Difference between revisions of "Machine/template-fedora13"
< Machine
Jump to navigation
Jump to search
Line 68: | Line 68: | ||
yum install etckeeper bash-completion git-core strace munin-node duplicity postfix vim devtodo man | yum install etckeeper bash-completion git-core strace munin-node duplicity postfix vim devtodo man | ||
− | * | + | * insert into /etc/munin/munin-node.conf |
+ | |||
+ | #SMParrish | ||
+ | allow ^140\.186\.70\.53$ # sunjammer.sugarlabs.org | ||
+ | allow ^10\.3\.3\.1$ # trinity.trilan | ||
+ | allow ^2001:4830:1100:48::2$ # sunjammer.sugarlabs.org (IPv6) | ||
+ | |||
+ | cd /etc/munin/plugins | ||
+ | rm if_err_eth0 entropy | ||
+ | |||
+ | * turn on munin-node | ||
+ | |||
+ | chkconfig munin-node on | ||
+ | service munin-node start | ||
+ | |||
+ | * generate key for root | ||
+ | |||
+ | ssh-keygen -N "" -f /root/.ssh/id_rsa -t rsa | ||
+ | |||
+ | * create /etc/system-full-backup.conf | ||
+ | |||
+ | #bernie: This file MUST have permissions 600 | ||
+ | echo "Please configure /etc/system-full-backup.conf and run" | ||
+ | echo " ssh-copy-id -i /root/.ssh/id_rsa.pub sugarbackup@backup.sugarlabs.org" | ||
+ | echo "then, comment out these lines to enable backups" | ||
+ | exit 1 | ||
+ | |||
+ | PASSPHRASE=ChangeMe | ||
+ | TARGET="scp://sugarbackup@backup.sugarlabs.org/backup/`hostname`" | ||
+ | |||
+ | * Install /root/.ssh/id_rsa.pub key on sugarbackup@backup.sugarlabs.org | ||
+ | |||
+ | ssh-copy-id -i /root/.ssh/id_rsa.pub sugarbackup@backup.sugarlabs.org | ||
+ | |||
+ | * log in for the first time on backup server to accept ssh fingerprint | ||
+ | |||
+ | ssh sugarbackup@backup.sugarlabs.org | ||
+ | |||
+ | * create /etc/profile.conf | ||
+ | |||
+ | #SMParrish | ||
+ | HOST_COLOR='\033[1;33m' | ||
+ | HOST_CFLAGS='-march=core2' | ||
+ | HOST_CORES=2 | ||
+ | |||
+ | * Add the machine to /etc/munin/munin.conf on Machine/sunjammer for monitoring. | ||
+ | |||
+ | [VM Name] | ||
+ | address vmname.sugarlabs.org |
Revision as of 10:33, 27 July 2010
Guest installation
qemu-img create -f qcow2 /srv/vm/template-fedora13.qcow2 10G virt-install -v --accelerate --nographics -x console=ttyS0,115200 \ --name template-fedora13 --vcpus=4 --ram $((1*1024)) \ --os-type=linux --os-variant=fedora13 \ --network bridge:br0 \ --disk /srv/vm/template-fedora13.qcow2 \ --location http://download.fedora.redhat.com/pub/fedora/linux/releases/13/Fedora/x86_64/os/
- In Anaconda, select graphical installation over vnc
- Layout the disk with a single primary partition for root
- In package selection, choose "minimal system"
Initial configuration
At the end of installation, boot with:
virsh start --console template-fedora13
- Set ssh keys of Sugar Labs sysadmins:
mkdir ~/.ssh cat >>~/.ssh/authorized_keys paste keys
- Configure the SSH daemon:
vi /etc/ssh/sshd_config PermitRootLogin yes PermitEmptyPasswords no PasswordAuthentication no service sshd restart setsebool -P ssh_sysadm_login on
- Put selinux in permissive mode (while we patiently wait for the day in which selinux in Fedora will become sort of usable out of the box without major tweaks):
vi /etc/sysconfig/selinux
- Remove root password (this lets us login from the console with no password):
vipw -s
- Enable traditional networking (no NetworkManager nonsense):
chkconfig network on start network
- Create sysadmin accounts:
mkdir /etc/skel/.ssh useradd -c "Bernie Innocenti" -m bernie cat >>/home/bernie/.ssh/authorized_keys chown -R bernie:bernie /home/bernie/.ssh ...
- Add users to wheel group (no better way in Fedora?):
vigr
- Uncomment "%wheel ALL=(ALL) NOPASSWD: ALL" line in sudoers
visudo
ssh root@template-fedora13.sugarlabs.org
- Install a bunch of useful rpms:
yum install etckeeper bash-completion git-core strace munin-node duplicity postfix vim devtodo man
- insert into /etc/munin/munin-node.conf
#SMParrish allow ^140\.186\.70\.53$ # sunjammer.sugarlabs.org allow ^10\.3\.3\.1$ # trinity.trilan allow ^2001:4830:1100:48::2$ # sunjammer.sugarlabs.org (IPv6)
cd /etc/munin/plugins rm if_err_eth0 entropy
- turn on munin-node
chkconfig munin-node on service munin-node start
- generate key for root
ssh-keygen -N "" -f /root/.ssh/id_rsa -t rsa
- create /etc/system-full-backup.conf
#bernie: This file MUST have permissions 600 echo "Please configure /etc/system-full-backup.conf and run" echo " ssh-copy-id -i /root/.ssh/id_rsa.pub sugarbackup@backup.sugarlabs.org" echo "then, comment out these lines to enable backups" exit 1
PASSPHRASE=ChangeMe TARGET="scp://sugarbackup@backup.sugarlabs.org/backup/`hostname`"
- Install /root/.ssh/id_rsa.pub key on sugarbackup@backup.sugarlabs.org
ssh-copy-id -i /root/.ssh/id_rsa.pub sugarbackup@backup.sugarlabs.org
- log in for the first time on backup server to accept ssh fingerprint
ssh sugarbackup@backup.sugarlabs.org
- create /etc/profile.conf
#SMParrish HOST_COLOR='\033[1;33m' HOST_CFLAGS='-march=core2' HOST_CORES=2
- Add the machine to /etc/munin/munin.conf on Machine/sunjammer for monitoring.
[VM Name] address vmname.sugarlabs.org