====== Silverhold ======

[[Category:Hosts]]
[[Category:Hosts/Servers]]
[[Category:Hosts/Gentoo]]
[[Category:KVM]]

===== Overview =====
  * Type: Virtual machine
  * Location: [[Badger]]
  * URL: http://silverhold.jellybean.sihnon.net/
  * Provides:
    * Cacti (//todo//)
    * Nagios (//todo//)

*Specs:
    * 512Mb Ram
    * 1x virtio Ethernet
    * 20Gb Virtual Disk

===== Filesystems =====
{| class="wikitable" cellspacing="10"
|+ /dev/sda (20Gb qcow2 image)
|- 
! Partition Number
! Size
! Filesystem
! Mount point
! Notes
|-
| 1
| ~20Gb
| lvm
| //none//
| 
|}

And the logical filesystems are:

{| class="wikitable" cellspacing="10"
|+ Logical volumes
|- 
! Volume Name
! Size
! Filesystem
! Mount point
! Notes
|- 
| system/root
| 8 GB
| ext3
| /
| 
|-
| system/home
| 11.5 GB
| ext3
| /home
| 
|-
| swap
| 512 MB
| ext3
| /var
| 
|}

===== Installation =====
Silverhold was installed using the [[Gentoo/Template]] KVM image.

==== Installed software ====
Also see:
  * [[Gentoo/KVM]]

=== Hosting ===
  * {{Package|direct=yes|dev-lang/php}}
  * {{Package|direct=yes|www-servers/apache}}

=== Monitoring ===
  * //todo//

===== Configuration =====
==== Network ====
{| class="wikitable" cellspacing="10"
|+ Network adapters
|- 
! Hardware
! Driver
! Device
! Mac
! IP
! DHCP/Static
|-
| virtio
| virtio_net
| eth0
| 54:52:00:2e:d3:e3
| 10.0.0.7
| dhcp
|}

The network configuration is stored in subversion, under [[https://dev.sihnon.net/svnpriv/configs/network/silverhold|configs:/network/silverhold]].

==== Apache ====
Apache needs to be compiled with various extensions enabled. Make sure the following useflags are enabled:
  * {{Package|direct=yes|dev-lang/php}} {{USEFlag|{{EnableFlag|apache2}} {{EnableFlag|cli}} {{EnableFlag|gd}} {{EnableFlag|inifile}} {{EnableFlag|json}} {{EnableFlag|ldap}} {{EnableFlag|mysql}} {{EnableFlag|mysqli}} {{EnableFlag|pcre}} {{EnableFlag|posix}} {{EnableFlag|session}} {{EnableFlag|simplexml}} {{EnableFlag|snmp}} {{EnableFlag|sockets}} {{EnableFlag|ssl}} {{EnableFlag|xml}} {{EnableFlag|xmlreader}} {{EnableFlag|xmlrpc}} {{EnableFlag|xmlwriter}} {{EnableFlag|xsl}} }}

Set up permissions on the webroot so that apache can access all files that exist, and are later created using acls. Same for the web users.
{{Root|<source lang="bash">
setfacl -R -m u:apache:rX,d:u:apache:rX,g:web:rwX,d:g:apache:rwX /var/www
</source>}}

For LDAP authentication to work, Apache must be set to use TLS connections by default. Add the following configuration:
{{File|/etc/apache2/modules.d/46_mod_ldap.conf|<source lang="apache">
LDAPTrustedMode TLS
LDAPVerifyServerCert On
</source>}}

See also:
  * [[Cacti]] - setting up cacti
  * [[Nagios]] - setting up nagios