...
Info |
---|
Before you begin, you will need to know following connection information for the new managed server:
|
...
Expand | ||
---|---|---|
| ||
Step 2: Communication SettingsManaged servers require a ProVision user account and API IP in order to communicate configuration, data, and monitoring information. ProVision Username / Password: You may enter a specific ProVision username and password, or allow one to be automatically generated. If you enter an existing ProVision user, please ensure that the user is included under the 6cservers group and/or has full C/R/U/D resource permissions on the "6c server" resource. IP API Address: The API address the managed server should use. There are cases when the DNS servers are in different networks and should communicate with ProVision on different IPs. Click "Next" to proceed. |
...
The details of a server are organized into tabs: Settings, Services, Monitoring, and RPS.
Settings
By default, only "Display Name", "Server OS" and "FQDN or IP" fields are shown.
...
If there is newer version of any component, it will be downloaded and used.
The overall process is:
Requirements
...
Each command/step is shown together with the overall progress. The different steps take different time to complete, meaning 6/12 doesn't mean half of the time remains. The required time depends on the internet connection speed and CPU mainly. The longest steps are "setup_monitoring" and "setup_dhcp", they have to download the biggest containers.
Manual (from the command line)Manual (from the command line)
This case is usually when the user doesn't want to input the root user in ProVision, but he has root access. The setup bundle should be downloaded and saved on your local computer:
...
Install docker with the relevant commands for the OS. This can be done by running "install_docker.sh" from the setup bundle with root or any other suitable way
Install docker CentOS
Code Block | ||||
---|---|---|---|---|
|
...
Create the relevant user, add it to "docker" group, create "/provision" directory and make the created user owner of this directory.
User and directory setup
...
Make the necessary network changes. This can be done by running "network_config.sh" from the install bundle
Network config CentOS
Network config Ubuntu
...
Create service file and edit ﹤user﹥ with the correct system user.
pv_heartbeat.service
Make symlink to this file (replace /provision/libs/pv_heartbeat.service with the correct file path):
pv_heartbeat symlink
CentOS sudoers
Ubuntu sudoers
...
Reload the systemct daemon:
Reload services
From this point automatic or manual setup can be done with the non-root user
Update Managed Server
Updates may be automatic or manually performed.
Automatic:
In ProVision's Managed Servers page, open the server details. Then, under the settings tab, click "Run Actions, and select "Push Update".
From the command line on the server, execute "python3 /provision/libs/pv_update.py"
The process of update of a component is as follow:
...
| |||
yum update -y
yum install -y yum-utils bind-utils
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
systemctl enable docker
systemctl start docker
docker run hello-world |
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
sudo apt-get update
sudo apt-get install -y \
ca-certificates \
curl \
gnupg \
lsb-release
# default start
KEYRING_FILE=/usr/share/keyrings/docker-archive-keyring.gpg
[ -f "$KEYRING_FILE" ] && rm $KEYRING_FILE
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o $KEYRING_FILE
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=$KEYRING_FILE] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get -y install docker-ce docker-ce-cli containerd.io
sudo docker run hello-world |
Create the relevant user, add it to "docker" group, create "/provision" directory and make the created user owner of this directory.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
useradd -m <user>
passwd <user>
usermod -a -G docker <user>
mkdir -p /provision
chown -R <user>:<user> /provision |
Make the necessary network changes. This can be done by running "network_config.sh" from the install bundle
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
yum update -y
yum install -y yum-utils bind-utils iptables-services
systemctl enable iptables
#iptables -I INPUT -p udp -m udp --dport 53 -j ACCEPT
#service iptables save
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
ip6tables -P INPUT ACCEPT
ip6tables -P FORWARD ACCEPT
ip6tables -P OUTPUT ACCEPT
ip6tables -t nat -F
ip6tables -t mangle -F
ip6tables -F
ip6tables -X
service iptables save |
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
#!/usr/bin/sh
if [ "$(readlink /etc/resolv.conf)" != "/run/systemd/resolve/resolv.conf" ]; then
ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
fi
sed -i 's/^#DNSStubListener/DNSStubListener/;s/DNSStubListener=yes/DNSStubListener=no/' /etc/systemd/resolved.conf
systemctl stop systemd-resolved
systemctl start systemd-resolved |
- Create service file and edit ﹤user﹥ with the correct system user.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# https://www.cloudsavvyit.com/3092/how-to-add-your-own-services-to-systemd-for-easier-management/
# https://www.opentechguides.com/how-to/article/centos/169/systemd-custom-service.html
# https://computingforgeeks.com/how-to-run-systemd-service-without-root-sudo/
# https://unix.stackexchange.com/a/497011
[Unit]
Description=pv_heartbeat Service, which reports the current status.
After=network.target
# StartLimitIntervalSec=0
[Service]
Type=simple
Restart=always
RestartSec=1
User=<user>
ExecStart=/usr/bin/python3 /provision/libs/pv_heartbeat.py
[Install]
# WantedBy=multi-user.target
WantedBy=deault.target
Alias=pv_heartbeat.service
|
- Make symlink to this file (replace /provision/libs/pv_heartbeat.service with the correct file path):
Code Block | ||||
---|---|---|---|---|
| ||||
ln -s /etc/systemd/system/pv_heartbeat.service /provision/libs/pv_heartbeat.service |
- Create sudoers file (﹤user﹥ with the correct system user) and place it in /etc/sudoers.d:
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# https://unix.stackexchange.com/a/497011
Cmnd_Alias MANAGE_PV_HEARTBEAT = \
/bin/systemctl enable pv_heartbeat, \
/bin/systemctl disable pv_heartbeat, \
/bin/systemctl start pv_heartbeat, \
/bin/systemctl stop pv_heartbeat, \
/bin/systemctl restart pv_heartbeat, \
/bin/systemctl status pv_heartbeat
<user> ALL = (root) NOPASSWD: MANAGE_PV_HEARTBEAT
|
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# https://unix.stackexchange.com/a/497011
Cmnd_Alias MANAGE_PV_HEARTBEAT = \
/usr/bin/systemctl enable pv_heartbeat, \
/usr/bin/systemctl disable pv_heartbeat, \
/usr/bin/systemctl start pv_heartbeat, \
/usr/bin/systemctl stop pv_heartbeat, \
/usr/bin/systemctl restart pv_heartbeat, \
/usr/bin/systemctl status pv_heartbeat
<user> ALL = (root) NOPASSWD: MANAGE_PV_HEARTBEAT
|
Reload the systemctl daemon:
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
systemctl daemon-reload |
From this point automatic or manual setup can be done with the non-root user.
Update Managed Server
In ProVision's Managed Servers page, open the server details. Then, under the settings tab, click "Run Actions, and select "Push Update". ProVision will automatically create a backup file in /provision/backups/.
...
Managed Server Diagnostics / Debug
...