From 4629194a7f8906efb1f411c4c4cc1616d1efb58c Mon Sep 17 00:00:00 2001 From: Stefan Kangas Date: Thu, 22 Dec 2011 02:58:58 +0100 Subject: Make MySQL slave configuration more robust against hostname changes --- fripost-docs.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fripost-docs.org b/fripost-docs.org index fac4390..ea9e1de 100644 --- a/fripost-docs.org +++ b/fripost-docs.org @@ -518,7 +518,6 @@ These instructions are mainly adapted from the MySQL manual. expire_logs_days = 10 max_binlog_size = 100M binlog_do_db = mail - /etc/init.d/mysql restart @@ -567,6 +566,7 @@ sudo chmod 0750 $TMP_DIR tmpdir = /var/lib/mysql/tmp # Note that the server-id must be different on all hosts server-id = 2 + relay-log = mysqld-relay-bin /etc/init.d/mysql restart -- cgit v1.2.3 From 78263058250ec0c6b164388c54eb3e93ef94974d Mon Sep 17 00:00:00 2001 From: Stefan Kangas Date: Thu, 22 Dec 2011 02:59:25 +0100 Subject: Add note to use Cluster SSH --- fripost-docs.org | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/fripost-docs.org b/fripost-docs.org index ea9e1de..f9da11b 100644 --- a/fripost-docs.org +++ b/fripost-docs.org @@ -1040,6 +1040,14 @@ It is also possible to use simple git commands in /etc, e.g. `git log'. `etckeeper' has the benefit of keeping track of file permissions, which git by itself will not. +** Use Cluster SSH + +This pretty much sums it up: + +"ClusterSSH controls a number of xterm windows via a single graphical console +window to allow commands to be interactively run on multiple servers over an ssh +connection." + ** Use fripost-tools We have written some tools to make administration tasks easier. They can be -- cgit v1.2.3 From cdd81d60f2f3dedb9960f8f8a015f24963b540e8 Mon Sep 17 00:00:00 2001 From: Stefan Kangas Date: Thu, 22 Dec 2011 02:59:34 +0100 Subject: Add rsync to essential packages --- fripost-docs.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fripost-docs.org b/fripost-docs.org index f9da11b..f15810f 100644 --- a/fripost-docs.org +++ b/fripost-docs.org @@ -104,7 +104,7 @@ sudo /etc/init.d/ssh restart ** Packages to install *** Administrative -sudo aptitude install openssh-server molly-guard ntp ntpdate screen +sudo aptitude install openssh-server molly-guard ntp ntpdate rsync screen # If the system is on a dynamic IP (e.g. using DHCP): sudo aptitude install resolvconf -- cgit v1.2.3 From bca0025c34ce16f5c29429ecd6407245c7e41261 Mon Sep 17 00:00:00 2001 From: Stefan Kangas Date: Thu, 22 Dec 2011 04:51:41 +0100 Subject: Improve MySQL replication setup documentation --- fripost-docs.org | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/fripost-docs.org b/fripost-docs.org index f15810f..7dba190 100644 --- a/fripost-docs.org +++ b/fripost-docs.org @@ -495,7 +495,7 @@ mysql -u root -p # Create mail user - CREATE USER 'mail'@'localhost' IDENTIFIED BY 'mijhl9hniiMu5WxvvtdgsacxZ'; + CREATE USER 'mail'@'localhost' IDENTIFIED BY ''; GRANT SELECT ON mail.alias TO 'mail'@'localhost'; GRANT SELECT ON mail.domain TO 'mail'@'localhost'; GRANT SELECT ON mail.mailbox TO 'mail'@'localhost'; @@ -521,6 +521,13 @@ These instructions are mainly adapted from the MySQL manual. /etc/init.d/mysql restart +# Enter MySQL shell and create a user with replication privileges. +# NB: Use only ASCII for the +mysql -u root -p + + GRANT REPLICATION SLAVE ON *.* TO 'slave_user'@'localhost' IDENTIFIED BY ''; + FLUSH PRIVILEGES; + ***** Configure the slave ****** Set up an SSH tunnel @@ -528,17 +535,13 @@ We begin by setting up an SSH tunnel from the slave to the master, as described ****** Preparing steps to take on master -# Enter MySQL shell and create a user with replication privileges. -# NB: Use only ASCII for the +# Make a database dump. + mysql -u root -p - GRANT REPLICATION SLAVE ON *.* TO 'slave_user'@'localhost' IDENTIFIED BY ''; - FLUSH PRIVILEGES; USE mail; FLUSH TABLES WITH READ LOCK; quit; - -# Make a database dump. mysqldump -u root -p --opt mail > mydump.sql @@ -568,7 +571,7 @@ sudo chmod 0750 $TMP_DIR server-id = 2 relay-log = mysqld-relay-bin -/etc/init.d/mysql restart +sudo service mysql restart # Enter the MySQL shell and create the database: -- cgit v1.2.3 From 16661e81491f959a23a393ed9aeec3a0c8c43283 Mon Sep 17 00:00:00 2001 From: Stefan Kangas Date: Thu, 22 Dec 2011 07:14:54 +0100 Subject: Add php.ini notes --- fripost-docs.org | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fripost-docs.org b/fripost-docs.org index 7dba190..6df9b51 100644 --- a/fripost-docs.org +++ b/fripost-docs.org @@ -791,6 +791,13 @@ current version than the one in stable. sudo apt-get install roundcube +:: /etc/php5/apache2/php.ini + + log_errors = Off + post_max_size = 25M + upload_max_filesize = 25M + tmp_dir = FIXME + :: /etc/roundcube/main.inc.php # Use caching -- cgit v1.2.3 From 30b80c026634b5eff000522353bec327bfbbc2d8 Mon Sep 17 00:00:00 2001 From: Stefan Kangas Date: Thu, 22 Dec 2011 07:19:32 +0100 Subject: When install roundcube custom logo, also download it --- fripost-docs.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fripost-docs.org b/fripost-docs.org index 6df9b51..e7e2f01 100644 --- a/fripost-docs.org +++ b/fripost-docs.org @@ -834,12 +834,12 @@ sudo apt-get install roundcube **** Installing custom logo +wget https://fripost.org/images/logo2011_webmail.png LOGO="logo2011_webmail.png" sudo mv /var/lib/roundcube/skins/default/images/roundcube_logo.png /var/lib/roundcube/skins/default/images/roundcube_logo2.png sudo mv $LOGO /var/lib/roundcube/skins/default/images/roundcube_logo.png sudo chmod 0644 /var/lib/roundcube/skins/default/images/roundcube_logo.png - *** ikiwiki sudo apt-get install ikiwiki -- cgit v1.2.3 From 82fbf57ac9b060e078644a791d6fe70d4fe17e80 Mon Sep 17 00:00:00 2001 From: Stefan Kangas Date: Tue, 27 Dec 2011 10:52:13 +0100 Subject: Add new logcheck rule for ntpd --- fripost-docs.org | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/fripost-docs.org b/fripost-docs.org index e7e2f01..50fafe7 100644 --- a/fripost-docs.org +++ b/fripost-docs.org @@ -155,6 +155,7 @@ sudo aptitude install logcheck syslog-summary ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[0-9]+\]: WARNING: cannot connect to dns.loopia.se:443 socket: IO::Socket::SSL: Timeout IO::Socket::INET configuration failederror:00000000:lib(0):func(0):reason(0)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[0-9]+\]: WARNING: file /var/cache/ddclient/ddclient.cache, line [0-9]+: Invalid Value for keyword 'ip' = ''$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[0-9]+\]: WARNING: updating [._[:alnum:]-]+: nochg: No update required; unnecessary attempts to change to the current address are considered abusive$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: [.0-9]{7,15} interface [.0-9]{7,15} -> [.0-9]{7,15}$ ** Configuring aptitude and friends @@ -786,8 +787,12 @@ sudo a2enmod ssl rewrite **** Installing roundcube -Add the backports repository first, to make sure we're running a somewhat more -current version than the one in stable. +# Add the backports repository first, to make sure we're running a somewhat more +# current version than the one currently in stable. + +:: /etc/apt/sources.list + + deb http://backports.debian.org/debian-backports squeeze-backports main sudo apt-get install roundcube @@ -996,9 +1001,9 @@ sudo rkhunter -c --nomow --rwo MAIL-ON-WARNING=admin@fripost.org - ALLOWHIDDENDIR=/etc/.git ALLOWHIDDENDIR=/dev/.udev ALLOWHIDDENDIR=/dev/.initramfs + ALLOWHIDDENDIR=/etc/.git ALLOWHIDDENFILE=/etc/.gitignore ALLOWHIDDENFILE=/etc/.etckeeper -- cgit v1.2.3