(Quelle: http://tomas.andago.com/cgi-bin/trac.cgi/wiki/QuattoronQEMU)
Run the virtual machine (beware of the permission on the virtual machine file, you need write permissions). Also, you need to follow the [http://tomas.andago.com/cgi-bin/trac.cgi/wiki/QemuHowTo qemu networking instructions] in order to load some needed modules.
qemu SL304_virtual.disk -net nic -net tap
Note we are using bridge and virtual interfaces, bridge module must be loaded and configured an you need one ip on your net to further configure the virtual machine.
alvaro: launching with qemu SL304_virtual.disk I receive an IP by DHCP from Qemu and I have connection to internet with DNS working also.
Ismael: That’s the “less invasive” way of Qemu networking, that runs “out of the box”, but do not enable any incoming conection (even ssh or hhtp). See the net part of [wiki:QemuHowTo Qemu General Howto] . In addition, virtual machines do not share one virtual network unless specified with ‘-net socket’, that needs multicast support on the host.
rpm http://quattorsw.web.cern.ch/quattorsw/software/quattor apt/1.1.X/i386 quattor_sl3 rpm-src http://quattorsw.web.cern.ch/quattorsw/software/quattor apt/1.1.X/i386 quattor_sl3
The second line enable us to get the source code for the software with “apt-get source”.
Then install all the software with:
apt-get update apt-get install quattor*
This will install all the quattor software and dependences. From now we will use the Quattor Installation and User Guide
Now we will configure the diferent modules:
The user cdb is disabled, we have to enabled it by setting a passwd, as root:
passwd cdb
The configuration parameters for CDB software are stored in file cdb.conf under the directory /etc. Normally, the default parameters included in this file should be correct for most of the quattor installations. Edit the file, and change those parameters (if any) that do not fit to your environment. Comments explaining the meaning of each configuration parameter are provided in the file. The most important parameters are:
The next step is to create and initialize the configuration database itself. In order to do that run, as user root, the CDB initialization script:
cdb-setup
Please, check that the initialization program has created a set of directories to store high (hld) and low level (lld) description templates, under the database directory (the directory you specified with the top configuration parameter, by default /var/lib/cdb). Note that the initialization script also creates a symbolic link from the Apache HTML directory (/var/www/html/profiles) to the lld/xml directory (/var/lib/cdb/lld/xml) to allow client nodes to download their configuration profile.
In the file /etc/cdb.con the param server_module must be none, because we dont have any other machines to be notified of the CDB changes.
We will use cdbop (based in SOAP) to manage remote CDB. In this virtual machine we have apache disabled so:
chmod u+x /etc/init.d/httpd /etc/init.d/httpd restart
The list of users allowed to remotely manage CDB is stored in the file: /etc/httpd/conf/.passwd
This file should contain one line per user allowed to connect to CDB, in the format: login::encrypted password where login is the name of the user (note that cdbop users are different from the machine defined users) and encrypted password is the encrypted password. Encrypted passwords can be generated with (literally): openssl passwd lets make a quattor (passwd: quattor) user:
#>openssl passwd Password: Verifying - Password: 5.P6bHTAxcFvA
now edit the file /etc/httpd/conf/.passwd and add this line:
quattor::5.P6bHTAxcFvA
The utility cdbop uses an access control list (ACL) to provide permissions to users. The ACL file is stored on: /etc/httpd/conf/cdb.allow This file should contain one line per used allowed to connect to CDB, in the format: user permission.
Where user is the name of the user defined in the password file above, and the permission can be one of the following (See Section 5. for more information about the difference between production and non-production templates):
empty: simple user;rw: the user is allowed to read and write non-production templates (those whose name does not start with “pro”);admin: the user is allowed to modify production templates.Important note: On Apache/httpd, you need to edit the httpd.conf configuration file and to change the setting ’Timeout’ from 300 to 7200. This will avoid that your SOAP server is shut down after 300 seconds of execution.
Now, we are going to give admin permisions to our new user, so add this line to /etc/httpd/conf/cdb.allow:
quattor admin
The configuration example file is in /usr/share/doc/cdb-cli-<ver>/ , copy this file in /etc and fill the server param, in this case localhost should work fine.
In this point the user quattor could manage the CDB from other machines.
The swrep-server RPM creates a new user called the Software Repository Manager. The repository manager is a special Unix user that is the owner of the packages contained in the repository. The user is special in the sense you cannot login on to the repository server machine using this user, because it will have no login shell. By default the SWRep manager user name is swrep, with group name swrep, as home directory has /var/swrep, and as shell /usr/sbin/swrep-server. Besides to the repository manager, there must be a Repository Location, where software packages will be stored. It is recommended to use a repository located in a directory accessible from a web server, because clients will use by default the HTTP protocol to download the packages. The repository default location is:
/var/www/html/swrep
The configuration of SWRep is managed through the configuration file:
/etc/swrep/swrep-server.conf
Important parameters of swrep-server.conf file are:
The repository management is performed via the Secure Shell (SSH). You have to change the configuration of the SSH daemon on the SWRep server, thus edit the configuration file:
/etc/ssh/sshd_conf
and enable the option:
PermitUserEnvironment yes
and then restart the sshd server to make effective the changes with:
/etc/init.d/sshd restart
Now, we are going to configure the swrep server, so we take an example conf file:
cp /usr/share/doc/swrep-server-1.2.38/swrep-server.conf /etc/swrep/
and make the next changes:
owner = tomas-example@andago.com url = http://localhost/swrep aclfile = /etc/swrep/swrep.acl rootdir = /var/www/html/swrep
In order to manage the software repository we need to configure the swrep client, there is a configuration example file so we can use it:
cp /usr/share/doc/swrep-client-1.2.38/swrep-client.conf /etc/swrep/
Edit the example file, modify the configuration parameters according to your needs. Important parameters of swrep-client.conf file are:
-2 -q -a -x -T -e none.For each user allowed to manage the repository, we have to add, on the SWRep server, the user SSH public key (typically found in the file ˜/.ssh/id_rsa.pub) to the file: /var/swrep/.ssh/authorized keys For example, if we want to use the user user1 at host host.example.org to manage the repository, we should add something like the following to the authorized keys:
environment="SSH USER=tomas" ssh-rsa AAAAB3NzaC1
YwP0jGlWvMl6D+LVIpCEU+qGhQdCNL691gvufcaK9jKwdfPB
VwlEbq8BpumdCOJlH3v8Q9i2hEqgCTT6WeRVxk+NCL5dQ6Ag
au1UpZ40= tomas@192.168.16.92
Create your own key with the ssh-keygen
ssh-keygen -t rsa
Now you have the public key in /home/tomas/.ssh/id_rsa:
$>cat /home/tomas/.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EA...JDCICo1beHh1vWQBMdvhZzuV5oTUwCOOfU= tomas@pc92-red16.andago.net
So we edit the file /var/swrep/.ssh/authorized_keys adding this line:
The ACL rights to create, delete, and so on, packages is specified in SWRep server in the file: /etc/swrep/swrep.acl
This file is managed though the swrep-client utility, but the first user, the one that should give rights to the remaining managers, should be added by hand. Edit the swrep.acl file, and add a new entry with the master user: tomas:/
Now you can test that all its all right with this command:
[tomas@pc92-red16 tomas]$ swrep-client listrights
You are tomas, with rights to change packages with tags:
/
You have repository administrator rights
Now we are goint to create a new platform and his areas:
[tomas@pc92-red16 tomas]$ swrep-client addplatform i386_tomas Platform i386_tomas successfully added [tomas@pc92-red16 tomas]$ swrep-client addarea i386_tomas /base Area /base successfully created in platform i386_tomas [tomas@pc92-red16 tomas]$ swrep-client addarea i386_tomas /base/drivers Area /base/drivers successfully created in platform i386_tomas [tomas@pc92-red16 tomas]$ swrep-client addarea i386_tomas /updates Area /updates successfully created in platform i386_tomas
And finally, we add some packets to the repository:
[tomas@pc92-red16 tomas]$ swrep-client put i386_tomas /tmp/xemacs-21.5.18-15.i586.rpm /base Transferring file xemacs-21.5.18-15.i586.rpm, file size 8354060 bytes, window size 4096 bytes: 4194304 bytes transferred 5242880 bytes transferred 6291456 bytes transferred Transfer complete Checking package... Getting package information... Package xemacs-21.5.18-15.i586.rpm successfully added to platform i386_tomas
Now, you can see this package in the repository using any web browser: http://swrep-server/swrep
Other way to upload great amount of package is the bootstrap command of swrep-client. You need to copy over all your RPMs of your installation CD to the local directory on the server hosting the software repository (e.g. /var/www/html/swrep/i386_tomas). Then, you run for instance swrep-client bootstrap i386_tomas /base which will register all the missing RPM’s in the SWRep internal database, under platform i386_tomas and area /base. This is the easiest way of getting a large number of new RPM’s into SWRep; the same command comes very handy for updating an area. (Please check the manpage of swrep-client for more information on this command.) So, we must copy all the rpms packages of quattor and sl3 in the repository using swrep-client bootstrap
The next step is to load into CDB templates. The templates are in /usr/share/doc/pan-templates/ firs of all we add the standard templates.
[tomas@pc92-red16 standard]$ cd standard [tomas@pc92-red16 standard]$ cdbop quattor CDB CLI: Version 1.8.16 Enter user-name: quattor Enter password: Connecting to https://localhost... Welcome to CDB Command Line Interface Opening session... Type 'help' for more info [cdb] /usr/share/doc/pan-templates/standard > add * [INFO] adding template: pro_declaration_functions_filesystem [INFO] adding template: pro_declaration_functions_general [INFO] adding template: pro_declaration_functions_network [INFO] adding template: pro_declaration_profile_base [INFO] adding template: pro_declaration_structure_validation_functions [INFO] adding template: pro_declaration_structures [INFO] adding template: pro_declaration_types [INFO] adding template: pro_declaration_units [cdb] /usr/share/doc/pan-templates/standard > commit [cdb] /usr/share/doc/pan-templates/standard > exit
Then, we make the same in the directory site_specific to add the hardware info:
[tomas@pc92-red16 pan-templates]$ cd site_specific/ [tomas@pc92-red16 site_specific]$ cdbop quattor CDB CLI: Version 1.8.16 Enter user-name: quattor Enter password: Connecting to https://localhost... Welcome to CDB Command Line Interface Opening session... Type 'help' for more info [cdb] /usr/share/doc/pan-templates/site_specific > add pro_hardware* [INFO] adding template: pro_hardware_asus_terminator_p4_533a [INFO] adding template: pro_hardware_card_nic_intel_e100 [INFO] adding template: pro_hardware_cpu_GenuineIntel_Pentium_4_2600 [INFO] adding template: pro_hardware_harddisk_STD_80 [INFO] adding template: pro_hardware_ram_1024 [cdb] /usr/share/doc/pan-templates/site_specific > commit [cdb] /usr/share/doc/pan-templates/site_specific > exit
Now, the templates about the software repository (in this moment our repository its only for demo and dont have too much sense):
tomas@pc92-red16 tmp]$ swrep-client template i386_tomas > repository_swrep_i386_tomas.tpl [tomas@pc92-red16 tmp]$ cdbop quattor CDB CLI: Version 1.8.16 Enter user-name: quattor Enter password: Connecting to https://localhost... Welcome to CDB Command Line Interface Opening session... Type 'help' for more info [cdb] /tmp > add repository_swrep* [INFO] adding template: repository_swrep_i386_tomas [cdb] /tmp > commit [cdb] /tmp > exit
Be careful with the template name, its importan: swrep its the name of the owner and i386_tomas of the repository, you cannot use any other name.
Other step its to configure the component templates with the services info, this templates are in components directory and could need that you have uploaded the necessarys RPMS in your repository.
[root@pc92-red16 pan-templates]# cd components/ [root@pc92-red16 components]# cdbop quattor CDB CLI: Version 1.8.16 Enter user-name: quattor Enter password: Connecting to https://localhost... Welcome to CDB Command Line Interface Opening session... Type 'help' for more info [cdb] /usr/share/doc/pan-templates/components > add pro_declaration_component_grub.tpl [INFO] adding template: pro_declaration_component_grub [cdb] /usr/share/doc/pan-templates/components > commit [cdb] /usr/share/doc/pan-templates/components > exit
The last step its to create a configuration profile for a new client. We can use the example profile_mynode and modify it:
cp profile_mynode.tpl /tmp/profile_tomas1.tpl
Then edit the file and change:
Other important file you have to change:
In order to have a correct software package template you should use rpmq2pan_pkg.pl.
Now load profile_tomas1 in the cdb (you could have problems with some templates dependences, you only have to add it). If everything is allright you could see the new profile in http://tomas-server/profiles.
Copy the file /usr/share/doc/aii-1.0.29/eg/dhcpd.conf in /etc, edit this file and make the necessary changes for your network. You should edit the file /etc/aii-dhcp.conf.
First of all, we have to create a new directory in:
mkdir /osinstall/nbp/i386_tomas
and copy there the files vmlinuz and initrd.img from the sl3-cd3 (/images/pxeboot).
You have to make the Kickstart configuration accesible throught your http server:
ln -s /osinstall/ks /var/www/html/ks
You have to have a linux distribution accesible throught your http server, for example:
mkdir -p /var/www/html/i386_tomas
And then copy all the files of the CD1 of SL3 distributio, then you can free space, cause you have all the rpm packages in your repository:
rm -rf /var/www/html/i386_tomas/SL/RPMS ln -s /var/www/html/swrep/i386_tomas/ var/www/html/i386_tomas/SL/RPMS
Note: yo have to make the necessary changes in the themplates with the linux distribution path.
Copy the aii-shellfe config file:
cp /usr/share/doc/aii-1.0.29/eg/aii-shellfe.conf /etc/
Edit this file with the info about the place where the profiles will be installed, in this case we will use the same server. Now, we configure the node tomas1:
aii-shellfe --configure tomas1 aii-shellfe --install tomas1
If you edit /etc/dhcp.conf you will see the info about the tomas1 node.
And thats all, now you can run the client to install all the software in tomas1 ;)
The most important change that you have to do its about the defaults software package, you have to make the software package template with the info about the rpms installed:
/usr/lib/perl/quattor-sw-util/rpmq2pan_pkg.pl --outprfx=pro_software_package --platform=i386_tomas
Now you have the file pro_software_package_i386_tomas.tpl instead of use pro_software_packages_defaults_i386_sl3.tpl and pro_software_packages_i386_sl3.tpl default templates.
Be careful
You shouldn’t run rpmq2pan_pkg in a server machine, cause will generate a list of server packages with packages that you dont need in the client and with packages that there are in other templates. For example, if you have installed quattor in the server, the list of quattor packages are in a template, but if you run rpmq2pan_pkg will be included too in pro_software_packages, replicated packages is something not allowd. So this command should be used in a “clean” machine with the packages that you want to be installed in the other clients machines.
Other files, that should be modified its pro_system_base.tpl and have something like this:
"/system/network/domainname" = default( "andago.net" );
"/system/network/nameserver" = default(list(
"192.168.17.2"));
"/system/network/interfaces" = set_interface_defaults(nlist(
"netmask", "255.255.255.0",
"broadcast","192.168.16.255",
"gateway", "192.168.16.1"));
And comment all the components that you think that are not importatn in this moment, like cron,accounts...
In the file pro_system_mycluster.tpl you should set the partition list.
In the file pro_software_mycluster.tpl set the repository name:
...
"/software/repositories/0" = create("repository_swrep_i386_tomas");
...
Other importants templates are about AII:
#
# OS installation server
#
"/software/components/aii/osinstall/options/server_osinstall"
= "192.168.16.92";
#
# Installation protocol (http or nfs)
#
"/software/components/aii/osinstall/options/osinstall_protocol" = "http";
#
# CDB server
#
"/software/components/aii/osinstall/options/cdb"
= "192.168.16.92";
#
# NFS directory/HTTP URL with the Scientific linux 3 distribution
#
"/software/components/aii/osinstall/options/installtype" = {
if (value("/software/components/aii/osinstall/options/osinstall_protocol") == "http") {
return ("url --url http://"
+ value("/software/components/aii/osinstall/options/server_osinstall")
+ "/i386_sl3");
} else {
return ("nfs --server "
+ value("/software/components/aii/osinstall/options/server_osinstall")
+ " --dir /osinstall/i386_sl3");
}
};
and put the info of our PXE installator:
#
# NFS directory/HTTP URL with the Scientific linux 3 distribution
#
"/software/components/aii/osinstall/options/installtype" = {
if (value("/software/components/aii/osinstall/options/osinstall_protocol") == "http") {
return ("url --url http://"
+ value("/software/components/aii/osinstall/options/server_osinstall")
+ "/i386_tomas");
} else {
return ("nfs --server "
+ value("/software/components/aii/osinstall/options/server_osinstall")
+ " --dir /osinstall/i386_tomas");
}
};
~~UP~~