History

NOC Service Deploy Guide

Preparation

  • Download the image here
  • Configure the virtual machine with the following parameters:
    • Volume size: 4GB
    • RAM: 512 MB
    • Name: noc
  vmcreate --size 4G --file modularit-timanfaya-1.1-noc_1.tgz --mem 512 --ip 192.168.69.33 noc
  • Boot the virtual machine:
  xm create -c /etc/xen/auto/noc
  • Login as root using the password: passwd.root and change the default password

Machine configuration

Follow the generic machine configuration as described in ModularITXenUDeploymentGuideEn

Service preparation

  • Clone ModularIT GIT repo:
cd /opt

git clone git://git.modularit.org/modularit.git
  • The default user to access nagio is nagiosadmin with password nagios.pass. You can change it with:
htpasswd /etc/nagios/htpasswd.users nagiosadmin

We need to create some SSH and GPG Keys to distribute with ModularIT. These keys are used for:

  • A SSH key without encryption used for restricted access with the Backup service
  • An encrypted SSH key that will be installed in all hosts for secure remote access
  • A GPG key to encrypt/sign various data and files like AIDE database and config files

To create all these keys:

  • Create the restricted SSH key for backups. This key only allows backup access
ssh-keygen -t dsa -C 'ModularIT Backup key' -N '' -f dirvish_dsa
  • Create the encrypted SSH master key. This key will be used to access ALL servers, so USE A GOOD PASSWORD!!
ssh-keygen -t dsa -C 'ModularIT NOC key' -f noc_dsa
  • Create the GPG key. This key will be used to sign critical data, so USE A GOOD PASSWORD!!
gpg --gen-key
  • Export the gpg key to distribute it with puppet
gpg --export-secret-keys --armour > gpg
  • Encrypt the key to distribute for added security.
gpg --symmetric --armour gpg
  • This will create a gpg.asc file with the key to distribute. Copy it to /etc/puppet/modules/Private/files/
cp gpg.asc /etc/puppet/modules/Private/files/
  • Initialize service
modularit-noc-init.rb

To test everything we are going to run both puppetmaster and puppet in debug mode.

In the server:

  • Use the sample /etc/puppet/manifests/clients/client.pp to setup your first hosts. It will be needed for the noc server you are setting
  • Stop apache and puppetmaster
service puppetmaster stop

service httpd stop
  • Start puppetmasterd in debug mode
puppetmasterd --debug --no-daemonize

In the client

  • Stop puppet
service puppet stop
  • Start puppetd in debug mode
puppetd --debug --no-daemonize --fqdn test.noc --server noc.modularit.lan
  • The previous command will create a certificate that you will need to sign on the server with
puppetca --sign test.noc
  • To make sure everything gets installed for the host you are deploying, set bootstrap variable to yes in the host definition
$bootstrap = yes
  • For more info read Puppet documentation
  • Rerun puppetd with the same options several times to get all configurations. At this moment is normal to get an error that httpd cannot be started. This is caused because we are running puppetmaster in debug mode, and it's using the port that will be used by apache+mongrel when we run puppetmaster in production mode
  • Once we only get the mentioned httpd error, we can run puppetmaster in mongrel (first stop puppetmaster)
service puppetmaster restart

service httpd restart

Also available in: HTML TXT