Closed Bug 1116887 Opened 9 years ago Closed 6 years ago

Rename and reimage a single seamonkey VM into win2k8 -64 bit

Categories

(Infrastructure & Operations :: Virtualization, task)

x86_64
Windows 8.1
task
Not set
normal

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: Callek, Unassigned)

References

Details

Attachments

(1 file)

So, SeaMonkey needs new win64 machines for our uses.

sea-vm-linux64-1 is what we'll replace first.

The task sequence:

* Install base image
 ** Take snapshot, save snapshot in a knowable (and shareable) location [so other groups can take it, like QA]
* Install MSVC versions in appropriate place
 ** Additional snapshot
* Install puppet pre-req's, without a deploypass
 ** Final snapshot

:markco can help provide the details, and once we know whom from IT can help with their side, we can setup a meeting with mark, myself, and <IT person> to figure out steps to move forward.

We will not need any data from sea-vm-linux64-1, but should retain its IP so we can keep its flows in place.

SeaMonkey systems lack a reachable DHCP server, so must be statically configured for IP/gateway/etc.

Lets name it something like sea-vm-w2k8-N
Per e-mail with mark, here's what he told me so far:


Here is the break down of what MDT does for the 2008 Puppet images:
 
Base Image Installs:
 
VS 2010
VS 2013
Windows 8 SDK pack
Direct X SDK pack
.NET framework 3.5
Windows updates through  6/28/2011 (if you need a list of updates I will generate a report)
 
Deploy image
 
Rename Administrator to root
    requires a custom root.inf file and the following command "secedit /configure /db %temp%\temp.sdb /cfg C:\root.inf"
 
Sets an OS variable that will be picked up by Facter  (by custom fact shared/lib/facter/env.rb)
    "eg add "HKLM\System\CurrentControlSet\Control\Session Manager\Environment" /v os_version /t REG_SZ /d 2008"
 
Puppet install
Kill Puppet service so it only runs on boot
     "net stop puppet"
 
Creates a few Directories
    "mkdir C:\ProgramData\PuppetLabs\puppet\var\lib\puppet"
     "mkdir C:\ProgramData\PuppetLabs\puppet\var\lib\puppet\ssl"
 
Copies WGET to C:\Windows\System32
 
Copies Puppet authentication for Windows script (which uses WGET"
    Example: "cscript.exe C:\ProgramData\Puppetlabs\puppet\var\puppettize_TEMP.vbs""
 
Runs script
 
Runs Puppet for the first time
    Example "puppet agent --test --server=releng-puppet2.srv.releng.scl3.mozilla.com"
 
 
If you would like, pick a secure location and I will drop the root.inf and the puppettize_TEMP.vbs. The puppettize_TEMP.vbs is temporary at some point in the near future the getcert should support Windows.
 
Feel free to ping me on any questions. Though this is for seamonkey I think this a great chance to share what has been done to support Puppet on Windows.
 


==============

For base image.
 
IT can should be able to download VS 2010  and VS 2013 through their MSDN subscription.
 
The SDK packs and .NET are freely available on the Microsoft site.
 
Unfortunately there is no easy answer for the updates.  That is why we use WSUS. IT could connect to wsus01 and pull down the updates since it is in the parent domain of releng.  It would only need some minor registry edits and the correct flows.
 
What process does IT use to create Windows images? Should we meet with whoever in IT is going to be responsible for this?
Depends on: 1118408
Per repeated conversations in the background - VM team is making a VM template with provided win2k8-SP1 ISO.

This has been done, as follows:  
Template name - Win2008SP1-x86_64-seamonkey
VM name: seamonkey-win2k8-template.private.releng.scl3.mozilla.com
CPU : 2
RAM : 4G
Disk: 100G

Per instructions, no updates have been done, and the only change made to date is the installation of VM Tools, needed for things like mouse cursor.  (it's really hard to install windows without a mouse :)  Also, remote desktop has been enabled.  

a snapshot has been taken, so that any problems are able to be reverted.  Please let us know if you need/want the template snapshot updated or reverted.

For stor/virt folks, the snapshot is "Post Creation Snapshot" with notes about date of creation.

Per that backchannel conversation, the password is in the attached gpg encrypted file, encoded to jwood@mozilla.com's public key.  

Please let me know if you have any questions/concerns.
Was passed SW_DVD5_NTRL_Visual_Studio_2010SP1_MultiLang_FPP_VL_MLF_X17-40329.ISO (remember that, there's a quiz later) by :callek.  Moved to esx iso's datastore and mounted to VM.
Notes so far:

* Had to install MSVC 2010 (no service pack) from a file-dump since the SP1 ISO was "upgrade only"
* Installed MSVC 2010 SP1
* Downloaded http://www.microsoft.com/en-us/download/details.aspx?id=25150 per note from Markco
** Hit http://blogs.msdn.com/b/vijaysk/archive/2009/08/16/you-must-use-the-role-management-tool-to-install-or-configure-microsoft-net-framework-3-5.aspx on this host
** Installing (Via "Server Manager"->"Add Features" .NET framework 3.5.1 and "Windows Process Activation Service" [which are existing on b-2008-ix-0010])
* After the 3.5.1 was installed, the 3.5 installer seemed to complete without any errors.
* Installed MSVC 2013 [from ISO] (with all defaults)
* Tried to install the win8 SDK with default options: https://msdn.microsoft.com/en-us/windows/desktop/hh852363.aspx
** This is failing with:

An Error occurred while installing "Application Verifier for Windows" _log_

 [... The error code is 2753. ]

** Inside the log:
Action ended 17:06:17: InstallFiles. Return value 1.
MSI (s) (70:30) [17:06:17:642]: Note: 1: 2753 2: fila2b33566fbf0db8812283e5617d62006 
Action start 17:06:17: AVRFInstall_Installwow64External.
DEBUG: Error 2753:  The File 'fila2b33566fbf0db8812283e5617d62006' is not marked for installation.
MSI (s) (70:30) [17:06:17:657]: Product: Application Verifier x64 External Package -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2753. The arguments are: fila2b33566fbf0db8812283e5617d62006, , 


* In theory of maybe needing updates:

Added reg key: HKLM/SOFTWARE/Policies/Microsoft/Windows/WindowsUpdate
With Key/Values: 
  TargetGroup = "w64"
  TargetGroupEnabled = dword: 0x1
  WUServer = "http://kms1.ad.mozilla.com"
  WUStatusServer = "http://kms1.ad.mozilla.com"

Added reg key: HKLM/SOFTWARE/Policies/Microsoft/Windows/WindowsUpdate/AU
With Key/Values: 
  NoAUShutdownOption = dword: 0x1
  EnableFeaturedSoftware = dword: 0x0
  NoAutoRebootWithLoggedOnUsers = dword: 0x1
  UseWUServer = dword: 0x1
  NoAutoUpdate = dword: 0x1


But the above doesn't actually make WSUS work 9even after doing `wuauclt /detectnow`

Some google skimming seems to suggest that to use WSUS you need to be *in* an AD first. So I might just rollback and do the updates manually.

(I note that WSUS is my least concern atm, since it could be flow-related, and I don't think its worth asking IT to open a flow for it)
In an attempt to see if manually installing updates works/fixes the issue:

Installed DirectX SDK (because on reading more the win8 SDK includes a newer DirectX SDK file set)

Manually downloaded/installed

 KB 2533552 (replaces KB 976902)
 + A bunch of other updates (will list later)

Re-Installed Win8 SDK *without* application Verifier. We might still be fine this way :-)

Thats it until monday...
(6,5 monthes without any news)

https://treestatus.mozilla.org/
{
comm-aurora-seamonkey 	CLOSED 	bug 1114876
comm-beta-seamonkey 	CLOSED 	bug 1114876
comm-central-seamonkey 	CLOSED 	bug 1114876
comm-release-seamonkey 	CLOSED 	bug 1114876
}

Could the current bug be made a high-priority / blocker?
(In reply to Serge Gautherie (:sgautherie) from comment #6)
> (6,5 monthes without any news)
> 
> https://treestatus.mozilla.org/
> {
> comm-aurora-seamonkey 	CLOSED 	bug 1114876
> comm-beta-seamonkey 	CLOSED 	bug 1114876
> comm-central-seamonkey 	CLOSED 	bug 1114876
> comm-release-seamonkey 	CLOSED 	bug 1114876
> }
> 
> Could the current bug be made a high-priority / blocker?

Unfortunately, not really sure that's possible since while it is
a blocker for us, it's not a blocker for the people at Infrastructure.
And since we aren't a priority one project, I think this is as high
as it can get...  (maybe even up to major?.. dunno, will need to
clarify with Callek)
Just want to make a correction in comment #7.  It was based on ignorance and
not on the actual situation.

As such, with this foot-in-my-mouth, I wish to issue an apology to the Infrastructure members for my ignorance.
Hey folks - doing an audit of our templates - noticed that this template : Win2008SP1-x86_64-seamonkey is still powered on and was wondering about the status - is it :

a) still being configured? -- in which case, let me know and I'll go away for a few more months
b) configured and ready to templatize and deploy? -- in which case, let me know what you want deployed and let's make it happen
c) it's been so long, plans change, we don't need *that* we need *this*? -- in which case, let's decom this, and gimme a bug with what you really want.
d) something else that I've failed to imagine?  -- Let me know that too!
(In reply to Chris Knowles [:cknowles] from comment #9)
> Hey folks - doing an audit of our templates - noticed that this template :
> Win2008SP1-x86_64-seamonkey is still powered on and was wondering about the
> status - is it :
> 
> a) still being configured? -- in which case, let me know and I'll go away
> for a few more months
> b) configured and ready to templatize and deploy? -- in which case, let me
> know what you want deployed and let's make it happen
> c) it's been so long, plans change, we don't need *that* we need *this*? --
> in which case, let's decom this, and gimme a bug with what you really want.
> d) something else that I've failed to imagine?  -- Let me know that too!

I believe it's still being configured.  Callek will most likely know
the answer to this.
Flags: needinfo?(bugspam.Callek)
This bug is pretty stalled out.  I'm not going to reso/wontfix here since it's got some useful work on it, is a blocker for other bugs, and I don't want to disrupt that.  But it's truly sitting in the wrong queue since we as the VM folks can't make any headway on it until the image is sculpted into a useful form.

From my read, the current status is comment 4 and comment 5 - the lack of licensing on the template is a suspect in issues installing updates, and this needs time-and-attention.
 
Reassigning to Seamonkey, leaving NI-of-:Callek intact.  The VM folks are CC'ed on this.  When it gets to a state where this template looks correct, we're happy to do VM-ish things as next steps.
Assignee: server-ops-virtualization → nobody
Component: Virtualization → Release Engineering
Product: Infrastructure & Operations → SeaMonkey
QA Contact: cshields
Version: other → unspecified
:ewong, am I right that we can hand this back to VM team to delete in place, since we're working on spinning up new infra?
Flags: needinfo?(bugspam.Callek) → needinfo?(ewong)
(In reply to Justin Wood (:Callek) from comment #12)
> :ewong, am I right that we can hand this back to VM team to delete in place,
> since we're working on spinning up new infra?

Yes, this can be handed back to the VM team.
Flags: needinfo?(ewong)
:gcox, feel free to purge this and any snapshots at your own discretion.

Corey, Greg's ni requests are blocked. Know anyone who wants to make a checkmark on killing a seamonkey infra resource eater?
Flags: needinfo?(cshields)
(In reply to Justin Wood (:Callek) from comment #14)
> :gcox, feel free to purge this and any snapshots at your own discretion.

Thanks, we'll handle it.  Stealing it back to our queue, where it was pre comment 11.

> Corey, Greg's ni requests are blocked.

Man, I should make a FAQ mana page on myself.  "I read every bugmail I get.  I despise needinfo emails that don't tell me anything.  If I'm CC'ed and asked, I answer."
Assignee: nobody → server-ops-virtualization
Component: Release Engineering → Virtualization
Flags: needinfo?(cshields)
Product: SeaMonkey → Infrastructure & Operations
QA Contact: cshields
Version: unspecified → ---
related: upvote for bug 1205656: 'Allow users to provide a message/reason when selecting "Block review/needinfo requests"'
powered off the template, will purge after awhile per the decomm checklist.
VM purged, DNS deleted, removed from tracking sheets, and retired in ServiceNow.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: