Add configurable EG username/password

[working/random.git] / README

Automated VM Builder
====================
:toc:
:numbered:

This automated VM Builder script set is intended to allow someone who does not
have experience setting up Evergreen get one or more "test" virtual machines
running. The initial setup should be done by someone familiar with linux, or
more specifically Ubuntu, after which setting up new test virtual machines is
hopefully as simple as running a command and waiting for things to finish.

Host Machine Requirements
-------------------------

This script setup currently expects to be running on an Ubuntu system and uses
the ubuntu-vm-builder package. In addition, the host machine will need to
support hardware virtualization.

The latter can be checked by running kvm-ok, which is provided by cpu-checker.

[source,bash]
--------------------------------------------------------------------------------
sudo apt-get install cpu-checker
kvm-ok
--------------------------------------------------------------------------------

Depending on your system configuration you may need to change bios settings to
enable hardware virtualization before kvm-ok will return success.

Required Packages
~~~~~~~~~~~~~~~~~

In order to build virtual machines you will need several packages. The command
below should install the packages you need.

[source,bash]
--------------------------------------------------------------------------------
sudo apt-get install ubuntu-vm-builder kvm libvirt-bin git wget
--------------------------------------------------------------------------------

After installing those packages you should add the user you wish to run the
scripts as to the libvirtd group as well, giving them the ability to control
virtual machines. This is accomplished with the following command.

[source,bash]
--------------------------------------------------------------------------------
sudo adduser $USER libvirtd
--------------------------------------------------------------------------------

Bridge Configuration
~~~~~~~~~~~~~~~~~~~~

In order to get the virtual machine(s) onto the network you will need to setup
at least one bridge. To set one up manually you should edit the
/etc/network/interfaces file.

It is recommended that when using bridges you disable the original interface(s)
by commenting out the "auto eth#" line(s). You would then add a new bridge that
is configured similarly to the original interface:

[source]
--------------------------------------------------------------------------------
# Static Configuration
iface br0 inet static
        address 10.0.0.2
        netmask 255.255.255.0
        network 10.0.0.0
        broadcast 10.0.0.255
        gateway 10.0.0.1
        dns-nameservers 10.0.0.1 10.0.0.254
        dns-search example.com
        bridge_ports eth0
        bridge_fd 9
        bridge_hello 2
        bridge_maxage 12
        bridge_stp off

# DHCP configuration
iface br1 inet dhcp
        bridge_ports eth1
        bridge_fd 9
        bridge_hello 2
        bridge_maxage 12
        bridge_stp off
--------------------------------------------------------------------------------

I recommend naming your bridge interfaces similarly to the network interface you
are using for the bridge. That is, eth# becomes br# so that:
    * eth0 = br0
    * eth1 = br1
    * eth4 = br4

If you are configured to support multiple VLANs on your interfaces then follow
the overall pattern:
    * eth0.5 = br0.5
    * eth1.120 = br1.120
    * eth4.30 = br4.30

This overall bridge naming scheme helps to ensure you know exactly where your
virtual machines are being attached to the network.

Optional: Local caching
~~~~~~~~~~~~~~~~~~~~~~~

Locally caching install packages may be of benefit for repeated VM building. The
two areas that benefit from this the most are apt and CPAN.

For CPAN I find a local mirror works well and how/where/if you set one up is up
to you. Instructions can be obtained from CPAN here:
http://www.cpan.org/misc/how-to-mirror.html

For apt I find that apt-cacher or variants thereof work well and don't require
the storage space of a full apt mirror.

Configuration
-------------

Base config
~~~~~~~~~~~

For the base configuration you should copy "config.example" to "config" and then
make your changes, if any. Reasonable defaults have been provided for all
options though you may want to pay attention to the following.

Repo Locations
++++++++++++++

The GIT Repo locations can be configured to allow for local or alternate mirrors
to be used instead of the official ones. Note that in most cases only the
working repos are actually loaded.

EGVMUSEDOMAIN
+++++++++++++

If your vmname.domain values resolve then it is recommended that you turn this
setting on. By doing so the staff clients built will use the domain for the
initial hostname and automatic updates.

EGVMSMARTHOST
+++++++++++++

If you wish to test email delivery you will want to set this to an appropriate
mail server. With it set all email generated by the server will be delivered to
the server in question. Information on capturing all mail from a given host when
using postfix is provided in a later section.

Without this option no mail delivery will be supported.

EGVMAPTMIRROR and EGVMCPANURLLIST
+++++++++++++++++++++++++++++++++

These options control whether or not local mirrors or cache servers are used for
apt and CPAN. EGVMAPTMIRROR can also be used to point at an apt cacher or proxy.

Individual VM configuration
~~~~~~~~~~~~~~~~~~~~~~~~~~~

In the vmbuilder folder you should find an example configuration file. Using
that file as a base you will need to create one or more hostname.conf files.

Each hostname.conf file defines a different virtual machine that can be built.
You will specify the network information, password, memory, cpu count, drive and
swap sizes, and suite information here at a minimum.

SSL Certificates
~~~~~~~~~~~~~~~~

In addition to everything else you will need to provide SSL certificates. For
ease of testing I recommend using a single domain for all the virtual machines
and obtaining a single wildcard certificate for the set.

The crt file, key file, and if needed chain (or bundle) file should be placed in
the files/ssl folder to be automatically copied into place in the individual
virtual machines. If a chain.crt file is present the virtual machines will
automatically add the proper configuration lines to use it.

Building VMs
------------

Once everything is configured you will need to build the VMs. At this stage it
may be beneficial to either ensure you do not need a password to run "sudo" or
that you have pre-entered the password by running "sudo -v".

The command for setting up a virtual machine is setupvm and the only required
argument is the virtual machine name. If vmbuilder/$VMNAME.conf does not exist
then the script will report as such.

[source,bash]
--------------------------------------------------------------------------------
./setupvm testsystem
--------------------------------------------------------------------------------

You can also specify branches to load in the Evergreen, OpenSRF, and (if enabled
in config) SIPServer repositories. These branches are generally expected to be
located in the community "working" repositories. The syntax is project:branch.

[source,bash]
--------------------------------------------------------------------------------
./setupvm testsystem Evergreen:working/user/somedude/lpsomething
--------------------------------------------------------------------------------

You can specify as many branches as you want. Note, however, that if any of the
branches do not merge cleanly and automatically then the virtual machine will
fail to build.

In the event you wish to test a branch against something other than master you
can specify that with repo:BASE:branch, which will check out the branch from the
main git repository. This should be done *before* any merge branches are
specified as the actions are taken in order.

[source,bash]
--------------------------------------------------------------------------------
./setupvm testsystem Evergreen:BASE:rel_2_7 Evergreen:working/user/somedude/lpsomething_2_7
--------------------------------------------------------------------------------

Capturing email with Postfix
----------------------------

It is possible to configure a postfix install to capture all mail from a given
host, or set of hosts, into a given account. By doing this you can ensure that
any email generated by a test system can be examined without worry about the
apparent destination. This is generally a useful configuration for training,
development, and test systems.

This script's side of this is configured with the EGVMSMARTHOST option in the
config file. The specified smarthost, however, will need to be configured to
capture email. This is easily done with a check_client_access configuration
utilizing the REDIRECT parameter. For example, if you have /etc/postfix/access
containing the following:

[source]
--------------------------------------------------------------------------------
10.0.0.10 REDIRECT testserver0@domain.ext
10.0.0.11 REDIRECT testserver1@domain.ext
--------------------------------------------------------------------------------

You will need to compile that into a hash file:

[source,bash]
--------------------------------------------------------------------------------
sudo postalias hash:/etc/postfix/access
--------------------------------------------------------------------------------

And then you can add to, for example, smtpd_recipient_restrictions to check the
newly created hash:

[source]
--------------------------------------------------------------------------------
check_client_access hash:/etc/postfix/access,
--------------------------------------------------------------------------------