Detailed Server Build
From Linuxcentre Wiki
Setup
OS Build
- Install Centos 5.4
- Server name: 'server.network'
- Nameserver: 127.0.0.1
- IP address: 10.104.186.9 / 255.255.254.0, gateway: 10.104.186.1
Add some yum repositories
rpm -ivh http://linuxdownload.adobe.com/linux/i386/adobe-release-i386-1.0-1.noarch.rpm
Add some useful packages
yum -y install mtr tcpdump flash-plugin AdobeReader_enu
DNS / bind
- Install bind
yum install bind
- Setup bind with local domain = '.network'
- Setup forward zones: 'network.'
- Setup PTR reverse lookup zones for: '186.104.10.in-addr.arpa' and '187.104.10.in-addr.arpa'
- Setup forwarding entries to external name servers
- Added named service to start at boot:
chkconfig named on service named start
- Example /etc/named.conf :
options {
directory "/var/named/data";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
allow-transfer { 127.0.0.1; };
version "Go Away!";
recursion yes;
forward only;
// list upstream nameserver(s) here:
forwarders { 10.100.249.245; };
};
zone "network." {
type master;
file "network.forward";
};
zone "186.104.10.in-addr.arpa." {
type master;
file "186.104.10.in-addr.arpa";
};
zone "187.104.10.in-addr.arpa." {
type master;
file "187.104.10.in-addr.arpa";
};
include "/etc/rndc.key";
- Example zone file: /var/named/data/186.104.10.in-addr.arpa
$ttl 3600
@ SOA server.network. root.network. (
2009101100 ; Serial
1200 ; Refresh seconds
180 ; Retry seconds
604800 ; Expiry seconds
300 ) ; Negative cache seconds
NS server.network.
; dhcp hosts
1 PTR gw.network.
2 PTR gw2.network.
9 PTR server.network.
145 PTR ap1.network.
146 PTR ap2.network.
147 PTR ap3.network.
148 PTR ap4.network.
149 PTR ap5.network.
150 PTR ap6.network.
250 PTR proxy.network.
253 PTR printer1.network.
- Example zone file: /var/named/data/network.forward
$ttl 3600
@ SOA server.network. root.network. (
2009101100 ; Serial
1200 ; Refresh seconds
180 ; Retry seconds
604800 ; Expiry seconds
300 ) ; Negative cache seconds
NS server
;;;;; server names ;;;;;
; Main linux file/dns/dhcp server
server A 10.104.186.9
wpad CNAME server
; Oxfordshire County Network local proxy server
proxy A 10.104.186.250
;;;;; network devices ;;;;;
; printers
photocopier A 10.104.187.50
printer1 A 10.104.186.253
; routers
gw A 10.104.186.1
gw2 A 10.104.186.2
; Access points
ap1 A 10.104.186.145
ap2 A 10.104.186.146
ap3 A 10.104.186.147
ap4 A 10.104.186.148
ap5 A 10.104.186.149
ap6 A 10.104.186.150
;;;;; dhcp hosts ;;;;;
dhcp001 A 10.104.187.1
dhcp002 A 10.104.187.2
dhcp003 A 10.104.187.3
dhcp004 A 10.104.187.4
dhcp005 A 10.104.187.5
dhcp006 A 10.104.187.6
dhcp007 A 10.104.187.7
dhcp008 A 10.104.187.8
dhcp009 A 10.104.187.9
dhcp010 A 10.104.187.10
; ...need to complete - also in PTR
dhcp170 A 10.104.187.170
dhcp171 A 10.104.187.171
dhcp172 A 10.104.187.172
dhcp173 A 10.104.187.173
dhcp174 A 10.104.187.174
dhcp175 A 10.104.187.175
dhcp176 A 10.104.187.176
dhcp177 A 10.104.187.177
dhcp178 A 10.104.187.178
dhcp179 A 10.104.187.179
dhcp180 A 10.104.187.180
dhcp181 A 10.104.187.181
dhcp182 A 10.104.187.182
dhcp183 A 10.104.187.183
dhcp184 A 10.104.187.184
dhcp185 A 10.104.187.185
dhcp186 A 10.104.187.186
dhcp187 A 10.104.187.187
dhcp188 A 10.104.187.188
dhcp189 A 10.104.187.189
dhcp190 A 10.104.187.190
dhcp191 A 10.104.187.191
dhcp192 A 10.104.187.192
dhcp193 A 10.104.187.193
dhcp194 A 10.104.187.194
dhcp195 A 10.104.187.195
dhcp196 A 10.104.187.196
dhcp197 A 10.104.187.197
dhcp198 A 10.104.187.198
dhcp199 A 10.104.187.199
dhcp200 A 10.104.187.200
DHCP Server
- Install dhcpd
yum install dhcp
- Configure /etc/dhcpd.conf as follows:
authoratative;
ddns-update-style none;
# Automatic web browser proxy configuration
option local-pac-server code 252 = text;
option local-pac-server "http://10.104.186.9:80/wpad.dat";
subnet 10.104.186.0 netmask 255.255.254.0 {
# default gateway
option routers 10.104.186.1;
option subnet-mask 255.255.254.0;
# Time server
option ntp-servers 10.104.186.9;
# Netbios stuff for windows
option netbios-name-servers 10.104.186.9;
option netbios-node-type 2;
# PXE boot
filename "pxelinux.0";
next-server 10.104.186.9;
# DNS
option domain-name "network";
option domain-name-servers 10.104.186.9;
# Address pool
range 10.104.187.51 10.104.187.200;
# one day lease
default-lease-time 86400;
max-lease-time 86400;
}
- Added dhcpd service to start at boot
chkconfig dhcpd on service dhcpd start
Time Server
- Create this as /etc/ntp.conf
# record clock drift driftfile /var/lib/ntp/drift # trust noone... restrict default nomodify notrap noquery # ...except myself... restrict 127.0.0.1 server 127.127.1.0 fudge 127.127.1.0 stratum 10 broadcastdelay 0.008 keys /etc/ntp/keys server 0.centos.pool.ntp.org server 1.centos.pool.ntp.org server 2.centos.pool.ntp.org restrict 0.centos.pool.ntp.org restrict 1.centos.pool.ntp.org restrict 2.centos.pool.ntp.org restrict 0.0.0.0 mask 0.0.0.0 nomodify
- Ensure service starts on boot
chkconfig ntpd on service ntpd restart
Samba / Windows File Server
- Add the following users, passwords should be set:
adduser pupil adduser staff passwd pupil (then set a strong password that won't be used) passwd staff (then set a strong password that won't be used)
- Create the following file hierarchy:
mkdir -p /home/{staff,pupil}/samba/{share,share-backup}
mkdir -p /home/pupil/samba/share/Year\ {0,1,2,3,4,5,6}/
# Create some application specific shared dirs
mkdir -p /home/pupil/samba/share/Data/
chown -R root.root /home/pupil/samba/share/
chmod -R 1777 /home/pupil/samba/share/*
chown staff.staff -R /home/staff/samba/
- Setup /etc/samba/smb.conf as follows:
[global]
workgroup = WORKGROUP
server string = Samba Server Version %v
netbios name = SERVER
max log size = 500
log level = 2
security = user
passdb backend = smbpasswd
smb passwd file = /etc/samba/smbpasswd
null passwords = yes
domain master = yes
preferred master = yes
wins support = yes
dns proxy = yes
load printers = yes
cups options = raw
printing = cups
[homes]
comment = Home Directories
browseable = no
writable = no
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
[share]
comment = Pupil Files
path = /home/pupil/samba/share
public = yes
writable = yes
printable = no
force user = pupil
force group = pupil
[share-backup]
comment = Pupil Backup Files
path = /home/pupil/samba/share-backup
public = yes
writable = no
printable = no
force user = pupil
force group = pupil
[staff]
comment = Staff Files
path = /home/staff/samba/share
public = no
writable = yes
printable = no
force user = staff
force group = staff
valid users = staff
[staff-backup]
comment = Staff Backup Files
path = /home/staff/samba/share-backup
public = no
writable = no
printable = no
force user = staff
force group = staff
valid users = staff
- Create the smbusers:
smbpasswd -a pupil (then set a strong password that won't be used) smbpasswd -a staff (set a shared password for staff) smbpasswd -n pupil
- Added smb service to start at boot
chkconfig smb on service smb restart
Squid Web Proxy
- Installed squid
- Allow all access to all and cache files up to 32MB in size, create this file /etc/squid/squid.conf:
http_port 8080 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY maximum_object_size 32768 KB # emulate_httpd_log off # debug_options ALL,1 # log_fqdn off negative_ttl 1 minute positive_dns_ttl 1 hour negative_dns_ttl 1 minute access_log /var/log/squid/access.log squid ### Only Allow These URLs or SSL domains ### acl allowed_urls url_regex -i ^http://.* acl allowed_ssl_domains dstdomain . acl internal src 127.0.0.1/255.255.255.255 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 8080 # http acl CONNECT method CONNECT # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # Only allow access to defined URLs http_access allow all http_access deny !internal http_access allow CONNECT allowed_ssl_domains http_access allow allowed_urls http_access deny all
- Added Squid service to start at boot
chkconfig squid on /etc/init.d/squid restart
Client Proxy Setup
- ref
- Create the following file as follows in /var/www/html/wpad.dat :
function FindProxyForURL( url, host ) {
var normal = "PROXY 10.104.186.250:8080; DIRECT";
var support = "PROXY 10.104.186.9:8080; DIRECT";
var direct = "DIRECT";
// Don't use the proxy for these: 127.0.0.1, localhost, 10.104.186.*, 10.104.187.*, <unqualified hostname>
var bypass_regex = /^https?:\/\/(127\.0\.0\.1|localhost|.+\.network|10\.104\.18[67]\.[0-9]+|[a-zA-Z0-9\-]+)(:[0-9]+)?(\/+.*)?$/;
// Don't use the proxy for these: rm.com
var support_regex = /^https?:\/\/(.+\.rm\.com)(:[0-9]+)?(\/+.*)?$/;
if ( bypass_regex.test( url ) ) {
return DIRECT;
}
if ( support_regex.test( url ) ) {
return support;
}
return normal;
}
- Configure Apache web server to use the right mime-type for .pac files
- Add this to the end of /etc/httpd/conf/httpd.conf:
# Make sure we have the right mime-type for the proxy pac wpad.dat file AddType application/x-ns-proxy-autoconfig .dat
- Ensure apache is started at boot and restart apache
chkconfig httpd on service httpd restart
System Synchronization
- Setup rsyncd to serve out directories to sync to netbooks:
- Enable rsyncd in startup:
chkconfig xinetd on chkconfig rsync on /etc/init.d/xinetd restart
- Create file /etc/rsyncd.conf :
uid=root gid=root use chroot=no pid file=/var/run/rsyncd.pid [custom-scripts] read only=true path=/opt/custom-scripts/ comment=custom scripts for pushing to all systems [pupilhome] read only=true path=/opt/pupilhome/ comment=pupil home directory for pushing to all systems
- Create dirs
mkdir -p /opt/custom-scripts /opt/pupilhome
- Copy the initial home directory on there before booting any clients, from the master build client:
sudo rsync -av --one-file-system --delete /home/pupil/ root@server:/opt/pupilhome/
Incremental Backups
Create a file: /opt/server-scripts/backup-shares as follows:
#!/bin/bash
#
# Sync files from local dirs with incremental backups
#
# Phil Lewis (C)2009, License GPLv3
INCDIR="inc-`date +%Y%m%d-%H-%M-%S`"
date
# Remove old archives over 60 days old
find $BASEDIR/ -maxdepth 1 -mtime +60 -a -name 'inc-*' -exec rm -rf {} \;
sync-src()
{
SRCDIR=$1
shift
DESTDIR=$1
shift
OPTS=$*
echo "rsyncing from: '$SRCDIR' to: '$DESTDIR' with Options: '$OPTS'"
rsync --archive \
--safe-links \
--progress \
--update \
--owner \
--sparse \
--one-file-system \
--whole-file \
--delete \
--stats \
-v \
$OPTS $SRCDIR $DESTDIR
}
# Backup pupils files, create incrementals in /home/pupil/samba/share-backup
sync-src /home/pupil/samba/share/ /home/pupil/samba/share-backup/latest/ --backup --backup-dir=/home/pupil/samba/share-backup/${INCDIR}
# Backup staff files, create incrementals in /home/staff/samba/share-backup
sync-src /home/staff/samba/share/ /home/staff/samba/share-backup/latest/ --backup --backup-dir=/home/staff/samba/share-backup/${INCDIR}
date
- Make script executable:
chmod 755 /opt/server-scripts/backup-shares
- Set up backups to run at 23:00h: Edit /etc/crontab and add:
# Run backups 0 23 * * * root /opt/server-scripts/backup-shares 2>&1
NX Remote Access
- Install FreeNX:
yum install nx freenx
- Create a privileged user called 'administrator':
adduser administrator passwd administrator [enter password twice]
- Edit /etc/sudoers and uncomment this line:
%wheel ALL=(ALL) ALL
- Add administrator to the wheel group in /etc/groups:
wheel:x:10:root,administrator
- Append the commercial nxclient key into nx account. Edit this file and add the below ~nx/.ssh/authorized_keys2 :
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/usr/bin/nxserver" ssh-dss AAAAB3NzaC1kc3MAAACBAJe/0DNBePG9dYLWq7cJ0SqyRf1iiZN/IbzrmBvgPTZnBa5FT/0Lcj39sRYt1paAlhchwUmwwIiSZaON5JnJOZ6jKkjWIuJ9MdTGfdvtY1aLwDMpxUVoGwEaKWOyin02IPWYSkDQb6cceuG9NfPulS9iuytdx0zIzqvGqfvudtufAAAAFQCwosRXR2QA8OSgFWSO6+kGrRJKiwAAAIEAjgvVNAYWSrnFD+cghyJbyx60AAjKtxZ0r/Pn9k94Qt2rvQoMnGgt/zU0v/y4hzg+g3JNEmO1PdHh/wDPVOxlZ6Hb5F4IQnENaAZ9uTZiFGqhBO1c8Wwjiq/MFZy3jZaidarLJvVs8EeT4mZcWxwm7nIVD4lRU2wQ2lj4aTPcepMAAACANlgcCuA4wrC+3Cic9CFkqiwO/Rn1vk8dvGuEQqFJ6f6LVfPfRTfaQU7TGVLk2CzY4dasrwxJ1f6FsT8DHTNGnxELPKRuLstGrFY/PR7KeafeFZDf+fJ3mbX5nxrld3wi5titTnX+8s4IKv29HJguPvOK/SI7cjzA+SqNfD7qEo8= root@hostname
- Set an nx password for administrator
nxpasswd administrator [enter password twice]
- Install the latest NXclient from http://nomachine.com
- Create a new session for the server's IP address, user administrator, and Gnome as the session type.
iTalc Master Server
- As root, Download and install packages:
wget ftp://ftp.pbone.net/mirror/atrpms.net/el5-i386/atrpms/stable/italc-1.0.9-6.el5.i386.rpm wget ftp://ftp.pbone.net/mirror/atrpms.net/el5-i386/atrpms/stable/italc-master-1.0.9-6.el5.i386.rpm yum install qt4 rpm -ivh italc-1.0.9-6.el5.i386.rpm italc-master-1.0.9-6.el5.i386.rpm
- As root, Create a key pair:
ica -createkeypair chown -R administrator /etc/italc/keys/
- Copy the teachers public key to all netbooks (i.e. the netbook image) from (ref):
/etc/italc/keys/public/teacher/key
- to:
/etc/italc/keys/public/teacher/key
Custom Scripts
These scripts are required to be on all the netbooks. The netbooks will grab these scripts from this server. Install these scripts and untar/gzip them into /opt/custom-scripts/ as follows:
wget http://linuxcentre.net/wiki/images/1/11/Custom-scripts-1.2.tar.gz mkdir -p /opt/custom-scripts/ tar -C /opt/custom-scripts/ -xzvf Custom-scripts-1.2.tar.gz
Dell Specific Build Steps
Add Dell Repository
- Run this as root:
wget -q -O - http://linux.dell.com/repo/hardware/OMSA_6.1/bootstrap.cgi | bash
Configure Dell Remote Access Controller
yum install srvadmin-rac5-components srvadmin-racadm5 srvadmin-racsvc srvadmin-omacore srvadmin-storage
- Start the dell data engine service
/etc/init.d/dataeng restart
- View the current DRAC IP Address:
racadm getniccfg
- Set the DRAC IP Address:
racadm setniccfg -s 10.104.186.8 255.255.254.0 10.104.186.1
Related Links:
Dell Storage Information
- Show physical disk status:
/opt/dell/srvadmin/oma/bin/omreport storage pdisk controller=0
- Show virtual disk status:
/opt/dell/srvadmin/oma/bin/omreport storage vdisk
