Difference between revisions of "Agile testbed"

From PDP/Grid Wiki
Jump to navigationJump to search
Line 55: Line 55:
  
 
and, optionally,
 
and, optionally,
 +
* a pre-generated ssh host key (highly recommended!)
 
* a recipe for automated customization
 
* a recipe for automated customization
 
* a host key for SSL
 
* a host key for SSL
Line 71: Line 72:
 
  /etc/init.d/dnsmasq restart
 
  /etc/init.d/dnsmasq restart
  
 +
Now almost everything is ready to start building a VM. If ssh is to be used later on to log in to the machine (and this is almost '''always''' the case), it is tremendously '''useful''' to have a pre-generated host key (for otherwise each time the machine is re-installed the host key changes, and ssh refuses to log in until you remove the offending key from the known_hosts. This '''will happpen'''). Therefore, run
 +
/usr/local/bin/keygen <hostname>
 +
to pre-generate the ssh keys.
 +
 +
Depending on the purpose of the machine, an X.509 host certificate needs to be issued.
  
* on span.nikhef.nl, run
 
/usr/local/bin/keygen <hostname>
 
to pre-generate ssh keys.
 
* on span, run
 
/var/local/hostkeys/generate-knownhosts.sh
 
* on all machines, do
 
cp /var/local/hostkeys/ssh_known_hosts /etc/ssh/ssh_known_hosts
 
 
* (optional) generate or request an X509 host certificate. For local machines in the .testbed domain, Dutchgrid certificates won't be issued, but a testbed-wide CA is in use, ask Dennis. The certificate and key are stored in
 
* (optional) generate or request an X509 host certificate. For local machines in the .testbed domain, Dutchgrid certificates won't be issued, but a testbed-wide CA is in use, ask Dennis. The certificate and key are stored in
 
  /var/local/hostkeys/pem/<hostname>/hostcert.pem
 
  /var/local/hostkeys/pem/<hostname>/hostcert.pem
Line 110: Line 109:
 
** With Debian preseeding, this may be automated by either setting <tt>d-i netcfg/dhcp_options select Retry network autoconfiguration</tt> or <tt>d-i netcfg/dchp_timeout string 60</tt>.
 
** With Debian preseeding, this may be automated by either setting <tt>d-i netcfg/dhcp_options select Retry network autoconfiguration</tt> or <tt>d-i netcfg/dchp_timeout string 60</tt>.
 
* Sometimes, a storage device is re-used (especially when recreating a domain after removing it '''and''' the associated storage). The re-use may cause the partitioner to see an existing LVM definition and fail, complaining that the partition already exists; you can re-use an existing LVM volume by using the argument: <tt>--disk vol=vmachines/blah</tt>.
 
* Sometimes, a storage device is re-used (especially when recreating a domain after removing it '''and''' the associated storage). The re-use may cause the partitioner to see an existing LVM definition and fail, complaining that the partition already exists; you can re-use an existing LVM volume by using the argument: <tt>--disk vol=vmachines/blah</tt>.
 
  
 
=== importing a VM image from another source ===
 
=== importing a VM image from another source ===

Revision as of 18:45, 22 February 2013