Ubuntu: Difference between revisions

From vwiki
Jump to navigation Jump to search
(→‎OS DNS Setup: Typo fix)
Line 146: Line 146:
Now create the internal zone that will eventually contain the local MX record for your exchange server, append the following to <code> /etc/bind/named.conf.local </code>, using your publicly registered domain name
Now create the internal zone that will eventually contain the local MX record for your exchange server, append the following to <code> /etc/bind/named.conf.local </code>, using your publicly registered domain name
<pre>
<pre>
zone "sandforit.com"  {
zone "sandfordit.com"  {
     type master;
     type master;
     file "/etc/bind/db.sandfordit.com";
     file "/etc/bind/db.sandfordit.com";

Revision as of 00:24, 11 March 2010

Initial Setup

Much of this section is borrowed from http://www.howtoforge.com/perfect-server-ubuntu8.04-lts and http://www.howtoforge.com/how-to-install-ubuntu8.04-with-software-raid1, they are well worth a read!

This section will create a Ubuntu VM installed on one partition, software RAID'ed across two VMDK's (my ESX's storage isn't resilient, hence the software RAID across VMDK's on separate physical disks, if you've got resilient storage you should not use software RAID).

Prepare Virtual Machine

  1. Create a virtual machine with the following options (use Custom)
    • Guest OS: Linux > Ubuntu 32bit
    • CPU: 1
    • Memory: 756 MB
    • Disk: 36GB
  2. Then add a second 36GB disk on a separate physical datastore (if you intend to use software RAID)
  3. Attach Ubuntu install ISO to the CD-ROM

OS Installation

Follow the default or sensible choices for your locale, however, use the following notes as well...

  • Configure the network
    • Enter the server's hostname (not a FQDN, just the hostname)
  • Partition Disks
    • If setting up software RAID follow the steps below, otherwise just select Guided - use entire disk and set up LVM
      1. Select "Manual
      2. Then create a partition...
        1. Select the first disk (sda) and on the next screen, Yes, to Create new empty partition table on this device?
        2. Select the FREE SPACE, then Create a new Partition, and use all but the last 2GB of space,
        3. And then select type of Primary, and create at Beginning
        4. Change Use as to physical volume for RAID, and change the Bootable flag to Yes, the select Done setting up this partition
      3. Repeat the above on the remaining FREE SPACE on sda, to create another primary physical volume for RAID, but 'not bootable
      4. Select the second disk, sdb, and repeat the steps taken for sda to create two identical partitions
      5. On the same screen, select the Configure Software RAID option (at the top), and then confirm through the next screen
      6. Create a RAID pack/multidisk...
        1. Select Create MD device, then select RAID1 (ie a mirror), then confirm 2 Active devices, and 0 Spare devices
        2. Select both /dev/sda1 and /dev/sdb1 partitions, and then select Finish
      7. Repeat the above to create a RAID volume using /dev/sda2 and /dev/sdb2 partitions
      8. Now select the RAID device #0 partition (select the #1 just under RAID1 device line), and change the Use as and select Ext3...
      9. Change the Mount point to /, then select Done configuring this partition
      10. Now select the RAID device #1 partition (select the #1 just under RAID1 device line), and change the Use as and select Swap area
      11. Then select Done configuring this partition then finally Finish partitioning and write changes to disk, and confirm to Write the changes to disks
      12. Accept the "The kernel was unable to re-read...system will need to restart" complaints for each RAID multidisk, after which the install will continue (note there's a little more to do post install to ensure you can boot using the second disk should the first fail).
  • Software Selection
    • DNS Server - Only required in order to configure split DNS, which is required for an exchange server install
    • OpenSSH Server - Required (allows you to Putty/SSH to the server)

Post OS Install Config

  • Enable Root
    1. Use the command sudo passwd root
    2. Enter user password, and then a strong password for the root account
  • Finish Software RAID config - only if configured during install
    1. Start-up grub (by entering grub and enter the following commands (seems to work better via SSH than direct console)...
      • device (hd1) /dev/sdb
      • root (hd1,0)
      • setup (hd1)
      • quit
    2. Then edit the /boot/grub/menu.lst config file. Go to the end of the file where the boot options are, and create a copy of the first option and edit the following lines
      • title Add "Primary disk fail" or something similar to end
      • root Change hd0 to hd1
    3. To check the RAID setup of your drives use
      • mdadm --misc -D /dev/md0
      • mdadm --misc -D /dev/md1

Change IP Address

  • Edit the /etc/network/interfaces file in the following fashion
# The primary network interface
auto eth0
iface eth0 inet static
        address 192.168.1.150
        netmask 255.255.255.0
        network 192.168.1.1
        broadcast 192.168.1.255
        gateway 192.168.1.1
  • Then check the local hosts file /etc/hosts , so that the IP v4 part looks like...
127.0.0.1       localhost
192.168.1.150   mail.home.int   mail
  • Check that DNS resolution is setup correctly (add DNS nameservers as required, as found in /etc/resolv.conf in order of pref...
nameserver 127.0.0.1
  • Then restart networking
    • sudo /etc/init.d/networking restart

Install VM Tools

  1. The pre-built modules that come with the VMTools installer are compatible, therefore the script needs to be able to compile them, however the required library files aren't available by default, so as a pre-requite, install using the following commands...
    • apt-get install build-essential
    • apt-get install linux-headers-2.6.24-26-server
      • Use uname -r to get the right headers version number
  2. Select "Install VM Tools" from the VI Client
  3. Mount the VM Tools CD-ROM
    • mount /media/cdrom0/
  4. Copy to home directory
    • cp /media/cdrom/VMwareTools-4.0.0-219382.tar.gz /home/user/
  5. Uncompress and then move into the vmware-tools-distrib directory
    • tar xf VMwareTools-4.0.0-219382.tar.gz
    • cd vmware-tools-distrib
  6. Run the install script (which might complain enough to make you thing its failed, but check its worked via the VI Client)
    • ./vmware-install.pl
  7. Restart
    • shutdown -r now

Update the OS

  • Run the following command to update the apt package database
    • apt-get update
  • To install any updates
    • apt-get upgrade

Exchange Server

DNS Records

Firstly, you need to own a public domain name, then get your ISP to create two DNS records...

  1. MX record - Mail Exchanger (MX) record
    • EG sandfordit.com [MX] -> mail.sandfordit.com
    • sandfordit.com is the domain you own, and mail is hostname of your email server (can be anything you like)
  2. A record - Standard DNS record
    • EG mail.sandfordit.com [A] -> 158.25.34.124
    • 158.25.34.124 is the static IP address assigned by your ISP. You'll need to set-up a NAT on your router (often oddly called a virtual server in domestic routers) to map incoming mail on TCP 25 to your email server's actual address (EG 158.25.34.124:25 -> 192.168.1.150:25 .

Note, instead of an A record you can use a CNAME record if you prefer, though obviously the CNAME record will still need to point to a valid A record. Using a CNAME might be preferable, if for example you've multiple services running from a single public IP, that you might want to split out in the future to run on separate IP's, at which point you can replace the CNAME records with A records.

OS DNS Setup

In order to get round the fact that your exchange server won't have the same IP (or name even) on the public internet as it will on your internal network, a DNS server is installed on the exchange server to provide MX record resolution. Procedure assumes DNS (Bind) is already installed.

Terminology...

  • Private = Home or internal network IP address and network name (eg 192.168.1.150 and mail.home.int)
  • Public = Global internet, ISP assigned IP address and registered domain name (eg 158.25.34.124 and mail.sandfordit.com)

Firstly, add the IP('s) of the DNS servers you use for resolution on your other machines to your local DNS server's list of forwarders (so that your exchange server forwards DNS resolution requests for unknown names to your normal DNS servers), edit /etc/bind/named.conf.options

options {
        directory "/var/cache/bind";
        query-source address * port 53;

        forwarders {
                192.168.1.1; 158.25.30.10;
        };

        auth-nxdomain no;    # conform to RFC1035
};

Edit /etc/resolv.conf to force the server to use its local DNS server for resolution

nameserver 127.0.0.1

Restart bind using /etc/init.d/bind9 restart and check you can resolve external addresses properly.

Now create the internal zone that will eventually contain the local MX record for your exchange server, append the following to /etc/bind/named.conf.local , using your publicly registered domain name

zone "sandfordit.com"  {
    type master;
    file "/etc/bind/db.sandfordit.com";
};

Lastly create the database file for you DNS domain /etc/bind/db.sandfordit.com, using your publicly registered domain name and private (internal) IP address for your exchange server...

;
; BIND data file for sandfordit.com
;
$TTL    604800
@       IN      SOA     mail.sandfordit.com. admin.sandfordit.com. (
                         070725         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      mail
        IN      MX      10 mail
        IN      A       192.168.1.150
mail    IN      A       192.168.1.150

Zimba Install

Reference http://wiki.zimbra.com/index.php?title=Ubuntu_8.04_LTS_Server_%28Hardy_Heron%29_Install_Guide

  1. Copy the install to the server
    • EG pscp C:\Users\Simon\Downloads\zcs-6.0.5_GA_2213.UBUNTU8.20100202225756.tgz simons@mail:zcs-6.0.5_GA_2213.UBUNTU8.20100202225756.tgz
  2. Uncompress the package
    • tar -xzf zcs-6.0.5_GA_2213.UBUNTU8.20100202225756.tgz
  3. Start the install
    • ./install.sh
    • The install will fail due to missing packages!
  4. Install the missing prerequisite packages
    • EG apt-get install libpcre3 libgmp3c2 libstdc++5 sysstat
  5. Restart the install
  6. Part-way through the install will complain about your domain not having a DNS record, change the domain to your publicly registered domain (without server hostname, so sandfordit.com rather than mail.sandfordit.com
  7. At the end of the install, address the unconfigured item (ie an admin password)

Once the install is completed, login to administer the exchange server using https://mail:7071

To enforce https for Zimbra Desktop clients use the following commands (requires a restart to take effect)...

su - zimbra
zmtlsctl https

High CPU Workaround

Zimbra seems to have some real issues with constant high CPU spikes every minute, to limit reduce the logging retention and failed process checking.

su - zimbra
zmlocalconfig -e zmmtaconfig_interval=6000
zmprov mcf zimbraLogRawLifetime 7d
zmprov mcf zimbraLogSummaryLifetime 30d
/opt/zimbra/libexec/zmlogprocess

crontab -e
*/60 * * * * /opt/zimbra/libexec/zmstatuslog 


Backup

Basic manual backup

  1. SU to Zimbra admin
    • su - zimbra
  2. Stop Zimbra services
    • zmcontrol stop
  3. Exit Zimbra user and create copy of directory
    • EG cp -rp /opt/zimbra /home/simons/zimbra_backup_100301

More elaborate scripted version http://www.zimbra.com/forums/administrators/15275-solved-yet-another-backup-script-community-version.html

MySQL

Install

  1. Run the following command to update the package database
    • apt-get update
  2. Run the following command to install MySQL
    • apt-get install mysql-server

To allow access from remote hosts...

  1. Open MySQL service TCP/IP port by editing the /etc/mysql/my.cnf config file and restarting
    • Change bind IP to server's IP, EG bind-address = 192.168.1.123
    • Restart service /etc/init.d/mysql restart
  2. Allow remote access to a user account
    • EG GRANT ALL PRIVILEGES ON *.* TO 'user'@'%' IDENTIFIED BY 'pass' WITH GRANT OPTION;


Backup

http://www.cyberciti.biz/faq/ubuntu-linux-mysql-nas-ftp-backup-script/