[1878] | 1 | # install Squeeze |
---|
| 2 | # Configure each drive with a 1G partition and a rest-of-the-space partition, as RAID |
---|
| 3 | # Create a RAID1 for the 1G partitions |
---|
| 4 | # Create a RAID1 for each pair of rest-of-the-space partitions |
---|
| 5 | # Create an ext3 /boot on the 1G RAID1 |
---|
| 6 | # Create an LVM volume group named after the machine's short hostname |
---|
| 7 | # Create an LV called "swap" that is the same size as the machine's physical RAM |
---|
| 8 | # Create an LV called "root" that is 50G ext4 |
---|
| 9 | |
---|
| 10 | # ??? F11 will suggest ext4, DON'T USE IT. |
---|
[1241] | 11 | # - New filesystem, so it's scary |
---|
| 12 | # - The hosts can't mount it |
---|
| 13 | # - Grub can't cope with it |
---|
| 14 | |
---|
[1878] | 15 | # install useful utility packages |
---|
| 16 | aptitude install htop ipmitool emacs23-nox vim memtest86 memtest86+ ntp ntpdate git smartmontools kpartx apticron bwm-ng bzip2 ethtool i2c-tools lm-sensors mii-diag molly-guard mtr-tiny nbd-client nbd-server rlwrap strace tcpdump tree |
---|
| 17 | git config --global color.ui auto |
---|
| 18 | |
---|
[1241] | 19 | # install Xen |
---|
[1878] | 20 | aptitude install xen-linux-system |
---|
| 21 | |
---|
[1241] | 22 | # download Debathena archive key, verify |
---|
[1878] | 23 | (aptitude install debian-keyring && |
---|
| 24 | cd /tmp && |
---|
| 25 | wget http://debathena.mit.edu/apt/debathena-archive.asc && |
---|
| 26 | kcr_fingerprint=$(gpg --keyring /usr/share/keyrings/debian-keyring.gpg --no-default-keyring --list-keys --with-colons kcr@debian.org | grep ^pub | cut -f 5 -d :) && |
---|
| 27 | gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --import debathena-archive.asc && |
---|
| 28 | gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --refresh-keys && |
---|
| 29 | gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg --check-sigs --with-colons debathena@mit.edu | grep '^sig:!' | cut -d: -f5 | grep -q $kcr_fingerprint && |
---|
| 30 | gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --export debathena@mit.edu | apt-key adv --import) |
---|
| 31 | |
---|
| 32 | # add Debathena repos to etc/apt/sources.list.d |
---|
| 33 | cat <<EOF > /etc/apt/sources.list.d/debathena.list |
---|
| 34 | deb http://debathena.mit.edu/apt squeeze debathena debathena-config debathena-system openafs |
---|
| 35 | deb-src http://debathena.mit.edu/apt squeeze debathena debathena-config debathena-system openafs |
---|
| 36 | EOF |
---|
| 37 | |
---|
| 38 | # install host keytab |
---|
| 39 | cp $keytab /etc/krb5.keytab |
---|
| 40 | k5srvutil change |
---|
| 41 | k5srvutil delold |
---|
| 42 | # install ~/.k5login |
---|
| 43 | # install Debathena software (hit enter to take the defaults at the |
---|
| 44 | # configuration prompts) |
---|
| 45 | aptitude update |
---|
| 46 | aptitude install debathena-clients debathena-ssh-server-config |
---|
[1241] | 47 | # compare packages with another server |
---|
[1878] | 48 | dpkg -l |
---|
[1241] | 49 | # reconfigure so that we can get an MTA, although we don't |
---|
[1878] | 50 | # want the hosts to accept mail (mail sent by smarthost; no local mail) |
---|
[1241] | 51 | # outgoing.mit.edu |
---|
[1878] | 52 | dpkg-reconfigure exim4-config |
---|
[1241] | 53 | # answer questions properly |
---|
| 54 | # change root alias in /etc/aliases to be the same as scripts server |
---|
| 55 | # reload it |
---|
| 56 | newaliases |
---|
[1878] | 57 | # clone the xen config (/etc/xen) |
---|
| 58 | git clone -b squeeze ssh://scripts@scripts.mit.edu/mit/scripts/git/xen.git /etc/xen |
---|
[1241] | 59 | # copy conserver config (we need to version this) |
---|
[1878] | 60 | aptitude install sudo conserver-{server,client} |
---|
[1693] | 61 | # setup conserver |
---|
[1878] | 62 | cat <<EOF > /etc/conserver/conserver.cf |
---|
| 63 | config * { |
---|
| 64 | sslrequired no; |
---|
| 65 | } |
---|
| 66 | default full { |
---|
| 67 | rw *; |
---|
| 68 | } |
---|
| 69 | default * { |
---|
| 70 | logfile /var/log/conserver/&.log; |
---|
| 71 | timestamp "1lab"; |
---|
| 72 | include full; |
---|
| 73 | sslrequired no; |
---|
| 74 | options reinitoncc; |
---|
| 75 | } |
---|
| 76 | default xen { |
---|
| 77 | type exec; |
---|
| 78 | exec sudo xm console f; |
---|
| 79 | execsubst f=cs; |
---|
| 80 | } |
---|
| 81 | access * { |
---|
| 82 | trusted 127.0.0.1; |
---|
| 83 | } |
---|
| 84 | EOF |
---|
[1693] | 85 | visudo # add conservr to sudoers list with: |
---|
| 86 | conservr ALL=(ALL) NOPASSWD: /usr/sbin/xm console * |
---|
[1878] | 87 | |
---|
| 88 | # setup munin and nagios |
---|
| 89 | aptitude install munin-node |
---|
| 90 | cat <<EOF >> /etc/munin/munin-node.conf |
---|
| 91 | allow ^18\.187\.1\.128$ |
---|
| 92 | allow ^18\.181\.0\.65$ |
---|
| 93 | allow ^18\.181\.0\.51$ |
---|
| 94 | EOF |
---|
| 95 | |
---|