• SCI services management
  • PUPPET
  • Apt
    • sources.list
    • Approx
  • DNS
  • DHCP
  • Locale
  • Timezone
  • System mail

SCI services management¶

PUPPET¶

Puppet http://www.puppetlabs.com/) is the open source platform for enterprise systems management.
Puppet is used to deploy the configuration to the cluster instances.
Documentation can be found at http://docs.puppetlabs.com/

Puppet master is installed on the instance 'sci'.

By default you have several modules in puppet:

• Apt config(approx)
• DNS config(bind9)
• DHCP config(dhcpd)
• locale config(locale)
• timezone config(timezone).
• system mail delivery (exim4)

Classes pick and providing parameters for it made by /etc/puppet/manifests/nodes.pp:

node 'default' {
    class { sources_list_local: stage => pre0, }
    class { common_profile: stage => pre1, }
    class { timezone: zone => "Europe/Moscow", stage => main, }
    class { locale: def_locale => "ru_RU.UTF-8", stage => main, }
}

node 'sci' {
    class { approx_local: stage => pre0, }
    class { sources_list_local: stage => pre0, }
    class { common_profile: stage => pre1, }
    class { bind9_sci: stage => main, }
    class { timezone: zone => "Europe/Moscow", stage => main, }
    class { locale: def_locale => "ru_RU.UTF-8", stage => main, }
    class { dhcpd: enabled => no, stage => post1, }
}

If you don't specify node, default classes will be accepted for this node.

Apt¶

Apt is configured on the instance 'sci' via puppet.

sources.list¶

Global distributed sources.list template is resided in /etc/puppet/modules/approx/templates/sources.list.erb

Approx¶

Approx is configured in /etc/puppet/modules/approx/templates/approx.conf.erb
To apply your changes quickly you should issue

/etc/init.d/puppet restart

DNS¶

DNS is configured on the instance 'sci' via puppet.

Forward zone is in file /etc/bind/master/$domain
Reverse zone for 192.168.0.0/16 is in file /etc/bind/master/in-addr
If you want to hold reverse zone for another ip range, you must edit /etc/bind/named.conf.local first.
Then you must edit zone file to match your ip range.
This is example for 10.0.0.0/8 in named.conf.local:

zone 10.in-addr.arpa in {
 type master;
 file "/etc/bind/master/in-addr";
 allow-query    { any; };
 allow-update{ key DHCP_UPDATE; };
};

On each update you should set new (growing) zone serial number, initially

0000000001 ; Serial

to the new growing value. YYYYMMDDNN is recommended (NN - is the change number in one day).
Feel free to modify it to adjust your system.

New names should be placed below the string

; here you can put any other records

To apply your changes quickly you should issue

/etc/init.d/bind9 reload

Note that if you using dynamic updates(e.g. from dhcp-server) you must before editing file:

rndc freeze your.domain

for forward zone or

rndc freeze 168.192.in-addr.arpa

for reverse zone.
And after editing the zone you must:

rndc unfreeze your.domain

or

rndc unfreeze 168.192.in-addr.arpa

DHCP¶

isc-dhcp-server is configured on instance sci via puppet, but disabled by default.
If you want to enable it, you must replase string in nodes.pp:

    class { dhcpd: enabled => no, stage => post1, }

to:

    class { dhcpd: enabled => yes, stage => post1, }

If you have LAN segment in yous setup, it will be configured on it, else it will be configured on ganeti bridge.
dynamic dns updates is configured by default.
Default setup looks like this:

ddns-update-style interim;
ddns-updates on;
allow-unknown-clients;
autoritative;
ddns-domainname "your.domain";
update-static-leases on;
allow client-updates;

key DHCP_UPDATE {
    algorithm HMAC-MD5;
    secret secret-generated-md5;
};

subnet 192.168.5.0 netmask 255.255.255.0 {
    authoritative;
    ddns-updates on;
    range 192.168.5.11 192.168.5.254;
    option routers 192.168.5.35;
    option domain-name-servers 192.168.5.35;
    option domain-name "your.domain";
    default-lease-time 604800;
    max-lease-time 2592000;
    }

zone your.domain. {
    primary 127.0.0.1;
    key DHCP_UPDATE;
}

zone 168.192.in-addr.arpa. {
    primary 127.0.0.1;
    key DHCP_UPDATE;
}

Locale¶

Cluster locale configuration performed by puppet. By default it - ru_RU.UTF-8.
On instance sci creation value takes from sci.conf(variable LOCALE) and set in nodes.pp
If you need change it after sci creation, set it directly in /etc/puppet/manifests/nodes.pp

class { locale: def_locale => "ru_RU.cp1251", stage => main, }

Timezone¶

Cluster timezone configuration performed by puppet. By default it - Europe/Moscow.
On instance sci creation value takes from sci.conf(variable TIMEZONE) and set in nodes.pp
If you need change it after sci creation, set it directly in /etc/puppet/manifests/nodes.pp

class { timezone: zone => "Europe/Berlin", stage => main, }

System mail¶

There are two approaches to system mail delivery.
1) all system mail delivers to one host called mailhub in puppet (sci by default) and stored on it in local mailbox for given user.
2) all system mail delivers to external mailbox via smarthost. It is a more comfortably approach, but requires smarthost that can deliver mail via internet, so the first approach is default.

This module configures by arguments in nodes.pp. In mailhub schema it is:

node 'default' {
...........
    class { exim4: smarthost => "default", forward_to => 'admin', stage => main, }
}

node 'sci' {
...........
    class { exim4: mailhub => yes, forward_to => 'admin', stage => main, }
}

All mail delivers to admin(root by default) on sci.
And this is example for external mailbox:

node 'default' {
...........
    class { exim4: smarthost => "my-smarthost.localdomain", forward_to => 'notify@other.domain', stage => main, }
}

node 'sci' {
...........
    class { exim4: smarthost => "my-smarthost.localdomain", forward_to => 'notify@other.domain', stage => main, }
}