This project’s a chef repository for a dialup satellite email server I’ve put together for a local organization.
The rest of this README is a handover document that you probably won’t find useful or interesting.
I’ve given you an installation CD you can use. If anything ever happens to it, you can either burn another with the ISO image in hcts-data/Server or, if needed, fully re-create it from github.com/hcts/bootstrap.
Boot the installation CD, typing “install” at the “boot:” prompt.
Through the installation process, enter these values:
IP address: 192.168.0.1 Netmask: 255.255.255.0 Router: 192.168.0.254 Name servers: 192.168.0.254 Hostname: moshi (be sure to user a lowercase "m" so that backups can be restored!) Domain name: hcts.org Full name for the new user: HCTS Username for your account: hcts
Then, reboot the system. The bootloader on the CD may have trouble with this, so you may need to either momentarily remove the CD or place the hard disk before the CD-ROM drive in the boot sequence in order for the system to boot properly. (If you do remove the CD, you will need to re-insert it before running ‘chef-solo` below.)
Log in as hcts, and:
# Become root. sudo -i # Download the chef recipes. git clone git://github.com/hcts/chef-repo.git /srv/chef # Configure chef attributes. (Mostly just passwords.) # # As you use the following commands to edit the attributes file, you'll be # changing the values for: # # - mysql.server_root_password: any value will do # - hectic.db.password: any value will do # - postfix.default_relayhost_password: the smtp password for [email protected] # - postfix.root_mail_to: hcts (or whatever user you created above) # - samba.password: the password for connecting to the samba share # cd /etc/chef cp /srv/chef/config/attributes.json . nano attributes.json # Run chef. chef-solo
Once you’ve done that, you can schedule chef-solo to run every hour:
# When editing this file, you'll just be removing the hash mark from the # beginning of the last line, the one that starts "0 * * * * root". # nano /etc/cron.d/chef
Then, if you’re restoring data from a backup:
# Plug in the USB stick or external hard drive. You will see some messages on # the screen including text like [sdb]. Take note of the precise text -- for # example, is it "sdb" or "sdc" -- and use those letters, followed by a 1, in # the `mount` command below. # mkdir -p /media/backup mount /dev/sdb1 /media/backup rsnapshot-restore /media/backup/latest.tar.gz umount /media/backup
Since many of the chef-generated configuration files depend on the information you just restored (for example, the virtual_alpine script contains the first domain name in the user datase), you’ll probably want to run ‘chef-solo` just after performing a restore:
chef-solo
And that’s it!
You’ll want to make separate user accounts for your staff to have Remote Desktop access to the system. (See more information about Remote Desktop below.)
To add these users, and to give them permission to use sudo, use these commands:
sudo -i adduser henry adduser henry admin adduser noel adduser noel admin # # ...and so on. # # Note that the "adduser ... admin" commands are only necessary if the user # needs to use sudo from time to time. If you're not sure, it's safer not to # run this command until you need to.
I’ve written a tool called ‘bracken` that functions like a filtering version of `tail -f`. Bracken reads its configuration from /etc/bracken.rb.
To run it, simply use the following command:
bracken
Bracken will continue to tail the logfiles listed in /etc/bracken.rb, even after each morning’s logfile rotation.
You can manage customer mail accounts at 192.168.0.1. There is no longer a separate login for this application; just use your unix username and password.
When you need to get into a mailbox to remove or forward large messages at a customer’s request, you can use a wrapper script ‘virtual_alpine` like this:
virtual_alpine henry
If you would like to email all the elct.org customers, you may do so at [email protected].
All the important system configuration files, including /etc/fetchmailrc and /etc/ppp/pap-secrets, are automatically generated when chef runs. Chef is currently set in /etc/cron.d/chef to run every hour.
ANY CHANGES YOU MAKE TO THESE FILES WILL BE ERASED THE NEXT TIME CHEF RUNS! The proper way to change them is to add, edit, and delete customers via the web interface at 192.168.0.1/. Chef then reads this database to generate the appropriate configuration files.
So, if you add a new customer, it can take up to an hour (for the next chef run) until that customer can dial in and check mail.
From time to time, I may make updates to the chef cookbooks. I’ll notify you if I do, of course! Often, I may not even need to come in to perform the updates. Instead, you’ll just run the following commands:
sudo -i cd /srv/chef git pull origin master chef-solo
There is one main share, named “samba” and accessed with username “samba”. The contents of this share are included in the rsnapshot backups.
Every few hours, rsnapshot runs to take a backup of the important data on the system. See /etc/cron.d/rsnapshot and /etc/rsnapshot.conf.
Backups are placed under /var/backups/rsnapshot.
You can see the disk space used by all the backups with the following command:
sudo rsnapshot du
A tarball of the latest backup is always available under /var/lib/samba/backup, which you can reach from other machines as the samba share “backup”.
To restore a backup from the hard disk:
sudo rsnapshot-restore /var/backups/rsnapshot/hourly.0
To restore a backup from a tarball:
sudo rsnapshot-restore /media/UDISK/latest.tar.gz
For the radio staff, there is an HTTP proxy server running at 192.168.0.1:3128.
Rather than making a VNC connection to the server, you can simply use the Windows “Remote Desktop Connection” tool in Start -> All Programs -> Accessories -> Remote Desktop Connection. (The Remote Desktop service will be started automatically when the system boots, so you won’t have to start it from a console session as before.)
Your session will persist across connections, so you won’t lose your window positions or open programs.
You’ll probably want to save your connection settings in an RDP file on your Windows desktop, to make it easy to reconnect in the future. Click the “Options >>” button in the initial Remote Desktop Connection dialog for more.