2005/07/13

Scripted Server Setup

As a tasks-overloaded systems administrator, I really experienced the information is, by far, the most important asset of a company motto. Enough to risk your job or your career if you lose some. So, years ago, I focused on two highlights on servers management: keeping safe data and automatizing administrative processes. I will focus on this article on the automatizing administrative processes issue.

With Turbolinux, I wrote once a script, which allows me, runt before a fresh install, to complete a mailserver setup. Install tooks 10 minutes. Script execution (install additional rpms, copying mailboxes from other server, replacing configuration files, configure services and reboot), 5 minutes. With bash.

The only problem was that next year we, the company, found ourselves working with SuSE. A couple of years, with Fedora. We expect the script will just need a little review with each scenario changing. False. The script needed a rewrite every time. So, as a part of writing automatization processes scripts, we include the "source code" of our needs.

This is an excerpt of a class I dictated. Useful for a mailserver setting up.

Linux Fedora Core 4 Server
==========================

- Install Fedora Core 4

- Do Not install SELINUX.

- Custom Type installation - no packages

- Hostname=www.example.org.bo

Firewalling config with IP Tables
=================================

Add this rules to /etc/sysconfig/iptables:
-A RH-Firewall-1-INPUT -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 110 -j ACCEPT

# service iptables restart

Create yum repository
=====================

Install createrepo with rpm:
# yum -y install createrepo

Create basedir:
# mkdir -p /rpm/Fedora/RPMS
# cd /rpm/Fedora/RPMS

Put each disc on cdrom and
# mount /media/cdrom; cp -v /media/cdrom/Fedora/RPMS/*.rpm . ; eject

On /etc/yum.repos.d/fedora.repo comment baseurl=, mirrorlist, gpg...,
and add
baseurl=file:///rpm/

Create repository:
# createrepo /rpm

Config Apache web server
========================

# yum -y install httpd
# service httpd start
# chkconfig httpd on

Config Pop3 server with Dovecot
===============================

# yum -y install dovecot
# service dovecot start
# chkconfig dovecot on

Config SMTP server with Sendmail
================================

# yum install sendmail-cf
# cd /etc/mail/

# vi sendmail.mc

Uncomment (wipe dnl):
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5
LOGIN PLAIN')dnl

Comment (put dnl):
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

Generate sendmail cf file:
# m4 sendmail.mc > sendmail.cf

Add domains served by server:
# echo example.org.bo >> local-host-names

Add the networks this server accepts mail from:
# echo 10.0.0 RELAY >> access

Regenerate hash tables by restarting service
# make
or
# service sendmail restart

Install a webmail server with SquirrelMail
=============================================

# yum install squirrelmail

Fill organizational data with
# /usr/share/squirrelmail/config/conf.pl
Must complete numbers 1 (general data), 7 (Motd) and 10 (languaje, here
we use es_ES)

Install Mailman mailing lists server
====================================

Install mailman:
# yum install mailman

Config mailman:
# cd /usr/lib/mailman/bin
# ./mmsitepass

Maybe this is not necessary, but we must know where it is:
# vi /etc/mailman/mm_cfg.py # put fqdn='www.example.org.bo'

Create lists
# ./newlist # create "mailman" list and copy generated aliases
to /etc/aliases
# ./newlist # create "mylist" list and copy generated aliases
to /etc/aliases
# ./mailmanctl start
# service sendmail restart
# service httpd restart
# service mailman start
# chkconfig mailman on

(on redhat, mailman require MAILMAN_USER and GROUP = 'root' on
Defaults.py)

You can see how easy is to "compile" this to bash, with kickfiles, sed, yum or apt.

Additional tip: whilst including this lines as comments on the script, include instructions if you are gonna execute interactive commands...

No comments: