| [1858] | 1 | # install Squeeze | 
|---|
|  | 2 | # Configure each drive with a 1G partition and a rest-of-the-space partition, as RAID | 
|---|
|  | 3 | # Create a RAID1 for the 1G partitions | 
|---|
|  | 4 | # Create a RAID1 for each pair of rest-of-the-space partitions | 
|---|
|  | 5 | # Create an ext3 /boot on the 1G RAID1 | 
|---|
|  | 6 | # Create an LVM volume group named after the machine's short hostname | 
|---|
|  | 7 | # Create an LV called "swap" that is the same size as the machine's physical RAM | 
|---|
|  | 8 | # Create an LV called "root" that is 50G ext4 | 
|---|
|  | 9 |  | 
|---|
|  | 10 | # ??? F11 will suggest ext4, DON'T USE IT. | 
|---|
| [1241] | 11 | #   - New filesystem, so it's scary | 
|---|
|  | 12 | #   - The hosts can't mount it | 
|---|
|  | 13 | #   - Grub can't cope with it | 
|---|
|  | 14 |  | 
|---|
| [1858] | 15 | # install useful utility packages | 
|---|
| [1862] | 16 | aptitude install htop ipmitool emacs23-nox vim memtest86 memtest86+ ntp ntpdate git smartmontools kpartx apticron | 
|---|
| [1858] | 17 | git config --global color.ui auto | 
|---|
|  | 18 |  | 
|---|
| [1241] | 19 | # install Xen | 
|---|
| [1858] | 20 | aptitude install xen-linux-system | 
|---|
| [1859] | 21 |  | 
|---|
| [1241] | 22 | # download Debathena archive key, verify | 
|---|
| [1859] | 23 | (aptitude install debian-keyring && | 
|---|
|  | 24 | cd /tmp && | 
|---|
|  | 25 | wget http://debathena.mit.edu/apt/debathena-archive.asc && | 
|---|
|  | 26 | kcr_fingerprint=$(gpg --keyring /usr/share/keyrings/debian-keyring.gpg --no-default-keyring --list-keys --with-colons kcr@debian.org | grep ^pub | cut -f 5 -d :) && | 
|---|
|  | 27 | gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --import debathena-archive.asc && | 
|---|
|  | 28 | gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --refresh-keys && | 
|---|
| [1860] | 29 | gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg --check-sigs --with-colons debathena@mit.edu | grep '^sig:!' | cut -d: -f5 | grep -q $kcr_fingerprint && | 
|---|
| [1859] | 30 | gpg --primary-keyring /tmp/debathena.gpg --no-default-keyring --export debathena@mit.edu | apt-key adv --import) | 
|---|
|  | 31 |  | 
|---|
| [1858] | 32 | # add Debathena repos to etc/apt/sources.list.d | 
|---|
|  | 33 | cat <<EOF > /etc/apt/sources.list.d/debathena.list | 
|---|
|  | 34 | deb http://debathena.mit.edu/apt squeeze debathena debathena-config debathena-system openafs | 
|---|
|  | 35 | deb-src http://debathena.mit.edu/apt squeeze debathena debathena-config debathena-system openafs | 
|---|
|  | 36 | EOF | 
|---|
|  | 37 |  | 
|---|
|  | 38 | # install host keytab | 
|---|
| [1862] | 39 | cp $keytab /etc/krb5.keytab | 
|---|
|  | 40 | k5srvutil change | 
|---|
|  | 41 | k5srvutil delold | 
|---|
|  | 42 | # install ~/.k5login | 
|---|
| [1858] | 43 | # install Debathena software (hit enter to take the defaults at the | 
|---|
|  | 44 | # configuration prompts) | 
|---|
|  | 45 | aptitude update | 
|---|
|  | 46 | aptitude install debathena-clients debathena-ssh-server-config | 
|---|
| [1241] | 47 | # compare packages with another server | 
|---|
| [1858] | 48 | dpkg -l | 
|---|
| [1241] | 49 | # reconfigure so that we can get an MTA, although we don't | 
|---|
| [1858] | 50 | # want the hosts to accept mail (mail sent by smarthost; no local mail) | 
|---|
| [1241] | 51 | # outgoing.mit.edu | 
|---|
| [1858] | 52 | dpkg-reconfigure exim4-config | 
|---|
| [1241] | 53 | # answer questions properly | 
|---|
|  | 54 | # change root alias in /etc/aliases to be the same as scripts server | 
|---|
|  | 55 | # reload it | 
|---|
|  | 56 | newaliases | 
|---|
| [1858] | 57 | # clone the xen config (/etc/xen) | 
|---|
|  | 58 | git clone -b squeeze ssh://scripts@scripts.mit.edu/mit/scripts/git/xen.git /etc/xen | 
|---|
| [1241] | 59 | # copy conserver config (we need to version this) | 
|---|
| [1861] | 60 | aptitude install sudo conserver-{server,client} | 
|---|
| [1693] | 61 | # setup conserver | 
|---|
| [1861] | 62 | cat <<EOF > /etc/conserver/conserver.cf | 
|---|
|  | 63 | config * { | 
|---|
|  | 64 | sslrequired no; | 
|---|
|  | 65 | } | 
|---|
|  | 66 | default full { | 
|---|
|  | 67 | rw *; | 
|---|
|  | 68 | } | 
|---|
|  | 69 | default * { | 
|---|
|  | 70 | logfile /var/log/conserver/&.log; | 
|---|
|  | 71 | timestamp "1lab"; | 
|---|
|  | 72 | include full; | 
|---|
|  | 73 | sslrequired no; | 
|---|
|  | 74 | options reinitoncc; | 
|---|
|  | 75 | } | 
|---|
|  | 76 | default xen { | 
|---|
|  | 77 | type exec; | 
|---|
|  | 78 | exec sudo xm console f; | 
|---|
|  | 79 | execsubst f=cs; | 
|---|
|  | 80 | } | 
|---|
|  | 81 | access * { | 
|---|
|  | 82 | trusted 127.0.0.1; | 
|---|
|  | 83 | } | 
|---|
|  | 84 | EOF | 
|---|
| [1693] | 85 | visudo # add conservr to sudoers list with: | 
|---|
|  | 86 | conservr ALL=(ALL) NOPASSWD: /usr/sbin/xm console * | 
|---|
| [1861] | 87 |  | 
|---|
|  | 88 | # setup munin and nagios | 
|---|
|  | 89 | aptitude install munin-node | 
|---|
|  | 90 | cat <<EOF >> /etc/munin/munin-node.conf | 
|---|
|  | 91 | allow ^18\.187\.1\.128$ | 
|---|
|  | 92 | allow ^18\.181\.0\.65$ | 
|---|
|  | 93 | allow ^18\.181\.0\.51$ | 
|---|
|  | 94 | EOF | 
|---|
|  | 95 |  | 
|---|