= Server Installation == Initial steps == * Plug in monitor and keyboard * Enter Bios/Setup. Specify that Bios should output to serial console and make our [wiki:bios_changes standard bios changes] * Ensure that server skips errors like no keyboard attached * Reboot and select Boot Options and choose to boot to network from F12 menu * Either pxe boot from [wiki:pxe_boot_from_telehouse telehouse] or [wiki:pxe_boot_from_xo xo]. * Choose Expert install * For DNS servers, use: {{{ Telehouse: 209.51.163.29 209.51.169.83 XO: 209.234.253.168 }}} * When prompted for component to use, include all of them to be safe (but be sure to include the SSH server one) * When given the option - choose to continue your installation via ssh - this will give you the ability to easily set and record pass phrases == Drive partioning/Disk setup == Our servers are now coming with four hot swappable disks, 2 SSD and 2 SATA. === The big picture is === * '''All partitions should be Primary''' The SATA disks: * One tiny partition on both disks uses for bios/grub data * A second approximately 512MB partition on both disks: configured as RAID1, used as boot partition * The rest of the space on each SATA disk: configured as RAID1, used as encrypted disk * Encrypted disk: used as physical volume for LVM * Create on volume group: vg_${server_name}0 * Create standard partitions as logical volume The SSDs: * One partition each, which are joined via RAID 1, used as encrypted disk * Encrypted disk: used as physical volume for LVM * Create on volume group: vg_${server_name}1 === Details - Install manually via debootstrap === Note: usually the the SSD disks are sda and sdb and the SATA disks are sdc and sdd. SSDs: {{{ parted /dev/sda -- mklabel gpt parted /dev/sda -- unit s mkpart biosboot 8192 -196608 }}} Repeat for sdb. SATA disks: {{{ parted /dev/sdc -- mklabel gpt parted /dev/sdc -- unit s mkpart biosboot 8192 16383 parted /dev/sdc -- set 1 bios_grub on parted /dev/sdc -- unit s mkpart boot 16384 1015807 parted /dev/sdc -- set 2 raid on parted /dev/sdc -- unit s mkpart pv 1015808 -196608 parted /dev/sdc -- set 3 raid on }}} Repeat for sdd. RAID: {{{ mdadm --create --raid-devices=2 --level=1 --metadata=1.0 --verbose /dev/md0 /dev/sd[cd]2 mdadm --create --raid-devices=2 --level=1 --metadata=1.0 --verbose /dev/md1 /dev/sd[cd]3 mdadm --create --raid-devices=2 --level=1 --metadata=1.0 --verbose /dev/md2 /dev/sd[ab]1 }}} Now cryptsetup: {{{ cryptsetup luksFormat /dev/md1 cryptsetup luksOpen /dev/md1 md1_crypt pvcreate /dev/mapper/md1_crypt vgcreate vg_nameofserver0 /dev/mapper/md1_crypt lvcreate --name swap --size 1GB vg_$(hostname)0 etc. }}} Then, create fileystems: * For the boot partition {{{ mkfs -t ext4 /dev/md0 }}} * Repeat for each logical volume {{{ for part in var tmp root; do mkfs -t ext4 /dev/mapper/vg_$(hostname)0-${part} }}} * Then, mount all partitions in /mnt {{{ mount /dev/mapper/vg_$(hostname)0-root /mnt mkdir /mnt/{boot,var,proc,dev,sys,tmp} mount /dev/md0 /mnt/boot mount /dev/mapper/vg_$(hostname)0-var /mnt/var mount /dev/mapper/vg_$(hostname)0-tmp /mnt/tmp }}} Note: Don't mount /proc, /sys, and /dev before running debootstrap - you will end up with a broken installation (apt won't be available for one thing). * Run debootstrap {{{ debootstrap stretch /mnt }}} * Bind mount kernel directories: {{{ mount -o bind /proc /mnt/proc mount -o bind /sys /mnt/sys mount -o bind /dev /mnt/dev }}} * chroot {{{ chroot /mnt }}} * Install a lot of necessary packages for booting: {{{ apt install mdadm lvm2 cryptsetup grub-pc linux-image-amd64 bridge-utils }}} * Add and populate/modify the following files (use an existing system to compare format etc.) * /etc/network/interfaces.d/br0 * /etc/fstab * /etc/crypttab * /etc/default/grub * /etc/hosts * /etc/hostname * Generate /etc/mdadm/mdadm.conf file. Generate with: {{{ /usr/share/mdadm/mkconf > mdadm.conf }}} * Set root passwd: {{{ passwd }}} * Create a DNS host from control panel. * Ensure latest changes are reflected: {{{ update-grub update-initramfs -u }}}