Version 29 (modified by 5 years ago) ( diff ) | ,
---|
Server Installation
Initial steps
- Plug in monitor and keyboard
- Enter Bios/Setup. Specify that Bios should output to serial console and make our standard bios changes
- Ensure that server skips errors like no keyboard attached
- Reboot and select Boot Options and choose to boot to network from F12 menu
- Either pxe boot from telehouse or xo.
- Choose Expert install
- For DNS servers, use:
Telehouse: 209.51.163.29 209.51.169.83 XO: 209.234.253.168
- When prompted for component to use, include all of them to be safe (but be sure to include the SSH server one)
- When given the option - choose to continue your installation via ssh - this will give you the ability to easily set and record pass phrases
Drive partioning/Disk setup
Our servers are now coming with four hot swappable disks, 2 SSD and 2 SATA.
The big picture is
- All partitions should be Primary
The SATA disks:
- One tiny partition on both disks uses for bios/grub data
- A second approximately 512MB partition on both disks: configured as RAID1, used as boot partition
- The rest of the space on each SATA disk: configured as RAID1, used as encrypted disk
- Encrypted disk: used as physical volume for LVM
- Create on volume group: vg_${server_name}0
- Create standard partitions as logical volume
The SSDs:
- One partition each, which are joined via RAID 1, used as encrypted disk
- Encrypted disk: used as physical volume for LVM
- Create on volume group: vg_${server_name}1
Details - Install manually via debootstrap
Note: usually the the SSD disks are sda and sdb and the SATA disks are sdc and sdd.
SSDs:
parted /dev/sda -- mklabel gpt parted /dev/sda -- unit s mkpart biosboot 8192 -196608
Repeat for sdb.
SATA disks:
parted /dev/sdc -- mklabel gpt parted /dev/sdc -- unit s mkpart biosboot 8192 16383 parted /dev/sdc -- set 1 bios_grub on parted /dev/sdc -- unit s mkpart boot 16384 1015807 parted /dev/sdc -- set 2 raid on parted /dev/sdc -- unit s mkpart pv 1015808 -196608 parted /dev/sdc -- set 3 raid on
Repeat for sdd.
RAID:
mdadm --create --raid-devices=2 --level=1 --metadata=1.0 --verbose /dev/md0 /dev/sd[cd]2 mdadm --create --raid-devices=2 --level=1 --metadata=1.0 --verbose /dev/md1 /dev/sd[cd]3 mdadm --create --raid-devices=2 --level=1 --metadata=1.0 --verbose /dev/md2 /dev/sd[ab]1
Now cryptsetup:
cryptsetup luksFormat /dev/md1 cryptsetup luksOpen /dev/md1 md1_crypt pvcreate /dev/mapper/md1_crypt vgcreate vg_nameofserver0 /dev/mapper/md1_crypt lvcreate --name swap --size 1GB vg_$(hostname)0 etc.
Then, create fileystems:
- For the boot partition
mkfs -t ext4 /dev/md0
- Repeat for each logical volume
for part in var tmp root; do mkfs -t ext4 /dev/mapper/vg_$(hostname)0-${part}
- Then, mount all partitions in /mnt
mount /dev/mapper/vg_$(hostname)0-root /mnt mkdir /mnt/{boot,var,proc,dev,sys,tmp} mount /dev/md0 /mnt/boot mount /dev/mapper/vg_$(hostname)0-var /mnt/var mount /dev/mapper/vg_$(hostname)0-tmp /mnt/tmp
Note: Don't mount /proc, /sys, and /dev before running debootstrap - you will end up with a broken installation (apt won't be available for one thing).
- Run debootstrap
debootstrap stretch /mnt
- Bind mount kernel directories:
mount -o bind /proc /mnt/proc mount -o bind /sys /mnt/sys mount -o bind /dev /mnt/dev
- chroot
chroot /mnt
- Install a lot of necessary packages for booting:
apt install mdadm lvm2 cryptsetup grub-pc linux-image-amd64 bridge-utils
- Add and populate/modify the following files (use an existing system to compare format etc.)
- /etc/network/interfaces.d/br0
- /etc/fstab
- /etc/crypttab
- /etc/default/grub
- /etc/hosts
- /etc/hostname
- Generate /etc/mdadm/mdadm.conf file. Generate with:
/usr/share/mdadm/mkconf > mdadm.conf
- Set root passwd:
passwd
- Create a DNS host from control panel.
- Ensure latest changes are reflected:
update-grub update-initramfs -u
Note:
See TracWiki
for help on using the wiki.