Index: branches/fc15-dev/server/doc/install-xen =================================================================== --- branches/fc15-dev/server/doc/install-xen (revision 1803) +++ branches/fc15-dev/server/doc/install-xen (revision 1878) @@ -1,48 +1,95 @@ -# install Hardy -# this involves complicated partitioning (with lvm) -# the popular version of Grub doesn't cope with this. -# Thus, we need a boot partition not under LVM -# allocate about 1G for /root ext3 filesystem -# partition the two disks the same way -# that means you have two disks, each with a 1G partition and -# a "rest-of-the-space"G partition -# now, combine the two 1G partitions into a RAID 1 (as /boot ext3) -# take the two other partitions, another RAID 1 (set up as lvm) -# create one volume group the same as the host -# in that volume group, create two lvs one of them named root (ext3) -# and one named swap (copy sizes, 10G root and 2G swap) -# F11 will suggest ext4, DON'T USE IT. +# install Squeeze + # Configure each drive with a 1G partition and a rest-of-the-space partition, as RAID + # Create a RAID1 for the 1G partitions + # Create a RAID1 for each pair of rest-of-the-space partitions + # Create an ext3 /boot on the 1G RAID1 + # Create an LVM volume group named after the machine's short hostname + # Create an LV called "swap" that is the same size as the machine's physical RAM + # Create an LV called "root" that is 50G ext4 + +# ??? F11 will suggest ext4, DON'T USE IT. # - New filesystem, so it's scary # - The hosts can't mount it # - Grub can't cope with it -# enable backports (because Xen 3.3 is in hardy backports) - apt-get update - apt-get dist-upgrade +# install useful utility packages + aptitude install htop ipmitool emacs23-nox vim memtest86 memtest86+ ntp ntpdate git smartmontools kpartx apticron bwm-ng bzip2 ethtool i2c-tools lm-sensors mii-diag molly-guard mtr-tiny nbd-client nbd-server rlwrap strace tcpdump tree + git config --global color.ui auto + # install Xen - apt-get install ubuntu-xen-server + aptitude install xen-linux-system + # download Debathena archive key, verify - apt-key add ... -# add Debathena repos to etc/apt.d/sources.list -# install Debathena software - apt-get install debathena-clients + (aptitude install debian-keyring && + cd /tmp && + wget http://debathena.mit.edu/apt/debathena-archive.asc && + kcr_fingerprint=$(gpg --keyring /usr/share/keyrings/debian-keyring.gpg --no-default-keyring --list-keys --with-colons kcr@debian.org | grep ^pub | cut -f 5 -d :) && + gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --import debathena-archive.asc && + gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --refresh-keys && + gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg --check-sigs --with-colons debathena@mit.edu | grep '^sig:!' | cut -d: -f5 | grep -q $kcr_fingerprint && + gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --export debathena@mit.edu | apt-key adv --import) + +# add Debathena repos to etc/apt/sources.list.d + cat < /etc/apt/sources.list.d/debathena.list +deb http://debathena.mit.edu/apt squeeze debathena debathena-config debathena-system openafs +deb-src http://debathena.mit.edu/apt squeeze debathena debathena-config debathena-system openafs +EOF + +# install host keytab + cp $keytab /etc/krb5.keytab + k5srvutil change + k5srvutil delold +# install ~/.k5login +# install Debathena software (hit enter to take the defaults at the +# configuration prompts) + aptitude update + aptitude install debathena-clients debathena-ssh-server-config # compare packages with another server -dpkg -l + dpkg -l # reconfigure so that we can get an MTA, although we don't -# want the hosts to accept mail (smart host, does not take mail) +# want the hosts to accept mail (mail sent by smarthost; no local mail) # outgoing.mit.edu - dpkg reconfigure xm4-config + dpkg-reconfigure exim4-config # answer questions properly # change root alias in /etc/aliases to be the same as scripts server # reload it newaliases -# ssh key for host... -# install host keytab +# clone the xen config (/etc/xen) + git clone -b squeeze ssh://scripts@scripts.mit.edu/mit/scripts/git/xen.git /etc/xen # copy conserver config (we need to version this) -# clone the xen config (/etc/xen) - git clone ssh://scripts@scripts.mit.edu/mit/scripts/git/xen.git /etc/xen - + aptitude install sudo conserver-{server,client} # setup conserver - cat /etc/conserver/console.cf # add the correct entires here + cat < /etc/conserver/conserver.cf +config * { + sslrequired no; +} +default full { + rw *; +} +default * { + logfile /var/log/conserver/&.log; + timestamp "1lab"; + include full; + sslrequired no; + options reinitoncc; +} +default xen { + type exec; + exec sudo xm console f; + execsubst f=cs; +} +access * { + trusted 127.0.0.1; +} +EOF visudo # add conservr to sudoers list with: conservr ALL=(ALL) NOPASSWD: /usr/sbin/xm console * + +# setup munin and nagios + aptitude install munin-node +cat <> /etc/munin/munin-node.conf +allow ^18\.187\.1\.128$ +allow ^18\.181\.0\.65$ +allow ^18\.181\.0\.51$ +EOF +