wiki:servers/setup-condensed

Context Navigation

close Warning: Can't synchronize with repository "(default)" (/usr/svn/silverfile does not appear to be a Subversion repository.). Look in the Trac log for more information.

Version 7 (modified by hank, 14 years ago) (diff)
--

SilverFile General Server Setup

Installation of Ubuntu 8.04 LTS

Create CDROM and boot off USB-CDROM.

Partitioning (During Install)

We feel that 20GB and 4GB of swap is more than sufficient, leaving ample room for client files.

/ 20GB Primary Ext3 Bootable = Yes (leave all other defaults)
swap 4GB swap
/FILES/ Primary Ext3 Bootable = No (leave all other defaults)

Install SSH Deamon

sudo apt-get install ssh

Check RAID Status

mdadm --detail /dev/md0

Change SSH Port

edit /etc/ssh/sshd_config Change port line to 2222 (or whatever port) restart sshd to check

/etc/init.d/ssh restart

Add other users to sudo

Sudo allows all users in admin group root privilege. This is something that Ubuntu sets up as an alternative to visudo.

usermod -a -G admin ryan

SSH Keys

To generate a key:

ssh-keygen (or)
ssh-keygen -t dsa (for dsa)
(do not enter a passphrase)

This generates, id_dsa and id_dsa.pub. Client(id_dsa) ---ssh--> Host(id_dsa.pub in .ssh/authorized_keys)

OpenSSL

Verification

Next, verify engine:

> openssl engine
(padlock) VIA PadLock (no-RNG, ACE)
(dynamic) Dynamic engine loading support

The response string should include '(padlock) VIA PadLock (no-RNG, ACE)'.

Make default engine Padlock

> vim /etc/ssl/openssl.cnf
...
oid_section             = new_oids

# Enable Via Padlock by default
openssl_conf = openssl_def

[openssl_def]
engines = openssl_engines

[openssl_engines]
padlock = padlock_engine

[padlock_engine]
default_algorithms = ALL

GnuPG / Duplicity

> sudo apt-get install duplicity python-boto

Install Apache for Django

Great Ubuntu Apache/SSL How-To

> sudo apt-get install apache2 libapache2-mod-python
> sudo ln -s /usr/sbin/apache2ctl apachectl (old habits die hard)

Configure SSL

> sudo a2enmod ssl

copy cert file (mydomain.com.crt) to /etc/ssl/certs copy key file (mydomain.com.key) to /etc/ssl/private

Configure Apache for SilverFile App

Django app is turned "on" by default. Two locations (webspaces) are turned off, and are served directly. These are:

site_media (css, js, images, etc...)
site_files (these are all the client files)

See sf-apps/files/examples

<VirtualHost *:80>
> wget http://www.gutenberg.org/dirs/etext02/01hgp10a.txt (274 MB)
> wget http://www.gutenberg.org/dirs/etext02/02hgp10a.txt (246 MB)
> wget http://www.gutenberg.org/dirs/etext02/03hgp10a.txt (217 MB)
> wget http://www.gutenberg.org/dirs/etext02/08hgp10a.txt (144 MB)
        ServerName harvey.silverfilecorp.com
        SetHandler python-program
        PythonHandler django.core.handlers.modpython
        SetEnv DJANGO_SETTINGS_MODULE files.settings
        PythonOption django.root /files
        PythonDebug On
        PythonPath "['/usr/wwwapps/sf-app'] + sys.path"

        # Site media files - css, js, img
        Alias /site_media /usr/wwwapps/sf-app/files/media
        <Location /site_media/>
                SetHandler None
        </Location>

        # Client Files
        Alias /site_files /FILES
        <Location /site_files/>
                SetHandler None
        </Location>

</VirtualHost>

Permissions on /FILES/

AS root:

addgroup fileusers
adduser hank fileusers
adduser ryan fileusers
adduser www-data fileusers

adduser matt
adduser matt fileusers

chown -R root /FILES
chgrp -R fileusers /FILES
chown -R 660 /FILES

find /FILES -type d -exec chmod 770 {} \;
find /FILES -type d -exec chmod 550 {} \;

Java

sudo apt-get install sun-java6-bin

Setting up a Software RAID 1 - (DEPRECATED)

We are using the hardware raid cards now, so this is deprecated.

Per recommendations from our friends at MonkeyBrains, we'll set up a software RAID 1 and monitor it with mdadm. The plan is to sync up RAID health with SNMP monitoring.

This is a very good tutorial on setting up a software RAID 1 please follow it for the step by step RAID install.

The idea is to create 3 partitions:

/ (root) where all the OS etc files go
/FILES where all the documents go
Swap The necessary swap partition

On a 500 GB drive I propose doing this :

/FILES = 430 GB
Swap = 4 GB (swap is conventionally 2X RAM, a swap this size may not be necessary with 2 GB of RAM and for use as a file server
/ = <leftover space>

In order to create the software RAID, you first create regular primary partitions on the first disk (SDA) as in the following:

select: Partition Disk Manually
select: Device SDA1
Create new empty partition table on this device: yes
Select Free Space (pri/log): <per size of the disk>
select: Create new primary partition
Mount point: /
Bootable Flag: on
Use as: Select Physical Volume For RAID
select: Done Setting up partition

And then you create an MD device from each partition.

Again, see the RAID tutorial as it explains exactly how to do this step by step.

Download in other formats:

Plain Text