#How to deploy MAAS This document will describe how to deploy Ubuntu® MAAS supporting some Windows features. *You can find more info about MAAS here: [https://maas.ubuntu.com](https://maas.ubuntu.com)* *Note:* If you are deploying on a vmware/esxi environment, be sure to change your network adapter type inside your vmx files to e1000e. Do this for every interface. Example: ``` ethernet0.virtualDev = "e1000e" ``` This should be the case for all other hypervisors as well. Also, if using KVM/QEMU make sure that the block device controllers are IDE or SATA, unless you have bundeled virtio drivers when creating the PXE installation media. If you plan on deploying MaaS on Hyper-V using Generation 2 images, you will need to disable secure boot in VMs and patch grubx64.efi located in: ``` wget http://wiki.cloudbase.it/_media/grubnetx64.efi.gz gunzip grubnetx64.efi.gz cp grubnetx64.efi /var/lib/maas/boot-resources/current/grubx64.efi ``` or get the Ubuntu 16.10 grub2 version: ``` wget http://archive.ubuntu.com/ubuntu/dists/yakkety/main/uefi/grub2-amd64/2.02~beta2-36ubuntu11/grubnetx64.efi \ -O /var/lib/maas/boot-resources/current/grubx64.efi ``` Follow this article to [compile GRUB with Generation 2 VM support](http://wiki.cloudbase.it/hyperv-uefi-grub) **NOTE: this will be overwritten by maas every time something changes in boot images (eg: upload new image, maas updates images from simplestreams)** ##Prerequisite ###Machine 1 – MAAS Controller * Ubuntu 16.04 Server w/ two NIC's (1 external, 1 private). * The external is connected to the internet, the private will be used for MAAS deployment. ###Note Ubuntu doesn't come with the standard naming interfaces like eth0 eth1 anymore instead you will see ens3 ens9 because of systemd renaming those. Let's assume the ens3 is the primary one and ensp5s the second one. *Example interface configuration:* ```bash # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto ens3 iface ens3 inet static address 192.168.122.157 netmask 255.255.255.0 gateway 192.168.122.1 dns-nameservers 8.8.8.8 8.8.4.4 # The secondary network interface # This is used for internal maas only auto ens9 iface ens9 inet static address 10.10.10.10 netmask 255.255.255.0 ``` ###Machine 2 – Windows Image Generator * Windows Server 2012 R2/ Hyper-V server 2012 R2 * 1 NIC (external) **Important:** Machine 2 will need network acces to the Machine 1 samba server. ###Machine 3, 4, etc. – MAAS slaves * Configure one of the NIC's to be connected on the MAAS private network. * The BIOS/EFI has to be configured for network boot. ##Preparing MAAS Controller ###Install Ubuntu 16.04 server Basic install ###Add ppa:maas-maintainers/stable *Note:* This will add the current MAAS distribution. ```bash sudo apt-get update sudo apt-get upgrade sudo apt-get dist-upgrade sudo apt-get install openssh-server vlan sudo apt-get install software-properties-common -y sudo add-apt-repository ppa:maas/stable -y sudo apt-get update ``` ###Install maas ```bash sudo apt-get install maas maas-dns maas-dhcp maas-proxy -y ``` NOTE: When asked for the Ubuntu MAAS API address, double check the detected URL uses ens3’s (external) IP address: http://192.168.122.157/MAAS/. You can later change this by running: ```bash sudo dpkg-reconfigure maas-rack-controller ``` Also, double check that running ```bash sudo dpkg-reconfigure maas-region-controller ``` shows the IP address of ensp5s (managed NIC), if not set it to 10.10.10.10! ###Configure firewall and enable ip forwarding Add the following lines to one of your startup scripts. For most cases, /etc/rc.local should do. ``` /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE /sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT /sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT ``` Enable IPv4 forwarding: ``` echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf sysctl -p ``` In this example ens3 is the public interface and ens9 is the private one ### Create admin user Insert password when prompted. ```bash # maas 2.0 sudo maas-region createsuperuser ``` ###Test MAAS Web interface Head to `http:///MAAS/` and test if the MAAS webpage loads. ###Import Ubuntu boot images To import boot images you have to connect to the MAAS API ```bash sudo maas login http:///MAAS/ ``` You create a session with the name `` which you will use when you want to execute maas commands. `` is the IP used by your external NIC (eth0) and `` can be obtained from the web interface at `http:///MAAS/account/prefs/` Once you are connected to the MAAS API, you can import Ubuntu boot images ```bash sudo maas boot-resources import ``` ###Configure the cluster Edit the default cluster and enable DHCP and DNS on the interface where you will be serving DHCP (see the screenshot as an example). Open `http:///MAAS/clusters/` in a browser; **ens9** is most probably the one that needs to be configured. *Example:* Router IP = ens9's IP* IP = ens9's IP ![Screenshot](http://wiki.cloudbase.it/_media/screen_shot_2014-04-23_at_01.27.08.png) ### How to configure MAAS to be able to boot virtual machines with virsh The libvirt-bin package needs to be installed to get the virsh command ```bash sudo apt-get -y install libvirt-bin ``` If you want to use ssh you'll need to generate a ssh key pair for the maas user. By default there is no home directory created for the maas user. ```bash sudo mkdir -p ~maas sudo chown maas:maas ~maas ``` Add a login shell for the maas user (we'll only need this for the ssh-copy-id command later; if you're putting ssh keys in place manually or using a different mechanism, this step isn't strictly needed): ```bash sudo chsh -s /bin/bash maas ``` Generate a SSH keypair as the maas user (hit enter three times to accept the default path and empty password): ```bash sudo -u maas ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/maas/.ssh/id_rsa): Created directory '/home/maas/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/maas/.ssh/id_rsa. Your public key has been saved in /home/maas/.ssh/id_rsa.pub. ``` Then add the public key to ~ubuntu/.ssh/authorized_keys on the vm server so virsh can use ssh without a password: ```bash sudo -u maas -i ssh-copy-id ubuntu@192.168.122.1 ``` As the maas user, test virsh commands against libvirt at 192.168.122.1: ```bash sudo -u maas virsh -c qemu+ssh://ubuntu@192.168.122.1/system list --all ``` ###Set upstream DNS Open `http:///MAAS/settings/` in a browser. Look for "Upstream DNS used to resolve domains not managed by this MAAS" and set the DNS to something like 8.8.8.8 ###SSH Keys Add a ssh key for authentification to the nodes Generate a key: ```bash ssh-keygen -t rsa cat ~/.ssh/id_rsa.pub ``` Copy the output. Open `http:///MAAS/account/prefs/sshkey/add/` and paste the contents. ### x509 keys Create a x509 certificate to use with WinRM. This command is available on the MAAS node itself. ```bash maas-generate-winrm-cert ``` For your convenience, there are also self contained binaries available for [windows](http://wiki.cloudbase.it/_media/create-cert.zip) and [linux](http://wiki.cloudbase.it/_media/create-cert.linux.zip) Copy the outputed key to: Open `http:///MAAS/account/prefs/sslkey/add/` and paste the contents. ## Creating a windows image for MaaS To generate a new image for MaaS, you will need the following powershell scripts: ``` https://github.com/cloudbase/windows-openstack-imaging-tools/tree/experimental ``` For the moment, this only works on Windows. Please follow the inscructions detailed in the README of the above repo. There will also be an image builder that works on linux as well provided by the MaaS team. Stay tuned. ## Uploading a custom image At the moment the tools necessary to generate these images are not public. There will be a linux version of the tool available soon, and we are working on getting a windows version as well. This page will be updated as soon as they are made available. ```bash maas root boot-resources create name=windows/win2012r2 architecture=amd64/generic filetype=ddtgz content@=/home/maasctrl/windows-win2012r2-amd64-root-dd ``` If you are uploading a custom image (anything other then the officially supported ones) you will probably want to use: ```bash maas root boot-resources create name=customOS title="This is my custom OS" architecture=amd64/generic filetype=ddtgz content@=/home/maasctrl/customOS-amd64-root-dd ```