Difference between revisions of "Mirror Setup Process"

From CSLabsWiki
m (Installed Apache)
 
(26 intermediate revisions by 3 users not shown)
Line 1: Line 1:
  +
[[Category:Server Setup Documentation]]
This page summarizes how [[Mirror]] was set up in Spring 2009.
  
   
  +
This page summarizes how [[Old Mirror]] was set up in Spring 2014.
==Install==
  
*Installed CentOS 5.3 x64.
  
**Partition Scheme ('''Note: This isn't the most ideal partition layout but was the best use of space at the time while providing redundancy for some things that we mirror.''')
  
***100 MB /boot - Software RAID 1
  
***73 GB root_lvg - Logical Volume Group Software RAID 1
  
****53 GB / (root_lvg-root_lv)
  
****10 GB /var (root_lvg-var_lv)
  
****10 GB swap (root_lvg-swap_lv)
  
***903 GB /mnt/raid - Software RAID 1
  
***1.8 TB /mnt/lvg_storage (storage_lvg-storage_lv)
  
***903 GB /mnt/storage1
  
***903 GB /mnt/storage2
  
   
  +
=Install=
===Kickstart File===
  
  +
See [[Debian Server Setup]]
<code><pre>
  
# Kickstart file automatically generated by anaconda.
  
   
  +
==Debian 7 x64==
install
  
  +
*71 GB / - Software RAID 1
cdrom
  
  +
*4GB Swap per OS Drive
lang en_US.UTF-8
  
keyboard us
  
network --device eth0 --bootproto static --ip 128.153.145.19 --netmask 255.255.255.0 --gateway 128.153.145.1 --nameserver 128.153.0.254,128.153.5.254 --hostname mirror
  
network --device eth1 --bootproto static --ip 10.0.1.36 --netmask 255.255.255.0 --gateway 128.153.145.1 --nameserver 128.153.0.254,128.153.5.254 --hostname mirror
  
network --device eth2 --bootproto static --ip 10.0.0.14 --netmask 255.255.255.0 --gateway 128.153.145.1 --nameserver 128.153.0.254,128.153.5.254 --hostname mirror
  
rootpw --iscrypted ENCRYPTED-PASSWORD-GOES-HERE
  
firewall --enabled --port=22:tcp
  
authconfig --enableshadow --enablemd5
  
selinux --enforcing
  
timezone --utc America/New_York
  
bootloader --location=partition --driveorder=hda,hdb,sda,sdc,sdb,sdd,sde,sdf --md5pass=ENCRYPTED-PASSWORD-GOES-HERE
  
# The following is the partition information you requested
  
# Note that any partitions you deleted are not expressed
  
# here so unless you clear all partitions first, this is
  
# not guaranteed to work
  
clearpart --linux
  
part raid.11 --size=100 --ondisk=hda
  
part raid.14 --size=100 --ondisk=hdb
  
part /mnt/storage2 --fstype ext3 --size=100 --grow --ondisk=sdf
  
part /mnt/storage1 --fstype ext3 --size=100 --grow --ondisk=sde
  
part pv.25 --size=100 --grow --ondisk=sdd
  
part pv.24 --size=100 --grow --ondisk=sdc
  
part raid.22 --size=100 --grow --ondisk=sdb
  
part raid.21 --size=100 --grow --ondisk=sda
  
part raid.13 --size=100 --grow --ondisk=hdb
  
part raid.12 --size=100 --grow --ondisk=hda
  
raid /boot --fstype ext3 --level=RAID1 --device=md0 raid.11 raid.14
  
raid pv.16 --fstype "physical volume (LVM)" --level=RAID1 --device=md1 raid.12 raid.13
  
raid /mnt/raid --fstype ext3 --level=RAID1 --device=md2 raid.21 raid.22
  
volgroup root_lvg --pesize=32768 pv.16
  
volgroup storage_lvg --pesize=32768 pv.24 pv.25
  
logvol swap --fstype swap --name=swap_lv --vgname=root_lvg --size=10240
  
logvol /var --fstype ext3 --name=var_lv --vgname=root_lvg --size=10240
  
logvol / --fstype ext3 --name=root_lv --vgname=root_lvg --size=55712
  
logvol /mnt/lvg_storage --fstype ext3 --name=storage_lv --vgname=storage_lvg --size=1907712
  
   
  +
=Setup=
%packages
  
  +
See [[Debian Server Setup]]
@core
  
@base
  
device-mapper-multipath
  
-NetworkManager
  
-bluez-utils
  
</pre></code>
  
   
==Configuration==
 +
==Raid==
  +
*sda sdb sdc sde sdg sdh
===Updated System===
  
  +
*/dev/md2
*Added Extra Repositories
  
  +
*Software RAID 10
**RPMForge Yum Repository
  
  +
*/storage xfs
***<code>rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm</code>
  
****From [http://dag.wieers.com/rpm/FAQ.php#B2 Dag Wieers]
  
**Fedora EPEL Yum Repository
  
***<code>rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-3.noarch.rpm</code>
  
****From [http://download.fedora.redhat.com/pub/epel/5/x86_64/repoview/epel-release.html Fedora]
  
   
  +
==Networking==
*Configured Yum Priorities & to use our mirror
  
**Edited <code>/etc/yum.repos.d/CentOS-Base.repo</code>
  
<code><pre>
  
# CentOS-Base.repo
  
#
  
# This file uses a new mirrorlist system developed by Lance Davis for CentOS.
  
# The mirror system uses the connecting IP address of the client and the
  
# update status of each mirror to pick mirrors that are updated to and
  
# geographically close to the client. You should use this for CentOS updates
  
# unless you are manually picking other mirrors.
  
#
  
# If the mirrorlist= does not work for you, as a fall back you can try the
  
# remarked out baseurl= line instead.
  
#
  
#
  
   
  +
===eth2===
[base]
  
  +
*Intel Corporation 82541PI Gigabit Ethernet Controller
name=CentOS-$releasever - Base
  
  +
*HWADDR=00:1B:21:28:C8:48
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
  
  +
*IPADDR=128.153.145.19
baseurl=http://mirror.clarkson.edu/centos/$releasever/os/$basearch/
  
gpgcheck=1
  
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
  
priority=1
  
exclude=rsync
  
   
  +
===eth1===
#released updates
  
  +
*Intel Corporation 82566DM-2 Gigabit Network Connection
[updates]
  
  +
*HWADDR=00:30:48:9A:DB:26
name=CentOS-$releasever - Updates
  
  +
*IPADDR=10.0.1.36
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
  
baseurl=http://mirror.clarkson.edu/centos/$releasever/updates/$basearch/
  
gpgcheck=1
  
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
  
priority=1
  
exclude=rsync
  
   
  +
===eth3===
#packages used/produced in the build but not released
  
  +
*Intel Corporation 82573L Gigabit Ethernet Controller
[addons]
  
  +
*HWADDR=00:30:48:9A:DB:27
name=CentOS-$releasever - Addons
  
  +
*IPADDR=10.0.0.14
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=addons
  
baseurl=http://mirror.clarkson.edu/centos/$releasever/addons/$basearch/
  
gpgcheck=1
  
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
  
priority=1
  
 
#additional packages that may be useful
  
[extras]
  
name=CentOS-$releasever - Extras
  
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
  
baseurl=http://mirror.clarkson.edu/centos/$releasever/extras/$basearch/
  
gpgcheck=1
  
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
  
priority=1
  
 
#additional packages that extend functionality of existing packages
  
[centosplus]
  
name=CentOS-$releasever - Plus
  
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
  
baseurl=http://mirror.clarkson.edu/centos/$releasever/centosplus/$basearch/
  
gpgcheck=1
  
enabled=0
  
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
  
priority=2
  
 
#contrib - packages by Centos Users
  
[contrib]
  
name=CentOS-$releasever - Contrib
  
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
  
baseurl=http://mirror.clarkson.edu/centos/$releasever/contrib/$basearch/
  
gpgcheck=1
  
enabled=0
  
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
  
priority=2
  
</pre></code>
  
 
**Edited <code>/etc/yum.repos.d/rpmforge.repo</code>
  
<code><pre>
  
# Name: RPMforge RPM Repository for Red Hat Enterprise 5 - dag
  
# URL: http://rpmforge.net/
  
[rpmforge]
  
name = Red Hat Enterprise $releasever - RPMforge.net - dag
  
baseurl = http://mirror.clarkson.edu/rpmforge/redhat/el5/en/$basearch/dag
  
#mirrorlist = http://apt.sw.be/redhat/el5/en/mirrors-rpmforge
  
#mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge
  
enabled = 1
  
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
  
gpgcheck = 1
  
priority=15
  
</pre></code>
  
 
**Edited <code>/etc/yum.repos.d/epel.repo</code>
  
<code><pre>
  
[epel]
  
name=Extra Packages for Enterprise Linux 5 - $basearch
  
baseurl=http://mirror.clarkson.edu/epel/5/$basearch
  
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch
  
failovermethod=priority
  
enabled=1
  
gpgcheck=1
  
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
  
priority=30
  
 
[epel-debuginfo]
  
name=Extra Packages for Enterprise Linux 5 - $basearch - Debug
  
baseurl=http://mirror.clarkson.edu/epel/5/$basearch/debug
  
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-5&arch=$basearch
  
failovermethod=priority
  
enabled=0
  
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
  
gpgcheck=1
  
priority=30
  
 
[epel-source]
  
name=Extra Packages for Enterprise Linux 5 - $basearch - Source
  
baseurl=http://mirror.clarkson.edu/epel/5/SRPMS
  
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-5&arch=$basearch
  
failovermethod=priority
  
enabled=0
  
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
  
gpgcheck=1
  
priority=30
  
</pre></code>
  
 
**Edited <code>/etc/yum.repos.d/epel-testing.repo</code>
  
<code><pre>
  
[epel-testing]
  
name=Extra Packages for Enterprise Linux 5 - Testing - $basearch
  
baseurl=http://mirror.clarkson.edu/epel/testing/5/$basearch
  
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-epel5&arch=$basearch
  
failovermethod=priority
  
enabled=0
  
gpgcheck=1
  
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
  
priority=40
  
 
[epel-testing-debuginfo]
  
name=Extra Packages for Enterprise Linux 5 - Testing - $basearch - Debug
  
baseurl=http://mirror.clarkson.edu/epel/testing/5/$basearch/debug
  
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-debug-epel5&arch=$basearch
  
failovermethod=priority
  
enabled=0
  
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
  
gpgcheck=1
  
priority=40
  
 
[epel-testing-source]
  
name=Extra Packages for Enterprise Linux 5 - Testing - $basearch - Source
  
baseurl=http://mirror.clarkson.edu/epel/testing/5/SRPMS
  
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-source-epel5&arch=$basearch
  
failovermethod=priority
  
enabled=0
  
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
  
gpgcheck=1
  
priority=40
  
</pre></code>
  
 
*Disabled Yum FastestMirror since using local mirror
  
**<code>sed -i 's/enabled=1/enabled=0/g' /etc/yum/pluginconf.d/fastestmirror.conf</code>
  
 
*Installed Yum Priorities (Note: This must be installed prior to installing the packages below.)
  
**<code>yum install yum-priorities</code>
  
 
*Configured Yum Priorities to check for obsoletes
  
**<code>echo "check_obsoletes=1" >> /etc/yum/pluginconf.d/priorities.conf</code>
  
 
*<code>yum install vim-enhanced gcc emacs-nox screen iftop</code>
  
*<code>yum update</code>
  
 
===Created User===
  
*Created user mccarrms
  
**<code>/usr/sbin/useradd -m mccarrms</code>
  
*Set password for mccarrms
  
**<code>passwd mccarrms</code>
  
 
===Configured Sudo===
  
*<code>/usr/sbin/visudo</code>
  
 
<code><pre>
  
## Sudoers allows particular users to run various commands as
  
## the root user, without needing the root password.
  
 
## Networking
  
Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
  
 
## Installation and management of software
  
Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
  
 
## Services
  
Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig
  
 
## Updating the locate database
  
Cmnd_Alias LOCATE = /usr/sbin/updatedb
  
 
## Storage
  
Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
  
 
## Delegating permissions
  
Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp
  
 
## Processes
  
Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
  
 
## Drivers
  
Cmnd_Alias DRIVERS = /sbin/modprobe
  
 
## Shells
  
Cmnd_Alias SHELLS = /bin/sh, /bin/bash, /usr/bin/rsh, /bin/dash, /bin/rbash, /bin/su
  
 
## Users
  
Cmnd_Alias USERS = /usr/sbin/useradd, /usr/sbin/userdel, /usr/sbin/userhelper, /usr/sbin/usermod, /usr/sbin/usernetctl
  
 
Defaults requiretty
  
 
Defaults env_reset,tty_tickets,lecture=always,logfile=/var/log/sudo.log
  
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \
  
LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \
  
LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \
  
LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \
  
LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \
  
_XKB_CHARSET XAUTHORITY"
  
 
## Allow root to run any commands anywhere
  
root ALL=(ALL) ALL
  
%wheel ALL=(ALL) ALL
  
</pre></code>
  
 
===Configured Networks===
  
*Configured hostname in <code>/etc/sysconfig/network</code>
  
<code><pre>
  
NETWORKING=yes
  
NETWORKING_IPV6=no
  
HOSTNAME=mirror
  
GATEWAY=128.153.145.1
  
</pre></code>
  
 
*Verified eth0 configuration for Clarkson Network in <code>/etc/sysconfig/network-scripts/ifcfg-eth0</code>
  
<code><pre>
  
# Intel Corporation 82541PI Gigabit Ethernet Controller
  
DEVICE=eth0
  
BOOTPROTO=static
  
BROADCAST=128.153.145.255
  
HWADDR=00:1B:21:28:C8:48
  
IPADDR=128.153.145.19
  
NETMASK=255.255.255.0
  
NETWORK=128.153.145.0
  
ONBOOT=yes
  
</pre></code>
  
 
*Verified eth1 configuration for the Server Room Network in <code>/etc/sysconfig/network-scripts/ifcfg-eth1</code>
  
<code><pre>
  
# Intel Corporation 82566DM-2 Gigabit Network Connection
  
DEVICE=eth1
  
BOOTPROTO=static
  
BROADCAST=10.0.1.255
  
HWADDR=00:30:48:9A:DB:26
  
IPADDR=10.0.1.36
  
NETMASK=255.255.255.0
  
NETWORK=10.0.1.0
  
ONBOOT=yes
  
</pre></code>
  
 
*Verified eth2 configuration for the Internal Network in <code>/etc/sysconfig/network-scripts/ifcfg-eth2</code>
  
<code><pre>
  
# Intel Corporation 82573L Gigabit Ethernet Controller
  
DEVICE=eth2
  
BOOTPROTO=static
  
BROADCAST=10.0.0.255
  
HWADDR=00:30:48:9A:DB:27
  
IPADDR=10.0.0.14
  
NETMASK=255.255.255.0
  
NETWORK=10.0.0.0
  
ONBOOT=yes
  
</pre></code>
  
 
====Configured Hosts====
  
*Edited <code>/etc/hosts</code>
  
<code><pre>
  
127.0.0.1 localhost.localdomain localhost
  
::1 localhost6.localdomain6 localhost6
  
128.153.145.19 mirror.clarkson.edu mirror.cslabs.clarkson.edu mirror.cslabs mirror
  
10.0.1.36 mirror.sr.cslabs.clarkson.edu mirror.sr.cslabs mirror.sr
  
10.0.0.14 mirror.int.cslabs.clarkson.edu mirror.int.cslabs mirror.int
  
</pre></code>
  
 
*Edited <code>/etc/hosts.allow</code>
  
<code><pre>
  
For security purposes, this information has been intentionally left off.
  
</pre></code>
  
 
*Edited <code>/etc/hosts.deny</code>
  
<code><pre>
  
ALL: ALL
  
</pre></code>
  
 
====Configured DNS Servers====
  
*Edited <code>/etc/resolv.conf</code>
  
<code><pre>
  
search cslabs.clarkson.edu clarkson.edu
  
nameserver 128.153.0.254
  
nameserver 128.153.5.254
  
</pre></code>
  
 
====Disabled IP v6====
  
*Appended the following to <code>/etc/modprobe.conf</code>
  
<code><pre>
  
install ipv6 /bin/true
  
</pre></code>
  
*Disabled IP v6 firewall
  
**<code>/sbin/chkconfig ip6tables off</code>
  
 
===Configured IPtables===
  
<code><pre>
  
Due to the sensitivity of this material, this config file has been left off; however, the following rules are needed.
  
</pre></code>
  
*Restarted iptables
  
**<code>/etc/init.d/iptables restart</code>
  
 
===Configured SSH===
  
*Edited <code>/etc/ssh/sshd_config</code>
  
<code><pre>
  
Due to the sensitivity of this material, this config file has been left off.
  
</pre></code>
  
*Restarted sshd
  
**<code>/etc/init.d/sshd restart</code>
  
   
====Set Up SSH Login Banner====
 +
==Set Up SSH Login Banner==
*Edited <code>/etc/issue.net</code>
 +
/etc/issue.net
 
<code><pre>
  
<code><pre>
 
_
 
_
Line 407: Line 45:
 
 
 
</pre></code>
  
</pre></code>
  +
==SSHD config==
  +
uncomment
  +
Banner /etc/issue.net
   
  +
==Installed nginx==
===Configured Password Requirements===
  
  +
apt-get install install nginx
*Edited <code>/etc/login.defs</code>
  
<code><pre>
  
MAIL_DIR /var/spool/mail
  
 
PASS_MAX_DAYS 360
  
PASS_MIN_DAYS 0
  
PASS_MIN_LEN 8
  
PASS_WARN_AGE 60
  
 
UID_MIN 500
  
UID_MAX 60000
  
 
GID_MIN 500
  
GID_MAX 60000
  
 
CREATE_HOME yes
  
 
UMASK 077
  
 
USERGROUPS_ENAB yes
  
 
MD5_CRYPT_ENAB yes
  
 
ENCRYPT_METHOD MD5
  
</pre></code>
  
 
===Added Custom PATH Variables===
  
*Added the following to <code>/etc/profile</code>
  
<code><pre>
  
PATH=$PATH:/usr/sbin:/sbin
  
export PATH
  
</pre></code>
  
 
===Modified Root's Crontab===
  
*<code>crontab -e</code>
  
<code><pre>
  
# Used to update locate database
  
0 * * * * /usr/bin/updatedb
  
</pre></code>
  
 
===Set Up & Configured NTP===
  
*Installed NTP
  
**<code>yum install ntp</code>
  
 
*Edited <code>/etc/ntp.conf</code>
  
<code><pre>
  
restrict default kod nomodify notrap nopeer noquery
  
restrict -6 default kod nomodify notrap nopeer noquery
  
 
restrict 127.0.0.1
  
restrict -6 ::1
  
 
restrict tick.clarkson.edu mask 255.255.255.255 nomodify notrap noquery
  
restrict tock.clarkson.edu mask 255.255.255.255 nomodify notrap noquery
  
 
server tick.clarkson.edu
  
server tock.clarkson.edu
  
 
server 127.127.1.0 # local clock
  
fudge 127.127.1.0 stratum 10
  
 
driftfile /var/lib/ntp/drift
  
 
keys /etc/ntp/keys
  
</pre></code>
  
 
*Edited <code>/etc/ntp/step-tickers</code>
  
<code><pre>
  
tick.clarkson.edu
  
tock.clarkson.edu
  
</pre></code>
  
 
*Configured ntpd to start on boot
  
**<code>/sbin/chkconfig --levels 2345 ntpd on</code>
  
 
*Started ntpd
  
**<code>/etc/init.d/ntpd start</code>
  
 
====Configured ntpd to Sync Hardware Clock====
  
*Edited <code>/etc/sysconfig/ntpd</code>
  
<code><pre>
  
# Drop root to id 'ntp:ntp' by default.
  
OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid"
  
 
# Set to 'yes' to sync hw clock after successful ntpdate
  
SYNC_HWCLOCK=yes
  
 
# Additional options for ntpdate
  
NTPDATE_OPTIONS=""
  
</pre></code>
  
 
===Installed and Configured [http://www.apcupsd.org/ APCUPSD]===
  
This package is used to monitor the UPS which [[Mirror]] is plugged into and is used to shutdown the system in the event of a power failure.
  
 
====Configured to Power On when Power is Restored====
  
*Edited the BIOS to have <code>Restore on AC/Power Loss</code> set to <code>Power On</code>.
  
 
====Installed and configured <code>apcupsd</code>====
  
*Installed <code>apcupsd</code>
  
**<code>yum install apcupsd</code>
  
 
*Edited <code>/etc/apcupsd/apcupsd.conf</code>
  
<code><pre>
  
## apcupsd.conf v1.1 ##
  
 
UPSNAME ups3
  
 
UPSCABLE ether
  
 
UPSTYPE net
  
DEVICE 128.153.145.215:3551
  
 
LOCKFILE /var/lock
  
 
SCRIPTDIR /etc/apcupsd
  
 
PWRFAILDIR /etc/apcupsd
  
 
NOLOGINDIR /etc
  
 
ONBATTERYDELAY 6
  
 
BATTERYLEVEL 10
  
 
MINUTES 15
  
 
TIMEOUT 0
  
 
ANNOY 300
  
 
ANNOYDELAY 60
  
 
NOLOGON disable
  
 
KILLDELAY 0
  
 
NETSERVER on
  
 
NISIP 127.0.0.1
  
 
NISPORT 3551
  
 
EVENTSFILE /var/log/apcupsd.events
  
 
EVENTSFILEMAX 10
  
 
UPSCLASS standalone
  
 
UPSMODE disable
  
 
STATTIME 0
  
 
STATFILE /var/log/apcupsd.status
  
 
LOGSTATS off
  
 
DATATIME 0
  
 
SELFTEST 336
  
</pre></code>
  
 
*Configured <code>apcupsd</code> to start on boot
  
**<code>/sbin/chkconfig --levels 2345 apcupsd on</code>
  
 
*Started <code>apcupsd</code>
  
**<code>/etc/init.d/apcupsd start</code>
  
 
===Configured Aliases===
  
*Edited <code>/etc/aliases</code>
  
<code><pre>
  
#
  
# Aliases in this file will NOT be expanded in the header from
  
# Mail, but WILL be visible over networks or from /bin/mail.
  
#
  
# >>>>>>>>>> The program "newaliases" must be run after
  
# >> NOTE >> this file is updated for any changes to
  
# >>>>>>>>>> show through to sendmail.
  
#
  
 
# Basic system aliases -- these MUST be present.
  
mailer-daemon: postmaster
  
postmaster: logwatch@cslabs.clarkson.edu
  
 
# General redirections for pseudo accounts.
  
bin: logwatch@cslabs.clarkson.edu
  
daemon: logwatch@cslabs.clarkson.edu
  
adm: logwatch@cslabs.clarkson.edu
  
lp: logwatch@cslabs.clarkson.edu
  
sync: logwatch@cslabs.clarkson.edu
  
shutdown: logwatch@cslabs.clarkson.edu
  
halt: logwatch@cslabs.clarkson.edu
  
mail: logwatch@cslabs.clarkson.edu
  
news: logwatch@cslabs.clarkson.edu
  
uucp: logwatch@cslabs.clarkson.edu
  
operator: logwatch@cslabs.clarkson.edu
  
games: logwatch@cslabs.clarkson.edu
  
gopher: logwatch@cslabs.clarkson.edu
  
ftp: logwatch@cslabs.clarkson.edu
  
nobody: logwatch@cslabs.clarkson.edu
  
radiusd: logwatch@cslabs.clarkson.edu
  
nut: logwatch@cslabs.clarkson.edu
  
dbus: logwatch@cslabs.clarkson.edu
  
vcsa: logwatch@cslabs.clarkson.edu
  
canna: logwatch@cslabs.clarkson.edu
  
wnn: logwatch@cslabs.clarkson.edu
  
rpm: logwatch@cslabs.clarkson.edu
  
nscd: logwatch@cslabs.clarkson.edu
  
pcap: logwatch@cslabs.clarkson.edu
  
apache: logwatch@cslabs.clarkson.edu
  
webalizer: logwatch@cslabs.clarkson.edu
  
dovecot: logwatch@cslabs.clarkson.edu
  
fax: logwatch@cslabs.clarkson.edu
  
quagga: logwatch@cslabs.clarkson.edu
  
radvd: logwatch@cslabs.clarkson.edu
  
pvm: logwatch@cslabs.clarkson.edu
  
amanda: logwatch@cslabs.clarkson.edu
  
privoxy: logwatch@cslabs.clarkson.edu
  
ident: logwatch@cslabs.clarkson.edu
  
named: logwatch@cslabs.clarkson.edu
  
xfs: logwatch@cslabs.clarkson.edu
  
gdm: logwatch@cslabs.clarkson.edu
  
mailnull: logwatch@cslabs.clarkson.edu
  
postgres: logwatch@cslabs.clarkson.edu
  
sshd: logwatch@cslabs.clarkson.edu
  
smmsp: logwatch@cslabs.clarkson.edu
  
postfix: logwatch@cslabs.clarkson.edu
  
netdump: logwatch@cslabs.clarkson.edu
  
ldap: logwatch@cslabs.clarkson.edu
  
squid: logwatch@cslabs.clarkson.edu
  
ntp: logwatch@cslabs.clarkson.edu
  
mysql: logwatch@cslabs.clarkson.edu
  
desktop: logwatch@cslabs.clarkson.edu
  
rpcuser: logwatch@cslabs.clarkson.edu
  
rpc: logwatch@cslabs.clarkson.edu
  
nfsnobody: logwatch@cslabs.clarkson.edu
  
 
ingres: logwatch@cslabs.clarkson.edu
  
system: logwatch@cslabs.clarkson.edu
  
toor: logwatch@cslabs.clarkson.edu
  
manager: logwatch@cslabs.clarkson.edu
  
dumper: logwatch@cslabs.clarkson.edu
  
abuse: logwatch@cslabs.clarkson.edu
  
 
newsadm: news
  
newsadmin: news
  
usenet: news
  
ftpadm: ftp
  
ftpadmin: ftp
  
ftp-adm: ftp
  
ftp-admin: ftp
  
www: webmaster
  
webmaster: logwatch@cslabs.clarkson.edu
  
noc: logwatch@cslabs.clarkson.edu
  
security: logwatch@cslabs.clarkson.edu
  
hostmaster: logwatch@cslabs.clarkson.edu
  
info: postmaster
  
marketing: postmaster
  
sales: postmaster
  
support: postmaster
  
 
 
# trap decode to catch security attacks
  
decode: logwatch@cslabs.clarkson.edu
  
 
# Person who should get roots's mail
  
root: logwatch@cslabs.clarkson.edu
  
</pre></code>
  
 
*Updated aliases
  
**<code>/usr/bin/newaliases</code>
  
 
===Disabled <code>CTRL-ALT-DELETE</code>===
  
*Removed trap entry to prevent accidental reboots
  
<code><pre>
  
sed -i 's/ca::ctrlaltdel:/#ca::ctrlaltdel:/g' /etc/inittab
  
</pre></code>
  
 
*Made Changes Active
  
<code><pre>
  
init q
  
</pre></code>
  
 
===Disabled Various Kernel Modules===
  
*Added the following to <code>/etc/modprobe.conf</code>
  
<code><pre>
  
install pppox /bin/true
  
install bluetooth /bin/true
  
install sctp /bin/true
  
</pre></code>
  
 
===Installed & Configured SNMP===
  
*Installed needed packages
  
<code><pre>
  
yum install net-snmp ntp
  
</pre></code>
  
 
*Configured SNMP Daemon <code>/etc/snmp/snmpd.conf</code>
  
<code><pre>
  
rocommunity <passphrase> 127.0.0.1
  
rocommunity <passphrase> <ipsallowed>
  
 
syslocation Clarkson University Applied CS Labs
  
syscontact Matt McCarrell <mccarrms@gmail.com>
  
disk /
  
disk /var
  
disk /boot
  
disk /mnt/raid
  
disk /mnt/lvg_storage
  
disk /mnt/storage1
  
disk /mnt/storage2
  
exec timeskew /usr/local/sbin/ntp_check
  
exec uptime /usr/bin/uptime
  
</pre></code>
  
 
*Deployed <code>ntp_check</code> script
  
**Copied over <code>/usr/local/sbin/ntp_check</code> from [[Isengard]] to /usr/local/sbin/
  
**<code>chown root.root /usr/local/sbin/ntp_check</code>
  
 
*Configured SNMP to start at specific run levels
  
<code><pre>
  
/sbin/chkconfig --levels 2345 snmpd on
  
</pre></code>
  
 
*Started daemon
  
<code><pre>
  
/etc/init.d/snmpd start
  
</pre></code>
  
 
===Increased Detail of Logwatch Reports===
  
*Set detail level to be high
  
<code><pre>
  
echo "Detail = High" >> /etc/logwatch/conf/logwatch.conf
  
</pre></code>
  
 
===Modified <code>/etc/fstab</code> to increase performance===
  
*Configured to not update inode access times
  
<code><pre>
  
/dev/root_lvg/root_lv / ext3 defaults 1 1
  
/dev/md2 /mnt/raid ext3 defaults,noatime 1 2
  
/dev/storage_lvg/storage_lv /mnt/lvg_storage ext3 defaults,noatime 1 2
  
/dev/md0 /boot ext3 defaults 1 2
  
/dev/root_lvg/var_lv /var ext3 defaults 1 2
  
LABEL=/mnt/storage1 /mnt/storage1 ext3 defaults,noatime 1 2
  
LABEL=/mnt/storage2 /mnt/storage2 ext3 defaults,noatime 1 2
  
tmpfs /dev/shm tmpfs defaults 0 0
  
devpts /dev/pts devpts gid=5,mode=620 0 0
  
sysfs /sys sysfs defaults 0 0
  
proc /proc proc defaults 0 0
  
/dev/root_lvg/swap_lv swap swap defaults 0 0
  
</pre></code>
  
 
==Installed Apache==
  
*Installed <code>httpd</code>
  
**<code>yum install httpd</code>
  
 
*Modified <code>/etc/httpd/conf/httpd.conf</code>
  
<code><pre>
  
ServerTokens Prod
  
ServerRoot "/etc/httpd"
  
PidFile run/httpd.pid
  
Timeout 120
  
KeepAlive On
  
MaxKeepAliveRequests 100
  
KeepAliveTimeout 2
  
TraceEnable Off
  
 
<IfModule prefork.c>
  
StartServers 32
  
MinSpareServers 20
  
MaxSpareServers 80
  
ServerLimit 768
  
MaxClients 768
  
MaxRequestsPerChild 1000
  
</IfModule>
  
 
<IfModule worker.c>
  
StartServers 8
  
MaxClients 600
  
MinSpareThreads 100
  
MaxSpareThreads 300
  
ThreadsPerChild 100
  
MaxRequestsPerChild 0
  
</IfModule>
  
 
Listen 80
  
 
LoadModule auth_basic_module modules/mod_auth_basic.so
  
LoadModule auth_digest_module modules/mod_auth_digest.so
  
LoadModule authn_file_module modules/mod_authn_file.so
  
LoadModule authn_alias_module modules/mod_authn_alias.so
  
LoadModule authn_anon_module modules/mod_authn_anon.so
  
LoadModule authn_dbm_module modules/mod_authn_dbm.so
  
LoadModule authn_default_module modules/mod_authn_default.so
  
LoadModule authz_host_module modules/mod_authz_host.so
  
LoadModule authz_user_module modules/mod_authz_user.so
  
LoadModule authz_owner_module modules/mod_authz_owner.so
  
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
  
LoadModule authz_dbm_module modules/mod_authz_dbm.so
  
LoadModule authz_default_module modules/mod_authz_default.so
  
LoadModule ldap_module modules/mod_ldap.so
  
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
  
LoadModule include_module modules/mod_include.so
  
LoadModule log_config_module modules/mod_log_config.so
  
LoadModule logio_module modules/mod_logio.so
  
LoadModule env_module modules/mod_env.so
  
LoadModule ext_filter_module modules/mod_ext_filter.so
  
LoadModule mime_magic_module modules/mod_mime_magic.so
  
LoadModule expires_module modules/mod_expires.so
  
LoadModule deflate_module modules/mod_deflate.so
  
LoadModule headers_module modules/mod_headers.so
  
LoadModule usertrack_module modules/mod_usertrack.so
  
LoadModule setenvif_module modules/mod_setenvif.so
  
LoadModule mime_module modules/mod_mime.so
  
LoadModule dav_module modules/mod_dav.so
  
LoadModule status_module modules/mod_status.so
  
LoadModule autoindex_module modules/mod_autoindex.so
  
LoadModule info_module modules/mod_info.so
  
LoadModule dav_fs_module modules/mod_dav_fs.so
  
LoadModule vhost_alias_module modules/mod_vhost_alias.so
  
LoadModule negotiation_module modules/mod_negotiation.so
  
LoadModule dir_module modules/mod_dir.so
  
LoadModule actions_module modules/mod_actions.so
  
LoadModule speling_module modules/mod_speling.so
  
LoadModule userdir_module modules/mod_userdir.so
  
LoadModule alias_module modules/mod_alias.so
  
LoadModule rewrite_module modules/mod_rewrite.so
  
#LoadModule proxy_module modules/mod_proxy.so
  
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
  
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
  
#LoadModule proxy_http_module modules/mod_proxy_http.so
  
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
  
LoadModule cache_module modules/mod_cache.so
  
LoadModule suexec_module modules/mod_suexec.so
  
LoadModule disk_cache_module modules/mod_disk_cache.so
  
LoadModule file_cache_module modules/mod_file_cache.so
  
LoadModule mem_cache_module modules/mod_mem_cache.so
  
LoadModule cgi_module modules/mod_cgi.so
  
LoadModule version_module modules/mod_version.so
  
 
Include conf.d/*.conf
  
 
User apache
  
Group apache
  
 
ServerAdmin mirror-admin@cslabs.clarkson.edu
  
 
UseCanonicalName Off
  
 
DocumentRoot "/var/www/html"
  
 
<Directory />
  
Options FollowSymLinks
  
AllowOverride None
  
</Directory>
  
 
<Directory "/var/www/html">
  
Options Indexes FollowSymLinks Includes
  
AllowOverride FileInfo Indexes Limit
  
Order allow,deny
  
Allow from all
  
</Directory>
  
 
<IfModule mod_userdir.c>
  
UserDir disable
  
</IfModule>
  
 
DirectoryIndex index.html index.html.var
  
 
AccessFileName .htaccess
  
 
XBitHack On
  
 
<Files ~ "^\.ht">
  
Order allow,deny
  
Deny from all
  
</Files>
  
 
TypesConfig /etc/mime.types
  
 
DefaultType text/plain
  
 
<IfModule mod_mime_magic.c>
  
# MIMEMagicFile /usr/share/magic.mime
  
MIMEMagicFile conf/magic
  
</IfModule>
  
 
HostnameLookups Off
  
 
ErrorLog logs/error_log
  
LogLevel warn
  
 
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
  
LogFormat "%h %l %u %t \"%r\" %>s %b" common
  
LogFormat "%{Referer}i -> %U" referer
  
LogFormat "%{User-agent}i" agent
  
 
CustomLog logs/access_log combined
  
 
ServerSignature Off
  
 
Alias /icons/ "/var/www/icons/"
  
 
<Directory "/var/www/icons">
  
Options Indexes MultiViews
  
AllowOverride None
  
Order allow,deny
  
Allow from all
  
</Directory>
  
 
<IfModule mod_dav_fs.c>
  
# Location of the WebDAV lock database.
  
DAVLockDB /var/lib/dav/lockdb
  
</IfModule>
  
 
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
  
 
<Directory "/var/www/cgi-bin">
  
AllowOverride None
  
Options None
  
Order allow,deny
  
Allow from all
  
</Directory>
  
 
IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
  
 
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
  
 
AddIconByType (TXT,/icons/text.gif) text/*
  
AddIconByType (IMG,/icons/image2.gif) image/*
  
AddIconByType (SND,/icons/sound2.gif) audio/*
  
AddIconByType (VID,/icons/movie.gif) video/*
  
 
AddIcon /icons/binary.gif .bin .exe
  
AddIcon /icons/binhex.gif .hqx
  
AddIcon /icons/tar.gif .tar
  
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
  
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
  
AddIcon /icons/a.gif .ps .ai .eps
  
AddIcon /icons/layout.gif .html .shtml .htm .pdf
  
AddIcon /icons/text.gif .txt
  
AddIcon /icons/c.gif .c
  
AddIcon /icons/p.gif .pl .py
  
AddIcon /icons/f.gif .for
  
AddIcon /icons/dvi.gif .dvi
  
AddIcon /icons/uuencoded.gif .uu
  
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
  
AddIcon /icons/tex.gif .tex
  
AddIcon /icons/bomb.gif core
  
 
AddIcon /icons/back.gif ..
  
AddIcon /icons/hand.right.gif README
  
AddIcon /icons/folder.gif ^^DIRECTORY^^
  
AddIcon /icons/blank.gif ^^BLANKICON^^
  
 
DefaultIcon /icons/unknown.gif
  
 
ReadmeName README.html
  
HeaderName HEADER.html
  
 
IndexIgnore .??* *~ *#
  
 
AddLanguage ca .ca
  
AddLanguage cs .cz .cs
  
AddLanguage da .dk
  
AddLanguage de .de
  
AddLanguage el .el
  
AddLanguage en .en
  
AddLanguage eo .eo
  
AddLanguage es .es
  
AddLanguage et .et
  
AddLanguage fr .fr
  
AddLanguage he .he
  
AddLanguage hr .hr
  
AddLanguage it .it
  
AddLanguage ja .ja
  
AddLanguage ko .ko
  
AddLanguage ltz .ltz
  
AddLanguage nl .nl
  
AddLanguage nn .nn
  
AddLanguage no .no
  
AddLanguage pl .po
  
AddLanguage pt .pt
  
AddLanguage pt-BR .pt-br
  
AddLanguage ru .ru
  
AddLanguage sv .sv
  
AddLanguage zh-CN .zh-cn
  
AddLanguage zh-TW .zh-tw
  
 
LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
  
 
ForceLanguagePriority Prefer Fallback
  
 
AddDefaultCharset UTF-8
  
 
AddType application/x-compress .Z
  
AddType application/x-gzip .gz .tgz
  
 
AddHandler type-map var
  
 
AddType text/html .shtml
  
AddOutputFilter INCLUDES .shtml
  
 
AddType application/octet-stream .iso
  
AddType application/octet-stream .rpm
  
 
Alias /error/ "/var/www/error/"
  
 
<IfModule mod_negotiation.c>
  
<IfModule mod_include.c>
  
<Directory "/var/www/error">
  
AllowOverride None
  
Options IncludesNoExec
  
AddOutputFilter Includes html
  
AddHandler type-map var
  
Order allow,deny
  
Allow from all
  
LanguagePriority en es de fr
  
ForceLanguagePriority Prefer Fallback
  
</Directory>
  
 
</IfModule>
  
</IfModule>
  
 
<LocationMatch "\.(xml|xml\.gz|xml\.asc|sqlite)">
  
Header set Cache-Control "must-revalidate"
  
ExpiresActive On
  
ExpiresDefault "now"
  
</LocationMatch>
  
 
AddType application/pgp-signature .sig
  
# make sure .sig files are _not_ sent with "Content-Encoding: gzip".
  
<Files *.gz.sig>
  
RemoveEncoding .gz
  
</Files>
  
 
BrowserMatch "Mozilla/2" nokeepalive
  
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
  
BrowserMatch "RealPlayer 4\.0" force-response-1.0
  
BrowserMatch "Java/1\.0" force-response-1.0
  
BrowserMatch "JDK/1\.0" force-response-1.0
  
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
  
BrowserMatch "MS FrontPage" redirect-carefully
  
BrowserMatch "^WebDrive" redirect-carefully
  
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
  
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
  
BrowserMatch "^XML Spy" redirect-carefully
  
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
  
 
NameVirtualHost *:80
  
 
<VirtualHost *:80>
  
ServerName mirror.clarkson.edu
  
ServerAdmin mirror-admin@cslabs.clarkson.edu
  
DocumentRoot "/var/www/html/"
  
ErrorLog logs/error_log
  
CustomLog logs/access_log combined
  
ServerAlias mirror
  
</VirtualHost>
  
 
<VirtualHost *:80>
  
ServerName mirror.cslabs.clarkson.edu
  
ServerAdmin mirror-admin@cslabs.clarkson.edu
  
DocumentRoot "/var/www/html/"
  
ErrorLog logs/error_log
  
CustomLog logs/access_log combined
  
ServerAlias mirror.cslabs*
  
Redirect permanent / http://mirror.clarkson.edu/
  
</VirtualHost>
  
 
<VirtualHost 128.153.145.18>
  
ServerName kernelmirror.clarkson.edu
  
ServerAdmin mirror-admin@cslabs.clarkson.edu
  
DocumentRoot "/var/www/html/"
  
ErrorLog logs/error_log
  
CustomLog logs/access_log combined
  
ServerAlias kernelmirror*
  
Redirect permanent / http://mirror.clarkson.edu/
  
</VirtualHost>
  
 
<VirtualHost 128.153.145.44>
  
ServerName mirror.dev.cslabs.clarkson.edu
  
ServerAdmin mirror-admin@cslabs.clarkson.edu
  
DocumentRoot "/var/www/html/"
  
ErrorLog logs/error_log
  
CustomLog logs/access_log combined
  
ServerAlias mirror.dev*
  
Redirect permanent / http://mirror.clarkson.edu/
  
</VirtualHost>
  
</pre></code>
  
 
*Removed unneeded files
  
**<code>rm /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/proxy_ajp.conf</code>
  
 
*Configured Apache to start on boot
  
**<code>/sbin/chkconfig --levels 345 httpd on</code>
  
 
*Started Apache
  
**<code>/etc/init.d/httpd start</code>
  
 
====AWStats====
  
*Mirror is configured to be monitored by AWStats on [[Netstat]]. The basic process for doing this is on the [[Configure a Remote Red Hat Based Linux Server for AWStats]] how-to.
  
   
 
==Configure rsync to run as a daemon==
  
==Configure rsync to run as a daemon==
 
*Installed <code>xinetd</code>
  
*Installed <code>xinetd</code>
**<code>yum install xinetd</code>
 +
apt-get install rsync
 
*Enabled rsync <code>/etc/xinetd.d/rsync</code>
  
<code><pre>
  
# default: off
  
# description: The rsync server is a good addition to an ftp server, as it # allows crc checksumming etc.
  
service rsync
  
{
  
disable = no
  
socket_type = stream
  
wait = no
  
user = root
  
server = /usr/bin/rsync
  
server_args = --daemon
  
log_on_failure += USERID
  
}
  
</pre></code>
  
   
*Created configuration and shares for rsync daemon <code>/etc/rsyncd.conf</code>
 +
*Configured rsync /etc/rsyncd.conf
 
<code><pre>
  
<code><pre>
 
uid = nobody
  
uid = nobody
gid = nobody
 +
gid = nogroup
 
use chroot = yes
  
use chroot = yes
 
max connections = 20
  
max connections = 20
Line 1,143: Line 68:
 
log format = %t %a %m %f %b
  
log format = %t %a %m %f %b
 
syslog facility = local3
  
syslog facility = local3
timeout = 300
 +
timeout = 900
 
dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
  
dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
 
refuse options = checksum
  
refuse options = checksum
   
  +
[name]
[archlinux]
  
comment = Arch Linux
 +
comment = Name of Repository
path = /mnt/storage1/archlinux
 +
path = /storage/repository
 
exclude = lost+found/
  
exclude = lost+found/
 
read only = true
  
read only = true
ignore nonreadable = yes
 +
ignore nonreadable = yes</pre></code>
   
  +
*Created rsync motd /etc/rsyncd.motd
[centos]
  
comment = CentOS - Including DVDs
  
path = /mnt/raid/centos
  
exclude = lost+found/
  
read only = true
  
ignore nonreadable = yes
  
 
[dag]
  
comment = RPMforge Repository
  
path = /mnt/raid/rpmforge
  
exclude = lost+found/
  
read only = true
  
ignore nonreadable = yes
  
 
[debian-cd]
  
comment = Debian CD
  
path = /mnt/storage2/debian-cd
  
exclude = lost+found/
  
read only = true
  
ignore nonreadable = yes
  
 
[debian]
  
comment = Debian
  
path = /mnt/storage2/debian
  
exclude = lost+found/
  
read only = true
  
ignore nonreadable = yes
  
 
[fedora]
  
comment = Fedora - RedHat community project
  
path = /mnt/lvg_storage/fedora
  
exclude = lost+found/
  
read only = true
  
ignore nonreadable = yes
  
 
[fedora-epel]
  
comment = Extra Packages for Enterprise Linux (EPEL)
  
path = /mnt/raid/epel
  
exclude = lost+found/
  
read only = true
  
ignore nonreadable = yes
  
 
[freebsd]
  
comment = FreeBSD
  
path = /mnt/lvg_storage/freebsd
  
exclude = lost+found/
  
read only = true
  
ignore nonreadable = yes
  
 
[gentoo]
  
comment = Gentoo
  
path = /mnt/storage1/gentoo
  
exclude = lost+found/
  
read only = true
  
ignore nonreadable = yes
  
 
[gentoo-portage]
  
comment = Gentoo Portage
  
path = /mnt/storage1/gentoo-portage
  
exclude = lost+found/
  
read only = true
  
ignore nonreadable = yes
  
 
[gnu]
  
comment = GNU
  
path = /mnt/storage2/gnu
  
exclude = lost+found/
  
read only = true
  
ignore nonreadable = yes
  
 
[jailtime.org]
  
comment = Jailtime Project - Now relaunched as Stacklet
  
path = /mnt/storage2/jailtime.org
  
exclude = lost+found/
  
read only = true
  
ignore nonreadable = yes
  
 
[knoppix]
  
comment = Knoppix
  
path = /mnt/storage1/knoppix
  
exclude = lost+found/
  
read only = true
  
ignore nonreadable = yes
  
 
[knoppix-dvd]
  
comment = Knoppix DVD
  
path = /mnt/storage1/knoppix-dvd
  
exclude = lost+found/
  
read only = true
  
ignore nonreadable = yes
  
 
[linux]
  
comment = Linux Kernel
  
path = /mnt/raid/linux
  
exclude = lost+found/
  
read only = true
  
ignore nonreadable = yes
  
 
[mozilla]
  
comment = Mozilla Project
  
path = /mnt/storage1/mozilla
  
exclude = lost+found/
  
read only = true
  
ignore nonreadable = yes
  
 
[openbsd]
  
comment = OpenBSD
  
path = /mnt/storage1/openbsd
  
exclude = lost+found/
  
read only = true
  
ignore nonreadable = yes
  
 
[openoffice]
  
comment = OpenOffice
  
path = /mnt/storage2/openoffice
  
exclude = lost+found/
  
read only = true
  
ignore nonreadable = yes
  
 
[opensuse]
  
comment = OpenSUSE
  
path = /mnt/storage1/opensuse
  
exclude = lost+found/
  
read only = true
  
ignore nonreadable = yes
  
 
[rpmforge]
  
comment = RPMforge Repository
  
path = /mnt/raid/rpmforge
  
exclude = lost+found/
  
read only = true
  
ignore nonreadable = yes
  
 
[slackware]
  
comment = Slackware
  
path = /mnt/storage1/slackware
  
exclude = lost+found/
  
read only = true
  
ignore nonreadable = yes
  
 
[software]
  
comment = Kernel.org's Software
  
path = /mnt/raid/software
  
exclude = lost+found/
  
read only = true
  
ignore nonreadable = yes
  
 
[stacklet]
  
comment = Stacklet (Formerly the Jailtime Project)
  
path = /mnt/storage1/stacklet
  
exclude = lost+found/
  
read only = true
  
ignore nonreadable = yes
  
 
[ubuntu-releases]
  
comment = Ubuntu Releases
  
path = /mnt/raid/ubuntu-releases
  
exclude = lost+found/
  
read only = true
  
ignore nonreadable = yes
  
 
[ubuntu]
  
comment = Ubuntu
  
path = /mnt/raid/ubuntu
  
exclude = lost+found/
  
read only = true
  
ignore nonreadable = yes
  
 
[videolan]
  
comment = VideoLAN
  
path = /mnt/storage1/videolan
  
exclude = lost+found/
  
read only = true
  
ignore nonreadable = yes
  
 
[vms]
  
comment = CSLabs VMs
  
path = /mnt/storage2/vms
  
exclude = lost+found/
  
read only = true
  
ignore nonreadable = yes
  
</pre></code>
  
 
*Created rsync motd <code>/etc/rsyncd.motd</code>
  
 
<code><pre>
  
<code><pre>
#########################################################################################
 +
###############################################################
   
 
The Clarkson University mirror is located in Potsdam, NY, US.
  
The Clarkson University mirror is located in Potsdam, NY, US.
Line 1,346: Line 88:
 
http://cosi.clarkson.edu/
  
http://cosi.clarkson.edu/
   
If you have any questions or problems, please email mirror-admin@cslabs.clarkson.edu.
 +
If you have any questions or problems, please email
  +
mirror-admin@cslabs.clarkson.edu.
   
Recent changes can be found at http://status.cslabs.clarkson.edu/tag/mirror.
 +
Recent changes can be found at
  +
http://status.cslabs.clarkson.edu/tag/mirror.
   
#########################################################################################
 +
###############################################################
 
</pre></code>
  
</pre></code>
 
*Secured rsync
  
**<code>chown root.root /etc/rsyncd.*</code>
  
**<code>chmod 600 /etc/rsyncd.*</code>
  
 
*Restarted xinetd
  
**<code>/etc/init.d/xinetd restart</code>
  
   
 
==Set Up Fedora Mirror Manager==
  
==Set Up Fedora Mirror Manager==
 
*Installed mirrormanager
  
*Installed mirrormanager
  +
cd /usr/local/sbin
**<code>yum install mirrormanager-client</code>
  
  +
git clone git://git.fedorahosted.org/mirrormanager/
  +
ln -s /usr/local/sbin/mirrormanager/client/report_mirror /usr/local/sbin/report_mirror
  +
   
 
*Configured mirrormanager
  
*Configured mirrormanager
**Modified <code>/etc/mirrormanager-client/report_mirror.conf</code>
 +
**Modified /etc/mirrormanager-client/report_mirror.conf
 
<code><pre>
  
<code><pre>
 
[global]
  
[global]
Line 1,422: Line 162:
 
[Fedora Linux]
  
[Fedora Linux]
 
enabled=1
  
enabled=1
path=/var/www/html/fedora/linux
 +
path=/usr/share/nginx/www/fedora/linux
   
 
[Fedora EPEL]
  
[Fedora EPEL]
 
enabled=1
  
enabled=1
path=/var/www/html/epel
 +
path=/usr/share/nginx/www/epel
   
 
# lesser used categories below
  
# lesser used categories below
Line 1,432: Line 172:
 
[Fedora Web]
  
[Fedora Web]
 
enabled=0
  
enabled=0
path=/var/www/html/pub/fedora/web
 +
path=/usr/share/nginx/www/pub/fedora/web
   
 
[Fedora Secondary Arches]
  
[Fedora Secondary Arches]
 
enabled=0
  
enabled=0
path=/var/www/html/pub/fedora-secondary
 +
path=/usr/share/nginx/www/pub/fedora-secondary
   
 
[Fedora Other]
  
[Fedora Other]
 
enabled=0
  
enabled=0
path=/var/www/html/pub/alt
 +
path=/usr/share/nginx/www/pub/alt
   
 
# historical content
  
# historical content
Line 1,446: Line 186:
 
[Fedora Core]
  
[Fedora Core]
 
enabled=0
  
enabled=0
path=/var/www/html/pub/fedora/linux/core
 +
path=/usr/share/nginx/www/pub/fedora/linux/core
   
 
[Fedora Extras]
  
[Fedora Extras]
 
enabled=0
  
enabled=0
path=/var/www/html/pub/fedora/linux/extras
 +
path=/usr/share/nginx/www/pub/fedora/linux/extras
   
 
[Fedora Archive]
  
[Fedora Archive]
 
enabled=0
  
enabled=0
path=/var/www/html/pub/fedora-archive
 +
path=/usr/share/nginx/www/pub/fedora-archive
 
</pre></code>
  
</pre></code>
   
  +
*Added cron entries for root
[[Category:Server Setup Documentation]]
  
  +
<code><pre>
  +
# Dir sizes
  +
0 0 * * * /usr/local/bin/dir_sizes.sh
  +
  +
# backup
  +
45 0 * * * /bin/nice -n 19 /usr/bin/ionice -c2 -n7 /usr/local/bin/backup.sh
  +
  +
10 0 * * * /usr/local/sbin/report_mirror
  +
</pre></code>
  +
  +
  +
[[mirror rsync setup|Setup Rsync Scripts]]

Latest revision as of 22:05, 27 April 2016


This page summarizes how Old Mirror was set up in Spring 2014.

Install

See Debian Server Setup

Debian 7 x64

  • 71 GB / - Software RAID 1
  • 4GB Swap per OS Drive

Setup

See Debian Server Setup

Raid

  • sda sdb sdc sde sdg sdh
  • /dev/md2
  • Software RAID 10
  • /storage xfs

Networking

eth2

  • Intel Corporation 82541PI Gigabit Ethernet Controller
  • HWADDR=00:1B:21:28:C8:48
  • IPADDR=128.153.145.19

eth1

  • Intel Corporation 82566DM-2 Gigabit Network Connection
  • HWADDR=00:30:48:9A:DB:26
  • IPADDR=10.0.1.36

eth3

  • Intel Corporation 82573L Gigabit Ethernet Controller
  • HWADDR=00:30:48:9A:DB:27
  • IPADDR=10.0.0.14

Set Up SSH Login Banner

/etc/issue.net 

         _                 
  __ _  (_)__________  ____
 /  ' \/ / __/ __/ _ \/ __/
/_/_/_/_/_/ /_/  \___/_/

SSHD config

uncomment 

Banner /etc/issue.net

Installed nginx

apt-get install install nginx

Configure rsync to run as a daemon

  • Installed xinetd
apt-get install rsync
  • Configured rsync /etc/rsyncd.conf
uid = nobody
gid = nogroup
use chroot = yes
max connections = 20
pid file = /var/run/rsyncd.pid
motd file = /etc/rsyncd.motd
log file = /var/log/rsync.log
transfer logging = yes
log format = %t %a %m %f %b
syslog facility = local3
timeout = 900
dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
refuse options = checksum

[name]
  comment = Name of Repository
  path = /storage/repository
  exclude = lost+found/
  read only = true
  ignore nonreadable = yes
  • Created rsync motd /etc/rsyncd.motd
###############################################################

The Clarkson University mirror is located in Potsdam, NY, US.

This mirror is operated by the Clarkson Open Source Institute.
http://cosi.clarkson.edu/

If you have any questions or problems, please email
mirror-admin@cslabs.clarkson.edu.

Recent changes can be found at
http://status.cslabs.clarkson.edu/tag/mirror.

###############################################################

Set Up Fedora Mirror Manager

  • Installed mirrormanager
cd /usr/local/sbin
git clone git://git.fedorahosted.org/mirrormanager/
ln -s /usr/local/sbin/mirrormanager/client/report_mirror /usr/local/sbin/report_mirror
  • Configured mirrormanager
    • Modified /etc/mirrormanager-client/report_mirror.conf
[global]
# if enabled=0, no data is sent to the database
enabled=1
# server= is the URL to the MirrorManager XML-RPC interface
server=https://admin.fedoraproject.org/mirrormanager/xmlrpc


[site]
# if enabled=0, no data about this site is sent to the database
enabled=1
# Name and Password fields need to match the Site name and password
# fields you entered for your Site in the MirrorManager database at
# https://admin.fedoraproject.org/mirrormanager
name=Clarkson University
password=<PASSWORD GOES HERE>

[host]
# if enabled=0, no data about this host is sent to the database
enabled=1
# Name field need to match the Host name field you entered for your
# Host in the MirrorManager database at
# https://admin.fedoraproject.org/mirrormanager
name=mirror.clarkson.edu
# if user_active=0, no data about this category is given to the public
# This can be used to toggle between serving and not serving data,
# such enabled during the nighttime (when you have more idle bandwidth
# available) and disabled during the daytime.
# By not specifying user_active, the database will not be updated.
# user_active=1

[stats]
# Stats are only sent when run with the -s option
# and when this section is enabled.
# This feature is not presently implemented
enabled=0
apache=/var/log/httpd/access_log
vsftpd=/var/log/vsftpd.log
# remember to enable log file and transfer logging in rsyncd.conf
rsyncd=/var/log/rsyncd.log


# Content Categories
# These sections match the Categories for content tracked by MirrorManager.
#
# enabled=1 means information about this category will be sent to the database.
# enabled=0, no data about this host is sent to the database.  If the
# database already has information for you for this Category, it will
# remain unchanged.  This can be used to update the database after you
# have manually synced some infrequently-updated content, such as
# historical releases.
#
# path= is the path on your local disk to the top-level directory for this Category

[Fedora Linux]
enabled=1
path=/usr/share/nginx/www/fedora/linux

[Fedora EPEL]
enabled=1
path=/usr/share/nginx/www/epel

# lesser used categories below

[Fedora Web]
enabled=0
path=/usr/share/nginx/www/pub/fedora/web

[Fedora Secondary Arches]
enabled=0
path=/usr/share/nginx/www/pub/fedora-secondary

[Fedora Other]
enabled=0
path=/usr/share/nginx/www/pub/alt

# historical content

[Fedora Core]
enabled=0
path=/usr/share/nginx/www/pub/fedora/linux/core

[Fedora Extras]
enabled=0
path=/usr/share/nginx/www/pub/fedora/linux/extras

[Fedora Archive]
enabled=0
path=/usr/share/nginx/www/pub/fedora-archive
  • Added cron entries for root
# Dir sizes
0 0 * * * /usr/local/bin/dir_sizes.sh

# backup
45 0 * * * /bin/nice -n 19 /usr/bin/ionice -c2 -n7 /usr/local/bin/backup.sh

10 0 * * * /usr/local/sbin/report_mirror


Setup Rsync Scripts

Retrieved from "http://docs.cslabs.clarkson.edu/mediawiki/index.php?title=Mirror_Setup_Process&oldid=7735"