Version 15 (modified by 16 years ago) (diff) | ,
---|
Installing Extras
Many of these commands can be automatically run using our automated directives tool. Note: if you are setting up a new standard (previously referred to as shared server), then follow the standard server setup directions, which cover the steps below.
scripts/execute-directive <server-name> ../directives/ssh-root-keys scripts/execute-directive <server-name> ../directives/add-empty-authorized-keys scripts/execute-directive <server-name> ../directives/enable-syn-cookies scripts/execute-directive <server-name> ../directives/aptitude-dist-upgrade scripts/execute-directive <server-name> ../directives/base-required-packages scripts/execute-directive <server-name> ../directives/bash-fix-root scripts/execute-directive <server-name> ../directives/bash-fix-skel scripts/execute-directive <server-name> ../directives/ssh-key-only-login
smartmontools (not for domU's)
- Install smartmontools
aptitude install smartmontools
- Configure smartmontools
- Edit
/etc/default/smartmontools
, uncomment:start_smartd=yes
- Edit
/etc/smart.conf
- Comment out:
# DEVICESCAN -m root -M exec /usr/share/smartmontools/smartd-runner
- Add lines for the given disks. Run lshw to determine if the disks are ata and require the -d. For example:
/dev/sda -a -d ata -s (S/../.././01|L/../../6/02) /dev/sdb -a -d ata -s (S/../.././03|L/../../6/04)
- Comment out:
- Edit
- restart the daemon:
/etc/init.d/smartmontools restart
Serial console login (not for domU's)
If you did not use the serial console installer, then perform the following:
- Edit the /etc/inittab file. Uncomment and modify:
T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100
- Refresh:
$ sudo init q
- Add the following lines after the timeout line in
/boot/grub/menu.1st
serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1 terminal --timeout=10 serial console
- Add the following lines to the Start Default Options. You should already have a line such as:
# kopt=root=/dev/mapper/vg_servername0-root ro
add to it, so that your final line says:# kopt=root=/dev/mapper/vg_servername0-root ro console=ttyS0,115200n8
- Refresh grub's config file:
# update-grub
Encrypted File system
- Install programs:
$ sudo aptitude install dmsetup cryptsetup
- Create an encrypted file system for members:
- Create the encrypted filesystem (be sure to switch to use which ever device you are using):
$ cryptsetup luksFormat /dev/sda5
You will be prompted for a password. Put password in resource db! - Add to crypttab
echo crypt_members /dev/sda5 none luks >> /etc/crypttab
- Start it
/etc/init.d/cryptdisks start
- Create a file system on the partition:
$ mkfs -t ext3 /dev/mapper/crypt_members
- Add to fstab:
echo /dev/mapper/crypt_members /home/members ext3 defaults 0 2 >> /etc/fstab
- Mount
mount /home/members
- Create the encrypted filesystem (be sure to switch to use which ever device you are using):
Add Nagios logging
Optionally, you may want to login to chun.mayfirst.org
and edit the /etc/nagios2/conf.d/servers_mfpl.cfg
file to add this server for monitoring.
Add munin logging
You may also want to install munin-node and then add the server to the munin nodes managed by the Tachanka collective.