Difference between revisions of "User:Lucas/Gentoo Install Notes"
From stoney cloud
Line 24: | Line 24: | ||
* setup openldap tooling: emerge openldap | * setup openldap tooling: emerge openldap | ||
* search for machine: <code>ldapsearch -D 'cn=Manager,dc=stoney-cloud,dc=org' -w admin '(&(objectClass=sstVirtualizationVirtualMachine)(sstNetworkHostname=kvm-0231))'</code> | * search for machine: <code>ldapsearch -D 'cn=Manager,dc=stoney-cloud,dc=org' -w admin '(&(objectClass=sstVirtualizationVirtualMachine)(sstNetworkHostname=kvm-0231))'</code> | ||
+ | * open ldap port in fw: <code>ldap_pub_out="10.1.130.13"</code> and <code>openTcpPortOut "${chains_out[pub]}" "$ldap_pub_out" "636"</code> | ||
+ | ** i also need to configure <code>ldaps_int_in="${ip_int[vm-test-02]} ${ip_int[vm-test-03]} 192.168.140.136"</code> in <code>/usr/local/scripts/netfilter/local/chains/vm-test-01/vm-test-01_chain.sh</code> for the above to work. | ||
== TODOs == | == TODOs == |
Revision as of 22:49, 22 February 2014
- hack
/usr/local/scripts/netfilter/local/chains/vms/kvm_0231_chain.sh
on host to allow gateway conns - first hd is /dev/vda
- default gentoo handbook install with lvm setup on vda3 and one large lv_root
- install lvm2 so you can build a lvm initramfs
- if you skip this you will have tons of fun loading lvm in the initramfs shell:
lvm vgscan --mknodes && lvm lvchange -a ly vg01/lv_root
- if you skip this you will have tons of fun loading lvm in the initramfs shell:
- kernel build with:
genkernel --install --lvm --menuconfig all
(do not use--virtio
, activate them in menuconfig instead, I had heaps of fun hunting down all the modules)- actually
genkernel --install --lvm --kernel-config=/root/kernel.config all
since lazy me hates using a ui - the --virtio switch seems screwed due to some oldconfig changes with the
VIRTIO_MMIO
system, but i haven't looked into that more
- actually
- remember to also set
GRUB_CMDLINE_LINUX="dolvm"
in/etc/default/grub
(as i said before, a ton of fun) - more things to install on new machines:
emerge dev-vcs/git vim
- now for puppet:
USE="augeas vim-syntax" emerge puppet
- before using puppet:
emerge eix && eix-update
- clone puppet tree:
git clone https://github.com/purplehazech/purplehazech-orcatamer.git /etc/puppet/environments/development
- install librarian:
gem19 install librarian-puppet
- load puppet modules:
cd /etc/puppet/environments/development && librarian-puppet install
- workaround some TODOs:
ln -s /etc/puppet/environments/development/ /vagrant && mkdir /usr/local/portage && touch /usr/local/portage/make.conf && ulimit -n 2048 && emerge sudo && emerge dev-ruby/rgen --autounmask-write && dispatch-conf && emerge dev-ruby/rgen
- test if puppet is useable:
puppet apply --environment=development --modulepath=/etc/puppet/environments/development/modules/:/etc/puppet/environments/development/manifests/ -e 'notify{"test":}' --pluginsync
- run puppet like so to find the first batch of stuff to fix:
puppet apply --environment=development --modulepath=/etc/puppet/environments/development/modules/:/etc/puppet/environments/development/manifests/ -e 'include ::role::puppet::master' --pluginsync --noop
- let puppet rip:
puppet apply --environment=development --modulepath=/etc/puppet/environments/development/modules/:/etc/puppet/environments/development/manifests/ -e 'include ::role::puppet::master' --pluginsync
- after running the last command until all the errors where fixed i can try to run in agent mode:
puppet agent --test --server=`hostname -f`
- i still need to figure out why the
--server
flag is needed at this stage, somehow the agent is consulting DNS rather than/etc/hosts
- i still need to figure out why the
now for some hacking that i did to test some concepts:
- setup openldap tooling: emerge openldap
- search for machine:
ldapsearch -D 'cn=Manager,dc=stoney-cloud,dc=org' -w admin '(&(objectClass=sstVirtualizationVirtualMachine)(sstNetworkHostname=kvm-0231))'
- open ldap port in fw:
ldap_pub_out="10.1.130.13"
andopenTcpPortOut "${chains_out[pub]}" "$ldap_pub_out" "636"
- i also need to configure
ldaps_int_in="${ip_int[vm-test-02]} ${ip_int[vm-test-03]} 192.168.140.136"
in/usr/local/scripts/netfilter/local/chains/vm-test-01/vm-test-01_chain.sh
for the above to work.
- i also need to configure
TODOs
- replace silly headers in orcatamer with block chars with something that most tools dont bork on (ie. some ascii art)
- I removed this on Puppetfile and Modulefile to get librarian to run
- use github https URLs through out, they are simply proxy friendlier everywhere
- refactor role and profile things into proper modules and use proper puppet:// data urls
- dont' depend on /usr/local/portage/make.conf
- figure out why the betagarden overlay needs
ulimit -n 2048
to clone - figure out why layman-add from betagarden needs sudo
- install rgen for puppet parser future at some sensible part of bootstrapping
- figure out what going on here:
Feb 22 22:30:01 vm-test-01 ulogd[30493]: p_kvm-0231_0_in Denied dst:: IN=vmbr0 OUT=vmbr0 MAC=01:00:5e:00:00:12:00:00:5e:00:01:03:08:00 SRC=192.168.140.2 DST=224.0.0.18 LEN=56 TOS=10 PREC=0x00 TTL=255 ID=33458 DF PROTO=112 MARK=0