tahina.priv.at/ kisscluster/ install

ich / me

vorträge / talks

spam

hacks

electronics

impressum

cm@tahina.priv.at

KISScluster: installation

KISScluster is designed to be used with Ansible.

If you've never used it, go and read up on it.

You need Ansible 1.7; it may work with older or newer versions, but that's what I've tested it with.

Node preparation

The nodes are supposed to be running a fresh install of Debian Jessie, with sshd running and a basic network config that allows them to be reached from your machine.

They need an empty device to be used as the physical volume for the vmvg volume group that will hold the VM images (so size it accordingly). The PV and VG will be created by the installation.

Integrating with an existing Ansible setup

If you already have Ansible running, it's easy.

  • make sure Ansible can talk to the cluster nodes.

  • add the ansible subdirectory of the kisscluster distribution to the roles_path in your ansible.cfg so the roles are found.

  • copy kisscluster-install.yml to your ansible directory.

  • add a [clustername] group to your Ansible inventory file, containing the cluster nodes.

Then, continue with "Running the installation".

New Ansible user?

First, install Ansible. The Debian packages on jessie work just fine:

apt-get install ansible

Edit ansible-hosts, replace "cluster1" with your cluster name, and "nodeX" with your node names. Make sure those names resolve and you can ssh to them with your user, and you have sudo rights on them.

Put your ssh public key (for an authorized_keys file) in authorized_keys in the ansible directory.

Prepare the nodes for Ansible by running

ansible-playbook prepare-host.yml --ask-pass --ask-sudo-pass

(You can leave out the --ask-pass if you're ssh'ing with key authentication).

What this does is:

  • adds a user ansible with ssh key authentication

  • installs sudo and permits passwordless use for the ansible user and the adm group (the latter is for ansible to run commands on localhost).

  • enables sftp in sshd, so Ansible can copy files

You should be ready for the installation.

Running the installation

  • edit kisscluster-install.yml replacing "cluster1" with your cluster's name, and setting source_dir to the top directory of your kisscluster source.

  • create group_vars/clustername.yml according to the example provided in the source (and make sure to replace node1 and node2 by your real hostnames).

  • run

    ansible-playbook kisscluster-install.yml

  • reboot the nodes (drbd.service will fail when coming up, as there's no resources defined yet. that's OK).

You should now be able to run kiss-overview and see something like this:

OK: kissclusterd.service
OK: Active target: primary-vms.target

VM status:

DRBD status:

It may take a minute after boot until the cluster stabilized and an "Active target" is started.

Well, if you've come this far, the cluster is installed. Except for the administrators...

Setting up admin users

  • Create user accounts for your administrators, and add them to the adm group.

  • Make sure they can ssh as user ansible from one cluster node to the other, i.e. ssh ansible@othernode works. This is for the kiss-configuration stuff. How you do that (enabling AgentForwarding and adding your usual key to ansible's authorized_keys, or generating a key on the cluster nodes) is up to you and your local policy.

  • cd /srv/kiss-configure on the first node

  • Commit the installed files: git commit -am "my first commit"

  • Push the changes to both nodes: git push origin master

  • On the second node, run git pull origin master

  • Verify that the git commands run successfully.

Manual installation

Really? OK, here's the rough sketch:

  • make sure the interfaces (storage and bridge on the production network) are configured

  • make sure the kvm module is loaded

  • install prerequisites:

    • bridge-utils
    • ntp
    • lvm2
    • drbd-utils
    • qemu-kvm
    • socat
    • iproute2
    • fping
    • perl
    • libconfig-tiny-perl
    • libipc-system-simple-perl
    • libdigest-sha-perl
    • sudo

  • make sure no crappy tools that break your network are installed, like avahi and NetworkDamager

  • install the scripts from ansible/roles/kisscluster-install/files, and of course kissclusterd and kissclusterd.conf

  • configure the DRBD kernel module with minor_count=128

  • install an adequate global_common.conf for DRBD (see .../kisscluster-install/templates)

  • make sure your DRBD service starts even when there's no resources defined, and does not auto-switch resources to primary.

  • create a vmvg volume group

  • create a user and group for kissclusterd to run as, a service file for it, and sudoer permissions to start systemd targets.

  • install kisscluster.conf

  • install unit files for drbd-resource@.service and the three targets (see .../kisscluster-install/templates).

  • install drbd-primary-helper

  • make qemu-bridge-helper setuid root, and install bridge.conf