wiki:servers/setup-condensed
close Warning: Can't synchronize with repository "(default)" (/usr/svn/silverfile does not appear to be a Subversion repository.). Look in the Trac log for more information.

Version 7 (modified by hank, 13 years ago) (diff)

--

SilverFile General Server Setup

Installation of Ubuntu 8.04 LTS

Create CDROM and boot off USB-CDROM.

Partitioning (During Install)

We feel that 20GB and 4GB of swap is more than sufficient, leaving ample room for client files.

  • / 20GB Primary Ext3 Bootable = Yes (leave all other defaults)
  • swap 4GB swap
  • /FILES/ Primary Ext3 Bootable = No (leave all other defaults)

Install SSH Deamon

sudo apt-get install ssh

Check RAID Status

mdadm --detail /dev/md0

Change SSH Port

edit /etc/ssh/sshd_config Change port line to 2222 (or whatever port) restart sshd to check

/etc/init.d/ssh restart

Add other users to sudo

Sudo allows all users in admin group root privilege. This is something that Ubuntu sets up as an alternative to visudo.

usermod -a -G admin ryan

SSH Keys

To generate a key:

ssh-keygen (or)
ssh-keygen -t dsa (for dsa)
(do not enter a passphrase)

This generates, id_dsa and id_dsa.pub. Client(id_dsa) ---ssh--> Host(id_dsa.pub in .ssh/authorized_keys)

OpenSSL

Verification

Next, verify engine:

> openssl engine
(padlock) VIA PadLock (no-RNG, ACE)
(dynamic) Dynamic engine loading support

The response string should include '(padlock) VIA PadLock (no-RNG, ACE)'.

Make default engine Padlock

> vim /etc/ssl/openssl.cnf
...
oid_section             = new_oids

# Enable Via Padlock by default
openssl_conf = openssl_def

[openssl_def]
engines = openssl_engines

[openssl_engines]
padlock = padlock_engine

[padlock_engine]
default_algorithms = ALL

GnuPG / Duplicity

> sudo apt-get install duplicity python-boto

Install Apache for Django

Great Ubuntu Apache/SSL How-To

> sudo apt-get install apache2 libapache2-mod-python
> sudo ln -s /usr/sbin/apache2ctl apachectl (old habits die hard)

Configure SSL

> sudo a2enmod ssl

copy cert file (mydomain.com.crt) to /etc/ssl/certs copy key file (mydomain.com.key) to /etc/ssl/private

Configure Apache for SilverFile App

Django app is turned "on" by default. Two locations (webspaces) are turned off, and are served directly. These are:

  • site_media (css, js, images, etc...)
  • site_files (these are all the client files)

See sf-apps/files/examples

<VirtualHost *:80>
> wget http://www.gutenberg.org/dirs/etext02/01hgp10a.txt (274 MB)
> wget http://www.gutenberg.org/dirs/etext02/02hgp10a.txt (246 MB)
> wget http://www.gutenberg.org/dirs/etext02/03hgp10a.txt (217 MB)
> wget http://www.gutenberg.org/dirs/etext02/08hgp10a.txt (144 MB)
        ServerName harvey.silverfilecorp.com
        SetHandler python-program
        PythonHandler django.core.handlers.modpython
        SetEnv DJANGO_SETTINGS_MODULE files.settings
        PythonOption django.root /files
        PythonDebug On
        PythonPath "['/usr/wwwapps/sf-app'] + sys.path"

        # Site media files - css, js, img
        Alias /site_media /usr/wwwapps/sf-app/files/media
        <Location /site_media/>
                SetHandler None
        </Location>

        # Client Files
        Alias /site_files /FILES
        <Location /site_files/>
                SetHandler None
        </Location>

</VirtualHost>

Permissions on /FILES/

AS root:

addgroup fileusers
adduser hank fileusers
adduser ryan fileusers
adduser www-data fileusers

adduser matt
adduser matt fileusers

chown -R root /FILES
chgrp -R fileusers /FILES
chown -R 660 /FILES

find /FILES -type d -exec chmod 770 {} \;
find /FILES -type d -exec chmod 550 {} \;


Java

sudo apt-get install sun-java6-bin

Setting up a Software RAID 1 - (DEPRECATED)

We are using the hardware raid cards now, so this is deprecated.

Per recommendations from our friends at MonkeyBrains, we'll set up a software RAID 1 and monitor it with mdadm. The plan is to sync up RAID health with SNMP monitoring.

This is a very good tutorial on setting up a software RAID 1 please follow it for the step by step RAID install.

The idea is to create 3 partitions:

  • / (root) where all the OS etc files go
  • /FILES where all the documents go
  • Swap The necessary swap partition

On a 500 GB drive I propose doing this :

  • /FILES = 430 GB
  • Swap = 4 GB (swap is conventionally 2X RAM, a swap this size may not be necessary with 2 GB of RAM and for use as a file server
  • / = <leftover space>

In order to create the software RAID, you first create regular primary partitions on the first disk (SDA) as in the following:

select: Partition Disk Manually
select: Device SDA1
Create new empty partition table on this device: yes
Select Free Space (pri/log): <per size of the disk>
select: Create new primary partition
Mount point: /
Bootable Flag: on
Use as: Select Physical Volume For RAID
select: Done Setting up partition

And then you create an MD device from each partition.

Again, see the RAID tutorial as it explains exactly how to do this step by step.