Difference between revisions of "Mirror Setup Process"

From CSLabsWiki
Jump to: navigation, search
m (won't be needed anymore hopefully within the next few hours)
 
(32 intermediate revisions by 3 users not shown)
Line 1: Line 1:
This page summarizes how [[Mirror]] was set up in Spring 2009.
+
[[Category:Server Setup Documentation]]
 
 
==Install==
 
*Installed CentOS 5.3 x64.
 
**Partition Scheme
 
***100 MB /boot - Software RAID 1
 
***73 GB root_lvg - Logical Volume Group Software RAID 1
 
****53 GB / (root_lvg-root_lv)
 
****10 GB /var (root_lvg-var_lv)
 
****10 GB swap (root_lvg-swap_lv)
 
***903 GB /mnt/raid - Software RAID 1
 
***1.8 TB /mnt/lvg_storage (storage_lvg-storage_lv)
 
***903 GB /mnt/storage1
 
***903 GB /mnt/storage2
 
 
 
===Kickstart File===
 
<code><pre>
 
# Kickstart file automatically generated by anaconda.
 
 
 
install
 
cdrom
 
lang en_US.UTF-8
 
keyboard us
 
network --device eth0 --bootproto static --ip 128.153.145.19 --netmask 255.255.255.0 --gateway 128.153.145.1 --nameserver 128.153.0.254,128.153.5.254 --hostname mirror.clar
 
kson.edu
 
network --device eth1 --bootproto static --ip 10.0.1.36 --netmask 255.255.255.0 --gateway 128.153.145.1 --nameserver 128.153.0.254,128.153.5.254 --hostname mirror.clarkson.
 
edu
 
network --device eth2 --bootproto static --ip 10.0.0.14 --netmask 255.255.255.0 --gateway 128.153.145.1 --nameserver 128.153.0.254,128.153.5.254 --hostname mirror.clarkson.
 
edu
 
rootpw --iscrypted ENCRYPTED-PASSWORD-GOES-HERE
 
firewall --enabled --port=22:tcp
 
authconfig --enableshadow --enablemd5
 
selinux --enforcing
 
timezone --utc America/New_York
 
bootloader --location=partition --driveorder=hda,hdb,sda,sdc,sdb,sdd,sde,sdf --md5pass=ENCRYPTED-PASSWORD-GOES-HERE
 
# The following is the partition information you requested
 
# Note that any partitions you deleted are not expressed
 
# here so unless you clear all partitions first, this is
 
# not guaranteed to work
 
clearpart --linux
 
part raid.11 --size=100 --ondisk=hda
 
part raid.14 --size=100 --ondisk=hdb
 
part /mnt/storage2 --fstype ext3 --size=100 --grow --ondisk=sdf
 
part /mnt/storage1 --fstype ext3 --size=100 --grow --ondisk=sde
 
part pv.25 --size=100 --grow --ondisk=sdd
 
part pv.24 --size=100 --grow --ondisk=sdc
 
part raid.22 --size=100 --grow --ondisk=sdb
 
part raid.21 --size=100 --grow --ondisk=sda
 
part raid.13 --size=100 --grow --ondisk=hdb
 
part raid.12 --size=100 --grow --ondisk=hda
 
raid /boot --fstype ext3 --level=RAID1 --device=md0 raid.11 raid.14
 
raid pv.16 --fstype "physical volume (LVM)" --level=RAID1 --device=md1 raid.12 raid.13
 
raid /mnt/raid --fstype ext3 --level=RAID1 --device=md2 raid.21 raid.22
 
volgroup root_lvg --pesize=32768 pv.16
 
volgroup storage_lvg --pesize=32768 pv.24 pv.25
 
logvol swap --fstype swap --name=swap_lv --vgname=root_lvg --size=10240
 
logvol /var --fstype ext3 --name=var_lv --vgname=root_lvg --size=10240
 
logvol / --fstype ext3 --name=root_lv --vgname=root_lvg --size=55712
 
logvol /mnt/lvg_storage --fstype ext3 --name=storage_lv --vgname=storage_lvg --size=1907712
 
 
 
%packages
 
@core
 
@base
 
device-mapper-multipath
 
-NetworkManager
 
-bluez-utils
 
</pre></code>
 
 
 
==Configuration==
 
===Updated System===
 
*Added Extra Repositories
 
**RPMForge Yum Repository
 
***<code>rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm</code>
 
****From [http://dag.wieers.com/rpm/FAQ.php#B2 Dag Wieers]
 
**Fedora EPEL Yum Repository
 
***<code>rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-3.noarch.rpm</code>
 
****From [http://download.fedora.redhat.com/pub/epel/5/x86_64/repoview/epel-release.html Fedora]
 
 
 
*Configured Yum Priorities & to use our mirror
 
**Edited <code>/etc/yum.repos.d/CentOS-Base.repo</code>
 
<code><pre>
 
# CentOS-Base.repo
 
#
 
# This file uses a new mirrorlist system developed by Lance Davis for CentOS.
 
# The mirror system uses the connecting IP address of the client and the
 
# update status of each mirror to pick mirrors that are updated to and
 
# geographically close to the client.  You should use this for CentOS updates
 
# unless you are manually picking other mirrors.
 
#
 
# If the mirrorlist= does not work for you, as a fall back you can try the
 
# remarked out baseurl= line instead.
 
#
 
#
 
 
 
[base]
 
name=CentOS-$releasever - Base
 
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
 
baseurl=http://mirror.clarkson.edu/centos/$releasever/os/$basearch/
 
gpgcheck=1
 
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
 
priority=1
 
exclude=rsync
 
 
 
#released updates
 
[updates]
 
name=CentOS-$releasever - Updates
 
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
 
baseurl=http://mirror.clarkson.edu/centos/$releasever/updates/$basearch/
 
gpgcheck=1
 
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
 
priority=1
 
exclude=rsync
 
 
 
#packages used/produced in the build but not released
 
[addons]
 
name=CentOS-$releasever - Addons
 
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=addons
 
baseurl=http://mirror.clarkson.edu/centos/$releasever/addons/$basearch/
 
gpgcheck=1
 
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
 
priority=1
 
 
 
#additional packages that may be useful
 
[extras]
 
name=CentOS-$releasever - Extras
 
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
 
baseurl=http://mirror.clarkson.edu/centos/$releasever/extras/$basearch/
 
gpgcheck=1
 
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
 
priority=1
 
 
 
#additional packages that extend functionality of existing packages
 
[centosplus]
 
name=CentOS-$releasever - Plus
 
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
 
baseurl=http://mirror.clarkson.edu/centos/$releasever/centosplus/$basearch/
 
gpgcheck=1
 
enabled=0
 
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
 
priority=2
 
 
 
#contrib - packages by Centos Users
 
[contrib]
 
name=CentOS-$releasever - Contrib
 
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
 
baseurl=http://mirror.clarkson.edu/centos/$releasever/contrib/$basearch/
 
gpgcheck=1
 
enabled=0
 
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
 
priority=2
 
</pre></code>
 
 
 
**Edited <code>/etc/yum.repos.d/rpmforge.repo</code>
 
<code><pre>
 
# Name: RPMforge RPM Repository for Red Hat Enterprise 5 - dag
 
# URL: http://rpmforge.net/
 
[rpmforge]
 
name = Red Hat Enterprise $releasever - RPMforge.net - dag
 
baseurl = http://mirror.clarkson.edu/rpmforge/redhat/el5/en/$basearch/dag
 
#mirrorlist = http://apt.sw.be/redhat/el5/en/mirrors-rpmforge
 
#mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge
 
enabled = 1
 
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
 
gpgcheck = 1
 
priority=15
 
</pre></code>
 
 
 
**Edited <code>/etc/yum.repos.d/epel.repo</code>
 
<code><pre>
 
[epel]
 
name=Extra Packages for Enterprise Linux 5 - $basearch
 
baseurl=http://mirror.clarkson.edu/epel/5/$basearch
 
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch
 
failovermethod=priority
 
enabled=1
 
gpgcheck=1
 
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
 
priority=30
 
 
 
[epel-debuginfo]
 
name=Extra Packages for Enterprise Linux 5 - $basearch - Debug
 
baseurl=http://mirror.clarkson.edu/epel/5/$basearch/debug
 
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-5&arch=$basearch
 
failovermethod=priority
 
enabled=0
 
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
 
gpgcheck=1
 
priority=30
 
 
 
[epel-source]
 
name=Extra Packages for Enterprise Linux 5 - $basearch - Source
 
baseurl=http://mirror.clarkson.edu/epel/5/SRPMS
 
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-5&arch=$basearch
 
failovermethod=priority
 
enabled=0
 
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
 
gpgcheck=1
 
priority=30
 
</pre></code>
 
 
 
**Edited <code>/etc/yum.repos.d/epel-testing.repo</code>
 
<code><pre>
 
[epel-testing]
 
name=Extra Packages for Enterprise Linux 5 - Testing - $basearch
 
baseurl=http://mirror.clarkson.edu/epel/testing/5/$basearch
 
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-epel5&arch=$basearch
 
failovermethod=priority
 
enabled=0
 
gpgcheck=1
 
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
 
priority=40
 
 
 
[epel-testing-debuginfo]
 
name=Extra Packages for Enterprise Linux 5 - Testing - $basearch - Debug
 
baseurl=http://mirror.clarkson.edu/epel/testing/5/$basearch/debug
 
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-debug-epel5&arch=$basearch
 
failovermethod=priority
 
enabled=0
 
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
 
gpgcheck=1
 
priority=40
 
 
 
[epel-testing-source]
 
name=Extra Packages for Enterprise Linux 5 - Testing - $basearch - Source
 
baseurl=http://mirror.clarkson.edu/epel/testing/5/SRPMS
 
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-source-epel5&arch=$basearch
 
failovermethod=priority
 
enabled=0
 
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
 
gpgcheck=1
 
priority=40
 
</pre></code>
 
 
 
*Disabled Yum FastestMirror since using local mirror
 
**<code>sed -i 's/enabled=1/enabled=0/g' /etc/yum/pluginconf.d/fastestmirror.conf</code>
 
 
 
*Installed Yum Priorities (Note: This must be installed prior to installing the packages below.)
 
**<code>yum install yum-priorities</code>
 
 
 
*Configured Yum Priorities to check for obsoletes
 
**<code>echo "check_obsoletes=1" >> /etc/yum/pluginconf.d/priorities.conf</code>
 
 
 
*<code>yum install vim-enhanced gcc emacs-nox screen iftop</code>
 
*<code>yum update</code>
 
 
 
===Created User===
 
*Created user mccarrms
 
**<code>/usr/sbin/useradd -m mccarrms</code>
 
*Set password for mccarrms
 
**<code>passwd mccarrms</code>
 
 
 
===Configured Sudo===
 
*<code>/usr/sbin/visudo</code>
 
 
 
<code><pre>
 
## Sudoers allows particular users to run various commands as
 
## the root user, without needing the root password.
 
 
 
## Networking
 
Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
 
 
 
## Installation and management of software
 
Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
 
 
 
## Services
 
Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig
 
 
 
## Updating the locate database
 
Cmnd_Alias LOCATE = /usr/sbin/updatedb
 
 
 
## Storage
 
Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
 
 
 
## Delegating permissions
 
Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp
 
 
 
## Processes
 
Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
 
 
 
## Drivers
 
Cmnd_Alias DRIVERS = /sbin/modprobe
 
 
 
## Shells
 
Cmnd_Alias SHELLS = /bin/sh, /bin/bash, /usr/bin/rsh, /bin/dash, /bin/rbash, /bin/su
 
 
 
## Users
 
Cmnd_Alias USERS = /usr/sbin/useradd, /usr/sbin/userdel, /usr/sbin/userhelper, /usr/sbin/usermod, /usr/sbin/usernetctl
 
 
 
Defaults    requiretty
 
 
 
Defaults    env_reset,tty_tickets,lecture=always,logfile=/var/log/sudo.log
 
Defaults    env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \
 
                        LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \
 
                        LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \
 
                        LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \
 
                        LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \
 
                        _XKB_CHARSET XAUTHORITY"
 
 
 
## Allow root to run any commands anywhere
 
root    ALL=(ALL)      ALL
 
%wheel  ALL=(ALL)      ALL
 
</pre></code>
 
 
 
===Configured Networks===
 
*Configured hostname in <code>/etc/sysconfig/network</code>
 
<code><pre>
 
NETWORKING=yes
 
NETWORKING_IPV6=no
 
HOSTNAME=mirror.clarkson.edu
 
GATEWAY=128.153.145.1
 
</pre></code>
 
  
*Verified eth0 configuration for Clarkson Network in <code>/etc/sysconfig/network-scripts/ifcfg-eth0</code>
+
This page summarizes how [[Old Mirror]] was set up in Spring 2014.
<code><pre>
 
# Intel Corporation 82541PI Gigabit Ethernet Controller
 
DEVICE=eth0
 
BOOTPROTO=static
 
BROADCAST=128.153.145.255
 
HWADDR=00:1B:21:28:C8:48
 
IPADDR=128.153.145.19
 
NETMASK=255.255.255.0
 
NETWORK=128.153.145.0
 
ONBOOT=yes
 
</pre></code>
 
  
*Verified eth1 configuration for the Server Room Network in <code>/etc/sysconfig/network-scripts/ifcfg-eth1</code>
+
=Install=
<code><pre>
+
See [[Debian Server Setup]]
# Intel Corporation 82566DM-2 Gigabit Network Connection
 
DEVICE=eth1
 
BOOTPROTO=static
 
BROADCAST=10.0.1.255
 
HWADDR=00:30:48:9A:DB:26
 
IPADDR=10.0.1.36
 
NETMASK=255.255.255.0
 
NETWORK=10.0.1.0
 
ONBOOT=yes
 
</pre></code>
 
  
*Verified eth2 configuration for the Internal Network in <code>/etc/sysconfig/network-scripts/ifcfg-eth2</code>
+
==Debian 7 x64==
<code><pre>
+
*71 GB  / - Software RAID 1
# Intel Corporation 82573L Gigabit Ethernet Controller
+
*4GB Swap per OS Drive
DEVICE=eth2
 
BOOTPROTO=static
 
BROADCAST=10.0.0.255
 
HWADDR=00:30:48:9A:DB:27
 
IPADDR=10.0.0.14
 
NETMASK=255.255.255.0
 
NETWORK=10.0.0.0
 
ONBOOT=yes
 
</pre></code>
 
  
====Configured Hosts====
+
=Setup=
*Edited <code>/etc/hosts</code>
+
See [[Debian Server Setup]]
<code><pre>
 
127.0.0.1      localhost.localdomain localhost
 
::1            localhost6.localdomain6 localhost6
 
128.153.145.19  mirror.clarkson.edu mirror.cslabs.clarkson.edu mirror.cslabs mirror
 
10.0.1.36      mirror.sr.cslabs.clarkson.edu mirror.sr.cslabs mirror.sr
 
10.0.0.14      mirror.int.cslabs.clarkson.edu mirror.int.cslabs mirror.int
 
</pre></code>
 
 
 
*Edited <code>/etc/hosts.allow</code>
 
<code><pre>
 
For security purposes, this information has been intentionally left off.
 
</pre></code>
 
  
*Edited <code>/etc/hosts.deny</code>
+
==Raid==
<code><pre>
+
*sda sdb sdc sde sdg sdh
ALL: ALL
+
*/dev/md2
</pre></code>
+
*Software RAID 10
 +
*/storage xfs
  
====Configured DNS Servers====
+
==Networking==
*Edited <code>/etc/resolv.conf</code>
 
<code><pre>
 
search cslabs.clarkson.edu clarkson.edu
 
nameserver 128.153.0.254
 
nameserver 128.153.5.254
 
</pre></code>
 
  
====Disabled IP v6====
+
===eth2===
*Appended the following to <code>/etc/modprobe.conf</code>
+
*Intel Corporation 82541PI Gigabit Ethernet Controller
<code><pre>
+
*HWADDR=00:1B:21:28:C8:48
install ipv6 /bin/true
+
*IPADDR=128.153.145.19
</pre></code>
 
*Disabled IP v6 firewall
 
**<code>/sbin/chkconfig ip6tables off</code>
 
  
===Configured IPtables===
+
===eth1===
<code><pre>
+
*Intel Corporation 82566DM-2 Gigabit Network Connection
Due to the sensitivity of this material, this config file has been left off; however, the following rules are needed.
+
*HWADDR=00:30:48:9A:DB:26
</pre></code>
+
*IPADDR=10.0.1.36
*Restarted iptables
 
**<code>/etc/init.d/iptables restart</code>
 
  
===Configured SSH===
+
===eth3===
*Edited <code>/etc/ssh/sshd_config</code>
+
*Intel Corporation 82573L Gigabit Ethernet Controller
<code><pre>
+
*HWADDR=00:30:48:9A:DB:27
Due to the sensitivity of this material, this config file has been left off.
+
*IPADDR=10.0.0.14
</pre></code>
 
*Restarted sshd
 
**<code>/etc/init.d/sshd restart</code>
 
  
====Set Up SSH Login Banner====
+
==Set Up SSH Login Banner==
*Edited <code>/etc/issue.net</code>
+
/etc/issue.net
 
<code><pre>
 
<code><pre>
 
         _                 
 
         _                 
Line 410: Line 45:
 
                            
 
                            
 
</pre></code>
 
</pre></code>
 +
==SSHD config==
 +
uncomment
 +
Banner /etc/issue.net
  
===Configured Password Requirements===
+
==Installed nginx==
*Edited <code>/etc/login.defs</code>
+
  apt-get install install nginx
<code><pre>
 
MAIL_DIR        /var/spool/mail
 
 
 
PASS_MAX_DAYS  360
 
PASS_MIN_DAYS  0
 
PASS_MIN_LEN    8
 
PASS_WARN_AGE  60
 
 
 
UID_MIN                  500
 
UID_MAX                60000
 
 
 
GID_MIN                  500
 
GID_MAX                60000
 
 
 
CREATE_HOME    yes
 
 
 
UMASK          077
 
 
 
USERGROUPS_ENAB yes
 
 
 
MD5_CRYPT_ENAB yes
 
 
 
ENCRYPT_METHOD MD5
 
</pre></code>
 
 
 
===Added Custom PATH Variables===
 
*Added the following to <code>/etc/profile</code>
 
<code><pre>
 
PATH=$PATH:/usr/sbin:/sbin
 
export PATH
 
</pre></code>
 
 
 
===Modified Root's Crontab===
 
*<code>crontab -e</code>
 
<code><pre>
 
# Used to update locate database
 
0 * * * * /usr/bin/updatedb
 
</pre></code>
 
 
 
===Set Up & Configured NTP===
 
*Installed NTP
 
**<code>yum install ntp</code>
 
 
 
*Edited <code>/etc/ntp.conf</code>
 
<code><pre>
 
restrict default kod nomodify notrap nopeer noquery
 
restrict -6 default kod nomodify notrap nopeer noquery
 
 
 
restrict 127.0.0.1
 
restrict -6 ::1
 
 
 
restrict tick.clarkson.edu mask 255.255.255.255 nomodify notrap noquery
 
restrict tock.clarkson.edu mask 255.255.255.255 nomodify notrap noquery
 
 
 
server tick.clarkson.edu
 
server tock.clarkson.edu
 
 
 
server  127.127.1.0    # local clock
 
fudge  127.127.1.0 stratum 10
 
 
 
driftfile /var/lib/ntp/drift
 
 
 
keys /etc/ntp/keys
 
</pre></code>
 
 
 
*Edited <code>/etc/ntp/step-tickers</code>
 
<code><pre>
 
tick.clarkson.edu
 
tock.clarkson.edu
 
</pre></code>
 
 
 
*Configured ntpd to start on boot
 
**<code>/sbin/chkconfig --levels 2345 ntpd on</code>
 
 
 
*Started ntpd
 
**<code>/etc/init.d/ntpd start</code>
 
 
 
====Configured ntpd to Sync Hardware Clock====
 
*Edited <code>/etc/sysconfig/ntpd</code>
 
<code><pre>
 
# Drop root to id 'ntp:ntp' by default.
 
OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid"
 
 
 
# Set to 'yes' to sync hw clock after successful ntpdate
 
SYNC_HWCLOCK=yes
 
 
 
# Additional options for ntpdate
 
NTPDATE_OPTIONS=""
 
</pre></code>
 
 
 
===Installed and Configured [http://www.apcupsd.org/ APCUPSD]===
 
This package is used to monitor the UPS which [[Mirror]] is plugged into and is used to shutdown the system in the event of a power failure.
 
 
 
====Configured to Power On when Power is Restored====
 
*Edited the BIOS to have <code>Restore on AC/Power Loss</code> set to <code>Power On</code>.
 
 
 
====Installed and configured <code>apcupsd</code>====
 
*Installed <code>apcupsd</code>
 
**<code>yum install apcupsd</code>
 
 
 
*Edited <code>/etc/apcupsd/apcupsd.conf</code>
 
<code><pre>
 
## apcupsd.conf v1.1 ##
 
 
 
UPSNAME ups3
 
 
 
UPSCABLE ether
 
 
 
UPSTYPE net
 
DEVICE 128.153.145.215:3551
 
 
 
LOCKFILE /var/lock
 
 
 
SCRIPTDIR /etc/apcupsd
 
 
 
PWRFAILDIR /etc/apcupsd
 
 
 
NOLOGINDIR /etc
 
 
 
ONBATTERYDELAY 6
 
 
 
BATTERYLEVEL 10
 
 
 
MINUTES 15
 
 
 
TIMEOUT 0
 
 
 
ANNOY 300
 
 
 
ANNOYDELAY 60
 
 
 
NOLOGON disable
 
 
 
KILLDELAY 0
 
 
 
NETSERVER on
 
 
 
NISIP 127.0.0.1
 
 
 
NISPORT 3551
 
 
 
EVENTSFILE /var/log/apcupsd.events
 
 
 
EVENTSFILEMAX 10
 
 
 
UPSCLASS standalone
 
 
 
UPSMODE disable
 
 
 
STATTIME 0
 
 
 
STATFILE /var/log/apcupsd.status
 
 
 
LOGSTATS off
 
 
 
DATATIME 0
 
 
 
SELFTEST 336
 
</pre></code>
 
 
 
*Configured <code>apcupsd</code> to start on boot
 
**<code>/sbin/chkconfig --levels 2345 apcupsd on</code>
 
 
 
*Started <code>apcupsd</code>
 
**<code>/etc/init.d/apcupsd start</code>
 
 
 
===Configured Aliases===
 
*Edited <code>/etc/aliases</code>
 
<code><pre>
 
#
 
# Aliases in this file will NOT be expanded in the header from
 
#  Mail, but WILL be visible over networks or from /bin/mail.
 
#
 
#      >>>>>>>>>>      The program "newaliases" must be run after
 
#      >> NOTE >>      this file is updated for any changes to
 
#      >>>>>>>>>>      show through to sendmail.
 
#
 
 
 
# Basic system aliases -- these MUST be present.
 
mailer-daemon:  postmaster
 
postmaster:    logwatch@cslabs.clarkson.edu
 
 
 
# General redirections for pseudo accounts.
 
bin:            logwatch@cslabs.clarkson.edu
 
daemon:        logwatch@cslabs.clarkson.edu
 
adm:            logwatch@cslabs.clarkson.edu
 
lp:            logwatch@cslabs.clarkson.edu
 
sync:          logwatch@cslabs.clarkson.edu
 
shutdown:      logwatch@cslabs.clarkson.edu
 
halt:          logwatch@cslabs.clarkson.edu
 
mail:          logwatch@cslabs.clarkson.edu
 
news:          logwatch@cslabs.clarkson.edu
 
uucp:          logwatch@cslabs.clarkson.edu
 
operator:      logwatch@cslabs.clarkson.edu
 
games:          logwatch@cslabs.clarkson.edu
 
gopher:        logwatch@cslabs.clarkson.edu
 
ftp:            logwatch@cslabs.clarkson.edu
 
nobody:        logwatch@cslabs.clarkson.edu
 
radiusd:        logwatch@cslabs.clarkson.edu
 
nut:            logwatch@cslabs.clarkson.edu
 
dbus:          logwatch@cslabs.clarkson.edu
 
vcsa:          logwatch@cslabs.clarkson.edu
 
canna:          logwatch@cslabs.clarkson.edu
 
wnn:            logwatch@cslabs.clarkson.edu
 
rpm:            logwatch@cslabs.clarkson.edu
 
nscd:          logwatch@cslabs.clarkson.edu
 
pcap:          logwatch@cslabs.clarkson.edu
 
apache:        logwatch@cslabs.clarkson.edu
 
webalizer:      logwatch@cslabs.clarkson.edu
 
dovecot:        logwatch@cslabs.clarkson.edu
 
fax:            logwatch@cslabs.clarkson.edu
 
quagga:        logwatch@cslabs.clarkson.edu
 
radvd:          logwatch@cslabs.clarkson.edu
 
pvm:            logwatch@cslabs.clarkson.edu
 
amanda:        logwatch@cslabs.clarkson.edu
 
privoxy:        logwatch@cslabs.clarkson.edu
 
ident:          logwatch@cslabs.clarkson.edu
 
named:          logwatch@cslabs.clarkson.edu
 
xfs:            logwatch@cslabs.clarkson.edu
 
gdm:            logwatch@cslabs.clarkson.edu
 
mailnull:      logwatch@cslabs.clarkson.edu
 
postgres:      logwatch@cslabs.clarkson.edu
 
sshd:          logwatch@cslabs.clarkson.edu
 
smmsp:          logwatch@cslabs.clarkson.edu
 
postfix:        logwatch@cslabs.clarkson.edu
 
netdump:        logwatch@cslabs.clarkson.edu
 
ldap:          logwatch@cslabs.clarkson.edu
 
squid:          logwatch@cslabs.clarkson.edu
 
ntp:            logwatch@cslabs.clarkson.edu
 
mysql:          logwatch@cslabs.clarkson.edu
 
desktop:        logwatch@cslabs.clarkson.edu
 
rpcuser:        logwatch@cslabs.clarkson.edu
 
rpc:            logwatch@cslabs.clarkson.edu
 
nfsnobody:      logwatch@cslabs.clarkson.edu
 
 
 
ingres:        logwatch@cslabs.clarkson.edu
 
system:        logwatch@cslabs.clarkson.edu
 
toor:          logwatch@cslabs.clarkson.edu
 
manager:        logwatch@cslabs.clarkson.edu
 
dumper:        logwatch@cslabs.clarkson.edu
 
abuse:          logwatch@cslabs.clarkson.edu
 
 
 
newsadm:        news
 
newsadmin:      news
 
usenet:        news
 
ftpadm:        ftp
 
ftpadmin:      ftp
 
ftp-adm:        ftp
 
ftp-admin:      ftp
 
www:            webmaster
 
webmaster:      logwatch@cslabs.clarkson.edu
 
noc:            logwatch@cslabs.clarkson.edu
 
security:      logwatch@cslabs.clarkson.edu
 
hostmaster:    logwatch@cslabs.clarkson.edu
 
info:          postmaster
 
marketing:      postmaster
 
sales:          postmaster
 
support:        postmaster
 
 
 
 
 
# trap decode to catch security attacks
 
decode:        logwatch@cslabs.clarkson.edu
 
 
 
# Person who should get roots's mail
 
root:          logwatch@cslabs.clarkson.edu
 
</pre></code>
 
 
 
*Updated aliases
 
**<code>/usr/bin/newaliases</code>
 
 
 
===Disabled <code>CTRL-ALT-DELETE</code>===
 
*Removed trap entry to prevent accidental reboots
 
<code><pre>
 
sed -i 's/ca::ctrlaltdel:/#ca::ctrlaltdel:/g' /etc/inittab
 
</pre></code>
 
 
 
*Made Changes Active
 
<code><pre>
 
init q
 
</pre></code>
 
 
 
===Disabled Various Kernel Modules===
 
*Added the following to <code>/etc/modprobe.conf</code>
 
<code><pre>
 
install pppox /bin/true
 
install bluetooth /bin/true
 
install sctp /bin/true
 
</pre></code>
 
 
 
===Installed & Configured SNMP===
 
*Installed needed packages
 
<code><pre>
 
yum install net-snmp ntp
 
</pre></code>
 
 
 
*Configured SNMP Daemon <code>/etc/snmp/snmpd.conf</code>
 
<code><pre>
 
rocommunity    <passphrase>  127.0.0.1
 
rocommunity    <passphrase>  <ipsallowed>
 
 
syslocation Clarkson University Applied CS Labs
 
syscontact Matt McCarrell <mccarrms@gmail.com>
 
disk /
 
disk /var
 
disk /boot
 
disk /mnt/raid
 
disk /mnt/lvg_storage
 
disk /mnt/storage1
 
disk /mnt/storage2
 
exec timeskew /usr/local/sbin/ntp_check
 
exec uptime /usr/bin/uptime
 
</pre></code>
 
 
 
*Deployed <code>ntp_check</code> script
 
**Copied over <code>/usr/local/sbin/ntp_check</code> from [[Isengard]] to /usr/local/sbin/
 
**<code>chown root.root /usr/local/sbin/ntp_check</code>
 
 
 
*Configured SNMP to start at specific run levels
 
<code><pre>
 
/sbin/chkconfig --levels 2345 snmpd on
 
</pre></code>
 
 
 
*Started daemon
 
<code><pre>
 
/etc/init.d/snmpd start
 
</pre></code>
 
 
 
===Increased Detail of Logwatch Reports===
 
*Set detail level to be high
 
<code><pre>
 
echo "Detail = High" >> /etc/logwatch/conf/logwatch.conf
 
</pre></code>
 
 
 
==Installed Apache==
 
*Installed <code>httpd</code>
 
**<code>yum install httpd</code>
 
 
 
*Modified <code>/etc/httpd/conf/httpd.conf</code>
 
<code><pre>
 
ServerTokens Prod
 
ServerRoot "/etc/httpd"
 
PidFile run/httpd.pid
 
Timeout 120
 
KeepAlive On
 
MaxKeepAliveRequests 100
 
KeepAliveTimeout 2
 
TraceEnable Off
 
 
 
<IfModule prefork.c>
 
StartServers      32
 
MinSpareServers    20
 
MaxSpareServers    80
 
ServerLimit        768
 
MaxClients        768
 
MaxRequestsPerChild  4000
 
</IfModule>
 
 
 
<IfModule worker.c>
 
StartServers        8
 
MaxClients          600
 
MinSpareThreads      100
 
MaxSpareThreads      300
 
ThreadsPerChild      100
 
MaxRequestsPerChild  0
 
</IfModule>
 
 
 
Listen 80
 
 
 
LoadModule auth_basic_module modules/mod_auth_basic.so
 
LoadModule auth_digest_module modules/mod_auth_digest.so
 
LoadModule authn_file_module modules/mod_authn_file.so
 
LoadModule authn_alias_module modules/mod_authn_alias.so
 
LoadModule authn_anon_module modules/mod_authn_anon.so
 
LoadModule authn_dbm_module modules/mod_authn_dbm.so
 
LoadModule authn_default_module modules/mod_authn_default.so
 
LoadModule authz_host_module modules/mod_authz_host.so
 
LoadModule authz_user_module modules/mod_authz_user.so
 
LoadModule authz_owner_module modules/mod_authz_owner.so
 
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
 
LoadModule authz_dbm_module modules/mod_authz_dbm.so
 
LoadModule authz_default_module modules/mod_authz_default.so
 
LoadModule ldap_module modules/mod_ldap.so
 
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
 
LoadModule include_module modules/mod_include.so
 
LoadModule log_config_module modules/mod_log_config.so
 
LoadModule logio_module modules/mod_logio.so
 
LoadModule env_module modules/mod_env.so
 
LoadModule ext_filter_module modules/mod_ext_filter.so
 
LoadModule mime_magic_module modules/mod_mime_magic.so
 
LoadModule expires_module modules/mod_expires.so
 
LoadModule deflate_module modules/mod_deflate.so
 
LoadModule headers_module modules/mod_headers.so
 
LoadModule usertrack_module modules/mod_usertrack.so
 
LoadModule setenvif_module modules/mod_setenvif.so
 
LoadModule mime_module modules/mod_mime.so
 
LoadModule dav_module modules/mod_dav.so
 
LoadModule status_module modules/mod_status.so
 
LoadModule autoindex_module modules/mod_autoindex.so
 
LoadModule info_module modules/mod_info.so
 
LoadModule dav_fs_module modules/mod_dav_fs.so
 
LoadModule vhost_alias_module modules/mod_vhost_alias.so
 
LoadModule negotiation_module modules/mod_negotiation.so
 
LoadModule dir_module modules/mod_dir.so
 
LoadModule actions_module modules/mod_actions.so
 
LoadModule speling_module modules/mod_speling.so
 
LoadModule userdir_module modules/mod_userdir.so
 
LoadModule alias_module modules/mod_alias.so
 
LoadModule rewrite_module modules/mod_rewrite.so
 
#LoadModule proxy_module modules/mod_proxy.so
 
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
 
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
 
#LoadModule proxy_http_module modules/mod_proxy_http.so
 
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
 
LoadModule cache_module modules/mod_cache.so
 
LoadModule suexec_module modules/mod_suexec.so
 
LoadModule disk_cache_module modules/mod_disk_cache.so
 
LoadModule file_cache_module modules/mod_file_cache.so
 
LoadModule mem_cache_module modules/mod_mem_cache.so
 
LoadModule cgi_module modules/mod_cgi.so
 
LoadModule version_module modules/mod_version.so
 
 
 
Include conf.d/*.conf
 
 
 
User apache
 
Group apache
 
 
 
ServerAdmin mirror-admin@cslabs.clarkson.edu
 
 
 
UseCanonicalName Off
 
 
 
DocumentRoot "/var/www/html"
 
 
 
<Directory />
 
    Options FollowSymLinks
 
    AllowOverride None
 
</Directory>
 
 
 
<Directory "/var/www/html">
 
    Options Indexes FollowSymLinks Includes
 
    AllowOverride FileInfo Indexes Limit
 
    Order allow,deny
 
    Allow from all
 
</Directory>
 
 
 
<IfModule mod_userdir.c>
 
    UserDir disable
 
</IfModule>
 
 
 
DirectoryIndex index.html index.html.var
 
 
 
AccessFileName .htaccess
 
 
 
XBitHack On
 
 
 
<Files ~ "^\.ht">
 
    Order allow,deny
 
    Deny from all
 
</Files>
 
 
 
TypesConfig /etc/mime.types
 
 
 
DefaultType text/plain
 
 
 
<IfModule mod_mime_magic.c>
 
#  MIMEMagicFile /usr/share/magic.mime
 
    MIMEMagicFile conf/magic
 
</IfModule>
 
 
 
HostnameLookups Off
 
 
 
ErrorLog logs/error_log
 
LogLevel warn
 
 
 
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
 
LogFormat "%h %l %u %t \"%r\" %>s %b" common
 
LogFormat "%{Referer}i -> %U" referer
 
LogFormat "%{User-agent}i" agent
 
 
 
CustomLog logs/access_log combined
 
 
 
ServerSignature Off
 
 
 
Alias /icons/ "/var/www/icons/"
 
 
 
<Directory "/var/www/icons">
 
    Options Indexes MultiViews
 
    AllowOverride None
 
    Order allow,deny
 
    Allow from all
 
</Directory>
 
 
 
<IfModule mod_dav_fs.c>
 
    # Location of the WebDAV lock database.
 
    DAVLockDB /var/lib/dav/lockdb
 
</IfModule>
 
 
 
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
 
 
 
<Directory "/var/www/cgi-bin">
 
    AllowOverride None
 
    Options None
 
    Order allow,deny
 
    Allow from all
 
</Directory>
 
 
 
IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
 
 
 
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
 
 
 
AddIconByType (TXT,/icons/text.gif) text/*
 
AddIconByType (IMG,/icons/image2.gif) image/*
 
AddIconByType (SND,/icons/sound2.gif) audio/*
 
AddIconByType (VID,/icons/movie.gif) video/*
 
 
 
AddIcon /icons/binary.gif .bin .exe
 
AddIcon /icons/binhex.gif .hqx
 
AddIcon /icons/tar.gif .tar
 
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
 
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
 
AddIcon /icons/a.gif .ps .ai .eps
 
AddIcon /icons/layout.gif .html .shtml .htm .pdf
 
AddIcon /icons/text.gif .txt
 
AddIcon /icons/c.gif .c
 
AddIcon /icons/p.gif .pl .py
 
AddIcon /icons/f.gif .for
 
AddIcon /icons/dvi.gif .dvi
 
AddIcon /icons/uuencoded.gif .uu
 
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
 
AddIcon /icons/tex.gif .tex
 
AddIcon /icons/bomb.gif core
 
 
 
AddIcon /icons/back.gif ..
 
AddIcon /icons/hand.right.gif README
 
AddIcon /icons/folder.gif ^^DIRECTORY^^
 
AddIcon /icons/blank.gif ^^BLANKICON^^
 
 
 
DefaultIcon /icons/unknown.gif
 
 
 
ReadmeName README.html
 
HeaderName HEADER.html
 
 
 
IndexIgnore .??* *~ *#
 
 
 
AddLanguage ca .ca
 
AddLanguage cs .cz .cs
 
AddLanguage da .dk
 
AddLanguage de .de
 
AddLanguage el .el
 
AddLanguage en .en
 
AddLanguage eo .eo
 
AddLanguage es .es
 
AddLanguage et .et
 
AddLanguage fr .fr
 
AddLanguage he .he
 
AddLanguage hr .hr
 
AddLanguage it .it
 
AddLanguage ja .ja
 
AddLanguage ko .ko
 
AddLanguage ltz .ltz
 
AddLanguage nl .nl
 
AddLanguage nn .nn
 
AddLanguage no .no
 
AddLanguage pl .po
 
AddLanguage pt .pt
 
AddLanguage pt-BR .pt-br
 
AddLanguage ru .ru
 
AddLanguage sv .sv
 
AddLanguage zh-CN .zh-cn
 
AddLanguage zh-TW .zh-tw
 
 
 
LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
 
 
 
ForceLanguagePriority Prefer Fallback
 
 
 
AddDefaultCharset UTF-8
 
 
 
AddType application/x-compress .Z
 
AddType application/x-gzip .gz .tgz
 
 
 
AddHandler type-map var
 
 
 
AddType text/html .shtml
 
AddOutputFilter INCLUDES .shtml
 
 
 
AddType application/octet-stream .iso
 
AddType application/octet-stream .rpm
 
 
 
Alias /error/ "/var/www/error/"
 
 
 
<IfModule mod_negotiation.c>
 
<IfModule mod_include.c>
 
    <Directory "/var/www/error">
 
        AllowOverride None
 
        Options IncludesNoExec
 
        AddOutputFilter Includes html
 
        AddHandler type-map var
 
        Order allow,deny
 
        Allow from all
 
        LanguagePriority en es de fr
 
        ForceLanguagePriority Prefer Fallback
 
    </Directory>
 
 
 
</IfModule>
 
</IfModule>
 
 
 
<LocationMatch "\.(xml|xml\.gz|xml\.asc|sqlite)">
 
        Header set Cache-Control "must-revalidate"
 
        ExpiresActive On
 
        ExpiresDefault "now"
 
</LocationMatch>
 
 
 
AddType application/pgp-signature .sig
 
# make sure .sig files are _not_ sent with "Content-Encoding: gzip".
 
<Files *.gz.sig>
 
  RemoveEncoding .gz
 
</Files>
 
 
 
BrowserMatch "Mozilla/2" nokeepalive
 
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
 
BrowserMatch "RealPlayer 4\.0" force-response-1.0
 
BrowserMatch "Java/1\.0" force-response-1.0
 
BrowserMatch "JDK/1\.0" force-response-1.0
 
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
 
BrowserMatch "MS FrontPage" redirect-carefully
 
BrowserMatch "^WebDrive" redirect-carefully
 
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
 
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
 
BrowserMatch "^XML Spy" redirect-carefully
 
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
 
 
 
NameVirtualHost *:80
 
 
 
<VirtualHost *:80>
 
    ServerName mirror.clarkson.edu
 
    ServerAdmin mirror-admin@cslabs.clarkson.edu
 
    DocumentRoot "/var/www/html/"
 
    ErrorLog logs/error_log
 
    CustomLog logs/access_log combined
 
    ServerAlias mirror
 
</VirtualHost>
 
 
 
<VirtualHost *:80>
 
    ServerName mirror.cslabs.clarkson.edu
 
    ServerAdmin mirror-admin@cslabs.clarkson.edu
 
    DocumentRoot "/var/www/html/"
 
    ErrorLog logs/error_log
 
    CustomLog logs/access_log combined
 
    ServerAlias mirror.cslabs*
 
    Redirect permanent / http://mirror.clarkson.edu/
 
</VirtualHost>
 
 
 
<VirtualHost 128.153.145.18>
 
    ServerName kernelmirror.clarkson.edu
 
    ServerAdmin mirror-admin@cslabs.clarkson.edu
 
    DocumentRoot "/var/www/html/"
 
    ErrorLog logs/error_log
 
    CustomLog logs/access_log combined
 
    ServerAlias kernelmirror*
 
    Redirect permanent / http://mirror.clarkson.edu/
 
</VirtualHost>
 
 
 
<VirtualHost 128.153.145.44>
 
    ServerName mirror.dev.cslabs.clarkson.edu
 
    ServerAdmin mirror-admin@cslabs.clarkson.edu
 
    DocumentRoot "/var/www/html/"
 
    ErrorLog logs/error_log
 
    CustomLog logs/access_log combined
 
    ServerAlias mirror.dev*
 
    Redirect permanent / http://mirror.clarkson.edu/
 
</VirtualHost>
 
</pre></code>
 
 
 
*Removed unneeded files
 
**<code>rm /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/proxy_ajp.conf</code>
 
 
 
*Configured Apache to start on boot
 
**<code>/sbin/chkconfig --levels 345 httpd on</code>
 
 
 
*Started Apache
 
**<code>/etc/init.d/httpd start</code>
 
 
 
====AWStats====
 
*Mirror is configured to be monitored by AWStats on [[Netstat]].  The basic process for doing this is on the [[Configure a Remote Red Hat Based Linux Server for AWStats]] how-to.
 
  
 
==Configure rsync to run as a daemon==
 
==Configure rsync to run as a daemon==
 
*Installed <code>xinetd</code>
 
*Installed <code>xinetd</code>
**<code>yum install xinetd</code>
+
apt-get install rsync
  
*Enabled rsync <code>/etc/xinetd.d/rsync</code>
+
*Configured rsync /etc/rsyncd.conf
<code><pre>
 
# default: off
 
# description: The rsync server is a good addition to an ftp server, as it #  allows crc checksumming etc.
 
service rsync
 
{
 
    disable = no
 
    socket_type    = stream
 
    wait            = no
 
    user            = root
 
    server          = /usr/bin/rsync
 
    server_args    = --daemon
 
    log_on_failure  += USERID
 
}
 
</pre></code>
 
 
 
*Created configuration and shares for rsync daemon <code>/etc/rsyncd.conf</code>
 
 
<code><pre>
 
<code><pre>
 
uid = nobody
 
uid = nobody
gid = nobody
+
gid = nogroup
 
use chroot = yes
 
use chroot = yes
max connections = 100
+
max connections = 20
 
pid file = /var/run/rsyncd.pid
 
pid file = /var/run/rsyncd.pid
 
motd file = /etc/rsyncd.motd
 
motd file = /etc/rsyncd.motd
Line 1,129: Line 68:
 
log format = %t %a %m %f %b
 
log format = %t %a %m %f %b
 
syslog facility = local3
 
syslog facility = local3
timeout = 300
+
timeout = 900
 
dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
 
dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
 
refuse options = checksum
 
refuse options = checksum
  
[archlinux]
+
[name]
   comment = Arch Linux
+
   comment = Name of Repository
  path = /mnt/storage1/archlinux
+
   path = /storage/repository
  exclude = lost+found/
 
  read only = true
 
  ignore nonreadable = yes
 
 
 
[centos]
 
  comment = CentOS - Including DVDs
 
  path = /mnt/raid/centos
 
  exclude = lost+found/
 
  read only = true
 
  ignore nonreadable = yes
 
 
 
[dag]
 
  comment = RPMforge Repository
 
   path = /mnt/raid/rpmforge
 
  exclude = lost+found/
 
  read only = true
 
  ignore nonreadable = yes
 
 
 
[debian-cd]
 
  comment = Debian CD
 
  path = /mnt/storage2/debian-cd
 
  exclude = lost+found/
 
  read only = true
 
  ignore nonreadable = yes
 
 
 
[debian]
 
  comment = Debian
 
  path = /mnt/storage2/debian
 
  exclude = lost+found/
 
  read only = true
 
  ignore nonreadable = yes
 
 
 
[fedora]
 
  comment = Fedora - RedHat community project
 
  path = /mnt/lvg_storage/fedora
 
  exclude = lost+found/
 
  read only = true
 
  ignore nonreadable = yes
 
 
 
[fedora-epel]
 
  comment = Extra Packages for Enterprise Linux (EPEL)
 
  path = /mnt/raid/epel
 
  exclude = lost+found/
 
  read only = true
 
  ignore nonreadable = yes
 
 
 
[freebsd]
 
  comment = FreeBSD
 
  path = /mnt/lvg_storage/freebsd
 
  exclude = lost+found/
 
  read only = true
 
  ignore nonreadable = yes
 
 
 
[gentoo]
 
  comment = Gentoo
 
  path = /mnt/storage1/gentoo
 
  exclude = lost+found/
 
  read only = true
 
  ignore nonreadable = yes
 
 
 
[gentoo-portage]
 
  comment = Gentoo Portage
 
  path = /mnt/storage1/gentoo-portage
 
  exclude = lost+found/
 
  read only = true
 
  ignore nonreadable = yes
 
 
 
[jailtime.org]
 
  comment = Jailtime Project - Now relaunched as Stacklet
 
  path = /mnt/storage2/jailtime.org
 
  exclude = lost+found/
 
  read only = true
 
  ignore nonreadable = yes
 
 
 
[knoppix]
 
  comment = Knoppix
 
  path = /mnt/storage1/knoppix
 
  exclude = lost+found/
 
  read only = true
 
  ignore nonreadable = yes
 
 
 
[knoppix-dvd]
 
  comment = Knoppix DVD
 
  path = /mnt/storage1/knoppix-dvd
 
 
   exclude = lost+found/
 
   exclude = lost+found/
 
   read only = true
 
   read only = true
   ignore nonreadable = yes
+
   ignore nonreadable = yes</pre></code>
  
[linux]
+
*Created rsync motd /etc/rsyncd.motd
  comment = Linux Kernel
 
  path = /mnt/raid/linux
 
  exclude = lost+found/
 
  read only = true
 
  ignore nonreadable = yes
 
 
 
[mozilla]
 
  comment = Mozilla Project
 
  path = /mnt/storage1/mozilla
 
  exclude = lost+found/
 
  read only = true
 
  ignore nonreadable = yes
 
 
 
[openbsd]
 
  comment = OpenBSD
 
  path = /mnt/storage1/openbsd
 
  exclude = lost+found/
 
  read only = true
 
  ignore nonreadable = yes
 
 
 
[openoffice]
 
  comment = OpenOffice
 
  path = /mnt/raid/openoffice
 
  exclude = lost+found/
 
  read only = true
 
  ignore nonreadable = yes
 
 
 
[opensuse]
 
  comment = OpenSUSE
 
  path = /mnt/storage1/opensuse
 
  exclude = lost+found/
 
  read only = true
 
  ignore nonreadable = yes
 
 
 
[rpmforge]
 
  comment = RPMforge Repository
 
  path = /mnt/raid/rpmforge
 
  exclude = lost+found/
 
  read only = true
 
  ignore nonreadable = yes
 
 
 
[slackware]
 
  comment = Slackware
 
  path = /mnt/storage1/slackware
 
  exclude = lost+found/
 
  read only = true
 
  ignore nonreadable = yes
 
 
 
[software]
 
  comment = Kernel.org's Software
 
  path = /mnt/raid/software
 
  exclude = lost+found/
 
  read only = true
 
  ignore nonreadable = yes
 
 
 
[stacklet]
 
  comment = Stacklet (Formerly the Jailtime Project)
 
  path = /mnt/storage1/stacklet
 
  exclude = lost+found/
 
  read only = true
 
  ignore nonreadable = yes
 
 
 
[ubuntu-releases]
 
  comment = Ubuntu Releases
 
  path = /mnt/raid/ubuntu-releases
 
  exclude = lost+found/
 
  read only = true
 
  ignore nonreadable = yes
 
 
 
[ubuntu]
 
  comment = Ubuntu
 
  path = /mnt/raid/ubuntu
 
  exclude = lost+found/
 
  read only = true
 
  ignore nonreadable = yes
 
 
 
[videolan]
 
  comment = VideoLAN
 
  path = /mnt/storage1/videolan
 
  exclude = lost+found/
 
  read only = true
 
  ignore nonreadable = yes
 
</pre></code>
 
 
 
*Created rsync motd <code>/etc/rsyncd.motd</code>
 
 
<code><pre>
 
<code><pre>
#########################################################################################
+
###############################################################
  _______        __
 
/ ___/ /__ _____/ /__ ___ ___  ___
 
/ /__/ / _ `/ __/  '_/(_-</ _ \/ _ \
 
\___/_/\_,_/_/ /_/\_\/___/\___/_//_/
 
  
  __  __    _                  _ __
+
The Clarkson University mirror is located in Potsdam, NY, US.
/ / / /__  (_)  _____ _______ (_) /___ __
 
/ /_/ / _ \/ / |/ / -_) __(_-</ / __/ // /
 
\____/_//_/_/|___/\__/_/ /___/_/\__/\_, /
 
                                  /___/
 
  __  ____
 
  /  |/  (_)__________  ____
 
/ /|_/ / / __/ __/ _ \/ __/
 
/_/  /_/_/_/ /_/  \___/_/
 
 
 
Welcome to the Clarkson University mirror located in Potsdam, NY.
 
  
 
This mirror is operated by the Clarkson Open Source Institute.
 
This mirror is operated by the Clarkson Open Source Institute.
 
http://cosi.clarkson.edu/
 
http://cosi.clarkson.edu/
  
If you have any questions or problems, please email mirror-admin@cslabs.clarkson.edu.
+
If you have any questions or problems, please email
 +
mirror-admin@cslabs.clarkson.edu.
  
#########################################################################################
+
Recent changes can be found at
 +
http://status.cslabs.clarkson.edu/tag/mirror.
 +
 
 +
###############################################################
 
</pre></code>
 
</pre></code>
 
*Secured rsync
 
**<code>chown root.root /etc/rsyncd.*</code>
 
**<code>chmod 600 /etc/rsyncd.*</code>
 
 
*Restarted xinetd
 
**<code>/etc/init.d/xinetd restart</code>
 
  
 
==Set Up Fedora Mirror Manager==
 
==Set Up Fedora Mirror Manager==
 
*Installed mirrormanager
 
*Installed mirrormanager
**<code>yum install mirrormanager-client</code>
+
cd /usr/local/sbin
 +
git clone git://git.fedorahosted.org/mirrormanager/
 +
ln -s /usr/local/sbin/mirrormanager/client/report_mirror /usr/local/sbin/report_mirror
 +
  
 
*Configured mirrormanager
 
*Configured mirrormanager
**Modified <code>/etc/mirrormanager-client/report_mirror.conf</code>
+
**Modified /etc/mirrormanager-client/report_mirror.conf
 
<code><pre>
 
<code><pre>
 
[global]
 
[global]
Line 1,406: Line 162:
 
[Fedora Linux]
 
[Fedora Linux]
 
enabled=1
 
enabled=1
path=/var/www/html/fedora/linux
+
path=/usr/share/nginx/www/fedora/linux
  
 
[Fedora EPEL]
 
[Fedora EPEL]
 
enabled=1
 
enabled=1
path=/var/www/html/epel
+
path=/usr/share/nginx/www/epel
  
 
# lesser used categories below
 
# lesser used categories below
Line 1,416: Line 172:
 
[Fedora Web]
 
[Fedora Web]
 
enabled=0
 
enabled=0
path=/var/www/html/pub/fedora/web
+
path=/usr/share/nginx/www/pub/fedora/web
  
 
[Fedora Secondary Arches]
 
[Fedora Secondary Arches]
 
enabled=0
 
enabled=0
path=/var/www/html/pub/fedora-secondary
+
path=/usr/share/nginx/www/pub/fedora-secondary
  
 
[Fedora Other]
 
[Fedora Other]
 
enabled=0
 
enabled=0
path=/var/www/html/pub/alt
+
path=/usr/share/nginx/www/pub/alt
  
 
# historical content
 
# historical content
Line 1,430: Line 186:
 
[Fedora Core]
 
[Fedora Core]
 
enabled=0
 
enabled=0
path=/var/www/html/pub/fedora/linux/core
+
path=/usr/share/nginx/www/pub/fedora/linux/core
  
 
[Fedora Extras]
 
[Fedora Extras]
 
enabled=0
 
enabled=0
path=/var/www/html/pub/fedora/linux/extras
+
path=/usr/share/nginx/www/pub/fedora/linux/extras
  
 
[Fedora Archive]
 
[Fedora Archive]
 
enabled=0
 
enabled=0
path=/var/www/html/pub/fedora-archive
+
path=/usr/share/nginx/www/pub/fedora-archive
 +
</pre></code>
 +
 
 +
*Added cron entries for root
 +
<code><pre>
 +
# Dir sizes
 +
0 0 * * * /usr/local/bin/dir_sizes.sh
 +
 
 +
# backup
 +
45 0 * * * /bin/nice -n 19 /usr/bin/ionice -c2 -n7 /usr/local/bin/backup.sh
 +
 
 +
10 0 * * * /usr/local/sbin/report_mirror
 
</pre></code>
 
</pre></code>
  
[[Category:Server Setup Documentation]]
+
 
 +
[[mirror rsync setup|Setup Rsync Scripts]]

Latest revision as of 22:05, 27 April 2016


This page summarizes how Old Mirror was set up in Spring 2014.

Install

See Debian Server Setup

Debian 7 x64

  • 71 GB / - Software RAID 1
  • 4GB Swap per OS Drive

Setup

See Debian Server Setup

Raid

  • sda sdb sdc sde sdg sdh
  • /dev/md2
  • Software RAID 10
  • /storage xfs

Networking

eth2

  • Intel Corporation 82541PI Gigabit Ethernet Controller
  • HWADDR=00:1B:21:28:C8:48
  • IPADDR=128.153.145.19

eth1

  • Intel Corporation 82566DM-2 Gigabit Network Connection
  • HWADDR=00:30:48:9A:DB:26
  • IPADDR=10.0.1.36

eth3

  • Intel Corporation 82573L Gigabit Ethernet Controller
  • HWADDR=00:30:48:9A:DB:27
  • IPADDR=10.0.0.14

Set Up SSH Login Banner

/etc/issue.net

         _                 
  __ _  (_)__________  ____
 /  ' \/ / __/ __/ _ \/ __/
/_/_/_/_/_/ /_/  \___/_/   
                           

SSHD config

uncomment

Banner /etc/issue.net

Installed nginx

apt-get install install nginx

Configure rsync to run as a daemon

  • Installed xinetd
apt-get install rsync
  • Configured rsync /etc/rsyncd.conf
uid = nobody
gid = nogroup
use chroot = yes
max connections = 20
pid file = /var/run/rsyncd.pid
motd file = /etc/rsyncd.motd
log file = /var/log/rsync.log
transfer logging = yes
log format = %t %a %m %f %b
syslog facility = local3
timeout = 900
dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
refuse options = checksum

[name]
  comment = Name of Repository
  path = /storage/repository
  exclude = lost+found/
  read only = true
  ignore nonreadable = yes
  • Created rsync motd /etc/rsyncd.motd
###############################################################

The Clarkson University mirror is located in Potsdam, NY, US.

This mirror is operated by the Clarkson Open Source Institute.
http://cosi.clarkson.edu/

If you have any questions or problems, please email
mirror-admin@cslabs.clarkson.edu.

Recent changes can be found at
http://status.cslabs.clarkson.edu/tag/mirror.

###############################################################

Set Up Fedora Mirror Manager

  • Installed mirrormanager
cd /usr/local/sbin
git clone git://git.fedorahosted.org/mirrormanager/
ln -s /usr/local/sbin/mirrormanager/client/report_mirror /usr/local/sbin/report_mirror

  • Configured mirrormanager
    • Modified /etc/mirrormanager-client/report_mirror.conf
[global]
# if enabled=0, no data is sent to the database
enabled=1
# server= is the URL to the MirrorManager XML-RPC interface
server=https://admin.fedoraproject.org/mirrormanager/xmlrpc


[site]
# if enabled=0, no data about this site is sent to the database
enabled=1
# Name and Password fields need to match the Site name and password
# fields you entered for your Site in the MirrorManager database at
# https://admin.fedoraproject.org/mirrormanager
name=Clarkson University
password=<PASSWORD GOES HERE>

[host]
# if enabled=0, no data about this host is sent to the database
enabled=1
# Name field need to match the Host name field you entered for your
# Host in the MirrorManager database at
# https://admin.fedoraproject.org/mirrormanager
name=mirror.clarkson.edu
# if user_active=0, no data about this category is given to the public
# This can be used to toggle between serving and not serving data,
# such enabled during the nighttime (when you have more idle bandwidth
# available) and disabled during the daytime.
# By not specifying user_active, the database will not be updated.
# user_active=1

[stats]
# Stats are only sent when run with the -s option
# and when this section is enabled.
# This feature is not presently implemented
enabled=0
apache=/var/log/httpd/access_log
vsftpd=/var/log/vsftpd.log
# remember to enable log file and transfer logging in rsyncd.conf
rsyncd=/var/log/rsyncd.log


# Content Categories
# These sections match the Categories for content tracked by MirrorManager.
#
# enabled=1 means information about this category will be sent to the database.
# enabled=0, no data about this host is sent to the database.  If the
# database already has information for you for this Category, it will
# remain unchanged.  This can be used to update the database after you
# have manually synced some infrequently-updated content, such as
# historical releases.
#
# path= is the path on your local disk to the top-level directory for this Category

[Fedora Linux]
enabled=1
path=/usr/share/nginx/www/fedora/linux

[Fedora EPEL]
enabled=1
path=/usr/share/nginx/www/epel

# lesser used categories below

[Fedora Web]
enabled=0
path=/usr/share/nginx/www/pub/fedora/web

[Fedora Secondary Arches]
enabled=0
path=/usr/share/nginx/www/pub/fedora-secondary

[Fedora Other]
enabled=0
path=/usr/share/nginx/www/pub/alt

# historical content

[Fedora Core]
enabled=0
path=/usr/share/nginx/www/pub/fedora/linux/core

[Fedora Extras]
enabled=0
path=/usr/share/nginx/www/pub/fedora/linux/extras

[Fedora Archive]
enabled=0
path=/usr/share/nginx/www/pub/fedora-archive
  • Added cron entries for root
# Dir sizes
0 0 * * * /usr/local/bin/dir_sizes.sh

# backup
45 0 * * * /bin/nice -n 19 /usr/bin/ionice -c2 -n7 /usr/local/bin/backup.sh

10 0 * * * /usr/local/sbin/report_mirror


Setup Rsync Scripts