User Tools

Site Tools


tux2010setup
no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


tux2010setup [2015/06/09 15:23] (current) – created - external edit 127.0.0.1
Line 1: Line 1:
 +Tux2010 setup notes.
 +
 +
 +<code>
 +
 + Time-stamp: <2010-12-14 23:19:37>
 + ---------------------------------
 + file tux2010_installation_notes.txt
 +
 +file created 2010/12/14
 +
 +Notes for installation of Debian 5.06 (Lenny) on new hardware for
 +OCLUG machine "tux2010".
 +
 +Machine currently resides at the home of Richard Guy Briggs in Ottawa Ont.
 +
 +2010/11/26
 +- The first installation attempt involved some experimentation to
 +  determine the correct procedure for configuring the software raid
 +  with LVM.
 +  Although the DVD installation completed, network problems prevented
 +  software updates and further configuration.
 +  It was decided that the installation would be restarted at a later
 +  date to allow accurate documentation of the exact procedure.
 +- Items learned:
 +  - Although the DVD contains all the files needed for the
 +    installation, it accesses the net if one is present.
 +    This may be an installation bug but since a slow network will
 +    cause an installation time estimate of over 24 hours, it's
 +    difficult to document what s/w is being installed.
 +    This problem isn't present when installing from DVD without the
 +    network connected.
 +    Therefore: Disconnect the network, install the Debian OS and
 +    configure the network later.
 +  - When removing partitions from an existing LVM installation, it
 +    wants to "clear" the partitions.  This can take hours to cleanly
 +    remove partitions from a disk that we only wish to "trash", ie:
 +    use as a new blank disk.
 +    Therefore: Use the fdisk command to quickly destroy disk partitions.
 +
 +
 +2010/12/02
 +- Second installation attempt.  This one was successful.
 +  Although the network issues have been resolved by replacing the disk
 +  on a firewall machine, the initial installation is being done with
 +  the network disconnected.
 +
 +- Booted Debian 5.06 DVD: started installation, but found we had trouble
 +resetting the disk partitions. Therefore opened a shell and ran
 +fdisk /dev/sda
 +and D(eleted partition)   1
 +W(rite)
 +
 +fdisk /dev/sdb
 +and D(eleted partition)   1
 +W(rite)
 +
 +Rebooted to ensure this was registered.
 +When we tried an install, we discovered the machine was attempting to
 +use the network, so the cable was unplugged and the installation restarted.
 +
 +Restarted installation:
 +    English, Canada, American English
 +    Machine name: tux2010
 +(No network available, so no domain yet configured.)
 +Note: If a machine has 2 hardware disks, the following procedure will
 +    configure software raid and then use LVM (the Logical Volume Manager).
 +Partitioning:
 +    Chose FREE SPACE on first disk and used all space with
 +        Create Partition
 +            Use as physical volume for RAID
 +    Same on second disk
 +    Configure s/w RAID
 +        Keep partitions and configure RAID
 +        Create MD device
 +        RAID1,   2 devices
 +        No. of spares 0
 +        Select BOTH devices
 +        Finish
 +
 +    Configure LVM
 +        Keep layout (Y)
 +        Deleted all Logical Volumes (seems to remember them)
 +        Deleted volume group
 +        Create Volume Group        tx
 +        Select /dev/md0
 +        Create logical volumes             intended use
 +   name  size            mount point
 +            t1     250M         /boot
 +            t2    10G           /
 +            t3    8G            swap
 +            t4    50G           /var
 +            t5    10G           /tmp
 +            t6    20G           /usr
 +            t7    20G           /home
 +        Select each LV in turn, and choose "Use as ext3" for all but t3
 +            which is "Use as swap"
 +            For all but t3, choose "Format this partition" and select
 +            the appropriate mount point as given above
 +        Finish and write partition table. (Yes)
 +
 +    Enter root pw (_______),
 +    Create user named "installer", username "install", same pw as root.
 +    Scan another CD/DVD:     No
 +    Choose:
 +    s/w installation
 + [[:x]] desktop environment
 + [[:x]] standard system
 +    Note: Choosing the desktop environment installs more s/w than
 +      desired but is but is easier than manually selecting all the
 +   packages we DO need.
 +    Note: Lilo was installed by default.  Grub wasn't offered (or needed).
 +
 +    When done, Lilo target        /dev/md0
 +    Large memory option for Lilo        Yes
 +    Write lilo /sbin/lilo
 +    Reboot.
 +
 +    Hostname: tux2010
 +
 +Network configuration:
 +    Log in as install.
 +    Menu: System / Administration / Network
 +          (This runs the command /usr/bin/network-admin.)
 +    On the Connections tab
 +    Choose Wired connection  (eth0)
 +    static
 +    [ ] Enable roaming mode   (ie: Don't select it.)
 +    Configuration:   Static IP address
 +    IP address:      204.224.221.7
 +    Subnet mask:     255.255.255.224
 +    Gateway address: 204.224.221.1
 +
 +    On the DNS tab:
 +    DNS servers select add
 +    DNS server:      204.224.221.2
 +
 +    This results in:
 +    tux2010% /sbin/ifconfig
 +    eth0      Link encap:Ethernet  HWaddr 00:12:3f:d2:a5:cc  
 +       inet addr:204.225.221.7  Bcast:204.225.221.31  Mask:255.255.255.224
 +       inet6 addr: fe80::212:3fff:fed2:a5cc/64 Scope:Link
 +       UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
 +       RX packets:215258 errors:0 dropped:0 overruns:0 frame:0
 +       TX packets:68354 errors:0 dropped:0 overruns:0 carrier:0
 +       collisions:0 txqueuelen:100 
 +       RX bytes:25921523 (24.7 MiB)  TX bytes:11935741 (11.3 MiB)
 +
 +    lo        Link encap:Local Loopback  
 +       inet addr:127.0.0.1  Mask:255.0.0.0
 +       inet6 addr: ::1/128 Scope:Host
 +       UP LOOPBACK RUNNING  MTU:16436  Metric:1
 +       RX packets:1429 errors:0 dropped:0 overruns:0 frame:0
 +       TX packets:1429 errors:0 dropped:0 overruns:0 carrier:0
 +       collisions:0 txqueuelen:
 +       RX bytes:2166668 (2.0 MiB)  TX bytes:2166668 (2.0 MiB)
 +
 +As root (su):
 +    run command "su", enter root password then run the following:
 +    /etc/init.d/networking restart
 +    visudo
 +        add    install
 + The following line is added to file /etc/sudoers
 + install ALL=(ALL) ALL
 +
 +Updates
 +    Menu: System / Administration / Synaptic package manager
 +    Settings
 +        Choose debian.yorku.ca as repository server
 +        Choose only main collection for now.
 +    From the command line, run:
 +    apt-get update
 +    apt-get upgrade
 +    apt-get install rsync ssh
 +
 +After updates, disk usage is:
 +    tux2010% df -h
 +    Filesystem            Size  Used Avail Use% Mounted on
 +    /dev/mapper/tx-t2     9.2G  231M  8.5G   3% /
 +    tmpfs                1014M     0 1014M   0% /lib/init/rw
 +    udev                   10M  736K  9.3M   8% /dev
 +    tmpfs                1014M     0 1014M   0% /dev/shm
 +    /dev/mapper/tx-t1     229M   23M  194M  11% /boot
 +    /dev/mapper/tx-t7      19G  174M   18G   1% /home
 +    /dev/mapper/tx-t5     9.2G  150M  8.6G   2% /tmp
 +    /dev/mapper/tx-t6      19G  2.1G   16G  12% /usr
 +    /dev/mapper/tx-t4      46G  449M   44G   2% /var
 +
 +  Note: For old tux:
 +    tux% df -h
 +    Filesystem            Size  Used Avail Use% Mounted on
 +    /dev/sda3             9.4G  7.8G  1.2G  88% /
 +    tmpfs                 379M      379M   0% /lib/init/rw
 +    udev                   10M   88K   10M   1% /dev
 +    tmpfs                 379M      379M   0% /dev/shm
 +    /dev/mapper/TuxGroup-TuxHome
 +   5.0G  1.1G  3.6G  24% /home
 +
 +Services:
 +    Menu: System / Administration / Services
 +        Check OFF: exim4 (mail agent)
 +        Check OFF: rsync remote backup server
 +        Check ON: ssh
 +
 +Adding user accounts for: roland, nashjc
 +  Note: The following useradd command required the home directory to
 +  be manually created and ownership changed.  The correct commands are
 +  described in the 2010/12/06 entry in this file.
 +  The incorrect commands are documented here for the sake of accuracy.
 +
 +useradd -c "Roland Renaud"  -s /bin/bash -d /home/roland -u 1020 -g users roland
 +
 +useradd -c "John Nash" -s /bin/bash -d /home/nashjc -u 1021 -g users nashjc
 +
 +tux2010% grep roland /etc/passwd
 +    roland:x:1020:100:Roland Renaud:/home/roland:/bin/bash
 +tux2010% grep nashjc /etc/passwd
 +    nashjc:x:1021:100:John Nash:/home/nashjc:/bin/bash
 +
 +root@tux2010:/home# mkdir nashjc
 +root@tux2010:/home# chown nashjc.users nashjc
 +
 +    Later found nashjc had ownership roland:users. And since tux2keys dir
 +    on USB key was on fat filesystem, the permissions were 755, not
 +    700 for directory and 600 for files in .ssh
 +
 +- tux2 visible to the world and accepts passwd login.
 +
 +Making ssh key for user "install".
 +
 +  Note: This was created on Roland's laptop running Ubuntu Lucid.
 +rjrlap3% ssh-keygen
 +Generating public/private rsa key pair.
 +Enter file in which to save the key (/usr/home/roland/.ssh/id_rsa): ./id_rsa_tux2
 +Enter passphrase (empty for no passphrase):
 +Enter same passphrase again:
 +Your identification has been saved in ./id_rsa_tux2.
 +Your public key has been saved in ./id_rsa_tux2.pub.
 +The key fingerprint is:
 +32:1e:e7:7c:4a:1f:63:79:18:94:68:65:41:a8:8f:62 roland@rjrlap3
 +The key's randomart image is:
 ++--[ RSA 2048]----+
 +|         o=.     |
 +|        .+ .     |
 +|       .o o      |
 +|      .. .       |
 +|      +oS .      |
 +|    E..B.  +     |
 +|   . .. + B .    |
 +|       . = +     |
 +|        . .      |
 ++-----------------+
 +
 +  At this point these were made without a passphrase, which JN had used to allow
 +  for automatic unattended backups from his own server. However, there would be
 +  better security with a passphrase.
 +
 +rjrlap3% rsync -av *pub install@tux2:.ssh
 +
 +root@tux2010:/home/install/.ssh# cat id_rsa_tux2.pub >> authorized_keys
 +
 +Disable password login:
 +  cp -p sshd_config sshd_config.orig
 +  edit sshd_config  to configure
 +      PasswordAuthentication no
 +Note: Remote login to machine tux2010 is now only possible using ssh
 +      with keys.  Passwords are disabled.
 +
 +
 +2010/12/06
 +new Tux (tux2010) - configuration continued.
 +
 +Adding user accounts for current OCLUG board of directors and user "rgb".
 +    New tux (204.225.221.7 tux2010)
 +    Old tux (204.225.221.10 tux)
 +
 +Information obtained from old tux:
 + - username, user id from file /etc/passwd
 + - encrypted passwords from file /etc/shadow
 + - ssh keys from file /home/username/.ssh/authorized_keys
 +
 +Once users have configured ssh-agent on their home machine, they
 +should be able to login to new tux with the command "ssh -AY tux2010"
 +(or "ssh -AY 204.225.221.7") as with old tux.
 +
 +They have the same userid, passwd, sudo privs and ssh keys as before.
 +For consistency, everyone is now in the "users" group (100).
 +We'll determine later if it's worth the trouble to maintain other
 +group lists such as "board" or if some users should have their own
 +group.
 +(Apparently, group names are automatically generated by some
 +account adding s/w.) 
 +
 +Home directory configs weren't copied.
 +To copy it, users can log into tux and run something like this:
 +    rsync -av $USER tux2010:
 +(Old tux has tux2010 in its hosts file.)
 +
 +How it was done.  Note: Passwords modified for this document.
 +The real encrypted passwords can be obtained from the file /etc/shadow.
 +Updating the old passwd might be a good idea.
 +Even re-entering the old password on the new machine will cause the
 +encryption in /etc/shadow will be different from old tux.
 +
 +Note: To remove a user and their files, run this command as root.
 +        userdel -r username    (eg: userdel -r roland)
 +
 +Therefore, the following commands were used.
 +Information for users roland and nashjc are here for reference only.
 +
 +
 +useradd -c "Roland Renaud" -s /bin/bash -m -u 1020 -g users -p '$1$CYf/' roland
 +
 +useradd -c "John Nash" -s /bin/bash -m -u 1021 -g users -p '$1$mc/0' nashjc
 +
 +useradd -c "Lisa Lovchik" -s /bin/bash -m -u 1010 -g users -p '$1aU.' exexpat
 +
 +useradd -s /bin/bash -m -g users -c "Eric Brackenbury" -u 2007 -p '$1$G0' ericb
 +
 +useradd -s /bin/bash -m -g users -c "John Sebastien Taylor" -u 2008 -p '$1C1' johnsebastientaylor
 +
 +useradd -s /bin/bash -m -g users -c "Mike Kenzie" -u 2009 -p '$1$a1' kenziem
 +
 +useradd -s /bin/bash -m -g users -c "RichardGuyBriggs" -u 1002 -p '$1z' rgb
 +
 +Added to /etc/sudoers
 +    roland  ALL=(ALL) ALL
 +    nashjc  ALL=(ALL) ALL
 +    exexpat ALL=(ALL) ALL
 +    ericb   ALL=(ALL) ALL
 +    kenziem ALL=(ALL) ALL
 +    rgb     ALL=(ALL) ALL
 +    johnsebastientaylor    ALL=(ALL) ALL
 +
 +Therefore, the file /etc/passwd contains the following lines:
 +    roland:x:1020:100:Roland Renaud:/home/roland:/bin/bash
 +    nashjc:x:1021:100:John Nash:/home/nashjc:/bin/bash
 +    ericb:x:2007:100:Eric Brackenbury:/home/ericb:/bin/bash
 +    johnsebastientaylor:x:2008:100:John Sebastien Taylor:/home/johnsebastientaylor:/bin/bash
 +    kenziem:x:2009:100:Mike Kenzie:/home/kenziem:/bin/bash
 +    rgb:x:1002:100:RichardGuyBriggs:/home/rgb:/bin/bash
 +    exexpat:x:1010:100:Lisa Lovchik:/home/exexpat:/bin/bash
 +
 +
 +Installing ssh keys for each user:
 +    cd /home/username
 +    mkdir .ssh
 +    copy key from old tux
 +    chown -R username.users .
 +
 +Some script scraps.
 +This was run on old tux.
 +cd /home
 +for f in ericb exexpat johnsebastientaylor kenziem 
 +do
 + echo ---- $f ----
 + tar rvf /home/roland/k2.tar $f/.ssh/authorized_keys
 +done
 +
 +
 +    root@tux% sh xx
 +    ---- ericb ----
 +    ericb/.ssh/authorized_keys
 +    ---- exexpat ----
 +    exexpat/.ssh/authorized_keys
 +    ---- johnsebastientaylor ----
 +    tar: johnsebastientaylor/.ssh/authorized_keys: Cannot stat: No such file or directory
 +    tar: Error exit delayed from previous errors
 +    ---- kenziem ----
 +    kenziem/.ssh/authorized_keys
 +
 +    root@tux% chown roland.users ~/k2.tar 
 +
 +
 +Back to tux2010:
 +    root@tux2010% cd /home
 +    root@tux2010% tar tvf ~roland/k2.tar
 +    -rw-r--r-- ericb/ericb     391 2010-09-10 21:49 ericb/.ssh/authorized_keys
 +    -rw-r--r-- exexpat/exexpat 398 2010-10-05 15:03 exexpat/.ssh/authorized_keys
 +    -rw-r--r-- kenziem/kenziem 400 2010-08-20 00:33 kenziem/.ssh/authorized_keys
 +    root@tux2010% tar xvf ~roland/k2.tar
 +    ericb/.ssh/authorized_keys
 +    exexpat/.ssh/authorized_keys
 +    kenziem/.ssh/authorized_keys
 +
 +Hmmm, root ended up owning the .ssh directories.  Fixing:
 +    cd /home
 +    chown -R ericb.users ericb
 +    chown -R exexpat.users exexpat
 +    chown -R kenziem.users kenziem
 +
 +Notes:
 +  - RGB has authorized_keys2 instead of authorized_keys.
 +    I copied this manually.
 +    He also has another key there.  I'll let him take care of that.
 +  - JST will have to send us his public key if he wants to login.
 +
 +Note:  Internet attacks start 65 minutes after machine is connected to net.
 +Good thing we only accept ssh keys.
 +Information from /var/log/auth.log.
 +Dec  2 11:38:04  - Machine tux2010 was alive
 +Dec  2 13:09:00  - machine connected to the network.
 +Dec  2 13:12:31  - added account for user roland
 +Dec  2 13:29:47  - added account for user nashjc
 +Dec  2 14:14:11 tux2010 sshd[[:9825]]: Address 217.174.249.24 maps to
 +       mail.compushopdirect.com, but this does not map back to the address -
 +       POSSIBLE BREAK-IN ATTEMPT! 
 +</code>
 +
 +
 +
  
tux2010setup.txt · Last modified: 2015/06/09 15:23 by 127.0.0.1