Difference between revisions of "Jalapeno"
(26 intermediate revisions by 5 users not shown) | |||
Line 1: | Line 1: | ||
− | + | Jalapeno is a [[kvm]] virtual machine currently running on [[Gourd]]. It serves as our primary [[DNS]] server. | |
− | Jalapeno | ||
− | + | Upgraded Jalapeño. | |
− | + | =Virtual Hardware= | |
− | + | *Memory: 512 MB | |
− | + | *Hard Disk: 10 GB | |
+ | *Network 1 (eth0): Farm-Bridge | ||
+ | *Network 2 (eth1): UNH-Bridge | ||
− | = | + | =Network Settings= |
− | + | *IP Address farm (eth0): 10.0.0.253 -- temp jalapeno2 10.0.0.237 (yendi) | |
− | + | *IP Address UNH (eth1): 132.177.88.37 | |
− | + | ||
− | + | =Software and Services= | |
− | + | == IPTables == | |
− | + | ||
− | + | Jalapeno uses the standard NPG [[iptables]] firewall. It allows ssh, DNS, and CUPS ipp connections. | |
− | + | ||
− | + | == Named == | |
− | + | ||
− | + | Named provides [[DNS]] hostname resolution for the farm.physics.unh.edu backend network. DNS configuration files are located in the /var/named directory. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | === | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | == | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Backup Configuration == | == Backup Configuration == | ||
=== /etc/rsync-backup.conf === | === /etc/rsync-backup.conf === | ||
Line 82: | Line 59: | ||
comment = user and system storage | comment = user and system storage | ||
</pre> | </pre> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | = Upgrade to Centos7 = | |
− | + | ||
− | + | == Initialization == | |
− | + | On Pumpkin (which is in the 88 network, while Jalapeño needs to be on 180!) | |
− | + | qemu-img create -f qcow2 /kvm/images/jalepeno_new.qcow2 10G | |
+ | virt-install -v --name=jalapeno2 --memory 512 --os-type=linux --os-variant=rhel7 --cdrom=/net/data/endeavour1/System/Centos/CentOS-7-x86_64-DVD-1503-01.iso --disk path=/kvm/images/jalapeno_new.qcow2,size=10 --network=bridge:farmbr --network=bridge:unhbr --vnc --vncport=5904 | ||
+ | |||
+ | Next, install a minimal machine, with installer, and setup the back-end IP address from installer GUI. Give it a root password. | ||
+ | |||
+ | Login to machine, check that network is up! Kill NetworkManager, and check the ifcfg, then ifup the network | ||
+ | |||
+ | Next, edit /etc/yum.conf to use the endeavour proxy, add: proxy=http://endeavour.farm.physics.unh.edu:3128 at end of file. Save. Then: "yum update" and "yum upgrade" | ||
+ | |||
+ | Install: | ||
+ | yum install -y emacs nano bind bind-utils | ||
− | + | If you really want to, you can allow user login and all that, but there is really no need for it. | |
− | |||
− | |||
− | |||
− | |||
− | + | == Bind/Named installation == | |
+ | yum install -y bind bind-utils | ||
− | + | Install the named.conf file in /etc and the farm.physics.unh.edu.zone and ...-rev files in /var/named. | |
− | + | The named.conf is new, and tested on the new Einstein centos7 host. | |
− | |||
− | + | systemctl enable named | |
− | + | systemctl start named | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | Test it. Works. | |
− | + | == Take on the Jalapeño properties == | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | Rename the VM to jalapeno.unh.edu and also rename the disk. Do this by making a clone. First use virt-manager to rename the old machine to jalapeño.unh.edu.centos6. Then: | |
− | |||
− | + | virt-clone --original jalapeno.unh.edu.centos7 --auto-clone --name jalapeno.unh.edu --file jalapeno.centos7.qcow2 | |
− | + | virsh edit jalapeno.unh.edu # Remove from <channel type='unix'> ... </channel> See: https://bugzilla.redhat.com/show_bug.cgi?id=1270696 | |
− | + | Now start the new VM, and take on the Jalapeño personality: | |
− | # | + | |
− | + | cd /etc/ssh | |
− | # | + | scp 10.0.0.253:/etc/ssh/* . # Get the correct ssh id. |
− | + | cd /root/.ssh | |
+ | scp 10.0.0.253:/root/.ssh/* . # For the backup system. | ||
+ | edit /etc/sysconfig/networking-scripts/ifcfg-eth0 and eth1 for Jalapeño network addresses | ||
+ | scp 10.0.0.253:/etc/rsync-backup.conf . | ||
+ | |||
+ | Some cleaning up to do. We also want iptables instead of firewalld. This wasn't possible because *still* we have buggy SELINUX and systemctl. So, turn off SELINUX, reboot, then switch. | ||
+ | |||
+ | emacs -nw /etc/sysconfig/selinux # change to disabled. | ||
+ | systemctl disable firewalld.service | ||
+ | yum install iptables-services | ||
+ | systemctl enable iptables.service | ||
+ | |||
+ | Edit a reasonable iptables in /etc/sysconfig | ||
+ | |||
+ | Then go to the old jalapeño and change the IP address (to Benfranklin=132.177.88.253 and 10.0.0.153 ). Reboot old and new jalapeño | ||
+ | |||
+ | == TO DO == | ||
+ | |||
+ | # Currently there is no setup of LDAP on jalapeño. | ||
+ | # No user login either, since there is no LDAP. |
Latest revision as of 16:58, 3 August 2017
Jalapeno is a kvm virtual machine currently running on Gourd. It serves as our primary DNS server.
Upgraded Jalapeño.
Virtual Hardware
- Memory: 512 MB
- Hard Disk: 10 GB
- Network 1 (eth0): Farm-Bridge
- Network 2 (eth1): UNH-Bridge
Network Settings
- IP Address farm (eth0): 10.0.0.253 -- temp jalapeno2 10.0.0.237 (yendi)
- IP Address UNH (eth1): 132.177.88.37
Software and Services
IPTables
Jalapeno uses the standard NPG iptables firewall. It allows ssh, DNS, and CUPS ipp connections.
Named
Named provides DNS hostname resolution for the farm.physics.unh.edu backend network. DNS configuration files are located in the /var/named directory.
Backup Configuration
/etc/rsync-backup.conf
# Backups are 'pull' only. Too bad there isn't a better way to enforce this. read only = yes # Oh for the ability to retain CAP_DAC_READ_SEARCH, and no other. #uid = root # XXX There seems to be an obscure bug with pam_ldap and rsync whereby # getpwnam(3) segfaults when (and only when) archiving /etc. Using a numeric # uid avoids this bug. Only verified on Fedora Core 2. uid = 0 # There's not much point in putting the superuser in a chroot jail # use chroot = yes # This isn't really an effective "lock" per se, since the value is per-module, # but there really ought never be more than one, and it would at least # ensure serialized backups. max connections = 1 [usr_local] path = /usr/local comment = unpackaged software [opt] path = /opt comment = unpackaged software [etc] path = /etc comment = conf files [var] path = /var comment = user and system storage
Upgrade to Centos7
Initialization
On Pumpkin (which is in the 88 network, while Jalapeño needs to be on 180!)
qemu-img create -f qcow2 /kvm/images/jalepeno_new.qcow2 10G virt-install -v --name=jalapeno2 --memory 512 --os-type=linux --os-variant=rhel7 --cdrom=/net/data/endeavour1/System/Centos/CentOS-7-x86_64-DVD-1503-01.iso --disk path=/kvm/images/jalapeno_new.qcow2,size=10 --network=bridge:farmbr --network=bridge:unhbr --vnc --vncport=5904
Next, install a minimal machine, with installer, and setup the back-end IP address from installer GUI. Give it a root password.
Login to machine, check that network is up! Kill NetworkManager, and check the ifcfg, then ifup the network
Next, edit /etc/yum.conf to use the endeavour proxy, add: proxy=http://endeavour.farm.physics.unh.edu:3128 at end of file. Save. Then: "yum update" and "yum upgrade"
Install:
yum install -y emacs nano bind bind-utils
If you really want to, you can allow user login and all that, but there is really no need for it.
Bind/Named installation
yum install -y bind bind-utils
Install the named.conf file in /etc and the farm.physics.unh.edu.zone and ...-rev files in /var/named. The named.conf is new, and tested on the new Einstein centos7 host.
systemctl enable named systemctl start named
Test it. Works.
Take on the Jalapeño properties
Rename the VM to jalapeno.unh.edu and also rename the disk. Do this by making a clone. First use virt-manager to rename the old machine to jalapeño.unh.edu.centos6. Then:
virt-clone --original jalapeno.unh.edu.centos7 --auto-clone --name jalapeno.unh.edu --file jalapeno.centos7.qcow2 virsh edit jalapeno.unh.edu # Remove from <channel type='unix'> ... </channel> See: https://bugzilla.redhat.com/show_bug.cgi?id=1270696
Now start the new VM, and take on the Jalapeño personality:
cd /etc/ssh scp 10.0.0.253:/etc/ssh/* . # Get the correct ssh id. cd /root/.ssh scp 10.0.0.253:/root/.ssh/* . # For the backup system. edit /etc/sysconfig/networking-scripts/ifcfg-eth0 and eth1 for Jalapeño network addresses scp 10.0.0.253:/etc/rsync-backup.conf .
Some cleaning up to do. We also want iptables instead of firewalld. This wasn't possible because *still* we have buggy SELINUX and systemctl. So, turn off SELINUX, reboot, then switch.
emacs -nw /etc/sysconfig/selinux # change to disabled. systemctl disable firewalld.service yum install iptables-services systemctl enable iptables.service
Edit a reasonable iptables in /etc/sysconfig
Then go to the old jalapeño and change the IP address (to Benfranklin=132.177.88.253 and 10.0.0.153 ). Reboot old and new jalapeño
TO DO
- Currently there is no setup of LDAP on jalapeño.
- No user login either, since there is no LDAP.