Version 2 (modified by 17 years ago) ( diff ) | ,
---|
Installing Debian
Assumptions: The server has two identically sized hard drives
Ideally - you should boot using a Debian installer that uses the serial console. If you can't - just install the normal way.
PREPARE YOUR LAPTOP - Screen
- Install screen on your debian laptop:
$ sudo apt-get install screen
- Connect your serial cable (or USB - serial cable) from your laptop to the
server.
You may want to check dmesg after plugging in the cable to see which device
is being used. You should have a line along the lines of:
usb 3-1: PL-2303 converter now attached to ttyUSB0
- Start screen with:
mkdir screen-log cd screen-log screen -L /dev/ttyUSB0 115200
Install Linux
- Put in Daniel's Serial Console debian installer and boot (note - if you don't have a serial installer, use a normal installer and a keyboard and monitor attached to the server).
- At the boot prompt hit enter to install the 2.6 kernel
INITIAL INSTALL
- [Skipping easy steps]
- Manually partition the drive
- There should be two drives. Remove any existing partitions.
- Add one partition on each disk that is:
# bootable # 250 MB # Physical volume for RAID array
- Add a second parition on each disk that is:
# Takes up remaining space # Physical volume for RAID array
- Choose "Congifure software RAID"
- Choose "Create MD Device"
- Choose RAID1
- Number of active devices: 2
- Number of spare devices: 0
- Now select the first partition on each device.
- Click Continue. Repeat for second partition on each device.
- When you are done, click Finish. Now you are back at the partition menu.
- Scroll down to the raid devices. Modify as follows:
250 MB RAID device: Filesystem: ext3, mount on /boot Remaining: Physical Volume for LVM
- Choose "Congifure LVM"
- Create a volume group called vg_nameofserver0
- Create a logical volumes in this volume group
dom0: 1 GB dom0-swap: 512MB
- After returning to the main disk config menu, click on the LVM #1 and configure it to use ext3 and /.
- Click on the #2 lvm disk and configure it as swap
AFTER REBOOT
- Set Hardware clock to GMT (even if it isn't)
- Insert root password into pass db
- Create new user: mayfirst
- Do not select any of the pre-set application packages. Just tab to OK.
- For mail congiration - choose No configuration (we will be installing
postfix later)
- Root and postmaster recipient: root@…
POST INSTALL
- Setup xen
- Install with:
apt-get install xen-hypervisor-3.0.3-1-i386 xen-linux-system-2.6.18-4-xen-686 libc6-xen
- Edit /boot/grub/menu.1st
## Xen hypervisor options to use with the default Xen boot option # xenhopt=dom0_mem=131072
- run update-grub and reboot
- Install bridge-utils and xen-tools
aptitude install bridge-utils xen-tools /etc/init.d/xend restart
- Edit /etc/xen-tools/xen-tools.conf.
Apply the following diffs:
0 gramsci:/etc/xen-tools# diff -u xen-tools.conf.orig xen-tools.conf --- xen-tools.conf.orig 2007-05-27 19:59:38.000000000 -0400 +++ xen-tools.conf 2007-05-27 20:01:15.000000000 -0400 @@ -35,6 +35,7 @@ # ## # lvm = skx-vg +lvm = vg_gramsci0 # @@ -61,7 +62,7 @@ ## # # copy = /path/to/pristine/image -# debootstrap = 1 +debootstrap = 1 # rpmstrap = 1 # tar = /path/to/img.tar # @@ -95,7 +96,7 @@ swap = 128Mb # Swap size # noswap = 1 # Don't use swap at all for the new system. fs = ext3 # use the EXT3 filesystem for the disk image. -dist = sarge # Default distribution to install. +dist = etch # Default distribution to install. image = sparse # Specify sparse vs. full disk images. # @@ -154,8 +155,8 @@ # # Default kernel and ramdisk to use for the virtual servers # -kernel = /boot/vmlinuz-2.6.16-2-xen-686 -initrd = /boot/initrd.img-2.6.16-2-xen-686 +kernel = /boot/vmlinuz-2.6.18-4-xen-686 +initrd = /boot/initrd.img-2.6.18-4-xen-686 # # The architecture to use when using debootstrap or rpmstrap. 1 gramsci:/etc/xen-tools#
- Create new xen instances with:
xen-create-image --size=5Gb --swap=512Mb --gateway=209.51.180.17 --netmask=255.2 55.255.240 --ip=209.51.180.24 --hostname=mendes
Change settings as needed.
- Edit /etc/group and change the group id of mayfirst to 1500 (so it will be
consistent with red)
- Login as root and install the following packages:
# apt-get install --purge ssh ntpdate ntp-server sudo vim less rsync postfix
- Add the group wheel.
# addgroup wheel
- Add mayfirst to wheel:
# addgroup mayfirst wheel
- Configure sudo:
# visudo
Add a line at the bottom that says:
%wheel ALL=(ALL) ALL
- Upload the mayfirst public keys to:
.ssh/authorized_keys
- Configure ssh to only accept connections with auth keys (unless this is a server that should be accessible by members)
Edit /etc/ssh/sshd_config
Uncomment the last line that says:
#UsePAM yes
Uncomment and change the ChallengeResponseAuthentication line to match the following:
ChallengeResponseAuthentication no
Reload ssh:
# /etc/init.d/ssh reload
SERIAL CONSOLE LOGIN
If you did not use the serial console installer, then perform the following:
- Edit the /etc/inittab file.
Uncomment the line that reads:
T0:23:respawn:/sbin/getty -L ttyS0 9600 vt100
and change 9600 to 115200 so it reads:
T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100
- Refresh:
$ sudo init q
- Add the following lines after the timeout line in /boot/grub/menu.1st
serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1 terminal --timeout=10 serial console
- Add the following lies to the Start Default Options
You should already have a line such as:
# kopt=root=/dev/md0 ro
add to it, so that your final line says:
# kopt=root=/dev/md0 ro console=ttyS0,115200n8
Refresh grub:
$ sudo update-grub
Misc
- Uninstall unecesary packages:
$ sudo apt-get remove --purge portmap lpr nfs-common ppp
- Make sure no uneeded services are running. Look through /etc/rc2.d. Move
from S to K any services that are not needed (e.g. rsync and inetd).
ENCRYPTED FILE SYSTEM
- Install programs:
$ sudo apt-get install dmsetup cryptsetup
- Create an encrypted file system for members:
- Now, unmount the partition (make sure there is no data on it that you care about).
$ sudo umount /home/members
- Create the encrypted filesystem:
$ cryptsetup luksFormat /dev/mapper/vg_NAMEOFSERVER0-members
You will be prompted for a password. Put password in resource db!
- Add to crypttab
echo crypt_members /dev/mapper/vg_NAMEOFSERVER0-members none luks >> /etc/crypttab
- Start it
/etc/init.d/cryptdisks start
- Create a file system on the partition:
$ mkfs -t ext3 /dev/mapper/crypt_members
- Remove cryptdisks from the rc2.d directory - we do not want this to start automatically on boot! Instead we want to start it manually so the boot process doesn't hang waiting for a password.