Standard Install of Ubuntu for Pulut
Installation
Use Ubuntu 8.04 Desktop (for ease of management, but we'll remove some modules).
- See HowToUbuntuHardyLVM Ubuntu 8.04 Hardy Heron on LVM for angch's detailed tweaks for Ubuntu on LVM)
Post installation
Change APT sources to local source (if applicable)
vim /etc/apt/sources.list
either use internally:
:%s/my.archive.ubuntu.com/ubuntu.int-bytecraft.com/ :%s/security.ubuntu.com/ubuntu.int-bytecraft.com/ :wqor externally:
:%s/my.archive.ubuntu.com/ubuntu.bytecraft.com.my/ :%s/security.ubuntu.com/ubuntu.bytecraft.com.my/ :wqapt-get update
Software
- Removal of unwanted desktop apps:
apt-get remove gnome-cards-data gnome-games gnome-games-data libggzmod4 libggzcore9 f-spot rhythmbox sound-juicer tracker tracker-search-tool diveintopython openoffice.org-help-en-gb openoffice.org-help-en-us bogofilter bogofilter-bdb bogofilter-common bluez-gnome bug-buddy fortunes-mod fortunes-min cups-pdf cupsys-driver-gutenprint xsane xsane-common mono-common mono-jit mono-runtime cdparanoia espeak espeak-data transmission-common transmission-gtk totem totem-gstreamer totem-mozilla totem-plugins totem-common libtotem-plparser10 gnome-media pidgin gimp thunderbird
apt-get remove gimp-data pidgin-data
- SMTP Email server: (untested) (exim4 over postfix for smaller footprint, and we're usually only serving as a smarthost for a beefy mail server (MX))
apt-get install exim4 dpkg-reconfigure exim4-config
- Server software:
apt-get install linux-image-server linux-headers-server openssh-server smartmontools linux-server
- Administration software:
apt-get install subversion zabbix-agent rcconf rsnapshot ntp mercurial sysstat
apt-get install logcheck logcheck-database
(configure logcheck and postfix!)
- angch's preferred software:
apt-get install jed jedstate gkrellm
- UPGRADE!
apt-get dist-upgrade apt-get autoremove
- After rebooting into -server kernel:
apt-get remove linux-generic linux-headers-generic linux-headers-2.6.24-16-generic linux-restricted-modules-generic linux-restricted-modules-2.6.24-16-generic linux-ubuntu-modules-2.6.24-16-generic linux-ubuntu-modules-2.6.24-23-generic linux-image-generic linux-image-2.6.24-23-generic linux-image-2.6.24-16-generic
Pulut LAPP stack
Recommended:
apt-get install php5-xcache php5-memcache postgresql-8.3 postgresql-contrib-8.3
See pgtune: http://pgfoundry.org/frs/?group_id=1000416&release_id=1298
Enable (already done):
# vim /etc/php5/conf.d/xcache.ini
Configuration
- mercurial on /etc
- apache config
- sysstat
mercurial
Make sure your server config is versioned:
sudo -s cd /etc hg init . hg commit -A -m 'Initial config'
/etc/cron.d
Yes, ugly, but for odd evil reasons, we need to:
- /etc/cron.d/apache2-restart
# Restart apache2 3.31 ameveryday # This is due to php5's opcode xcache's tendancy to do weird stuff after # a while # http://2bits.com/articles/php-op-code-caches-accelerators-a-must-for-a-large-site.html # http://2bits.com/articles/benchmarking-drupal-with-php-op-code-caches-apc-eaccelerator-and-xcache-compared.html # Symptom: # [Fri Sep 05 20:15:03 2008] [error] [client 127.0.0.1] ALERT - canary mismatch on efree() - heap overflow detected (attacker '127.0.0.1', file '/data/www/rumahshifa.org.my/www/sites/all/modules/image/image.module', line 290) 31 3 * * * root /etc/init.d/apache2 restart # Sometimes, apache2 stops, but does not start: 32 3 * * * root /etc/init.d/apache2 start
- /etc/cron.d/drupal
# Update cron every 15 minutes */15 * * * * root /usr/bin/wget -O - -q -i /etc/drupal-cron-url.txt
- /etc/drupal-cron-url.txt ((IMPORTANT))
http://site1.my/cron.php http://site2.my/cron.php
/etc/logcheck/logcheck.conf
# edit SENDMAILTO
/etc/sysctl.conf
# For postgresql, (use pgtune if possible)
# append: kernel.shmmax=134217728 # 128 MB kernel.shmall=2097152
/etc/postgresql/8.3/main/postgresql.conf
listen_addresses = 'localhost' max_connections = 200 ssl=false shared_buffers = 64MB synchronous_commit = off wal_sync_method = fdatasync
/etc/postgresql/8.3/main/pg_hba.conf
# IPv4 local connections: hostnossl all all 127.0.0.1/32 md5 # IPv6 local connections: hostnossl all all ::1/128 md5
/etc/default/sysstat
Collecting stats locally is a good idea:
ENABLED="true"
apache config
- Hide subversion files:
sudo -s cat >> /etc/apache2/conf.d/svn
# Protect .svn <DirectoryMatch ".*/\.svn/.*"> deny from all </DirectoryMatch>
ssh config
- Passwordless login:
/etc/ssh/sshd_config
PasswordAuthentication no
nginx config
nfs
sudo apt-get install nfs-kernel-server
mgr server
Note: Not related to pulut, here for my (angch) convinience
apt-get install dnsmasq
zabbix:
apt-get install mysql-server zabbix-agent zabbix-frontend-php zabbix-server-mysql
echo 'Acquire::http::Proxy "http://proxy.localnet:3128/";' > /etc/apt/apt.conf.d/99proxy
echo 'deb http://ppa.launchpad.net/pitti/postgresql/ubuntu hardy main' > /etc/apt/sources.list/postgresql-backports.list
NX: i386:
wget http://64.34.161.181/download/3.3.0/Linux/nxclient_3.3.0-6_i386.deb http://64.34.161.181/download/3.3.0/Linux/nxnode_3.3.0-17_i386.deb http://64.34.161.181/download/3.3.0/Linux/FE/nxserver_3.3.0-22_i386.deb
amd64:
wget http://64.34.161.181/download/3.3.0/Linux/nxclient_3.3.0-6_x86_64.deb http://64.34.161.181/download/3.3.0/Linux/nxnode_3.3.0-17_x86_64.deb http://64.34.161.181/download/3.3.0/Linux/FE/nxserver_3.3.0-22_x86_64.deb
Moving pgsql partitions
sudo -s rsync --delete -avP /var/lib/postgresql /data rsync --delete -avP /var/lib/postgresql /data invoke-rc.d postgresql-8.3 stop rsync --delete -avP /var/lib/postgresql /data mv /var/lib/postgresql /var/lib/postgresql.old mkdir /var/lib/postgresql echo "/data/postgresql /var/lib/postgresql none bind 0 0" >> /etc/fstab mount -a invoke-rc.d postgresql-8.3 start
sudo apt-get remove bluez-utils laptop-mode-tools
Note
If you use nginx, do:
sudo apt-get install libapache2-mod-rpaf
