- hack
/usr/local/scripts/netfilter/local/chains/vms/kvm_0231_chain.sh
on host to allow gateway conns - first hd is /dev/vda
- default gentoo handbook install with lvm setup on vda3 and one large lv_root
- install lvm2 so you can build a lvm initramfs
- if you skip this you will have tons of fun loading lvm in the initramfs shell:
lvm vgscan --mknodes && lvm lvchange -a ly vg01/lv_root
- if you skip this you will have tons of fun loading lvm in the initramfs shell:
- kernel build with:
genkernel --install --lvm --menuconfig all
(do not use--virtio
, activate them in menuconfig instead, I had heaps of fun hunting down all the modules)- actually
genkernel --install --lvm --kernel-config=/root/kernel.config all
since lazy me hates using a ui - the --virtio switch seems screwed due to some oldconfig changes with the
VIRTIO_MMIO
system, but i haven't looked into that more
- actually
- remember to also set
GRUB_CMDLINE_LINUX="dolvm"
in/etc/default/grub
(as i said before, a ton of fun) - more things to install on new machines:
emerge dev-vcs/git vim
- now for puppet:
USE="augeas vim-syntax" emerge puppet
- before using puppet:
emerge eix && eix-update
- clone puppet tree:
git clone https://github.com/purplehazech/purplehazech-orcatamer.git /etc/puppet/environments/development
- install librarian:
gem19 install librarian-puppet
- load puppet modules:
cd /etc/puppet/environments/development && librarian-puppet install
- workaround some TODOs:
ln -s /etc/puppet/environments/development/ /vagrant && mkdir /usr/local/portage && touch /usr/local/portage/make.conf && ulimit -n 2048 && emerge sudo && emerge dev-ruby/rgen --autounmask-write && dispatch-conf && emerge dev-ruby/rgen
- test if puppet is useable:
puppet apply --environment=development --modulepath=/etc/puppet/environments/development/modules/:/etc/puppet/environments/development/manifests/ -e 'notify{"test":}' --pluginsync
- run puppet like so to find the first batch of stuff to fix:
puppet apply --environment=development --modulepath=/etc/puppet/environments/development/modules/:/etc/puppet/environments/development/manifests/ -e 'include ::role::puppet::master' --pluginsync --noop
- let puppet rip:
puppet apply --environment=development --modulepath=/etc/puppet/environments/development/modules/:/etc/puppet/environments/development/manifests/ -e 'include ::role::puppet::master' --pluginsync
- after running the last command until all the errors where fixed i can try to run in agent mode:
puppet agent --test --server=`hostname -f`
- i still need to figure out why the
--server
flag is needed at this stage, somehow the agent is consulting DNS rather than/etc/hosts
- i still need to figure out why the
now for some hacking that i did to test some concepts:
- setup openldap tooling: emerge openldap
- search for machine:
ldapsearch -D 'cn=Manager,dc=stoney-cloud,dc=org' -w admin '(&(objectClass=sstVirtualizationVirtualMachine)(sstNetworkHostname=kvm-0231))'
- open ldap port in fw:
ldap_pub_out="10.1.130.13"
andopenTcpPortOut "${chains_out[pub]}" "$ldap_pub_out" "636"
- i also need to configure
ldaps_int_in="${ip_int[vm-test-02]} ${ip_int[vm-test-03]} 192.168.140.136"
in/usr/local/scripts/netfilter/local/chains/vm-test-01/vm-test-01_chain.sh
for the above to work. - after all the above i can still not connect from my node to the ldap server. I'll have ot get the iptables gurus on board to solve this. We need more documentation on the setup if a as simple dev should be able to change this. At some point I might even consider puppetizing th eiptables config.
- i also need to configure
TODOs
- replace silly headers in orcatamer with block chars with something that most tools dont bork on (ie. some ascii art)
- I removed this on Puppetfile and Modulefile to get librarian to run
- use github https URLs through out, they are simply proxy friendlier everywhere
- refactor role and profile things into proper modules and use proper puppet:// data urls
- dont' depend on /usr/local/portage/make.conf
- figure out why the betagarden overlay needs
ulimit -n 2048
to clone - figure out why layman-add from betagarden needs sudo
- install rgen for puppet parser future at some sensible part of bootstrapping
- figure out what going on here:
Feb 22 22:30:01 vm-test-01 ulogd[30493]: p_kvm-0231_0_in Denied dst:: IN=vmbr0 OUT=vmbr0 MAC=01:00:5e:00:00:12:00:00:5e:00:01:03:08:00 SRC=192.168.140.2 DST=224.0.0.18 LEN=56 TOS=10 PREC=0x00 TTL=255 ID=33458 DF PROTO=112 MARK=0