Version 38 (modified by Ross, 10 years ago) (diff)


This page documents the procedure for creating a new KVM guest on a mayfirst server.

Creating a new KVM guest

In these direcitons, the host (or <hostname>) refers to the name of the kvm host computer (e.g. negri, or bolivar, etc.). The guest (or <guestname>) refers to the name of the virtualized server you are creating. The examples use negri as the host and hay as the guest.

Initial steps

  • Pick an activist to name the server after. Find the wikipedia page (or a similar page) describing your activist.
  • Edit the ip allocation wiki page, assigning yourself a new IP address
  • Add a Host record in the May First/People Link -> -> DNS section of the control panel matching your server name with the IP you have allocated for it.
  • Copy an existing puppet node file, preferably one from the same host, naming it after your activist (pick either the first or last name of the activist, up to you)
    • Replace all instances of the old guest name with your new guest name and change the namesake URL and description text and anything else (be sure that the onsite/rdiff-backup server is in the same colo center as the server you are creating).
    • Replace the IP address in the nagios stanza with the correct IP address
  • Edit the puppet configuration file for the host server. Copy an existing m_kvm::guest stanza, replacing values as needed
  • commit changes to the puppet repo and git push to the host machine

While root on the host machine

  • Create a symlink to the ISO in the newly created user's home directory...
    ln -s /usr/local/share/ISOs/<guestname>.iso /home/<guestname>/vms/<guestname>/cd.iso
  • Add access to the new guest to all root users:
    cat /root/.monkeysphere/authorized_user_ids >> /home/<guestname>/.monkeysphere/authorized_user_ids
    monkeysphere-authentication update-users <guestname>
  • Start the new guest
    update-service --add /etc/sv/kvm/<guestname>
  • Remove the symlink to the ISO in the newly created user's home directory...
    rm /home/<guestname>/vms/<guestname>/cd.iso

While logged in as <guestname>@<host>

  • Enter the screen session:
    screen -x
  • Press enter to start the install. Confirm the disk format.
  • Afer installation, Login with root and no password
  • The preseed file will leave all leftover space on the disk in a logical volume called "delete". You can remove this logical volume with:
    lvremove vg_<guestname>0/delete
  • Replace <guestname> with the name of the server, e.g.:
    lvremove vg_hay0/delete
  • To create one or more new volumes from the remaining free space
    lvcreate --size <size> -n <logical-volume-name> vg_<guestname>0
    lvcreate --size 80G -n home vg_goldman0
    lvcreate --size 10G -n var.lib.mysql vg_goldman0
  • Edit fstab with the mount point(s) for the new logical volume(s)
    /dev/mapper/vg_<guestname>0-<logical-volume-name>  <mount point>  <type>  <options>  <dump>  <pass>
    /dev/mapper/vg_goldman0-home     /home     ext3     defaults,relatime,nosuid,nodev   0     2
    /dev/mapper/vg_goldman0-var.lib.mysql     /var/lib/mysql     ext3     defaults,relatime   0     2

You may need to create a file system for the new volume group.

mkfs.ext3 /dev/mapper/vg_<guestname>0-<logical-volume-name>
  • Mount the new logical volume(s). This will test the syntax of fstab to ensure successful mount(s) on the next reboot.
    mount <mount point>
    mount /home
    mount /var/lib/mysql
  • Set the root password. Generate one locally with pwgen.
  • Record new password in MFPL keyringer
  • Check the ssh host fingerprint (for comparison during steps below)
    ssh-keygen -l -f /etc/ssh/

While in your puppet conf directory on your local machine

  • Setup a remote for the new server:
    freepuppet-helper gsr:<guestname>
  • Initialize the new server for puppet with:
    freepuppet-helper is:<guestname>
  • Push git repo to guest:
    freepuppet-helper gp:<guestname>
    • If you get errors during this process, which is likely--they show up in some attention grabbing color, purple for me--rerun the process with the following:
      freepuppet-helper pr:<guestname>
  • Sign host key:
    freepuppet-helper shgk:<guestname>
  • Sign root user key:
    freepuppet-helper srgk:<guestname>
  • Push changes to the nagios server and to each of the backup servers

NOTE: We have experienced errors with backup servers syncing. Please see ticket:5455#comment:3 if you see errors syncing backups.

freepuppet-helper gp:jojobe
freepuppet-helper gp:<onsite-backup-server>
freepuppet-helper gp:<offsite-backup-server>
  • Restart the server!

MOSH servers

If you are installing a MOSH server:

  • Grant access to the Control panel database, from your local machine:
    freepuppet-helper rda:<guestname>
  • Add the server to the red_server table in the red/seso database. Setting accepting = 1 will enable it to show up in the drop down list for everyone:
    ssh mysql -e "INSERT INTO red_server SET server = '<guestname>', accepting = 1" seso
  • Purchased and install the cert (purchased via using our login in keyringer and paying via our paypal account, also in keyringer). The certificate signing request will already be generated by puppet and is on the guest server in /etc/ssl/<guestname>
  • Once you have the certificate:
    • remove the symlink /etc/ssl/<guestname>
    • create a new file with the same name containing the cert and the intermediate cert.
    • remove the symlink /etc/ssl/private/<guestname>
    • rename /etc/ssl/private/<guestname> to /etc/ssl/private/<guestname>
    • add the cert and intermediate cert to this file (courier needs both the key and cert in the same file