text and anything else (be sure that the onsite/rdiff-backup server is in the same colo center as the server you are creating).
    • Replace the IP address in the nagios stanza with the correct IP address
  • Edit the puppet configuration file for the host server. Copy an existing m_kvm::guest stanza, replacing values as needed
  • commit changes to the puppet repo and git push to the host machine

While root on the host machine

  • Create a symlink to the ISO in the newly created user's home directory...
    ln -s /usr/local/share/ISOs/<guestname>.iso /home/<guestname>/vms/<guestname>/cd.iso
    
  • Add access to the new guest to all root users:
    cat /root/.monkeysphere/authorized_user_ids >> /home/<guestname>/.monkeysphere/authorized_user_ids
    monkeysphere-authentication update-users <guestname>
    
  • Start the new guest
    update-service --add /etc/sv/kvm/<guestname>
    
  • Remove the symlink to the ISO in the newly created user's home directory...
    rm /home/<guestname>/vms/<guestname>/cd.iso
    

While logged in as <guestname>@<host>

  • Enter the screen session:
    screen -x
    
  • Press enter to start the install. Confirm the disk format.
  • Afer installation, Login with root and no password
  • The preseed file will leave all leftover space on the disk in a logical volume called "delete". You can remove this logical volume with:
    lvremove vg_<guestname>0/delete
    
  • Replace <guestname> with the name of the server, e.g.:
    lvremove vg_hay0/delete
    
  • To create one or more new volumes from the remaining free space
    lvcreate --size <size> -n <logical-volume-name> vg_<guestname>0
    
    E.g.
    lvcreate --size 80G -n home vg_goldman0
    lvcreate --size 10G -n var.lib.mysql vg_goldman0
    
  • Edit fstab with the mount point(s) for the new logical volume(s)
    /dev/mapper/vg_<guestname>0-<logical-volume-name>  <mount point>  <type>  <options>  <dump>  <pass>
    
    E.g.
    /dev/mapper/vg_goldman0-home     /home     ext3     defaults,relatime,nosuid,nodev   0     2
    /dev/mapper/vg_goldman0-var.lib.mysql     /var/lib/mysql     ext3     defaults,relatime   0     2
    

You may need to create a file system for the new volume group.

mkfs.ext3 /dev/mapper/vg_<guestname>0-<logical-volume-name>
  • Mount the new logical volume(s). This will test the syntax of fstab to ensure successful mount(s) on the next reboot.
    mount <mount point>
    
    E.g.
    mount /home
    mount /var/lib/mysql
    
  • Set the root password. Generate one locally with pwgen.
  • Record new password in MFPL keyringer
  • Check the ssh host fingerprint (for comparison during steps below)
    ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
    

While in your puppet conf directory on your local machine

  • Setup a remote for the new server:
    freepuppet-helper gsr:<guestname>
    
  • Initialize the new server for puppet with:
    freepuppet-helper is:<guestname>
    
  • Push git repo to guest:
    freepuppet-helper gp:<guestname>
    
    • If you get errors during this process, which is likely--they show up in some attention grabbing color, purple for me--rerun the process with the following:
      freepuppet-helper pr:<guestname>
      
  • Sign host key:
    freepuppet-helper shgk:<guestname>
    
  • Sign root user key:
    freepuppet-helper srgk:<guestname>
    
  • Push changes to the nagios server and to each of the backup servers

NOTE: We have experienced errors with backup servers syncing. Please see ticket:5455#comment:3 if you see errors syncing backups.

freepuppet-helper gp:jojobe
freepuppet-helper gp:<onsite-backup-server>
freepuppet-helper gp:<offsite-backup-server>
  • Restart the server!

MOSH servers

If you are installing a MOSH server:

  • Grant access to the Control panel database, from your local machine:
    freepuppet-helper rda:<guestname>
    
  • Add the server to the red_server table in the red/seso database. Setting accepting = 1 will enable it to show up in the drop down list for everyone:
    ssh root@hay.mayfirst.org mysql -e "INSERT INTO red_server SET server = '<guestname>.mayfirst.org', accepting = 1" seso
    
  • Purchase an SSL certificate from http://rapidssl.com/. The certificate signing request will already be generated by puppet and is on the guest server in /etc/ssl/<guestname>.mayfirst.org.csr.
  • Once you have the certificate:
    • remove the symlink /etc/ssl/<guestname>.mayfirst.org.crt
    • create a new file with the same name containing the cert and the intermediate cert.
    • remove the symlink /etc/ssl/private/<guestname>.mayfirst.org.pem.
    • rename /etc/ssl/private/<guestname>.mayfirst.org.key.uncertified to /etc/ssl/private/<guestname>.mayfirst.org.pem
    • add the cert and intermediate cert to this file (courier needs both the key and cert in the same file