source: trunk/server/doc/install-xen @ 1870

# install Squeeze
 # Configure each drive with a 1G partition and a rest-of-the-space partition, as RAID
 # Create a RAID1 for the 1G partitions
 # Create a RAID1 for each pair of rest-of-the-space partitions
 # Create an ext3 /boot on the 1G RAID1
 # Create an LVM volume group named after the machine's short hostname
 # Create an LV called "swap" that is the same size as the machine's physical RAM
 # Create an LV called "root" that is 50G ext4

# ??? F11 will suggest ext4, DON'T USE IT.
#   - New filesystem, so it's scary
#   - The hosts can't mount it
#   - Grub can't cope with it

# install useful utility packages
    aptitude install htop ipmitool emacs23-nox vim memtest86 memtest86+ ntp ntpdate git smartmontools kpartx apticron bwm-ng bzip2 ethtool i2c-tools lm-sensors mii-diag molly-guard mtr-tiny nbd-client nbd-server rlwrap strace tcpdump tree
    git config --global color.ui auto

# install Xen
    aptitude install xen-linux-system

# download Debathena archive key, verify
  (aptitude install debian-keyring &&
  cd /tmp &&
  wget http://debathena.mit.edu/apt/debathena-archive.asc &&
  kcr_fingerprint=$(gpg --keyring /usr/share/keyrings/debian-keyring.gpg --no-default-keyring --list-keys --with-colons kcr@debian.org | grep ^pub | cut -f 5 -d :) &&
  gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --import debathena-archive.asc &&
  gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --refresh-keys &&
  gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg --check-sigs --with-colons debathena@mit.edu | grep '^sig:!' | cut -d: -f5 | grep -q $kcr_fingerprint &&
  gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --export debathena@mit.edu | apt-key adv --import)

# add Debathena repos to etc/apt/sources.list.d
  cat <<EOF > /etc/apt/sources.list.d/debathena.list
deb http://debathena.mit.edu/apt squeeze debathena debathena-config debathena-system openafs
deb-src http://debathena.mit.edu/apt squeeze debathena debathena-config debathena-system openafs
EOF

# install host keytab
  cp $keytab /etc/krb5.keytab
  k5srvutil change
  k5srvutil delold
# install ~/.k5login
# install Debathena software (hit enter to take the defaults at the
# configuration prompts)
  aptitude update
  aptitude install debathena-clients debathena-ssh-server-config
# compare packages with another server
  dpkg -l
# reconfigure so that we can get an MTA, although we don't
# want the hosts to accept mail (mail sent by smarthost; no local mail)
# outgoing.mit.edu
    dpkg-reconfigure exim4-config
        # answer questions properly
# change root alias in /etc/aliases to be the same as scripts server
# reload it
    newaliases
# clone the xen config (/etc/xen)
    git clone -b squeeze ssh://scripts@scripts.mit.edu/mit/scripts/git/xen.git /etc/xen
# copy conserver config (we need to version this)
  aptitude install sudo conserver-{server,client}
# setup conserver
  cat <<EOF > /etc/conserver/conserver.cf
config * {
        sslrequired no;
}
default full {
        rw *;
}
default * {
        logfile /var/log/conserver/&.log;
        timestamp "1lab";
        include full;
        sslrequired no;
        options reinitoncc;
}
default xen {
        type exec;
        exec sudo xm console f;
        execsubst f=cs;
}
access * {
        trusted 127.0.0.1;
}
EOF
    visudo # add conservr to sudoers list with:
        conservr ALL=(ALL) NOPASSWD: /usr/sbin/xm console *

# setup munin and nagios  
    aptitude install munin-node
cat <<EOF >> /etc/munin/munin-node.conf
allow ^18\.187\.1\.128$
allow ^18\.181\.0\.65$
allow ^18\.181\.0\.51$
EOF