wiki:install_kvm

Version 46 (modified by Jamie McClelland, 8 years ago) (diff)

--

This page documents the procedure for creating a new KVM guest on a mayfirst server. To decommission a server see this faq

Creating a new KVM guest

In these direcitons, the host (or <hostname>) refers to the name of the kvm host computer (e.g. negri, or bolivar, etc.). The guest (or <guestname>) refers to the name of the virtualized server you are creating. The examples use negri as the host and hay as the guest.

Initial steps

  • Pick an activist to name the server after. Find the wikipedia page (or a similar page) describing your activist.
  • Edit the ip allocation wiki page, assigning yourself a new IP address
  • Add a Host record in the May First/People Link -> mayfirst.org -> DNS section of the control panel matching your server name with the IP you have allocated for it.
  • Make sure there is an open ticket for creating the new server. The ticket should be tagged with "new-server."
  • Goto http://servers.mayfirst.org find the physical host page, scroll to the bottom and click "Add guest server," and fill in the details and click save.
  • Create Manifest file
    • If you are building a Standard MOSH, from the server page, click "Generate Manifest," add the name sake and click the "Generate Manifest" button. Copy the contents of the output into a manifest.pp file in your puppet repository, or
    • Copy an existing puppet node file, preferably one from the same host, naming it after your activist (pick either the first or last name of the activist, up to you) and replace all instances of the old guest name with your new guest name and change the namesake URL and description text and anything else (be sure that the onsite/rdiff-backup server is in the same colo center as the server you are creating) and replace the IP address in the nagios stanza with the correct IP address
  • Edit the puppet configuration file for the host server. Copy an existing m_kvm::guest stanza, replacing values as needed
  • commit changes to the puppet repo and git push to the host machine

While root on the host machine

  • Create a symlink to the ISO in the newly created user's home directory...
    ln -s /usr/local/share/ISOs/<guestname>.iso /home/<guestname>/vms/<guestname>/cd.iso
    
  • Add access to the new guest to all root users:
    cat /root/.monkeysphere/authorized_user_ids >> /home/<guestname>/.monkeysphere/authorized_user_ids
    monkeysphere-authentication update-users <guestname>
    
  • Start the new guest
    update-service --add /etc/sv/kvm/<guestname>
    
  • Remove the symlink to the ISO in the newly created user's home directory...
    rm /home/<guestname>/vms/<guestname>/cd.iso
    

While logged in as <guestname>@<host>

  • Enter the screen session:
    screen -x
    
  • Press enter to start the install. Confirm the disk format.
  • Afer installation, Login with root and no password
  • The preseed file will leave all leftover space on the disk in a logical volume called "delete". You can remove this logical volume with:
    lvremove vg_<guestname>0/delete
    
  • Replace <guestname> with the name of the server, e.g.:
    lvremove vg_hay0/delete
    
  • If your server is not running MySQL, you may want to also delete the mysql partition (and edit /etc/fstab to remove the /var/lib/mysql entry)
  • To create one or more new volumes from the remaining free space
    lvcreate --size <size> -n <logical-volume-name> vg_<guestname>0
    
    E.g.
    lvcreate --size 80G -n home vg_goldman0
    
  • Edit fstab with the mount point(s) for the new logical volume(s)
    /dev/mapper/vg_<guestname>0-<logical-volume-name>  <mount point>  <type>  <options>  <dump>  <pass>
    
    E.g.
    /dev/mapper/vg_goldman0-home     /home     ext3     defaults,relatime,nosuid,nodev   0     2
    

You may need to create a file system for the new volume group.

mkfs.ext3 /dev/mapper/vg_<guestname>0-<logical-volume-name>
  • Mount the new logical volume(s). This will test the syntax of fstab to ensure successful mount(s) on the next reboot.
    mount <mount point>
    
    E.g.
    mount /home
    
  • Set the root password. If you run the keyringer pass command without any arguments, it will prompt you with a random password and store the password in keyringer.
  • Check the ssh host fingerprint (for comparison during steps below)
    ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
    

While in your puppet conf directory on your local machine

  • Setup a remote for the new server:
    freepuppet-helper gsr:<guestname>
    
  • Initialize the new server for puppet with:
    freepuppet-helper is:<guestname>
    
  • Push git repo to guest:
    freepuppet-helper gp:<guestname>
    
    • If you get errors during this process, which is likely--they show up in some attention grabbing color, purple for me--rerun the process with the following:
      freepuppet-helper pr:<guestname>
      
  • Sign host key:
    freepuppet-helper shgk:<guestname>
    
  • Sign root user key:
    freepuppet-helper srgk:<guestname>
    
  • Push changes to the nagios server and to each of the backup servers

NOTE: We have experienced errors with backup servers syncing. Please see ticket:5455#comment:3 if you see errors syncing backups.

freepuppet-helper gp:jojobe
freepuppet-helper gp:<onsite-backup-server>
freepuppet-helper gp:<offsite-backup-server>

Restart the server!

MOSH servers

If you are installing a MOSH server:

  • Grant access to the Control panel database, from your local machine:
    freepuppet-helper rda:<guestname>
    
  • Add the server to the red_server table in the red/seso database. Setting accepting = 1 will enable it to show up in the drop down list for everyone:
  • NOTE: The command below may not work properly, in which case you should login to hay and run it from the mysql cli.
    ssh root@hay.mayfirst.org mysql -e "INSERT INTO red_server SET server = '<guestname>.mayfirst.org', accepting = 1" seso
    
  • Purchase and install the 2 year cert (purchased via http://cheapssls.com/ using our login in keyringer and paying via our paypal account, also in keyringer). The certificate signing request will already be generated by puppet and is on the guest server in /etc/ssl/<guestname>.mayfirst.org.csr.
  • Once you have the certificate:
    • remove the symlink /etc/ssl/<guestname>.mayfirst.org.crt
    • create a new file with the same name containing the cert and the intermediate cert.
    • remove the symlink /etc/ssl/private/<guestname>.mayfirst.org.pem.
    • rename /etc/ssl/private/<guestname>.mayfirst.org.key.uncertified to /etc/ssl/private/<guestname>.mayfirst.org.pem
    • add the cert and intermediate cert to this file (courier needs both the key and cert in the same file