Build a Software RAID5 Based Debian/Ganeti System only on a non-UEFI System

NOTE: this will not work on a UEFI capable system. It will fail at grub installation. Try This recipie instead.

Install Debian

  • Before install, it is wise to disable DHCP service so one can manuall set the system IP data
  • Boot Debian CD/ISO
  • Choose Install
  • Choose English, UK (so you can get UCT)
  • Choose American English
  • Name the host
  • Select the Ethernet interface to be used
  • Configure Ethernet IP Address, Netmask, Gateway, and DNS Service
  • Configure Hostname and Domain Name
  • Choose root password
  • Choose user name and password
  • Partition Disks
    • Choose Manual Partitioning
    • Select the first drive
    • Create a new empty partition table
    • Select each of the other Drives and Create a new empty partition table
    • Configure Software RAID
    • Write Changes and Configure RAID
    • Create MD Device
    • Select RAID5
    • Number of Devices should be all the drives you have
    • Number of Spare Drives is 0
    • Select all the drives and continue
    • Write the changes and configure RAID
    • Finish
  • Configure LVM
    • Configure LVM accepting write changes to disks
    • Create volume group
      • Volume group name: ganeti
      • Devices for the new volume group: select /dev/md0
      • Keep partioning and write
    • Create Logical Volume: on ganeti, root, 16G
    • Create Logical Volume: on ganeti, swap, 16G
    • Create Logical Volume: on ganeti, var, 16G
    • Finish
    • Edit the Logical Volumes to be ext4 /, swap, and ext4 /var
    • Finish partitioning and write changes
  • Finish partitioning and write changes to disk
  • Debian will now install and you will do the normal mirror selection etc.
  • Only install SSH Server and Debian Utilities
  • Install GRUB
  • Be sure it will not boot CD-ROM, and Reboot from the installed system

Finish Debian Installation

Install homey things (it's not a computer without emacs:)

apt-get update
apt-get upgrade
apt-get install emacs23-nox rsync gcc bridge-utils vlan sudo unbound
usermod -G sudo -a randy

Copy root's credentials and dot-files from a known system

Fix /etc/ssh/sshd_config to forbid passwords

PermitRootLogin without-password

And restart the ssh daemon

service ssh restart

Fix hostname

echo > /etc/hostname
hostname `cat /etc/hostname`

Fix /etc/unbound/unbound.conf

        access-control: allow
        access-control: allow
        access-control: refuse
        access-control: ::1 allow
        access-control: ::ffff: allow
        access-control: 2001:deb::/48
        access-control: ::0/0 refuse

And restart unbound

service unbound restart

Clean up from CDROM sources

vi /etc/apt/sources.list

and delete the two CDROM entries at the top

Make ISO FileSystem

lvcreate -n ISOs -L 128G ganeti
mkdir /ISOs
mkfs /dev/mapper/ganeti-ISOs

and then add it to /etc/fstab

/dev/mapper/ganeti/ISOs /ISOs   ext4    defaults        0       2

and then you can mount it

mount /ISOs

Unattended Upgrades, syslog-NG, etc.

Install Unattended Upgrading

Install syslog-ng

apt-get install syslog-ng

Hack /etc/logrotate.d/syslog-ng

*** /etc/logrotate.d/syslog-ng~ 2013-03-20 17:30:26.000000000 +0000
--- /etc/logrotate.d/syslog-ng  2014-07-31 14:00:08.148813531 +0100
*** 29,34 ****
--- 29,36 ----
+       mailfirst
+       mail

Fix Exim

dpkg-reconfigure exim4-config

Use internet mail
System name is
Only listen on local interfaces
Relay mail for noone

Debian Ganeti Specific Configuration

Edit /etc/hosts to have the real address of the host, e.g.          localhost vm0 vm1 vm2 vm3 gnt0

Fix /etc/network/interfaces

Make eth0 hang off of whatever your bridge will be called

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet manual

auto br-lan
iface br-lan inet static
  bridge_ports    eth0
  bridge_stp      off
  bridge_fd       0
  bridge_maxwait  0

iface br-lan inet6 static
  address 2001:418:3807::30
  netmask 64
  gateway 2001:418:3807::1

auto eth1
iface eth1 inet manual

auto br-hack
iface br-hack inet static
    bridge_ports    eth1
    bridge_stp      off
    bridge_fd       0
    bridge_maxwait  0

Check /etc.resolv.comf

In theory, this looks like

                            |         this host
                  |                   |
                  |       eth0        |
                  |                   |
                           +------> to other ganeti hosts

Install Ganeti

Set up to get Ganeti from backports on all three servers, vm0, vm1, and vm2

cat >> /etc/apt/sources.list.d/wheezy-backports.list
deb wheezy-backports main

And then install it on all three servers

apt-get update
apt-get install ganeti/wheezy-backports

Fix up drbd

echo "options drbd minor_count=128 usermode_helper=/bin/true" > /etc/modprobe.d/drbd.conf
rmmod drbd      # ignore any error
modprobe drbd

Initialize and Build Ganeti Cluster

Only on the master node of the cluster

gnt-cluster init \
  --master-netdev=br-lan \
  --enabled-hypervisors=kvm \
  -H kvm:kernel_path="",initrd_path="" \
  --vg-name=ganeti \
  -N link=br-hack \
  -s \

If it barfs, try

gnt-cluster destroy --yes-do-it

then re-run gnt-cluster init ...

If you get into gnutls problems check apt-get upgrade and dist-upgrade

Check That Cluster is Happy

Fix VNC passwording

echo 'salad-daze' > /etc/ganeti/vnc-cluster-password
gnt-cluster modify -H kvm:vnc_password_file=/etc/ganeti/vnc-cluster-password

Test that the cluster was built happily

gnt-cluster verify

If you get

Fri Mar 14 05:20:55 2014   - ERROR: node volume ganeti/root is unknown
Fri Mar 14 05:20:55 2014   - ERROR: node volume ganeti/swap is unknown
Fri Mar 14 05:20:55 2014   - ERROR: node volume ganeti/var is unknown

That's OK. To make it go away

gnt-cluster modify --reserved-lvs=ganeti/root,ganeti/swap,ganeti/var

Add Nodes to Cluster

Now add vm1, vm2, and vm3 to the cluster by the following on vm0

gnt-node add -s vm1
gnt-node add -s vm2
gnt-node add -s vm3

which should result in gnt-node add -s vm3
-- WARNING -- 
Performing this operation is going to replace the ssh daemon keypair
on the target machine ( with the ones of the current one
and grant full intra-cluster ssh root access to/from it

The authenticity of host ' (' can't be established.
ECDSA key fingerprint is 04:31:79:b1:32:3b:6e:60:33:65:67:0f:76:9a:5a:36.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '' (ECDSA) to the list of known hosts.
Restarting OpenBSD Secure Shell server: sshd.
Sat Mar 21 22:25:47 2015  - INFO: Node will be a master candidate
Last modified 2 years ago Last modified on Aug 20, 2017, 2:22:50 PM