Machine/template-fedora13: Difference between revisions
No edit summary |
No edit summary |
||
| (10 intermediate revisions by 2 users not shown) | |||
| Line 53: | Line 53: | ||
# Place your ssh public keys here, one per line | # Place your ssh public keys here, one per line | ||
__EOF__ | __EOF__ | ||
chmod g-w -R /etc/skel/.ssh | |||
| Line 66: | Line 67: | ||
vigr | vigr | ||
* Uncomment "%wheel ALL=(ALL) NOPASSWD: ALL" | * Edit sudoers with visudo: | ||
** Uncomment "%wheel ALL=(ALL) NOPASSWD: ALL" | |||
** Add these lines | |||
#bernie: forward agent | |||
Defaults env_keep += "SSH_AUTH_SOCK" | |||
* Switch from serial console to ssh | |||
ssh root@template-fedora13.sugarlabs.org | ssh root@template-fedora13.sugarlabs.org | ||
| Line 75: | Line 83: | ||
yum install etckeeper bash-completion git-core strace munin-node duplicity postfix vim devtodo man | yum install etckeeper bash-completion git-core strace munin-node duplicity postfix vim devtodo man | ||
* | * Enable etckeeper: | ||
etckeeper init | |||
* Insert into /etc/munin/munin-node.conf: | |||
#SMParrish | #SMParrish | ||
| Line 93: | Line 105: | ||
ssh-keygen -N "" -f /root/.ssh/id_rsa -t rsa | ssh-keygen -N "" -f /root/.ssh/id_rsa -t rsa | ||
* Install our standard scripts | |||
rsync -aP bernie@sunjammer.sugarlabs.org:/usr/src/devtools/ /usr/src/devtools/ | |||
ln -sf /usr/src/devtools/sysadm/bashrc.sh /etc/skel/.bashrc | |||
ln -sf /usr/src/devtools/sysadm/bashrc.sh /root/.bashrc | |||
ln -sf /usr/src/devtools/sysadm/zzz_profile.sh /etc/profile.d/zzz_profile.sh | |||
ln -sf /usr/src/devtools/conf/vimrc /etc/vimrc | |||
* create /etc/system-full-backup.conf | * create /etc/system-full-backup.conf | ||
| Line 124: | Line 145: | ||
[VM Name] | [VM Name] | ||
address vmname.sugarlabs.org | address vmname.sugarlabs.org | ||
* Replace sendmail with postfix | |||
Create /etc/postfix/main.cf and paste the following into it replacing template-fedora13 with the new VM name | |||
smtpd_banner = $myhostname ESMTP $mail_name (Fedora) | |||
biff = no | |||
# appending .domain is the MUA's job. | |||
append_dot_mydomain = no | |||
# Uncomment the next line to generate "delayed mail" warnings | |||
#delay_warning_time = 4h | |||
readme_directory = no | |||
# TLS parameters | |||
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem | |||
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key | |||
smtpd_use_tls=yes | |||
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache | |||
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache | |||
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for | |||
# information on enabling SSL in the smtp client. | |||
#bernie | |||
myhostname = template-fedora13.sugarlabs.org | |||
alias_maps = hash:/etc/aliases | |||
alias_database = hash:/etc/aliases | |||
myorigin = /etc/mailname | |||
mydestination = | |||
template-fedora13.sugarlabs.org, | |||
localhost.sugarlabs.org, | |||
localhost, | |||
sugarlabs.org | |||
relayhost = | |||
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 | |||
mailbox_size_limit = 0 | |||
recipient_delimiter = + | |||
inet_interfaces = all | |||
#bernie | |||
home_mailbox = Maildir/ | |||
#bernie: as suggested by mostro | |||
smtpd_recipient_restrictions = | |||
permit_mynetworks | |||
permit_sasl_authenticated | |||
reject_unauth_destination | |||
reject_rbl_client bl.spamcop.net | |||
reject_rbl_client zen.spamhaus.org | |||
reject_rbl_client dnsbl.njabl.org | |||
reject_rbl_client dnsbl.sorbs.net | |||
reject_rbl_client cbl.abuseat.org | |||
reject_unknown_recipient_domain | |||
reject_non_fqdn_recipient | |||
reject_unlisted_recipient | |||
* Disable sendmail & enable postfix | |||
service sendmail stop | |||
service postfix start | |||
chkconfig sendmail off | |||
chkconfig postfix on | |||
* Get all system mail forwarded to the systems-logs@ list | |||
cat >>/etc/aliases <__EOF__ | |||
#bernie | |||
root: systems-logs@lists.sugarlabs.org | |||
__EOF__ | |||
newaliases | |||
=== Clone the VM === | |||
* Login to the host system & clone the VM | |||
sudo virt-clone --connect=qemu:///system -o template-fedora13 -n "new VM name" -f /srv/vm/"new VM name".qcow2 | |||
* Start the new VM and make sure it boots (networking probably will not work, we will fix that later) | |||
sudo virsh start --console "new VM name" | |||
* edit /etc/sysconfig/network and change the hostname | |||
HOSTNAME=''newvm''.sugarlabs.org | |||
* Add the hostname to the sugarlabs zone file in the [[Service/Nameservers|nameservers]]. | |||
* Edit network configuration /etc/sysconfig/network-scripts/ifcfg-eth0 to update IPv4 and IPv6 addresses | |||
* Edit /etc/udeve/rules.d/XX-persistent-net.rules | |||
Remove definition for eth0 it will get regenerated on reboot | |||
* Reboot the system, when it comes back up networking should work | |||
* remove old ssh keys & generate new ones | |||
rm -rf /etc/ssh/ssh_host_* | |||
service sshd restart | |||
* create new key for root | |||
ssh-keygen -N "" -f /root/.ssh/id_rsa -t rsa | |||
* update /etc/system-full-backup.conf | |||
* update the motd | |||
vim /etc/motd | |||
* Add the machine to /etc/munin/munin.conf on Machine/sunjammer for monitoring. | |||
[''newvm''.sugarlabs.org] | |||
address ''newvm''.sugarlabs.org | |||