Context Navigation

Changes between Version 12 and Version 13 of install_debian

Timestamp:: Oct 3, 2007, 2:50:50 PM (18 years ago)
Author:: Jamie McClelland
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

install_debian

-              v12
+              v13
 {{{
+# bootable
+# 250 MB
+# Physical volume for RAID array
+MB
+Physical volume for RAID array (or ext3 if one disk system)
 }}}
 …
 {{{
 # Takes up remaining space
+# Physical volume for RAID array
 }}}
  * Choose "Congifure software RAID"
  * Choose "Create MD Device"
  * Choose RAID1
  * Number of active devices: 2
  * Number of spare devices: 0
  * Now select the first partition on each device.
  * Click Continue. Repeat for second partition on each device.
  * When you are done, click Finish. Now you are back at the partition menu.
  * Scroll down to the raid devices. Modify as follows:
+Takes up remaining space
+Physical volume for RAID array (or Physical volume for LVM if one disk system)
+}}}
+ * Choose "Congifure software RAID" (skip step if one disk system)
+  * Choose "Create MD Device"
+  * Choose RAID1
+  * Number of active devices: 2
+  * Number of spare devices: 0
+  * Now select the first partition on each device.
+  * Click Continue. Repeat for second partition on each device.
+  * When you are done, click Finish. Now you are back at the partition menu.
+ * Scroll down to the raid devices (or apply straight to your partitions if it's a one disk system). Modify as follows:
 {{{
 …
  * Create a volume group called vg_nameofserver0
+ * Create a logical volumes in this volume group
+{{{
+dom0: 1 GB
+dom0-swap: 512MB
+}}}
+ * After returning to the main disk config menu, click on the LVM #1 and configure it to use ext3 and /.
+ * Click on the !#2 lvm disk and configure it as swap
+==== Afer reboot ====
+ * Set Hardware clock to GMT (even if it isn't)
+ * Insert root password into pass db
+ * Create new user: mayfirst
+ * Do not select any of the pre-set application packages. Just tab to OK.
+ * For mail congiration - choose No configuration (we will be installing postfix later)
+ * Root and postmaster recipient: root@mayfirst.org
+ * Create logical volumes in this volume group based on your needs. A dom0 will only need a 1GB root partition. A "normal" server might need a 1 GB root, 3GB /usr, 5 GB /var and 512 MB swap.
+ * After returning to the main disk config menu, click on each logical volume that you create and specify how it should be formatted and mounted.
+ * Enter root password in resource db or give to Jamie!
+ * Create a second user for yourself.
+ * Do not install the server package or the base package - deselect all of them.
 === Post Install ===
 …
 }}}
+==== Setup xen ====
+ * Install with:
+{{{
+apt-get install xen-hypervisor-3.0.3-1-i386 xen-linux-system-2.6.18-4-xen-686 libc6-xen
+}}}
+ * Edit /boot/grub/menu.1st
+{{{
+## Xen hypervisor options to use with the default Xen boot option
+# xenhopt=dom0_mem=131072
+}}}
+ * run update-grub and reboot
+ * Install bridge-utils and xen-tools
+{{{
+aptitude install bridge-utils xen-tools
+/etc/init.d/xend restart
+}}}
+ * Edit /etc/xen-tools/xen-tools.conf. Apply the following diffs:
+{{{
+gramsci:/etc/xen-tools# diff -u xen-tools.conf.orig xen-tools.conf
+--- xen-tools.conf.orig 2007-05-27 19:59:38.000000000 -0400
++++ xen-tools.conf      2007-05-27 20:01:15.000000000 -0400
+@@ -35,6 +35,7 @@
+==== Misc ====
+ * Login as root and install the following packages:
+{{{
+# aptitude install ssh ntpdate ntp-server less emacs21-nox cron-apt iproute
+}}}
+ * Upload the [wiki:mfpl_admin_public_ssh_keys mayfirst public keys] to:
+{{{
+/root/.ssh/authorized_keys
+}}}
+ * Configure ssh to only accept connections with auth keys (unless this is a server that should be accessible by members). Edit /etc/ssh/sshd_config and uncomment/change this line:
+{{{
+PasswordAuthentication no
+}}}
+ * Reload ssh:
+{{{
+# /etc/init.d/ssh reload
+}}}
+=== Fix Bash ===
+ * Overwrite /root/.bashrc with:
+{{{
+# ~/.bashrc: executed by bash(1) for non-login shells.
+export PS1='$? \h:\w\$ '
+umask 022
+# You may uncomment the following lines if you want `ls' to be colorized:
+# export LS_OPTIONS='--color=auto'
+# eval "`dircolors`"
+# alias ls='ls $LS_OPTIONS'
+# alias ll='ls $LS_OPTIONS -l'
+# alias l='ls $LS_OPTIONS -lA'
+#
+##
+# lvm = skx-vg
++lvm = vg_gramsci0
+#
+@@ -61,7 +62,7 @@
+##
+#
+# copy = /path/to/pristine/image
+-# debootstrap = 1
++debootstrap = 1
+# rpmstrap = 1
+# tar = /path/to/img.tar
+#
+@@ -95,7 +96,7 @@
+swap   = 128Mb    # Swap size
+# noswap = 1      # Don't use swap at all for the new system.
+fs     = ext3     # use the EXT3 filesystem for the disk image.
+-dist   = sarge    # Default distribution to install.
++dist   = etch     # Default distribution to install.
+image  = sparse   # Specify sparse vs. full disk images.
+#
+@@ -154,8 +155,8 @@
+#
+# Default kernel and ramdisk to use for the virtual servers
+#
+-kernel = /boot/vmlinuz-2.6.16-2-xen-686
+-initrd = /boot/initrd.img-2.6.16-2-xen-686
++kernel = /boot/vmlinuz-2.6.18-4-xen-686
++initrd = /boot/initrd.img-2.6.18-4-xen-686
+#
+#  The architecture to use when using debootstrap or rpmstrap.
+gramsci:/etc/xen-tools#
+}}}
+ * Create new xen instances with:
+{{{
+xen-create-image --size=5Gb --swap=512Mb --gateway=209.51.180.17 --netmask=255.2
+.255.240 --ip=209.51.180.24 --hostname=mendes
+}}}
+ Change settings as needed.
+==== Misc ====
+ * Edit /etc/group and change the group id of mayfirst to 1500 (so it will be consistent with red)
+ * Login as root and install the following packages:
+{{{
+# apt-get install --purge ssh ntpdate ntp-server sudo vim less rsync postfix
+}}}
+ * Add the group wheel.
+{{{
+# addgroup wheel
+}}}
+ * Add mayfirst to wheel:
+{{{
+# addgroup mayfirst wheel
+}}}
+ * Configure sudo:
+{{{
+# visudo
+}}}
+ * Add a line at the bottom that says:
+{{{
+%wheel  ALL=(ALL) ALL
+}}}
+ * Upload the mayfirst public keys to:
+{{{
+.ssh/authorized_keys
+}}}
+ * Configure ssh to only accept connections with auth keys (unless this is a server that should be accessible by members). Edit /etc/ssh/sshd_config.
+ * Uncomment and change the !ChallengeResponseAuthentication line and the !PasswordAuthentication line to match the following:
+{{{
+ChallengeResponseAuthentication no
+PasswordAuthentication no
+}}}
+ * Reload ssh:
+{{{
+# /etc/init.d/ssh reload
+}}}
+ * Uninstall unecesary packages:
+{{{
+$ sudo apt-get remove --purge portmap lpr nfs-common ppp
+}}}
+ * Make sure no uneeded services are running. Look through /etc/rc2.d. Move from S to K any services that are not needed (e.g. rsync and inetd).
+# Some more alias to avoid making mistakes:
+alias rm='rm -i'
+alias cp='cp -i'
+alias mv='mv -i
+}}}
+ * Modify the following lines in /etc/skel/.bashrc
+{{{
+PS1='$? ${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+    ;;
+*)
+PS1='$? ${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
+}}}
+ * Add a .ssh directory and empty authorized_keys file in /etc/skel:
+{{{
+mkdir /etc/skel/.ssh
+touch /etc/skel/.ssh/authorized_keys
+}}}
 ==== Serial console login ====
 …
 If you did not use the serial console installer, then perform the following:
+ * Edit the /etc/inittab file. Uncomment the line that reads:
+{{{
+T0:23:respawn:/sbin/getty -L ttyS0 9600 vt100
+}}}
+ and change 9600 to 115200 so it reads:
+ * Edit the /etc/inittab file. Uncomment and modify:
 {{{
 …
 }}}
-==== Encrypted File system ====
- * Install programs:
-{{{
-$ sudo apt-get install dmsetup cryptsetup
-}}}
- * Create an encrypted file system for members:
- * Now, unmount the partition (make sure there is no data on it that you care about).
-{{{
-$ sudo umount /home/members
-}}}
- * Create the encrypted filesystem:
-{{{
-$ cryptsetup luksFormat /dev/mapper/vg_NAMEOFSERVER0-members
-}}}
-You will be prompted for a password. Put password in resource db!
- * Add to crypttab
-{{{
-echo crypt_members /dev/mapper/vg_NAMEOFSERVER0-members none luks >> /etc/crypttab
-}}}
- * Start it
-{{{
-/etc/init.d/cryptdisks start
-}}}
- * Create a file system on the partition:
-{{{
-$ mkfs -t ext3 /dev/mapper/crypt_members
-}}}
- * Remove cryptdisks from the rc2.d directory - we do not want this to start automatically on boot! Instead we want to start it manually so the boot process doesn't hang waiting for a password.