wiki:install_debian/server

Version 26 (modified by https://id.mayfirst.org/jamie, 2 weeks ago) (diff)

--

Server Installation

Initial steps

  • Plug in monitor and keyboard
  • Enter Bios/Setup. Specify that Bios should output to serial console and make our standard bios changes
  • Ensure that server skips errors like no keyboard attached
  • Reboot and select Boot Options and choose to boot to network from F12 menu
  • Either pxe boot from telehouse or xo.
  • Choose Expert install
  • For DNS servers, use:
    Telehouse: 209.51.163.29 209.51.169.83 
    XO: 209.234.253.168
    
  • When prompted for component to use, include all of them to be safe (but be sure to include the SSH server one)
  • When given the option - choose to continue your installation via ssh - this will give you the ability to easily set and record pass phrases

Drive partioning/Disk setup

Our servers are now coming with four hot swappable disks, 2 SSD and 2 SATA.

The big picture is

  • All partitions should be Primary

The SATA disks:

  • One tiny partition on both disks uses for bios/grub data
  • A second approximately 512MB partition on both disks: configured as RAID1, used as boot partition
  • The rest of the space on each SATA disk: configured as RAID1, used as encrypted disk
  • Encrypted disk: used as physical volume for LVM
  • Create on volume group: vg_${server_name}0
  • Create standard partitions as logical volume

The SSDs:

  • One partition each, which are joined via RAID 1, used as encrypted disk
  • Encrypted disk: used as physical volume for LVM
  • Create on volume group: vg_${server_name}1

Details - Install manually via debootstrap

Note: usually the the SSD disks are sda and sdb and the SATA disks are sdc and sdd.

SSDs:

parted /dev/sda -- mklabel gpt
parted /dev/sda -- unit s mkpart biosboot 8192 -196608

Repeat for sdb.

SATA disks:

parted /dev/sdc -- mklabel gpt
parted /dev/sdc -- unit s mkpart biosboot 8192 16383 
parted /dev/sdc -- set 1 bios_grub on 
parted /dev/sdc -- unit s mkpart boot 16384 1015807
parted /dev/sdc -- set 2 raid on 
parted /dev/sdc -- unit s mkpart pv 1015808 -196608 
parted /dev/sdc -- set 3 raid on 

Repeat for sdd.

RAID:

mdadm --create --raid-devices=2 --level=1 --metadata=1.0 --verbose /dev/md0 /dev/sd[cd]2 
mdadm --create --raid-devices=2 --level=1 --metadata=1.0 --verbose /dev/md1 /dev/sd[cd]3

Now cryptsetup:

cryptsetup luksFormat /dev/md1
cryptsetup luksOpen /dev/md1 md1_crypt

pvcreate /dev/mapper/md1_crypt
vgcreate vg_nameofserver0 /dev/mapper/md1_crypt
lvcreate --name swap --size 1GB vg_$(hostname)0
etc.

Then, create fileystems:

  • For the boot partition
mkfs -t ext4 /dev/md0
  • Repeat for each logical volume
    for part in var tmp root; do
      mkfs -t ext4 /dev/mapper/vg_$(hostname)0-${part}
    
  • Then, mount all partitions in /mnt
    mount /dev/mapper/vg_$(hostname)0-root /mnt
    mkdir /mnt/{boot,var,proc,dev,sys,tmp}
    mount /dev/md0 /mnt/boot
    mount /dev/mapper/vg_$(hostname)0-var /mnt/var
    mount /dev/mapper/vg_$(hostname)0-tmp /mnt/tmp
    

Note: Don't mount /proc, /sys, and /dev before running debootstrap - you will end up with a broken installation (apt won't be available for one thing).

  • Run debootstrap
    debootstrap stretch /mnt
    
  • Bind mount kernel directories:
    mount -o bind /proc /mnt/proc
    mount -o bind /sys /mnt/sys
    mount -o bind /dev /mnt/dev
    
  • chroot
    chroot /mnt
    
  • Install a lot of necessary packages for booting:
    apt install mdadm lvm2 cryptsetup grub-pc linux-image-amd64 bridge-utils
    
  • Add and populate/modify the following files (use an existing system to compare format etc.)
    • /etc/network/interfaces.d/br0
    • /etc/fstab
    • /etc/crypttab
    • /etc/default/grub
    • /etc/hosts
    • /etc/hostname
  • Generate /etc/mdadm/mdadm.conf file. Generate with:
/usr/share/mdadm/mkconf > mdadm.conf
  • Set root passwd:
    passwd
    
  • Create a DNS host from control panel.