This document will describe how to deploy Ubuntu® MAAS supporting some Windows features.
You can find more info about MAAS here: https://maas.ubuntu.com
Note: If you are deploying on a vmware/esxi environment, be sure to change your network adapter type inside your vmx files to e1000e. Do this for every interface. Example:
ethernet0.virtualDev = "e1000e"
This should be the case for all other hypervisors as well. Also, if using KVM/QEMU make sure that the block device controllers are IDE or SATA, unless you have bundeled virtio drivers when creating the PXE installation media.
If you plan on deploying MaaS on Hyper-V using Generation 2 images, you will need to disable secure boot in VMs and patch grubx64.efi located in:
wget http://wiki.cloudbase.it/_media/grubnetx64.efi.gz gunzip grubnetx64.efi.gz cp grubnetx64.efi /var/lib/maas/boot-resources/current/grubx64.efi
or get the Ubuntu 16.10 grub2 version:
wget http://archive.ubuntu.com/ubuntu/dists/yakkety/main/uefi/grub2-amd64/2.02~beta2-36ubuntu11/grubnetx64.efi \ -O /var/lib/maas/boot-resources/current/grubx64.efi
Follow this article to compile GRUB with Generation 2 VM support
NOTE: this will be overwritten by maas every time something changes in boot images (eg: upload new image, maas updates images from simplestreams)
Ubuntu doesn't come with the standard naming interfaces like eth0 eth1 anymore instead you will see ens3 ens9 because of systemd renaming those. Let's assume the ens3 is the primary one and ensp5s the second one.
Example interface configuration:
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto ens3 iface ens3 inet static address 192.168.122.157 netmask 255.255.255.0 gateway 192.168.122.1 dns-nameservers 8.8.8.8 8.8.4.4 # The secondary network interface # This is used for internal maas only auto ens9 iface ens9 inet static address 10.10.10.10 netmask 255.255.255.0
Basic install
Note: This will add the current MAAS distribution.
sudo apt-get update sudo apt-get upgrade sudo apt-get dist-upgrade sudo apt-get install openssh-server vlan sudo apt-get install software-properties-common -y sudo add-apt-repository ppa:maas/stable -y sudo apt-get update
sudo apt-get install maas maas-dns maas-dhcp maas-proxy -y
NOTE: When asked for the Ubuntu MAAS API address, double check the detected URL uses ens3’s (external) IP address: http://192.168.122.157/MAAS/. You can later change this by running:
sudo dpkg-reconfigure maas-rack-controller
Also, double check that running
sudo dpkg-reconfigure maas-region-controller
shows the IP address of ensp5s (managed NIC), if not set it to 10.10.10.10!
Add the following lines to one of your startup scripts. For most cases, /etc/rc.local should do.
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE /sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT /sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
Enable IPv4 forwarding:
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf sysctl -p
In this example ens3 is the public interface and ens9 is the private one
Insert password when prompted.
# maas 2.0 sudo maas-region createsuperuser
Head to http://<maas-server-ip>/MAAS/
and test if the MAAS webpage loads.
To import boot images you have to connect to the MAAS API
sudo maas login <session-name> http://<maas-server-ip>/MAAS/ <maas-key>
You create a session with the name <session-name>
which you will use when
you want to execute maas commands. <maas-server-ip>
is the IP used by your
external NIC (eth0) and <maas-key>
can be obtained from the web interface
at http://<maas-server-ip>/MAAS/account/prefs/
Once you are connected to the MAAS API, you can import Ubuntu boot images
sudo maas <session-name> boot-resources import
Edit the default cluster and enable DHCP and DNS on the interface where you will be serving DHCP (see the screenshot as an example).
Open http://<maas-server-ip>/MAAS/clusters/
in a browser; ens9 is most probably the one that needs to be configured.
Example: Router IP = ens9's IP* IP = ens9's IP
The libvirt-bin package needs to be installed to get the virsh command
sudo apt-get -y install libvirt-bin
If you want to use ssh you'll need to generate a ssh key pair for the maas user. By default there is no home directory created for the maas user.
sudo mkdir -p ~maas sudo chown maas:maas ~maas
Add a login shell for the maas user (we'll only need this for the ssh-copy-id command later; if you're putting ssh keys in place manually or using a different mechanism, this step isn't strictly needed):
sudo chsh -s /bin/bash maas
Generate a SSH keypair as the maas user (hit enter three times to accept the default path and empty password):
sudo -u maas ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/maas/.ssh/id_rsa): Created directory '/home/maas/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/maas/.ssh/id_rsa. Your public key has been saved in /home/maas/.ssh/id_rsa.pub.
Then add the public key to ~ubuntu/.ssh/authorized_keys on the vm server so virsh can use ssh without a password:
sudo -u maas -i ssh-copy-id ubuntu@192.168.122.1
As the maas user, test virsh commands against libvirt at 192.168.122.1:
sudo -u maas virsh -c qemu+ssh://ubuntu@192.168.122.1/system list --all
Open http://<maas-server-ip>/MAAS/settings/
in a browser. Look for "Upstream DNS used to resolve domains not managed by this MAAS" and set the DNS to something like 8.8.8.8
Add a ssh key for authentification to the nodes
Generate a key:
ssh-keygen -t rsa cat ~/.ssh/id_rsa.pub
Copy the output.
Open http://<maas-server-ip>/MAAS/account/prefs/sshkey/add/
and paste the contents.
Create a x509 certificate to use with WinRM. This command is available on the MAAS node itself.
maas-generate-winrm-cert
For your convenience, there are also self contained binaries available for windows and linux
Copy the outputed key to:
Open http://<maas-server-ip>/MAAS/account/prefs/sslkey/add/
and paste the contents.
To generate a new image for MaaS, you will need the following powershell scripts:
https://github.com/cloudbase/windows-openstack-imaging-tools/tree/experimental
For the moment, this only works on Windows. Please follow the inscructions detailed in the README of the above repo. There will also be an image builder that works on linux as well provided by the MaaS team. Stay tuned.
At the moment the tools necessary to generate these images are not public. There will be a linux version of the tool available soon, and we are working on getting a windows version as well. This page will be updated as soon as they are made available.
maas root boot-resources create name=windows/win2012r2 architecture=amd64/generic filetype=ddtgz content@=/home/maasctrl/windows-win2012r2-amd64-root-dd
If you are uploading a custom image (anything other then the officially supported ones) you will probably want to use:
maas root boot-resources create name=customOS title="This is my custom OS" architecture=amd64/generic filetype=ddtgz content@=/home/maasctrl/customOS-amd64-root-dd