Ubuntu

From vwiki
Revision as of 12:00, 19 January 2011 by Sstrutt (talk | contribs) (Added "Firewall")
Jump to navigation Jump to search

Initial Setup

Much of this section is borrowed from http://www.howtoforge.com/perfect-server-ubuntu8.04-lts and http://www.howtoforge.com/how-to-install-ubuntu8.04-with-software-raid1, they are well worth a read!

This section will create a Ubuntu VM installed on one partition, software RAID'ed across two VMDK's. To explain, my ESX's storage originally wasn't resilient, hence the software RAID across VMDK's on separate physical disks, if you've got resilient storage you should probably wouldn't use software RAID.

However, once I'd bought a nice (SOHO) NAS, I moved one disk and VM config across to NAS, thinking I'd eventually ditch the software RAID. Luckily I didn't get round to it, so when I managed to destroy my NAS (partly my fault), I could easily recover my VM's from where they left off by creating new ones and re-using the surviving VMDK file. Therefore, unless you're running a truly enterprise class NAS, that's cost you £1k's to buy, and £1k's in yearly support I'd still recommend you software RAID your critical VM's (eg mail server) across two separate devices. The whole reason you have a home set-up is to play, which inevitably means break!

Prepare Virtual Machine

  1. Create a virtual machine with the following options (use Custom)
    • Guest OS: Linux > Ubuntu 32bit
    • CPU: 1
    • Memory: 756 MB
    • Disk: 36GB
  2. Then add a second 36GB disk on a separate physical datastore (if you intend to use software RAID)
  3. Attach Ubuntu install ISO to the CD-ROM

OS Installation

Follow the default or sensible choices for your locale, however, use the following notes as well...

  • Configure the network
    • Enter the server's hostname (not a FQDN, just the hostname)
  • Partition Disks
    • If setting up software RAID follow the steps below, otherwise just select Guided - use entire disk and set up LVM
      1. Select "Manual
      2. Then create a partition...
        1. Select the first disk (sda) and on the next screen, Yes, to Create new empty partition table on this device?
        2. Select the FREE SPACE, then Create a new Partition, and use all but the last 2GB of space,
        3. And then select type of Primary, and create at Beginning
        4. Change Use as to physical volume for RAID, and change the Bootable flag to Yes, the select Done setting up this partition
      3. Repeat the above on the remaining FREE SPACE on sda, to create another primary physical volume for RAID, but 'not bootable
      4. Select the second disk, sdb, and repeat the steps taken for sda to create two identical partitions
      5. On the same screen, select the Configure Software RAID option (at the top), and then confirm through the next screen
      6. Create a RAID pack/multidisk...
        1. Select Create MD device, then select RAID1 (ie a mirror), then confirm 2 Active devices, and 0 Spare devices
        2. Select both /dev/sda1 and /dev/sdb1 partitions, and then select Finish
      7. Repeat the above to create a RAID volume using /dev/sda2 and /dev/sdb2 partitions
      8. Now select the RAID device #0 partition (select the #1 just under RAID1 device line), and change the Use as and select Ext3...
      9. Change the Mount point to /, then select Done configuring this partition
      10. Now select the RAID device #1 partition (select the #1 just under RAID1 device line), and change the Use as and select Swap area
      11. Then select Done configuring this partition then finally Finish partitioning and write changes to disk, and confirm to Write the changes to disks
      12. Accept the "The kernel was unable to re-read...system will need to restart" complaints for each RAID multidisk, after which the install will continue (note there's a little more to do post install to ensure you can boot using the second disk should the first fail).
  • Software Selection
    • DNS Server - Only required in order to configure split DNS, which is required for an exchange server install
    • OpenSSH Server - Required (allows you to Putty/SSH to the server)

Post OS Install Config

  • Enable Root
    1. Use the command sudo passwd root
    2. Enter user password, and then a strong password for the root account
  • Finish Software RAID config - only if configured during install
    1. Start-up grub (by entering grub and enter the following commands (seems to work better via SSH than direct console)...
      • device (hd1) /dev/sdb
      • root (hd1,0)
      • setup (hd1)
      • quit
    2. Then edit the /boot/grub/menu.lst config file. Go to the end of the file where the boot options are, and create a copy of the first option and edit the following lines
      • title Add "Primary disk fail" or something similar to end
      • root Change hd0 to hd1
    3. To check the RAID setup of your drives use
      • mdadm --misc -D /dev/md0
      • mdadm --misc -D /dev/md1

Change IP Address

  • Edit the /etc/network/interfaces file in the following fashion
# The primary network interface
auto eth0
iface eth0 inet static
        address 192.168.1.150
        netmask 255.255.255.0
        network 192.168.1.1
        broadcast 192.168.1.255
        gateway 192.168.1.1
  • Then check the local hosts file /etc/hosts , so that the IP v4 part looks like...
127.0.0.1       localhost
192.168.1.150   mail.home.int   mail
  • Check that DNS resolution is setup correctly (add DNS nameservers as required, as found in /etc/resolv.conf in order of pref...
nameserver 127.0.0.1
  • Then restart networking
    • sudo /etc/init.d/networking restart

Install VM Tools

The pre-built modules that come with the VMTools installer aren't compatible, therefore the script needs to be able to compile them, however the required library files aren't available by default, so the procedure is a little laboured.

Ubuntu 8.04.4 LTS

  1. Install the build library files...
    • apt-get install build-essential
    • apt-get install linux-headers-2.6.24-26-server
      • Use uname -r to get the right headers version number
  2. Select "Install VM Tools" from the VI Client
  3. Mount the VM Tools CD-ROM
    • mount /media/cdrom0/
  4. Copy to home directory
    • cp /media/cdrom/VMwareTools-4.0.0-219382.tar.gz /home/user/
  5. Uncompress and then move into the vmware-tools-distrib directory
    • tar xf VMwareTools-4.0.0-219382.tar.gz
    • cd vmware-tools-distrib
  6. Run the install script
    • ./vmware-install.pl
  7. Restart
    • shutdown -r now

Ubuntu 10.04.1 LTS

VM Tools can be installed via two methods, neither of which is ideal...

  • Using the normal VM Tools CD - requires additional library install and sometimes mounting the CDROM doesn't work too well.
  • Using APT package manager - doesn't work quite as well as it could (upgrading VM Tools isn't supported), and support for this method is rumoured to be dropped in future releases

VM Tools CD

  1. Install the build library files (not required for ESX v4.0 update 2 and later)...
    • apt-get install build-essential
  2. Select "Install VM Tools" from the VI Client
  3. Mount the VM Tools CD-ROM
    • mount /dev/cdrom /media/cdrom/
      • If /media/cdrom/ doesn't exist, create with mkdir /media/cdrom
  4. Copy to tmp directory (version number below will vary)
    • cp /media/cdrom/VMwareTools-4.0.0-236512.tar.gz /tmp/
  5. Unmount the CD-ROM, and move into tmp directory
    • umount /media/cdrom/
    • cd /tmp/
  6. Uncompress and then move into the vmware-tools-distrib directory
    • tar xzvf VMware*.gz
    • cd vmware-tools-distrib /
  7. Run the install script, and accept defaults
    • ./vmware-install.pl
  8. Restart
    • shutdown -r now

APT Package Manager

  1. Install VM Tools using apt package manager
  2. Open VMware Packaging Public GPG Key at http://packages.vmware.com/tools/VMWARE-PACKAGING-GPG-KEY.pub
  3. On the server open a new file called VMWARE-PACKAGING-GPG-KEY.pub with the /tmp directory
  4. Copy and paste the contents of the webpage into the file and save
  5. Import the key using the following command
    • apt-key add /tmp/VMWARE-PACKAGING-GPG-KEY.pub
    • You should get OK returned
  6. If you need to add a proxy see http://communities.vmware.com/servlet/JiveServlet/download/1554533-39836/Vmware%20Tools%20Guide%20Linux%20osp_install_guide.pdf
  7. Open a new vi in VI called /etc/apt/sources.list.d/vmware-tools.list
  8. Add the following line
  9. Update the repository cacahe
    • apt-get update
  10. Install VM Tools
    • apt-get install vmware-tools

Update the OS

  • Run the following command to update the apt package database
    • apt-get update
  • To install any updates
    • apt-get upgrade

Random Settings

Locale

To change the local time-zone use...

  • dpkg-reconfigure tzdata

To change the keyboard layout in use...

  • dpkg-reconfigure console-data

...if console-data isn't installed, use...

  • apt-get install console-data

...and reboot to apply

\tmp Boot Time Clean-up

The files in /tmp get deleted if their last modification time is more than TMPTIME days ago.

  1. Edit /etc/default/rcS
  2. Change TMPTI80aM80E value to specify no of days
    • Use 0 so that files are removed regardless of age.
    • Use -1 so that no files are removed.

Proxy Server

Proxy settings need to be added as environment variables, which can be added to to your profile file so as to be always be applied

  1. Edit /etc/profile
  2. Append to the bottom (edit as required)

Note that some applications will ignore the environment variables, and will need to be set specifically for those apps.

Packages

Commands

Command Purpose
dpkg --get-selections Show installed packages
dpkg -L php5-gd Show file locations of php5-gd package
apt-get update Update the package database
apt-get install <package> Install the <package> package
apt-get upgrade Upgrade installed system and packages with latest levels in package database
tasksel install <task> Installs a collection of packages as a single task, eg lamp-server
tasksel --list-task Show list of available tasks

Troubleshooting

  • Error 400 Bad Request
    • Somewhat misleadingly, the problem is normal caused by being unable to contact the update server. Consider adding proxy server config to your machine

Firewall

Ubuntu comes with UFW (Uncomplicated Firewall), which is a config tool used to modify the standard inbuilt Netfilter. If preferred, iptables can still be used.

Changes are applied immediately. Once you've added your first rule there's an implied deny all.

Command Purpose
ufw enable Enables the firewall
ufw status Shows the firewall status and existing filters
ufw allow from 192.168.1.10 Allow all traffic from 192.168.1.10
ufw allow http Allow http from any IP
ufw allow proto tcp from 192.168.1.10 to any port 22 Allow TCP 22 (SSH) from 192.168.1.10

SNMP

Setup (Pre v10)

  1. Run the following command to update the package database
    • apt-get update
  2. Run the following command to install SNMP
    • apt-get install snmpd
  3. Create config file with contents as shown below
    • vi /etc/snmp/snmpd.conf
  4. Edit SNMPD config to allow remote polls
    • vi /etc/default/snmpd
  5. Remove 127.0.0.1 from line below
    • #snmpd options (use syslog, close stdin/out/err).
    • SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1'
  6. Restart SNMP
    • /etc/init.d/snmpd restart
  7. Test with the following, replacing <hostname> with server's hostname
    • snmpwalk -v 1 -c public -O e <hostname>
rocommunity public
syslocation "CR DC"
syscontact info@sandfordit.com

Setup (v10)

  1. Run the following command to update the package database
    • apt-get update
  2. Run the following command to install SNMP
    • apt-get install snmpd
  3. Create config file with contents as shown below the procedure
    • vi /etc/snmp/snmpd.conf
  4. Edit SNMPD config to allow remote polls
    • vi /etc/default/snmpd
  5. Remove 127.0.0.1 from line below
    • #snmpd options (use syslog, close stdin/out/err).
    • SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1'
  6. Restart SNMP
    • /etc/init.d/snmpd restart
  7. Test with the following, replacing <hostname> with server's hostname (must be run from a machine with snmp installed, not just snmpd)
    • snmpwalk -v 1 -c public <hostname> system <hostname>
####
# First, map the community name (COMMUNITY) into a security name
# (local and mynetwork, depending on where the request is coming
# from):

#       sec.name  source          community
#com2sec paranoid  default         public	<- Comment
com2sec readonly  default         public	<- Uncomment
... then later ...
syslocation "CR DC"
syscontact info@sandfordit.com

MySQL

Install

  1. Run the following command to update the package database
    • apt-get update
  2. Run the following command to install MySQL
    • apt-get install mysql-server

To allow access from remote hosts...

  1. Open MySQL service TCP/IP port by editing the /etc/mysql/my.cnf config file and restarting
    • Change bind IP to server's IP, EG bind-address = 192.168.1.123
    • Restart service /etc/init.d/mysql restart
  2. Allow remote access to a user account
    • EG GRANT ALL PRIVILEGES ON *.* TO 'user'@'%' IDENTIFIED BY 'pass' WITH GRANT OPTION;


Backup

Based on http://www.cyberciti.biz/faq/ubuntu-linux-mysql-nas-ftp-backup-script/

  1. Create the required folders using...
    • mkdir backup
    • mkdir backup/mysql
  2. Create the file below (editing as required) as /backup/mysql.sh
  3. Make the file executable
    • chmod +x /backup/mysql.sh
  4. Perform a test run of the backup
  5. Schedule the script to run with crontab
    • crontab -e
    • 30 1 * * * /bin/bash /backup/mysql.sh
#!/bin/bash

### MySQL Server Login and local backup info ###
MUSER="root"
MPASS="password"
MHOST="localhost"
MYSQL="$(which mysql)"
MYSQLDUMP="$(which mysqldump)"
BAK="/backup/mysql"
LOG="/backup/mysql.log"
GZIP="$(which gzip)"
NOW=$(date -u +%Y%m%d)

## FTP info
FTPDIR="/Backup/db"
FTPUSER="backup"
FTPPASS="backup"
FTPSERVER="ftphost"

## Functions
Logger()
{
        echo `date "+%a %d/%m/%y %H:%M:%S"`: $1 >> $LOG
}

## Main Script
Logger "Started backup script..."

[ ! -d $BAK ] && mkdir -p $BAK
[ ! -d $BAK/tmp ] && mkdir -p $BAK/tmp
mv $BAK/* $BAK/tmp

DBS="$($MYSQL -u $MUSER -h $MHOST -p$MPASS -Bse 'show databases')"
for db in $DBS
do
 FILE=$BAK/$db.$NOW.gz
 Logger "Backing up $db to $FILE"
 $MYSQLDUMP -u $MUSER -h $MHOST -p$MPASS $db | $GZIP -9 > $FILE
done

Logger "Completed local backup"

## FTP to remote server
ftp -in <<EOF
open $FTPSERVER
user $FTPUSER $FTPPASS
bin
cd $FTPDIR
lcd $BAK
mput *
close
bye
EOF

if [ "$?" == "0" ]; then
 Logger "FTP upload completed successfully"
 /bin/rm -f $BAK/tmp*
 Logger "Previous local backup files removed"
else
 Logger "FTP upload failed !!!"
fi


In some versions of MySQL you will receive an error similar to...

mysqldump: Got error: 1044: Access denied for user 'root'@'localhost' to database 'information_schema' when using LOCK TABLES

It appears to be a bug, which seems to keep cropping up. As a workaround change the $MYSQLDUMP line to

 $MYSQLDUMP -u $MUSER -h $MHOST -p$MPASS --skip-lock-tables $db | $GZIP -9 > $FILE

Note that you won't backup the information_schema table if you need to implement this workaround

Troubleshooting

Network

No NIC

Especially after hardware changes, its possible the networking config no longer refers to the right interface.

  1. Use ifconfig to confirm the current network config
  2. Use dmesg | grep -i eth to ascertain what's been detected at boot time
  3. Assuming it states that say eth0 has been changed to eth1 then just update the /etc/network/interfaces file

Software RAID

Replacing a RAID 1 Disk

This procedure was written from the following starting point...

  • A machine originally with two disks in RAID1 has failed, one disk has been replaced, and machine started again

...and adapted from this post http://www.howtoforge.com/replacing_hard_disks_in_a_raid1_array

  1. Backup whatever you can before proceeding, one mistake or system error could destroy your machine
  2. Confirm which disk is new, and which is old (if the new disk is blank this is easy as there will be no partition info!)
    • fdisk -l
  3. Partition the new disk the same as the original
    • sfdisk -d /dev/sda | sfdisk /dev/sdb
  4. Confirm that the layout of both disks is now that same
    • fdisk -l
  5. Add the newly created partitions to the RAID disks
    • mdadm --manage /dev/md0 --add /dev/sdb1
    • You may have more sd partitions than md partitions, the array size return through mdadm -D /dev/md* should roughly match the number of blocks found from fdisk -l
  6. The arrays should now be being sync'ed, check progress by monitoring /proc/mdstat
    • more /proc/mdstat