View Source: WlugBladeServer - Waikato Linux Users Group

Edit PageHistory Diff Info LikePages
This page is for the configuration of the blade servers.

!! Specifications

The server is a [HP]/[Compaq] blade chassis with 5 BL10e blades. Thanks to [HP] NewZealand for sponsoring this machine!

A second chassis and ten extra blades were later donated by [The Total Team | http://www.totalteam.co.nz/] via CraigFalconer.

!! Software

The blades all run [Debian] GNU/Linux 4.0 (Etch). Read about the set up at WlugAdmin.  The server was configured and is maintained by the WlugSysadmins.

!! Where is it hosted
[http://www.boldhorizon.co.nz/assets/gallery/logo-design/large/RuralLink.jpg]
[RuralLink | http://www.rurallink.co.nz] - please support our sponsors!

The server was hosted for many years at [Orcon Internet|http://www.orcon.net.nz/], so thank you to Orcon also!

!! The blades

There are 5 blades:
* <tt>hoiho.wlug.org.nz</tt>: [Shell] account for users
* <tt>mail.wlug.org.nz</tt>: MailServer
* <tt>www1.wlug.org.nz</tt>: Primary WebServer
* <tt>www2.wlug.org.nz</tt>: Secondary WebServer. This is usually load balanced with <tt>www1</tt> using a [DNS] RoundRobin, and used to store backups of the other blades. If any other blade fails, then this server can have the appropriate backup restored onto it, and removed from the [DNS] RoundRobin and become the missing blade.
* <tt>db.wlug.org.nz</tt>: This is the "services" blade, running the DataBase(s), [LDAP], [DNS] etc.

The blades have 2 interfaces, <tt>eth0</tt> will have their realworld [IP] and network, <tt>eth1</tt> will have a private network between all the blades using <tt>10.100.100.0/24</tt>.

!! Things to check on each blade:

<?plugin OldStyleTable
| __#__ | __Name__ | __RW IP__ | __FireWall__ | __Root password__ | __Private IP__ | __[NTP]__ | __Serial Console__ | __Compaq Tools__ | __Notes__
| 1 | <tt>hoiho</tt>|114.134.14.5|Done|Set|10.100.100.5 |Syncs to db|OK | |
| 2 | <tt>mail</tt>  |114.134.14.4|Done|Set|10.100.100.4 |Syncs to db|OK| |
| 3 | <tt>www1</tt>  |114.134.14.2|Done|Set|10.100.100.2 |Syncs to db|OK| | running Etch
| 4 | <tt>www2</tt>  |114.134.14.3|Done|Set|10.100.100.3 |Syncs to db|OK| |
| 5 | <tt>db</tt>    |114.134.141|Done|Set|10.100.100.1 |Syncs to nz.pool.ntp.org|OK| | running Etch
?>
<tt>hoiho</tt>::
	* relaxed FireWall~ing?

<tt>mail</tt>::
	* trial <tt>IMMDT.pm</tt>?
	* New [SSL] Cert
           * Could point secure.wlug.org.nz and reverse-proxy all the other web sites?

<tt>www2</tt>::
	* backups

<tt>db</tt>::
	* Fix LDAP schema (and turn schemacheck on again).

<tt>user accounts</tt>::
        * Require [SSH] keys to be installed in order to log in
        * required to be a member of the sysadmins group in order to log into the db, mail, www1, www2 blades
        * required to be a member of the wlugcomm group in order to run the hoihotools management scripts



!!! zcat's [PXE] [Debian] install notes

For setting up [DHCP] and [TFTP]:

* [Debian GNU/Linux Installation Guide: Preparing Files for TFTP Net Booting | http://www.debian.org/releases/stable/i386/ch04s05.html.en]
* [Setting Up A PXE Install Server For Multiple Linux Distributions On Debian Lenny | http://www.howtoforge.com/setting-up-a-pxe-install-server-for-multiple-linux-distributions-on-debian-lenny] (basically the same stuff, condensed)

On the same blade running dhcpd/tftpd I also configured NAT (and squid) so that the debian installer can fetch packages without the blade being exposed to the public internet at all until after it's been fully configured and firewalled.

It's possibly also a good idea to lock down [PXE] boot to specific [MAC] addresses so no other blades can accidentally be [PXE] booted into the installer.

Only the bottom row network interfaces(<tt>eth0</tt>) can be [PXE]-booted. It seems the <tt>hoiho</tt> chassis has been configured with this as the "public" network so perhaps we should consider changing these around?

!! Files to edit

<tt>/var/lib/tftpboot/debian-installer/i386/boot-screens/menu.cfg</tt>::

    First line:

    <verbatim>
    serial 0 115200 0
    </verbatim>

<tt>/var/lib/tftpboot/debian-installer/i386/boot-screens/txt.cfg</tt>::

    Add to LinuxKernel options:

    <verbatim>
    console=ttyS0,115200
    </verbatim>

[PXE]-boot the desired blade, the boot menu and [Debian] installer should all be accessible from the iLO SerialConsole.

!! Post-install

[Debian] sets up serial console automatically, but probably a good idea to install ssh server during the install anyhow.

Whatever else we do on the blades:

* proper network config
* FireWall rules
* more secure [SSH] settings
* [LDAP]?

<?plugin OldStyleTable
| __#__ | __Name__ | __RW IP__ (eth1) | __FireWall__ | __Root password__ | __Private IP__ (eth0)| __[NTP]__ | __Serial Console__ | __Compaq Tools__ | __Notes__
| 1 | <tt>korora</tt> |10.1.1.20| no |Set|10.100.100.20 | |OK | | 1G ram, pxe server, squid proxy
| 2 | <tt>blade</tt> |none| no |Set|DHCP | |OK | | 1G ram
| 3 | <tt>blade</tt> |none| no |Set|DHCP | |OK | |
| 4 | <tt>blade</tt> |none| no |Set|DHCP | |OK | |
| 5 | <tt>blade</tt> |none| no |Set|DHCP | |OK | |
| 6 | <tt>blade</tt> |none| no |Set|DHCP | |OK | |
?>
5 pages link to WlugBladeServer:
Last edited on Friday, September 17, 2010 9:51:45 pm by CraigBox
Edit PageHistory Diff Info LikePages