TestingMAAS
Introduction (DRAFT)
This page aims to help someone set up MAAS in a standalone virtual machine using libvirt and has been tested on 12.04 LTS. MAAS should be accessible to other virtual machines in the libvirt network (ie, the one that the MAAS vm is on). Other machines on the libvirt network should be able to use juju or the maas cli tool to interface with the MAAS vm. Note, this is not intended to by a guide for a production deployment of MAAS.
The basic idea is this:
- The MAAS server runs in a VM within libvirt
- The MAAS server is configured as a DNS, DHCP and TFTP server
- 4 nodes are added and enlisted via the MAAS web interface
- Users and their ssh public keys are added via the MAAS web interface
- Users interface with MAAS via juju or the MAAS cli tool to start nodes (understanding that the user must create/start these nodes with PXE booting via virt-manager to simulate wake on lan, etc
VM host configuration
- Created a VM with enough memory and disk space. The VM should have (at least) the following characteristics):
- 1024M RAM
- 20G disk
Add a few firewall rules to make sure that the host's dnsmasq does not interfere with the MAAS server's dnsmasq (e assume the following MAC addresses for the 4 nodes throughout: AA:BB:CC:DD:EE:F0 AA:BB:CC:DD:EE:F1 AA:BB:CC:DD:EE:F2 AA:BB:CC:DD:EE:F3):
$ sudo iptables -I INPUT -p udp --dport 69 -j REJECT $ sudo ip6tables -I INPUT -p udp --dport 69 -j REJECT $ for i in AA:BB:CC:DD:EE:F0 AA:BB:CC:DD:EE:F1 AA:BB:CC:DD:EE:F2 AA:BB:CC:DD:EE:F3 ; do \ sudo ebtables -I INPUT -p IPv4 --ip-prot udp --ip-dport 67 -s $i -j DROP ; done
MAAS server configuration
Adjust /etc/network/interfaces to use a static ip:
# The primary network interface auto eth0 iface eth0 inet static address 192.168.122.4 network 192.168.122.0 netmask 255.255.255.0 broadcast 192.168.122.255 gateway 192.168.122.1 #iface eth0 inet dhcp
Adjust /etc/resolvconf/resolv.conf.d/base to have:
search defaultdomain nameserver 192.168.122.1
- Reboot to make sure it all comes up ok.
Install necessary software:
$ sudo apt-get install maas dnsmasq debmirror
Create a MAAS superuser:
$ sudo maas createsuperuser Username (Leave blank to use 'root'): root E-mail address: root@example.com Password: ubuntu Password (again): ubuntu Superuser created successfully.
- If on a desktop, you should disable dnsmasq in network manager (edit /etc/NetworkManager/NetworkManager.conf to comment out dns=dnsmasq. Then do 'sudo restart network-manager')
- Setup dhcp and dns:
apt-get install maas-dhcp or:
- Setup up cobbler manually:
Adjust /etc/cobbler/dnsmasq.template to use avahi, set the dhcp range, the maas server's ip address and the DNS servers to forward to:
dhcp-range=192.168.122.17,192.168.122.22 dhcp-option=3,192.168.122.4 server=192.168.122.1
Adjust /etc/cobbler/settings to have:
manage_dhcp: 1 manage_dns: 1
Adjust /etc/cobbler/modules.conf to have:
[dns] module = manage_dnsmasq [dhcp] module = manage_dnsmasq
Now restart cobbler:
$ sudo /etc/init.d/cobbler restart
Verify the cobbler settings:
$ sudo cobbler check No configuration problems found. All systems go.
Now restart dnsmasq:
$ sudo cobbler sync
- reboot to make sure everything works (eg, dnsmasq is resolving names properly)
Import the ISOs (takes a while):
$ sudo maas-import-isos
After this point, all configuration of MAAS is done via the web interface: http://192.168.122.4:80/MAAS
Users
- Add non-admin users to MAAS via the web interface. These should match the usernames of the users running juju or the MAAS cli client
- Add the user's ssh key to MAAS via the web interface:
- Login as the user
- Click on the username in the upper left and select Preferences
- Add the ssh key
Nodes
We need to add the nodes to MAAS before using them. For each of our predefined MAC addresses (the ones we added ebtables rules for above. Ie, AA:BB:CC:DD:EE:F0, AA:BB:CC:DD:EE:F1, AA:BB:CC:DD:EE:F2, AA:BB:CC:DD:EE:F3):
Click 'Add node' on the front page of the web interface. NOTE: if adding a node with a non-admin user, you will have to login as an admin user and accept the enlistment for each added node.
Add the node using the MAC address, but for now specify the hostname to be 'node-<mac address without colons>' (eg node-aabbccddeef0). MAAS by default creates hostnames in this manner, but adds '.local'. We want to strip .local off of the hostname since dnsmasq does not seem to be working with avahi properly (FIXME)
- Choose the architecture to use
- Use defaults for everything else
IMPORTANT: do not start the nodes in virt-manager yet or via MAAS. You will need to use juju or the MAAS cli client first, then start the node manually in virt-manager.
Juju
See https://wiki.ubuntu.com/ServerTeam/MAAS/Juju for up to date information.
- add a non-admin user to MAAS. this should match the username of the user running juju
- add the juju user's ssh key to MAAS
- On the maas server node (doesn't have to be here):
install software:
$ sudo apt-get install juju charm-tools
Create ~/.juju/environments.yaml (get the mass api key by logging into MAAS and clicking on the username and selecting 'Preferences'):
environments: maas: type: maas maas-server: 'http://localhost:80/MAAS' maas-oauth: '${maas-api-key}' admin-secret: 'nothing'
Secure ~/.juju/environments.yaml:
$ chmod 600 ~/.juju/environments.yaml
Get some charms:
$ mkdir -p ~/charms/precise $ cd ~/charms/precise $ charm get wordpress $ charm get mysql
- add several nodes through the MAAS web interface, and accept them as enlisted, but don't start them yet.
- Since these are all virtual machines and do not respond to wake-on-lan, we need to simulate that. So after each juju command that starts an instance, we first run the command, then go into virt-manager to start it. Eg:
Bootstrap juju (ie, create the bootstrapping juju node):
$ juju bootstrap 2012-04-06 10:29:31,463 INFO Bootstrapping environment 'maas' (type: maas)... 2012-04-06 10:29:31,889 INFO 'bootstrap' command finished successfully
If you get errors here, check that you added your nodes to MAAS already.- In virt-manager, create and PXE boot a machine with MAC aa:bb:cc:dd:ee:f0. You should see it get an IP address in our range and get its image (viewing the squid-deb-proxy should show it is fetching packages)
Check the status with:
$ juju status 2012-04-06 09:16:19,546 INFO Connecting to environment... 2012-04-06 09:16:24,642 ERROR Invalid host for SSH forwarding: ssh: Could not resolve hostname node-aabbccddeef0.local: Name or service not known ... The authenticity of host 'node-aabbccddeef0 (192.168.122.19)' can't be established. ECDSA key fingerprint is 5d:cf:6a:4b:2f:6c:cd:6b:02:5a:25:e1:50:76:fd:0f. Are you sure you want to continue connecting (yes/no)? yes 2012-04-06 11:09:53,399 INFO Connected to environment. 2012-04-06 11:09:53,454 ERROR Machine provider information missing: machine 0 machines: 0: instance-id: /MAAS/api/1.0/nodes/node-efe72798-7ff6-11e1-9ca4-52540073b165/ services: {} 2012-04-06 11:09:53,460 INFO 'status' command finished successfully
Once the status commands completes successfully (it takes a long while the first time), deploy some services:
$ juju deploy --repository=~/charms local:precise/wordpress $ juju deploy --repository=~/charms local:precise/mysql
- In virt-manager create and PXE boot two machines (one for each of the services we deployed with juju, eg aa:bb:cc:dd:ee:f1 and aa:bb:cc:dd:ee:f2)
Check the status:
$ juju status 2012-04-06 11:19:04,219 INFO Connecting to environment... 2012-04-06 11:19:04,945 INFO Connected to environment. 2012-04-06 11:19:05,098 ERROR Machine provider information missing: machine 0 machines: 0: instance-id: /MAAS/api/1.0/nodes/node-efe72798-7ff6-11e1-9ca4-52540073b165/ 1: instance-id: pending 2: instance-id: pending services: mysql: charm: local:precise/mysql-118 relations: {} units: mysql/0: agent-state: pending machine: 2 public-address: null wordpress: charm: local:precise/wordpress-32 relations: {} units: wordpress/0: agent-state: pending machine: 1 public-address: null 2012-04-06 11:19:05,121 INFO 'status' command finished successfully
Once the instance-id no longer says 'pending', you should be able to login to the machine. Eg:
$ ssh ubuntu@node-aabbccddeef0 Welcome to Ubuntu precise (development branch) (GNU/Linux 3.2.0-22-generic x86_64) * Documentation: https://help.ubuntu.com/ Last login: Fri Apr 6 12:10:30 2012 from maas-precise-server-amd64.example.com
NOTE: At the time of this writing 'juju ssh 0' would not work.
MAAS cli client
TODO: The cli client is still be written.
SecurityTeam/TestingMAAS (last edited 2012-12-06 17:10:01 by jdstrand)