| | 1 | = Server Installation |
| | 2 | |
| | 3 | == Initial steps == |
| | 4 | |
| | 5 | * Plug in monitor and keyboard |
| | 6 | * Boot machine while USB stick is inserted (or while a network cable is plugged directly into the PXE boot machine) |
| | 7 | * Enter Bios/Setup. Specify that Bios should output to serial console and make our [wiki:bios_changes standard bios changes] |
| | 8 | * Ensure that server skips errors like no keyboard attached |
| | 9 | * Reboot and select Boot Options and choose to boot to USB stick (or network) |
| | 10 | * Choose Expert install |
| | 11 | * For DNS servers, use: |
| | 12 | {{{ |
| | 13 | Telehouse: 209.51.163.29 209.51.169.83 |
| | 14 | XO: 209.234.253.168 |
| | 15 | }}} |
| | 16 | * When prompted for component to use, include all of them to be safe (but be sure to include the SSH server one) |
| | 17 | * When given the option - choose to continue your installation via ssh - this will give you the ability to easily set and record pass phrases |
| | 18 | == Drive partioning/Disk setup == |
| | 19 | |
| | 20 | Our servers are now coming with four hot swappable disks. |
| | 21 | |
| | 22 | === The big picture is === |
| | 23 | |
| | 24 | * One approximately 512MB partition on all four disks: configured as RAID1, used as boot partition |
| | 25 | * The rest of the space on each disk: configured as RAID10, used as encrypted disk |
| | 26 | * Encrypted disk: used as physical volume for LVM |
| | 27 | * Create on volume group: vg_${server_name}0 |
| | 28 | * Create standard partitions as logical volume |
| | 29 | |
| | 30 | === Details === |
| | 31 | |
| | 32 | Since we are using disks at are 2TB or bigger, we need to ensure that the partitions are created properly. Open a new ssh session and choose to switch to console. |
| | 33 | {{{ |
| | 34 | parted /dev/sda -- mklabel gpt |
| | 35 | parted /dev/sda -- unit s mkpart biosboot 8192 16383 |
| | 36 | parted /dev/sda -- set 1 bios_grub on |
| | 37 | parted /dev/sda -- unit s mkpart boot 16384 1015807 |
| | 38 | parted /dev/sda -- set 2 raid on |
| | 39 | parted /dev/sda -- unit s mkpart pv 1015808 -1 |
| | 40 | parted /dev/sda -- set 3 raid on |
| | 41 | |
| | 42 | parted /dev/sdb -- mklabel gpt |
| | 43 | parted /dev/sdb -- unit s mkpart biosboot 8192 16383 |
| | 44 | parted /dev/sdb -- set 1 bios_grub on |
| | 45 | parted /dev/sdb -- unit s mkpart boot 16384 1015807 |
| | 46 | parted /dev/sdb -- set 2 raid on |
| | 47 | parted /dev/sdb -- unit s mkpart pv 1015808 -1 |
| | 48 | parted /dev/sdb -- set 3 raid on |
| | 49 | }}} |
| | 50 | |
| | 51 | When done, type: |
| | 52 | |
| | 53 | {{{ |
| | 54 | parted /dev/sda -- unit s p |
| | 55 | parted /dev/sdb -- unit s p |
| | 56 | }}} |
| | 57 | |
| | 58 | And you should get: |
| | 59 | |
| | 60 | {{{ |
| | 61 | 0 sittingbull:~# parted /dev/sda unit s p |
| | 62 | Model: ATA Hitachi HUA72303 (scsi) |
| | 63 | Disk /dev/sda: 5860533168s |
| | 64 | Sector size (logical/physical): 512B/512B |
| | 65 | Partition Table: gpt |
| | 66 | |
| | 67 | Number Start End Size File system Name Flags |
| | 68 | 1 8192s 16383s 8192s biosboot bios_grub |
| | 69 | 2 16384s 1015807s 999424s boot raid |
| | 70 | 3 1015808s 5860533134s 5859517327s pv |
| | 71 | |
| | 72 | 0 sittingbull:~# |
| | 73 | }}} |
| | 74 | |
| | 75 | You should be able to return to the graphical installer to do the rest. |
| | 76 | |
| | 77 | For the record - here's how you can do it by hand: |
| | 78 | |
| | 79 | RAID: |
| | 80 | |
| | 81 | {{{ |
| | 82 | mdadm --create --raid-devices=4 --level=1 --metadata=1.0 --verbose /dev/md0 /dev/sda2 /dev/sdb2 /dev/sdc2 /dev/sdd2 |
| | 83 | mdadm --create --raid-devices=4 --level=10 --metadata=1.0 --verbose /dev/md1 /dev/sda3 /dev/sdb3 /dev/sdc3 /dev/sdd3 |
| | 84 | }}} |
| | 85 | |
| | 86 | Now cryptsetup: |
| | 87 | |
| | 88 | {{{ |
| | 89 | anna-install cryptsetup-udeb |
| | 90 | cryptsetup luksFormat /dev/md1 |
| | 91 | cryptsetup luksOpen /dev/md1 md1_crypt |
| | 92 | |
| | 93 | pvcreate /dev/mapper/md1_crypt |
| | 94 | vgcreate vg_nameofserver0 /dev/mapper/md1_crypt |
| | 95 | lvcreate --name swap --size 1GB vg_nameofserver0 |
| | 96 | etc. |
| | 97 | }}} |
| | 98 | |
| | 99 | Choose manual partition in the Debian Installer. Then: |
| | 100 | |
| | 101 | * Choose "Congifure software RAID" (skip step if one disk system) |
| | 102 | * Choose "Create MD Device" |
| | 103 | * Choose RAID1 |
| | 104 | * Number of active devices: 4 |
| | 105 | * Number of spare devices: 0 |
| | 106 | * Now select the second partition on each device. |
| | 107 | * Click Continue. Repeat for third partition on each device but select RAID10 instead of RAID1. |
| | 108 | * When you are done, click Finish. Now you are back at the partition menu. |
| | 109 | * Scroll down to the raid devices (or apply straight to your partitions if it's a one disk system). Modify the 512 MB RAID device: Filesystem: ext3, mount on /boot |
| | 110 | * Encrypt the larger, remaining device. Save passphrase in [wiki:keyringer]. |
| | 111 | * Choose "Congifure LVM" (selecting the device encrypted in the previous step) |
| | 112 | * Create a volume group called `vg_`''nameofserver''`0` |
| | 113 | * Create logical volumes in this volume group based on your needs. Suggestions: 3GB for /, 1GB swap. |
| | 114 | |
| | 115 | == Last steps == |
| | 116 | |
| | 117 | * After returning to the main disk config menu, click on each logical volume that you create and specify how it should be formatted and mounted. |
| | 118 | * Enter root password. Save in [wiki:keyringer]. |
| | 119 | * Do not install the server package or the base package - deselect all of them. |
