Web Operations Setup Standards

Usage:
Copyright (c) 2001 Anthony Tonns
Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License,
Version 1.1 or any later version published by the Free Software
Foundation; with no Invariant Sections, no Front-Cover Texts and
no Back-Cover Texts.  A copy of the license is included in the
section entitled "GNU Free Documentation License".
GNU Free Documentation License

Table of Contents:

  1. Make sure all the hardware is installed properly
  2. Install Solaris 2.6
  3. Network Configuration
  4. Install Patches
  5. Setup the Environment
  6. Elementary Security Setup
  7. Add to DNS
  8. Install standard packages and software
  9. Final OS installation tweaks

  1. Make sure all the hardware is installed properly

    1. Power on, hit Stop-A (L1-A) to stop boot process.
      You can do this when using the portmaster by hitting Control-] (a.k.a. ^])
      and then at the "telnet>" prompt, type "send brk"

      To prevent the machine from booting automatically, type:

      ok printenv
      ok setenv auto-boot? false
      
    2. Now reset the machine, so the SCSI bus is not active

    3. ok reset-all
      
    4. After the machine has reset, type:

    5. ok probe-scsi-all
      
      take note of which disks are installed
      (make SURE all disks/tape drives are present)

    6. Now, turn the OpenBoot "auto-boot?" flag back on.
      ok setenv auto-boot? true
      
    7. Insert the Solaris 2.6 5/98 Server Edition CD-Rom and type:
    8. ok boot cdrom -v
      
  2. Install Solaris 2.6 (this is NOT valid for Solaris 7 or 8)

    1. Pre-install options


    2. Language - English
      Locale - 0) USA - English (ASCII only)
      Terminal - [choose wisely - try "3) DEC VT100" if you don't know]
      
    3. System Identification

    4. NOTE: if F2 doesn't work, try Esc then 2

      Host name: this is "machine" (NOT "machine.women.net")
      Networked: Yes
      IP address: next one in DNS (ask if you don't know)
      Name service: Other
      Subnet: Yes
      Netmask:
      
      For the Exodus network:
      	255.255.255.0
      
      For ALL networks at 417 Fifth Ave.
      	255.255.255.192
      
      Region: United States Time Zone: Eastern Date and Time: set accurately
    5. Solaris Install

    6. NOTE: (Choose "Continue" unless otherwise specified)

      1. Solaris Interactive Installation: F4_Initial (Esc then 4)


      2. Select Software: Entire Distribution ................... 708.00 MB

      3. Do NOT install OEM CRAP (first option)

      4. Select Disks: c0t0d0
        Note:You NEED c0t0d0. Other disks can be added if you know what you are doing, otherwise they can be added post-installation

      5. Automatically Layout File Systems?: F4_Manual Layout (Esc then 4)


      6. Partition Table Layout:


      7. 	0 - /
        	1 - swap
        	2 - backup [DO NOT TOUCH]
        	3 - /usr/local
        	4 - /var
        	5 - /opt
        	6 - /usr
        	7 - metadb's
        	
        Sample partition table from a 2GB disk (sizes approximated):
        Part      Tag    Flag     Size
          0       root    wm    100.20MB (/)
          1       swap    wu    256.05MB (swap)
          2     backup    wm      1.98GB [DO NOT TOUCH]
          3        usr    wm    660.00MB (/usr/local)
          4        var    wm    200.39MB (/var)
          5 unassigned    wm    200.20MB (/opt)
          6        usr    wm    600.43MB (/usr)
          7 unassigned    wm     11.13MB (or ~15 clusters)
        
        Sample partition table from a 4GB disk (sizes approximated):
        Part      Tag    Flag     Size
          0       root    wm    100.20MB (/)
          1       swap    wu      1.00GB (swap)
          2     backup    wm      4.00GB [DO NOT TOUCH]
          3        usr    wm   1850.00MB (/usr/local)
          4        var    wm    200.39MB (/var)
          5 unassigned    wm    300.20MB (/opt)
          6        usr    wm    600.12MB (/usr)
          7 unassigned    wm     11.60MB (or ~15 clusters)
        
        Sample partition table from a 9GB disk (sizes approximated):
        Part      Tag    Flag     Size
          0       root    wm    100.20MB (/)
          1       swap    wu      2.00GB (swap)
          2     backup    wm      9.00GB [DO NOT TOUCH]
          3        usr    wm      5.00GB (/usr/local)
          4        var    wm       650MB (/var)
          5 unassigned    wm       650MB (/opt)
          6        usr    wm    600.12MB (/usr)
          7 unassigned    wm     11.60MB (or ~15 clusters)
        
      8. Configure for auto-reboot after install.


    7. Post installation Solaris 2.6 config


      1. Set default root password (ask a senior systems administrator)


      2. APM (advanced power management) setup:

      3.         ****************************************************************
                This system is configured to conserve energy.
                After 30 minutes without activity, the system state will be
                saved to disk and the system will be powered off automatically.
                
                A system that has been suspended in this way can be restored
                back to exactly where it was by pressing the power key.
                The definition of inactivity and the timeout are user
                configurable. The dtpower(1M) man page has more information.
                ****************************************************************
        
                Do you wish to accept this default configuration, allowing
                your system to save its state then power off automatically
                when it has been idle for 30 minutes?  (If this system is used
                as a server, answer n. By default autoshutdown is
                enabled.) [y,n,?] 
        
        Answer: n
                Autoshutdown has been disabled.
        
                Should the system save your answer so it won't need to ask
                the question again when you next reboot? (By default the
                question will not be asked again.) [y,n,?] 
        
        Answer: y

  3. Network Configuration

    1. DNS Setup


    2. # vi /etc/resolv.conf
      
      If host is at Exodus:
      	domain women.net
      	nameserver 216.33.32.129
      	search women.net women.com homearts.com wwire.net
      	
      If host is at 417 Fifth Ave:
      	domain women.net
      	nameserver 209.67.63.76
      	nameserver 216.33.32.129
      	search women.net women.com homearts.com wwire.net
      	
      # vi /etc/nsswitch.conf
      
      add "dns" at the end of hosts line
      	hosts:	files dns
      	
    3. Configure default gateway

    4. NOTE: this is VERY different, depending on location
      # vi /etc/hosts
      
      If the host is at Exodus, add this after the last line:
      	216.33.32.10 fwall1-qfe0
      	
      If the host is at 417 Fifth Ave - on the OPS network, add this after the last line:
      	209.67.63.193 gateway
      	
      If the host is at 417 Fifth Ave - on the OPSDMZ network, add this after the last line:
      	209.67.63.65 gateway
      	
      # vi /etc/defaultrouter
      
      If the host is at Exodus:
      	fwall1-qfe0
      	
      If the host is on the OPS and OPSDMZ subnets at 417 5th Avenue:
      	gateway
      	
    5. reboot the machine (init 6) and check the routes
    6. # netstat -rn
      
      You should see a line like:
      default              216.33.32.10          UG       0     57  
      
      This is the default route to the default gateway.

  4. Install Patches

    1. Download Patches from SunSolve


    2. cd /tmp
      ftp sunsolve.sun.com 
      
      log in as ftp, passwd is your email address
      ftp> bin
      ftp> hash
      ftp> prompt
      ftp> cd /pub/patches
      ftp> mget 2.6_R* 2.6_y*
      
      when download is complete,
      ftp> bye
      
    3. Install Patch Clusters


    4. zcat 2.6_Recommended.tar.Z | tar xf -  
      cd 2.6_Recommended
      ./install_cluster
      cd ..
      zcat 2.6_y2000_ALL.tar.Z | tar xf -  
      cd 2.6_y2000_ALL
      ./install_cluster
      cd ..
      
    5. reboot the sever to complete patch installation


  5. Setup the Environment

  6. # vi /etc/profile
    
    add this before the "trap" line:

    PATH=/usr/sbin:/sbin:/usr/bin:/usr/ucb:/usr/local/bin:/usr/etc:/usr/kvm:/usr/ccs/bin:/usr/openwin/bin:/usr/dt/bin:/usr/proc/bin:/usr/opt/SUNWmd/sbin
    MANPATH=/usr/share/man:/usr/local/man:/usr/openwin/man:/usr/dt/man:/usr/proc/man:/usr/opt/SUNWmd/man
    
    On the "export" line, add MANPATH to the end of the line
    	export LOGNAME PATH MANPATH
    	
    Logout and login again

  7. Elementary Security Setup

    1. Disable unecessary services
    2. - stop each of the rc scripts for these services and rename the file so it does not start at boot

      Example:
      stop it
      	# ./S80lp stop
      	
      rename file with "S" to "s"
      	# mv S80lp s80lp
      	
      So, in /etc/rc2.d disable all these services:
      S73nfs.client
      S74autofs
      S80lp
      S85power
      S88sendmail
      S99dtlogin
      
      NOTE: S99dtlogin should remain for desktop machines, but NOT servers.

      in /etc/rc3.d, disable all these services:
      S15nfs.server 
      S76snmpdx
      S77dmi
      
    3. Re-enable sendmail to dequeue outgoing email via cron


    4. # TERM=vt100
      
      or whatever your terminal is (dtterm if under CDE)
      # EDITOR=vi
      # export TERM EDITOR
      # stty rows 24 cols 80
      
      or whatever your terminal size is
      configure the fully qualified domain name (FQDN)
      # vi /etc/hosts
      
      REPLACE the line
      	209.67.63.199	pain
      	
      with the line
      	209.67.63.199	pain	pain.women.net
      	
      # crontab -e root
      
      add at the end of the file
      	#
      	0,15,30,45 * * * * /usr/lib/sendmail -q > /dev/null 2>&1
      	
    5. Disable every thing in /etc/inetd.conf except "time"


    6. # vi /etc/inetd.conf
      :%s/^/#/g
      :%s/^##/#/g
      :%s/^#time/time/g
      # ps -aef | grep inetd
      # kill -1 PID
      
      where "PID" is the process id of inetd.

  8. Add to DNS

    1. Log onto util1.women.net and become root

      # cd /usr/local/named/master
      # vi db.women.net
      
    2. Add an forward lookup entry for your host:

      bliss		IN	A	209.67.63.200
      
    3. Change the serial number "yyyymmddXX" where "XX" starts at "00", and continutes to count up (00,01,02,03,etc.) until the next day.

      So this:

      @       IN      SOA     ns1.women.net. dnstech.women.com. (
                      1998123100      ; serial number
      
      gets changed to

      @       IN      SOA     ns1.women.net. dnstech.women.com. (
                      1999010100      ; serial number
      
    4. Add a reverse lookup entry for your host:

      # vi db.63.67.209
      
      200		IN	PTR	bliss.women.net.
      
      @       IN      SOA     ns1.women.net. dnstech.women.com. (
                      1999010100      ; serial number
      
    5. Process the changes and restart the daemon
      # cd /usr/local/named
      # make
      admin/check_in.sh master/db.63.67.209
      master/RCS/db.63.67.209,v  <--  master/db.63.67.209
      new revision: 1.4; previous revision: 1.5
      enter log message, terminated with single '.' or end of file:
      >> added bliss
      >> .
      done
      admin/check_in.sh master/db.women.net
      master/RCS/db.women.net,v  <--  master/db.women.net
      new revision: 1.4; previous revision: 1.3
      enter log message, terminated with single '.' or end of file:
      >> added bliss
      >> .
      done
      reloading nameserver... done.
      
  9. Install standard packages and software

    1. FTP to the master package server and get everything
      # mkdir -p /usr/local/src
      # cd /usr/local/src
      # ftp hearst-1000.women.net
      ftp> cd /usr/local/src/build
      ftp> bin
      ftp> hash
      ftp> prom
      ftp> mget *
      ftp> bye
      
    2. First, install gzip so you can unpack all of the packages
      # pkgadd -d gzip-1.2.4-sol26-sparc-local
      
    3. Now decompress the rest of the packages
      # gunzip *.gz
      
    4. Now you can use a 'for loop' and the admin file to automagically install the remainder of the standard packages
      # for i in `ls *local` SUNWmd; do pkgadd -a admin -d $i; done
      
      This should install the following packages:
      • bash-2.02
      • gcc-2.8.1
      • libstdc++-2.8.1
      • lsof-4.33
      • make-3.76.1
      • screen-3.7.4
      • tar-1.12
      • top-3.5beta8
      • traceroute-1.4a5
      • unzip-5.32
      • zip-2.2
      • SUNWmd

    5. Build Perl with NFS locking option
      # tar xvf perl-5.005_03.tar
      # cd perl5.005_03
      # ./Configure -d -Ud_flock -Dcc=gcc
      # make test
      
      NOTE: If 'make test' doesn't succeed, DO NOT perform the next step!!!
      # make install
      
    6. Create a directory called DONE. Then recompress/move everything there
      # cd /usr/local/src
      # mkdir DONE
      # mv gzip-1.2.4-sol26-sparc-local DONE
      # gzip *.tar
      # gzip *local
      # gzip SUNWmd
      # mv *.gz DONE
      
    7. Install ssh and generate host key
      # cd /
      # unzip /usr/local/src/ssh_1_2_27_Solaris_2_6.zip
      # tar xvf ssh_1_2_27_Solaris_2_6.tar
      # gzip ssh_1_2_27_Solaris_2_6.tar
      # mv ssh_1_2_27_Solaris_2_6.tar.gz /usr/local/src/DONE
      # mkdir -p /usr/local/etc
      
      This MUST be done or sshd will never start
      # /usr/local/bin/ssh-keygen -f /usr/local/etc/ssh_host_key -N ""
      
      Now start the ssh daemon.
      # cd /etc/rc2.d
      # ./S81sshd start
      
      Clean up the ssh install zipfile.
      # rm /usr/local/src/ssh_1_2_27_Solaris_2_6.zip
      
    8. Final OS installation tweaks

      1. Setup /home correctly
        # cd /
        # umount /home
        # rmdir /home
        # mkdir -p /usr/local/home
        # ln -s /usr/local/home /home
        
      2. Set the time with NTP
        echo "# NTP config file" > /etc/inet/ntp.conf
        echo "# Women.com stratum 4 config file" >> /etc/inet/ntp.conf
        
        If the machine is at Exodus, use this:
        echo "server util1.women.net" >> /etc/inet/ntp.conf
        echo "server ops1.women.net" >> /etc/inet/ntp.conf
        
        If the machine will ALWAYS be at 417 (dev box, stage box, etc.) use this:
        echo "server apathy.women.net" >> /etc/inet/ntp.conf
        
        echo "driftfile /etc/ntp.drift" >> /etc/inet/ntp.conf
        /etc/rc2.d/S74xntpd start
        


Last Modified: 2000-09-27 20:22:11



Tonns.org Homepage