Set up a Server
This page described how to install CentOS and setup/troubleshooting puppet
Installing CentOS 7
Getting a Bootable USB stick
Change Boot Order
1. Insert the USB stick and connect the monitor to the machine
2. Reboot the machine
3. Bring up the BIOS Menu by pressing Del button while the machine is booting
- In Boot, change the boot oder so that the USB get booted first
- Save changes and reboot
Install CentOS 7
Adopted from this guide -> https://phoenixnap.com/kb/how-to-install-centos-7
Select Test this media and install Centos 7
Step 1 : Choose Keyboard and Language
Step 2 : Network Configuration
Select NETWORK & HOSTNAME
1. Switch on the Ethernet
2. Change Host name at the bottom
3. Select Configure
Select IPv4 Settings DNS Servers: [alpha private ip adress] Search domains: cluster.ucsf.bkslab.org, ucsf.bkslab.org, bkslab.org, compbio.ucsf.edu, ucsf.edu Check "Require IPv4 addressing for this connection to complete". Save.
Step 3: Set Date and Time
Turn on Network Time and Select the local timezone.
Step 4: Partitioning
Select INSTALLATION DESTINATION.
Option 1: Automatic Partitioning
Under the Other Storage Options heading, select the Automatically configure partitioning checkbox. This ensures the selected destination storage disk will automatically partition with the /(root), /home and swap partitions. It will automatically create an LVM logical volume in the XFS file system.
If you do not have enough free space, you can reclaim disk space and instruct the system to delete files.
When finished, click the Done button.
Option 2: Manual Partitioning
Select the I will configure partitioning checkbox and choose Done.
If you want to use other file systems (such as ext4 and vfat) and a non-LVM partitioning scheme, such as btrfs. This will initiate a configuration pop-up where you can set up your partitioning manually.
Step 5: Software Selection
Select Compute Node on the left menu, then select Add-Ons on the right menu.
Step 6: Enable KDUMP
Double-check if KDUMP is enabled.
Step 7: Start installation Process
Hit Begin Installation
Step 8: Setup Root Password & User
During Installation, will see 2 items on top
The usual one
Create a local administrator account
User name : survival Check "Make this user adminstrator" Check "Require a password for this account" Password : [Hint it starts with G and has t somewhere in the middle]
'REBOOT when Installation is completed
Install Puppet and Create Puppet Certificate
Login as root user
- Install EPEL release. EPEL is a repository for enterprise releases. Learn more
$ sudo yum install epel-release This will install access to public repo on Epel. GPG key is provided to provide transaction is valid
- Update centos packages
$ sudo yum update
- Install Puppet
$ sudo yum install puppet
- Install sssd
$ sudo yum install sssd
- Install nss-pam-ldapd
$ sudo yum install nss-pam-ldapd
Edit Puppet configuration on foreman.uscf.bkslab.org
- Search for host with it is existed.
- Edit Puppet setting
- If the machine is brand new, click on 'New Host', choose 'Testing' as Host Group and replicate the other existing desktop settings.
- In Parameters, click "Override" in "variant" and assign "cluster" as variable at the bottom.
- In Puppet class, Choose :
* nfs-mounts.* * ssd*
Issue new Puppet Certificate
In a second terminal, log in as root
- Log into alpha, to create new puppet certificate for the new computer
$ sudo puppet cert list -a | grep <hostname>.cluster.ucsf.bkslab.org //to list all of the current puppet certificates and check if there was an existing certificate for this machine
- To clean out existing certificate
$ sudo puppet cert clean <hostname>.cluster.ucsf.bkslab.org
BEFORE PROCEEDING TO THE NEXT STEP, MAKE SURE that you have 2 terminals on: one logged in as root on the new computer (client) and the other logged in as s_ on alpha (server) 1. On the client side:
$ puppet agent --test --waitforcert=10 "puppet agent --test" command initial integration with puppet for a new computer or reintegrate puppet. Without this command, the machine will not have access to the /mnt/nfs, /nfs/* and /nfs/soft "--waitforcert=10" means "keep calm, wait 10s for DNS server to respond"
2. On server (alpha) side:
Sign the certificate $ sudo puppet cert sign <hostname>.cluster.ucsf.bkslab.org
$ id <user_name>
If failed, try running these commands and try it again:
$ systemctl restart sssd $ systemctl enable sssd $ authcofig-tui or nmtui This will prompt you to the authcofig-tui screen. User SpaceBar to change setting. 1. Uncheck "User Fingerprint reader" so that it would not raise any fingerprint error later. Click "Next' after. 2. Under "LDAP Settings", make sure it says: [*] User TLS Server: ldaps://ds.ucsf.bkslab.org/ Base DN: dc=bkslab, dc=org