[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-cvs] /srv/bzr/administration r245: Update documentation for Do
|
From: |
Sylvain Beucler |
|
Subject: |
[Savannah-cvs] /srv/bzr/administration r245: Update documentation for Dom0 + start backup scripts |
|
Date: |
Sat, 18 Dec 2010 20:56:20 +0100 |
|
User-agent: |
Bazaar (2.0.3) |
------------------------------------------------------------
revno: 245
committer: Sylvain Beucler <address@hidden>
branch nick: infra
timestamp: Sat 2010-12-18 20:56:20 +0100
message:
Update documentation for Dom0 + start backup scripts
added:
TODO
backup/
backup/dl-confidential.sh
backup/dl.sh
modified:
dom0.txt
=== added file 'TODO'
--- a/TODO 1970-01-01 00:00:00 +0000
+++ b/TODO 2010-12-18 19:56:20 +0000
@@ -0,0 +1,2 @@
+- Mount filesystems with noatime
+- Update cvs/check_cvsroot
=== added directory 'backup'
=== added file 'backup/dl-confidential.sh'
--- a/backup/dl-confidential.sh 1970-01-01 00:00:00 +0000
+++ b/backup/dl-confidential.sh 2010-12-18 19:56:20 +0000
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+# Confidential files
+
+rsync -avHS address@hidden:/ colonialone.fsf.org/ \
+ --include '/root/' \
+ --include '/root/.ssh/' \
+ --include '/root/.ssh/authorized_keys' \
+ --exclude '*'
=== added file 'backup/dl.sh'
--- a/backup/dl.sh 1970-01-01 00:00:00 +0000
+++ b/backup/dl.sh 2010-12-18 19:56:20 +0000
@@ -0,0 +1,90 @@
+#!/bin/bash
+
+# These are the files necessary to rebuild the system. They come as a
+# complement to the .txt instructions files from the 'administration'
+# repository. Ideally we should automatically generate this file
+# using the '#file:' annotations in those files (we could also check
+# if all files are well rsync'd, so we could track typos).
+
+# Do not backup generatable or sed-able files. Document how to
+# produce them instead.
+
+# We should make these files public so that people could easily
+# reproduce the Savannah configuration. Backup confidential files
+# (such as 'authorized_files') using 'dl-confidential.sh'.
+
+rsync -avHS address@hidden:/ colonialone.fsf.org/ \
+ \
+ --exclude '*~' \
+ \
+ --include '/root/' \
+ --include '/root/.profile' \
+ --include '/root/remote_backup.sh' \
+ \
+ --include '/home/' \
+ --include '/home/syncaliases/' \
+ --include '/home/syncaliases/00_aliases/' \
+ --include '/home/syncaliases/00_aliases/aliases' \
+ --include '/home/syncaliases/00_aliases/README' \
+ --include '/home/syncaliases/.ssh/' \
+ --include '/home/syncaliases/.ssh/authorized_keys' \
+ \
+ --include '/etc/' \
+ --include '/etc/aliases' \
+ --include '/etc/cron.daily/' \
+ --include '/etc/cron.daily/backup-bind' \
+ --include '/etc/diffmon/' \
+ --include '/etc/diffmon/diffmon.cf' \
+ \
+ --include '/etc/' \
+ --include '/etc/xen/' \
+ --include '/etc/xen/xend-config.sxp' \
+ --include '/etc/xen/auto/***' \
+ --include '/etc/xen/disabled/***' \
+ \
+ --include '/etc/' \
+ --include '/etc/network/' \
+ --include '/etc/network/interfaces' \
+ --include '/etc/network/firewall.sh' \
+ \
+ --exclude '*'
+
+rsync -avHS address@hidden:/ vcs-noshell.in.sv.gnu.org/ \
+ \
+ --include '/etc/' \
+ --include '/etc/init.d/' \
+ --include '/etc/init.d/cvs-permissions' \
+ --include '/etc/init.d/cvs_lockdirs' \
+ --include '/etc/libnss-mysql.cfg' \
+ --include '/etc/libnss-mysql-root.cfg' \
+ \
+ --exclude '*'
+# Mangle passwords (TODO: split them in separate file)
+sed -i -e 's/^password.*/password XXXXX/' \
+ vcs-noshell.in.sv.gnu.org/etc/libnss-mysql.cfg \
+ vcs-noshell.in.sv.gnu.org/etc/libnss-mysql-root.cfg
+
+rsync -avHS address@hidden:/ frontend.in.sv.gnu.org/ \
+ \
+ --exclude '*~' \
+ \
+ --include '/etc/' \
+ --include '/etc/cron.daily/' \
+ --include '/etc/cron.daily/sv_list_groups' \
+ \
+ --include '/etc/' \
+ --include '/etc/apache2/' \
+ --include '/etc/apache2/sites-availables/***' \
+ --include '/etc/apache2/conf.d/' \
+ --include '/etc/apache2/conf.d/detect_bot.conf' \
+ \
+ --include '/etc/' \
+ --include '/etc/savane/' \
+ --include '/etc/savane/.savane.conf.php' \
+ --include '/etc/savane/savane.conf.pl' \
+ \
+ --exclude '*'
+# Mangle passwords (TODO: split them in separate file)
+sed -i -e 's/\$sys_dbpasswd=.*/$sys_dbpasswd=XXXXX/' \
+ frontend.in.sv.gnu.org/etc/savane/.savane.conf.php \
+ frontend.in.sv.gnu.org/etc/savane/savane.conf.pl
=== modified file 'dom0.txt'
--- a/dom0.txt 2009-06-22 22:10:58 +0000
+++ b/dom0.txt 2010-12-18 19:56:20 +0000
@@ -1,54 +1,58 @@
-dom0 - or the host/root system, in which the guest/vservers live
-
-# Replicate /etc/passwd and /etc/group
-# file: /etc/cron.d/savane
-
-# Check for cracking attemps
-# file: /etc/cron.d/check_cvsroot
-
-Other things of interest:
-
-- The data filesystem is mounted with acl,noatime options
-
-- alternate SSH running on port 24 in case you crash port 22's
-
-- user 'root2' with a different password can be used via the virtual
- console
-
-- offline Apache with "sorry we're in maintenance" message ready to be
- run in case of downtime
-
-- exim4 is configured to forward to 10.0.0.101
-
-
-Special files and dirs:
-/root/
-/usr/src/
-/etc/cron.d/savane
-/etc/cron.d/check_cvsroot
-/etc/snmp/snmpd.conf
-/etc/network/interfaces
-/etc/network/firewall.sh
-/etc/modules
-/etc/munin/munin-node.conf
-/etc/munin/plugin-conf.d/munin-node
-/home/svadmin/
-/home/syncaliases/
-/var/www/
-/etc/aliases
-
-/etc/mdadm/mdadm.conf
-# notification to root-all (i.e. Savannah Hackers + FSF Sysadmins)q:
-MAILADDR root-all
-
-# Disabled:
-#aptitude install chkrootkit tiger
-# adapt Debian-specific configuration, attempting to reduce noise:
-#sed -i -e 's/DIFF_MODE=.*/DIFF_MODE="true"/' /etc/chkrootkit.conf
+# dom0 - or the host/root system, in which the guest/VMs live
+
+# FSF sysadmin:
+# /etc/snmp/snmpd.conf
+# mdadm
+# Check that notifications are sent to both Savannah Hackers and FSF Sysadmins
+#sed -i -e 's/AUTOCHECK=.*/# Caused troubles when it happened during the
backup\nAUTOCHECK=false/' /etc/default/mdadm
+
+#file: /etc/xen/auto/
+#file: /etc/xen/disabled/
+# Disable snapshotting on shutdown:
+sed -i -e 's,XENDOMAINS_SAVE="",XENDOMAINS_SAVE=/var/lib/xen/save,'
+# Configure /etc/xen/xend-config.sxp to work with virt-manager
+# [(xend-unix-server yes)], and disable use of 'peth0'
+# [(network-script network-dummy)]; not sure what FSF sysadmin
+# configure, so backing it up:
+#file: /etc/xen/xend-config.sxp
+
+# TODO: Rebuild /etc/xen/mbr/ by script
+# (empty fake MBRs to fool GRUB in the VMs)
+
+
+apt-get install ntp
+# Install /root/.ssh/authorized_keys (confidential)
+
+# file: /root/remote_backup.sh
+# file: /root/.profile
+
+apt-get install diffmon
+# file: /etc/diffmon/diffmon.cf
+
+# file: /etc/cron.daily/backup-bind
+
+# file: /etc/aliases
+sed -i -e 's/^root:.*/root: address@hidden, address@hidden, root/' /etc/aliases
+# Aliases @savannah.gnu.org:
+adduser syncaliases
+# file: /home/syncaliases/00_aliases/aliases
+# file: /home/syncaliases/00_aliases/README
+# file: /home/syncaliases/.ssh/authorized_keys
+
+
+
+# Add user 'root2' with a different password can be used via the virtual
console
+
+# Network:
+# file: /etc/network/interfaces
+# file: /etc/network/firewall.sh
apt-get install munin-node
-- munin-node.conf:
-allow ^10\.0\.0\.101$
-- plugin-conf.d:
-[cpu*]
-env.scaleto100 yes
+echo "allow ^10\.1\.0\.101$" >> /etc/munin/munin-node.conf
+invoke-rc.d numunin-node restart
+
+# Optional:
+#cat <<EOF >> /etc/munin/plugin-conf.d/munin-node
+#[cpu*]
+#env.scaleto100 yes
+#EOF
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Savannah-cvs] /srv/bzr/administration r245: Update documentation for Dom0 + start backup scripts,
Sylvain Beucler <=