== Installing Debian ==

Assumptions: The server has two identically sized hard drives

Ideally - you should boot using a Debian installer that uses the serial console. If you can't - just install the normal way.

=== Prepare your laptop - Screen ===

 * Install screen on your debian laptop:

{{{
sudo apt-get install screen
}}}

 * Connect your serial cable (or USB - serial cable) from your laptop to the server. You may want to check dmesg after plugging in the cable to see which device is being used. You should have a line along the lines of: usb 3-1: PL-2303 converter now attached to ttyUSB0

 * Start screen with:
{{{
mkdir screen-log
cd screen-log
screen -L /dev/ttyUSB0 115200
}}}

=== Install Linux ===

==== Initial steps ====

 * Put in Daniel's Serial Console debian installer and boot (note - if you don't have a serial installer, use a normal installer and a keyboard and monitor attached to the server).

 * At the boot prompt hit enter to install the 2.6 kernel

 * [Skipping easy steps]

 * Manually partition the drive

 * There should be two drives. Remove any existing partitions.

 * Add one partition on each disk that is:
{{{
# bootable
# 250 MB
# Physical volume for RAID array
}}}

 * Add a second parition on each disk that is:
{{{
# Takes up remaining space
# Physical volume for RAID array
}}}

 * Choose "Congifure software RAID"

 * Choose "Create MD Device"

 * Choose RAID1

 * Number of active devices: 2

 * Number of spare devices: 0

 * Now select the first partition on each device.

 * Click Continue. Repeat for second partition on each device.

 * When you are done, click Finish. Now you are back at the partition menu.

 * Scroll down to the raid devices. Modify as follows:

{{{
250 MB RAID device: Filesystem: ext3, mount on /boot
Remaining: Physical Volume for LVM
}}}

 * Choose "Congifure LVM"

 * Create a volume group called vg_nameofserver0

 * Create a logical volumes in this volume group

{{{
dom0: 1 GB
dom0-swap: 512MB
}}}
 * After returning to the main disk config menu, click on the LVM #1 and configure it to use ext3 and /.

 * Click on the !#2 lvm disk and configure it as swap

==== Afer reboot ====

 * Set Hardware clock to GMT (even if it isn't)

 * Insert root password into pass db

 * Create new user: mayfirst

 * Do not select any of the pre-set application packages. Just tab to OK.

 * For mail congiration - choose No configuration (we will be installing postfix later)

 * Root and postmaster recipient: root@mayfirst.org

=== Post Install ===

==== Syn Cookies ===

 * Enable syncookies:

{{{
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
}}}

 * Preserve syncookies on reboot:
{{{
echo 'net.ipv4.tcp_syncookies=1' >> /etc/sysctl.conf
}}}

==== Setup xen ====

 * Install with:

{{{
apt-get install xen-hypervisor-3.0.3-1-i386 xen-linux-system-2.6.18-4-xen-686 libc6-xen
}}}

 * Edit /boot/grub/menu.1st

{{{
## Xen hypervisor options to use with the default Xen boot option
# xenhopt=dom0_mem=131072
}}}

 * run update-grub and reboot

 * Install bridge-utils and xen-tools
{{{
aptitude install bridge-utils xen-tools
/etc/init.d/xend restart
}}}

 * Edit /etc/xen-tools/xen-tools.conf. Apply the following diffs:
{{{
0 gramsci:/etc/xen-tools# diff -u xen-tools.conf.orig xen-tools.conf
--- xen-tools.conf.orig 2007-05-27 19:59:38.000000000 -0400
+++ xen-tools.conf      2007-05-27 20:01:15.000000000 -0400
@@ -35,6 +35,7 @@
#
##
# lvm = skx-vg
+lvm = vg_gramsci0


#
@@ -61,7 +62,7 @@
##
#
# copy = /path/to/pristine/image
-# debootstrap = 1
+debootstrap = 1
# rpmstrap = 1
# tar = /path/to/img.tar
#
@@ -95,7 +96,7 @@
swap   = 128Mb    # Swap size
# noswap = 1      # Don't use swap at all for the new system.
fs     = ext3     # use the EXT3 filesystem for the disk image.
-dist   = sarge    # Default distribution to install.
+dist   = etch     # Default distribution to install.
image  = sparse   # Specify sparse vs. full disk images.

#
@@ -154,8 +155,8 @@
#
# Default kernel and ramdisk to use for the virtual servers
#
-kernel = /boot/vmlinuz-2.6.16-2-xen-686
-initrd = /boot/initrd.img-2.6.16-2-xen-686
+kernel = /boot/vmlinuz-2.6.18-4-xen-686
+initrd = /boot/initrd.img-2.6.18-4-xen-686

#
#  The architecture to use when using debootstrap or rpmstrap.
1 gramsci:/etc/xen-tools#
}}}

 * Create new xen instances with:

{{{
xen-create-image --size=5Gb --swap=512Mb --gateway=209.51.180.17 --netmask=255.2
55.255.240 --ip=209.51.180.24 --hostname=mendes
}}}

 Change settings as needed.

==== Misc ====

 * Edit /etc/group and change the group id of mayfirst to 1500 (so it will be consistent with red)

 * Login as root and install the following packages:

{{{
# apt-get install --purge ssh ntpdate ntp-server sudo vim less rsync postfix
}}}

 * Add the group wheel.

{{{
# addgroup wheel
}}}

 * Add mayfirst to wheel:

{{{
# addgroup mayfirst wheel
}}}

 * Configure sudo:
{{{
# visudo
}}}

Add a line at the bottom that says:
{{{
%wheel	ALL=(ALL) ALL
}}}
 * Upload the mayfirst public keys to:

{{{
 .ssh/authorized_keys
}}}

 * Configure ssh to only accept connections with auth keys (unless this is a server that should be accessible by members). Edit /etc/ssh/sshd_config. 

 * Uncomment and change the !ChallengeResponseAuthentication line to match the following:

{{{
ChallengeResponseAuthentication no
}}}

 * Reload ssh:

{{{
# /etc/init.d/ssh reload
}}}

 * Uninstall unecesary packages:

{{{
$ sudo apt-get remove --purge portmap lpr nfs-common ppp
}}}

 * Make sure no uneeded services are running. Look through /etc/rc2.d. Move from S to K any services that are not needed (e.g. rsync and inetd).

==== Serial console login ====

If you did not use the serial console installer, then perform the following:

 * Edit the /etc/inittab file. Uncomment the line that reads:

{{{
T0:23:respawn:/sbin/getty -L ttyS0 9600 vt100
}}}

 and change 9600 to 115200 so it reads:

{{{
T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100
}}}

 * Refresh:

{{{
$ sudo init q
}}}

 * Add the following lines after the timeout line in /boot/grub/menu.1st

{{{
serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1
terminal --timeout=10 serial console
}}}

 * Add the following lies to the Start Default Options
You should already have a line such as:

{{{
# kopt=root=/dev/md0 ro
}}}

 add to it, so that your final line says:

{{{
# kopt=root=/dev/md0 ro console=ttyS0,115200n8
}}}

 Refresh grub:

{{{
$ sudo update-grub
}}}

==== Encrypted File system ====

 * Install programs:

{{{
$ sudo apt-get install dmsetup cryptsetup
}}}

 * Create an encrypted file system for members:

 * Now, unmount the partition (make sure there is no data on it that you care about).

{{{
$ sudo umount /home/members
}}}

 * Create the encrypted filesystem:

{{{
$ cryptsetup luksFormat /dev/mapper/vg_NAMEOFSERVER0-members
}}}

You will be prompted for a password. Put password in resource db!

 * Add to crypttab

{{{
echo crypt_members /dev/mapper/vg_NAMEOFSERVER0-members none luks >> /etc/crypttab
}}}

 * Start it

{{{
/etc/init.d/cryptdisks start
}}}

 * Create a file system on the partition:

{{{
$ mkfs -t ext3 /dev/mapper/crypt_members
}}}

 * Remove cryptdisks from the rc2.d directory - we do not want this to start automatically on boot! Instead we want to start it manually so the boot process doesn't hang waiting for a password.