Changeset 1878 for branches/fc15-dev/server/doc/install-xen

Timestamp:

Jun 7, 2011, 12:58:14 PM (13 years ago)

Author:

achernya

Message:

Merge r1803-1877 from trunk to branches/fc15-dev

Location:

branches/fc15-dev

Files:

• . (modified) (1 prop)
• server/doc/install-xen (modified) (1 diff)

branches/fc15-dev/server/doc/install-xen

@@ -1 @@
-# install Hardy
-# this involves complicated partitioning (with lvm)
-# the popular version of Grub doesn't cope with this.
-# Thus, we need a boot partition not under LVM
-# allocate about 1G for /root ext3 filesystem
-# partition the two disks the same way
-# that means you have two disks, each with a 1G partition and
-# a "rest-of-the-space"G partition
-# now, combine the two 1G partitions into a RAID 1 (as /boot ext3)
-# take the two other partitions, another RAID 1 (set up as lvm)
-# create one volume group the same as the host
-# in that volume group, create two lvs one of them named root (ext3)
-# and one named swap (copy sizes, 10G root and 2G swap)
-# F11 will suggest ext4, DON'T USE IT.
+# install Squeeze
+ # Configure each drive with a 1G partition and a rest-of-the-space partition, as RAID
+ # Create a RAID1 for the 1G partitions
+ # Create a RAID1 for each pair of rest-of-the-space partitions
+ # Create an ext3 /boot on the 1G RAID1
+ # Create an LVM volume group named after the machine's short hostname
+ # Create an LV called "swap" that is the same size as the machine's physical RAM
+ # Create an LV called "root" that is 50G ext4
+
+# ??? F11 will suggest ext4, DON'T USE IT.
 #   - New filesystem, so it's scary
 #   - The hosts can't mount it
 #   - Grub can't cope with it
 
-# enable backports (because Xen 3.3 is in hardy backports)
-    apt-get update
-    apt-get dist-upgrade
+# install useful utility packages
+    aptitude install htop ipmitool emacs23-nox vim memtest86 memtest86+ ntp ntpdate git smartmontools kpartx apticron bwm-ng bzip2 ethtool i2c-tools lm-sensors mii-diag molly-guard mtr-tiny nbd-client nbd-server rlwrap strace tcpdump tree
+    git config --global color.ui auto
+
 # install Xen
-    apt-get install ubuntu-xen-server
+    aptitude install xen-linux-system
+
 # download Debathena archive key, verify
-    apt-key add ...
-# add Debathena repos to etc/apt.d/sources.list
-# install Debathena software
-    apt-get install debathena-clients
+  (aptitude install debian-keyring &&
+  cd /tmp &&
+  wget http://debathena.mit.edu/apt/debathena-archive.asc &&
+  kcr_fingerprint=$(gpg --keyring /usr/share/keyrings/debian-keyring.gpg --no-default-keyring --list-keys --with-colons kcr@debian.org | grep ^pub | cut -f 5 -d :) &&
+  gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --import debathena-archive.asc &&
+  gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --refresh-keys &&
+  gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg --check-sigs --with-colons debathena@mit.edu | grep '^sig:!' | cut -d: -f5 | grep -q $kcr_fingerprint &&
+  gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --export debathena@mit.edu | apt-key adv --import)
+
+# add Debathena repos to etc/apt/sources.list.d
+  cat <<EOF > /etc/apt/sources.list.d/debathena.list
+deb http://debathena.mit.edu/apt squeeze debathena debathena-config debathena-system openafs
+deb-src http://debathena.mit.edu/apt squeeze debathena debathena-config debathena-system openafs
+EOF
+
+# install host keytab
+  cp $keytab /etc/krb5.keytab
+  k5srvutil change
+  k5srvutil delold
+# install ~/.k5login
+# install Debathena software (hit enter to take the defaults at the
+# configuration prompts)
+  aptitude update
+  aptitude install debathena-clients debathena-ssh-server-config
 # compare packages with another server
-dpkg -l
+  dpkg -l
 # reconfigure so that we can get an MTA, although we don't
-# want the hosts to accept mail (smart host, does not take mail)
+# want the hosts to accept mail (mail sent by smarthost; no local mail)
 # outgoing.mit.edu
-    dpkg reconfigure xm4-config
+    dpkg-reconfigure exim4-config
         # answer questions properly
 # change root alias in /etc/aliases to be the same as scripts server
 # reload it
     newaliases
-# ssh key for host...
-# install host keytab
+# clone the xen config (/etc/xen)
+    git clone -b squeeze ssh://scripts@scripts.mit.edu/mit/scripts/git/xen.git /etc/xen
 # copy conserver config (we need to version this)
-# clone the xen config (/etc/xen)
-    git clone ssh://scripts@scripts.mit.edu/mit/scripts/git/xen.git /etc/xen
-
+  aptitude install sudo conserver-{server,client}
 # setup conserver
-    cat /etc/conserver/console.cf # add the correct entires here
+  cat <<EOF > /etc/conserver/conserver.cf
+config * {
+        sslrequired no;
+}
+default full {
+        rw *;
+}
+default * {
+        logfile /var/log/conserver/&.log;
+        timestamp "1lab";
+        include full;
+        sslrequired no;
+        options reinitoncc;
+}
+default xen {
+        type exec;
+        exec sudo xm console f;
+        execsubst f=cs;
+}
+access * {
+        trusted 127.0.0.1;
+}
+EOF
     visudo # add conservr to sudoers list with:
         conservr ALL=(ALL) NOPASSWD: /usr/sbin/xm console *
+
+# setup munin and nagios  
+    aptitude install munin-node
+cat <<EOF >> /etc/munin/munin-node.conf
+allow ^18\.187\.1\.128$
+allow ^18\.181\.0\.65$
+allow ^18\.181\.0\.51$
+EOF
+