Debian Lenny base server: Difference between revisions

From SaruWiki
Jump to navigation Jump to search
(LVM started)
(removing hw section)
 
(12 intermediate revisions by 3 users not shown)
Line 1: Line 1:
<big>'''Debian Etch Base Server setup'''</big>
__TOC__


==Getting the hardware==
==Hardware preparation==
{| class="wikitable" border="1" |-
When installing a new server, you must begin with [[Server hardware prep|getting your server hardware right]]. Assuming you've built yourself a new server platform, you can install the operating system following the steps outlined below. Note: it is assumed the server is bare, and the hard disks are completely clean. If they are not, here's how to [[Cleaning a hard disk|clean]] them.
|Note: in the following we're assuming you'll be assembling an x86 or x64 type of machine, as it has about the best price/performance ratio you could wish. Hardware costs for other platforms, e.g. IBM's Series p or HP 9000, can be much higher, while platforms like ARM are just not very powerful. Also, the availability of components and of help can be less than with the ubiquietous x86/x64 platforms.
|}
Naturally, before we can begin to install the operating system, we need to obtain the necessary hardware. Which hardware you require depends on what you want the server for; a testserver on which you will test only a single feature for a short while does not need the same quality of hardware as does a server that's supposed to act as a homeserver for many tasks for a long time. We'll assume your server will be like ours: a home server that must perform many tasks with sufficient performance for a few users, that's reliable and will last for a couple of years.
So build or obtain a server with at least the following hardware:
* a spacious casing with big, quiet cooling fans, like the [http://www.coolermaster.com/products/product.php?act=detail&id=317 one we have];
* an efficient, heavy-duty power supply that's rated high enough for your devices, and has a decent efficiency. For example, a [http://www.corsair.com/products/power_supplies.aspx Corsair HX520] power supply;
* a server class motherboard, e.g. an [http://www.intel.com/products/server/index.htm?iid=home+hdr_nav2_server Intel] or [http://uk.asus.com/products.aspx?l1=9&l2=39&l3=263 AMD] based single-processor motherboard. DO NOT go for the cheapest motherboard you can find: if you pay peanuts, that's what you get. Server class motherboards have the quality, stability and durability you'll need from it, and usually also most of the needed peripherals, like multiple ethernet network cards on-board. Usually a Linux server doesn not require much in the way of video performance (and the screen will be used rarely, if ever), so any old integrated graphics will do.
* a matching CPU - or multiple, if you think you need the power and the selected motherboard has the sockets.
* a CD-ROM- or DVD-player
* ''multiple'' harddisks - you'll want redundancy, because every harddisk fails at some time. The drive with your data on it will fail fatally when it is most inconvenient to you, and any data on it that you consider valuable will likely be lost forever. To make Murphy's work somewhat harder for him, we're going to store our data redundantly, so that if any drive in the server fails, we'll not lose our data or our server. Thus, get yourself at least two harddisks for your operating system, at least 40GiB in size (don't think you'll be able to buy smaller ones nowadays), and spanking new (NEVER use old harddisks for your production server, new ones are just too cheap to run that risk!).
* (multipe) network card(s) (NICs) if your motherboard does not have enough NICs integrated on-board. You'll want a NIC for your network, and another one for your Internet connection; and possible a third one for the wireless segment of your network.
Now build a machine out of the above, or have someone build it for you.
 
==Preparation of the hardware==
 
(Note: in the following we're again assuming you're running an x86/x64 type of machine. Hardware requirements and preparation for other platforms, e.g. IBM's Series p or HP 9000, can differ significantly)
 
Next, check the assembled hardware:
* is the configuration complete? If it does not have a CD/DVDplayer from which it can boot, then installing the software gets more difficult - at least get an USB external DVDdrive or something like that.
* are all components connected properly (memory DIMMs seated correctly in their sockets, AGP card inserted correctly into the AGP slot, et cetera) and are all cable connections made (multiple power cables to the motherboard, one power cable plus one data cable to each hard disk, etcetera)?
Following this, you may hook up the machine. It's going to need power, and you will need at least a keyboard and a monitor attached. And if you want to use a Graphic User Interface to install, a mouse is required also. When you've ensured that everything is safe, you can turn on the machine, and continue to check it:
* do all fans start to run when you turn on the machine? (if not, then '''quickly''' turn off your machine and correct the problem!)
* does/do the hard disk(s) spin up?
* do the power button and reset button operate correctly?
* are the power led, HDD led and other display gadgetry functional?
* when you let the machine power up, does it emit a single beep? And does it then show a Power-On Self Test screen (POST)?
* Does it show the correct amount of memory in the POST screen? The correct number & speed of the CPU(s)?
* Does the machine recognise all controller cards (SCSI, S-ATA etc)? And all attached DVD-drives and hard disks?
* are all BIOSes/firmwares up to date?
* If you have a hardware RAID controller, are your RAID arrays built already?
* does the machine attempt to boot from at least the hard disk?
...et cetera. If there is any problem, or you want to update the BIOS or firmwares, it's best to do it before the operating system is installed. This Wiki, however, is not the place (yet) to get the information on how to accomplish these type of tasks.
 
The last steps in the preparation of the hardware, are
* to ensure that the machine can boot from CD/DVD, so that you can start installing Debian from it. It is possible to install Debian over the network, but that requires setting up a [http://www.debian-administration.org/articles/478 PXE Boot server] which is (currently) outside the scope of this wiki.
* to connect the hardware to the Internet, so that it can get all required updates etcetera; please do ''not'' connect the box ''straight'' to the Internet, but make sure that it's safely behind a firewall, or failing that, a NAT router.
 
By now the system should be almost ready to receive it's Operating System. But first we have an issue to tackle: that of redundancy.
 
==Software or hardware RAID==
Your hard disks will fail. They absolutely will. It is never a question of "if", only of "when". So what will you do when the hard disk containing your complete operating system fails (besides pulling your hair out, that is)?
What we propose is this: hard disks are pretty cheap nowadays, so let's use [http://en.wikipedia.org/wiki/Redundant_array_of_independent_disks RAID technology] to make our hard drive space resilient against failure of a whole drive. So first make sure that you have ''two'' disks of equal size instead of only one. Had you already been planning to use multiple disks already, then make sure you have at least ''one'' disk more than your space requirements prescribe; the space on that extra drive will provide the needed redundancy.
Next, [[RAID fundamentals under Linux | click here]] to learn a bit more about RAID, to make the decision to use hardware-based and/or software-based RAID, and to plan your RAID arrays.
In this example, we'll assume you're using hardware RAID on a RAID controller that's supported by the Debian installation software. This means that the installation software will "see" your RAID array(s) and present them as usable drives.


==Planning your network names==
==Planning your network names==
Line 58: Line 14:


==Operating System installation==
==Operating System installation==
To install an Operating System (OS), it's kinda instrumental that you have one. Here, we're going to use [http://www.debian.org/intro/about Debian], the biggest [http://www.debian.org/intro/about#free Free] OS that we know of. Free stands for Freedom, but incidentally that Freedom also means it's gratis, an appealing aspect of Free. To get your own copy of Debian, go to their [http://www.debian.org/distrib/ download site] and obtain the latest [http://www.debian.org/releases/ Stable] image - in this wiki it's Debian 4.0, or "Etch" as it's also known.
To install an Operating System (OS), it's kinda instrumental that you have one. Here, we're going to use [http://www.debian.org/intro/about Debian], the biggest [http://www.debian.org/intro/about#free Free] OS that we know of. Free stands for Freedom, but incidentally that Freedom also means it's gratis, an appealing aspect of Free. To get your own copy of Debian, go to their [http://www.debian.org/distrib/ download site] and obtain the latest [http://www.debian.org/releases/ Stable] image - in this wiki it's Debian 5.0, or "Lenny" as it's also known (although it wasn't stable at the time of writing this).


Besides the choice which release of Debian you want to run, you also have to know for which platform you're downloading (in our case: either ''amd64'' or ''i386'' depending on your hardware platform) and what kind of install you wish - if you have a working, fast Internet connection available at the time of install, then we recommend getting the [[http://www.debian.org/CD/netinst/ netinst] CD image; it's a relatively small CD, that'll be able to get you going, but gets most of the software you'll need straight from the 'net at install time.
Besides the choice which release of Debian you want to run, you also have to know for which platform you're downloading (in our case: either ''amd64'' or ''i386'' depending on your hardware platform) and what kind of install you wish - if you have a working, fast Internet connection available at the time of install, then we recommend getting the [[http://www.debian.org/CD/netinst/ netinst] CD image; it's a relatively small CD, that'll be able to get you going, but gets most of the software you'll need straight from the 'net at install time.


So, since in the example at hand we're installing on a Xeon server on which we wish to install 32-bits software, we'll download [http://cdimage.debian.org/debian-cd/4.0_r3/i386/iso-cd/debian-40r3-i386-netinst.iso debian-40r3-i386-netinst.iso], the latest netinstall image at the time of writing. Burn this to a CD-recordable and boot your prepared hardware platform from this CD.
In the example at hand we're installing on an AMD Athlon x2-based server, on which we wish to install 64-bits software. We'll download [http://cdimage.debian.org/cdimage/weekly-builds/amd64/iso-cd/debian-testing-amd64-CD-1.iso debian-testing-amd64-CD-1.iso], which is Lenny, not yet stable at the time of writing. Burn this to a CD-recordable and boot your prepared hardware platform from this CD.


After booting from the CD, a friendly prompt invites you to indicate how you want to boot the CD. Your choices are listed under &lt;F3&gt;; we're going to use the standard Command Line installation, so we type "install"&lt;enter&gt; or just simply &lt;enter&gt;.
After booting from the CD, a friendly prompt invites you to indicate how you want to start installing (image 1). Your choices are listed under &lt;F3&gt;; we're going to use the standard Command Line installation, so we choose "install" and hit &lt;enter&gt;.
{| class="wikitable" border="1" |-
{| class="wikitable" border="1" |-
|We could easily use "installgui", in which case we'd have a nice fresh Graphical User Interface for our installation. ''We're'' not going to, because we're real men, and [http://isg.ee.ethz.ch/tools/realmen/ Real Men Don't Click]. Also, we've found that from the GUI it's hard to switch to a second console and then back.
|We could easily use "Graphic install", in which case we'd have a nice fresh Graphical User Interface for our installation. ''We're'' not going to, because we're real men, and [http://isg.ee.ethz.ch/tools/realmen/ Real Men Don't Click]. Also, we've found that from the GUI it's hard to switch to a second console and then back.
We could also opt for "expert" as installation method, because it gives a much finer grain of control, but we usually don't need that control, and can do without the barrage of extra questions that the "expert" installation method pose.
We could also go to the Advanced options (image 2), and opt for "Expert install" or "Graphical expert install" as installation method, because it gives a much finer grain of control; however we usually don't need that control, and can do without the barrage of extra questions that the "expert" installation method pose.
Finally, we could opt for "expertgui", where we have both the barrage of extra questions ''and'' the GUI, neither of which we need.
|}
|}


After the Linux kernel finishes initializing the machine, a simple text-based installer appears that immediately starts asking questions. Answer them according to your needs. Our example system uses the following choices:
After the Linux kernel finishes initializing the machine, a simple text-based installer appears (image 3) that immediately starts asking questions. Answer them according to your needs. Our example system uses the following choices:
* Language: english
* Language: english
* country: other &gt; Netherlands
* country: other &gt; Netherlands
Line 77: Line 32:
Some installation software loads, and we get to the next phase: if you have multiple NICs in your machine (which we believe you ''should'' have!!), and if they're detected properly, then you're required to indicate which of the detected network interface cards (NIC) is going to be the "primary" NIC.
Some installation software loads, and we get to the next phase: if you have multiple NICs in your machine (which we believe you ''should'' have!!), and if they're detected properly, then you're required to indicate which of the detected network interface cards (NIC) is going to be the "primary" NIC.
{| class="wikitable" border="1" |-
{| class="wikitable" border="1" |-
|Here, trouble could begin. If your machine has network cards that are '''not''' supported, then you'll see '''no''' cards here - but then how are you going to do a NetInstall? A solution would be to (temporarily) install a NIC that ''is'' supported, like a cheap Realtek card, or an old 3Com 905 card. Then, when the whole system is installed, up and running, you could compile a new kernel that contains support for your actual NICs, and when these work, remove the temporary NIC. For now, we'll assume that at least one of your NICs is recognised properly by the Debian installation routine.
|Here, trouble could begin. If your machine has only network cards that are '''not''' supported, then you'll see '''no''' cards here - but then how are you going to do a NetInstall? A solution would be to (temporarily) install a NIC that ''is'' supported, like a cheap Realtek card, or an old 3Com 905 card. Then, when the whole system is installed, up and running, you could compile a new kernel that contains support for your actual NICs, and when these work, remove the temporary NIC. For now, we'll assume that at least one of your NICs is recognised properly by the Debian installation routine.
|}
|}
Select the card that's connected and has (indirect) access to Internet (again: it should ''not'' be connected straight to the wild wild web, but sit safely behind a firewall, at least until we've installed our own firewall); if at all possible, let it be the NIC that'll be connected to your home network itself, on the ''inside'' of your server. Let's assume that this NIC is designated ''eth0'' by the Debian installation. This card will now be configured using DHCP, so if you're on a network with a DHCP-server, the network will work straight away. If it's not, you can either configure the network manually or fix your DHCP-server and connection between it and ''eth0''.
Select the card that's connected and has (indirect) access to Internet (again: it should ''not'' be connected straight to the wild wild web, but sit safely behind a firewall, at least until we've installed our own firewall); if at all possible, let it be the NIC that'll be connected to your home network itself, on the ''inside'' of your server. Let's assume that this NIC is designated ''eth0'' by the Debian installation. This card will now be configured using DHCP, so if you're on a network with a DHCP-server, the network will work straight away. If it's not, you can either configure the network manually or fix your DHCP-server and connection between it and ''eth0''.
Line 95: Line 50:
To prevent both problems from occuring, we're going to use [http://tldp.org/HOWTO/LVM-HOWTO/whatisvolman.html Logical Volume Management (LVM)] so that we can provision enough space to start our server, but keep some space in reserve to apply when needed, where it'll be needed.
To prevent both problems from occuring, we're going to use [http://tldp.org/HOWTO/LVM-HOWTO/whatisvolman.html Logical Volume Management (LVM)] so that we can provision enough space to start our server, but keep some space in reserve to apply when needed, where it'll be needed.


So, we at Saruman.biz have put together a recommended standard partitioning scheme. The basis is this:
So, we at Saruman.biz have put together a recommended standard partitioning scheme. The basis (in accordance with the standard [[Debian directory structure]]is this:
{| class="wikitable" style="text-align:center" border="1" cellspacing="0" cellpadding="5"
{| class="wikitable" style="text-align:center" border="1" cellspacing="0" cellpadding="5"
!style="background:#ffdead;"|Partition
!style="background:#ffdead;"|Partition
Line 124: Line 79:
| /
| /
|-
|-
| rowspan="7" valign="top" | 3
| rowspan="8" valign="top" | 3
| rowspan="7" valign="top" | /dev/md2
| rowspan="8" valign="top" | /dev/md2
| rowspan="7" valign="top" style="background:lightgrey"| system
| rowspan="8" valign="top" style="background:lightgrey"| system
| style="background:lightgrey" | swap
| style="background:lightgrey" | swap
| 1GiB<ref name="swap">Rule of thumb: twice the size of the machine's RAM, but no less than 256MiB and no more than 2GiB</ref>
| 1GiB<ref name="swap">Rule of thumb: twice the size of the machine's RAM, but no less than 256MiB and no more than 2GiB</ref>
Line 134: Line 89:
|-
|-
| style="background:lightgrey" | var
| style="background:lightgrey" | var
| 2GiB
| 1GiB
| 1GiB
| 512MiB
| ext3
| ext3
| /var
| /var
|-
| style="background:lightgrey" | varlog
| 1GiB
| 512MiB
| ext3
| /var/log
|-
|-
| style="background:lightgrey" | appslog
| style="background:lightgrey" | appslog
| 3GiB
| 3GiB
| -
| -<ref>Yes, we think a separate ''appslog'' is a very good idea, but when creating a minimal VM, we have to save disk space ''somewhere''...</ref>
| ext3
| ext3
| /var/appslog
| /var/appslog
Line 190: Line 151:


If you now go back to the "partition disks" overview, you'll see all the partitions you've specified listed on their respective disks. But at the top an extra option has appeared, called "configure software RAID". When you now select this option, the installer will ask if it may write the changes you've made to disk. This actually creates the partition tables on the disks.
If you now go back to the "partition disks" overview, you'll see all the partitions you've specified listed on their respective disks. But at the top an extra option has appeared, called "configure software RAID". When you now select this option, the installer will ask if it may write the changes you've made to disk. This actually creates the partition tables on the disks.
Note that at the end of configuring your partitions, an extra screen may appear (image 4): this asks if you care to identify which MD RAID devices must be started in order to be able to mount the root filesystem. Answering this question with a list of MD's like "md0 md1 md2" or simply "all" will let your server start the listed MD's very early in the boot sequence.


===Hardware RAID partitioning===
===Hardware RAID partitioning===
Line 199: Line 162:


The third partition is again a primary partition, it takes up the entire rest of the disk, but the type is not ext3, but "physical volume for LVM". Again, we're "Done setting up this partition". But now from the main partitioner screen, we can access "Configure the Logical Volume Manager". The installer asks if it can write out the choices made to the disk, and then enters the LVM setup screen, which begins with a summary explaining that you have one Free Physical Volume, and nothing more.
The third partition is again a primary partition, it takes up the entire rest of the disk, but the type is not ext3, but "physical volume for LVM". Again, we're "Done setting up this partition". But now from the main partitioner screen, we can access "Configure the Logical Volume Manager". The installer asks if it can write out the choices made to the disk, and then enters the LVM setup screen, which begins with a summary explaining that you have one Free Physical Volume, and nothing more.
We now
 
We now create a Volume Group (VG), which (in accordance to our partitioning standard) we'll call "system". In this VG, we'll add all Physical Volumes (being the one partition we've designated so in the previous step) using the space bar. Now we repeat the following process seven times:
* select "Create Logical Volume"
* select Volume Group "System"
* give the LV Name (from the table, e.g. swap, var etc)
* give the LV size (from the table, e.g. 1GB for swap etc)
After this, we can select "Finish", the partitioner creates the seven LVs, and we're back at the partitioner screen, where there are now 7 extra "disks", with names such as ''LVM VG system, LV appslog - 3.2GB Linux device mapper''. Each of these "disks" has one block of empty space, which we now assign: seven times we repeat the following process:
* select the unassigned chunk of empty space of an LV (e.g. appslog) and press &lt;enter&gt;;
* Change "Use as: do not use" into the desired filesystem (ext3 - only the LV "swap" gets as filesystem type "swap area")
* Change the mount point from "none" to the one corresponding with the name of the LV (note: the swap LV has no mountpoint; the appslog mountpoint must be entered manually as "/var/appslog")
* If so desired, a label can be assigned to the partition (we usually don't)
* select "Done setting up the partition"
 
Once all this is done, we can look over the configuration once more, and then select "Finish partitioning and write changes to disk". A summary configuration screen will show, and we'll affirm with "yes" that these partitions can indeed be formatted. After some formatting screens flashing by (unless your partitions are particularly big, your system is particularly slow, or something goes wrong) the installation procedure continues.
 
==Final installer steps==
Next comes one '''VERY''' important question: what to use as root password? We cannot stress this enough: choose a SAFE password! Do NOT go for an easy-to-remember one, go for STRONG and SAFE. There are tools to help you generate strong passwords, like [http://www.pctools.com/guides/password/ this page]: use them! We strongly suggest 10 characters or more, including letters, mixed case, and numbers, so something like ''SuCRe4hecH'' (do NOT use this, generate your own!).
 
Next, give the full name of the principal user of this server (your own, we assume), give the login-name (your given name, we assume), and a corresponding password. Again, use a SAFE password. As long as you don't make your principal user equivalent to root, you might go for a slightly weaker password (8 characters instead of 10), but we rather suggest you make the password just as strong (and different from!) the root password.
 
After entering the details of these two users "root" and "you", the Debian installer will ask you how it can contact the Debian archives, in the dialoge "configure the package manager". For the NetInstall version of Debian, this is as good as mandatory. So here, we say "yes, use a Network Mirror", and in the following list select the country in which we are (in our case: the Netherlands), so the installer can present us with a number of network mirrors "close by". We select ftp.nl.debian.org. Next screen: should you be behind a proxy server, then it's possible to specify that here. And then the test: the system will say "scanning the mirror..." and try to contact the specified mirror. If it does not succeed, then there is either a network problem, a problem with this box's network card, or you've not specified the mirror or proxy correctly - so fix it. You'll know the network mirror has succesfully been contacted when the next dialogue appears - currently "configuring popularity-contest". Answer this question as you please.
 
And then one of the last "big" questions: Software Selection. In this dialogue, you can easily select bundles of software to be installed. The choices are currently:
* Desktop environment
* Web server
* Print server
* DNS server
* File server
* Mail server
* SQL database
* Laptop
* Standard system (selected by default)
We have to make a little confession here: we've never before used this option in the installer. In fact, we even deselect the Standard System, so as to minimize the number of software packages that the base installation of our server contains. This makes it more work to manually add packages later, but we feel it gives us more control and understanding of our systems. So if you are like us: deselect the Standard System entry, and select Continue.
 
The next dialogue handles the installation of the [http://www.gnu.org/software/grub/ ''grub'' bootloader]. Unless your disks weren't empty and you're attempting to make this system multiboot, you'll most likely get a question if you'll allow the installer to install ''grub'' into the boot sector of the first hard disk. We'll confirm with "Yes".
 
After the installation of grub is completed, the CD-ROM is ejected, and the system is ready to reboot into Debian Etch. Remove the CD and select "Continue"
 
==Finishing up the installation==
The system should reboot into Debian. This means you should see the following boot sequence:
* your machine's standard POST messages
* then, a blue grub menu on a black screen, with two entries:
** Debian GNU/Linux, kernel 2.6.&lt;something&gt;
** Debian GNU/Linux, kernel 2.6.&lt;something&gt (single-user mode);
* then, after a default time-out, the first grub option will go into effect, and the Linux kernel is started. Lots of cryptic messages in grey-on-black will scroll by, until the last few lines read: "Debian GNU/Linux 4.0 &lt;hostname&gt; tty1" and "&lt;hostname&gt; login:"
If your system does not reach this login, and/or some horrible error messages appear anywhere in this boot sequence, then you've got some extra work ahead. For now we'll assume you've reached the login prompt without problem.
 
Log in as the principal user (try to avoid logging in as root! That's BAD practice!). Once logged in, save a copy of the boot messages using ''sudo dmesg > boot.txt'' or whatever you like. Then look through the boot messages, e.g. with ''vi -R boot.txt''. Furthermore, [[APT_and_aptitude | use Aptitude]] to make sure ''all'' your software is updated to the latest version.
 
Done! Your base system is ready. You probably now want to [[essential system software | install essential software]], [[roll your own kernel]] and [[connect your server to the Internet]]. Furthermore, you might want to create a couple of [[aliases in every profile]] so that your favorite commands are always available.

Latest revision as of 21:29, 12 March 2012

Hardware preparation

When installing a new server, you must begin with getting your server hardware right. Assuming you've built yourself a new server platform, you can install the operating system following the steps outlined below. Note: it is assumed the server is bare, and the hard disks are completely clean. If they are not, here's how to clean them.

Planning your network names

If your machine must become a part of an existing network, then it's almost certain that you already have a DNS domain in place; in that case: obtain the DNS suffix your machine will get (the DNS domain your machine will "belong" to). However, it's also possible that this machine is going to be the first machine in your new network, in which case the whole issue of DNS suffixes is wide open. If you need more information on DNS, go [here]. For now we'll assume you have (or will quickly obtain) a working knowledge of the DNS system. Here is our tip on choosing a DNS domain for your home network:

  • do not use a publicly registered domain name (e.g. "cocacola.com") for any machine that's not primarily intended to serve the public on the Internet;
  • for machines serving a private network, we urge you to use Top Level Domain name "lan" (to signify your machine is on a Local Area Network or LAN)
  • for the Domain Name itself, we suggest you use a level 2 name, like "saruman.lan", and not a level 3 name, like "mister.saruman.lan".

This is only a short section on DNS, but remember that once a proper DNS system is in place, it's pretty much work to change it. At any rate, this section has most likely showed you that you need to put some thought into the DNS Domain Name design of your home network. OK, with this out of the way, we can get to installing the OS.

Operating System installation

To install an Operating System (OS), it's kinda instrumental that you have one. Here, we're going to use Debian, the biggest Free OS that we know of. Free stands for Freedom, but incidentally that Freedom also means it's gratis, an appealing aspect of Free. To get your own copy of Debian, go to their download site and obtain the latest Stable image - in this wiki it's Debian 5.0, or "Lenny" as it's also known (although it wasn't stable at the time of writing this).

Besides the choice which release of Debian you want to run, you also have to know for which platform you're downloading (in our case: either amd64 or i386 depending on your hardware platform) and what kind of install you wish - if you have a working, fast Internet connection available at the time of install, then we recommend getting the [netinst CD image; it's a relatively small CD, that'll be able to get you going, but gets most of the software you'll need straight from the 'net at install time.

In the example at hand we're installing on an AMD Athlon x2-based server, on which we wish to install 64-bits software. We'll download debian-testing-amd64-CD-1.iso, which is Lenny, not yet stable at the time of writing. Burn this to a CD-recordable and boot your prepared hardware platform from this CD.

After booting from the CD, a friendly prompt invites you to indicate how you want to start installing (image 1). Your choices are listed under <F3>; we're going to use the standard Command Line installation, so we choose "install" and hit <enter>.

We could easily use "Graphic install", in which case we'd have a nice fresh Graphical User Interface for our installation. We're not going to, because we're real men, and Real Men Don't Click. Also, we've found that from the GUI it's hard to switch to a second console and then back.

We could also go to the Advanced options (image 2), and opt for "Expert install" or "Graphical expert install" as installation method, because it gives a much finer grain of control; however we usually don't need that control, and can do without the barrage of extra questions that the "expert" installation method pose.

After the Linux kernel finishes initializing the machine, a simple text-based installer appears (image 3) that immediately starts asking questions. Answer them according to your needs. Our example system uses the following choices:

  • Language: english
  • country: other > Netherlands
  • keymap: American English (since we have a keyboard with US layout)

Some installation software loads, and we get to the next phase: if you have multiple NICs in your machine (which we believe you should have!!), and if they're detected properly, then you're required to indicate which of the detected network interface cards (NIC) is going to be the "primary" NIC.

Here, trouble could begin. If your machine has only network cards that are not supported, then you'll see no cards here - but then how are you going to do a NetInstall? A solution would be to (temporarily) install a NIC that is supported, like a cheap Realtek card, or an old 3Com 905 card. Then, when the whole system is installed, up and running, you could compile a new kernel that contains support for your actual NICs, and when these work, remove the temporary NIC. For now, we'll assume that at least one of your NICs is recognised properly by the Debian installation routine.

Select the card that's connected and has (indirect) access to Internet (again: it should not be connected straight to the wild wild web, but sit safely behind a firewall, at least until we've installed our own firewall); if at all possible, let it be the NIC that'll be connected to your home network itself, on the inside of your server. Let's assume that this NIC is designated eth0 by the Debian installation. This card will now be configured using DHCP, so if you're on a network with a DHCP-server, the network will work straight away. If it's not, you can either configure the network manually or fix your DHCP-server and connection between it and eth0.

Next is one of the hardest questions that any OS installation is going to ask you: what will be the host name of the system? You could change it at any time in the future, but with lots of hassle, so you better choose wisely. Here are our tips:

  • do not name your machine after the user that's going to use it, e.g. "bernie-pc" (at some time in the future, Bernie's machine will be moved to Alice, so then Alice is working on "bernie-pc" which makes the situation quite unclear);
  • do not name your machine after the department or workgroup that's using it most, e.g. "accounting-srv" (same reasoning);
  • do not name your machine after it's main function, e.g. "printserver" (at some time in the future, the main function is moved to another machine, and/or an alternative function will become the main function of the machine);
  • do not name your machine after it's location, e.g. "srv-boston" (at some time in the future, the box will be moved to another location);
  • do not name your machine after it's hardware configuration, e.g. "ibmx346" (at some time in the future, either another xSeries x346 will be wheeled in, or the machine will be upgraded to accomodate increased use or overcome hardware problems - your "ibmx346" could suddenly be running on an xSeries x3650).

What we feel are safe names for any machine in your network are true names, perhaps linked to a common theme: names of European cities, names of movie characters, names of countries or holiday destinations et cetera.

Immediately following comes the question of the Domain Name. This is about a DNS domain, so effectively the installation program is asking which DNS suffix the host name should have; if the DHCP-server already provided something it'll be suggested, but you can override it if need be. In the preparatory phase, you'll have decided on continuation of your current DNS schema, or starting a new one. Either way, put the chosen DNS suffix in and press <enter>.

Partitioning

Next comes the question of partitioning, or how to divide the available disk space into chunks for the server to use. This is a tricky subject, because if you put all storage space into one partition, then some day a runaway process will fill up the entire disk with useless logs, and the system will crash. On the other hand, if you divvy up all space into little chunks, then some application is going to need space in one of those partitions where there is none, even though there may be plenty in other partitions. To prevent both problems from occuring, we're going to use Logical Volume Management (LVM) so that we can provision enough space to start our server, but keep some space in reserve to apply when needed, where it'll be needed.

So, we at Saruman.biz have put together a recommended standard partitioning scheme. The basis (in accordance with the standard Debian directory structureis this:

Partition MD LVG LV-name Size
(physical machine)
Size (VM) File System Mount point
1 /dev/md0     100MiB 100MiB ext3 /boot
2 /dev/md1     3GiB 1GiB ext3 /
3 /dev/md2 system swap 1GiB<ref name="swap">Rule of thumb: twice the size of the machine's RAM, but no less than 256MiB and no more than 2GiB</ref> 256MiB<ref name="swap"/> swap  
var 1GiB 512MiB ext3 /var
varlog 1GiB 512MiB ext3 /var/log
appslog 3GiB -<ref>Yes, we think a separate appslog is a very good idea, but when creating a minimal VM, we have to save disk space somewhere...</ref> ext3 /var/appslog
home 1GiB<ref name="home">Note that this heavily depends on the purpose of the machine; if it is not to house any users, then (almost) no space is needed for /home. But on the other hand if e.g. a virtual user is to be used for keeping mailstores, or other service users need home space, then /home needs to be big enough for that.</ref> 512MiB<ref name="home"/> ext3 /home
usr 3GiB 3GiB ext3 /usr
tmp 1GiB 512MiB ext3 /tmp
opt 1GiB - ext3 /opt
Total 18.1GiB 6.9GiB

As you can see, the partition table works as follows: we assume that we wind up with 3 partitions, either on three separate software RAID arrays (md0 through md2) or on one single hardware RAID array (in which case the 2nd column MD does not apply). The size of the partitions depends on your machine's make: for standard physical machines the 5th column does sensible suggestions, even though you could choose to have different sizes and of course different divisions altogether. If your machine happens to be a virtual one, running inside a VMware Server or VMware ESX host, or the like, then you might want to start out with more modest partitions. The same holds for small servers that must run off Flash drives.

Anyways, we're now at the Debian installation screen that lets us partition our disks. We're not going to use any of the "guided" partitionings, we go for "manual". Choosing that brings us to a screen showing all drives that the installation routine has detected, and all partitions on those drives that the installer can "see". We're going to do some assuming here once more: let's assume the drive(s) on which you want to install are visible, and are empty (containing no other partitions).

<references/>

Software RAID partitioning

If you're to use software RAID, you now have to select the free space on the first drive, press <enter>, and then tell what you want to do with the free space: create a new partition, tell which size you want it to be (see table above), give the type of partition (primary), and give where on the disk it'll sit (the beginning). Next, a screen comes up that details how the partition you're requesting will be created. Here we make some changes: under "use as" we're going to select "physical volume for RAID". This clears all the other options in this screen, except for the "bootable" flag, which must be "on" for the first partition that we'll mount as /boot. Now select "Done setting up the partition".

Next, go to the free space on the second disk, and do exactly the same, to create an identical physical volume for RAID - if it's the first partition, select the "bootable" flag as well (we'll want to be able to boot from this second disk if the first disk fails, right?).

Then go back to the rest of the free space on the first disk, make the second physical volume for RAID, duplicate it on the second disk. Then, go back to the rest of the free space on the first disk, make the third physical volume for RAID, and again duplicate it on the second disk.

If you now go back to the "partition disks" overview, you'll see all the partitions you've specified listed on their respective disks. But at the top an extra option has appeared, called "configure software RAID". When you now select this option, the installer will ask if it may write the changes you've made to disk. This actually creates the partition tables on the disks.

Note that at the end of configuring your partitions, an extra screen may appear (image 4): this asks if you care to identify which MD RAID devices must be started in order to be able to mount the root filesystem. Answering this question with a list of MD's like "md0 md1 md2" or simply "all" will let your server start the listed MD's very early in the boot sequence.

Hardware RAID partitioning

Now, if you have hardware RAID, then on your first (boot) disk just make 3 partitions, in the following manner:

Select the free space on the intended boot disk, press <enter>, select "create a new partition", and fill out the desired size (100MB). Type is primary, location is beginning of the disk, and in the details of the partition, we only need to change the Mount point to "/boot", and set the Bootable flag to "On". Then we're "Done setting up this partition".

The second partition is made the same way, but the desired size is 3GB, the Mount point is "/", and the Bootable flag remains off. Again, we're "Done setting up this partition".

The third partition is again a primary partition, it takes up the entire rest of the disk, but the type is not ext3, but "physical volume for LVM". Again, we're "Done setting up this partition". But now from the main partitioner screen, we can access "Configure the Logical Volume Manager". The installer asks if it can write out the choices made to the disk, and then enters the LVM setup screen, which begins with a summary explaining that you have one Free Physical Volume, and nothing more.

We now create a Volume Group (VG), which (in accordance to our partitioning standard) we'll call "system". In this VG, we'll add all Physical Volumes (being the one partition we've designated so in the previous step) using the space bar. Now we repeat the following process seven times:

  • select "Create Logical Volume"
  • select Volume Group "System"
  • give the LV Name (from the table, e.g. swap, var etc)
  • give the LV size (from the table, e.g. 1GB for swap etc)

After this, we can select "Finish", the partitioner creates the seven LVs, and we're back at the partitioner screen, where there are now 7 extra "disks", with names such as LVM VG system, LV appslog - 3.2GB Linux device mapper. Each of these "disks" has one block of empty space, which we now assign: seven times we repeat the following process:

  • select the unassigned chunk of empty space of an LV (e.g. appslog) and press <enter>;
  • Change "Use as: do not use" into the desired filesystem (ext3 - only the LV "swap" gets as filesystem type "swap area")
  • Change the mount point from "none" to the one corresponding with the name of the LV (note: the swap LV has no mountpoint; the appslog mountpoint must be entered manually as "/var/appslog")
  • If so desired, a label can be assigned to the partition (we usually don't)
  • select "Done setting up the partition"

Once all this is done, we can look over the configuration once more, and then select "Finish partitioning and write changes to disk". A summary configuration screen will show, and we'll affirm with "yes" that these partitions can indeed be formatted. After some formatting screens flashing by (unless your partitions are particularly big, your system is particularly slow, or something goes wrong) the installation procedure continues.

Final installer steps

Next comes one VERY important question: what to use as root password? We cannot stress this enough: choose a SAFE password! Do NOT go for an easy-to-remember one, go for STRONG and SAFE. There are tools to help you generate strong passwords, like this page: use them! We strongly suggest 10 characters or more, including letters, mixed case, and numbers, so something like SuCRe4hecH (do NOT use this, generate your own!).

Next, give the full name of the principal user of this server (your own, we assume), give the login-name (your given name, we assume), and a corresponding password. Again, use a SAFE password. As long as you don't make your principal user equivalent to root, you might go for a slightly weaker password (8 characters instead of 10), but we rather suggest you make the password just as strong (and different from!) the root password.

After entering the details of these two users "root" and "you", the Debian installer will ask you how it can contact the Debian archives, in the dialoge "configure the package manager". For the NetInstall version of Debian, this is as good as mandatory. So here, we say "yes, use a Network Mirror", and in the following list select the country in which we are (in our case: the Netherlands), so the installer can present us with a number of network mirrors "close by". We select ftp.nl.debian.org. Next screen: should you be behind a proxy server, then it's possible to specify that here. And then the test: the system will say "scanning the mirror..." and try to contact the specified mirror. If it does not succeed, then there is either a network problem, a problem with this box's network card, or you've not specified the mirror or proxy correctly - so fix it. You'll know the network mirror has succesfully been contacted when the next dialogue appears - currently "configuring popularity-contest". Answer this question as you please.

And then one of the last "big" questions: Software Selection. In this dialogue, you can easily select bundles of software to be installed. The choices are currently:

  • Desktop environment
  • Web server
  • Print server
  • DNS server
  • File server
  • Mail server
  • SQL database
  • Laptop
  • Standard system (selected by default)

We have to make a little confession here: we've never before used this option in the installer. In fact, we even deselect the Standard System, so as to minimize the number of software packages that the base installation of our server contains. This makes it more work to manually add packages later, but we feel it gives us more control and understanding of our systems. So if you are like us: deselect the Standard System entry, and select Continue.

The next dialogue handles the installation of the grub bootloader. Unless your disks weren't empty and you're attempting to make this system multiboot, you'll most likely get a question if you'll allow the installer to install grub into the boot sector of the first hard disk. We'll confirm with "Yes".

After the installation of grub is completed, the CD-ROM is ejected, and the system is ready to reboot into Debian Etch. Remove the CD and select "Continue"

Finishing up the installation

The system should reboot into Debian. This means you should see the following boot sequence:

  • your machine's standard POST messages
  • then, a blue grub menu on a black screen, with two entries:
    • Debian GNU/Linux, kernel 2.6.<something>
    • Debian GNU/Linux, kernel 2.6.<something&gt (single-user mode);
  • then, after a default time-out, the first grub option will go into effect, and the Linux kernel is started. Lots of cryptic messages in grey-on-black will scroll by, until the last few lines read: "Debian GNU/Linux 4.0 <hostname> tty1" and "<hostname> login:"

If your system does not reach this login, and/or some horrible error messages appear anywhere in this boot sequence, then you've got some extra work ahead. For now we'll assume you've reached the login prompt without problem.

Log in as the principal user (try to avoid logging in as root! That's BAD practice!). Once logged in, save a copy of the boot messages using sudo dmesg > boot.txt or whatever you like. Then look through the boot messages, e.g. with vi -R boot.txt. Furthermore, use Aptitude to make sure all your software is updated to the latest version.

Done! Your base system is ready. You probably now want to install essential software, roll your own kernel and connect your server to the Internet. Furthermore, you might want to create a couple of aliases in every profile so that your favorite commands are always available.