Line 53: |
Line 53: |
| # Place your ssh public keys here, one per line | | # Place your ssh public keys here, one per line |
| __EOF__ | | __EOF__ |
| + | chmod g-w -R /etc/skel/.ssh |
| | | |
| | | |
Line 66: |
Line 67: |
| vigr | | vigr |
| | | |
− | * Uncomment "%wheel ALL=(ALL) NOPASSWD: ALL" line in sudoers | + | * Edit sudoers with visudo: |
− | visudo | + | ** Uncomment "%wheel ALL=(ALL) NOPASSWD: ALL" |
| + | ** Add these lines |
| + | |
| + | #bernie: forward agent |
| + | Defaults env_keep += "SSH_AUTH_SOCK" |
| + | |
| + | |
| + | * Switch from serial console to ssh |
| | | |
| ssh root@template-fedora13.sugarlabs.org | | ssh root@template-fedora13.sugarlabs.org |
Line 75: |
Line 83: |
| yum install etckeeper bash-completion git-core strace munin-node duplicity postfix vim devtodo man | | yum install etckeeper bash-completion git-core strace munin-node duplicity postfix vim devtodo man |
| | | |
− | * insert into /etc/munin/munin-node.conf | + | * Enable etckeeper: |
| + | |
| + | etckeeper init |
| + | |
| + | * Insert into /etc/munin/munin-node.conf: |
| | | |
| #SMParrish | | #SMParrish |
Line 93: |
Line 105: |
| | | |
| ssh-keygen -N "" -f /root/.ssh/id_rsa -t rsa | | ssh-keygen -N "" -f /root/.ssh/id_rsa -t rsa |
| + | |
| + | * Install our standard scripts |
| + | |
| + | rsync -aP bernie@sunjammer.sugarlabs.org:/usr/src/devtools/ /usr/src/devtools/ |
| + | ln -sf /usr/src/devtools/sysadm/bashrc.sh /etc/skel/.bashrc |
| + | ln -sf /usr/src/devtools/sysadm/bashrc.sh /root/.bashrc |
| + | ln -sf /usr/src/devtools/sysadm/zzz_profile.sh /etc/profile.d/zzz_profile.sh |
| + | ln -sf /usr/src/devtools/conf/vimrc /etc/vimrc |
| + | |
| | | |
| * create /etc/system-full-backup.conf | | * create /etc/system-full-backup.conf |
Line 124: |
Line 145: |
| [VM Name] | | [VM Name] |
| address vmname.sugarlabs.org | | address vmname.sugarlabs.org |
| + | |
| + | * Replace sendmail with postfix |
| + | |
| + | Create /etc/postfix/main.cf and paste the following into it replacing template-fedora13 with the new VM name |
| + | |
| + | smtpd_banner = $myhostname ESMTP $mail_name (Fedora) |
| + | biff = no |
| + | |
| + | # appending .domain is the MUA's job. |
| + | append_dot_mydomain = no |
| + | |
| + | # Uncomment the next line to generate "delayed mail" warnings |
| + | #delay_warning_time = 4h |
| + | |
| + | readme_directory = no |
| + | |
| + | # TLS parameters |
| + | smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem |
| + | smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key |
| + | smtpd_use_tls=yes |
| + | smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache |
| + | smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache |
| + | |
| + | # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for |
| + | # information on enabling SSL in the smtp client. |
| + | |
| + | #bernie |
| + | myhostname = template-fedora13.sugarlabs.org |
| + | alias_maps = hash:/etc/aliases |
| + | alias_database = hash:/etc/aliases |
| + | myorigin = /etc/mailname |
| + | mydestination = |
| + | template-fedora13.sugarlabs.org, |
| + | localhost.sugarlabs.org, |
| + | localhost, |
| + | sugarlabs.org |
| + | relayhost = |
| + | |
| + | mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 |
| + | mailbox_size_limit = 0 |
| + | recipient_delimiter = + |
| + | inet_interfaces = all |
| + | #bernie |
| + | home_mailbox = Maildir/ |
| + | |
| + | #bernie: as suggested by mostro |
| + | smtpd_recipient_restrictions = |
| + | permit_mynetworks |
| + | permit_sasl_authenticated |
| + | reject_unauth_destination |
| + | reject_rbl_client bl.spamcop.net |
| + | reject_rbl_client zen.spamhaus.org |
| + | reject_rbl_client dnsbl.njabl.org |
| + | reject_rbl_client dnsbl.sorbs.net |
| + | reject_rbl_client cbl.abuseat.org |
| + | reject_unknown_recipient_domain |
| + | reject_non_fqdn_recipient |
| + | reject_unlisted_recipient |
| + | |
| + | * Disable sendmail & enable postfix |
| + | |
| + | service sendmail stop |
| + | service postfix start |
| + | chkconfig sendmail off |
| + | chkconfig postfix on |
| + | |
| + | * Get all system mail forwarded to the systems-logs@ list |
| + | |
| + | cat >>/etc/aliases <__EOF__ |
| + | #bernie |
| + | root: systems-logs@lists.sugarlabs.org |
| + | __EOF__ |
| + | newaliases |
| + | |
| + | |
| + | === Clone the VM === |
| + | |
| + | * Login to the host system & clone the VM |
| + | |
| + | sudo virt-clone --connect=qemu:///system -o template-fedora13 -n "new VM name" -f /srv/vm/"new VM name".qcow2 |
| + | |
| + | * Start the new VM and make sure it boots (networking probably will not work, we will fix that later) |
| + | |
| + | sudo virsh start --console "new VM name" |
| + | |
| + | * edit /etc/sysconfig/network and change the hostname |
| + | |
| + | HOSTNAME=''newvm''.sugarlabs.org |
| + | |
| + | * Add the hostname to the sugarlabs zone file in the [[Service/Nameservers|nameservers]]. |
| + | |
| + | * Edit network configuration /etc/sysconfig/network-scripts/ifcfg-eth0 to update IPv4 and IPv6 addresses |
| + | |
| + | * Edit /etc/udeve/rules.d/XX-persistent-net.rules |
| + | |
| + | Remove definition for eth0 it will get regenerated on reboot |
| + | |
| + | * Reboot the system, when it comes back up networking should work |
| + | |
| + | * remove old ssh keys & generate new ones |
| + | |
| + | rm -rf /etc/ssh/ssh_host_* |
| + | |
| + | service sshd restart |
| + | |
| + | * create new key for root |
| + | |
| + | ssh-keygen -N "" -f /root/.ssh/id_rsa -t rsa |
| + | |
| + | * update /etc/system-full-backup.conf |
| + | |
| + | * update the motd |
| + | |
| + | vim /etc/motd |
| + | |
| + | * Add the machine to /etc/munin/munin.conf on Machine/sunjammer for monitoring. |
| + | |
| + | [''newvm''.sugarlabs.org] |
| + | address ''newvm''.sugarlabs.org |