Commit af91f229 authored by Andreas Beutel's avatar Andreas Beutel Committed by GitHub
Browse files

Merge pull request #6 from TYPO3-infrastructure/develop

Update master
parents 903d7a14 bdf68cd6
On server
==============
edit /root/machine.conf and update variables
# kick installation
virt-install-debian
export DOMAIN=srvXXX
# login and create /root/.ssh
# install curl (until its part of base install)
# shutdown
virsh shutdown $DOMAIN
# copy ssh-keys of admins into machine
virt-copy-in -d $DOMAIN authorized_keys /root/.ssh/
# start again
virsh start $DOMAIN
# set domain to autostart
virsh autostart $DOMAIN
On your workstation (chef master node)
========================================
knife bootstrap --bootstrap-version 12.5.1 -N srvXXX.typo3.org -E production -r "recipe[t3-base]" -E production --ssh-user=root 46.4.xxx.yyy
# cleanup root/.ssh/authorized_keys
On server
==============
* create default VM, attached to private network:
```shell
virt-install-debian srvXXX
```
* press <strg>+5 to disconnect from the console once the boostrapping is finished, be patient before the next step
* confirm succesfull creation with <y>-key
Chef Bootstrapping (On Your Workstation)
========================================
* make sure you are connected to the VPN
```shell
knife bootstrap --bootstrap-version 12.5.1 -E production -r "recipe[t3-base]" --ssh-user=root \
-N srvXXX.typo3.org 10.186.2.yyy
```
Customisation of virtual machine
=====================================
Feel free to customise the machine via /etc/libvir/qemu/*.xml files and tools.
Update Config (On server)
=====================================
Optional, should not be required during daily operations
* edit variables in `/root/machine.conf`
Read the source of the shell script for further details
- use encrypted root pw '$1$2nDbOTXS$yzM1ew/7KrdnPTfPVenPs0' instead of random string
- add curl/wget to standard install
- nail chef-client to 12.5.1 (if still required at all)
- add curl/wget and ca-certificates to standard install
- add IPV6 support (hard/impossible via preseed)
- cleanup authorized_keys after installation
- improve scripts/configuration
- refactor to t3-guest-install
DONE
==========
- improve scripts/configuration
- nail chef-client to 12.5.1 (if still required at all)
#!/bin/bash
SERVER_NAME="srv168"
NET_IPV4_MAC="00:50:56:00:59:07"
NET_IPV4_ADDRESS="46.4.110.203"
NET_IPV4_GATEWAY="46.4.110.201"
NET_IPV4_BROADCAST="46.4.110.207"
NET_IPV4_NETMASK="255.255.255.248"
HOST_NAME=$SERVER_NAME
......@@ -165,6 +165,9 @@ d-i partman-auto/disk string /dev/sda
# - crypto: use LVM within an encrypted partition
d-i partman-auto/method string regular
# Disable warning about missing swap partition
d-i partman-basicfilesystems/no_swap boolean false
# If one of the disks that are going to be automatically partitioned
# contains an old LVM configuration, the user will normally receive a
# warning. This can be preseeded away...
......@@ -179,7 +182,13 @@ d-i partman-lvm/confirm_nooverwrite boolean true
# - atomic: all files in one partition
# - home: separate /home partition
# - multi: separate /home, /var, and /tmp partitions
d-i partman-auto/choose_recipe select atomic
# d-i partman-auto/choose_recipe select atomic
d-i partman-auto/expert_recipe string noswap :: 1000 50 -1 ext4 \
$primary{ } $bootable{ } method{ format } \
format{ } use_filesystem{ } filesystem{ ext4 } \
mountpoint{ / } \
.
d-i partman-auto/choose_recipe select noswap
# Or provide a recipe of your own...
# If you have a way to get a recipe file into the d-i environment, you can
......@@ -226,7 +235,7 @@ d-i partman/confirm_nooverwrite boolean true
# so this will only work if the disks are the same size.
#d-i partman-auto/disk string /dev/sda /dev/sdb
# Next you need to specify the physical partitions that will be used.
# Next you need to specify the physical partitions that will be used.
#d-i partman-auto/expert_recipe string \
# multiraid :: \
# 1000 5000 4000 raid \
......@@ -321,10 +330,10 @@ d-i base-installer/kernel/image string linux-image-amd64
tasksel tasksel/first multiselect ssh-server
# Individual additional packages to install
#d-i pkgsel/include string openssh-server build-essential
d-i pkgsel/include string ca-certificates
# Whether to upgrade packages after debootstrap.
# Allowed values: none, safe-upgrade, full-upgrade
#d-i pkgsel/upgrade select none
d-i pkgsel/upgrade select full-upgrade
# Some versions of the installer can report back on what software you have
# installed, and what software you use. The default is not to report back,
......@@ -389,9 +398,11 @@ d-i finish-install/reboot_in_progress note
# This is how to make the installer shutdown when finished, but not
# reboot into the installed system.
#d-i debian-installer/exit/halt boolean true
d-i debian-installer/exit/halt boolean true
# This will power off the machine instead of just halting it.
#d-i debian-installer/exit/poweroff boolean true
# In order to copy-in the SSH key, we need to be off.
d-i debian-installer/exit/poweroff boolean true
### Preseeding other packages
# Depending on what software you choose to install, or if things go wrong
......@@ -425,4 +436,8 @@ d-i finish-install/reboot_in_progress note
# directly, or use the apt-install and in-target commands to easily install
# packages and run commands in the target system.
#d-i preseed/late_command string apt-install zsh; in-target chsh -s /bin/zsh
+# commands to execute after installation finished
# prepare root's .ssh/ directory to later put the SSH keys into
d-i preseed/late_command string \
in-target mkdir /root/.ssh
......@@ -2,30 +2,43 @@
MACHINE_CONF_FILE="/root/machine.conf"
if [ ! -f "$MACHINE_CONF_FILE" ]; then
echo "you must supply the path to a config file"
echo "please checke existance of $MACHINE_CONF_FILE"
exit 99
fi
source $MACHINE_CONF_FILE
if [ -z "$1" ]; then
echo "you must supply server name like srvXXX as argument"
exit 99
else
SERVER_NAME=$1
SERVER_IPV4_ADDRESS=$(echo "$SERVER_NAME" | sed -r -n 's/(srv)([0-9]{3})/\2/p')
if [[ ! "$SERVER_IPV4_ADDRESS" =~ ^[0-9]{3}$ ]]; then
echo "Could not validate $SERVER_IPV4_ADDRESS"
exit 99
else
NET_IPV4_ADDRESS="$SERVER_IPV4_BLOCK.$SERVER_IPV4_ADDRESS"
fi
fi
# we should now have the following variables
echo "SERVER_NAME $SERVER_NAME"
echo "NET_IPV4_MAC $NET_IPV4_MAC"
#echo "NET_IPV4_MAC $NET_IPV4_MAC"
echo "NET_IPV4_ADDRESS $NET_IPV4_ADDRESS"
echo "NET_IPV4_GATEWAY $NET_IPV4_GATEWAY"
echo "NET_IPV4_BROADCAST $NET_IPV4_BROADCAST"
echo "NET_IPV4_NETMASK $NET_IPV4_NETMASK"
read -p "Do you cant to creat a machine with this config? " -n 1 -r
read -p "Do you cant to create a machine with this config? " -n 1 -r
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
exit 1
fi
exit 99
###########################################
###########################################
### ###
......@@ -41,8 +54,6 @@ exit 99
HOST_NAME=$SERVER_NAME
SCRIPT_PATH=`dirname "$SCRIPT"`
# create passwd
PASSWORD=$(makepasswd --minchars=10 --maxchars=12)
echo "Generated random password"
......@@ -54,8 +65,22 @@ then
exit 1
fi
# generate ssh-authorized keys so they can be uploaded into the root-account
$SCRIPT_PATH/gatherkeys.sh > $SCRIPT_PATH/authorized_keys
# helper function to wait until the VM has shut down
wait_for_shutdown()
{
echo "Waiting for shutdown of $1"
while true; do
virsh list | grep -c $1 > /dev/null
if [ $? -eq 1 ]; then
echo
echo "VM stopped: $1"
return 0
fi
sleep 1
echo -n "."
done
}
# note on preseeding
# file must be injected in the root/intrd filesysetm
......@@ -66,18 +91,45 @@ $SCRIPT_PATH/gatherkeys.sh > $SCRIPT_PATH/authorized_keys
#VOLUME=$SERVER_NAME
#--network bridge=br0 \
#--network bridge=br-ext,mac=$NET_IPV4_MAC,model=virtio \
virt-install \
--connect qemu:///system \
--name $SERVER_NAME \
--ram 2048 \
--disk pool=vg1,size=50,bus=virtio \
--disk pool=vgpool,size=20,bus=ide \
--vcpus 2 \
--os-type linux \
--os-variant generic \
--network bridge=br0,mac=$NET_IPV4_MAC,model=virtio \
--network bridge=br-int,model=virtio \
--graphics none \
--console pty,target_type=serial \
--location 'http://ftp.de.debian.org/debian/dists/jessie/main/installer-amd64/' \
--initrd-inject '/usr/local/bin/preseed.cfg' \
--location 'http://mirror.hetzner.de/debian/packages/dists/jessie/main/installer-amd64/' \
--initrd-inject '/usr/local/virtinstaller/preseed.cfg' \
--extra-args "auto=true netcfg/get_hostname=$HOST_NAME netcfg/hostname=$HOST_NAME passwd/root-password=$PASSWORD passwd/root-password-again=$PASSWORD netcfg/get_ipaddress=$NET_IPV4_ADDRESS netcfg/get_netmask=$NET_IPV4_NETMASK netcfg/get_gateway=$NET_IPV4_GATEWAY console=ttyS0,115200n8 serial"
echo "Finished with virt-install."
read -p "Did the installation finish and the VM shut down? " -n 1 -r
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
exit 1
fi
echo "Doing some aftermath..."
# shutdown
virsh destroy $SERVER_NAME
wait_for_shutdown $SERVER_NAME
# copy ssh-keys of admins into machine
# generate ssh-authorized keys so they can be uploaded into the root-account
SCRIPT_PATH=$(dirname $([ -L $0 ] && readlink -f $0 || echo $0))
$SCRIPT_PATH/gatherkeys.sh > $SCRIPT_PATH/authorized_keys
virt-copy-in -d $SERVER_NAME $SCRIPT_PATH/authorized_keys /root/.ssh/
# start again
virsh start $SERVER_NAME
# set domain to autostart
virsh autostart $SERVER_NAME
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment