david.rabine

User Tools

Site Tools

Trace:
computers:serverconfig

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
computers:serverconfig [2008/11/13 02:24] davidcomputers:serverconfig [2010/12/10 16:02] (current) david
Line 110: Line 110:
 files are in: **/etc/cron.hourly/** files are in: **/etc/cron.hourly/**
  
 +==== Check NFS Mounts ====
 +
 +After the last power outage, the NWN servers were not speaking as I hadn't mounted the NFS mounts which share the drives to one another.  So, it occurred to me to write a little script to test if the NFS directories were mounted (and if not, go ahead and try and mount them).
 +
 +NOTE:  I moved this to hourly so it will reconnect after a power off / reboot in a more reasonable time.
 +
 +**/etc/cron.hourly/check_nfs_mounts.sh**:
 +
 +<code bash>
 +
 +#!/bin/bash
 +#
 +# check_nfs_mounts.sh
 +# quick check if we have our NFS directories mounted... if not... mount them!
 +# - dlr 2008/11/12
 +
 +MOUNTEDTEST=`df | grep '/mnt/nfs/sage/space' | wc -l`
 +
 +if [ $MOUNTEDTEST -ne 1 ]; then
 +  mount /mnt/nfs/sage/space
 +fi
 +
 +MOUNTEDTEST=`df | grep '/mnt/nfs/sage/local/home' | wc -l`
 +
 +if [ $MOUNTEDTEST -ne 1 ]; then
 +  mount /mnt/nfs/sage/local/home
 +fi
 +</code>
  
 ==== dovecot alive? ==== ==== dovecot alive? ====
Line 194: Line 222:
   fi   fi
 done done
-</code> 
- 
-==== Check NFS Mounts ==== 
- 
-After the last power outage, the NWN servers were not speaking as I hadn't mounted the NFS mounts which share the drives to one another.  So, it occurred to me to write a little script to test if the NFS directories were mounted (and if not, go ahead and try and mount them). 
- 
-**/etc/cron.daily/check_nfs_mounts.sh**: 
- 
-<code bash> 
- 
 </code> </code>
  
Line 377: Line 395:
 </code> </code>
  
 +
 +===== apcupsd =====
 +
 +I am sharing the UPS with sage, so that was the easiest to install and get running (RPM package).  I am going to install the software on here also, as this one runs on the same UPS.
 +
 +  - Download and install the software (here is the current link:  [[http://voxel.dl.sourceforge.net/sourceforge/apcupsd/apcupsd-3.14.4.tar.gz]] <code>
 +cd /usr/local/src/apcupsd
 +./configure
 +make
 +make install
 +</code>
 +  - Edit the config file, the only changes I made were:  (I made this one come down first since it is a slave to the actual machine monitoring the UPS, so I raised the battery level to 10 and the time left to 5 minutes) <code>
 +UPSTYPE net
 +DEVICE 10.0.0.2
 +BATTERYLEVEL 10
 +MINUTES 5
 +</code>
 +  - Modified **/etc/rc.d/rc.local** to fire up the APC daemon on boot:  <code>
 +# apc ups monitoring daemon
 +echo 'Firing up apcupsd to monitor the UPS'
 +/sbin/apcupsd
 +</code>
 +
 +And I tested it with a simple **apcaccess** call, which gives you the status of the UPS and that looks right.  I have NOT tested whether powering down the UPS really will shut everything down... maybe some other day.
  
 ===== bind ===== ===== bind =====
Line 500: Line 542:
  
 ===== dovecot ===== ===== dovecot =====
 +
 +==== Upgrading ====
 +
 +  - Downloaded latest version (1.2.16)
 +  - Uncompress in **/usr/local/src**
 +  - Build:  <code>
 +./configure
 +make
 +make install
 +</code>
 +  - Fix the certificate (make a new one)
 +    - <code>cd /usr/local/src/dovecot-1.2.16/doc</code>
 +    - <code>mv dovecot-openssl.cnf dovecot-openssl.cnf.orig</code>
 +    - <code>nano dovecot-openssl.cnf   ### and paste in your values</code>
 +    - <code>chmod 755 mkcert.sh</code>
 +    - <code>mv /etc/ssl/certs/dovecot.pem /etc/ssl/certs/dovecot.pem.20101210</code>
 +    - <code>mv /etc/ssl/private/dovecot.pem /etc/ssl/private/dovecot.pem.20101210</code>
 +    - <code>./mkcert.sh</code>
 +    - <code>chmod 600 /etc/ssl/private/dovecot.pem  # it already was, but just in case </code>
 +    - Restart **dovecot** (i just killed the process and then run it again)
 +
 +
 +
 +==== Initial Install ====
 +
  
   * Download the source from [[http://www.dovecot.org/download.html|Dovecot home page]].   * Download the source from [[http://www.dovecot.org/download.html|Dovecot home page]].
Line 1134: Line 1201:
 Someone found a way through the firewall once to hit the Samba server.. so I added these lines to **/etc/rc.d/rc.local** to just drop any samba packets at the WAN interface. Someone found a way through the firewall once to hit the Samba server.. so I added these lines to **/etc/rc.d/rc.local** to just drop any samba packets at the WAN interface.
  
-I also blocked the slim server access from outside, just seemed like a bad idea 8-)+I also blocked the slim server access from outside, just seemed like a bad idea 8-)  (and just now added apcupsd to the list of blocked from the outside //2008/11/13 10:43//)
  
 <code bash> <code bash>
Line 1156: Line 1223:
 iptables -A OUTPUT -o eth0 -p tcp --dport 445 -j DROP iptables -A OUTPUT -o eth0 -p tcp --dport 445 -j DROP
 iptables -A OUTPUT -o eth0 -p tcp --sport 445 -j DROP iptables -A OUTPUT -o eth0 -p tcp --sport 445 -j DROP
 +
 +# block port 3551 so that apcupsd cannot be seen from outside
 +iptables -A OUTPUT -o eth0 -p tcp --dport 3551 -j DROP
 +iptables -A OUTPUT -o eth0 -p tcp --sport 3551 -j DROP
  
 # block port 9000 so slimserver can't be accesed from outside # block port 9000 so slimserver can't be accesed from outside
computers/serverconfig.1226543088.txt.gz · Last modified: 2008/11/13 02:24 by david