# install Squeeze # Configure each drive with a 1G partition and a rest-of-the-space partition, as RAID # Create a RAID1 for the 1G partitions # Create a RAID1 for each pair of rest-of-the-space partitions # Create an ext3 /boot on the 1G RAID1 # Create an LVM volume group named after the machine's short hostname # Create an LV called "swap" that is the same size as the machine's physical RAM # Create an LV called "root" that is 50G ext4 # ??? F11 will suggest ext4, DON'T USE IT. # - New filesystem, so it's scary # - The hosts can't mount it # - Grub can't cope with it # install useful utility packages aptitude install htop ipmitool emacs23-nox vim memtest86 memtest86+ ntp ntpdate git smartmontools kpartx apticron bwm-ng bzip2 ethtool i2c-tools lm-sensors mii-diag molly-guard mtr-tiny nbd-client nbd-server rlwrap strace tcpdump tree git config --global color.ui auto # install Xen aptitude install xen-linux-system # download Debathena archive key, verify (aptitude install debian-keyring && cd /tmp && wget http://debathena.mit.edu/apt/debathena-archive.asc && kcr_fingerprint=$(gpg --keyring /usr/share/keyrings/debian-keyring.gpg --no-default-keyring --list-keys --with-colons kcr@debian.org | grep ^pub | cut -f 5 -d :) && gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --import debathena-archive.asc && gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --refresh-keys && gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg --check-sigs --with-colons debathena@mit.edu | grep '^sig:!' | cut -d: -f5 | grep -q $kcr_fingerprint && gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --export debathena@mit.edu | apt-key adv --import) # add Debathena repos to etc/apt/sources.list.d cat < /etc/apt/sources.list.d/debathena.list deb http://debathena.mit.edu/apt squeeze debathena debathena-config debathena-system openafs deb-src http://debathena.mit.edu/apt squeeze debathena debathena-config debathena-system openafs EOF # install host keytab cp $keytab /etc/krb5.keytab k5srvutil change k5srvutil delold # install ~/.k5login # install Debathena software (hit enter to take the defaults at the # configuration prompts) aptitude update aptitude install debathena-clients debathena-ssh-server-config # compare packages with another server dpkg -l # reconfigure so that we can get an MTA, although we don't # want the hosts to accept mail (mail sent by smarthost; no local mail) # outgoing.mit.edu dpkg-reconfigure exim4-config # answer questions properly # change root alias in /etc/aliases to be the same as scripts server # reload it newaliases # clone the xen config (/etc/xen) git clone -b squeeze ssh://scripts@scripts.mit.edu/mit/scripts/git/xen.git /etc/xen # copy conserver config (we need to version this) aptitude install sudo conserver-{server,client} # setup conserver cat < /etc/conserver/conserver.cf config * { sslrequired no; } default full { rw *; } default * { logfile /var/log/conserver/&.log; timestamp "1lab"; include full; sslrequired no; options reinitoncc; } default xen { type exec; exec sudo xm console f; execsubst f=cs; } access * { trusted 127.0.0.1; } EOF visudo # add conservr to sudoers list with: conservr ALL=(ALL) NOPASSWD: /usr/sbin/xm console * # setup munin and nagios aptitude install munin-node cat <> /etc/munin/munin-node.conf allow ^18\.187\.1\.128$ allow ^18\.181\.0\.65$ allow ^18\.181\.0\.51$ EOF