Penguin

This page is for the configuration of the blade servers.

Specifications

The server is a HP/Compaq blade chassis with 5 BL10e blades. Thanks to HP NewZealand for sponsoring this machine!

A second chassis and ten extra blades were later donated by The Total Team via CraigFalconer.

Software

The blades all run Debian GNU/Linux 4.0 (Etch). Read about the set up at WlugAdmin. The server was configured and is maintained by the WlugSysadmins.

Where is it hosted

RuralLink.jpg RuralLink - please support our sponsors!

The server was hosted for many years at Orcon Internet, so thank you to Orcon also!

The blades

There are 5 blades:

  • hoiho.wlug.org.nz: Shell account for users
  • mail.wlug.org.nz: MailServer
  • www1.wlug.org.nz: Primary WebServer
  • www2.wlug.org.nz: Secondary WebServer. This is usually load balanced with www1 using a DNS RoundRobin, and used to store backups of the other blades. If any other blade fails, then this server can have the appropriate backup restored onto it, and removed from the DNS RoundRobin and become the missing blade.
  • db.wlug.org.nz: This is the "services" blade, running the DataBase(s), LDAP, DNS etc.

The blades have 2 interfaces, eth0 will have their realworld IP and network, eth1 will have a private network between all the blades using 10.100.100.0/24.

Things to check on each blade:

 #   Name   RW IP   FireWall   Root password   Private IP   NTP   Serial Console   Compaq Tools   Notes 
 1   hoiho   114.134.14.5   Done   Set   10.100.100.5   Syncs to db   OK       
 2   mail   114.134.14.4   Done   Set   10.100.100.4   Syncs to db   OK       
 3   www1   114.134.14.2   Done   Set   10.100.100.2   Syncs to db   OK      running Etch 
 4   www2   114.134.14.3   Done   Set   10.100.100.3   Syncs to db   OK       
 5   db   114.134.141   Done   Set   10.100.100.1   Syncs to nz.pool.ntp.org   OK      running Etch 
hoiho:
mail:
  • trial IMMDT.pm?
  • New SSL Cert

    • Could point secure.wlug.org.nz and reverse-proxy all the other web sites?
www2:
  • backups
db:
  • Fix LDAP schema (and turn schemacheck on again).
user accounts:
  • Require SSH keys to be installed in order to log in
  • required to be a member of the sysadmins group in order to log into the db, mail, www1, www2 blades
  • required to be a member of the wlugcomm group in order to run the hoihotools management scripts

zcat's PXE Debian install notes

For setting up DHCP and TFTP:

On the same blade running dhcpd/tftpd I also configured NAT (and squid) so that the debian installer can fetch packages without the blade being exposed to the public internet at all until after it's been fully configured and firewalled.

It's possibly also a good idea to lock down PXE boot to specific MAC addresses so no other blades can accidentally be PXE booted into the installer.

Only the bottom row network interfaces(eth0) can be PXE-booted. It seems the hoiho chassis has been configured with this as the "public" network so perhaps we should consider changing these around?

Files to edit

/var/lib/tftpboot/debian-installer/i386/boot-screens/menu.cfg:

First line:

serial 0 115200 0
/var/lib/tftpboot/debian-installer/i386/boot-screens/txt.cfg:

Add to LinuxKernel options:

console=ttyS0,115200

PXE-boot the desired blade, the boot menu and Debian installer should all be accessible from the iLO SerialConsole.

Post-install

Debian sets up serial console automatically, but probably a good idea to install ssh server during the install anyhow.

Whatever else we do on the blades:

 #   Name   RW IP (eth1)   FireWall   Root password   Private IP (eth0)   NTP   Serial Console   Compaq Tools   Notes 
 1   korora   10.1.1.20   no   Set   10.100.100.20      OK      1G ram, pxe server, squid proxy 
 2   blade   none   no   Set   DHCP      OK      1G ram 
 3   blade   none   no   Set   DHCP      OK       
 4   blade   none   no   Set   DHCP      OK       
 5   blade   none   no   Set   DHCP      OK       
 6   blade   none   no   Set   DHCP      OK