TechDocs/TechnicalProcesses/ServerInstallation

Server installation

This is a generic server installation guide.

Choose hostname and IP address

- Hostname:

- IP address: choose among the currently available addresses, see:

- Update the DNS with the new server name and IP address

Install hardware

- Check BIOS settings

- Set up serial console or other monitoring hardware

Install OS and basic packages

- Install the latest release of Debian stable

- If the server is going to be a linux-vserver host, install a -vserver enabled

- Select the 'unix server' group of packages in tasksel

- Install and configure basic system administration tools

Kernel configuration

- Check that /etc/modules has all needed modules

Network configuration

- /etc/hostname: set hostname (then run '/bin/hostname -F /etc/hostname')

- /etc/resolv.conf: add nameservers

- /etc/hosts: add needed entries for known hosts

- /etc/hosts.allow and /etc/hosts.deny: set access rules

- /etc/init.d/firewall: if needed, add local firewall script and enable it for

Configure ssh access

- /etc/ssh/sshd_config

- On vserver guests, fix the "oom_adj vserver bug", in /etc/default/ssh

- Install authorised keys in /root/.ssh/authorized_keys

- Disable the root password in /etc/shadow

Configure logging

- rsyslog

- Logrotate

- Logcheck

- Configure /etc/aliases

- Replace exim with postfix or other simpler smtp server

Configure and complete package management

- Configure /etc/apt/sources.list, adding needed sources (e.g. backports,

- Disable automatic install of recommended packages

- Remove unneeded packages

- Install/update needed packages

- If this is a linux-vserver host, just set up ssh and no other services; create

Update internal documentation

- Add a entry in this wiki page for each service running on the server

- If the server is a physical one, add it to the hardware section of our documentation in git.

Notify interested people

- Announce the server availability on system-hackers@lists.fsfe.org, pointing to documentation

- Notify the server name and IP address to the system administrators of the hosting facility, to let them add it to the monitoring services; see the relevant contacts in: SVN:/Technology/emergency_contacts.txt

TechDocs/TechnicalProcesses/ServerInstallation (last edited 2018-04-26 11:15:10 by vincent)