Line 83: |
Line 83: |
| yum install etckeeper bash-completion git-core strace munin-node duplicity postfix vim devtodo man | | yum install etckeeper bash-completion git-core strace munin-node duplicity postfix vim devtodo man |
| | | |
− | * insert into /etc/munin/munin-node.conf | + | * Enable etckeeper: |
| + | |
| + | etckeeper init |
| + | |
| + | * Insert into /etc/munin/munin-node.conf: |
| | | |
| #SMParrish | | #SMParrish |
Line 144: |
Line 148: |
| * Replace sendmail with postfix | | * Replace sendmail with postfix |
| | | |
− | Create /etc/postfix/main.cf and paste the following into it replacing template-fedora13
| + | Create /etc/postfix/main.cf and paste the following into it replacing template-fedora13 with the new VM name |
− | with the new VM name
| |
| | | |
| smtpd_banner = $myhostname ESMTP $mail_name (Fedora) | | smtpd_banner = $myhostname ESMTP $mail_name (Fedora) |
| biff = no | | biff = no |
− | | + | |
| # appending .domain is the MUA's job. | | # appending .domain is the MUA's job. |
| append_dot_mydomain = no | | append_dot_mydomain = no |
− | | + | |
| # Uncomment the next line to generate "delayed mail" warnings | | # Uncomment the next line to generate "delayed mail" warnings |
| #delay_warning_time = 4h | | #delay_warning_time = 4h |
− | | + | |
| readme_directory = no | | readme_directory = no |
− | | + | |
| # TLS parameters | | # TLS parameters |
| smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem | | smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem |
Line 164: |
Line 167: |
| smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache | | smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache |
| smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache | | smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache |
− | | + | |
| # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for | | # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for |
| # information on enabling SSL in the smtp client. | | # information on enabling SSL in the smtp client. |
− | | + | |
| #bernie | | #bernie |
| myhostname = template-fedora13.sugarlabs.org | | myhostname = template-fedora13.sugarlabs.org |
Line 179: |
Line 182: |
| sugarlabs.org | | sugarlabs.org |
| relayhost = | | relayhost = |
− | | + | |
| mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 | | mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 |
| mailbox_size_limit = 0 | | mailbox_size_limit = 0 |
Line 186: |
Line 189: |
| #bernie | | #bernie |
| home_mailbox = Maildir/ | | home_mailbox = Maildir/ |
− | | + | |
| #bernie: as suggested by mostro | | #bernie: as suggested by mostro |
| smtpd_recipient_restrictions = | | smtpd_recipient_restrictions = |
Line 201: |
Line 204: |
| reject_unlisted_recipient | | reject_unlisted_recipient |
| | | |
− | * disable sendmail & enable postfix | + | * Disable sendmail & enable postfix |
| | | |
| service sendmail stop | | service sendmail stop |
Line 207: |
Line 210: |
| chkconfig sendmail off | | chkconfig sendmail off |
| chkconfig postfix on | | chkconfig postfix on |
| + | |
| + | * Get all system mail forwarded to the systems-logs@ list |
| + | |
| + | cat >>/etc/aliases <__EOF__ |
| + | #bernie |
| + | root: systems-logs@lists.sugarlabs.org |
| + | __EOF__ |
| + | newaliases |
| + | |
| + | |
| + | === Clone the VM === |
| + | |
| + | * Login to the host system & clone the VM |
| + | |
| + | sudo virt-clone --connect=qemu:///system -o template-fedora13 -n "new VM name" -f /srv/vm/"new VM name".qcow2 |
| + | |
| + | * Start the new VM and make sure it boots (networking probably will not work, we will fix that later) |
| + | |
| + | sudo virsh start --console "new VM name" |
| + | |
| + | * edit /etc/sysconfig/network and change the hostname |
| + | |
| + | HOSTNAME=''newvm''.sugarlabs.org |
| + | |
| + | * Add the hostname to the sugarlabs zone file in the [[Service/Nameservers|nameservers]]. |
| + | |
| + | * Edit network configuration /etc/sysconfig/network-scripts/ifcfg-eth0 to update IPv4 and IPv6 addresses |
| + | |
| + | * Edit /etc/udeve/rules.d/XX-persistent-net.rules |
| + | |
| + | Remove definition for eth0 it will get regenerated on reboot |
| + | |
| + | * Reboot the system, when it comes back up networking should work |
| + | |
| + | * remove old ssh keys & generate new ones |
| + | |
| + | rm -rf /etc/ssh/ssh_host_* |
| + | |
| + | service sshd restart |
| + | |
| + | * create new key for root |
| + | |
| + | ssh-keygen -N "" -f /root/.ssh/id_rsa -t rsa |
| + | |
| + | * update /etc/system-full-backup.conf |
| + | |
| + | * update the motd |
| + | |
| + | vim /etc/motd |
| + | |
| + | * Add the machine to /etc/munin/munin.conf on Machine/sunjammer for monitoring. |
| + | |
| + | [''newvm''.sugarlabs.org] |
| + | address ''newvm''.sugarlabs.org |