This page is for the configuration of the blade servers.

Specifications

The server is a HP/Compaq blade chassis with 5 BL10e blades. Thanks to HP NewZealand for sponsoring this machine!

A second chassis and ten extra blades were later donated by The Total Team via CraigFalconer.

Software

The blades all run Debian GNU/Linux 4.0 (Etch). Read about the set up at WlugAdmin. The server was configured and is maintained by the WlugSysadmins.

Where is it hosted

Orcon Internet - please support our sponsors!

The blades

There are 5 blades:

• hoiho.wlug.org.nz: Shell account for users
• mail.wlug.org.nz: MailServer
• www1.wlug.org.nz: Primary WebServer
• www2.wlug.org.nz: Secondary WebServer. This is usually load balanced with www1 using a DNS RoundRobin, and used to store backups of the other blades. If any other blade fails, then this server can have the appropriate backup restored onto it, and removed from the DNS RoundRobin and become the missing blade.
• db.wlug.org.nz: This is the "services" blade, running the DataBase(s), LDAP, DNS etc.

The blades have 2 interfaces, eth0 will have their realworld IP and network, eth1 will have a private network between all the blades using 10.100.100.0/24.

Orcon have allocated 60.234.66.112/28 for WLUG's use, .113 is the gateway

Things to check on each blade:

hoiho:

• relaxed FireWalling?

mail:

• trial IMMDT.pm?

• New SSL Cert

  • Could point secure.wlug.org.nz and reverse-proxy all the other web sites?

www2:

• backups

db:

• Fix LDAP schema (and turn schemacheck on again).

user accounts:

• Require SSH keys to be installed in order to log in
• required to be a member of the sysadmins group in order to log into the db, mail, www1, www2 blades
• required to be a member of the wlugcomm group in order to run the hoihotools management scripts

zcat's PXE Debian install notes

For setting up DHCP and TFTP:

• Debian GNU/Linux Installation Guide: Preparing Files for TFTP Net Booting
• Setting Up A PXE Install Server For Multiple Linux Distributions On Debian Lenny (basically the same stuff, condensed)

On the same blade running dhcpd/tftpd I also configured NAT (and squid) so that the debian installer can fetch packages without the blade being exposed to the public internet at all until after it's been fully configured and firewalled.

It's possibly also a good idea to lock down PXE boot to specific MAC addresses so no other blades can accidentally be PXE booted into the installer.

Only the bottom row network interfaces(eth0) can be PXE-booted. It seems the hoiho chassis has been configured with this as the "public" network so perhaps we should consider changing these around?

Files to edit

/var/lib/tftpboot/debian-installer/i386/boot-screens/menu.cfg:

First line:

serial 0 115200 0

/var/lib/tftpboot/debian-installer/i386/boot-screens/txt.cfg:

Add to LinuxKernel options:

console=ttyS0,115200

PXE-boot the desired blade, the boot menu and Debian installer should all be accessible from the iLO SerialConsole.

Post-install

Debian sets up serial console automatically, but probably a good idea to install ssh server during the install anyhow.

Whatever else we do on the blades:

• proper network config
• FireWall rules
• more secure SSH settings
• LDAP?