= !SilverFile General Server Setup = 

== Installation of Ubuntu 9.04 Server 32bit ==
We are selecting this version for the following reasons:
 * GRUB installation doesn't work in older releases.
 * 64 bit version does not seem to support the VIA padlock engine

=== Partitioning (During Install) ===
We feel that 20GB and 6GB of swap is more than sufficient, leaving ample room for client files.  

 * / 20GB Primary Ext3 Bootable = Yes (leave all other defaults)
 * swap 6GB swap
 * /FILES/ Primary Ext3 Bootable = No (leave all other defaults)

=== Install SSH Deamon ===
{{{
sudo apt-get install ssh
}}}

=== Change SSH Port ===
edit /etc/ssh/sshd_config
Change port line to 2222 (or whatever port)
restart sshd to check 
{{{
/etc/init.d/ssh restart
}}}




=== VIA Padlock and OpenSSL ===
==== Openssl Installation ====
{{{
sudo apt-get install openssl
}}}

==== Padlock Verification ====
Next, verify engine:
{{{
> openssl engine
(padlock) VIA PadLock (no-RNG, ACE)
(dynamic) Dynamic engine loading support
}}}
The response string should include '`(padlock) VIA PadLock (no-RNG, ACE)`'.

==== Make default engine Padlock ====

{{{
> vim /etc/ssl/openssl.cnf
}}}
Add the following under oid_section = new_oids

{{{
...
oid_section             = new_oids

# Enable Via Padlock by default
openssl_conf = openssl_def

[openssl_def]
engines = openssl_engines

[openssl_engines]
padlock = padlock_engine

[padlock_engine]
default_algorithms = ALL
}}}

=== Install Duplicity / S3tools ===

Duplicity is our preferred backup method.  Install s3tools for 
{{{
> sudo apt-get install duplicity python-boto s3cmd
}}}

=== Install Mercurial ===
Mercurial is installed for syncing latest app source. 

{{{
> sudo apt-get install mercurial 

}}}

=== Install Django ===
The platform for our app.

{{{
> sudo apt-get install python-django
}}}

=== Install Apache for Django  ===
[https://help.ubuntu.com/7.10/server/C/httpd.html#https-configuration Great Ubuntu Apache/SSL How-To]
{{{
> sudo apt-get install apache2 libapache2-mod-python
> sudo ln -s /usr/sbin/apache2ctl apachectl (old habits die hard)
}}}

=== Configure SSL  ===
{{{
> sudo a2enmod ssl
}}}
copy cert file (''mydomain.com''.crt) to /etc/ssl/certs
copy key file (''mydomain.com''.key) to /etc/ssl/private

=== Configure Apache for !SilverFile App ===
Django app is turned "on" by default.  Two locations (webspaces) are
turned off, and are served directly. These are:
 * site_media (css, js, images, etc...)
 * site_files (these are all the client files)

See sf-apps/files/examples
{{{
<VirtualHost *:80>
> wget http://www.gutenberg.org/dirs/etext02/01hgp10a.txt (274 MB)
> wget http://www.gutenberg.org/dirs/etext02/02hgp10a.txt (246 MB)
> wget http://www.gutenberg.org/dirs/etext02/03hgp10a.txt (217 MB)
> wget http://www.gutenberg.org/dirs/etext02/08hgp10a.txt (144 MB)
        ServerName harvey.silverfilecorp.com
        SetHandler python-program
        PythonHandler django.core.handlers.modpython
        SetEnv DJANGO_SETTINGS_MODULE files.settings
        PythonOption django.root /files
        PythonDebug On
        PythonPath "['/usr/wwwapps/sf-app'] + sys.path"

        # Site media files - css, js, img
        Alias /site_media /usr/wwwapps/sf-app/files/media
        <Location /site_media/>
                SetHandler None
        </Location>

        # Client Files
        Alias /site_files /FILES
        <Location /site_files/>
                SetHandler None
        </Location>

</VirtualHost>

}}}

== Permissions on /FILES/ ==
AS root:
{{{
addgroup fileusers
adduser hank fileusers
adduser ryan fileusers
adduser www-data fileusers

adduser matt
adduser matt fileusers

chown -R root /FILES
chgrp -R fileusers /FILES
chown -R 660 /FILES

find /FILES -type d -exec chmod 770 {} \;
find /FILES -type d -exec chmod 550 {} \;


}}}

== Java ==

{{{
sudo apt-get install sun-java6-bin
}}}


== Setting up a Software RAID 1 - (DEPRECATED) ==
We are using the hardware raid cards now, so this is deprecated.  

Per recommendations from our friends at !MonkeyBrains, we'll set up a software
RAID 1 and monitor it with mdadm.  The plan is to sync up RAID health with
SNMP monitoring.

This is a very good tutorial on 
[http://ubuntuadministrator.com/?p=3 setting up a software RAID 1] please follow
it for the step by step RAID install.

The idea is to create 3 partitions:
	* / (root) where all the OS etc files go
	* /FILES where all the documents go
	* Swap The necessary swap partition
	
On a 500 GB drive I propose doing this :
	* /FILES = 430 GB
	* Swap = 4 GB (swap is conventionally 2X RAM, a swap this size may not 
	be necessary with 2 GB of RAM and for use as a file server
	* / = <leftover space>

In order to create the software RAID, you first create regular primary
partitions on the first disk (SDA) as in the following:

{{{
select: Partition Disk Manually
select: Device SDA1
Create new empty partition table on this device: yes
Select Free Space (pri/log): <per size of the disk>
select: Create new primary partition
Mount point: /
Bootable Flag: on
Use as: Select Physical Volume For RAID
select: Done Setting up partition
}}}

And then you create an MD device from each partition.  

Again, see the [http://ubuntuadministrator.com/?p=3ubuntu RAID tutorial] 
as it explains exactly how to do this step by step.  

== Check Software RAID Status ==
{{{
mdadm --detail /dev/md0
}}}