[[PageOutline]] = Installing Debian = === Install Strategy === ==== USB Stick ==== Come with a bootable USB stick with Debian Squeeze installed (as of 2010-05-25, all physical servers are being installed with squeeze and will be creating KVM virtual servers). To create a USB installer for Debian Squeeze... * Download [http://ftp.nl.debian.org/debian/dists/testing/main/installer-amd64/current/images/hd-media/boot.img.gz boot.img.gz]. * Plug in USB stick (don't mount) - run dmesg | tail to figure out which device (e.g. sdb) * zcat boot.img.gz > /dev/DEVICE * mount /dev/DEVICE /mnt/ * Download [http://www.debian.org/devel/debian-installer/ netinst ISO] * Copy ISO image to /mnt/ * Download BNX drivers (optional): aptitude download firmware-bnx2x; aptitude download firmware-bnx2 * Copy the debs to /mnt/ * umount /mnt * Done! ==== PXE Boot ==== Or, you can install using our [wiki:pxeboot_from_naomi naomi pxe install] or [wiki:pxeboot_from_telehouse telehouse pxe install]. === Initial steps === * Plug in monitor and keyboard * Boot machine while USB stick is inserted (or while a network cable is plugged directly into the PXE boot machine) * Enter Bios/Setup. Specify that Bios should output to serial console and make our [wiki:bios_changes standard bios changes] * Ensure that server skips errors like no keyboard attached * Reboot and select Boot Options and choose to boot to USB stick (or network) * Choose Expert install * For DNS servers, use: {{{ Telehouse: 209.51.163.29 209.51.169.83 XO: 209.234.253.168 }}} * When prompted for component to use, include all of them to be safe (but be sure to include the SSH server one) * When given the option - choose to continue your installation via ssh - this will give you the ability to easily set and record pass phrases === Drive partioning/Disk setup === Our servers are now coming with four hot swappable disks. ==== The big picture is ==== * One approximately 512MB partition on all four disks: configured as RAID1, used as boot partition * The rest of the space on each disk: configured as RAID10, used as encrypted disk * Encrypted disk: used as physical volume for LVM * Create on volume group: vg_${server_name}0 * Create standard partitions as logical volume ==== Details ==== Since we are using disks at are 2TB or bigger, we need to ensure that the partitions are created properly. Open a new ssh session and choose to switch to console. {{{ parted /dev/sda -- mklabel gpt parted /dev/sda -- unit s mkpart biosboot 8192 16383 parted /dev/sda -- set 1 bios_grub on parted /dev/sda -- unit s mkpart boot 16384 1015807 parted /dev/sda -- set 2 raid on parted /dev/sda -- unit s mkpart pv 1015808 -1 parted /dev/sda -- set 3 raid on parted /dev/sdb -- mklabel gpt parted /dev/sdb -- unit s mkpart biosboot 8192 16383 parted /dev/sdb -- set 1 bios_grub on parted /dev/sdb -- unit s mkpart boot 16384 1015807 parted /dev/sdb -- set 2 raid on parted /dev/sdb -- unit s mkpart pv 1015808 -1 parted /dev/sdb -- set 3 raid on }}} When done, type: {{{ parted /dev/sda -- unit s p parted /dev/sdb -- unit s p }}} And you should get: {{{ 0 sittingbull:~# parted /dev/sda unit s p Model: ATA Hitachi HUA72303 (scsi) Disk /dev/sda: 5860533168s Sector size (logical/physical): 512B/512B Partition Table: gpt Number Start End Size File system Name Flags 1 8192s 16383s 8192s biosboot bios_grub 2 16384s 1015807s 999424s boot raid 3 1015808s 5860533134s 5859517327s pv 0 sittingbull:~# }}} You should be able to return to the graphical installer to do the rest. For the record - here's how you can do it by hand: RAID: {{{ mdadm --create --raid-devices=2 --level=1 --metadata=1.0 --verbose /dev/md0 /dev/sda2 /dev/sdb2 /dev/sdc2 /dev/sdd2 mdadm --create --raid-devices=4 --level=10 --metadata=1.0 --verbose /dev/md1 /dev/sda3 /dev/sdb3 /dev/sdc3 /dev/sdd3 }}} Now cryptsetup: {{{ anna-install cryptsetup-udeb cryptsetup luksFormat /dev/md1 cryptsetup luksOpen /dev/md1 md1_crypt pvcreate /dev/mapper/md1_crypt vgcreate vg_nameofserver0 /dev/mapper/md1_crypt lvcreate --name swap --size 1GB vg_nameofserver0 etc. }}} Choose manual partition in the Debian Installer. Then: * Choose "Congifure software RAID" (skip step if one disk system) * Choose "Create MD Device" * Choose RAID1 * Number of active devices: 4 * Number of spare devices: 0 * Now select the second partition on each device. * Click Continue. Repeat for third partition on each device but select RAID10 instead of RAID1. * When you are done, click Finish. Now you are back at the partition menu. * Scroll down to the raid devices (or apply straight to your partitions if it's a one disk system). Modify the 512 MB RAID device: Filesystem: ext3, mount on /boot * Encrypt the larger, remaining device. Save passphrase in [wiki:keyringer]. * Choose "Congifure LVM" (selecting the device encrypted in the previous step) * Create a volume group called `vg_`''nameofserver''`0` * Create logical volumes in this volume group based on your needs. Suggestions: 3GB for /, 1GB swap. === Last steps === * After returning to the main disk config menu, click on each logical volume that you create and specify how it should be formatted and mounted. * Enter root password. Save in [wiki:keyringer]. * Do not install the server package or the base package - deselect all of them.