User Tools

Site Tools


santo

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

santo [2014/11/24 01:14] (current)
0.0.0.0 created
Line 1: Line 1:
 +====== Santo ======
  
 +[[Category:​Hosts]]
 +[[Category:​Hosts/​Servers]]
 +[[Category:​Hosts/​Gentoo]]
 +
 +===== Overview =====
 +  * Type: Core Router
 +  * Model: Soekris net5501-70
 +  * Location: Bedroom 1
 +  * URL: http://​santo.sihnon.net/​
 +  * Provides:
 +    * Routing
 +    * Gateway Firewall
 +    * DHCP server
 +    * Name server (master)
 +    * Directory server (LDAP master)
 +
 +*Specs:
 +    * 500MHz AMD Geode LX
 +    * 512Mb Ram
 +    * 4x 100Mb Ethernet
 +    * 4Gb SanDisk Compact Flash II
 +    * 120Gb Western Digital 5400rpm 8mb (//​disconnected//​)
 +
 +===== Filesystems =====
 +Santo'​s system disk is a 4gb compact flash card.
 +
 +{| class="​wikitable"​ cellspacing="​10"​
 +|+ /dev/sda partitions
 +|- 
 +! Partition Number
 +! Size
 +! Filesystem
 +! Mount point
 +! UUID
 +! Notes
 +|-
 +| 1
 +| 64Mb
 +| ext2
 +| /boot
 +| 7d2971df-b96b-49a3-8af9-510f2e058291
 +|
 +|-
 +| 2
 +| 128Mb
 +| swap
 +| //none//
 +| 2a92981a-1f4e-4b55-a306-a824b65509ac
 +
 +|-
 +| 3
 +| 1Gb
 +| ext3
 +| /var
 +| 2226ba4b-7cc5-497e-8f26-e9b8505e51a2
 +| 1kb block size, 200,000 inodes
 +|-
 +| 4
 +| 2.8Gb
 +| ext3
 +| /
 +| f8158fc9-f41a-4e66-b5a7-5d3ed20d951f
 +| 1kb block size, 400,000 inodes
 +|-
 +|}
 +
 +There is also a 120Gb SATA drive present, though it is run through a SATA->​PATA bridge and appears as /dev/sdb. It will be used to hold several logical volumes using [[Logical Volume Manager|LVM]].
 +
 +{| class="​wikitable"​ cellspacing="​10"​
 +|+ /dev/sdb partitions
 +|- 
 +! Partition Number
 +! Size
 +! Filesystem
 +! Mount point
 +! UUID
 +! Notes
 +|-
 +| 1
 +| 100%
 +| lvm
 +| //none//
 +
 +| volumegroup:​ pool
 +|}
 +
 +The logical volumes will be used to house filesystems which are frequently/​heavily accessed and which may want to grow over time (eg logs). ​
 +
 +{| class="​wikitable"​ cellspacing="​10"​
 +|+ lvm:pool logical volumes
 +|-
 +! Name
 +! Size
 +! Filesystem
 +! Mount point
 +! UUID
 +! Notes
 +|-
 +| var
 +| 5G
 +| ext4
 +| /var
 +| 1488edcf-c6c7-4f7c-80a7-790a52b60c41
 +
 +|-
 +| backups
 +| 10G
 +| ext4
 +| /backups
 +| 32c4b0eb-7733-4b7f-a6ec-7a7292136f68
 +
 +|-
 +| porage
 +| 5G
 +| ext4
 +| /​usr/​portage
 +| 0b572fe0-8cee-465a-bca2-9212d7ff7695
 +| 1kb block size, 800,000 inodes
 +|}
 +
 +===== Installation =====
 +==== Kernel config ====
 +Full kernel .config files are stored in subversion, at [[https://​dev.sihnon.net/​svnpriv/​configs/​kernel/​santo/​|configs:/​kernel/​santo/​]].
 +
 +The following options are necessary for the system to boot under both VMware and the Soekris hardware.
 +
 +{{Warning|In order to enable DMA, it is important not to select any generic IDE/SCSI controllers;​ only the hardware specific ones should be enabled.}}
 +
 +{{Kernel|2.6.28-gentoo-r1|<​code>​0@@</​code>​}}
 +
 +==== Serial Console ====
 +The serial port on the Soekris hardware is currently configured to run at 38400 bps, using 8 bit words, no parity bits, and one stop bit (38440 8n1).
 +
 +Grub will need to output the boot menu to the serial console:
 +{{File|/​boot/​grub/​grub.conf|<​code>​1@@</​code>​}}
 +
 +Finally, add a login prompt to the serial console. -L forces the output to work, even if the cable isn't connected.
 +{{File|/​etc/​inittab|<​code>​2@@</​code>​}}
 +
 +==== Network Configuration ====
 +Network configuration is stored in subversion, under [[https://​dev.sihnon.net/​svnpriv/​configs/​network/​router/​|configs:/​network/​router/​]].
 +
 +==== Installed software ====
 +Also see [[Linux#​Essential software packages]]
 +
 +  * {{Package|direct=yes|net-dns/​bind}}
 +  * {{Package|direct=yes|net-dns/​bind-tools}}
 +  * {{Package|direct=yes|net-misc/​dhcp}}
 +  * {{Package|direct=yes|net-misc/​bridge-utils}}
 +  * {{Package|direct=yes|net-firewall/​iptables}}
 +  * {{Package|direct=yes|net-analyzer/​tcpdump}}
 +  * {{Package|direct=yes|net-nds/​openldap}}
 +  * {{Package|direct=yes|sys-auth/​nss_ldap}}
 +  * {{Package|direct=yes|sys-auth/​pam_ldap}}
 +  * {{Package|direct=yes|net-fs/​samba}}
 +  * {{Package|direct=yes|net-wireless/​hostapd}}
 +  * {{Package|direct=yes|net-wireless/​madwifi-ng}}
 +  * {{Package|direct=yes|net-wireless/​madwifi-ng-tools}}
 +  * {{Package|direct=yes|net-misc/​ntp}}
 +  * {{Package|direct=yes|net-misc/​openvpn}}
 +  * {{Package|direct=yes|www-servers/​apache}}
 +  * {{Package|direct=yes|dev-lang/​php}}
 +  * {{Package|direct=yes|dev-db/​mysql}} {{USEFlag|{{EnableFlag|minimal}}}}
 +  * {{Package|direct=yes|dev-util/​subversion}}
 +  * {{Package|direct=yes|mail-mta/​postfix}}
 +  * {{Package|direct=yes|net-misc/​linux-igd}}
 +  * {{Package|direct=yes|app-crypt/​aespipe}}
 +  * {{Package|direct=yes|net-analyzer/​vnstat}}
 +
 +===== Configuration =====
 +==== Logging ====
 +See [[Syslog]]. Santo'​s CF root disk wont appreciate lots of log writes, so all log messages will be sent to the central loghost, and only written to tmpfs locally. Logs will be permanently stored on the loghost'​s disk, or if that is unavailable can be read directly on Santo until it is rebooted.
 +
 +Add the following mounts:
 +{{File|/​etc/​fstab|<​code>​3@@</​code>​}}
 +
 +==== Watchdog ====
 +If the kernel was compiled with support for the Geode LX and hardware watchdog, install {{Package|direct=yes|sys-apps/​watchdog}} and edit the configuration file to contain at least the following:
 +
 +{{File|/​etc/​watchdog.conf|<​code>​4@@</​code>​}}
 +
 +Then start the watchdog, and add it to the boot runlevel:
 +{{Root|<​code>​5@@</​code>​}}
 +
 +==== LDAP ====
 +See [[LDAP/​Openldap]]. Configuration files are stored in subversion, under [[https://​dev.sihnon.net/​svnpriv/​configs/​ldap/​master/​|configs:/​ldap/​master/​]].
 +
 +==== DNS/DHCP ====
 +See [[DNS & DHCP]]. Configuration files are stored in subversion, under [[https://​dev.sihnon.net/​svnpriv/​configs/​dhcp/​master/​|configs:/​dhcp/​master/​]] and [[https://​dev.sihnon.net/​svnpriv/​configs/​named/​master/​|configs:/​named/​master/​]].
 +
 +==== Firewall ====
 +See [[Iptables]].
 +
 +==== Mail ====
 +Edit <​tt>/​etc/​postfix/​main.cf</​tt>​ to set the hostname. As this host is not a primary or backup MX, no other configuration is necessary.
 +
 +{{Root|<​code>​6@@</​code>​}}
 +
 +==== Samba ====
 +Configuration is stored in subversion, under [[https://​dev.sihnon.net/​svnpriv/​configs/​samba/​master/​|configs:/​samba/​master/​]]. Samba'​s LDAP password must be set to the same value stored in the directory and then the service can be started.
 +
 +{{Root|<​code>​7@@</​code>​}}
 +
 +==== UPNP ====
 +Configuration is stored in subversion, under [[https://​dev.sihnon.net/​svnpriv/​configs/​upnpd/​master/​|configs:/​upnpd/​master/​]]. Merely copy these in place and start the daemon with:
 +
 +{{Root|<​code>​8@@</​code>​}}
 +
 +==== Apache ====
 +//TODO//
 +
 +Set up remote logging, as per [[Apache#​Loging via syslog]] so that messages aren't written to the local CF disk.
 +
 +==== Wireless ====
 +See [[Wireless]]. Configuration is stored in subversion, under [[https://​dev.sihnon.net/​svnpriv/​configs/​wireless/​router/​|configs:/​wireless/​router/​]].
 +
 +===== Backups =====
 +The options are:
 +  * rsync, backing up directly to an NFS mount on [[Hosts#​Athens|Athens]].
 +  * perlbak, using the SATA hard drive as scratch space before copying the final tar across to Athens.
 +
 +===== Useful information =====
 +==== Hardware ====
 +<​code>​9@@</​code>​
 +
 +==== Disk performance ====
 + /​dev/​sda:​
 + 
 + ​Model=SanDisk SDCFX3-004G
 + ​Config={ HardSect NotMFM Removeable DTR>​10Mbs nonMagnetic }
 + ​RawCHS=7964/​16/​63,​ TrkSize=0, SectSize=576,​ ECCbytes=4
 + ​BuffType=DualPort,​ BuffSize=1kB,​ MaxMultSect=4,​ MultSect=?​0?​
 + ​CurCHS=7964/​16/​63,​ CurSects=8027712,​ LBA=yes, LBAsects=8027712
 + ​IORDY=no,​ tPIO={min:​120,​w/​IORDY:​120},​ tDMA={min:​120,​rec:​120}
 + PIO modes: ​ pio0 pio1 pio2 pio3 pio4
 + DMA modes: ​ mdma0 mdma1 mdma2
 + UDMA modes: udma0 udma1 *udma2 udma3 udma4
 + ​AdvancedPM=no WriteCache=disabled
 + Drive conforms to: Unspecified: ​ ATA/ATAPI-4
 + 
 + ​Timing cached reads: ​  370 MB in  2.00 seconds = 185.07 MB/sec
 + ​Timing buffered disk reads: ​  82 MB in  3.05 seconds =  26.91 MB/sec
 +
 +===== Troubleshooting =====
 +Santo on the Soekris hardware has had some stability issues in the past. It looks like these might be fixed with the current 2.6.28-gentoo-r1 kernel config, but just in case, here is a magic incantation to spam syslog every 5 minutes, just to show the kernel is still alive.
 +
 +{{Root|<​code>​10@@</​code>​}}
santo.txt · Last modified: 2014/11/24 01:14 by 0.0.0.0