Difference between revisions of "User:Lucas/Gentoo Install Notes"
From stoney cloud
(8 intermediate revisions by the same user not shown) | |||
Line 14: | Line 14: | ||
* install librarian: <code>gem19 install librarian-puppet</code> | * install librarian: <code>gem19 install librarian-puppet</code> | ||
* load puppet modules: <code>cd /etc/puppet/environments/development && librarian-puppet install</code> | * load puppet modules: <code>cd /etc/puppet/environments/development && librarian-puppet install</code> | ||
− | * workaround some TODOs: <code>ln -s /etc/puppet/environments/development/ /vagrant && | + | * workaround some TODOs: <code>ln -s /etc/puppet/environments/development/ /vagrant && ulimit -n 2048 && emerge dev-ruby/rgen --autounmask-write && dispatch-conf && emerge dev-ruby/rgen</code> |
* test if puppet is useable: <code>puppet apply --environment=development --modulepath=/etc/puppet/environments/development/modules/:/etc/puppet/environments/development/manifests/ -e 'notify{"test":}' --pluginsync</code> | * test if puppet is useable: <code>puppet apply --environment=development --modulepath=/etc/puppet/environments/development/modules/:/etc/puppet/environments/development/manifests/ -e 'notify{"test":}' --pluginsync</code> | ||
− | * run puppet like so to find the first batch of stuff to fix: <code>puppet apply --environment=development --modulepath=/etc/puppet/environments/development/modules/:/etc/puppet/environments/ | + | * run puppet like so to find the first batch of stuff to fix: <code>puppet apply --environment=development --modulepath=/etc/puppet/environments/development/modules/:/etc/puppet/environments/development/manifests/ -e 'include ::role::puppet::master' --pluginsync --noop</code> |
− | + | * let puppet rip: <code>puppet apply --environment=development --modulepath=/etc/puppet/environments/development/modules/:/etc/puppet/environments/development/manifests/ -e 'include ::role::puppet::master' --pluginsync </code> | |
− | * let puppet rip: <code>puppet apply --environment=development --modulepath=/etc/puppet/environments/development/modules/:/etc/puppet/environments/ | + | * after running the last command until all the errors where fixed i can try to run in agent mode: <code>puppet agent --test --server=`hostname -f`</code> |
− | + | ** i still need to figure out why the <code>--server</code> flag is needed at this stage, somehow the agent is consulting DNS rather than <code>/etc/hosts</code> | |
+ | |||
+ | now for some hacking that i did to test some concepts: | ||
+ | * setup openldap tooling: emerge openldap | ||
+ | * search for machine: <code>ldapsearch -D 'cn=Manager,dc=stoney-cloud,dc=org' -w admin '(&(objectClass=sstVirtualizationVirtualMachine)(sstNetworkHostname=kvm-0231))'</code> | ||
+ | * open ldap port in fw: <code>ldap_pub_out="10.1.130.13"</code> and <code>openTcpPortOut "${chains_out[pub]}" "$ldap_pub_out" "636"</code> | ||
+ | ** i also need to configure <code>ldaps_int_in="${ip_int[vm-test-02]} ${ip_int[vm-test-03]} 192.168.140.136"</code> in <code>/usr/local/scripts/netfilter/local/chains/vm-test-01/vm-test-01_chain.sh</code> for the above to work. | ||
+ | ** after all the above i can still not connect from my node to the ldap server. I'll have ot get the iptables gurus on board to solve this. We need more documentation on the setup if a as simple dev should be able to change this. At some point I might even consider puppetizing th eiptables config. | ||
== TODOs == | == TODOs == | ||
− | |||
− | |||
− | |||
* refactor role and profile things into proper modules and use proper puppet:// data urls | * refactor role and profile things into proper modules and use proper puppet:// data urls | ||
− | + | * figure out why the betagarden overlay needs <code>ulimit -n 2048</code> to clone | |
− | * figure out why the betagarden overlay needs <code>ulimit -n 2048</ | + | * install rgen for puppet parser future at some sensible part of bootstrapping |
+ | * figure out what going on here: <code>Feb 22 22:30:01 vm-test-01 ulogd[30493]: p_kvm-0231_0_in Denied dst:: IN=vmbr0 OUT=vmbr0 MAC=01:00:5e:00:00:12:00:00:5e:00:01:03:08:00 SRC=192.168.140.2 DST=224.0.0.18 LEN=56 TOS=10 PREC=0x00 TTL=255 ID=33458 DF PROTO=112 MARK=0 </code> | ||
+ | * get rid of <code>/vargant</code> hard-deps. | ||
+ | * make git with USE="curl" |
Latest revision as of 14:10, 23 February 2014
- hack
/usr/local/scripts/netfilter/local/chains/vms/kvm_0231_chain.sh
on host to allow gateway conns - first hd is /dev/vda
- default gentoo handbook install with lvm setup on vda3 and one large lv_root
- install lvm2 so you can build a lvm initramfs
- if you skip this you will have tons of fun loading lvm in the initramfs shell:
lvm vgscan --mknodes && lvm lvchange -a ly vg01/lv_root
- if you skip this you will have tons of fun loading lvm in the initramfs shell:
- kernel build with:
genkernel --install --lvm --menuconfig all
(do not use--virtio
, activate them in menuconfig instead, I had heaps of fun hunting down all the modules)- actually
genkernel --install --lvm --kernel-config=/root/kernel.config all
since lazy me hates using a ui - the --virtio switch seems screwed due to some oldconfig changes with the
VIRTIO_MMIO
system, but i haven't looked into that more
- actually
- remember to also set
GRUB_CMDLINE_LINUX="dolvm"
in/etc/default/grub
(as i said before, a ton of fun) - more things to install on new machines:
emerge dev-vcs/git vim
- now for puppet:
USE="augeas vim-syntax" emerge puppet
- before using puppet:
emerge eix && eix-update
- clone puppet tree:
git clone https://github.com/purplehazech/purplehazech-orcatamer.git /etc/puppet/environments/development
- install librarian:
gem19 install librarian-puppet
- load puppet modules:
cd /etc/puppet/environments/development && librarian-puppet install
- workaround some TODOs:
ln -s /etc/puppet/environments/development/ /vagrant && ulimit -n 2048 && emerge dev-ruby/rgen --autounmask-write && dispatch-conf && emerge dev-ruby/rgen
- test if puppet is useable:
puppet apply --environment=development --modulepath=/etc/puppet/environments/development/modules/:/etc/puppet/environments/development/manifests/ -e 'notify{"test":}' --pluginsync
- run puppet like so to find the first batch of stuff to fix:
puppet apply --environment=development --modulepath=/etc/puppet/environments/development/modules/:/etc/puppet/environments/development/manifests/ -e 'include ::role::puppet::master' --pluginsync --noop
- let puppet rip:
puppet apply --environment=development --modulepath=/etc/puppet/environments/development/modules/:/etc/puppet/environments/development/manifests/ -e 'include ::role::puppet::master' --pluginsync
- after running the last command until all the errors where fixed i can try to run in agent mode:
puppet agent --test --server=`hostname -f`
- i still need to figure out why the
--server
flag is needed at this stage, somehow the agent is consulting DNS rather than/etc/hosts
- i still need to figure out why the
now for some hacking that i did to test some concepts:
- setup openldap tooling: emerge openldap
- search for machine:
ldapsearch -D 'cn=Manager,dc=stoney-cloud,dc=org' -w admin '(&(objectClass=sstVirtualizationVirtualMachine)(sstNetworkHostname=kvm-0231))'
- open ldap port in fw:
ldap_pub_out="10.1.130.13"
andopenTcpPortOut "${chains_out[pub]}" "$ldap_pub_out" "636"
- i also need to configure
ldaps_int_in="${ip_int[vm-test-02]} ${ip_int[vm-test-03]} 192.168.140.136"
in/usr/local/scripts/netfilter/local/chains/vm-test-01/vm-test-01_chain.sh
for the above to work. - after all the above i can still not connect from my node to the ldap server. I'll have ot get the iptables gurus on board to solve this. We need more documentation on the setup if a as simple dev should be able to change this. At some point I might even consider puppetizing th eiptables config.
- i also need to configure
TODOs
- refactor role and profile things into proper modules and use proper puppet:// data urls
- figure out why the betagarden overlay needs
ulimit -n 2048
to clone - install rgen for puppet parser future at some sensible part of bootstrapping
- figure out what going on here:
Feb 22 22:30:01 vm-test-01 ulogd[30493]: p_kvm-0231_0_in Denied dst:: IN=vmbr0 OUT=vmbr0 MAC=01:00:5e:00:00:12:00:00:5e:00:01:03:08:00 SRC=192.168.140.2 DST=224.0.0.18 LEN=56 TOS=10 PREC=0x00 TTL=255 ID=33458 DF PROTO=112 MARK=0
- get rid of
/vargant
hard-deps. - make git with USE="curl"