Difference between revisions of "User:Lucas/Gentoo Install Notes"

From stoney cloud
Jump to: navigation, search
(Created page with "* hack /usr/local/scripts/netfilter/local/chains/vms/kvm_0231_chain.sh on host to allow gateway conns * first hd is /dev/vda * default gentoo handbook install with lvm setup o...")
 
 
(14 intermediate revisions by the same user not shown)
Line 1: Line 1:
* hack /usr/local/scripts/netfilter/local/chains/vms/kvm_0231_chain.sh on host to allow gateway conns
+
* hack <code>/usr/local/scripts/netfilter/local/chains/vms/kvm_0231_chain.sh</code> on host to allow gateway conns
 
* first hd is /dev/vda
 
* first hd is /dev/vda
 
* default gentoo handbook install with lvm setup on vda3 and one large lv_root
 
* default gentoo handbook install with lvm setup on vda3 and one large lv_root
 
* install lvm2 so you can build a lvm initramfs
 
* install lvm2 so you can build a lvm initramfs
** if you skip this you will have tons of fun loading lvm in the initramfs shell: lvm vgscan --mknodes && lvm lvchange -a ly vg01/lv_root
+
** if you skip this you will have tons of fun loading lvm in the initramfs shell: <code>lvm vgscan --mknodes && lvm lvchange -a ly vg01/lv_root</code>
* kernel build with: genkernel --install --lvm --menuconfig all (do not use --virtio, activate them in menuconfig instead, I had heaps of fun hunting down all the modules)
+
* kernel build with: <code>genkernel --install --lvm --menuconfig all</code> (do not use <code>--virtio</code>, activate them in menuconfig instead, I had heaps of fun hunting down all the modules)
** actually genkernel --install --lvm --kernel-config=/root/kernel.config since lazy me hates using a ui
+
** actually <code>genkernel --install --lvm --kernel-config=/root/kernel.config all</code> since lazy me hates using a ui
** the --virtio switch seems screwed due to some oldconfig changes with the VIRTIO_MMIO system, but i haven't looked into that more
+
** the --virtio switch seems screwed due to some oldconfig changes with the <code>VIRTIO_MMIO</code> system, but i haven't looked into that more
* remember to also set GRUB_CMDLINE_LINUX="dolvm" in /etc/default/grub (as i said before, a ton of fun)
+
* remember to also set <code>GRUB_CMDLINE_LINUX="dolvm"</code> in <code>/etc/default/grub</code> (as i said before, a ton of fun)
* more things to install on new machines: emerge dev-vcs/git vim
+
* more things to install on new machines: <code>emerge dev-vcs/git vim</code>
* now for puppet: USE="augeas vim-syntax" emerge puppet
+
* now for puppet: <code>USE="augeas vim-syntax" emerge puppet</code>
* before using puppet: emerge eix && eix-update
+
* before using puppet: <code>emerge eix && eix-update</code>
 +
* clone puppet tree: <code>git clone https://github.com/purplehazech/purplehazech-orcatamer.git /etc/puppet/environments/development</code>
 +
* install librarian: <code>gem19 install librarian-puppet</code>
 +
* load puppet modules: <code>cd /etc/puppet/environments/development && librarian-puppet install</code>
 +
* workaround some TODOs: <code>ln -s /etc/puppet/environments/development/ /vagrant && ulimit -n 2048 && emerge dev-ruby/rgen  --autounmask-write && dispatch-conf && emerge dev-ruby/rgen</code>
 +
* test if puppet is useable: <code>puppet apply --environment=development --modulepath=/etc/puppet/environments/development/modules/:/etc/puppet/environments/development/manifests/ -e 'notify{"test":}' --pluginsync</code>
 +
* run puppet like so to find the first batch of stuff to fix: <code>puppet apply --environment=development --modulepath=/etc/puppet/environments/development/modules/:/etc/puppet/environments/development/manifests/ -e 'include ::role::puppet::master' --pluginsync --noop</code>
 +
* let puppet rip: <code>puppet apply --environment=development --modulepath=/etc/puppet/environments/development/modules/:/etc/puppet/environments/development/manifests/ -e 'include ::role::puppet::master' --pluginsync </code>
 +
* after running the last command until all the errors where fixed i can try to run in agent mode: <code>puppet agent --test --server=`hostname -f`</code>
 +
** i still need to figure out why the <code>--server</code> flag is needed at this stage, somehow the agent is consulting DNS rather than <code>/etc/hosts</code>
 +
 
 +
now for some hacking that i did to test some concepts:
 +
* setup openldap tooling: emerge openldap
 +
* search for machine: <code>ldapsearch -D 'cn=Manager,dc=stoney-cloud,dc=org' -w admin '(&(objectClass=sstVirtualizationVirtualMachine)(sstNetworkHostname=kvm-0231))'</code>
 +
* open ldap port in fw: <code>ldap_pub_out="10.1.130.13"</code> and <code>openTcpPortOut "${chains_out[pub]}" "$ldap_pub_out"        "636"</code>
 +
** i also need to configure <code>ldaps_int_in="${ip_int[vm-test-02]} ${ip_int[vm-test-03]} 192.168.140.136"</code> in <code>/usr/local/scripts/netfilter/local/chains/vm-test-01/vm-test-01_chain.sh</code> for the above to work.
 +
** after all the above i can still not connect from my node to the ldap server. I'll have ot get the iptables gurus on board to solve this. We need more documentation on the setup if a as simple dev should be able to change this. At some point I might even consider puppetizing th eiptables config.
 +
 
 +
== TODOs ==
 +
* refactor role and profile things into proper modules and use proper puppet:// data urls
 +
* figure out why the betagarden overlay needs <code>ulimit -n 2048</code> to clone
 +
* install rgen for puppet parser future at some sensible part of bootstrapping
 +
* figure out what going on here: <code>Feb 22 22:30:01 vm-test-01 ulogd[30493]: p_kvm-0231_0_in Denied dst:: IN=vmbr0 OUT=vmbr0 MAC=01:00:5e:00:00:12:00:00:5e:00:01:03:08:00 SRC=192.168.140.2 DST=224.0.0.18 LEN=56 TOS=10 PREC=0x00 TTL=255 ID=33458 DF PROTO=112 MARK=0 </code>
 +
* get rid of <code>/vargant</code> hard-deps.
 +
* make git with USE="curl"

Latest revision as of 14:10, 23 February 2014

  • hack /usr/local/scripts/netfilter/local/chains/vms/kvm_0231_chain.sh on host to allow gateway conns
  • first hd is /dev/vda
  • default gentoo handbook install with lvm setup on vda3 and one large lv_root
  • install lvm2 so you can build a lvm initramfs
    • if you skip this you will have tons of fun loading lvm in the initramfs shell: lvm vgscan --mknodes && lvm lvchange -a ly vg01/lv_root
  • kernel build with: genkernel --install --lvm --menuconfig all (do not use --virtio, activate them in menuconfig instead, I had heaps of fun hunting down all the modules)
    • actually genkernel --install --lvm --kernel-config=/root/kernel.config all since lazy me hates using a ui
    • the --virtio switch seems screwed due to some oldconfig changes with the VIRTIO_MMIO system, but i haven't looked into that more
  • remember to also set GRUB_CMDLINE_LINUX="dolvm" in /etc/default/grub (as i said before, a ton of fun)
  • more things to install on new machines: emerge dev-vcs/git vim
  • now for puppet: USE="augeas vim-syntax" emerge puppet
  • before using puppet: emerge eix && eix-update
  • clone puppet tree: git clone https://github.com/purplehazech/purplehazech-orcatamer.git /etc/puppet/environments/development
  • install librarian: gem19 install librarian-puppet
  • load puppet modules: cd /etc/puppet/environments/development && librarian-puppet install
  • workaround some TODOs: ln -s /etc/puppet/environments/development/ /vagrant && ulimit -n 2048 && emerge dev-ruby/rgen --autounmask-write && dispatch-conf && emerge dev-ruby/rgen
  • test if puppet is useable: puppet apply --environment=development --modulepath=/etc/puppet/environments/development/modules/:/etc/puppet/environments/development/manifests/ -e 'notify{"test":}' --pluginsync
  • run puppet like so to find the first batch of stuff to fix: puppet apply --environment=development --modulepath=/etc/puppet/environments/development/modules/:/etc/puppet/environments/development/manifests/ -e 'include ::role::puppet::master' --pluginsync --noop
  • let puppet rip: puppet apply --environment=development --modulepath=/etc/puppet/environments/development/modules/:/etc/puppet/environments/development/manifests/ -e 'include ::role::puppet::master' --pluginsync
  • after running the last command until all the errors where fixed i can try to run in agent mode: puppet agent --test --server=`hostname -f`
    • i still need to figure out why the --server flag is needed at this stage, somehow the agent is consulting DNS rather than /etc/hosts

now for some hacking that i did to test some concepts:

  • setup openldap tooling: emerge openldap
  • search for machine: ldapsearch -D 'cn=Manager,dc=stoney-cloud,dc=org' -w admin '(&(objectClass=sstVirtualizationVirtualMachine)(sstNetworkHostname=kvm-0231))'
  • open ldap port in fw: ldap_pub_out="10.1.130.13" and openTcpPortOut "${chains_out[pub]}" "$ldap_pub_out" "636"
    • i also need to configure ldaps_int_in="${ip_int[vm-test-02]} ${ip_int[vm-test-03]} 192.168.140.136" in /usr/local/scripts/netfilter/local/chains/vm-test-01/vm-test-01_chain.sh for the above to work.
    • after all the above i can still not connect from my node to the ldap server. I'll have ot get the iptables gurus on board to solve this. We need more documentation on the setup if a as simple dev should be able to change this. At some point I might even consider puppetizing th eiptables config.

TODOs

  • refactor role and profile things into proper modules and use proper puppet:// data urls
  • figure out why the betagarden overlay needs ulimit -n 2048 to clone
  • install rgen for puppet parser future at some sensible part of bootstrapping
  • figure out what going on here: Feb 22 22:30:01 vm-test-01 ulogd[30493]: p_kvm-0231_0_in Denied dst:: IN=vmbr0 OUT=vmbr0 MAC=01:00:5e:00:00:12:00:00:5e:00:01:03:08:00 SRC=192.168.140.2 DST=224.0.0.18 LEN=56 TOS=10 PREC=0x00 TTL=255 ID=33458 DF PROTO=112 MARK=0
  • get rid of /vargant hard-deps.
  • make git with USE="curl"