david.rabine

User Tools

Site Tools

Trace:
computers:server:sage_config

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
computers:server:sage_config [2008/03/03 23:05] davidcomputers:server:sage_config [2010/02/18 17:10] (current) david
Line 11: Line 11:
 ====== Automatic Processes ====== ====== Automatic Processes ======
  
 +===== Hourly Scripts =====
  
-===== Set Clock Hourly =====+These are put into **/etc/cron.daily/**: 
 + 
 +==== Check NFS Mounts ==== 
 + 
 +Using the same script as on archon (just changed the directory to the one I am jusing): 
 + 
 +<code bash> 
 +#!/bin/bash 
 +
 +# check_nfs_mounts.sh 
 +# quick check if we have our NFS directories mounted... if not... mount them! 
 +# - dlr 2008/11/12 
 + 
 +MOUNTEDTEST=`df | grep '/mnt/nfs/vault' | wc -l` 
 + 
 +if [ $MOUNTEDTEST -ne 1 ]; then 
 +  mount /mnt/nfs/vault 
 +fi 
 + 
 +</code> 
 + 
 +==== Set Clock Hourly ====
  
 Set our clock hourly to nist's time server:  **/etc/cron.hourly/set_clock_via_network.sh** Set our clock hourly to nist's time server:  **/etc/cron.hourly/set_clock_via_network.sh**
  
-  #!/bin/sh +<code bash> 
-  /usr/sbin/ntpdate time-a.nist.gov >/dev/null 2>&1+#!/bin/sh 
 +/usr/sbin/ntpdate time-a.nist.gov >/dev/null 2>&1 
 +</code>
  
 +===== Monitoring Daemons =====
 +
 +==== Power Disruption ====
 +
 +See the [[#apcupsd]] entry for what I did to monitor ups and power monitoring.
 +
 +==== Raid Monitoring ====
 +
 +Using **mdadm**, I have the following running from **/etc/rc.d/rc.local**:
 +<code>
 +mdadm --monitor --daemonise --mail MY.EMAIL@MY.SERVER --test /dev/md0
 +</code>
  
 ====== Daemon Configurations ====== ====== Daemon Configurations ======
  
 +===== apcupsd =====
  
 +  - Download from the website the **apcupsd-3.14.4-1.el5.x86_64.rpm
 +** package and install it:  <code>
 +cd /root/down
 +yum localinstall apcupsd-3.14.4-1.el5.x86_64.rpm
 +</code>
 +  - Checked over the defaults, and they look perfect to me.  The other machines in the house will use this daemon to signal whether they should turn off or not.
 +
 +**NOTE:** I pulled the plug on this to test if they all at least saw the power going down.  Now that I think about it, archon is going to need to go down first, so I'll need to modify the battery time left on the slave so it goes first.
 +
 +Test run by pulling the plug (I saw this same message on both slaves (archon and mythtv):
 +
 +  Thu Nov 13 07:21:22 EST 2008  Power failure.
 +  Thu Nov 13 07:21:28 EST 2008  Running on UPS batteries.
 +  Thu Nov 13 07:23:15 EST 2008  Mains returned. No longer on UPS batteries.
 +  Thu Nov 13 07:23:15 EST 2008  Power is back. UPS running on mains.
 +
 +===== dhcpd =====
 +
 +Since my mythbox hard drive seems to be dead (that was my dhcp server), I'll attempt to put it on here.
 +
 +  - Install the **dhcpd** server:  <code>
 +yum install dhcp.x86_64
 +</code>
 +  - Modified my **/etc/dhcpd.conf** to give out local IPs: <code>
 +# dhcpd.conf
 +#
 +# Configuration file for ISC dhcpd (see 'man dhcpd.conf')
 +#
 +# archon.lattice.net dhcpd.conf - dlr 20070322 (spring is here!)
 + 
 +# If this DHCP server is the official DHCP server for the local
 +# network, the authoritative directive should be uncommented.
 +authoritative;
 + 
 +#Sets the domain name and our default DNS servers
 +option domain-name                      "lattice.net";
 +option domain-name-servers              10.0.0.1, 10.0.0.2;
 +option netbios-name-servers             10.0.0.1;
 +option netbios-dd-server                10.0.0.1;
 +option netbios-scope                    "";
 +option netbios-node-type                8;
 + 
 +#Sets the time loan time in seconds before computers must renew thier leases
 +default-lease-time                      86400;
 +#Set the maximum amount of time a pc can hold a lease for
 +max-lease-time                          864000;
 + 
 +# I was told to do this :)
 +# ddns-update-style ad-hoc;
 +ddns-update-style none;
 +ddns-ttl                                86400;
 + 
 +#This is a subnet which the dhcpd server controlls, note the { this is required
 +subnet 10.0.0.0 netmask 255.255.255.0 {
 +  #Sets the network gateway / router
 +  option routers                        10.0.0.1;
 +  #Sets the network broadcast address
 +  option broadcast-address              10.0.0.255;
 + 
 +  #Defines a range of ips to be used as leases
 +  range 10.0.0.100 10.0.0.200;
 + 
 +# specific host definitions
 +  host david {                           # Set the hostname of the client computer
 +    hardware ethernet 00:50:8d:ed:aa:dd; # Registers the MAC address of the client computer.
 +    fixed-address 10.0.0.42;             # This line specifies the IP address for david's computer
 +  }
 +  host krysalis {                        #Set the hostname of the client computer
 +    hardware ethernet 00:10:dc:a1:d3:aa; # Registers the MAC address of the client computer.
 +    fixed-address 10.0.0.40;             # This line specifies the IP address for christine's computer
 +  }
 +  host wirelesslan {                     # Set the hostname of the client computer
 +    hardware ethernet 00:30:bd:66:4d:b2; # Registers the MAC address of the client computer.
 +    fixed-address 10.0.0.11;             # This line specifies the IP address for the wireless lan (inside)
 +  }
 + 
 +}
 +</code>
 +  - Ran **setup** and checked the box next to **dhcpd**.
 +  - Manually started it normally:  <code>
 +service dhcpd start
 +</code>
 +
 +===== dovecot =====
 +
 +  * Modified **/etc/dovecot.conf** so that only:  <code>
 +protocols = imaps
 +ssl_listen = *:993
 +</code>
 +  * Generate our self signed certificate:
 +    - Move the original one  <code>
 +mv /etc/pki/dovecot/certs/dovecot.pem /etc/pki/dovecot/certs/dovecot.pem.orig
 +mv /etc/pki/dovecot/private/dovecot.pem /etc/pki/dovecot/private/dovecot.pem.orig
 +</code>
 +    - Edit our configuration here: <code>
 +jed /etc/pki/dovecot/dovecot-openssl.cnf
 +</code>
 +    - Generate a new one: <code>
 +/usr/share/doc/dovecot-1.0.7/examples/mkcert.sh
 +</code>
 +    - Restart the imap service:  <code>
 +service dovecot restart
 +</code>
  
 ===== httpd ===== ===== httpd =====
Line 54: Line 194:
  
  
 +===== nfsd =====
 +
 +Shares go in **/etc/exports**
 +
 +==== Restarting nfs ====
 +
 +Stopping **nfs**:
 +
 +  service nfslock stop
 +  service nfs stop
 +  service portmap stop
 +  umount /proc/fs/nfsd
 +
 +Starting **nfs**:
 +
 +  service portmap start
 +  service nfs start
 +  service nfslock start
 +  mount -t nfsd nfsd /proc/fs/nfsd
  
 ===== samba ===== ===== samba =====
Line 93: Line 252:
      
   m4 sendmail.mc > /etc/mail/sendmail.cf   m4 sendmail.mc > /etc/mail/sendmail.cf
 +
  
  
Line 107: Line 267:
 com2sec mynetwork 71.127.151.0/24   archcomm com2sec mynetwork 71.127.151.0/24   archcomm
  
-# and down the road...+#### 
 +# Second, map the security names into group names: 
 + 
 +#               sec.model  sec.name 
 +group MyRWGroup v1         local 
 +group MyRWGroup v2c        local 
 +group MyRWGroup usm        local 
 +group MyROGroup v1         mynetwork 
 +group MyROGroup v2c        mynetwork 
 +group MyROGroup usm        mynetwork 
 + 
 +#### 
 +# Third, create a view for us to let the groups have rights to: 
 + 
 +#           incl/excl subtree                          mask 
 +view all    included  .1                               80 
 + 
 +#### 
 +# Finally, grant the 2 groups access to the 1 view with different 
 +# write permissions: 
 + 
 +#                context sec.model sec.level match  read   write  notif 
 +access MyROGroup ""      any       noauth    exact  all    none   none 
 +access MyRWGroup ""      any       noauth    exact  all    all    none 
 + 
 +########  and down the road...
  
 syscontact "david <david@lattice.net>" syscontact "david <david@lattice.net>"
Line 192: Line 377:
   255 heads, 63 sectors/track, 60801 cylinders   255 heads, 63 sectors/track, 60801 cylinders
   Units = cylinders of 16065 * 512 = 8225280 bytes   Units = cylinders of 16065 * 512 = 8225280 bytes
 +
  
  
Line 206: Line 392:
 ==== Raid5 Build ==== ==== Raid5 Build ====
  
 +=== My Notes Take II ===
 +
 +I had the old Hitachi 500gb drive that used to be my MST3k repository die, so I think I'm going to go with a clean and unencrypted raid this time around (now that I know how to do it, I'd rather have the speed).
 +
 +Creation Date:   --- //[[david@lattice.net|David Lloyd Rabine]] 2008/10/16 06:45//
 +
 +  - Turned off the server, and swapped out the Hitachi with the new Seagate ES.2 500gb drive.
 +  - Create a partition on the new drive (just take up the entire disk) with **fdisk** on each as the primary partition.
 +  - Use **mdadm** to create the array <code>
 +mdadm --create /dev/md0 --chunk=64 --level=5  --name=spaceraid --raid-devices=5 /dev/sda1 /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1
 +</code>
 +  - Format the device as ext3:  <code>
 +mkfs.ext3 -m 0 /dev/md0 -L /space # I am not leaving any reserve since this is a data drive only
 +</code>
 +  - Mount the raid <code>
 +mount /dev/md0 /mnt/raid/space/
 +</code>
  
 === My Notes === === My Notes ===
Line 213: Line 416:
 A lot of this is coming directly from [[http://ubuntuforums.org/showthread.php?t=408461|here]] and the man page for **mdadm**. A lot of this is coming directly from [[http://ubuntuforums.org/showthread.php?t=408461|here]] and the man page for **mdadm**.
  
-  - Installed the 4 Seagate drives in the removable cartridges, and the Samsung disk (as my 5th disk) in the main case below the root drive (gray SATA cable).+  - Installed the 4 Seagate drives in the removable cartridges, and the Hitachi disk (as my 5th disk) in the main case below the root drive (gray SATA cable).
   - Create a partition on each drive (just take up the entire disk) with **fdisk** on each as the primary partition.   - Create a partition on each drive (just take up the entire disk) with **fdisk** on each as the primary partition.
   - Use **mdadm** to create the array <code>   - Use **mdadm** to create the array <code>
Line 254: Line 457:
  
   umount /mnt/raid/space     umount /mnt/raid/space  
-  cryptsetup luksClose chaoticspace+  cryptsetup remove chaoticspace
  
  
Line 318: Line 521:
  
  
 +===== gallery =====
 +
 +I wanted to install the newest Gallery BETA software to store photos and videos online.  I'm migrating this to sage as this is the faster, better machine at the moment (until Slackware 13 arrives and the big re-install on archon...)  This needed a more recent PHP, so I followed some instructions online to install a "testing" version of CentOS 5.
 +
 +  * Page where I found HOWTO: [[http://www.freshblurbs.com/install-php-5-2-centos-5-2-using-yum]]
 +  * Photo Repository:
 +
 +==== Update PHP ====
 +
 +  - Added the "testing" repository to sage by editing **** and putting this in it:  <code>
 +[c5-testing]
 +name=CentOS-5 Testing 
 +baseurl=http://dev.centos.org/centos/5/testing/$basearch/
 +enabled=0
 +gpgcheck=1
 +gpgkey=http://dev.centos.org/centos/RPM-GPG-KEY-CentOS-testing
 +</code>
 +  - Update just PHP by enabling the repository temporarily:  <code>
 +yum --enablerepo=c5-testing update php
 +</code>
 +  - Restart the webserver once PHP is installed:  <code>
 +service httpd restart
 +</code>
 +
 +==== Gallery 3 Beta 2 Install ====
 +
 +  - Download the .zip file
 +  - I made a virtual host to:  [[http://gallery.rabine.org]]
 +    - Modified the named configuration files and added **gallery.rabine.org**
 +    - Added **/etc/httpd/conf/sage_virtual_hosts.conf** and configured the remote named virtual host
 +  - Created a directory on the raid to store all the data
 +  - Had to disable SELinux (probably a rule I could have used to allow it... but I'm being lazy) for apache to see the raid drive directory!?  See this link [[http://forums.devshed.com/apache-development-15/documentroot-does-not-exist-when-it-does-526847.html]]
  
 ===== gcc ===== ===== gcc =====
computers/server/sage_config.1204585541.txt.gz · Last modified: by david