1,764
edits
Changes
no edit summary
chkconfig network on
chkconfig network on
start network
start network
* Optimize creation of new users
mkdir /etc/skel/.ssh
cat >/etc/skel/.ssh.authorized_keys <<__EOF__
# Place your ssh public keys here, one per line
__EOF__
chmod g-w -R /etc/skel/.ssh
* Create sysadmin accounts:
* Create sysadmin accounts:
useradd -c "Bernie Innocenti" -m bernie
useradd -c "Bernie Innocenti" -m bernie
cat >>/home/bernie/.ssh/authorized_keys
cat >>/home/bernie/.ssh/authorized_keys
vigr
vigr
* Uncomment "%wheel ALL=(ALL) NOPASSWD: ALL" line in sudoers
* Edit sudoers with visudo:
** Uncomment "%wheel ALL=(ALL) NOPASSWD: ALL"
** Add these lines
#bernie: forward agent
Defaults env_keep += "SSH_AUTH_SOCK"
* Switch from serial console to ssh
ssh root@template-fedora13.sugarlabs.org
ssh root@template-fedora13.sugarlabs.org
yum install etckeeper bash-completion git-core strace munin-node duplicity postfix vim devtodo man
yum install etckeeper bash-completion git-core strace munin-node duplicity postfix vim devtodo man
* insert into /etc/munin/munin-node.conf
* Enable etckeeper:
etckeeper init
* Insert into /etc/munin/munin-node.conf:
#SMParrish
#SMParrish
ssh-keygen -N "" -f /root/.ssh/id_rsa -t rsa
ssh-keygen -N "" -f /root/.ssh/id_rsa -t rsa
* Install our standard scripts
rsync -aP bernie@sunjammer.sugarlabs.org:/usr/src/devtools/ /usr/src/devtools/
ln -sf /usr/src/devtools/sysadm/bashrc.sh /etc/skel/.bashrc
ln -sf /usr/src/devtools/sysadm/bashrc.sh /root/.bashrc
ln -sf /usr/src/devtools/sysadm/zzz_profile.sh /etc/profile.d/zzz_profile.sh
ln -sf /usr/src/devtools/conf/vimrc /etc/vimrc
* create /etc/system-full-backup.conf
* create /etc/system-full-backup.conf
[VM Name]
[VM Name]
address vmname.sugarlabs.org
address vmname.sugarlabs.org
* Replace sendmail with postfix
Create /etc/postfix/main.cf and paste the following into it replacing template-fedora13 with the new VM name
smtpd_banner = $myhostname ESMTP $mail_name (Fedora)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
#bernie
myhostname = template-fedora13.sugarlabs.org
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =
template-fedora13.sugarlabs.org,
localhost.sugarlabs.org,
localhost,
sugarlabs.org
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
#bernie
home_mailbox = Maildir/
#bernie: as suggested by mostro
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
reject_rbl_client bl.spamcop.net
reject_rbl_client zen.spamhaus.org
reject_rbl_client dnsbl.njabl.org
reject_rbl_client dnsbl.sorbs.net
reject_rbl_client cbl.abuseat.org
reject_unknown_recipient_domain
reject_non_fqdn_recipient
reject_unlisted_recipient
* Disable sendmail & enable postfix
service sendmail stop
service postfix start
chkconfig sendmail off
chkconfig postfix on
* Get all system mail forwarded to the systems-logs@ list
cat >>/etc/aliases <__EOF__
#bernie
root: systems-logs@lists.sugarlabs.org
__EOF__
newaliases
=== Clone the VM ===
* Login to the host system & clone the VM
sudo virt-clone --connect=qemu:///system -o template-fedora13 -n "new VM name" -f /srv/vm/"new VM name".qcow2
* Start the new VM and make sure it boots (networking probably will not work, we will fix that later)
sudo virsh start --console "new VM name"
* edit /etc/sysconfig/network and change the hostname
HOSTNAME=''newvm''.sugarlabs.org
* Add the hostname to the sugarlabs zone file in the [[Service/Nameservers|nameservers]].
* Edit network configuration /etc/sysconfig/network-scripts/ifcfg-eth0 to update IPv4 and IPv6 addresses
* Edit /etc/udeve/rules.d/XX-persistent-net.rules
Remove definition for eth0 it will get regenerated on reboot
* Reboot the system, when it comes back up networking should work
* remove old ssh keys & generate new ones
rm -rf /etc/ssh/ssh_host_*
service sshd restart
* create new key for root
ssh-keygen -N "" -f /root/.ssh/id_rsa -t rsa
* update /etc/system-full-backup.conf
* update the motd
vim /etc/motd
* Add the machine to /etc/munin/munin.conf on Machine/sunjammer for monitoring.
[''newvm''.sugarlabs.org]
address ''newvm''.sugarlabs.org