Difference between revisions of "Mirror Setup Process"

From CSLabsWiki
m (Added Custom PATH Variables)
 
(77 intermediate revisions by 3 users not shown)
Line 1: Line 1:
  +
[[Category:Server Setup Documentation]]
This page summarizes how [[Mirror]] was set up in Spring 2009.
 
   
  +
This page summarizes how [[Old Mirror]] was set up in Spring 2014.
==Install==
 
*Installed CentOS 5.3 x64.
 
**Partition Scheme
 
***
 
***
 
***
 
   
  +
=Install=
==Configuration==
 
  +
See [[Debian Server Setup]]
===Updated VM===
 
*Added RPMForge Yum Repository
 
**<code>rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm</code>
 
***From [http://dag.wieers.com/rpm/FAQ.php#B2 Dag Wieers]
 
   
  +
==Debian 7 x64==
*<code>yum install yum-fastestmirror vim-enhanced gcc emacs-nox screen</code>
 
  +
*71 GB / - Software RAID 1
*<code>yum update</code>
 
  +
*4GB Swap per OS Drive
   
  +
=Setup=
===Created Users===
 
  +
See [[Debian Server Setup]]
*Created user mccarrms
 
**<code>/usr/sbin/useradd -m mccarrms</code>
 
*Set password for mccarrms
 
**<code>passwd mccarrms</code>
 
*Created user ignazirj
 
**<code>/usr/sbin/useradd -m ignazirj</code>
 
*Set password for ignazirj
 
**<code>passwd ignazirj</code>
 
   
  +
==Raid==
  +
*sda sdb sdc sde sdg sdh
  +
*/dev/md2
  +
*Software RAID 10
  +
*/storage xfs
   
  +
==Networking==
===Configured Sudo===
 
*<code>/usr/sbin/visudo</code>
 
   
  +
===eth2===
<code><pre>
 
  +
*Intel Corporation 82541PI Gigabit Ethernet Controller
## Sudoers allows particular users to run various commands as
 
  +
*HWADDR=00:1B:21:28:C8:48
## the root user, without needing the root password.
 
  +
*IPADDR=128.153.145.19
   
  +
===eth1===
## Networking
 
  +
*Intel Corporation 82566DM-2 Gigabit Network Connection
Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
 
  +
*HWADDR=00:30:48:9A:DB:26
  +
*IPADDR=10.0.1.36
   
  +
===eth3===
## Installation and management of software
 
  +
*Intel Corporation 82573L Gigabit Ethernet Controller
Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
 
  +
*HWADDR=00:30:48:9A:DB:27
  +
*IPADDR=10.0.0.14
   
  +
==Set Up SSH Login Banner==
## Services
 
  +
/etc/issue.net
Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig
 
  +
<code><pre>
  +
_
  +
__ _ (_)__________ ____
  +
/ ' \/ / __/ __/ _ \/ __/
  +
/_/_/_/_/_/ /_/ \___/_/
  +
  +
</pre></code>
  +
==SSHD config==
  +
uncomment
  +
Banner /etc/issue.net
   
  +
==Installed nginx==
## Updating the locate database
 
  +
apt-get install install nginx
Cmnd_Alias LOCATE = /usr/sbin/updatedb
 
   
  +
==Configure rsync to run as a daemon==
## Storage
 
  +
*Installed <code>xinetd</code>
Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
 
  +
apt-get install rsync
   
  +
*Configured rsync /etc/rsyncd.conf
## Delegating permissions
 
Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp
 
 
## Processes
 
Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
 
 
## Drivers
 
Cmnd_Alias DRIVERS = /sbin/modprobe
 
 
## Shells
 
Cmnd_Alias SHELLS = /bin/sh, /bin/bash, /usr/bin/rsh, /bin/dash, /bin/rbash, /bin/su
 
 
## Users
 
Cmnd_Alias USERS = /usr/sbin/useradd, /usr/sbin/userdel, /usr/sbin/userhelper, /usr/sbin/usermod, /usr/sbin/usernetctl
 
 
Defaults requiretty
 
 
Defaults env_reset,tty_tickets,lecture=always,logfile=/var/log/sudo.log
 
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \
 
LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \
 
LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \
 
LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \
 
LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \
 
_XKB_CHARSET XAUTHORITY"
 
 
## Allow root to run any commands anywhere
 
root ALL=(ALL) ALL
 
%wheel ALL=(ALL) ALL
 
</pre></code>
 
 
===Configured Networks===
 
*Configured hostname in <code>/etc/sysconfig/network</code>
 
 
<code><pre>
 
<code><pre>
  +
uid = nobody
NETWORKING=yes
 
  +
gid = nogroup
NETWORKING_IPV6=no
 
  +
use chroot = yes
HOSTNAME=mirror.clarkson.edu
 
  +
max connections = 20
GATEWAY=128.153.145.1
 
  +
pid file = /var/run/rsyncd.pid
</pre></code>
 
  +
motd file = /etc/rsyncd.motd
  +
log file = /var/log/rsync.log
  +
transfer logging = yes
  +
log format = %t %a %m %f %b
  +
syslog facility = local3
  +
timeout = 900
  +
dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
  +
refuse options = checksum
   
  +
[name]
*Verified eth0 configuration for Clarkson Network in <code>/etc/sysconfig/network-scripts/ifcfg-eth0</code>
 
  +
comment = Name of Repository
<code><pre>
 
  +
path = /storage/repository
# Intel Corporation 82541PI Gigabit Ethernet Controller
 
  +
exclude = lost+found/
DEVICE=eth0
 
  +
read only = true
BOOTPROTO=static
 
  +
ignore nonreadable = yes</pre></code>
BROADCAST=128.153.145.255
 
HWADDR=00:1B:21:28:C8:48
 
IPADDR=128.153.145.19
 
NETMASK=255.255.255.0
 
NETWORK=128.153.145.0
 
ONBOOT=yes
 
</pre></code>
 
   
  +
*Created rsync motd /etc/rsyncd.motd
*Verified eth1 configuration for the Server Room Network in <code>/etc/sysconfig/network-scripts/ifcfg-eth1</code>
 
 
<code><pre>
 
<code><pre>
  +
###############################################################
# Intel Corporation 82566DM-2 Gigabit Network Connection
 
DEVICE=eth1
 
BOOTPROTO=static
 
BROADCAST=10.0.1.255
 
HWADDR=00:30:48:9A:DB:26
 
IPADDR=10.0.1.36
 
NETMASK=255.255.255.0
 
NETWORK=10.0.1.0
 
ONBOOT=yes
 
</pre></code>
 
   
  +
The Clarkson University mirror is located in Potsdam, NY, US.
*Verified eth2 configuration for the Internal Network in <code>/etc/sysconfig/network-scripts/ifcfg-eth2</code>
 
<code><pre>
 
# Intel Corporation 82573L Gigabit Ethernet Controller
 
DEVICE=eth2
 
BOOTPROTO=static
 
BROADCAST=10.0.0.255
 
HWADDR=00:30:48:9A:DB:27
 
IPADDR=10.0.0.14
 
NETMASK=255.255.255.0
 
NETWORK=10.0.0.0
 
ONBOOT=yes
 
</pre></code>
 
   
  +
This mirror is operated by the Clarkson Open Source Institute.
====Configured Hosts====
 
  +
http://cosi.clarkson.edu/
*Edited <code>/etc/hosts</code>
 
<code><pre>
 
127.0.0.1 localhost.localdomain localhost
 
::1 localhost6.localdomain6 localhost6
 
128.153.145.19 mirror.clarkson.edu mirror.cslabs.clarkson.edu mirror.cslabs mirror
 
10.0.1.36 mirror.sr.cslabs.clarkson.edu mirror.sr.cslabs mirror.sr
 
10.0.0.14 mirror.int.cslabs.clarkson.edu mirror.int.cslabs mirror.int
 
</pre></code>
 
   
  +
If you have any questions or problems, please email
====Configured DNS Servers====
 
  +
mirror-admin@cslabs.clarkson.edu.
*Edited <code>/etc/resolv.conf</code>
 
<code><pre>
 
search clarkson.edu
 
nameserver 128.153.0.254
 
nameserver 128.153.5.254
 
</pre></code>
 
   
  +
Recent changes can be found at
===Configured IPtables===
 
  +
http://status.cslabs.clarkson.edu/tag/mirror.
<code><pre>
 
Due to the sensitivity of this material, this config file has been left off; however, the following rules are needed.
 
</pre></code>
 
*Restarted iptables
 
**<code>/etc/init.d/iptables restart</code>
 
   
  +
###############################################################
===Configured SSH===
 
*Edited <code>/etc/ssh/sshd_config</code>
 
<code><pre>
 
Due to the sensitivity of this material, this config file has been left off.
 
 
</pre></code>
 
</pre></code>
*Restarted sshd
 
**<code>/etc/init.d/sshd restart</code>
 
   
====Set Up SSH Login Banner====
+
==Set Up Fedora Mirror Manager==
  +
*Installed mirrormanager
*Edited <code>/etc/issue.net</code>
 
  +
cd /usr/local/sbin
<code><pre>
 
  +
git clone git://git.fedorahosted.org/mirrormanager/
_
 
  +
ln -s /usr/local/sbin/mirrormanager/client/report_mirror /usr/local/sbin/report_mirror
__ _ (_)__________ ____
 
  +
/ ' \/ / __/ __/ _ \/ __/
 
/_/_/_/_/_/ /_/ \___/_/
 
 
</pre></code>
 
   
===Configured Password Requirements===
+
*Configured mirrormanager
  +
**Modified /etc/mirrormanager-client/report_mirror.conf
*Edited <code>/etc/login.defs</code>
 
 
<code><pre>
 
<code><pre>
  +
[global]
MAIL_DIR /var/spool/mail
 
  +
# if enabled=0, no data is sent to the database
  +
enabled=1
  +
# server= is the URL to the MirrorManager XML-RPC interface
  +
server=https://admin.fedoraproject.org/mirrormanager/xmlrpc
   
PASS_MAX_DAYS 360
 
PASS_MIN_DAYS 0
 
PASS_MIN_LEN 8
 
PASS_WARN_AGE 60
 
   
  +
[site]
UID_MIN 500
 
  +
# if enabled=0, no data about this site is sent to the database
UID_MAX 60000
 
  +
enabled=1
  +
# Name and Password fields need to match the Site name and password
  +
# fields you entered for your Site in the MirrorManager database at
  +
# https://admin.fedoraproject.org/mirrormanager
  +
name=Clarkson University
  +
password=<PASSWORD GOES HERE>
   
  +
[host]
GID_MIN 500
 
  +
# if enabled=0, no data about this host is sent to the database
GID_MAX 60000
 
  +
enabled=1
  +
# Name field need to match the Host name field you entered for your
  +
# Host in the MirrorManager database at
  +
# https://admin.fedoraproject.org/mirrormanager
  +
name=mirror.clarkson.edu
  +
# if user_active=0, no data about this category is given to the public
  +
# This can be used to toggle between serving and not serving data,
  +
# such enabled during the nighttime (when you have more idle bandwidth
  +
# available) and disabled during the daytime.
  +
# By not specifying user_active, the database will not be updated.
  +
# user_active=1
   
  +
[stats]
CREATE_HOME yes
 
  +
# Stats are only sent when run with the -s option
  +
# and when this section is enabled.
  +
# This feature is not presently implemented
  +
enabled=0
  +
apache=/var/log/httpd/access_log
  +
vsftpd=/var/log/vsftpd.log
  +
# remember to enable log file and transfer logging in rsyncd.conf
  +
rsyncd=/var/log/rsyncd.log
   
UMASK 077
 
   
  +
# Content Categories
USERGROUPS_ENAB yes
 
  +
# These sections match the Categories for content tracked by MirrorManager.
  +
#
  +
# enabled=1 means information about this category will be sent to the database.
  +
# enabled=0, no data about this host is sent to the database. If the
  +
# database already has information for you for this Category, it will
  +
# remain unchanged. This can be used to update the database after you
  +
# have manually synced some infrequently-updated content, such as
  +
# historical releases.
  +
#
  +
# path= is the path on your local disk to the top-level directory for this Category
   
  +
[Fedora Linux]
MD5_CRYPT_ENAB yes
 
  +
enabled=1
  +
path=/usr/share/nginx/www/fedora/linux
   
  +
[Fedora EPEL]
ENCRYPT_METHOD MD5
 
  +
enabled=1
</pre></code>
 
  +
path=/usr/share/nginx/www/epel
   
  +
# lesser used categories below
===Added Custom PATH Variables===
 
*Added the following to <code>/etc/profile</code>
 
<code><pre>
 
PATH=$PATH:/usr/sbin:/sbin
 
export PATH
 
</pre></code>
 
   
  +
[Fedora Web]
===Set Up & Configured NTP===
 
  +
enabled=0
*Installed NTP
 
  +
path=/usr/share/nginx/www/pub/fedora/web
**<code>yum install ntp</code>
 
   
  +
[Fedora Secondary Arches]
*Edited <code>/etc/ntp.conf</code>
 
  +
enabled=0
<code><pre>
 
  +
path=/usr/share/nginx/www/pub/fedora-secondary
restrict default kod nomodify notrap nopeer noquery
 
restrict -6 default kod nomodify notrap nopeer noquery
 
   
  +
[Fedora Other]
restrict 127.0.0.1
 
  +
enabled=0
restrict -6 ::1
 
  +
path=/usr/share/nginx/www/pub/alt
   
  +
# historical content
restrict tick.clarkson.edu mask 255.255.255.255 nomodify notrap noquery
 
restrict tock.clarkson.edu mask 255.255.255.255 nomodify notrap noquery
 
   
  +
[Fedora Core]
server tick.clarkson.edu
 
  +
enabled=0
server tock.clarkson.edu
 
  +
path=/usr/share/nginx/www/pub/fedora/linux/core
   
  +
[Fedora Extras]
server 127.127.1.0 # local clock
 
  +
enabled=0
fudge 127.127.1.0 stratum 10
 
  +
path=/usr/share/nginx/www/pub/fedora/linux/extras
   
  +
[Fedora Archive]
driftfile /var/lib/ntp/drift
 
  +
enabled=0
 
  +
path=/usr/share/nginx/www/pub/fedora-archive
keys /etc/ntp/keys
 
 
</pre></code>
 
</pre></code>
   
  +
*Added cron entries for root
*Edited <code>/etc/ntp/step-tickers</code>
 
<code><pre>
 
tick.clarkson.edu
 
tock.clarkson.edu
 
</pre></code>
 
 
*Configured ntpd to start on boot
 
**<code>/sbin/chkconfig --levels 35 ntpd on</code>
 
 
*Started ntpd
 
**<code>/etc/init.d/ntpd start</code>
 
 
====Configured ntpd to Sync Hardware Clock====
 
*Edited <code>/etc/sysconfig/ntpd</code>
 
 
<code><pre>
 
<code><pre>
  +
# Dir sizes
# Drop root to id 'ntp:ntp' by default.
 
  +
0 0 * * * /usr/local/bin/dir_sizes.sh
OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid"
 
   
  +
# backup
# Set to 'yes' to sync hw clock after successful ntpdate
 
  +
45 0 * * * /bin/nice -n 19 /usr/bin/ionice -c2 -n7 /usr/local/bin/backup.sh
SYNC_HWCLOCK=yes
 
   
  +
10 0 * * * /usr/local/sbin/report_mirror
# Additional options for ntpdate
 
NTPDATE_OPTIONS=""
 
 
</pre></code>
 
</pre></code>
   
===Configured to Power On when Power is Restored===
 
*Edited the BIOS to have <code>Restore on AC/Power Loss</code> set to <code>Power On</code>.
 
   
  +
[[mirror rsync setup|Setup Rsync Scripts]]
[[Category:Documentation]]
 
[[Category:Infrastructure]]
 

Latest revision as of 22:05, 27 April 2016


This page summarizes how Old Mirror was set up in Spring 2014.

Install

See Debian Server Setup

Debian 7 x64

  • 71 GB / - Software RAID 1
  • 4GB Swap per OS Drive

Setup

See Debian Server Setup

Raid

  • sda sdb sdc sde sdg sdh
  • /dev/md2
  • Software RAID 10
  • /storage xfs

Networking

eth2

  • Intel Corporation 82541PI Gigabit Ethernet Controller
  • HWADDR=00:1B:21:28:C8:48
  • IPADDR=128.153.145.19

eth1

  • Intel Corporation 82566DM-2 Gigabit Network Connection
  • HWADDR=00:30:48:9A:DB:26
  • IPADDR=10.0.1.36

eth3

  • Intel Corporation 82573L Gigabit Ethernet Controller
  • HWADDR=00:30:48:9A:DB:27
  • IPADDR=10.0.0.14

Set Up SSH Login Banner

/etc/issue.net

         _                 
  __ _  (_)__________  ____
 /  ' \/ / __/ __/ _ \/ __/
/_/_/_/_/_/ /_/  \___/_/   
                           

SSHD config

uncomment

Banner /etc/issue.net

Installed nginx

apt-get install install nginx

Configure rsync to run as a daemon

  • Installed xinetd
apt-get install rsync
  • Configured rsync /etc/rsyncd.conf
uid = nobody
gid = nogroup
use chroot = yes
max connections = 20
pid file = /var/run/rsyncd.pid
motd file = /etc/rsyncd.motd
log file = /var/log/rsync.log
transfer logging = yes
log format = %t %a %m %f %b
syslog facility = local3
timeout = 900
dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
refuse options = checksum

[name]
  comment = Name of Repository
  path = /storage/repository
  exclude = lost+found/
  read only = true
  ignore nonreadable = yes
  • Created rsync motd /etc/rsyncd.motd
###############################################################

The Clarkson University mirror is located in Potsdam, NY, US.

This mirror is operated by the Clarkson Open Source Institute.
http://cosi.clarkson.edu/

If you have any questions or problems, please email
mirror-admin@cslabs.clarkson.edu.

Recent changes can be found at
http://status.cslabs.clarkson.edu/tag/mirror.

###############################################################

Set Up Fedora Mirror Manager

  • Installed mirrormanager
cd /usr/local/sbin
git clone git://git.fedorahosted.org/mirrormanager/
ln -s /usr/local/sbin/mirrormanager/client/report_mirror /usr/local/sbin/report_mirror

  • Configured mirrormanager
    • Modified /etc/mirrormanager-client/report_mirror.conf
[global]
# if enabled=0, no data is sent to the database
enabled=1
# server= is the URL to the MirrorManager XML-RPC interface
server=https://admin.fedoraproject.org/mirrormanager/xmlrpc


[site]
# if enabled=0, no data about this site is sent to the database
enabled=1
# Name and Password fields need to match the Site name and password
# fields you entered for your Site in the MirrorManager database at
# https://admin.fedoraproject.org/mirrormanager
name=Clarkson University
password=<PASSWORD GOES HERE>

[host]
# if enabled=0, no data about this host is sent to the database
enabled=1
# Name field need to match the Host name field you entered for your
# Host in the MirrorManager database at
# https://admin.fedoraproject.org/mirrormanager
name=mirror.clarkson.edu
# if user_active=0, no data about this category is given to the public
# This can be used to toggle between serving and not serving data,
# such enabled during the nighttime (when you have more idle bandwidth
# available) and disabled during the daytime.
# By not specifying user_active, the database will not be updated.
# user_active=1

[stats]
# Stats are only sent when run with the -s option
# and when this section is enabled.
# This feature is not presently implemented
enabled=0
apache=/var/log/httpd/access_log
vsftpd=/var/log/vsftpd.log
# remember to enable log file and transfer logging in rsyncd.conf
rsyncd=/var/log/rsyncd.log


# Content Categories
# These sections match the Categories for content tracked by MirrorManager.
#
# enabled=1 means information about this category will be sent to the database.
# enabled=0, no data about this host is sent to the database.  If the
# database already has information for you for this Category, it will
# remain unchanged.  This can be used to update the database after you
# have manually synced some infrequently-updated content, such as
# historical releases.
#
# path= is the path on your local disk to the top-level directory for this Category

[Fedora Linux]
enabled=1
path=/usr/share/nginx/www/fedora/linux

[Fedora EPEL]
enabled=1
path=/usr/share/nginx/www/epel

# lesser used categories below

[Fedora Web]
enabled=0
path=/usr/share/nginx/www/pub/fedora/web

[Fedora Secondary Arches]
enabled=0
path=/usr/share/nginx/www/pub/fedora-secondary

[Fedora Other]
enabled=0
path=/usr/share/nginx/www/pub/alt

# historical content

[Fedora Core]
enabled=0
path=/usr/share/nginx/www/pub/fedora/linux/core

[Fedora Extras]
enabled=0
path=/usr/share/nginx/www/pub/fedora/linux/extras

[Fedora Archive]
enabled=0
path=/usr/share/nginx/www/pub/fedora-archive
  • Added cron entries for root
# Dir sizes
0 0 * * * /usr/local/bin/dir_sizes.sh

# backup
45 0 * * * /bin/nice -n 19 /usr/bin/ionice -c2 -n7 /usr/local/bin/backup.sh

10 0 * * * /usr/local/sbin/report_mirror


Setup Rsync Scripts