opendev/system-config
Code Issues Proposed changes
479e5ca1c0
system-config/launch/README
Elizabeth K. Joseph 4452247d78 Add instruction to verify new server fingerprint 
When adding a new server now, Ansible needs the root ssh key
fingerprint on the new server to be verified on the puppetmaster,
add this to instructions for setting up a new server.

Change-Id: I7345c22c47120c946b64e72aa6bf7a7a8f590132
2015-04-24 12:37:23 -07:00

72 lines
2.5 KiB
Plaintext
Raw Blame History

Create Server
=============
Note that these instructions assume you're working from this
directory on an updated local clone of the repository on the
puppetmaster, and that your account is a member of the admin
and puppet groups for access to their respective keys::
sudo adduser $(whoami) admin
sudo adduser $(whoami) puppet
(Remember to log out and back into your shell if you add yourself
to a group.)
To launch a node in the OpenStack CI account (production servers)::
. ~root/ci-launch/openstackci-rs-nova.sh
export FLAVOR="8 GB Performance"
export FQDN=servername.openstack.org
sudo puppet cert generate $FQDN
cd /opt/system-config/production/launch/
./launch-node.py $FQDN --flavor "$FLAVOR"
To launch a node in the OpenStack Jenkins account (slave nodes)::
. ~root/ci-launch/openstackjenkins-rs-nova.sh
export FQDN=slavename.slave.openstack.org
nova image-list
export IMAGE='Ubuntu 12.04 LTS (Precise Pangolin) (PVHVM)'
nova flavor-list
export FLAVOR="8 GB Performance"
sudo puppet cert generate $FQDN
./launch-node.py $FQDN --image "$IMAGE" --flavor "$FLAVOR"
If you are launching a replacement server, you may skip the generate
step and specify the name of an existing puppet cert (as long as the
private key is on this host).
The server name and cert names may be different and the latter can be
specified with --cert if needed, but launch-node.py will assume they
are the same unless specified.
Manually add the hostname to DNS (the launch script does not do so
automatically). Note that this example assumes you've already
exported a relevant FQDN and sourced the appropriate API credentials
above.
When running outside the official OpenStack CI infrastructure, you
will want to pass --server puppetmaster.example.com otherwise the
new node wil try to register with puppetmaster.openstack.org - and
fail hilariously.
In order for Ansible to be able to send out the Puppet updates,
you also need the puppetmaster to accept the root SSH key for the
new server. So as root on the puppetmaster:
ssh root@$FQDN
Verify the fingerprint of the new server and type "yes" to accept.
Then you can log out.
Add DNS Records
===============
There are no scripts to automatically handle DNS at the moment due to
a lack of library support for the new Rackspace Cloud DNS (with IPv6).
However, the launch-node script will print the commands needed to be
run to configure DNS for a newly launched server. To see the commands
for an existing server, run:
./dns.py $FQDN
View Git Blame Copy Permalink