10 | | Quattor server requires a machine installed with a default server installation of any RH-based Linux distro. There is no specific requirements for the OS configuration itself. The server can be installed by any mean available at the site (CD-Rom, Kickstart, imaging...). When Quattor server is readyn it will be possible to manage the server itself with Quattor, except for OS upgrades. |
| 13 | Quattor server requires a machine installed with a default server |
| 14 | installation of any RH-based Linux distro. There is no specific |
| 15 | requirements for the OS configuration itself. The server can be |
| 16 | installed by any mean available at the site (CD-Rom, Kickstart, |
| 17 | imaging...). When Quattor server is readyn it will be possible to |
| 18 | manage the server itself with Quattor, except for OS upgrades. |
14 | | The Quattor server needs to run a Web server to serve profiles, kickstart configuration files and execute the CGI script at end of installation to change PXE boot to local disk. In addition, it is recommended (but not necessary) to use this Web server for serving RPMs. |
15 | | |
16 | | Web server installation requires nothing specific, just the configuration of a document root with enough space if you plan to serve RPMs and the configuration of CGIs. This Web server can be shared with other usages and you can use a specific virtual host instead of a dedicated server. |
17 | | |
18 | | Apache is the recommended Web server (installation instructions here refer to Apache) and it can be installed from the OS distribution. Note that for subversion http mode, Apache version 2 or above is needed. |
| 22 | The Quattor server needs to run a Web server to serve profiles, |
| 23 | kickstart configuration files and execute the CGI script at end of |
| 24 | installation to change PXE boot to local disk. In addition, it is |
| 25 | recommended (but not necessary) to use this Web server for serving |
| 26 | RPMs. |
| 27 | |
| 28 | Web server installation requires nothing specific, just the |
| 29 | configuration of a document root with enough space if you plan to |
| 30 | serve RPMs and the configuration of CGIs. This Web server can be |
| 31 | shared with other usages and you can use a specific virtual host |
| 32 | instead of a dedicated server. |
| 33 | |
| 34 | Apache is the recommended Web server (installation instructions here |
| 35 | refer to Apache) and it can be installed from the OS |
| 36 | distribution. Note that for subversion http mode, Apache version 2 or |
| 37 | above is needed. |
22 | | SCDB has no strong requirement concerning Apache configuration. It generally uses 3 distinct URLs for 3 different purposes : |
23 | | * Profiles : machine profiles are served by one specific URL shared by all machines. The files there are XML files produces by the PAN compiler when executing `ant deploy`. |
24 | | * Kickstart configuration files : this URL is used to store the Kickstart configuration file for each machines. These files are produced by `aii-shellfe --configure`. |
25 | | * RPM packages : RPMs are grouped in repositories, each repository has its own URL. This is a common setting to have one common parent URL for all repositories but this is not at all a requirement. |
| 41 | SCDB has no strong requirement concerning Apache configuration. It |
| 42 | generally uses 3 distinct URLs for 3 different purposes : |
| 43 | |
| 44 | * Profiles : machine profiles are served by one specific URL shared |
| 45 | by all machines. The files there are XML files produces by the PAN |
| 46 | compiler when executing `ant deploy`. |
| 47 | * Kickstart configuration files : this URL is used to store the |
| 48 | Kickstart configuration file for each machines. These files are |
| 49 | produced by `aii-shellfe --configure`. |
| 50 | * RPM packages : RPMs are grouped in repositories, each repository |
| 51 | has its own URL. This is a common setting to have one common parent |
| 52 | URL for all repositories but this is not at all a requirement. |
28 | | * Restrict access to profile and Kickstart configuration to IP adresses (or subnets) matching Quattor clients, as these files may contain sensitive information like encrypted passwords or MySQL passwords (cleartext). |
29 | | * Configure all these areas to ignore any `index.html` file and auto-indexing. This is particularly important for RPM repositories URLs, as presence of an `index.html` will prevent SCDB tools to get the list of RPMs in the repository. |
30 | | |
31 | | Configuration for these areas is normally done by creating a file `/etc/httpd/conf.d/quattor.conf` with directives like the following one for each area (replace `/path/to/area` by your actual directoy name) : |
| 55 | |
| 56 | * Restrict access to profile and Kickstart configuration to IP |
| 57 | adresses (or subnets) matching Quattor clients, as these files may |
| 58 | contain sensitive information like encrypted passwords or MySQL |
| 59 | passwords (cleartext). |
| 60 | * Configure all these areas to ignore any `index.html` file and |
| 61 | auto-indexing. This is particularly important for RPM repositories |
| 62 | URLs, as presence of an `index.html` will prevent SCDB tools to get |
| 63 | the list of RPMs in the repository. |
| 64 | |
| 65 | Configuration for these areas is normally done by creating a file |
| 66 | `/etc/httpd/conf.d/quattor.conf` with directives like the following |
| 67 | one for each area (replace `/path/to/area` by your actual directoy |
| 68 | name) : |
| 69 | |
57 | | There are many possible installation options for a Subversion server. The best is to install it as Apache module, anyway. There is no requirement for the Subversion server to run on a Linux machine, even if it is the installation option documented here. You can even choose to use a Subversion server outside of your site, if you think the network connection is good enough. |
58 | | |
59 | | If you need to install a Subversion server, the easiest is to install Apache using YUM. Another option is to retrieve the RPMs for Subversion from [http://subversion.tigris.org/project_packages.html Subversion site]. Don't forget to install the Apache module which is in a separate RPM. |
| 104 | There are many possible installation options for a Subversion |
| 105 | server. The best is to install it as Apache module, anyway. There is |
| 106 | no requirement for the Subversion server to run on a Linux machine, |
| 107 | even if it is the installation option documented here. You can even |
| 108 | choose to use a Subversion server outside of your site, if you think |
| 109 | the network connection is good enough. |
| 110 | |
| 111 | If you need to install a Subversion server, the easiest is to install |
| 112 | Apache using YUM. Another option is to retrieve the RPMs for |
| 113 | Subversion from [http://subversion.tigris.org/project_packages.html |
| 114 | Subversion site]. Don't forget to install the Apache module which is |
| 115 | in a separate RPM. |
101 | | To configuration SVN authentication for SCDB repository, you need to create one or more accounts in `/etc/httpd/security/passwd`. You can use `htpasswd` or `openssl passwd -apr1` to generate an encrypted password. |
102 | | |
103 | | You also need to define SVN ACLs in `/etc/httpd/security/svn-repositories-access`. A typical file to start is (it assumes the account you created is called `quattormgr`, if this is a list it must be comma separated): |
| 161 | To configure SVN authentication for SCDB repository, you need to |
| 162 | create one or more accounts in `/etc/httpd/security/passwd`. You can |
| 163 | use `htpasswd` or `openssl passwd -apr1` to generate an encrypted |
| 164 | password. |
| 165 | |
| 166 | You also need to define SVN ACLs in |
| 167 | `/etc/httpd/security/svn-repositories-access`. A typical file to start |
| 168 | is (it assumes the account you created is called `quattormgr`, if this |
| 169 | is a list it must be comma separated): |
| 170 | |
183 | | See `man dhcpd` and `man dhcpd.conf` for details about DHCP server configuration, in particular to support multiple subnets and other advanced features. |
184 | | |
185 | | TFTP server is run by `xinetd`. In the default configuration, it is disabled. Enable it by editing `/etc/xinetd.d/tftp`, modifying `disable` parameter from `yes` to `no`. |
186 | | |
187 | | Note that default location for TFTP root in AII configuration files is {{{/osinstall/nbp}}}. It must be explicitly defined if you want to use {{{/tftpboot}}} or another location. |
| 254 | See `man dhcpd` and `man dhcpd.conf` for details about DHCP server |
| 255 | configuration, in particular to support multiple subnets and other |
| 256 | advanced features. |
| 257 | |
| 258 | TFTP server is run by `xinetd`. In the default configuration, it is |
| 259 | disabled. Enable it by editing `/etc/xinetd.d/tftp`, modifying |
| 260 | `disable` parameter from `yes` to `no`. |
| 261 | |
| 262 | Note that default location for TFTP root in AII configuration files is |
| 263 | {{{/osinstall/nbp}}}. It must be explicitly defined if you want to use |
| 264 | {{{/tftpboot}}} or another location. |
198 | | * aii-server |
199 | | |
200 | | All but Java and SVN client can be download from http://quattorsrv.lal.in2p3.fr/packages/quattor/sl. Always use the last version, unless explicitly mentionned. You can also use APT or YUM from http://quattorsw.web.cern.ch/quattorsw/software/quattor. |
| 276 | * aii-server (2.4 or higher) |
| 277 | * ncm-lib-blockdevices (0.18.5 or 0.20) |
| 278 | * aii-ks |
| 279 | * aii-pxelinux |
| 280 | |
| 281 | All but Java and SVN client can be download from |
| 282 | http://quattorsrv.lal.in2p3.fr/packages/quattor/sl. Always use the |
| 283 | last version, unless explicitly mentioned. You can also use APT or YUM |
| 284 | from http://quattorsw.web.cern.ch/quattorsw/software/quattor. |
204 | | To start with SCDB, you first need to install a [http://subversion.tigris.org Subversion] server, an open source product. The http based repository access '''must''' be used for quattor, the standalone access wont work (limitation of the build script). |
| 288 | To start with SCDB, you first need to install a |
| 289 | [http://subversion.tigris.org Subversion] server, an open source |
| 290 | product. The http based repository access '''must''' be used for |
| 291 | quattor, the standalone access wont work (limitation of the build |
| 292 | script). |
207 | | * Create a Subversion repository that will be used for SCDB, if it doesn't exist yet, and associate this repository with a URL (this can involve modifying Apache configuration). There is no need to use a dedicated repository. E.g. : `http://svn.example.org/Quattor`. |
208 | | * Create a branch in this repository where SCDB will be stored, if the repository is not dedicated to SCDB. E.g. : `http://svn.example.org/Quattor/CDB`. |
209 | | * In this branch, create 2 branches `trunk` and `tags` (`tags` is managed by SCDB tools, all the actions you'll do later will be done in `trunk`. You can also create other branches for your conveniences (like `branches` but they are not used by standard tools). |
210 | | * Choose the QWG templates version that suit your needs and import [source:SCDB/tags/pro SCDB base] and QWG templates in directory that will become you working area. See [wiki:Download/QWGTemplates QWG download] for detailed instructions. The easiest is to download and use [source:templates/trunk/tools/check-compile.sh check-compile.sh] (use option `-h` to get the list of available options). For example, assuming you want to create a `cdb` sub-directory of your current directory and download QWG templates gLite-3.0.2-10 : |
| 295 | |
| 296 | * Create a Subversion repository that will be used for SCDB, if it |
| 297 | doesn't exist yet, and associate this repository with a URL (this |
| 298 | can involve modifying Apache configuration). There is no need to |
| 299 | use a dedicated repository. E.g. : |
| 300 | `http://svn.example.org/Quattor`. |
| 301 | * Create a branch in this repository where SCDB will be stored, if |
| 302 | the repository is not dedicated to SCDB. E.g. : |
| 303 | `http://svn.example.org/Quattor/CDB`. |
| 304 | * In this branch, create 2 branches `trunk` and `tags` (`tags` is |
| 305 | managed by SCDB tools, all the actions you'll do later will be done |
| 306 | in `trunk`. You can also create other branches for your |
| 307 | conveniences (like `branches` but they are not used by standard |
| 308 | tools). |
| 309 | * Choose the QWG templates version that suit your needs and import |
| 310 | [source:SCDB/tags/pro SCDB base] and QWG templates in directory |
| 311 | that will become you working area. See [wiki:Download/QWGTemplates |
| 312 | QWG download] for detailed instructions. The easiest is to download |
| 313 | and use [source:templates/trunk/tools/check-compile.sh |
| 314 | check-compile.sh] (use option `-h` to get the list of available |
| 315 | options). For example, assuming you want to create a `cdb` |
| 316 | sub-directory of your current directory and download QWG templates |
| 317 | gLite-3.0.2-10 : |
| 318 | |
250 | | To use Quattor, you need to deploy software repositories. Even if you want to customize it later, you are probably better to start with a configuration similar to what is provided in `repository` directory of `sites/example` directory. You can retrieve an initial directory content for each RPM repository by downloading the contents of the URL specified in comments at the beginning of each repository templates. |
| 361 | To use Quattor, you need to deploy software repositories. Even if you |
| 362 | want to customize it later, you are probably better to start with a |
| 363 | configuration similar to what is provided in `repository` directory of |
| 364 | `sites/example` directory. You can retrieve an initial directory |
| 365 | content for each RPM repository by downloading the contents of the URL |
| 366 | specified in comments at the beginning of each repository templates. |
271 | | Before being able to configure the machine, you need to create an entry for the machine name in both tables of `pro_site_database.tpl`. First entry defines the address associated with the machine name, second entry defines the hardware template associated with the machne. |
| 395 | Before being able to configure the machine, you need to create an |
| 396 | entry for the machine name in both tables of |
| 397 | `pro_site_database.tpl`. First entry defines the address associated |
| 398 | with the machine name, second entry defines the hardware template |
| 399 | associated with the machne. |
279 | | Before being able to deploy the created configuration, there is a last configuration step needed to allow deployment of the configuration after successful compilation. This involves : |
280 | | |
281 | | * Adding a hook script to the Subversion repository to trigger the deployment |
282 | | * Adding a script on the Quattor server that will be launched by the hook script, using ssh |
283 | | * Configuring SSH keys to allow execution of the previous script as root (preferably) from the Apache account |
284 | | * Add a CGI script on Quattor server used at end of installation of a machine to allow next boot from local disk. |
| 408 | Before being able to deploy the created configuration, there is a last |
| 409 | configuration step needed to allow deployment of the configuration |
| 410 | after successful compilation. This involves : |
| 411 | |
| 412 | * Adding a hook script to the Subversion repository to trigger the |
| 413 | deployment |
| 414 | * Adding a script on the Quattor server that will be launched by the |
| 415 | hook script, using ssh |
| 416 | * Configuring SSH keys to allow execution of the previous script as |
| 417 | root (preferably) from the Apache account |
| 418 | * Add a CGI script on Quattor server used at end of installation of a |
| 419 | machine to allow next boot from local disk. |
321 | | At the end of a machine installation, as part of the Kickstart post-intallation script, a CGI script is executed on the Quattor server to change PXE configuration in order for the machine to boot from local disk next time. This allows to set PXE as the first boot device in the BIOS and control re-installation via `aii-shellfe` command. |
322 | | |
323 | | This script, `aii-installack.cgi`, can be found in SCDB directory `src/cgis`. It must be placed on the Web server running on the Quattor server, in the directory for CGIs. |
324 | | |
325 | | The apache server must be able to run that script as root. Best is to have {{{sudo}}} installed and use {{{visudo}}} to add the following to {{{/etc/sudoers}}}: |
| 455 | At the end of a machine installation, as part of the Kickstart |
| 456 | post-intallation script, a CGI script is executed on the Quattor |
| 457 | server to change PXE configuration in order for the machine to boot |
| 458 | from local disk next time. This allows to set PXE as the first boot |
| 459 | device in the BIOS and control re-installation via `aii-shellfe` |
| 460 | command. |
| 461 | |
| 462 | This script, `aii-installack.cgi`, can be found in SCDB directory |
| 463 | `src/cgis`. It must be placed on the Web server running on the Quattor |
| 464 | server, in the directory for CGIs. |
| 465 | |
| 466 | The apache server must be able to run that script as root. Best is to |
| 467 | have {{{sudo}}} installed and use {{{visudo}}} to add the following to |
| 468 | {{{/etc/sudoers}}}: |
336 | | To customize AII configuration files, located in `/etc` and named `aii-*.conf`, refer to the comment in each files. Main parameters to customize are the URL to use to download profiles (in `aii-shellfe.conf`) and the directory where to place kickstart configuration files produced by AII (in `aii-osinstall.conf`). |
337 | | |
338 | | There are a few variables to customize in site templates to reflect your Quattor and AII configuration, mainly : |
| 479 | To customize AII configuration files, located in `/etc` and named |
| 480 | `aii-*.conf`, refer to the comment in each files. Main parameters to |
| 481 | customize are the URL to use to download profiles (in |
| 482 | `aii-shellfe.conf`) and the directory where to place kickstart |
| 483 | configuration files produced by AII (in `aii-osinstall.conf`). |
| 484 | |
| 485 | There are a few variables to customize in site templates to reflect |
| 486 | your Quattor and AII configuration, mainly : |
341 | | * `AII_OSINSTALL_SRV` : Name of the Web server serving kickstart configuration files and RPMs. |
342 | | * `AII_ACKSRV` : Name of the Web server to use for the post-installation CGI. Defaults to `AII_OSINSTALL_SRV` |
343 | | * `AII_ACKCGI` : post-installation CGI URL. Defaults to `/cgi-bin/aii-installack.cgi`. |
344 | | * `AII_OSINSTALL_TEMPLATE` : name of the Kickstart configuration template to use. Defaults to `i386_sl3_ks.conf`. |
345 | | |
346 | | These variables are generally defined site-wide, in the template `pro_site_global_variables.tpl` located in site directory. Look at provided examples, in SCDB distribution. |
347 | | |
| 489 | * `AII_OSINSTALL_SRV` : Name of the Web server serving kickstart |
| 490 | * configuration files and RPMs. |
| 491 | * `AII_ACKSRV` : Name of the Web server to use for the |
| 492 | post-installation CGI. Defaults to `AII_OSINSTALL_SRV` |
| 493 | * `AII_ACKCGI` : post-installation CGI URL. Defaults to |
| 494 | `/cgi-bin/aii-installack.cgi`. |
| 495 | * `AII_OSINSTALL_TEMPLATE` : name of the Kickstart configuration |
| 496 | template to use. Defaults to `i386_sl3_ks.conf`. |
| 497 | |
| 498 | These variables are generally defined site-wide, in the template |
| 499 | `pro_site_global_variables.tpl` located in site directory. Look at |
| 500 | provided examples, in SCDB distribution. |
| 501 | |
| 502 | === Downloading the distribution's images === |
| 503 | |
| 504 | If you want to perform network-based installations, you need to |
| 505 | download the distribution's CDs. They contain the kernel and initrd to |
| 506 | be used during the installation, which will re-direct to Red Hat's |
| 507 | installer. This installer is also located on the CD (usually the first |
| 508 | CD) or DVD of your distribution. |
| 509 | |
| 510 | The easiest way is to download the full DVD of your distro, f.i, SL: |
| 511 | |
| 512 | {{{ |
| 513 | wget http://.../distro-version.iso |
| 514 | }}} |
| 515 | |
| 516 | Then, mount it somewhere Apache can read to. For instance, |
| 517 | `/var/www/html/your_platform`: |
| 518 | |
| 519 | {{{ |
| 520 | mount -o bind /path/to/dvd/image /var/www/html/sl520-x86_64 |
| 521 | }}} |
| 522 | |
| 523 | Add it to your fstab, if needed. Next, you'll need to copy the files |
| 524 | used for PXE somewhere the TFTP server can reach them. Their location |
| 525 | depends on the distribution, it's usually on a directory called |
| 526 | pxeboot: |
| 527 | |
| 528 | {{{ |
| 529 | mkdir /osinstall/nbp/<platform> |
| 530 | cp /var/www/html/<platform>/.../pxeboot/* /osinstall/nbp/<platform> |
| 531 | }}} |