Debian Jessie base server

From SaruWiki
Jump to navigation Jump to search

Hardware preparation

When installing a new server, you must begin with getting your server hardware right. Assuming you've built yourself a new server platform, you can install the operating system following the steps outlined below. Note: it is assumed the server is bare, and the hard disks are completely clean. If they are not, here's how to clean them.

Planning your network names

If your machine must become a part of an existing network, then it's almost certain that you already have a DNS domain in place; in that case: obtain the DNS suffix your machine will get (the DNS domain your machine will "belong" to). However, it's also possible that this machine is going to be the first machine in your new network, in which case the whole issue of DNS suffixes is wide open. If you need more information on DNS, go [here]. For now we'll assume you have (or will quickly obtain) a working knowledge of the DNS system. Here is our tip on choosing a DNS domain for your home network:

  • do not use a publicly registered domain name (e.g. "cocacola.com") for any machine that's not primarily intended to serve the public on the Internet;
  • for machines serving a private network, we urge you to use Top Level Domain name "lan" (to signify your machine is on a Local Area Network or LAN)
  • for the Domain Name itself, we suggest you use a level 2 name, like "saruman.lan", and not a level 3 name, like "mister.saruman.lan".

This is only a short section on DNS, but remember that once a proper DNS system is in place, it's pretty much work to change it. At any rate, this section has most likely showed you that you need to put some thought into the DNS Domain Name design of your home network. OK, with this out of the way, we can get to installing the OS.

Operating System installation

Preparing to boot into the installer

To install an Operating System (OS), it's kinda instrumental that you have one. Here, we're going to use Debian, the biggest Free OS that we know of. Free stands for Freedom, but incidentally that Freedom also means it's gratis, an appealing aspect of Free. To get your own copy of Debian, go to their download site and obtain the latest Stable image - as of april 2015, it's Debian 8, or "Jessie" as it's also known.

Besides the choice which release of Debian you want to run, you also have to know for which platform you're downloading (in our case: either amd64 or i386 depending on your hardware platform) and what kind of install you wish - if you have a working, fast Internet connection available at the time of install, then we recommend getting the netinst CD image; it's a relatively small CD, that'll be able to get you going, but gets most of the software you'll need straight from the 'net at install time.

In the example at hand we're installing on an Intel Atom C2000-based server, on which we wish to install 64-bits software. We'll download debian-8.1.0-amd64-netinst.iso, which is Jessie after its first update. If you wish, you can burn this to a CD-recordable and boot your prepared hardware platform from this CD. As it stands, we can boot our server platform from the iso file directly by sharing the image using SaMBa, then mounting that fileshared image in the server hardware console - we're lucky that way not needing physical CDs :-)

Installer

After booting from the CD, a friendly graphic screen shows you the Installer boot menu. Your choices are:

  • Install, the default non-graphical installation;
  • Graphical install, so you can click things;
  • Advanced options, where you can select expert options like the rescue mode;
  • Help; this drops you to a non-graphical screen where you can select help texts by using function keys. The screens explain how you can start the installation with extra parameters to instruct Debian to handle your hardware in a non-standard way, e.g. on an old machine with a problematic videocard you could run "install vga=771" (for some laptops) or "install vga=normal fb=false" (to disable the screen framebuffer).

We're going to use the standard Command Line installation, so we choose "Install" and hit <enter>.

We could easily use "Graphic install", in which case we'd have a nice fresh Graphical User Interface for our installation. We're not going to, because we're real men, and Real Men Don't Click. Also, we've found that from the GUI it's a bit harder to switch to a second console and then back.

We could also go to the Advanced options, and opt for "Expert install" or "Graphical expert install" as installation method, because it gives a much finer grain of control; however we usually don't need that control, and can do just fine without the barrage of extra questions that the "expert" installation method pose.

After the Linux kernel finishes initializing the machine, a simple text-based installer appears that immediately starts asking questions. Answer them according to your needs. Our example system uses the following choices:

  • Language: English
  • country: other > Europe > Netherlands
  • locale (since there's no default locale for the combination Netherlands/English): United States - en_US.UTF-8
  • keymap: American English (since we have a keyboard with US layout)

Some installation software loads, and we get to the next phase: if you have multiple NICs in your machine (which we believe you should have), and if they're detected properly, then you're required to indicate which of the detected network interface cards (NIC) is going to be the "primary" NIC.

Here, trouble could begin. If your machine has only network cards that are not supported, then you'll see no cards here - but then how are you going to do a NetInstall? A solution would be to (temporarily) install a NIC that is supported, like a cheap Realtek card, or an ancient 3Com 905 card. Then, when the whole system is installed, up and running, you could compile a new kernel that contains support for your actual NICs, and when these work, remove the temporary NIC. For now, we'll assume that at least one of your NICs is recognised properly by the Debian installation routine.

Select the card that's connected and has (indirect) access to Internet (again: it should not be connected straight to the wild wild web, but sit safely behind a firewall, at least until we've installed our own firewall); if at all possible, let it be the NIC that'll be connected to your home network itself, on the inside of your server. Let's assume that this NIC is designated eth0 by the Debian installation. This card will now be configured using DHCP, so if you're on a network with a DHCP-server, the network will work straight away. If it's not, you can either configure the network configuration manually, or fix your DHCP-server and connection between it and eth0.

Next is one of the hardest questions that any OS installation is going to ask you: what will be the host name of the system? You could easily change it at any time in the future, but possibly with lots of hassle, so you better choose wisely. Here are our tips:

  • do not name your machine after the user that's going to use it, e.g. "bernie-pc" (at some time in the future, Bernie's machine will be moved to Alice, so then Alice is working on "bernie-pc" which makes the situation quite unclear);
  • do not name your machine after the department or workgroup that's using it most, e.g. "accounting-srv" (same reasoning);
  • do not name your machine after it's main function, e.g. "printserver" (at some time in the future, the main function is moved to another machine, and/or an alternative function will become the main function of the machine);
  • do not name your machine after it's location, e.g. "srv-boston" (at some time in the future, the box will be moved to another location);
  • do not name your machine after it's hardware configuration, e.g. "ibmx346" (at some time in the future, either another xSeries x346 will be wheeled in, or the machine will be upgraded to accommodate increased use or overcome hardware problems - your "ibmx346" could suddenly be running on an xSeries x3650).

What we feel are safe names for any machine in your network are true names, perhaps linked to a common theme: names of European cities, names of movie characters, names of countries or holiday destinations et cetera. Less imaginative would be coded names like "server0001".

Immediately following comes the question of the Domain Name. This is about a DNS domain, so effectively the installation program is asking which DNS suffix the host name should have; if the DHCP-server already provided something it'll be suggested, but you can override it if need be. In the preparatory phase, you'll have decided on continuation of your current DNS schema, or starting a new one. Either way, put the chosen DNS suffix in and press <enter>.

Next comes one VERY important question: what to use as root password? We cannot stress this enough: choose a SAFE password! Do NOT go for an easy-to-remember one, go for STRONG and SAFE. There are tools to help you generate strong passwords, like this page: use them! We strongly suggest 10 characters or more, including letters, mixed case, and numbers, so something like SuCRe4hecH (do NOT use this, generate your own!).

Next, give the full name of the principal user of this server (your own, we assume), give the login-name (your given name, we assume), and a corresponding password. Again, use a SAFE password. As long as you don't make your principal user equivalent to root, you might go for a slightly weaker password (8 characters instead of 10), but we rather suggest you make the password just as strong (and different from!) the root password.

After entering the details of these two users "root" and "you", we get to the server hardware.

Partitioning

Now comes the question of partitioning, or how to divide the available disk space into chunks for the server to use. This is a tricky subject, because if you put all storage space into one partition, then some day a runaway process will fill up the entire disk with useless logs, and the system will crash. On the other hand, if you divvy up all space into little chunks, then some application is going to need space in one of those partitions where there is none, even though there may be plenty in other partitions. To minimize the chance of either problem occurring, we're going to use Logical Volume Management (LVM2) so that we can provision enough space to start our server, but keep some space in reserve to apply when needed, where it'll be needed.

So, we at Saruman.biz have put together a recommended standard partitioning scheme. The basis (in accordance with the standard Debian directory structure is this:

Partition MD LVG LV-name Size
(physical machine)
Size (VM) File System Mount point
1 /dev/md0     100MiB 100MiB ext3 /boot
2 /dev/md1     3GiB 1GiB ext3 /
3 /dev/md2 system swap 1GiB<ref name="swap">Rule of thumb: twice the size of the machine's RAM, but no less than 256MiB and no more than 2GiB</ref> 256MiB<ref name="swap"/> swap  
var 1GiB 512MiB ext3 /var
varlog 1GiB 512MiB ext3 /var/log
appslog 3GiB -<ref>Yes, we think a separate appslog is a very good idea, but when creating a minimal VM, we have to save disk space somewhere...</ref> ext3 /var/appslog
home 1GiB<ref name="home">Note that this heavily depends on the purpose of the machine; if it is not to house any users, then (almost) no space is needed for /home. But on the other hand if e.g. a virtual user is to be used for keeping mailstores, or other service users need home space, then /home needs to be big enough for that.</ref> 512MiB<ref name="home"/> ext3 /home
usr 3GiB 3GiB ext3 /usr
tmp 1GiB 512MiB ext3 /tmp
opt 1GiB - ext3 /opt
Total 18.1GiB 6.9GiB

As you can see, the partition table works as follows: we assume that we wind up with 3 partitions, either on three separate software RAID arrays (md0 through md2) or on one single hardware RAID array (in which case the 2nd column MD does not apply). The size of the partitions depends on your machine's make: for standard physical machines the 5th column does sensible suggestions, even though you could choose to have different sizes and of course different divisions altogether. If your machine happens to be a virtual one, running inside a VMware Server or something alike, then you might want to start out with more modest partitions. The same holds for small servers that must run off Flash drives.

Anyways, we're now at the Debian installation screen that lets us partition our disks. We're not going to use any of the "guided" partitioning options, we go for "manual". Choosing that brings us to a screen showing all drives that the installation routine has detected, and all partitions on those drives that the installer can "see". We're going to do some assuming here once more: let's assume the drive(s) on which you want to install are visible, and are empty (containing no other partitions).

<references/>

Software RAID partitioning

If you're to use software RAID, you now have to select the free space on the first drive, press <enter>, and then tell what you want to do with the free space: create a new partition, tell which size you want it to be (see table above), give the type of partition (primary), and give where on the disk it'll sit (the beginning). Next, a screen comes up that details how the partition you're requesting will be created. Here we make some changes: under "use as" we're going to select "physical volume for RAID". This clears all the other options in this screen, except for the "bootable" flag, which must be "on" for the first partition that we'll mount as /boot. Now select "Done setting up the partition".

Next, go to the free space on the second disk, and do exactly the same, to create an identical physical volume for RAID - if it's the first partition, select the "bootable" flag as well (we'll want to be able to boot from this second disk if the first disk fails, right?).

Then go back to the rest of the free space on the first disk, make the second physical volume for RAID, duplicate it on the second disk. Then, go back to the rest of the free space on the first disk, make the third physical volume for RAID, and again duplicate it on the second disk.

If you now go back to the "partition disks" overview, you'll see all the partitions you've specified listed on their respective disks. But at the top an extra option has appeared, called "configure software RAID". When you now select this option, the installer will ask if it may write the changes you've made to disk. This actually creates the partition tables on the disks.

Now you can create RAID devices. The RAID levels that Debian 6.0 offer are 0 (striping), 1 (mirroring), 5 (distributed redundancy), 6 (double distributed redundancy) ant 10 (striped mirrors). For your operating system disk pair, level 1 is the only sane choice.

When selecting RAID 1, the installer asks how many active devices to use (2), how many spares (0), and then offers a selection screen where you can mark all members of the array. Select the first partition of both disks (presumably /dev/sda1 and /dev/sdb1) which should correspond to the 100MiB partitions you've created. Then create the other MD devices. Finally, choose <finish>. You'll drop back to the partitioner, but now the three created devices are available in the partitioner as "RAID1 device #0" etc.

Hardware RAID partitioning

Now, if you have hardware RAID, then on your first (boot) disk just make 3 partitions, in the following manner:

Select the free space on the intended boot disk, press <enter>, select "create a new partition", and fill out the desired size (100MB). Type is primary, location is beginning of the disk, and in the details of the partition, we only need to change the Mount point to "/boot", and set the Bootable flag to "On". Then we're "Done setting up this partition".

The second partition is made the same way, but the desired size is 3GB, the Mount point is "/", and the Bootable flag remains off. Again, we're "Done setting up this partition".

The third partition is again a primary partition, it takes up the entire rest of the disk, but the type is not ext3, but "physical volume for LVM". Again, we're "Done setting up this partition". But now from the main partitioner screen, we can access "Configure the Logical Volume Manager". The installer asks if it can write out the choices made to the disk, and then enters the LVM setup screen, which begins with a summary explaining that you have one Free Physical Volume, and nothing more.

Logical Volume creation

We now create a Volume Group (VG), which (in accordance to our partitioning standard) we'll call "system". In this VG, we'll add all Physical Volumes (being the one partition we've designated so in the previous step) using the space bar. To this end, in the volume group creation dialogue, we select that partition (/dev/md2). Note that all other selection choices are either unusable (unusable free space) or assigned to other purposes (/boot and /).

Now we repeat the following process seven times:

  • select "Create Logical Volume"
  • select Volume Group "System"
  • give the LV Name (from the table, e.g. swap, var etc)
  • give the LV size (from the table, e.g. 1GB for swap etc)

After this, we can select "Finish", the partitioner creates the seven LVs, and we're back at the partitioner screen, where there are now 7 extra "disks", with names such as LVM VG system, LV appslog - 3.0GB Linux device mapper (linear). Each of these "disks" has one block of empty space, which we now assign: seven times we repeat the following process:

  • select the unassigned chunk of empty space of an LV (e.g. appslog) and press <enter>;
  • Change "Use as: do not use" into the desired filesystem (ext3 - only the LV "swap" gets as filesystem type "swap area");
  • Change the mount point from "none" to the one corresponding with the name of the LV (note: the swap LV has no mountpoint; the appslog mountpoint must be entered manually as "/var/appslog" and varlog as "/var/log");
  • If so desired, a label can be assigned to the partition (we usually don't);
  • select "Done setting up the partition".

Note that sometimes, after creating and assigning the logical volumes, the installer has forgotten to mount the md0 and md1 partitions as /boot and /. In that case you'll have to reassign these partitions to these points in the filesystem.

Once all this is done, we can look over the configuration once more, and then select "Finish partitioning and write changes to disk". A summary configuration screen will show, and we'll affirm with "yes" that these partitions can indeed be formatted. After some formatting screens flashing by (unless your partitions are particularly big, your system is particularly slow, or something goes wrong) the installation procedure continues.

Base system setup

Now the Debian installer loads a base system. It will scan your installation CD/DVD, and ask if it should scan more CD/DVDs. We're going with "no" here. Then it will ask you how it can contact the Debian archives, in the dialogue "configure the package manager". For the NetInstall version of Debian, this is as good as mandatory. So here, we say "yes, use a Network Mirror", and in the following list select the country in which we are (in our case: the Netherlands), so the installer can present us with a number of network mirrors "close by". We select ftp.nl.debian.org. Next screen: should you be behind a proxy server, then it's possible to specify that here. And then the test: the system will say "scanning the mirror..." and try to contact the specified mirror. If it does not succeed, then there is either a network problem, a problem with this box's network card, or you've not specified the mirror or proxy correctly - so fix it. You'll know the network mirror has successfully been contacted when it's saying "Retrieving file 1 of 5". A number of files are retrieved, and the base system is set up. Somewhere early in this setup, the next dialogue appears - currently "configuring popularity-contest". Answer this question as you please. And then one of the last "big" questions: Software Selection. In this dialogue, you can easily select bundles of software to be installed. The choices are currently:

  • Graphical desktop environment
  • Web server
  • Print server
  • DNS server
  • File server
  • Mail server
  • SQL database
  • SSH server
  • Laptop
  • Standard system utilities (selected by default)

We have to make a little confession here: we've never before used this option in the installer. In fact, we even deselect the Standard System, so as to minimize the number of software packages that the base installation of our server contains. This makes it more work to manually add packages later, but we feel it gives us more control and understanding of our systems. So if you're like us: deselect the "Standard system utilities" entry, and select Continue.

The next dialogue handles the installation of the grub bootloader. Unless your disks weren't empty and you're attempting to make this system multiboot, you'll most likely get a question if you'll allow the installer to install grub into the boot sector of the first hard disk. We'll confirm with "Yes".

After the installation of grub is completed, the CD-ROM is ejected, and the system is ready to reboot into Debian Squeeze. Remove the CD and select "Continue"

Finishing up the installation

The system should reboot into Debian. This means you should see the following boot sequence:

  • your machine's standard POST messages
  • briefly a welcome to GRUB message
  • then, a blue grub menu on a black screen, with two entries:
    • Debian GNU/Linux, with Linux 2.6.32-5-686
    • Debian GNU/Linux, with Linux 2.6.32-5-686 (recovery mode)
  • then, after a default (short!) time-out, the first grub option will go into effect, and the Linux kernel is started. Lots of cryptic messages in grey-on-black will scroll by, until the last few lines read:
Debian GNU/Linux 6.0 easton2 tty1
easton2 login: _

If your system does not reach this login, and/or some horrible error messages appear anywhere in this boot sequence, then you've got some extra work ahead. For now we'll assume you've reached the login prompt without problem.

Log in as the principal user (try to avoid logging in as root! That's BAD practice!). Once logged in, save a copy of the boot messages using sudo dmesg > boot.txt or whatever you like. Then look through the boot messages, e.g. with vi -R boot.txt. Furthermore, use Aptitude to make sure all your software is updated to the latest version.

Done! Your base system is ready. You probably now want to install essential software, roll your own kernel and connect your server to the Internet. Furthermore, you might want to create a couple of aliases in every profile so that your favourite commands are always available.