<markdown>
#How to deploy MAAS
This document will describe how to deploy Ubuntu® MAAS supporting some Windows features.

*You can find more info about MAAS here: [https://maas.ubuntu.com](https://maas.ubuntu.com)*

*Note:* If you are deploying on a vmware/esxi environment, be sure to change your network adapter type inside your vmx files to e1000e. Do this for every interface.
Example:
```
ethernet0.virtualDev = "e1000e" 
```

This should be the case for all other hypervisors as well. Also, if using KVM/QEMU make sure that the block device controllers are IDE or SATA, unless you have bundeled virtio drivers when creating the PXE installation media.

If you plan on deploying MaaS on Hyper-V using Generation 2 images, you will need to disable secure boot in VMs and patch grubx64.efi located in:

```
wget http://wiki.cloudbase.it/_media/grubnetx64.efi.gz
gunzip grubnetx64.efi.gz
cp grubnetx64.efi /var/lib/maas/boot-resources/current/grubx64.efi
```

or get the Ubuntu 16.10 grub2 version:

```
wget http://archive.ubuntu.com/ubuntu/dists/yakkety/main/uefi/grub2-amd64/2.02~beta2-36ubuntu11/grubnetx64.efi \
    -O /var/lib/maas/boot-resources/current/grubx64.efi
```
  
Follow this article to [compile GRUB with Generation 2 VM support](http://wiki.cloudbase.it/hyperv-uefi-grub)

**NOTE: this will be overwritten by maas every time something changes in boot images (eg: upload new image, maas updates images from simplestreams)**

##Prerequisite
###Machine 1 – MAAS Controller
* Ubuntu 16.04 Server w/ two NIC's (1 external, 1 private).
* The external is connected to the internet, the private will be used for MAAS deployment.

###Note
Ubuntu doesn't come with the standard naming interfaces like eth0 eth1 anymore
instead you will see ens3 ens9 because of systemd renaming those.
Let's assume the ens3 is the primary one and ensp5s the second one.

*Example interface configuration:*
```bash
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto ens3
iface ens3 inet static
	address 192.168.122.157
	netmask 255.255.255.0
	gateway 192.168.122.1
	dns-nameservers 8.8.8.8 8.8.4.4

# The secondary network interface
# This is used for internal maas only
auto ens9
iface ens9 inet static
	address 10.10.10.10
	netmask 255.255.255.0

```

###Machine 2 – Windows Image Generator
* Windows Server 2012 R2/ Hyper-V server 2012 R2
* 1 NIC (external)
**Important:** Machine 2 will need network acces to the Machine 1 samba server.

###Machine 3, 4, etc. – MAAS slaves
* Configure one of the NIC's to be connected on the MAAS private network.
* The BIOS/EFI has to be configured for network boot.

##Preparing MAAS Controller

###Install Ubuntu 16.04 server
Basic install

###Add ppa:maas-maintainers/stable
*Note:* This will add the current MAAS distribution.
	
```bash
sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade
sudo apt-get install openssh-server vlan
sudo apt-get install software-properties-common -y
sudo add-apt-repository ppa:maas/stable -y
sudo apt-get update
```

###Install maas

	
```bash
sudo apt-get install maas maas-dns maas-dhcp maas-proxy -y
```

NOTE: When asked for the Ubuntu MAAS API address, double check the detected URL uses ens3’s (external) IP address: http://192.168.122.157/MAAS/.
You can later change this by running:
```bash
sudo dpkg-reconfigure maas-rack-controller
```
Also, double check that running
```bash
sudo dpkg-reconfigure maas-region-controller
```
shows the IP address of ensp5s (managed NIC), if not set it to 10.10.10.10!


###Configure firewall and enable ip forwarding

Add the following lines to one of your startup scripts. For most cases, /etc/rc.local should do.
```
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
```

Enable IPv4 forwarding:

```
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
sysctl -p
```
In this example ens3 is the public interface and ens9 is the private one

### Create admin user
Insert password when prompted.
	
```bash
# maas 2.0
sudo maas-region createsuperuser
```

###Test MAAS Web interface
Head to `http://<maas-server-ip>/MAAS/` and test if the MAAS webpage loads. 

###Import Ubuntu boot images
To import boot images you have to connect to the MAAS API
```bash
sudo maas login <session-name> http://<maas-server-ip>/MAAS/ <maas-key>
```
You create a session with the name `<session-name>` which you will use when
you want to execute maas commands. `<maas-server-ip>` is the IP used by your 
external NIC (eth0) and `<maas-key>` can be obtained from the web interface
at `http://<maas-server-ip>/MAAS/account/prefs/`

Once you are connected to the MAAS API, you can import Ubuntu boot images
```bash
sudo maas <session-name> boot-resources import
```

###Configure the cluster
Edit the default cluster and enable DHCP and DNS on the interface where you will be serving DHCP (see the screenshot as an example).

Open `http://<maas-server-ip>/MAAS/clusters/` in a browser; **ens9** is most probably the one that needs to be configured.
	
*Example:*
Router IP = ens9's IP*
IP = ens9's IP

![Screenshot](http://wiki.cloudbase.it/_media/screen_shot_2014-04-23_at_01.27.08.png)

### How to configure MAAS to be able to boot virtual machines with virsh

The libvirt-bin package needs to be installed to get the virsh command
```bash
sudo apt-get -y install libvirt-bin
```
If you want to use ssh you'll need to generate a ssh key pair for the maas user. 
By default there is no home directory created for the maas user.
```bash
sudo mkdir -p ~maas
sudo chown maas:maas ~maas
```
Add a login shell for the maas user (we'll only need this for the ssh-copy-id command later; 
if you're putting ssh keys in place manually or using a different mechanism, this step isn't strictly needed):
```bash
sudo chsh -s /bin/bash maas
```

Generate a SSH keypair as the maas user (hit enter three times to accept the default path and empty password):
```bash
sudo -u maas ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/maas/.ssh/id_rsa): 
Created directory '/home/maas/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/maas/.ssh/id_rsa.
Your public key has been saved in /home/maas/.ssh/id_rsa.pub.
```
Then add the public key to ~ubuntu/.ssh/authorized_keys on the vm server so virsh can use ssh without a password:
```bash
sudo -u maas -i ssh-copy-id ubuntu@192.168.122.1
```
As the maas user, test virsh commands against libvirt at 192.168.122.1:
```bash
sudo -u maas virsh -c qemu+ssh://ubuntu@192.168.122.1/system list --all
```
###Set upstream DNS

Open `http://<maas-server-ip>/MAAS/settings/` in a browser. Look for "Upstream DNS used to resolve domains not managed by this MAAS" and set the DNS to something like 8.8.8.8

###SSH Keys
Add a ssh key for authentification to the nodes
	
Generate a key:
```bash
ssh-keygen -t rsa
cat ~/.ssh/id_rsa.pub
```

Copy the output.

Open `http://<maas-server-ip>/MAAS/account/prefs/sshkey/add/` and paste the contents.

### x509 keys

Create a x509 certificate to use with WinRM. This command is available on the MAAS node itself.

```bash
maas-generate-winrm-cert
```

For your convenience, there are also self contained binaries available for [windows](http://wiki.cloudbase.it/_media/create-cert.zip) and [linux](http://wiki.cloudbase.it/_media/create-cert.linux.zip)


Copy the outputed key to:

Open `http://<maas-server-ip>/MAAS/account/prefs/sslkey/add/` and paste the contents.

## Creating a windows image for MaaS

To generate a new image for MaaS, you will need the following powershell scripts:

```
https://github.com/cloudbase/windows-openstack-imaging-tools/tree/experimental
```

For the moment, this only works on Windows. Please follow the inscructions detailed in the README of the above repo. There will also be an image builder that works on linux as well provided by the MaaS team. Stay tuned.

## Uploading a custom image

At the moment the tools necessary to generate these images are not public. There will be a linux version of the tool available soon, and we are working on getting a windows version as well. This page will be updated as soon as they are made available.

```bash
maas root boot-resources create name=windows/win2012r2 architecture=amd64/generic filetype=ddtgz content@=/home/maasctrl/windows-win2012r2-amd64-root-dd
```

If you are uploading a custom image (anything other then the officially supported ones) you will probably want to use:

```bash
maas root boot-resources create name=customOS title="This is my custom OS" architecture=amd64/generic filetype=ddtgz content@=/home/maasctrl/customOS-amd64-root-dd
```
</markdown>