[Mageia-sysadm] our new server, rabbit

Michael Scherer misc at zarb.org
Mon Jan 10 02:30:42 CET 2011 

Hi

so I installed rabbit.mageia.org this afternoon. 

So we agreed to use raid 1+0. Unfortunately, the raid card do not
support it, so I went with a simple raid 1 setup. As Thomas noted on
irc, the server bios, dirac and others are quite outdated, but I do not
think we could update it ( as this is not our server, but a rented
one ). 

Rafael, you confirm that we should not update ( we can do it using
dirac, but I would really have your approval before, and I will take
care of it, as you may have better thing to do during work hours ).

The system is puppetified, so this mean that our ssh keys ( with ours ==
admin team ) are placed, and that you can start writing modules 

There is 2 To disk, with a 20 go /, and the rest is a lvm, with 5 go of
swap.

I tested the dirac interface :

- connect on the interface
https://console.online.net/serveurs/statut/?page=idrac&sd=XXXXX
( we still need to find a secure and bus-proof way of sharing password
and so on )
 
then once connected to it, go in :

systeme => console/media

it worked quite great, except that there is a trick to make it work. I
used a laptop ( not mine ) running Ubuntu 10.04 ( not mine, as i said )
with the proprietary java of oracle version 1.6. The java webstart
system didn't worked, I had to start it by hand 'javaws /tmp/kvm.jnlp'.
The system  do not let us use vnc ( blocked for security reason, but i
guess that because they do not want too much fiddling with it and
overloaded support ). I suspect that parsing the jnlp to get the proper
parameter should work, but didn't searched much.

The bios didn't recognized the arrow on my keyboard, and the uefi ( yeah
there is bios and uefi ) did behave weirdly with my mouse, it is used to
provides various wizard to install your server, etc.

The admin card can send alert to syslog, maybe we should think of it. it
can also send monitoring to a email and a phone number. I let the
default setup of using ennael email, but that should be changed.

Regarding the puppet bootstrapping, here is a quick doc I wrote while
doing it :

On valstar ( ie on svn ).
- Add the server in manifests/nodes.pp, like commit 751.


On the server to be installed ( here, rabbit )
- connect as root with ssh, or direct access, whatever.

- make sure medias are correctly set ( ie, while I know the goal is to
help users, I prefered to remove non-free, and plf ). [1]

- remove unneeded rpm ( I removed shorewall, until we configure it, and
bind ).

- install all updates ( urpmi --auto-update ), and kernel provided by
Thomas.

- take puppet rpm from valstar /root [2], and install it.

- run 
# puppet agent --server puppetmaster.mageia.org --no-daemonize
--onetime 

Puppet will connect to the puppetmaster to ask for his certificate to be
signed. Make sure that the domain and hostname are properly set
( hostname should give $server.mageia.org )

On valstar ( aka puppetmaster ), and run :
# puppet cert -l
# puppet cert -s rabbit.mageia.org

First command show the list of server certs to sign.

The second command sign the cert.

On rabbit again, run :
# puppet agent --server puppetmaster.mageia.org --no-daemonize --onetime
--pluginsync --no-splay --verbose

--pluginsync is need, or it complain about lib_dir ( as it lack a facter
plugin ). 
--no-splay is needed or puppet will wait when restarting ( since we
update the puppet config on first run ).

Puppet will then configure everything. Please warn if you a error
message ( in pink ), that would mean bootstrapping is broken. ( or if
you install in a vm with a separate puppetmaster instance, please also
warn, for the same reason ).

Obviously, this should be set somewhere on the wiki.

Finally, what is left to do. The server was proposed to be used for
creating isos. I do not know exactly what is needed except lots of IOs,
and that it requires a local mirror of the tree. So I will add a
mirroring script from rsync later. 

Blino, can you comment on this ?

A few remark on what we can improve :
[1] We should have a consistent urpmi database on the cluster. I was
working 6 months ago on my spare time on this for me. But it is neither
finished nor published, and I do not have spare time.

[2] I think puppet should be properly backported or at least, placed in
some repo. Again, I was lazy and copied it, but it would be better to
not use a out of tree rpm.
-- 
Michael Scherer

More information about the Mageia-sysadm mailing list