As a tasks-overloaded systems administrator, I really experienced the information is, by far, the most important asset of a company motto. Enough to risk your job or your career if you lose some. So, years ago, I focused on two highlights on servers management: keeping safe data and automatizing administrative processes. I will focus on this article on the automatizing administrative processes issue.
With Turbolinux, I wrote once a script, which allows me, runt before a fresh install, to complete a mailserver setup. Install tooks 10 minutes. Script execution (install additional rpms, copying mailboxes from other server, replacing configuration files, configure services and reboot), 5 minutes. With bash.
The only problem was that next year we, the company, found ourselves working with SuSE. A couple of years, with Fedora. We expect the script will just need a little review with each scenario changing. False. The script needed a rewrite every time. So, as a part of writing automatization processes scripts, we include the "source code" of our needs.
This is an excerpt of a class I dictated. Useful for a mailserver setting up.
Linux Fedora Core 4 Server
==========================
- Install Fedora Core 4
- Do Not install SELINUX.
- Custom Type installation - no packages
- Hostname=www.example.org.bo
Firewalling config with IP Tables
=================================
Add this rules to /etc/sysconfig/iptables:
-A RH-Firewall-1-INPUT -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 110 -j ACCEPT
# service iptables restart
Create yum repository
=====================
Install createrepo with rpm:
# yum -y install createrepo
Create basedir:
# mkdir -p /rpm/Fedora/RPMS
# cd /rpm/Fedora/RPMS
Put each disc on cdrom and
# mount /media/cdrom; cp -v /media/cdrom/Fedora/RPMS/*.rpm . ; eject
On /etc/yum.repos.d/fedora.repo comment baseurl=, mirrorlist, gpg...,
and add
baseurl=file:///rpm/
Create repository:
# createrepo /rpm
Config Apache web server
========================
# yum -y install httpd
# service httpd start
# chkconfig httpd on
Config Pop3 server with Dovecot
===============================
# yum -y install dovecot
# service dovecot start
# chkconfig dovecot on
Config SMTP server with Sendmail
================================
# yum install sendmail-cf
# cd /etc/mail/
# vi sendmail.mc
Uncomment (wipe dnl):
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5
LOGIN PLAIN')dnl
Comment (put dnl):
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
Generate sendmail cf file:
# m4 sendmail.mc > sendmail.cf
Add domains served by server:
# echo example.org.bo >> local-host-names
Add the networks this server accepts mail from:
# echo 10.0.0 RELAY >> access
Regenerate hash tables by restarting service
# make
or
# service sendmail restart
Install a webmail server with SquirrelMail
=============================================
# yum install squirrelmail
Fill organizational data with
# /usr/share/squirrelmail/config/conf.pl
Must complete numbers 1 (general data), 7 (Motd) and 10 (languaje, here
we use es_ES)
Install Mailman mailing lists server
====================================
Install mailman:
# yum install mailman
Config mailman:
# cd /usr/lib/mailman/bin
# ./mmsitepass
Maybe this is not necessary, but we must know where it is:
# vi /etc/mailman/mm_cfg.py # put fqdn='www.example.org.bo'
Create lists
# ./newlist # create "mailman" list and copy generated aliases
to /etc/aliases
# ./newlist # create "mylist" list and copy generated aliases
to /etc/aliases
# ./mailmanctl start
# service sendmail restart
# service httpd restart
# service mailman start
# chkconfig mailman on
(on redhat, mailman require MAILMAN_USER and GROUP = 'root' on
Defaults.py)
You can see how easy is to "compile" this to bash, with kickfiles, sed, yum or apt.
Additional tip: whilst including this lines as comments on the script, include instructions if you are gonna execute interactive commands...
No comments:
Post a Comment