DEVTOME.COM HOSTING COSTS HAVE BEGUN TO EXCEED 115$ MONTHLY. THE ADMINISTRATION IS NO LONGER ABLE TO HANDLE THE COST WITHOUT ASSISTANCE DUE TO THE RISING COST. THIS HAS BEEN OCCURRING FOR ALMOST A YEAR, BUT WE HAVE BEEN HANDLING IT FROM OUR OWN POCKETS. HOWEVER, WITH LITERALLY NO DONATIONS FOR THE PAST 2+ YEARS IT HAS DEPLETED THE BUDGET IN SHORT ORDER WITH THE INCREASE IN ACTIVITY ON THE SITE IN THE PAST 6 MONTHS. OUR CPU USAGE HAS BECOME TOO HIGH TO REMAIN ON A REASONABLE COSTING PLAN THAT WE COULD MAINTAIN. IF YOU WOULD LIKE TO SUPPORT THE DEVTOME PROJECT AND KEEP THE SITE UP/ALIVE PLEASE DONATE (EVEN IF ITS A SATOSHI) TO OUR DEVCOIN 1M4PCuMXvpWX6LHPkBEf3LJ2z1boZv4EQa OR OUR BTC WALLET 16eqEcqfw4zHUh2znvMcmRzGVwCn7CJLxR TO ALLOW US TO AFFORD THE HOSTING.

THE DEVCOIN AND DEVTOME PROJECTS ARE BOTH VERY IMPORTANT TO THE COMMUNITY. PLEASE CONTRIBUTE TO ITS FURTHER SUCCESS FOR ANOTHER 5 OR MORE YEARS!

Linux Standard Build for DELL Servers

V 1.2 4/10/2006,7/10/2006, 10/3/2008, 11/15/2013 - © Alexey Zilber

Every build of Linux will differ based upon it’s target application (database, web/file server, etc.). Most things though remain roughly the same and can be determined either at build time, or if the hardware is known within a kickstart script. This build doc contains information of a generic nature, as well as RedHat specific caveats targeted for Dell hardware.

PRE-INSTALLATION

  • Insert the Dell Server Assistant CD and BOOT. If you are using the NON-DELL install method, only create the system utility partition, exit and proceed to step 1, otherwise go to ‘Server Setup’ and skip to step 2. Using the Dell Server Assistant CD is the only correct method for installing RedHat (AS/ES) Linux on Dell hardware. The non-DELL method exists only for unsupported hardware or non RedHat distributions.

INSTALLATION START (non-DELL)

  • Insert either the 1st CD or DVD from the compilation, and boot into it.
  • Type: “linux install” at the ISOLINUX prompt, enter, or just wait:

  • Hit enter for all prompts. You may want to ‘skip’ the CD media check:

  • Use the DELL Server Setup CD.
  • Follow directions as closely as possible to section 3 “Partitioning”. The Dell System Setup CD (5.0) is limited to the number of initial partitions it can create.

PARTITIONING

- DELL Server Setup (5.0) shows you a default config of this type (based on a 136GB Logical Disk) MUST CHANGE:

Partition Sizing in MB
(root)/ 1024
/boot 100
swap 1756
/usr 479478
/home 25349
/tmp 512
/var 512

- Such a partitioning scheme assumes an application server install. Correct partitioning must reflect system usage. If you are unsure, partition to the recommended settings and leave the rest of the space free. The RECOMMENDED PARTITIONING SCHEME using Dell System Setup:

Partition Sizing in MB
(root)/ 1024
/boot 256
swap RAM*1.5
/usr 20480
/home 5120
/tmp 1024
/var 4096-8192

– Items so designated are to be adjusted based on servers target requirements. Extra partitions can be added later using system-config-lvm.

*** RAM               Swap Space
  --------------------------------------------
  1 GB - 2 GB       1.5 times the size of RAM
  2 GB - 8 GB       Equal to the size of RAM
  more than 8GB     0.75 times the size of RAM
Choose “Manually Partition with Disk Druid”:

  • Delete all the Partitions:

  1. The default Linux partitions are insufficient and must be completely redone to the following specs:
  2. /boot = 256MB, /boot must NOT live on an LVM! It MUST be an ext3 filesystem, preferably on a mirrored partition, as the first partition on the drive.

  1. Setup an initial LVM Group the size of the remainder of the disk (for single disk). With more then 1 disk, you will need to decide whether you will want to have all physical disks under one group, or have more then one group. There are advantages and disadvantages to both.

  1. Click on “LVM”. You will now be working under LVM to create the remainder of the partitions.
  2. You will need to create a minimum of 2 swap partitions, of 2GB in size. Two swap partitions are recommended, usually double the size of the RAM.

If hard drive space if very limited, a single ‘/’ partition can be configured, with no other partitions. This is *NOT* recommended for a server.

  • Create ‘/usr’ with at least 10GB to 20GB of space. This partition holds all the installed software. It must accommodate current and future software install needs. It does not fluctuate much once all the software has been installed.
  • Create ‘/home’ with at least 2GB of space (4.7GB if using Server Assistant). This contains user data, and files.
  • Create a ‘/tmp’ with at least 1 to 2GB of space. This holds temporary files, and needs to be sized based on server usage. The higher the number of users and software packages run, the more space is needed in /tmp. /tmp is cleared periodically by the system.
  • Unless requirements dictate otherwise, the remainder of free space should be put to ‘/var’. Calculate off 20% of the space you would use for /var, and leave this space free. This space will be used as a live snapshot by the LVM system.
  • ‘/’ root partition should be at least 1GB.
  • Final partitioning will look something like this (ignore the partition sizes in the image):

BOOT LOADER

  • Choose a bootloader. The default (and recommended) is GRUB. Usually the default options are sufficient. GRUB needs to live on the MBR.

NETWORK CONFIGURATION

  • Configure the network:

FIREWALL-SELINUX

  • The firewall MUST BE enabled. Whether to enable SELINUX is beyond the scope of this document. It is recommended to leave SELINUX enabled ‘Active’. If you are installing or will be installing custom software on the server, and the server will not be accessible from the outside SELINUX may be disabled. If ORACLE or MySQL is being installed, disable SELINUX. SELINUX may also be disabled post boot by editing ///etc/sysconfig/selinux//.
  • Open the SSH port in the firewall during the install.

  • SET ROOT PASSWORD
  • Root password must be set to the same password as in the Windows System Build Document.

PACKAGE CONFIGURATION:

  • If using the Dell Server Assistant, use the ‘Server’ option for packages. No other choices need to be made.
  • If using a regular, non single CD install. Choose the following packages (as space permits):
  1. X Windows System
  2. GNOME Desktop Environment
  3. Text-based Internet
  4. Server Configuration Tools
  5. Web Server
  6. Windows File Server
  7. MySQL Database
  8. Development Tools* (If you are building servers for the DMZ, and have testing and deployment servers, then omits this).
  9. Administration Tools
  10. System Tools
  11. Printing support* (Up to your discretion)
  12. Examples:

ALTERNATIVE INSTALL (USING KICKSTART)

  • Systems may be cloned and automatically installed using RedHat Kickstart. For a truly automated kickstart, you must setup either an ftp or web site containing the contents of all the binary RedHat or CentOS CD’s.
  • You will modify or create a kickstart file called ks.cfg. Most servers have their kickstart file as /root/install-ks.cfg. The server can be cloned using this kickstart file. Be aware, that kickstart files created by DELL’s Server Assistant must only be used with the Server Assistant.

POST INSTALL

  • If you used DELL’s Server Assistant, you will need to login as root, and install Open Manage. You MUST install all Dell software into /usr/local/dell, for example, Dell’s Open Manage must be installed into: /usr/local/dell/srvadmin
  • If you did not, you will need to download the Open Manage RPM and install it into /usr/local/dell/srvadmin.
  • If you did not use DELL’s Server Assitant CD you need to download and install the DKMS rpm, followed by the Perc driver rpm (if DELL server), the kernel source for the latest kernel and the kernel source.
  • Check and disable unneeded services. Use chkconfig –list to find services then, chkconfig –del to delete them.
  • Disable Xwindows on startup. Edit /etc/inittab and change the default run-level to 3.
  • Create user accounts and policies:
  • User creation (with SOX compliance, suggested to create a shell script called passwdsox as a wrapper for the line below):
    • passwd –x 60 –w 14 –i 14 <username>
    • or chage -M 60 -W 14 -I 14 -d 2006-04-10 <username> to change.
    • Change /etc/login.defs with the following info:
      • PASS_MAX_DAYS 60
      • PASS_MIN_DAYS 0
      • PASS_MIN_LEN 6
      • PASS_WARN_AGE 14
  • Edit /etc/default/useradd and change INACTIVE=-1 to:
    • INACTIVE=14
  • Lock out root from remote access:
    • Edit /etc/ssh/sshd_config and add PermitRootLogin no. Save it, and restart sshd (/sbin/service sshd restart). Make SURE you have an account already setup. * This applies to servers on the DMZ. Due to account aging, it may be prudent to leave root able to login remotely.
    • Open up any ports you need on the firewall. Either edit /etc/sysconfig/iptables directory or run system-config-firewall
    • Most system-wide configurations can be made with a system-config-* gui.
    • For custom partitioning after installs (particularly recommended post DELL’s Server Assistant) use system-config-lvm. Remember to leave 20% space per group for space usage.
    • Edit /etc/syslog.conf, append to the end of the file:
    • *.*;cron.none @<n-convention>.domain.com
    • Edit /etc/sysconfig/netdump and point it to <n-convention>.domain.com for both kernel dumps and netconsole. Enable the service, and start it. Remember, this may not work through the firewall.
  • Install Zabbix Agent from rpm.

UPDATING YOUR INSTALL

  • RedHat Network
    • The RedHat network is used to update RedHat ES and AS systems. Valid licenses are required, as well as a login. Updates are retrieved using up2date. The server may also be updated using the web interface at rh.redhat.com.
  • YUM
    • YUM (YellowDog Updater Modified) is a package manager developed by YellowDog Linux and modified to be distro agnostic. CentOS, our other distro of choice uses yum.
      • Yum must be run prior to server production:
      • yum –y update will update the server.

SYSTEM TUNING

  • EMAIL/QMAIL:
    • /etc/sysctl.conf:
  • Controls IP packet forwarding

net.ipv4.ip_forward = 0

  • Controls source route verification

net.ipv4.conf.default.rp_filter = 1

  • Enable bad error message Protection (*)

net.ipv4.icmp_ignore_bogus_error_responses = 1

  • Do not accept source routing

net.ipv4.conf.default.accept_source_route = 0

  • Controls the System Request debugging functionality of the kernel

kernel.sysrq = 0

  • Controls whether core dumps will append the PID to the core filename. Useful for debugging multi-threaded applications.

kernel.core_uses_pid = 1

  • More open files.

fs.file-max = 65536

  • Set TCP Re-Ordering value in kernel to 5

net.ipv4.tcp_reordering = 5

  • Decrease SYN ACK retry attempts to 2

net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 3

  • Decrease the time default value for tcp_fin_timeout connection (*)

net.ipv4.tcp_fin_timeout = 25

  • Increase the tcp-time-wait buckets pool size (*)

net.ipv4.tcp_max_tw_buckets = 360000

  • Enable TCP SYN Cookie Protection (*)

net.ipv4.tcp_syncookies = 1

  • Set Max SYN Backlog (*)

net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.core.netdev_max_backlog = 1024

  • increase Linux TCP buffer limits

net.core.rmem_max = 33554432
net.core.wmem_max = 33554432
net.core.rmem_default = 65536
net.core.wmem_default = 65536
net.ipv4.tcp_rmem = 4096 87380 33554432
net.ipv4.tcp_wmem = 4096 65536 33554432
net.ipv4.tcp_mem = 33554432 33554432 33554432

  • flush old route information

net.ipv4.route.flush = 1

//Oracle 9i (x86 Linux, per DBA’s discretion)://

  • Disables packet forwarding

net.ipv4.ip_forward = 0

  • Enables source route verification

net.ipv4.conf.default.rp_filter = 1

  • Disables the magic-sysrq key

kernel.sysrq = 0

  • Added for Oracle Installation

kernel.shmmax = 2147483648
kernel.shmmax = 4294967295
kernel.shmmni = 4096
kernel.shmall = 2097152
kernel.sem = 250 32000 100 128
kernel.shm-use-bigpages = 0
fs.file-max = 65536
net.ipv4.ip_local_port_range = 1024 65000

  • RabbitMQ:

#********************************************************************
#* Changes for Systems with RabbitMQ Replicated Brokers *
#********************************************************************
#default 0
net.ipv4.tcp_orphan_retries = 0
#default 15
net.ipv4.tcp_retries2 = 1
#default 3
net.ipv4.tcp_retries1 = 1
#default 5
net.ipv4.tcp_synack_retries = 5
#default 5
net.ipv4.tcp_syn_retries = 1
#default 75 (seconds)
net.ipv4.tcp_keepalive_intvl = 1
#default 9
net.ipv4.tcp_keepalive_probes = 3
#default 7200 (seconds)
net.ipv4.tcp_keepalive_time = 5

Systems | Unix/Linux | Computing


QR Code
QR Code dell_rhel_standard_build_doc (generated for current page)
 

Advertise with Anonymous Ads