DokuWiki

This is a young doc that I haven't finished yet. But I don't want to lose it, so here we are (see below).

Once these instructions are done start with the “generic CS Machine” instructions if necessary.

Build generic centos box, with whatever options and disk setup you want. If you need partitioning guidelines, do this: 200M /boot partition, 10-15Gb root partition, 2x RAM for swapspace, and a 2nd partition for user space (/data, /home, or whatever you want to call the partition).

Pick GNOME DESKTOP, SERVER, and SERVER-GUI software sets. If the machine is not going to be an individual-use machine, just pick the two SERVER sets, and leave the DESKTOP stuff off.

Selecting “CentOS Extras” crashed the 5.4 x86_64 installer, so selecting that might not be good. I no longer select this.

Leave all firewall crap on. Holes in firewall: SMTP SSH. Also add 10080 tcp and 10080 udp. Depending on how the machine will be used you might want NFSv4 and/or SAMBA.

In SE-Linux setup, pick “Permissive” – unless you like endlessly adding security exceptions to make your machine function.

Use NTP, keep the defaults because they will be overwritten no matter what you pick. We will select NTP server(s) later.

Let the installer run.

When the box comes up, login as root and continue with the post-boot config:

Activate KDUMP, give it 128M of RAM (or the default).

Optional:

• Edit /etc/yum/pluginconf.d/fastestmirror.conf and disable it by settin g“enabled” to 0.
• Edit /etc/yum.repos.d/CentOS-Base.repo comment out mirrorlists, and replace the standard disto location with download.wpi.edu/pub/centos/[…]

add mvoorhis(etc) to wheel group and lp group

use visudo to allow wheel group to run all commands (with password!)

edit /etc/syslog.conf adding logging of *.* to @cslog.cs.wpi.edu and @rous.wpi.edu .

create /etc/dhclient.conf, add this text to it:

append domain-name " wpi.edu cs.wpi.edu acm.wpi.edu ece.wpi.edu ";
request subnet-mask, broadcast-address, routers, domain-name, domain-name-servers, host-name;

edit /etc/logrotate.conf to keep 20 weeks of logs instead of 4. Uncomment #compress so that all these logfiles get compressed.

install AMANDA, the tape backup client. The package name is “amanda-client”:

 yum install amanda-client
 

Once installed, you'll need to enable amanda by editing /etc/xinetd.d/amanda and changing the “disable” entry from “yes” to “no” .

edit /etc/sysconfig/iptables-config … add “ip_conntrack_amanda” to the IPTABLES_MODULES entry. Entries in the modules def are separated by spaces.

Use “system-config-network” to open TCP and UDP port 10080 on the machine.

Next, edit /etc/modprobe.conf, and add the line:

options  ip_conntrack_amanda  master_timeout=3600

So that Amanda backups will function. Next, edit the file ~amanda/.amandahosts … remove any text in that file and replace with the line

rous.wpi.edu operator

which allows the ROUS tape server to backup files on this machine you're building.

You might want to use chkconfig to shut down these services:

 bluetooth cups gpm hidd isdn lvm2-monitor mdmonitor netfs nfslock pcscd portmap rpcgssd rpcidmapd avahi-daemon
 

Obviously, if you're using lvm or md disks, don't shut down the associated watchers (lvm2-monitor, mdmonitor), and if you're going to be using NFS disks from the machine you're building, don't disable any of (netfs, nfslock, portmap, rpc*).

If you're using a Virtual Machine to run CentOS, you won't need SMARTD.

Next, reboot the machine and repair the ntp.conf file on it, instead of whatever servers it has, it wants this:

server ntp.cs.wpi.edu iburst prefer
server ntp.wpi.edu 
server 127.127.1.0
fudge 127.127.1.0 stratum 10

Xen was a system for running Virtual machines in Linux, but it was on the way out in late 2010. If you are installing CentOS on a XEN Virtual machine, install a xen kernel:

yum install kernel-xen
yum erase kernel.x86_64 kernel.i386

WHen you reboot after this, you'll end up with no network, mysteriously. Go to /etc/sysconfig/network-scripts, and rename ifcfg-eth0.bak to be ifcfg-eth0 again. Nobody knows why the kernel install renamed your network config in this way.

edit /etc/sendmail/sendmail.mc, comment out (using “dnl in left column) the line limiting listening to 127.0.01. Also uncomment the SMART_HOST declaration and set it to smtp.wpi.edu. Run “make” in /etc/mail/ after making these edits (you may have to install a package “sendmail-cf” using the YUM package manager in order to run the “make” command here). Edit /etc/aliases to resend root-mail to root@cs.wpi.edu:

root:     root@cs.wpi.edu

If the machine has a *software* RAID, edit /etc/sysconfig/raid-check adding the raid device in there (i.e., md0, md1 etc). If your machine has a hardware RAID, you shouldn't need to deal with this stuff (?but how then do we find out about fried disks?)

edit /etc/login.defs, and increase the minimum password length from 5 to 7 characters. Make it more if you want, but your users won't like you.

Sendmail delivery using procmail will not be able to create a user's mail spool file unless you CHMOD /usr/bin/procmail to be mode 2755. So if users use .procmail (cew@) their delivery will fail unless they have an already existing /var/mail/user file.

In order to deliver emails into people's homedirectories, the procmail program must be setGID group mail (chgrp mail procmail; chmod 2555 procmail), and a symlink to the program must be made from /etc/smrsh.

In order for the vacation program to function, it must be symlinked to from /etc/smrsh. You'll need to fetch the code and build it as well, since CentOS doesn't come with a copy in the distro, nor does it appear to be available from RPMFORGE.

Try centos extras and RPMFORGE, if you need additional software.

Another package repo that Phil pointed me at is EPEL, which supposedly incorporates rpmforge. EPEL seems to require its software be philosophically correct though, so proceed with caution; you might not get some stuff you'd expect or want.