====== Saffron ======
[[Category:Hosts]]
[[Category:VMware]]
===== Overview =====
* Type: Virtual machine
* Location: [[Badger]]
* Operating System: Gentoo Linux (2008.0 x86_64)
* URL: https://saffron.sihnon.net/
* Provides:
* Web server
* Database server
* Subversion server
*Specs:
* 512Mb Ram
* 2x 100Mb Ethernet
* 20Gb Virtual Disk
* Serial port (mapped to /var/lib/vmware/Virtual Machines/serials/saffron on [[Badger]])
===== Filesystems =====
{| class="wikitable" cellspacing="10"
|+ /dev/sda (20Gb sparesly allocated VMDK)
|-
! Partition Number
! Size
! Filesystem
! Mount point
! UUID
! Notes
|-
| /dev/sda1
| 128Mb
| ext2
| /boot
| 2572da94-bb4e-4460-af7b-a9e15d2b810e
|
|-
| /dev/sda2
| 256Mb
| swap
| //none//
|
|
|-
| /dev/sda3
| ~19Gb
| lvm
| //none//
| -
|
|-
| /dev/mapper/saffron-root
| 8Gb
| ext3
| /
|
|
|-
| /dev/mapper/saffron-var
| 10Gb
| ext3
| /var
|
|
|-
| /dev/mapper/saffron-home
| 1Gb
| ext3
| /home
|
|
|}
The following physical partitions are used for LVM.
{| class="wikitable" cellspacing="10"
|+ LVM physical volumes
|-
! Device
! PV UUID
! Size
! Volume Group
! Notes
|-
| /dev/sda3
|
| 19Gb
| saffron
|
|}
===== Installation =====
==== Kernel ====
{{Kernel|2.6.28-gentoo-r1|0@@}}
==== Installed Software ====
Also see:
* [[Gentoo/VMware]]
=== Hosting ===
* {{Package|direct=yes|dev-db/mysql}} {{USEFlag|{{DisableFlag|minimal}}}}
* {{Package|direct=yes|dev-util/subversion}}
* {{Package|direct=yes|net-fs/samba}} {{USEFlag|{{DisableFlag|cups}}}}
===== Configuration =====
==== LDAP ====
See [[LDAP/Openldap]]. Configuration files are stored in subversion, under [[https://dev.sihnon.net/svnpriv/configs/ldap/client|configs:/ldap/client/]].
==== Mail ====
Edit /etc/postfix/main.cf to set the hostname. As this host is not a primary or backup MX, no other configuration is necessary.
{{Root|1@@}}
==== Samba ====
Configuration is stored in subversion, under [[https://dev.sihnon.net/svnpriv/configs/samba/client|configs:/samba/client]]. Samba's LDAP password must be set to the same value stored in the directory and then the service can be started.
{{Root|2@@}}
==== Database ====
Create the initial database tables, then start the server and ensure it starts on boot.
{{Root|
/usr/bin/mysql_install_db
/etc/init.d/mysql start
rc-update add mysql default
}}
Import the original database backup, and reload the privileges table.
{{Command|
mysql -u root < mysql.sihnon.net.sql
mysql -u root -e 'flush privileges;'
}}
==== Apache ====
Apache needs to be compiled with various extensions enabled. Make sure the following useflags are enabled:
* {{Package|direct=yes|dev-lang/php}} {{USEFlag|{{EnableFlag|apache2}} {{EnableFlag|cli}} {{EnableFlag|gd}} {{EnableFlag|inifile}} {{EnableFlag|json}} {{EnableFlag|ldap}} {{EnableFlag|mysql}} {{EnableFlag|mysqli}} {{EnableFlag|pcre}} {{EnableFlag|posix}} {{EnableFlag|session}} {{EnableFlag|simplexml}} {{EnableFlag|snmp}} {{EnableFlag|sockets}} {{EnableFlag|ssl}} {{EnableFlag|xml}} {{EnableFlag|xmlreader}} {{EnableFlag|xmlrpc}} {{EnableFlag|xmlwriter}} {{EnableFlag|xsl}} }}
Set up permissions on the webroot so that apache can access all files that exist, and are later created using acls. Same for the web users.
{{Root|
setfacl -R -m u:apache:rX,d:u:apache:rX,g:web:rwX,d:g:apache:rwX /var/www
}}
For LDAP authentication to work, Apache must be set to use TLS connections by default. Add the following configuration:
{{File|/etc/apache2/modules.d/46_mod_ldap.conf|
LDAPTrustedMode TLS
LDAPVerifyServerCert On
}}
See also:
* [[Vhosts#Pitchfork]] - Setting up the pitchfork mpd webui.
==== Subversion ====
Copy the repositories into /var/svn/repos/, and the configuration files into /var/svn/conf.
Use SVN::Notify to send email alerts containing the contents of new commits. This is not yet in the portage tree, but someone has submitted an ebuild so hopefully it will be soon. Until then, install it using CPAN.
{{Root|
cpan
install SVN::Notify
}}