tux2010setup
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | tux2010setup [2015/06/09 15:23] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | Tux2010 setup notes. | ||
+ | |||
+ | |||
+ | < | ||
+ | |||
+ | Time-stamp: | ||
+ | --------------------------------- | ||
+ | file tux2010_installation_notes.txt | ||
+ | |||
+ | file created 2010/12/14 | ||
+ | |||
+ | Notes for installation of Debian 5.06 (Lenny) on new hardware for | ||
+ | OCLUG machine " | ||
+ | |||
+ | Machine currently resides at the home of Richard Guy Briggs in Ottawa Ont. | ||
+ | |||
+ | 2010/11/26 | ||
+ | - The first installation attempt involved some experimentation to | ||
+ | determine the correct procedure for configuring the software raid | ||
+ | with LVM. | ||
+ | Although the DVD installation completed, network problems prevented | ||
+ | software updates and further configuration. | ||
+ | It was decided that the installation would be restarted at a later | ||
+ | date to allow accurate documentation of the exact procedure. | ||
+ | - Items learned: | ||
+ | - Although the DVD contains all the files needed for the | ||
+ | installation, | ||
+ | This may be an installation bug but since a slow network will | ||
+ | cause an installation time estimate of over 24 hours, it's | ||
+ | difficult to document what s/w is being installed. | ||
+ | This problem isn't present when installing from DVD without the | ||
+ | network connected. | ||
+ | Therefore: Disconnect the network, install the Debian OS and | ||
+ | configure the network later. | ||
+ | - When removing partitions from an existing LVM installation, | ||
+ | wants to " | ||
+ | remove partitions from a disk that we only wish to " | ||
+ | use as a new blank disk. | ||
+ | Therefore: Use the fdisk command to quickly destroy disk partitions. | ||
+ | |||
+ | |||
+ | 2010/12/02 | ||
+ | - Second installation attempt. | ||
+ | Although the network issues have been resolved by replacing the disk | ||
+ | on a firewall machine, the initial installation is being done with | ||
+ | the network disconnected. | ||
+ | |||
+ | - Booted Debian 5.06 DVD: started installation, | ||
+ | resetting the disk partitions. Therefore opened a shell and ran | ||
+ | fdisk /dev/sda | ||
+ | and D(eleted partition) | ||
+ | W(rite) | ||
+ | |||
+ | fdisk /dev/sdb | ||
+ | and D(eleted partition) | ||
+ | W(rite) | ||
+ | |||
+ | Rebooted to ensure this was registered. | ||
+ | When we tried an install, we discovered the machine was attempting to | ||
+ | use the network, so the cable was unplugged and the installation restarted. | ||
+ | |||
+ | Restarted installation: | ||
+ | English, Canada, American English | ||
+ | Machine name: tux2010 | ||
+ | (No network available, so no domain yet configured.) | ||
+ | Note: If a machine has 2 hardware disks, the following procedure will | ||
+ | configure software raid and then use LVM (the Logical Volume Manager). | ||
+ | Partitioning: | ||
+ | Chose FREE SPACE on first disk and used all space with | ||
+ | Create Partition | ||
+ | Use as physical volume for RAID | ||
+ | Same on second disk | ||
+ | Configure s/w RAID | ||
+ | Keep partitions and configure RAID | ||
+ | Create MD device | ||
+ | RAID1, | ||
+ | No. of spares 0 | ||
+ | Select BOTH devices | ||
+ | Finish | ||
+ | |||
+ | Configure LVM | ||
+ | Keep layout (Y) | ||
+ | Deleted all Logical Volumes (seems to remember them) | ||
+ | Deleted volume group | ||
+ | Create Volume Group tx | ||
+ | Select /dev/md0 | ||
+ | Create logical volumes | ||
+ | name size mount point | ||
+ | t1 | ||
+ | t2 10G / | ||
+ | t3 8G swap | ||
+ | t4 50G /var | ||
+ | t5 10G /tmp | ||
+ | t6 20G /usr | ||
+ | t7 20G /home | ||
+ | Select each LV in turn, and choose "Use as ext3" for all but t3 | ||
+ | which is "Use as swap" | ||
+ | For all but t3, choose " | ||
+ | the appropriate mount point as given above | ||
+ | Finish and write partition table. (Yes) | ||
+ | |||
+ | Enter root pw (_______), | ||
+ | Create user named " | ||
+ | Scan another CD/ | ||
+ | Choose: | ||
+ | s/w installation | ||
+ | [[:x]] desktop environment | ||
+ | [[:x]] standard system | ||
+ | Note: Choosing the desktop environment installs more s/w than | ||
+ | desired but is but is easier than manually selecting all the | ||
+ | packages we DO need. | ||
+ | Note: Lilo was installed by default. | ||
+ | |||
+ | When done, Lilo target | ||
+ | Large memory option for Lilo Yes | ||
+ | Write lilo /sbin/lilo | ||
+ | Reboot. | ||
+ | |||
+ | Hostname: tux2010 | ||
+ | |||
+ | Network configuration: | ||
+ | Log in as install. | ||
+ | Menu: System / Administration / Network | ||
+ | (This runs the command / | ||
+ | On the Connections tab | ||
+ | Choose Wired connection | ||
+ | static | ||
+ | [ ] Enable roaming mode (ie: Don't select it.) | ||
+ | Configuration: | ||
+ | IP address: | ||
+ | Subnet mask: | ||
+ | Gateway address: 204.224.221.1 | ||
+ | |||
+ | On the DNS tab: | ||
+ | DNS servers select add | ||
+ | DNS server: | ||
+ | |||
+ | This results in: | ||
+ | tux2010% / | ||
+ | eth0 Link encap: | ||
+ | inet addr: | ||
+ | inet6 addr: fe80:: | ||
+ | UP BROADCAST RUNNING MULTICAST | ||
+ | RX packets: | ||
+ | TX packets: | ||
+ | collisions: | ||
+ | RX bytes: | ||
+ | |||
+ | lo Link encap:Local Loopback | ||
+ | inet addr: | ||
+ | inet6 addr: ::1/128 Scope:Host | ||
+ | UP LOOPBACK RUNNING | ||
+ | RX packets: | ||
+ | TX packets: | ||
+ | collisions: | ||
+ | RX bytes: | ||
+ | |||
+ | As root (su): | ||
+ | run command " | ||
+ | / | ||
+ | visudo | ||
+ | add install | ||
+ | The following line is added to file / | ||
+ | install ALL=(ALL) ALL | ||
+ | |||
+ | Updates | ||
+ | Menu: System / Administration / Synaptic package manager | ||
+ | Settings | ||
+ | Choose debian.yorku.ca as repository server | ||
+ | Choose only main collection for now. | ||
+ | From the command line, run: | ||
+ | apt-get update | ||
+ | apt-get upgrade | ||
+ | apt-get install rsync ssh | ||
+ | |||
+ | After updates, disk usage is: | ||
+ | tux2010% df -h | ||
+ | Filesystem | ||
+ | / | ||
+ | tmpfs 1014M 0 1014M 0% / | ||
+ | udev | ||
+ | tmpfs 1014M 0 1014M 0% /dev/shm | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | |||
+ | Note: For old tux: | ||
+ | tux% df -h | ||
+ | Filesystem | ||
+ | / | ||
+ | tmpfs | ||
+ | udev | ||
+ | tmpfs | ||
+ | / | ||
+ | 5.0G 1.1G 3.6G 24% /home | ||
+ | |||
+ | Services: | ||
+ | Menu: System / Administration / Services | ||
+ | Check OFF: exim4 (mail agent) | ||
+ | Check OFF: rsync remote backup server | ||
+ | Check ON: ssh | ||
+ | |||
+ | Adding user accounts for: roland, nashjc | ||
+ | Note: The following useradd command required the home directory to | ||
+ | be manually created and ownership changed. | ||
+ | described in the 2010/12/06 entry in this file. | ||
+ | The incorrect commands are documented here for the sake of accuracy. | ||
+ | |||
+ | useradd -c " | ||
+ | |||
+ | useradd -c "John Nash" -s /bin/bash -d / | ||
+ | |||
+ | tux2010% grep roland /etc/passwd | ||
+ | roland: | ||
+ | tux2010% grep nashjc /etc/passwd | ||
+ | nashjc: | ||
+ | |||
+ | root@tux2010:/ | ||
+ | root@tux2010:/ | ||
+ | |||
+ | Later found nashjc had ownership roland: | ||
+ | on USB key was on fat filesystem, the permissions were 755, not | ||
+ | 700 for directory and 600 for files in .ssh | ||
+ | |||
+ | - tux2 visible to the world and accepts passwd login. | ||
+ | |||
+ | Making ssh key for user " | ||
+ | |||
+ | Note: This was created on Roland' | ||
+ | rjrlap3% ssh-keygen | ||
+ | Generating public/ | ||
+ | Enter file in which to save the key (/ | ||
+ | Enter passphrase (empty for no passphrase): | ||
+ | Enter same passphrase again: | ||
+ | Your identification has been saved in ./ | ||
+ | Your public key has been saved in ./ | ||
+ | The key fingerprint is: | ||
+ | 32: | ||
+ | The key's randomart image is: | ||
+ | +--[ RSA 2048]----+ | ||
+ | | | ||
+ | | .+ . | | ||
+ | | .o o | | ||
+ | | .. . | | ||
+ | | +oS . | | ||
+ | | E..B. + | | ||
+ | | . .. + B . | | ||
+ | | . = + | | ||
+ | | . . | | ||
+ | +-----------------+ | ||
+ | |||
+ | At this point these were made without a passphrase, which JN had used to allow | ||
+ | for automatic unattended backups from his own server. However, there would be | ||
+ | better security with a passphrase. | ||
+ | |||
+ | rjrlap3% rsync -av *pub install@tux2: | ||
+ | |||
+ | root@tux2010:/ | ||
+ | |||
+ | Disable password login: | ||
+ | cp -p sshd_config sshd_config.orig | ||
+ | edit sshd_config | ||
+ | PasswordAuthentication no | ||
+ | Note: Remote login to machine tux2010 is now only possible using ssh | ||
+ | with keys. Passwords are disabled. | ||
+ | |||
+ | |||
+ | 2010/12/06 | ||
+ | new Tux (tux2010) - configuration continued. | ||
+ | |||
+ | Adding user accounts for current OCLUG board of directors and user " | ||
+ | New tux (204.225.221.7 tux2010) | ||
+ | Old tux (204.225.221.10 tux) | ||
+ | |||
+ | Information obtained from old tux: | ||
+ | - username, user id from file /etc/passwd | ||
+ | - encrypted passwords from file /etc/shadow | ||
+ | - ssh keys from file / | ||
+ | |||
+ | Once users have configured ssh-agent on their home machine, they | ||
+ | should be able to login to new tux with the command "ssh -AY tux2010" | ||
+ | (or "ssh -AY 204.225.221.7" | ||
+ | |||
+ | They have the same userid, passwd, sudo privs and ssh keys as before. | ||
+ | For consistency, | ||
+ | We'll determine later if it's worth the trouble to maintain other | ||
+ | group lists such as " | ||
+ | group. | ||
+ | (Apparently, | ||
+ | account adding s/w.) | ||
+ | |||
+ | Home directory configs weren' | ||
+ | To copy it, users can log into tux and run something like this: | ||
+ | rsync -av $USER tux2010: | ||
+ | (Old tux has tux2010 in its hosts file.) | ||
+ | |||
+ | How it was done. Note: Passwords modified for this document. | ||
+ | The real encrypted passwords can be obtained from the file / | ||
+ | Updating the old passwd might be a good idea. | ||
+ | Even re-entering the old password on the new machine will cause the | ||
+ | encryption in /etc/shadow will be different from old tux. | ||
+ | |||
+ | Note: To remove a user and their files, run this command as root. | ||
+ | userdel -r username | ||
+ | |||
+ | Therefore, the following commands were used. | ||
+ | Information for users roland and nashjc are here for reference only. | ||
+ | |||
+ | |||
+ | useradd -c " | ||
+ | |||
+ | useradd -c "John Nash" -s /bin/bash -m -u 1021 -g users -p ' | ||
+ | |||
+ | useradd -c "Lisa Lovchik" | ||
+ | |||
+ | useradd -s /bin/bash -m -g users -c "Eric Brackenbury" | ||
+ | |||
+ | useradd -s /bin/bash -m -g users -c "John Sebastien Taylor" | ||
+ | |||
+ | useradd -s /bin/bash -m -g users -c "Mike Kenzie" | ||
+ | |||
+ | useradd -s /bin/bash -m -g users -c " | ||
+ | |||
+ | Added to / | ||
+ | roland | ||
+ | nashjc | ||
+ | exexpat ALL=(ALL) ALL | ||
+ | ericb | ||
+ | kenziem ALL=(ALL) ALL | ||
+ | rgb | ||
+ | johnsebastientaylor | ||
+ | |||
+ | Therefore, the file /etc/passwd contains the following lines: | ||
+ | roland: | ||
+ | nashjc: | ||
+ | ericb: | ||
+ | johnsebastientaylor: | ||
+ | kenziem: | ||
+ | rgb: | ||
+ | exexpat: | ||
+ | |||
+ | |||
+ | Installing ssh keys for each user: | ||
+ | cd / | ||
+ | mkdir .ssh | ||
+ | copy key from old tux | ||
+ | chown -R username.users . | ||
+ | |||
+ | Some script scraps. | ||
+ | This was run on old tux. | ||
+ | cd /home | ||
+ | for f in ericb exexpat johnsebastientaylor kenziem | ||
+ | do | ||
+ | echo ---- $f ---- | ||
+ | tar rvf / | ||
+ | done | ||
+ | |||
+ | |||
+ | root@tux% sh xx | ||
+ | ---- ericb ---- | ||
+ | ericb/ | ||
+ | ---- exexpat ---- | ||
+ | exexpat/ | ||
+ | ---- johnsebastientaylor ---- | ||
+ | tar: johnsebastientaylor/ | ||
+ | tar: Error exit delayed from previous errors | ||
+ | ---- kenziem ---- | ||
+ | kenziem/ | ||
+ | |||
+ | root@tux% chown roland.users ~/ | ||
+ | |||
+ | |||
+ | Back to tux2010: | ||
+ | root@tux2010% cd /home | ||
+ | root@tux2010% tar tvf ~roland/ | ||
+ | -rw-r--r-- ericb/ | ||
+ | -rw-r--r-- exexpat/ | ||
+ | -rw-r--r-- kenziem/ | ||
+ | root@tux2010% tar xvf ~roland/ | ||
+ | ericb/ | ||
+ | exexpat/ | ||
+ | kenziem/ | ||
+ | |||
+ | Hmmm, root ended up owning the .ssh directories. | ||
+ | cd /home | ||
+ | chown -R ericb.users ericb | ||
+ | chown -R exexpat.users exexpat | ||
+ | chown -R kenziem.users kenziem | ||
+ | |||
+ | Notes: | ||
+ | - RGB has authorized_keys2 instead of authorized_keys. | ||
+ | I copied this manually. | ||
+ | He also has another key there. | ||
+ | - JST will have to send us his public key if he wants to login. | ||
+ | |||
+ | Note: Internet attacks start 65 minutes after machine is connected to net. | ||
+ | Good thing we only accept ssh keys. | ||
+ | Information from / | ||
+ | Dec 2 11: | ||
+ | Dec 2 13: | ||
+ | Dec 2 13: | ||
+ | Dec 2 13: | ||
+ | Dec 2 14:14:11 tux2010 sshd[[: | ||
+ | | ||
+ | | ||
+ | </ | ||
+ | |||
+ | |||
+ | |||
tux2010setup.txt · Last modified: 2015/06/09 15:23 by 127.0.0.1