[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-cvs] [202] Continued documentation development
|
From: |
bob |
|
Subject: |
[Savannah-cvs] [202] Continued documentation development |
|
Date: |
Wed, 27 Jul 2016 10:39:15 +0000 (UTC) |
Revision: 202
http://svn.sv.gnu.org/viewvc/?view=rev&root=administration&revision=202
Author: rwp
Date: 2016-07-27 10:39:13 +0000 (Wed, 27 Jul 2016)
Log Message:
-----------
Continued documentation development
Modified Paths:
--------------
trunk/sviki/SavannahHosts.mdwn
Modified: trunk/sviki/SavannahHosts.mdwn
===================================================================
--- trunk/sviki/SavannahHosts.mdwn 2016-07-26 22:10:28 UTC (rev 201)
+++ trunk/sviki/SavannahHosts.mdwn 2016-07-27 10:39:13 UTC (rev 202)
@@ -138,6 +138,29 @@
/etc/fstab
tmpfs /tmp tmpfs size=1g 0 0
+Check and fix if needed the /etc/hostname. Sometimes these are
+created with the FQDN and sometimes the short name. The current
+practice is to use the short name.
+
+ cat /etc/hostname
+ ...possibly sed --in-place 's/\..*//' /etc/hostname
+
+Fixup /etc/hosts so that 127.0.1.1 maps to the local hostname rather
+than the public IP address. Also it appears that the file is a
+leftover copy clone of another system. Clean out what isn't needed.
+
+ 127.0.0.1 localhost
+
+ # The following lines are desirable for IPv6 capable hosts
+ ::1 ip6-localhost ip6-loopback
+ fe00::0 ip6-localnet
+ ff00::0 ip6-mcastprefix
+ ff02::1 ip6-allnodes
+ ff02::2 ip6-allrouters
+ ff02::3 ip6-allhosts
+
+ 127.0.1.1 mgt0.savannah.gnu.org mgt0
+
Fixup /etc/network/interfaces for both IPv4 and IPv6. Also at the
present time a simple iptables firewall is loaded with a pre-up rule.
@@ -153,14 +176,28 @@
does not include IPv6. The IPv6 section will be updated in a future
edit.
+Install the machine specific iptables firewall. This is a very custom
+file that has many details of every IP address and subnet.
+
+ /etc/default/iptables-rules (much fixup needed)
+
+Future directions: Bob's comment: I do not much care for the raw
+iptables firewall rules. It is like programming in machine code. Of
+course if you can't do it in machine code then it can't be done.
+However everything is so tedious in machine code. I prefer to use a
+higher level language. I would like to switch this to Shorewall which
+is a much easier to use firewall compiler.
+
+Install postfix. Select "Internet site".
+
+ apt-get install --purge postfix
+
Bob's comment: I find Postfix to be more manageable than Exim.
Therefore it is my choice to install Postfix. Others will choose
Exim. The total capability of either is the same. In many ways it
doesn't matter very much as long as the system has an MTA and that it
is configured properly.
- apt-get install --purge postfix
-
Normally no additional fixup is needed. But with the Trisquel 7
package there were errors during the initial installation which
required corrective action. This appears to be Trisquel packaging
@@ -193,24 +230,44 @@
echo root: address@hidden >> /etc/aliases
newaliases
-Install the machine specific iptables firewall. This is a very custom
-file that has many details of every IP address and subnet.
+Edit /etc/adduser.conf and comment out the EXTRA_GROUPS setting which
+for some reason the Trisquel package maintainer has uncommented.
+Otherwise every new user will be in a lot of extra groups that are
+normally only wanted when running on the console raw. Set the
+DIR_MODE umask back to a default sharing mode. All of the admins are
+on the same team working to admin these systems. They aren't general
+purpose for our own private use.
- /etc/default/iptables-rules (much fixup needed)
+ sed --in-place '/^EXTRA_GROUPS/s/^/#/' /etc/adduser.conf
+ sed --in-place '/0751/s/0751/0755/' /etc/adduser.conf
-Future directions: Bob's comment: I do not much care for the raw
-iptables firewall rules. It is like programming in machine code. Of
-course if you can't do it in machine code then it can't be done.
-However everything is so tedious in machine code. I prefer to use a
-higher level language. I would like to switch this to Shorewall which
-is a much easier to use firewall compiler.
+Fix staff group on /usr/local which for some reason Trisquel/Ubuntu
+has removed. Put that back.
+ find /usr/local -exec chgrp staff {} +
+ find /usr/local -type d -exec chmod g+ws {} +
+
Ideally every host will have two IP addresses. One will be a stable
RFC1918 private LAN address. The other will be a floating public IP
address used for public services. This allows the IP addres to float
to a new node if needed. At the present time this does not exist but
I am working on getting this available for our use.
+Purge harmful utilities. The nscd breaks Unix ordering semantics and
+is too buggy to use. (The nscd ignores ordering of entries. The only
+way to have correct behavior is to avoid it. Trisquel seems to
+install it by default so it must be removed.)
+
+ apt-get purge nscd
+
+Install more useful utilities.
+
+ apt-get install openssh-client openssh-server
+ ssh-keygen -t rsa
+
+Since this will generate a new ssh key this new id_rsa.pub value must
+be configured elsewhere as needed.
+
Host mgt0
---------
@@ -228,6 +285,15 @@
gateway 208.118.235.1
pre-up iptables-restore < /etc/default/iptables-rules || :
+Install utilities useful on the management node.
+
+ apt-get install dsh
+
+Use like this:
+
+ dsh -M -c -f hostlist somecommand someargs
+ dsh -M -c -f hostlist df -lh /
+
Host internal0
--------------
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Savannah-cvs] [202] Continued documentation development,
bob <=