LQPP/installation-betriebssystem-rogers
< LQPP
Inhaltsverzeichnis
- 1 Configuration of rogers.lqfb.piratenpartei.de
- 1.1 RAID
- 1.2 Installation debian
- 1.3 Configuration
- 1.3.1 LF-Dependencies
- 1.3.2 Komfort
- 1.3.3 Nutzer registrieren und ssh-key-login
- 1.3.4 MTA
- 1.3.5 sudo installieren
- 1.3.6 SSH-Config
- 1.3.7 RAID-Controler
- 1.3.8 array-configuration-utility
- 1.3.9 Ilo network config
- 1.3.10 system network config
- 1.3.11 firewall-regeln
- 1.3.12 ntp
- 1.3.13 Munin
- 1.3.14 SSL zertifikat
- 1.3.15 nrpe (nagios remote plugin execution )
Configuration of rogers.lqfb.piratenpartei.de
RAID
- 2x36,4GB (ID0,ID1), RAID 1+0 plus 1x36,4GB (ID2) als Spare
- Maximum boot partition disabled
- 1x36,4 GB (ID3) nicht verwendet
Installation debian
-> Install -> English -> other -> Europe -> Gemarny -> German
-> Primary network interface eth0 -> Hostname: rogers -> Domain Name: lqfb.piratenpartei.de
-> Manual -> cciss/c0d0 -> Create a new partition -> 15GB, primary, beginning, ext3 at /, Bootable flag ON -> create new partition -> 10GB, primary, beginning, -> use as: physical volume for encryption -> AES,256,cbc-essiv:sha256,passphrase,yes,off -> create new partition -> 5,0GB, primary, beginning, ext3 on /var/log -> create new partition -> REST, primary, beginning, -> use as: physical volume for encryption -> AES/256/cbc-essiv:sha256/Random key/no/off -> configure encrypted volumes -> yes -> yes again -> passphrase c0d0p2 according to security manifest -> Select c0d0p2 -> Ext3, mount_point /var/lib -> Done setting ... -> select c0d0p4, swap -> Done setting -> Finish partitioning and write changes to disk -> YES -> (watch the progress bar or do something else)
-> root passwort according to security manifest -> system user alx -> alx passwort
-> Germany -> mirror: ftp.de.debian.org -> no -> no -> deselect standard system -> grub YES -> Continue
Configuration
Update packages
apt-get update apt-get upgrade
LF-Dependencies
apt-get install lighttpd postgresql libpq-dev lua5.1 liblua5.1-0-dev build-essential ghc libghc6-parsec-dev imagemagick tig
vim /etc/apt/sources.list
Add deb http://www.backports.org/debian etch-backports main contrib non-free to
wget -O - http://backports.org/debian/archive.key | apt-key add -
install and configure etckeeper
apt-get install etckeeper git-core metastore -t etch-backports cd /etc etckeeper init git add . etckeeper commit 'Initial commit' git gc
ssh-install
apt-get install openssh-server
Komfort
aptitude install screen apt-get install bash-completion less
bash-completion einkommentieren
vi /etc/bash.bashrc # enable bash completion in interactive shells if [ -f /etc/bash_completion ]; then . /etc/bash_completion fi apt-get install vim-nox update-alternatives --config editor selection number 4
Nutzer registrieren und ssh-key-login
adduser mpd adduser ibo
Keys eintragen
su - alx mkdir .ssh chmod go-rwx .ssh vi .ssh/authorized_keys su - mpd mkdir .ssh chmod go-rwx .ssh vi .ssh/authorized_keys su - ibo mkdir .ssh chmod go-rwx .ssh vi .ssh/authorized_keys exit
MTA
apt-get install postfix -> Internet Site -> lqfb.piratenpartei.de vim /etc/postfix/main.cf -> mydomain = lqfb.piratenpartei.de -> myorigin = lqfb.piratenpartei.de -> masquerade_domains = $mydomain -> #relayhost =
sudo installieren
apt-get install sudo visudo Einkommentieren: %sudo ALL=NOPASSWD: ALL vi /etc/group -> sudo:x:27:alx,ibo,mpd
SSH-Config
vi /etc/ssh/sshd_config
Kein direkter root-Login
PermitRootLogin no
Kein Kennwort-basierender Login
PasswordAuthentication no
SSH-Daemon neustarten
/etc/init.d/ssh restart
RAID-Controler
apt-get install arrayprobe wget "http://switch.dl.sourceforge.net/project/cciss/cciss_vol_status/cciss_vol_status-1.06.tar.gz" tar xvfz cciss_vol_status-1.06.tar.gz aptitude install build-essential cd cciss_vol_status-1.06 ./configure make make install cd ..
array-configuration-utility
wget ftp://ftp.hp.com/pub/softlib2/software1/pubsw-linux/p414707558/v59422/hpacucli-8.50-6.0.noarch.rpm apt-get install alien alien hpacucli-8.50-6.0.noarch.rpm dpkg -i hpacucli_8.50-7_i386.deb
array config
gib mir sparedrives status:
hpacucli controller slot=0 physicaldrive all show
add all unassigned drives as spares
hpacucli controller slot=0 array A add spares=allunassigned
status again:
hpacucli controller slot=0 physicaldrive all show
Ilo network config
10.134.168.156/30 wobei 157=me 158=you
system network config
vi /etc/network/interfaces
auto eth0 auto eth1 iface eth0 inet static address194.150.168.158 network 194.150.168.156 netmask 255.255.255.252 gateway 194.150.168.157 iface eth1 inet static address 192.168.2.165 network 192.168.2.0 netmask 255.255.255.0
vi /etc/resolv.conf nameserver 141.1.1.1
firewall-regeln
Script aus git://git@github.com:lqpp/liquidfeedback.git verwenden
cd /opt/liquid_feedback/etc/init.d/ cp solas /etc/init.d/ sudo /etc/init.d/solas
ntp
sudo apt-get install ntp sudo apt-get install ntpdate
Munin
Munin-Node installieren
sudo apt-get install munin-node sudo vim /etc/munin/munin-node.conf -> Insert Line "allow ^$IP$" - $IP is address of munin-master -> uncomment host_name rogers.lqfb.piratenpartei.de
Munin-Postgres-Plugin installieren
install perl-dbi-module
sudo apt-get install libdbd-pg-perl
Plugins installieren
cd /usr/share/munin/plugins/ sudo wget http://pgfoundry.org/frs/download.php/2096/muninpgplugins-0.2.2.tar.gz sudo tar xvzf muninpgplugins-0.2.2.tar.gz sudo ln -s /usr/share/munin/plugins/muninpgplugins/pg__connections /etc/munin/plugins/pg_liquid_feedback_pp_connections sudo ln -s /usr/share/munin/plugins/muninpgplugins/pg__db_size /etc/munin/plugins/pg_liquid_feedback_pp_db_size sudo ln -s /usr/share/munin/plugins/muninpgplugins/pg__locks /etc/munin/plugins/pg_liquid_feedback_pp_locks sudo ln -s /usr/share/munin/plugins/muninpgplugins/pg__stat_bgwriter /etc/munin/plugins/pg_liquid_feedback_pp_stat_bgwriter sudo ln -s /usr/share/munin/plugins/muninpgplugins/pg__stat_database /etc/munin/plugins/pg_liquid_feedback_pp_stat_database sudo ln -s /usr/share/munin/plugins/muninpgplugins/pg__statio_tables /etc/munin/plugins/pg_liquid_feedback_pp_statio_tables sudo ln -s /usr/share/munin/plugins/muninpgplugins/pg__stat_tables /etc/munin/plugins/pg_liquid_feedback_pp_stat_tables sudo vim /etc/munin/plugin-conf.d/munin-node -> [pg_liquid_feedback_pp*] user postgres env.dbname liquid_feedback_pp sudo vim /etc/postgresql/8.3/main/postgresql.conf -> stats_start_collector = true stats_block_level = true sudo /etc/init.d/postgres restart sudo /etc/init.d/munin-node restart
Lighttpd-Plugin installieren
install lwf:usermodule - metapackage sudo apt-get install libwww-perl
plugin-symbolic links
sudo ln -s /usr/share/munin/plugins/apache_volume /etc/munin/plugins/apache_volume
sudo ln -s /usr/share/munin/plugins/apache_processes /etc/munin/plugins/apache_processes
sudo ln -s /usr/share/munin/plugins/apache_accesses /etc/munin/plugins/apache_accesses
sudo vim /etc/munin/plugin-conf.d/munin-node
-> [apache_*]
env.ports 443
env.url http://127.0.0.1:%d/status?auto
env.ssl yes
lighttp-mod-status aktivieren
sudo lighttpd-enable-mod status
munin-node neustarten
sudo /etc/init.d/lighttpd force-reload sudo /etc/init.d/munin-node restart
ntp-plugin
cd /etc/munin/plugins/ sudo ln -s /usr/share/munin/plugins/ntp_offset . sudo ln -s /usr/share/munin/plugins/ntp_states . sudo /etc/init.d/munin-node restart
SSL zertifikat
- Martin hat ein self signed erstellt und installiert
#schlüsselverzeichnis erstellen mkdir -p /etc/lighttpd/ssl/lqfb.piratenpartei.de #schlüssel erstellen openssl genrsa -des3 -out lqfb.piratenpartei.de.key 1024 #das passwort des schlüssels entfernen openssl rsa -in lqfb.piratenpartei.de.key -out lqfb.piratenpartei.de.nopass.key # Certificate signing request erstellen. openssl req -new -key lqfb.piratenpartei.de.nopass.key -out lqfb.piratenpartei.de.csr
Country Name (2 letter code) [AU]:de State or Province Name (full name) [Some-State]:Germany Locality Name (eg, city) []:Berlin Organization Name (eg, company) [Internet Widgits Pty Ltd]:Piratenpartei Deutschland Organizational Unit Name (eg, section) []:Liquid Feedback Common Name (eg, YOUR name) []:*.lqfb.piratenpartei.de Email Address []:admins@lqfb.piratenpartei.de
Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
nrpe (nagios remote plugin execution )
sudo apt-get install nagios-nrpe-server
change remote host ip
diff --git a/nagios/nrpe.cfg b/nagios/nrpe.cfg index f21cdab..97749e2 100644 --- a/nagios/nrpe.cfg +++ b/nagios/nrpe.cfg @@ -76,7 +76,8 @@ nrpe_group=nagios # # NOTE: This option is ignored if NRPE is running under either inetd or xinetd -allowed_hosts=127.0.0.1 +#allowed_hosts=127.0.0.1 +allowed_hosts=127.0.0.1, 212.12.52.210
