NP04 Computer Installation

Linux installation Service (aims2)

NP04 Linux computers are installed using the Automated Installation Management System service (AIMS2, https://twiki.cern.ch/twiki/bin/view/LinuxSupport/Aims2).

• AIMS2 allows the user to perform remote PXE (Preboot eXecution Environment) installations, minimising human intervention.
• The system is based, and extends, the Kickstart software from the RedHat distribution.

Steps for Linux operating system installation.

• Register computers in Landb (network.cern.ch).
  • For systems with multiple interfaces in Landb bind the MAC address to the interface.
  • Responsible user - NP04-NETWORK-ADMIN E-GROUP EP DT
  • Main user - NP04-ONL-ADMINS E-GROUP EP URD
• Enable PXE boots in the BIOS of each computer.
• Determine the kickstart file to use or create a new kickstart file. (np04online/ks)

Configure Computers with Ansible

Setup ansible.

• Login as yourself on np04-srv-010 (or srv-009)
• Use an existing np04online or get the np04online software NP04OnlineRepo.
• cd np04online/ansible
• source np04-ansible.sh
  • This sets the environment variables to find the hosts and ansible.cfg files in the np04online/ansible/playbook directory.

Steps for a freshly installed computer.

• Add computer in hosts file (if a new computer)
  • np04online/ansible/playbooks/hosts
  • Add DNS name of PC to appropriate sections in hosts file.

• Fix keytab file.
  • Run once for each computer. (new-pc-name.cern.ch)
  • Might be able to fix this in the kickstart file.
  • ansible-playbook -k fix-keytab.yml --limit=new-pc-name.cern.ch
  • Enter root password when prompted.

• Execute standard CERN puppet modules outside the computing center.
  • ansible-playbook locmap.yml  --limit=computer.cern.ch

• Major os configurations after install (requires computer reboot)
  • ansible-playbook os.yml --limit=computer.cern.ch
  • Disable selinux and firewall.
  • Turn off yum autoupdates.
  • Reboot computer to pick up selinux change.

• Configure computer for DAQ operations.
  • mount nfs shares, add users, install software, turn on monitoring, daq
  • ansible-playbook config.yml

Other Actions

• Add users
  • > ansible-playbook users.yml

• Install software
  • > ansible-playbook install_software.yml

• Change network config
  • > ansible-playbook network.yml
  • > ansible-playbook tuned.yml
  • > Set MTU to 9000

• Resize local home area and create volume for /scratch * > umount /home; lvreduce -L 10G /dev/cc_np04-srv-029/home; mkfs.xfs -f /dev/cc_np04-srv-029/home ; mount /home; lvcreate -l 100%FREE -n scratch cc_np04-srv-029; mkfs.xfs /dev/cc_np04-srv-029/scratch; mkdir /scratch; * > edit /etc/fstab, and issue mount -a

Special Actions

• datadisk
• twentygig

Configure NFS Servers

NFS servers are np04-srv-007 and np04-srv-008

• Configure nfs1 - home and sw directories - np04-srv-007
  • ansible-playbook lvm-nfs1.yml (uses lvm-nfs1.sh)
  • ansible-playbook nfs1.yml (uses nfs1.exports)

• Configure nfs2 - rscratch and back directories - np04-srv-008
  • ansible-playbook lvm-nfs2.yml (uses lvm-nfs2.sh)
  • ansible-playbook nfs2.yml (uses nfs2.exports)

Installation

List each installation.

np04-srv-014 - 20-June-2019 used np04daq7.ks

• np04daq7.ks kickstart file was used.
• Computer rebooted.
• Access only with root password.
  • No .k5login file for root created.
  • In the past I have seen the root .k5login file created from the members of the Responsible user egroup.
• ansible-playbook -k locmap.yml --limit=np04-srv-014.cern.ch
  • ssh access now enabled
• ansible-playbook -k os.yml --limit=np04-srv-014.cern.ch
• Reboot np04-srv-014 to pickup changes from os.yml playbook.

-- DavidGeoffreySavage - 2019-06-20