Machine/template-fedora13: Difference between revisions
No edit summary |
No edit summary |
||
| (5 intermediate revisions by 2 users not shown) | |||
| Line 83: | Line 83: | ||
yum install etckeeper bash-completion git-core strace munin-node duplicity postfix vim devtodo man | yum install etckeeper bash-completion git-core strace munin-node duplicity postfix vim devtodo man | ||
* | * Enable etckeeper: | ||
etckeeper init | |||
* Insert into /etc/munin/munin-node.conf: | |||
#SMParrish | #SMParrish | ||
| Line 144: | Line 148: | ||
* Replace sendmail with postfix | * Replace sendmail with postfix | ||
Create /etc/postfix/main.cf and paste the following into it replacing template-fedora13 with the new VM name | |||
smtpd_banner = $myhostname ESMTP $mail_name (Fedora) | smtpd_banner = $myhostname ESMTP $mail_name (Fedora) | ||
biff = no | biff = no | ||
# appending .domain is the MUA's job. | # appending .domain is the MUA's job. | ||
append_dot_mydomain = no | append_dot_mydomain = no | ||
# Uncomment the next line to generate "delayed mail" warnings | # Uncomment the next line to generate "delayed mail" warnings | ||
#delay_warning_time = 4h | #delay_warning_time = 4h | ||
readme_directory = no | readme_directory = no | ||
# TLS parameters | # TLS parameters | ||
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem | smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem | ||
| Line 164: | Line 167: | ||
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache | smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache | ||
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache | smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache | ||
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for | # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for | ||
# information on enabling SSL in the smtp client. | # information on enabling SSL in the smtp client. | ||
#bernie | #bernie | ||
myhostname = template-fedora13.sugarlabs.org | myhostname = template-fedora13.sugarlabs.org | ||
| Line 179: | Line 182: | ||
sugarlabs.org | sugarlabs.org | ||
relayhost = | relayhost = | ||
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 | mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 | ||
mailbox_size_limit = 0 | mailbox_size_limit = 0 | ||
| Line 186: | Line 189: | ||
#bernie | #bernie | ||
home_mailbox = Maildir/ | home_mailbox = Maildir/ | ||
#bernie: as suggested by mostro | #bernie: as suggested by mostro | ||
smtpd_recipient_restrictions = | smtpd_recipient_restrictions = | ||
| Line 201: | Line 204: | ||
reject_unlisted_recipient | reject_unlisted_recipient | ||
* | * Disable sendmail & enable postfix | ||
service sendmail stop | service sendmail stop | ||
| Line 207: | Line 210: | ||
chkconfig sendmail off | chkconfig sendmail off | ||
chkconfig postfix on | chkconfig postfix on | ||
* Get all system mail forwarded to the systems-logs@ list | |||
cat >>/etc/aliases <__EOF__ | |||
#bernie | |||
root: systems-logs@lists.sugarlabs.org | |||
__EOF__ | |||
newaliases | |||
=== Clone the VM === | |||
* Login to the host system & clone the VM | |||
sudo virt-clone --connect=qemu:///system -o template-fedora13 -n "new VM name" -f /srv/vm/"new VM name".qcow2 | |||
* Start the new VM and make sure it boots (networking probably will not work, we will fix that later) | |||
sudo virsh start --console "new VM name" | |||
* edit /etc/sysconfig/network and change the hostname | |||
HOSTNAME=''newvm''.sugarlabs.org | |||
* Add the hostname to the sugarlabs zone file in the [[Service/Nameservers|nameservers]]. | |||
* Edit network configuration /etc/sysconfig/network-scripts/ifcfg-eth0 to update IPv4 and IPv6 addresses | |||
* Edit /etc/udeve/rules.d/XX-persistent-net.rules | |||
Remove definition for eth0 it will get regenerated on reboot | |||
* Reboot the system, when it comes back up networking should work | |||
* remove old ssh keys & generate new ones | |||
rm -rf /etc/ssh/ssh_host_* | |||
service sshd restart | |||
* create new key for root | |||
ssh-keygen -N "" -f /root/.ssh/id_rsa -t rsa | |||
* update /etc/system-full-backup.conf | |||
* update the motd | |||
vim /etc/motd | |||
* Add the machine to /etc/munin/munin.conf on Machine/sunjammer for monitoring. | |||
[''newvm''.sugarlabs.org] | |||
address ''newvm''.sugarlabs.org | |||