wiki:marcos.mayfirst.org

marcos.mayfirst.org

marcos.mayfirst.org is a simple xen domU hosting a dedicated resolving DNS cache for MF/PL. It was created in response to #765.

It is hosted on fred.mayfirst.org.

Creation

The guiding principle behind this machine is that it should do only one thing, and be stripped of as many superfluous services as possible.

I opted to go with debian lenny, since the new djbdns packages are now available.

0 fred:~# lvcreate --name marcos-disk --size 500M vg_fred0
  Logical volume "marcos-disk" created
0 fred:~# mkfs -t ext3 /dev/mapper/vg_fred0-marcos--disk 
mke2fs 1.40-WIP (14-Nov-2006)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
128016 inodes, 512000 blocks
25600 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=67633152
63 block groups
8192 blocks per group, 8192 fragments per group
2032 inodes per group
Superblock backups stored on blocks: 
	8193, 24577, 40961, 57345, 73729, 204801, 221185, 401409

Writing inode tables: done                            
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 21 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.
0 fred:~# mount /dev/mapper/vg_fred0-marcos--disk /mnt/
0 fred:~# debootstrap lenny /mnt/
I: Retrieving Release
I: Retrieving Packages
I: Validating Packages
I: Resolving dependencies of required packages...
I: Resolving dependencies of base packages...
I: Found additional base dependencies: libldap-2.4-2 
I: Checking component main on http://ftp.debian.org/debian...
I: Retrieving adduser
 ...[skip boring debootstrap output]...
I: Configuring klogd...
I: Configuring tasksel...
I: Base system installed successfully.
0 fred:~# echo proc /proc proc defaults 0 0 > /mnt/etc/fstab 
0 fred:~# echo /dev/sda1 / ext3 defaults,errors=remount-ro 0 1 >> /mnt/etc/fstab
0 fred:~# echo /dev/sda2 none swap sw 0 0 >> /mnt/etc/fstab
0 fred:~# echo >/mnt/etc/hosts '127.0.0.1 localhost
209.51.163.29 marcos.mayfirst.org marcos

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
'
0 fred:~# echo marcos > /mnt/etc/hostname 
0 fred:~# cp -a {,/mnt}/etc/network/if-up.d/add-he-routes 
0 fred:~# cp -a {,/mnt}/etc/network/if-down.d/remove-he-routes
0 fred:~# emacs /mnt/etc/network/if-*.d/*-he-routes ## fix up to repair IP addresses and network interface designations
0 fred:~# lvcreate --size=200MB --name=marcos-swap vg_fred0
  Logical volume "marcos-swap" created
0 fred:~# mkswap /dev/mapper/vg_fred0-marcos--swap 
Setting up swapspace version 1, size = 209711 kB
no label, UUID=1fe97b9d-445b-458c-891b-925d23dfaa80
0 fred:~# umount /mnt
0 fred:~# 

Setting up the xen config:

0 fred:~# grep '^[^#]' /etc/xen/marcos
kernel  = '/boot/vmlinuz-2.6.18-6-xen-amd64'
ramdisk = '/boot/initrd.img-2.6.18-6-xen-amd64'
memory  = '64'
root    = '/dev/sda1 ro'
disk    = [ 'phy:vg_fred0/marcos-disk,sda1,w', 'phy:vg_fred0/marcos-swap,sda2,w' ]
name    = 'marcos'
vif  = [ 'ip=209.51.163.29' ]
on_poweroff = 'destroy'
on_reboot   = 'restart'
on_crash    = 'restart'
0 fred:~# 

additional packages

Within the domU, once it was started, i did:

aptitude install iproute less lsof emacs22-nox psmisc screen deborphan

I don't appear to need the kernel modules for this machine, since it is a dedicated host.

I used deborphan to clear up a few outstanding unneeded libraries from the debootstrap run, and to get rid of a handful of other unneeded packages

resolving name service

aptitude install runit djbdns

Setting up the actual resolving name service:

0 marcos:~# lsof -i
1 marcos:~# adduser --system dnslog
Adding system user `dnslog' (UID 100) ...
Adding new user `dnslog' (UID 100) with group `nogroup' ...
Creating home directory `/home/dnslog' ...
0 marcos:~# adduser --system dnscache
Adding system user `dnscache' (UID 101) ...
Adding new user `dnscache' (UID 101) with group `nogroup' ...
Creating home directory `/home/dnscache' ...
0 marcos:~# dnscache-conf dnscache dnslog /srv/dnscache 209.51.163.29
0 marcos:~# ln -s /srv/dnscache /etc/service
0 marcos:~# lsof -i
COMMAND   PID     USER   FD   TYPE DEVICE SIZE NODE NAME
dnscache 1536 dnscache    3u  IPv4   4816       UDP marcos.mayfirst.org:domain 
dnscache 1536 dnscache    4u  IPv4   4817       TCP marcos.mayfirst.org:domain (LISTEN)
0 marcos:/srv/dnscache/root/ip# ip route
209.51.163.192/28 dev eth0  scope link  src 209.51.163.29 
209.51.180.16/28 dev eth0  scope link  src 209.51.163.29 
209.51.172.0/28 dev eth0  scope link  src 209.51.163.29 
209.51.169.80/28 dev eth0  scope link  src 209.51.163.29 
209.51.163.0/27 dev eth0  proto kernel  scope link  src 209.51.163.29 
default via 209.51.163.1 dev eth0 
0 marcos:~# ls /srv/dnscache/root/ip/ | wc -l
1
0 marcos:~# for BASE in 209.51.163.192 209.51.180.16 209.51.172.0 209.51.169.80 209.51.163.0 209.51.163.16; do for INC in $(seq 0 15) ; do LAST=${BASE#*.*.*.}; NEW=/srv/dnscache/root/ip/${BASE%.*}.$(( $LAST + $INC )); if [ ! -e $NEW ]; then touch $NEW; fi; done; done
0 marcos:~# ls /srv/dnscache/root/ip/
97
0 marcos:~# 

SMTP

Administrative alerts from this machine should just be routed off the box to chavez, which is currently handling mail for mayfirst.org:

aptitude install nullmailer mailx

nullmailer was configured solely via debconf, with the following settings:

0 marcos:~# debconf-show nullmailer
* shared/mailname: marcos.mayfirst.org
  nullmailer/adminaddr: root@mayfirst.org
* nullmailer/relayhost: chavez.mayfirst.org
0 marcos:~# 

updates

I also wanted updates about available upgrades to get sent off, so i included cron-apt, and set it to nag when updates are available:

aptitude install cron-apt
echo 'MAILON="upgrade"' >> /etc/cron-apt/config

SSH

in response to #829, dkg added ssh service to marcos. Its host key is available through the standard OpenPGP keyserver network (signed by myself). If you don't have monkeysphere set up to automate this, the host key fingerprint is:

96:94:97:f9:bd:bd:09:a3:9d:7d:ea:df:36:f1:04:15
Last modified 11 years ago Last modified on Apr 8, 2008, 5:32:49 PM