=== exchange ssh keys ===
-ipsum loren bacon puppet: the ssh keys for nodes must be added to root:/etc/.ssh/authorized_keys (or /etc/ssh/keys/root) on all nodes; puppet can handle this (poorly; needs improvement)
+on each node:
+
+{{{
+ mkdir -m 0700 -p /root/.ssh &&
+ ln -s /etc/ssh/ssh_host_rsa_key /root/.ssh/id_rsa
+}}}
=== configure iptables (via ferm) ===
=== add slave nodes ===
-For each slave node (only bar for this example), on the master node (foo):
+For each slave node (only bar for this example):
+
+on the slave, append the master's /etc/ssh/ssh_host_rsa_key.pub to
+/etc/ssh/userkeys/root. This is only required temporarily - once
+everything works puppet will put it/keep it there.
+
+on the master node (foo):
{{{
gnt-node add \
* the primary and secondary nodes have been explicitly set
* the operating system type is 'debootstrap+dsa'
* the network interfarce 0 (eth1 on the system) is set to the instance's interface on the public network
+* If qux.d.o does not yet exist in DNS/LDAP, you may need --no-ip-check --no-name-check. Be careful that the hostname and IP address are not taken already!
----
--os-size 4GiB \
--os-type debootstrap+dsa \
--hypervisor-parameters kvm:initrd_path=,kernel_path= \
- --net 0:ip=A.B.C.4,1:ip=E.F.G.4 \
+ --net 0:ip=A.B.C.4 \
+ --net 1:ip=E.F.G.4 \
qux.debian.org
}}}
-Please note that the dsa bootscript will only configure eth1 (nic0). If
-specifying a second internface, the guest operating system must be updated
-manually.
+* If qux.d.o does not yet exist in DNS/LDAP, you may need --no-ip-check --no-name-check. Be careful that the hostname and IP address are not taken already!
When updating an existing instance, add the interface:
projects / mirror / dsa-wiki.git / blobdiff