Version 13 (modified by Jamie McClelland, 13 years ago) (diff)


Installing Extras

Many of these commands can be automatically run using our automated directives tool.

scripts/execute-directive root@server ssh-root-keys
scripts/execute-directive root@server add-empty-authorized-keys
scripts/execute-directive root@server enable-syn-cookies
scripts/execute-directive root@server aptitude-dist-upgrade
scripts/execute-directive root@server base-required-packages
scripts/execute-directive root@server bash-fix-root
scripts/execute-directive root@server bash-fix-skel
scripts/execute-directive root@server ssh-key-only-login

smartmontools (not for domU's)

  • Install smartmontools
    aptitude install smartmontools 
  • Configure smartmontools
    • Edit /etc/default/smartmontools, uncomment:
    • Edit /etc/smart.conf
      • Comment out:
        # DEVICESCAN -m root -M exec /usr/share/smartmontools/smartd-runner 
      • Add lines for the given disks. Run lshw to determine if the disks are ata and require the -d. For example:
        /dev/sda -a -d ata -s (S/../.././01|L/../../6/02) 
        /dev/sdb -a -d ata -s (S/../.././03|L/../../6/04) 
  • restart the daemon:
    /etc/init.d/smartmontools restart

Serial console login (not for domU's)

If you did not use the serial console installer, then perform the following:

  • Edit the /etc/inittab file. Uncomment and modify:
    T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100
  • Refresh:
    $ sudo init q
  • Add the following lines after the timeout line in /boot/grub/menu.1st
    serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1
    terminal --timeout=10 serial console
  • Add the following lines to the Start Default Options. You should already have a line such as:
    # kopt=root=/dev/mapper/vg_servername0-root ro
    add to it, so that your final line says:
    # kopt=root=/dev/mapper/vg_servername0-root ro console=ttyS0,115200n8
  • Refresh grub's config file:
    # update-grub

Encrypted File system

  • Install programs:
    $ sudo aptitude install dmsetup cryptsetup
  • Create an encrypted file system for members:
    • Create the encrypted filesystem (be sure to switch to use which ever device you are using):
      $ cryptsetup luksFormat /dev/sda5
      You will be prompted for a password. Put password in resource db!
    • Add to crypttab
      echo crypt_members /dev/sda5 none luks >> /etc/crypttab
    • Start it
      /etc/init.d/cryptdisks start
    • Create a file system on the partition:
      $ mkfs -t ext3 /dev/mapper/crypt_members
    • Add to fstab:
      echo /dev/mapper/crypt_members /home/members ext3 defaults 0 2 >> /etc/fstab
    • Mount
      mount /home/members

Add Nagios logging

Optionally, you may want to login to and edit the /etc/nagios2/conf.d/servers_mfpl.cfg file to add this server for monitoring.

Add munin logging

You may also want to install munin-node and then add the server to the munin nodes managed by the Tachanka collective.