Penguin
Recent Changes
Blame: WlugBladeServer
EditPageHistoryDiffInfoLikePages
Annotated edit history of WlugBladeServer version 51 showing authors affecting page license. View with all changes included.
Rev Author # Line
45 JohnMcPherson 1 This page is for the configuration of the blade servers.
2
3 !! Specifications
4
5 The server is a [HP]/[Compaq] blade chassis with 5 BL10e blades. Thanks to [HP] NewZealand for sponsoring this machine!
6
7 A second chassis and ten extra blades were later donated by [The Total Team | http://www.totalteam.co.nz/] via CraigFalconer.
8
9 !! Software
10
11 The blades all run [Debian] GNU/Linux 4.0 (Etch). Read about the set up at WlugAdmin. The server was configured and is maintained by the WlugSysadmins.
12
13 !! Where is it hosted
51 CraigBox 14 [http://www.boldhorizon.co.nz/assets/gallery/logo-design/large/RuralLink.jpg]
15 [RuralLink | http://www.rurallink.co.nz] - please support our sponsors!
16
17 The server was hosted for many years at [Orcon Internet|http://www.orcon.net.nz/], so thank you to Orcon also!
45 JohnMcPherson 18
19 !! The blades
20
21 There are 5 blades:
22 * <tt>hoiho.wlug.org.nz</tt>: [Shell] account for users
23 * <tt>mail.wlug.org.nz</tt>: MailServer
24 * <tt>www1.wlug.org.nz</tt>: Primary WebServer
25 * <tt>www2.wlug.org.nz</tt>: Secondary WebServer. This is usually load balanced with <tt>www1</tt> using a [DNS] RoundRobin, and used to store backups of the other blades. If any other blade fails, then this server can have the appropriate backup restored onto it, and removed from the [DNS] RoundRobin and become the missing blade.
26 * <tt>db.wlug.org.nz</tt>: This is the "services" blade, running the DataBase(s), [LDAP], [DNS] etc.
27
28 The blades have 2 interfaces, <tt>eth0</tt> will have their realworld [IP] and network, <tt>eth1</tt> will have a private network between all the blades using <tt>10.100.100.0/24</tt>.
29
30 !! Things to check on each blade:
31
32 <?plugin OldStyleTable
33 | __#__ | __Name__ | __RW IP__ | __FireWall__ | __Root password__ | __Private IP__ | __[NTP]__ | __Serial Console__ | __Compaq Tools__ | __Notes__
51 CraigBox 34 | 1 | <tt>hoiho</tt>|114.134.14.5|Done|Set|10.100.100.5 |Syncs to db|OK | |
35 | 2 | <tt>mail</tt> |114.134.14.4|Done|Set|10.100.100.4 |Syncs to db|OK| |
36 | 3 | <tt>www1</tt> |114.134.14.2|Done|Set|10.100.100.2 |Syncs to db|OK| | running Etch
37 | 4 | <tt>www2</tt> |114.134.14.3|Done|Set|10.100.100.3 |Syncs to db|OK| |
38 | 5 | <tt>db</tt> |114.134.141|Done|Set|10.100.100.1 |Syncs to nz.pool.ntp.org|OK| | running Etch
45 JohnMcPherson 39 ?>
40 <tt>hoiho</tt>::
41 * relaxed FireWall~ing?
42
43 <tt>mail</tt>::
44 * trial <tt>IMMDT.pm</tt>?
45 * New [SSL] Cert
46 * Could point secure.wlug.org.nz and reverse-proxy all the other web sites?
47
48 <tt>www2</tt>::
49 * backups
50
51 <tt>db</tt>::
52 * Fix LDAP schema (and turn schemacheck on again).
53
54 <tt>user accounts</tt>::
55 * Require [SSH] keys to be installed in order to log in
56 * required to be a member of the sysadmins group in order to log into the db, mail, www1, www2 blades
57 * required to be a member of the wlugcomm group in order to run the hoihotools management scripts
58
59
60
61 !!! zcat's [PXE] [Debian] install notes
62
63 For setting up [DHCP] and [TFTP]:
64
65 * [Debian GNU/Linux Installation Guide: Preparing Files for TFTP Net Booting | http://www.debian.org/releases/stable/i386/ch04s05.html.en]
66 * [Setting Up A PXE Install Server For Multiple Linux Distributions On Debian Lenny | http://www.howtoforge.com/setting-up-a-pxe-install-server-for-multiple-linux-distributions-on-debian-lenny] (basically the same stuff, condensed)
67
68 On the same blade running dhcpd/tftpd I also configured NAT (and squid) so that the debian installer can fetch packages without the blade being exposed to the public internet at all until after it's been fully configured and firewalled.
69
70 It's possibly also a good idea to lock down [PXE] boot to specific [MAC] addresses so no other blades can accidentally be [PXE] booted into the installer.
71
72 Only the bottom row network interfaces(<tt>eth0</tt>) can be [PXE]-booted. It seems the <tt>hoiho</tt> chassis has been configured with this as the "public" network so perhaps we should consider changing these around?
73
74 !! Files to edit
75
76 <tt>/var/lib/tftpboot/debian-installer/i386/boot-screens/menu.cfg</tt>::
77
78 First line:
79
80 <verbatim>
81 serial 0 115200 0
82 </verbatim>
83
84 <tt>/var/lib/tftpboot/debian-installer/i386/boot-screens/txt.cfg</tt>::
85
86 Add to LinuxKernel options:
87
88 <verbatim>
89 console=ttyS0,115200
90 </verbatim>
91
92 [PXE]-boot the desired blade, the boot menu and [Debian] installer should all be accessible from the iLO SerialConsole.
93
94 !! Post-install
95
96 [Debian] sets up serial console automatically, but probably a good idea to install ssh server during the install anyhow.
97
98 Whatever else we do on the blades:
99
100 * proper network config
101 * FireWall rules
102 * more secure [SSH] settings
103 * [LDAP]?
104
105 <?plugin OldStyleTable
106 | __#__ | __Name__ | __RW IP__ (eth1) | __FireWall__ | __Root password__ | __Private IP__ (eth0)| __[NTP]__ | __Serial Console__ | __Compaq Tools__ | __Notes__
107 | 1 | <tt>korora</tt> |10.1.1.20| no |Set|10.100.100.20 | |OK | | 1G ram, pxe server, squid proxy
108 | 2 | <tt>blade</tt> |none| no |Set|DHCP | |OK | | 1G ram
109 | 3 | <tt>blade</tt> |none| no |Set|DHCP | |OK | |
110 | 4 | <tt>blade</tt> |none| no |Set|DHCP | |OK | |
111 | 5 | <tt>blade</tt> |none| no |Set|DHCP | |OK | |
112 | 6 | <tt>blade</tt> |none| no |Set|DHCP | |OK | |
113 ?>

PHP Warning

lib/blame.php:177: Warning: Invalid argument supplied for foreach()