Linux Installation

From Tardis
Revision as of 19:19, 10 July 2007 by Pert (talk | contribs)
Jump to: navigation, search

Serial console

If the machine is only providing serial output during bootup, then it may not have been configured for serial logins. Check that the /etc/inittab file contains a line like

T0:23:respawn:/sbin/getty -L ttyS0 9600 vt100

which tells init to start the program to provide login prompts.

The original kernel shipped with Debian sarge has a broken serial driver for Ultra 5s. The version in the security updates should work.

Restricting access to admins

In /etc/security/access.conf add

-:ALL EXCEPT root admin:ALL

[Hmmm... maybe that should be LOCAL instead of cron.]

Ensure that /etc/pam.d/common-account ensure that the pam_access module is used to restrict access. For example,

account [success=1 default=ignore] debug
account required               debug
account required              

Multiple VLANs

Some systems need to appear on several VLANs, most notably the router. First, add


to the end of /etc/modules so that the kernel knows how to deal with the VLAN tagged packets. (Use modprobe 8021q to load it immediately if you don't want to reboot.) Then install the vlan Debian package, and add extra stanzas to /etc/network/interfaces for the new VLANs. For example,

# Admin VLAN
auto eth0.1
iface eth0.1 inet static

where eth0.1 means VLAN number 1 on interface eth0. Finally, configure the switch so that the port is on the extra VLANs.

Logging to the Log host

To make syslog send logs to the log host, put

*.*     @loghost

into /etc/syslog.conf. It is a good idea to keep the local logging too, in case of network problems.

Email config

Install the exim4 package and execute 'dpkg-reconfigure exim4-config' to configure it with the details below:

Split configuration into small files:                      NO
General type of mail configuration:                        mail sent by smarthost; no local mail
System mail name:                                
IP-addresses to listen on for incoming SMTP connections:
Other destinations for which mail is accepted:   
Visible domain name for local users:             
IP address or host name of the outgoing smarthost:
Keep number of DNS-queries minimal (Dial-on-Demand):       NO


Our router, davison, provides other machine with an NTP service. In turn, it synchronises with the (external-facing) Informatics servers. Here's how to update '/etc/ntp.conf':

--- /etc/ntp.conf       (revision 17)
+++ /etc/ntp.conf       (working copy)
@@ -10,17 +10,8 @@

 # You do need to talk to an NTP server or two (or three).
-#server ntp.your-provider.example
+server davison

-# maps to more than 300 low-stratum NTP servers.
-# Your server will pick a different set every time it starts up.
-#  *** Please consider joining the pool! ***
-#  *** <> ***
-server iburst
-server iburst
-server iburst
-server iburst
 # By default, exchange time with everybody, but don't allow configuration.
 # See /usr/share/doc/ntp-doc/html/accopt.html for details.
 restrict -4 default kod notrap nomodify nopeer noquery


Install munin-node on the client (the new Linux box) and update '/etc/munin/munin-node.conf' like so:

--- etc/munin/munin-node.conf   (revision 28)
+++ etc/munin/munin-node.conf   (working copy)
@@ -34,4 +34,4 @@
 # the allow line as many times as you'd like

 allow ^127\.0\.0\.1$
+allow ^$

Then run '/etc/init.d/munin-node restart' to update the daemon. Connect to the web server and update '/etc/munin/munin.conf' like so:

--- munin.conf.pert     2007-06-22 17:47:27.593900598 +0100
+++ munin.conf  2007-06-22 17:48:26.781493093 +0100
@@ -101,9 +101,11 @@
     use_node_name yes

+    address
+    use_node_name yes

Server addresses

This page is out of date and needs rewriting.
The content is likely to be incomplete or incorrect.

This provides the addresses of various servers which a Tardis machine might need to use.


We have an internal caching nameserver, currently leela, However, other machines should be able to cope if it's down for maintenence, so we also use one of the university's servers. (Currently, but we should check if that's what we're supposed to use.)

Thus most machines have a /etc/resolv.conf along the lines of:



See also

Other stuff that should be documented here, but isn't

  • Configuring machines to pass mail on to the mail hub
  • Configuring ntp
  • Booting our suns from the LAN
  • Installing munin