hosts : 10.10.10.0/24 vm : 10.10.11.0/24
0) backup hosting13
1) declare dns for all vms/hosts with new namespace (see http://trac.fsffrance.org/ticket/21 ) on vpn-dns, then /etc/init.d/bind9 restart
2) update dhcp to use new hostnames on all hosts :
cd /etc/dhcp3;hg pull /mnt/rentre.tld/etc/dhcp3;hg up;/etc/init.d/dhcp3-server restart
3) update bridge xen-br0 with hosting13 new ip (10.10.10.x) by adding it (do not delete the eth0 bridge, use ip addr), hosting13 will then be available using both 192.168.25 and 10.10.10 ips.
ip addr add 10.10.10.X dev xen-br0
+ add in /etc/network/interfaces :
post-up ip addr add 10.10.10.X dev xen-br0 post-up ip route add 10.10.11.0/24 dev xen-br0 post-up ip route add 10.10.10.0/24 dev xen-br0
for xen-br0.
3bis) check / configure rennes gw to allow traffic from / to the 10.10.10 , must be able to ssh on hosting13 using 10.10.10 ip from another vpn location.
4) Log in to javascript-trap vm on hosting13, and make a dhclient eth0. It should get it's ip 10.10.11.X with dhcp.
hosting8# gnt-instance console javascript-trap.rennes.tld javascript-trap.rennes.tld# dhclient eth0
4bis) try to ping it from hosting13
hosting13# ping 10.10.11.X
4ter) check / configure rennes gw to allow traffic from / to the 10.10.11, must be able to ssh on vm from another vpn location.
At this step, except for the fqdn which is still hosting13.rennes.tld, hosting13 should be available using 10.10.10 ip, with a vm using 10.10.11 ip
4quarter) update gateway shorewall / proxy vm to use new ip/vm hostname.
hosting11: /etc/shorewall# grep 192.168.25.XXX hosting11: /etc/shorewall# vi
5) rename vm on ganeti using gnt-instance rename --no-ip-check (because the ip is already used by the host) 5bis) update/check nagios
6) repeat steps 3 to 5 on other ganeti nodes after backup.
for every nodes, the vms will become unavailable between dhcp update and shorewall/proxy update.
7) on hosting8, stop ganeti daemon, backup /var/lib/ganeti, then replace all hostingXX.rennes.tld entry by rein-X.host.gnt, be sure rein-X.host.gnt is resolvable 7bis) update all host hostnames with rein-X.host.gnt fqdn (hostname rein-X.host.gnt + update /etc/hostname)
8) restart ganeti daemon, do a gnt-cluster redist-conf to update config on other nodes
======
0) screen rsync --delete -avHz --numeric-ids --exclude=/proc --exclude=/sys --link-dest=/mnt/rennes13/2009-06-24-rennes13.fsffrance.org/ root@…:/ .
1)
-
etc/bind/db.10.10
diff -r 4a0c7de0fd67 etc/bind/db.10.10
a b 4 4 ; 5 5 $TTL 604800 6 6 @ IN SOA localhost. root.localhost. ( 7 2009102 301 ; serial7 2009102901 ; serial 8 8 604800 ; Refresh 9 9 86400 ; Retry 10 10 2419200 ; Expire … … 2823 2823 4.11 IN PTR jolicloud.vm.gnt. 2824 2824 5.11 IN PTR microdtc34.vm.gnt. 2825 2825 6.11 IN PTR wormux.vm.gnt. 2826 7.11 IN PTR gnt-available-11-7.gnt.2827 8.11 IN PTR gnt-available-11-8.gnt.2828 9.11 IN PTR gnt-available-11-9.gnt.2829 10.11 IN PTR gnt-available-11-10.gnt.2830 11.11 IN PTR gnt-available-11-11.gnt.2831 12.11 IN PTR gnt-available-11-12.gnt.2832 13.11 IN PTR gnt-available-11-13.gnt.2826 7.11 IN PTR cspoker.vm.gnt. 2827 8.11 IN PTR dmail.dachary.vm.gnt. 2828 9.11 IN PTR javascript-trap.vm.gnt. 2829 10.11 IN PTR pksns1.pokersource.vm.gnt. 2830 11.11 IN PTR proxy.rein.vm.gnt. 2831 12.11 IN PTR shtooka.vm.gnt. 2832 13.11 IN PTR xenomai1.vm.gnt. 2833 2833 14.11 IN PTR gnt-available-11-14.gnt. 2834 2834 15.11 IN PTR gnt-available-11-15.gnt. 2835 2835 16.11 IN PTR gnt-available-11-16.gnt. -
etc/bind/db.gnt
diff -r 4a0c7de0fd67 etc/bind/db.gnt
a b 4 4 5 5 $ORIGIN gnt. 6 6 @ IN SOA ns hostmaster ( 7 2009102 301 ; serial7 2009102901 ; serial 8 8 1h ; refresh - time when the slave will try to refresh the zone from the master (8h) 9 9 30m ; update retry - time between retries if the slave (secondary) (2h) 10 10 ; fails to contact the master when refresh (above) has expired. … … 2827 2827 jolicloud.vm IN A 10.10.11.4 2828 2828 microdtc34.vm IN A 10.10.11.5 2829 2829 wormux.vm IN A 10.10.11.6 2830 gnt-available-11-7IN A 10.10.11.72831 gnt-available-11-8IN A 10.10.11.82832 gnt-available-11-9IN A 10.10.11.92833 gnt-available-11-10IN A 10.10.11.102834 gnt-available-11-11IN A 10.10.11.112835 gnt-available-11-12IN A 10.10.11.122836 gnt-available-11-13IN A 10.10.11.132830 cspoker.vm IN A 10.10.11.7 2831 dmail.dachary.vm IN A 10.10.11.8 2832 javascript-trap.vm IN A 10.10.11.9 2833 pksns1.pokersource.vm IN A 10.10.11.10 2834 proxy.rein.vm IN A 10.10.11.11 2835 shtooka.vm IN A 10.10.11.12 2836 xenomai1.vm IN A 10.10.11.13 2837 2837 gnt-available-11-14 IN A 10.10.11.14 2838 2838 gnt-available-11-15 IN A 10.10.11.15 2839 2839 gnt-available-11-16 IN A 10.10.11.16
and
(reverse-i-search)`re': /etc/init.d/bind9 reload
Then
cg25-011:~# /etc/init.d/bind9 restart cg25-011:~# host rein-1.host.gnt rein-1.host.gnt has address 10.10.10.1
2)
-
dhcpd.conf
diff -r 89ad314a5ab1 dhcpd.conf
a b 183 183 fixed-address wikipediasync.rennes.tld; 184 184 } 185 185 186 host javascript-trap.rennes {187 hardware ethernet 52:54:a2:bc:f8:55;188 fixed-address javascript-trap.rennes.tld;189 }186 # host javascript-trap.rennes { 187 # hardware ethernet 52:54:a2:bc:f8:55; 188 # fixed-address javascript-trap.rennes.tld; 189 # } 190 190 191 191 host cspoker.rennes { 192 192 hardware ethernet 52:54:2c:d5:b2:dc; … … 728 728 hardware ethernet 52:54:5c:53:6c:b3; 729 729 fixed-address jolicloud.vm.gnt; 730 730 } 731 732 731 host cdp.dachary.vm.gnt { 733 732 hardware ethernet 52:54:5e:ac:66:82; 734 733 fixed-address cdp.dachary.vm.gnt; 735 734 } 736 737 735 host dev-vm1.vm.gnt { 738 736 hardware ethernet 52:54:de:6a:59:3b; 739 737 fixed-address dev-vm1.vm.gnt; 740 738 } 741 742 739 host dev-vm2.vm.gnt { 743 740 hardware ethernet 52:54:e5:fa:00:32; 744 741 fixed-address dev-vm2.vm.gnt; 745 742 } 743 host cspoker.vm.gnt { 744 hardware ethernet 52:54:2c:d5:b2:dc; 745 fixed-address cspoker.vm.gnt; 746 } 747 host dmail.dachary.vm.gnt { 748 hardware ethernet 52:54:15:6a:ad:64; 749 fixed-address dmail.dachary.vm.gnt; 750 } 751 host javascript-trap.vm.gnt { 752 hardware ethernet 52:54:a2:bc:f8:55; 753 fixed-address javascript-trap.vm.gnt; 754 } 755 host pksns1.pokersource.vm.gnt { 756 hardware ethernet 52:54:36:98:be:d2; 757 fixed-address pksns1.pokersource.vm.gnt; 758 } 759 host proxy.rein.vm.gnt { 760 hardware ethernet 00:93:19:98:7e:0e; 761 fixed-address proxy.rein.vm.gnt; 762 } 763 host shtooka.vm.gnt { 764 hardware ethernet 00:a0:3b:7e:ba:ce; 765 fixed-address shtooka.vm.gnt; 766 } 767 host xenomai1.vm.gnt { 768 hardware ethernet 52:54:ad:f3:78:5c; 769 fixed-address xenomai1.vm.gnt; 770 } 771 772 746 773 } 747 774 # You can declare a class of clients and then do address allocation 748 775 # based on that. The example below shows a case where all clients
hosting8:~# for i in 13 14 15 16 17;do ssh hosting$i "cd /etc/dhcp3;hg pull /mnt/rentre.tld/etc/dhcp3;hg up;/etc/init.d/dhcp3-server restart";done
3) Update openvpn :
-
etc/openvpn/ccd/call
diff -r 3c137c16fb86 etc/openvpn/ccd/call
a b 7 7 push "route 192.168.181.0 255.255.255.0" # snif 8 8 push "route 192.168.170.0 255.255.255.0" # densha 9 9 push "route 192.168.70.0 255.255.255.0" # kutsu 10 push "route 10.10.1.0 255.255.255.0" # vm11 push "route 10.10.0.0 255.255.255.0" # vm host10 push "route 10.10.1.0 255.255.255.0" # z2 vm 11 push "route 10.10.0.0 255.255.255.0" # z2 vm host 12 12 push "route 192.168.14.0 255.255.255.0" # erwan 13 push "route 10.10.11.0 255.255.255.0" # z2 vm 14 push "route 10.10.10.0 255.255.255.0" # z2 vm host 13 15 -
etc/openvpn/ccd/rennes
diff -r 3c137c16fb86 etc/openvpn/ccd/rennes
a b 10 10 11 11 12 12 iroute 192.168.25.0 255.255.255.0 13 iroute 10.10.10.0 255.255.255.0 14 iroute 10.10.11.0 255.255.255.0
openvpn:/etc/openvpn/ccd# /etc/init.d/openvpn reload Reloading virtual private network daemon: server.
cg25-011:~# /etc/init.d/openvpn reload Reloading virtual private network daemon: rennes.
maxence@call:~$ sudo /etc/init.d/openvpn reload [sudo] password for maxence: * Reloading virtual private network daemon(s)... * Restarting VPN 'call'
#Add routing information on gw
cg25-011:~# ip r add 10.10.10.0/24 dev eth0
cg25-011:~# ip r add 10.10.11.0/24 dev eth0
hosting13:~# ip addr add 10.10.10.2 dev xen-br0
Test :
cg25-011:~# ping 10.10.10.2 PING 10.10.10.2 (10.10.10.2) 56(84) bytes of data. 64 bytes from 10.10.10.2: icmp_seq=1 ttl=64 time=4.20 ms
maxence@call:~$ ping 10.10.10.2 PING 10.10.10.2 (10.10.10.2) 56(84) bytes of data. 64 bytes from 10.10.10.2: icmp_seq=1 ttl=63 time=45.0 ms maxence@call:~$ ssh root@10.10.10.2 The authenticity of host '10.10.10.2 (10.10.10.2)' can't be established. RSA key fingerprint is 7e:09:1a:77:ce:c4:37:34:bb:13:42:11:1b:dd:81:1e. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.10.10.2' (RSA) to the list of known hosts. Linux hosting13 2.6.26-2-xen-amd64 #1 SMP Thu Aug 20 00:36:34 UTC 2009 x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Thu Oct 29 10:57:02 2009 from hosting8.rennes.tld -bash: warning: setlocale: LC_ALL: cannot change locale (fr_FR.UTF-8) hosting13:~#
4) When dhclient :
Oct 29 12:15:13 hosting13 dhcpd: Interface xen-br0 matches multiple shared networks
Comment the subnet declaration for 192.168.25 since it shouldn't be use anymore :
-
dhcpd.conf
diff -r 452c864c7f79 dhcpd.conf
a b 590 590 option routers gw.rennes.tld.; 591 591 option domain-name-servers gw.rennes.tld; 592 592 593 594 593 # subnet 192.168.25.0 netmask 255.255.255.0 { 594 # } 595 595 596 596 #sample host 597 597 # host foo.rennes {
javascript-trap:~# dhclient eth0 Internet Systems Consortium DHCP Client V3.1.1 Copyright 2004-2008 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ Listening on LPF/eth0/52:54:a2:bc:f8:55 Sending on LPF/eth0/52:54:a2:bc:f8:55 Sending on Socket/fallback DHCPREQUEST on eth0 to 255.255.255.255 port 67 DHCPACK from 192.168.25.13 bound to 10.10.11.9 -- renewal in 2724 seconds
maxence@call:~$ ssh root@javascript-trap.vm.gnt Linux javascript-trap 2.6.26-2-xen-amd64 #1 SMP Thu Aug 20 00:36:34 UTC 2009 x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Thu Oct 29 16:49:13 2009 from 10.8.0.6 javascript-trap:~#
Update apache2 config on proxy.rennes.tld :
-
etc/apache2/sites-enabled/javascript-trap.fsffrance.org
diff -r 05ec2d869cbb etc/apache2/sites-enabled/javascript-trap.fsffrance.org
a b 1 1 <VirtualHost *> 2 2 ServerName javascript-trap.fsffrance.org 3 ServerAlias javascript-trap. rennes.tld4 ProxyPass / http://javascript-trap. rennes.tld/5 ProxyPassReverse / http://javascript-trap. rennes.tld/3 ServerAlias javascript-trap.vm.gnt 4 ProxyPass / http://javascript-trap.vm.gnt/ 5 ProxyPassReverse / http://javascript-trap.vm.gnt/ 6 6 ServerAdmin loic@dachary.org 7 ErrorLog /var/log/apache2/javascript-trap. rennes.tld-error.log8 CustomLog /var/log/apache2/javascript-trap. rennes.tld-access.log common7 ErrorLog /var/log/apache2/javascript-trap.vm.gnt-error.log 8 CustomLog /var/log/apache2/javascript-trap.vm.gnt-access.log common 9 9 </VirtualHost>
proxy:/etc/apache2/sites-enabled# /etc/init.d/apache2 restart
Check http://javascript-trap.fsffrance.org : "It works !".
5)
hosting8:/etc/dhcp3# gnt-instance shutdown javascript-trap.rennes.tld hosting8:/etc/dhcp3# gnt-instance rename --no-ip-check javascript-trap.rennes.tld javascript-trap.vm.gnt hosting8:/etc/dhcp3# gnt-instance list|grep javasc javascript-trap.vm.gnt xen-pvm debootstrap hosting13.rennes.tld running 512M hosting8:/etc/dhcp3# gnt-instance start javascript-trap.vm.gnt
