Add the following lines to your kickstart config.
# Join AD domain
yum -y install pbis-open
/usr/bin/domainjoin-cli setname ${hostname}.corp.yourdomain.com
/usr/bin/domainjoin-cli join --ou OU=LinuxServers,OU=Internal,DC=corp,DC=yourdomain,DC=com corp.yourdomain.com joinaccount joinpassword
/opt/pbis/bin/config AssumeDefaultDomain true
/opt/pbis/bin/config LoginShellTemplate /bin/bash
/opt/pbis/bin/config HomeDirTemplate %H/%D/%U
Simple shell script to do the same:
joinad.sh
#!/bin/bash
if [ -z "$1" ]
then
echo "Usage: joinad.sh yourservername"
exit 1
fi
echo "Joining $1"
ssh -t $1 "domainjoin-cli join --disable hostname --ou OU=LinuxServers,OU=Internal,DC=corp,DC=yourdomain,DC=com corp.yourdomain.com joinaccount joinpassword; /opt/pbis/bin/config AssumeDefaultDomain true; /opt/pbis/bin/config LoginShellTemplate /bin/bash; /opt/pbis/bin/config HomeDirTemplate %H/%U"
Friday, May 15, 2015
Terminal/Console
Screen
Below is some customization for screen utility.cat .screenrc
# SSH agent link
setenv SSH_AUTH_SOCK $HOME/.ssh/ssh_auth_sock
# Number of lines
defscrollback 10000
# for ctrl right and left arrows
bindkey ^[[1;5D prev
bindkey ^[[1;5C next
bindkey "^[[D" prev # ctrl-left
bindkey "^[[C" next # ctrl-right
# To remove splits
bind X remove
# Window list at the bottom. hostname, centered tabs and redmarked active windows:
#hardstatus alwayslastline
#hardstatus string '%{= kG}[ %{G}%H %{g}][%= %{= kw}%?%-Lw%?%{r}(%{W}%n*%f%t%?(%u)%?%{r})%{w}%?%+Lw%?%?%= %{g}][%{B} %d/%m %{W}%c %{g}]'
#caption always "%{+b rk}%H%{gk} |%c %{yk}%d.%m.%Y | %72=Load: %l %{wk}"
hardstatus alwayslastline "%?%{yk}%-Lw%?%{wb}%n*%f %t%?(%u)%?%?%{yk}%+Lw%?"
To keep your ssh-agent running in screen session add rc file:
cat .ssh/rc
if test "$SSH_AUTH_SOCK" ; then
ln -sf $SSH_AUTH_SOCK ~/.ssh/ssh_auth_sock
fi
Monday, May 11, 2015
VMware CLI management
I'm trying to use command line interface as much as I can. Below are some examples of VMware CLI management.
Get a list of all VMs:
vim-cmd vmsvc/getallvms
Take a look at template:
/vmfs/volumes/541abff4-d8f5aafc-5d95-002590e90bb0 # /vmfs/volumes/datastore1/vmwa re-ovftool/ovftool prve-loadtest.ova
Deploy VM from Windows ovf tool:
C:\Program Files (x86)\VMware\VMware OVF Tool>ovftool --disableVerification --no SSLVerify -dm=thick --datastore=datastore1 --name=loadtest1 --net:"VM Net work"="VM Network" c:\Users\igrinkin\loadtest.ova vi://root:root_password@hypervisor1 Opening OVA source: c:\Users\igrinkin\loadtest.ova Opening VI target: vi://root@10.107.130.29:443/ Deploying to VI: vi://root@10.107.130.29:443/ Transfer Completed The manifest validates Warning: - No manifest entry found for: 'loadtest1-disk1.vmdk'. Completed successfully
Copy VM to another ESX server
ssh hypervisor1 cd /vmfs/volumes/datastore1/ scp -r /vmfs/volumes/datastore1/testvm/ hypervisor2:/vmfs/volumes/datastore1/
Open hypervisor2 in vSphere
Configuration - Storage - right-click on datastore1 - Browse to "testvm" folder - click on testvm.vmx - Add to inventory
Remove VM from hypervisor1 to cleanup
You can easily script it to emulate what Vcenter does.
Add a second hard drive to VM without reboot
Add second drive to live server.
Run
echo "- - -" > /sys/class/scsi_host/host2/scan
fdisk should show you the second drive. Create partition and format.
mkfs.ext3 -m0 /dev/sdb1 tune2fs -c0 -i0 /dev/sdb1
Using mysql module in puppet manifest
I downloaded mysql module from Puppet Labs.
Here is an example of using it in graphite module.
class graphite {
$graphite_packages = ["graphite-web","MySQL-python","python-carbon","python-whisper"]
package { $graphite_packages: ensure => installed }
$graphite_services = ["httpd","carbon-cache"]
service { $graphite_services: ensure => running, enable => true }
file { "/etc/graphite-web/local_settings.py":
owner => "root",
group => "root",
mode => 644,
source => "puppet:///modules/graphite/local_settings.py",
notify => Service["httpd"],
}
file { "/etc/carbon/storage-schemas.conf":
owner => "root",
group => "root",
mode => 644,
source => "puppet:///modules/graphite/storage-schemas.conf",
notify => Service["httpd"],
}
file { "/root/graph.sql":
owner => "root",
group => "root",
mode => 644,
source => "puppet:///modules/graphite/graph.sql",
notify => Service["mysqld"],
}
include '::mysql::server'
mysql::db { 'mydb':
dbname => 'graphite',
user => 'graphite',
password => 'graphitepassword',
host => 'localhost',
grant => ['ALL'],
sql => '/root/graph.sql',
import_timeout => 900,
}
}
Here is an example of using it in graphite module.
class graphite {
$graphite_packages = ["graphite-web","MySQL-python","python-carbon","python-whisper"]
package { $graphite_packages: ensure => installed }
$graphite_services = ["httpd","carbon-cache"]
service { $graphite_services: ensure => running, enable => true }
file { "/etc/graphite-web/local_settings.py":
owner => "root",
group => "root",
mode => 644,
source => "puppet:///modules/graphite/local_settings.py",
notify => Service["httpd"],
}
file { "/etc/carbon/storage-schemas.conf":
owner => "root",
group => "root",
mode => 644,
source => "puppet:///modules/graphite/storage-schemas.conf",
notify => Service["httpd"],
}
file { "/root/graph.sql":
owner => "root",
group => "root",
mode => 644,
source => "puppet:///modules/graphite/graph.sql",
notify => Service["mysqld"],
}
include '::mysql::server'
mysql::db { 'mydb':
dbname => 'graphite',
user => 'graphite',
password => 'graphitepassword',
host => 'localhost',
grant => ['ALL'],
sql => '/root/graph.sql',
import_timeout => 900,
}
}
Friday, May 08, 2015
How to: puppet - hiera - foreman enc
Here is an example of a puppet setup with hiera and Foreman as ENC (external node classifier)
Let's say I want to manage my /etc/resolv.conf using puppet. Since I have multiple datacenters, I want to point linux clients to the closest DNS server.
I want my puppet templates to be generic, so that I don't have to touch it again. All hard-coded data (like IP addresses) goes into hiera.
cat puppet/modules/dns/manifests/init.pp
class dns ( $dns_search = hiera("dns::search"),
$dns_servers = hiera("dns::servers")) {
file { "/etc/resolv.conf":
owner => "root",
group => "root",
mode => 644,
content => template("dns/resolv.conf.erb"),
}
}
Basically, I'm saying that "dns_search" and "dns_servers" variables will come from hiera data.
Here is the template that puppet will apply:
cat puppet/modules/dns/templates/resolv.conf.erb
# This file is controlled by Puppet
search <%= dns_search %>
<% @dns_servers.each do |server| -%>
nameserver <%= server %>
<% end -%>
cat /etc/puppet/hiera.yaml
---
:backends:
- yaml
:yaml:
:datadir: /etc/puppet/hieradata
:hierarchy:
- "%{::clientcert}"
- "nodes/%{::fqdn}"
- "%{::environment}"
- "location/%{::location}"
- defaults
Location hiera file for Redwood City will look like:
cat puppet/hieradata/location/rwc.yaml
---
dns::search: rwc.mycompany.com mycompany.com
dns::servers:
- 192.168.0.2
- 192.168.0.3
- 10.10.0.2
Foreman installation was pretty straightforward from:
http://theforeman.org/manuals/1.1/quickstart_guide.html
foreman-installer --foreman-db-type=mysql
I used mysql database and my own certificate that was signed by my own CA.
cat /etc/puppet/foreman.yaml
---
:url: "https://foreman.mycompany.com"
:ssl_ca: "/etc/pki/tls/certs/mycompanyca.crt"
:ssl_cert: "/etc/pki/tls/certs/foreman.crt"
:ssl_key: "/etc/pki/tls/private/foreman.key"
:user: ""
:password: ""
:puppetdir: "/var/lib/puppet"
:puppetuser: "puppet"
:facts: true
:timeout: 10
:threads: null
Let's say I want to manage my /etc/resolv.conf using puppet. Since I have multiple datacenters, I want to point linux clients to the closest DNS server.
I want my puppet templates to be generic, so that I don't have to touch it again. All hard-coded data (like IP addresses) goes into hiera.
Puppet
I separate puppet classes by modules for convenience. Here is how puppet manifest looks like:cat puppet/modules/dns/manifests/init.pp
class dns ( $dns_search = hiera("dns::search"),
$dns_servers = hiera("dns::servers")) {
file { "/etc/resolv.conf":
owner => "root",
group => "root",
mode => 644,
content => template("dns/resolv.conf.erb"),
}
}
Basically, I'm saying that "dns_search" and "dns_servers" variables will come from hiera data.
Here is the template that puppet will apply:
cat puppet/modules/dns/templates/resolv.conf.erb
# This file is controlled by Puppet
search <%= dns_search %>
<% @dns_servers.each do |server| -%>
nameserver <%= server %>
<% end -%>
Hiera
Hiera configuration file goes by location:cat /etc/puppet/hiera.yaml
---
:backends:
- yaml
:yaml:
:datadir: /etc/puppet/hieradata
:hierarchy:
- "%{::clientcert}"
- "nodes/%{::fqdn}"
- "%{::environment}"
- "location/%{::location}"
- defaults
Location hiera file for Redwood City will look like:
cat puppet/hieradata/location/rwc.yaml
---
dns::search: rwc.mycompany.com mycompany.com
dns::servers:
- 192.168.0.2
- 192.168.0.3
- 10.10.0.2
Foreman
You don't have to use Foreman but it gives you a nice GUI, dashboard and can easily be used as ENC to create puppet host groups and configuration groups.Foreman installation was pretty straightforward from:
http://theforeman.org/manuals/1.1/quickstart_guide.html
foreman-installer --foreman-db-type=mysql
I used mysql database and my own certificate that was signed by my own CA.
cat /etc/puppet/foreman.yaml
---
:url: "https://foreman.mycompany.com"
:ssl_ca: "/etc/pki/tls/certs/mycompanyca.crt"
:ssl_cert: "/etc/pki/tls/certs/foreman.crt"
:ssl_key: "/etc/pki/tls/private/foreman.key"
:user: ""
:password: ""
:puppetdir: "/var/lib/puppet"
:puppetuser: "puppet"
:facts: true
:timeout: 10
:threads: null
Wednesday, April 15, 2015
GIT
Create new GIT repo on the server:
add user git
create athorized_keys for git
mkdir /data/git
ln -s /data/git /git
cd /git
mkdir ops.git
cd ops.git
git --bare init
add user git
create athorized_keys for git
mkdir /data/git
ln -s /data/git /git
cd /git
mkdir ops.git
cd ops.git
git --bare init
Friday, April 10, 2015
Puppet notes
Built-in puppet variables in templates:
# This file is controlled by Puppet
# /etc/puppet/puppet.conf
# <%= scope.lookupvar('::osfamily') %> <%= scope.lookupvar('::operatingsystemmajrelease') %>
Example of template and file:
file { "/etc/puppet/puppet.conf":
owner => "root",
group => "root",
mode => 644,
content => template("puppet/puppet.conf.erb"),
notify => Service["puppet"],
}
file { "/etc/sysconfig/puppet":
owner => "root",
group => "root",
mode => 644,
source => "puppet:///modules/puppet/puppet",
notify => Service["puppet"],
}
Hieradata
cat hiera.yaml
---
:backends:
- yaml
:yaml:
:datadir: /etc/puppet/hieradata
:hierarchy:
- "%{::clientcert}"
- "nodes/%{::fqdn}"
- "%{::environment}"
- "location/%{::location}"
- defaults
Example of location yaml
cat location/mylocation.yaml
---
dns::search: myl.location.com location.com
dns::servers:
- 192.168.0.100
- 192.168.0.101
ssh::group_key: AAAAB3NzaC1yc........
# This file is controlled by Puppet
# /etc/puppet/puppet.conf
# <%= scope.lookupvar('::osfamily') %> <%= scope.lookupvar('::operatingsystemmajrelease') %>
Example of template and file:
file { "/etc/puppet/puppet.conf":
owner => "root",
group => "root",
mode => 644,
content => template("puppet/puppet.conf.erb"),
notify => Service["puppet"],
}
file { "/etc/sysconfig/puppet":
owner => "root",
group => "root",
mode => 644,
source => "puppet:///modules/puppet/puppet",
notify => Service["puppet"],
}
Hieradata
cat hiera.yaml
---
:backends:
- yaml
:yaml:
:datadir: /etc/puppet/hieradata
:hierarchy:
- "%{::clientcert}"
- "nodes/%{::fqdn}"
- "%{::environment}"
- "location/%{::location}"
- defaults
Example of location yaml
cat location/mylocation.yaml
---
dns::search: myl.location.com location.com
dns::servers:
- 192.168.0.100
- 192.168.0.101
ssh::group_key: AAAAB3NzaC1yc........
Monday, March 16, 2015
How to setup E-mail relay
Gmail rejects e-mail from my server.
Solution: E-mail relay through Mandrill (MailChimp service)
1. Create account with Mandrill (it's free)
2. Generate some API key on Mandrill website
3. Setup your Postfix
yum -y install postfix cyrus-sasl-plain cyrus-sasl-md5
4. Modify /etc/postfix/main.cf
relayhost = smtp.mandrillapp.com
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd
smtp_sasl_mechanism_filter = AUTH LOGIN
smtp_sasl_security_options =
5. Put your credentials in /etc/postfix/sasl_passwd file
smtp.mandrillapp.com yourusername@yourdomain.com:yourapikeyhere
6. Create sasl db readable by postfix
postmap sasl_passwd
chmod 600 sasl_passwd
chown postfix:postfix sasl_passwd.db
Your maillog should look similar to this:
Mar 15 23:45:05 tm1 postfix/master[29546]: daemon started -- version 2.6.6, configuration /etc/postfix
Mar 15 23:45:41 tm1 postfix/pickup[29548]: 34B98580496: uid=500 from=<user>
Mar 15 23:45:41 tm1 postfix/cleanup[29678]: 34B98580496: message-id=<20150316064541.34B98580496@mail.tagmap.me>
Mar 15 23:45:41 tm1 postfix/qmgr[29549]: 34B98580496: from=<user@mail.tagmap.me>, size=419, nrcpt=1 (queue active)
Mar 15 23:45:42 tm1 postfix/smtp[29680]: 34B98580496: to=<user@gmail.com>, relay=smtp.mandrillapp.com[54.70.134.182]:25, delay=1.3, delays=0.02/0.01/1.1/0.24, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 5A3F038028A)
Mar 15 23:45:42 tm1 postfix/qmgr[29549]: 34B98580496: removed
Subscribe to:
Posts (Atom)