StuRa Diskussion:Server

Aus Wiki StuRa HTW Dresden
Zur Navigation springen Zur Suche springen

Schätzung des zeitlichen Arbeitsaufwandes für die Erstellung der geforderten Dienste

super-optimistische Schätzung (Vollzeit)

  1. Backup-Server (2W)
    1. Notfallmanagment erstellt (30.8.11 16:00-21:30)
  2. Mail-Server * Mailman (1W)
    1. Mailingliste erweitert und Struktur angepasst (7.-8.9.11 20:00- 01:15)
    2. Mailman für testzwecke auf srs8 installiert (9.9. 13:00 - 16:00 , 16:30 - )
  3. Samba-Server (2d)
  4. Web-Server * Crypto (2d)
    1. Plone startup script configurieren (9.9 16:00 - 16:30)
  5. Wiki-Umzug (2d)
  6. DNS-Server (2d)
  7. Mirror-Server (? ... abhängig von den gemirrorten Sachen)
    = 3W + 8d = (gemäß der Arbeitsdefinition von Benutzer:Matthias Jakobi (als Bereichsleitung Administration Rechentechnik entspricht 1W = 5d und 1d = 10h) 3(5d) + 8d = 23d = 23(10h) = 230h

+ 6W um die eingetretene Scheiße wieder loszuwerden

srs8

  • kopiert von srs21
    • aliases.*
    • master.cf
    • main.cf (abgeändert)
      • myhostname = srs8.stura.htw-dresden.de
    • rc.conf (abgeändert)
      • mailman_enable="YES"
        • nicht konfiguriert
      • apache22_enable="YES"
        • nicht konfiguriert
      • postfix_enable="YES"
        • basiskonfiguration vom srs21 übernommen

Mailman test installation srs8

                          |                   Options for mailman 2.1.14_5                     ?  
                          ? ?????????????????????????????????????????????????????????????????? ?  
                          ? ?  [ ] SENDMAIL  for use with sendmail                           ? ?  
                          ? ?  [ ] EXIM3     for use with exim3                              ? ?  
                          ? ?  [ ] EXIM4     for use with exim4                              ? ?  
                          ? ?  [X] POSTFIX   for use with postfix                            ? ?  
                          ? ?  [ ] COURIER   for use with courier                            ? ?  
                          ? ?  [ ] CHINESE   support for Chinese mailing lists               ? ?  
                          ? ?  [ ] HTDIG     htdig integration patches                       ? ?  
                          ? ?  [X] NAMAZU2   make private archives searchable with namazu2   | |
                          ?                   Options for python27 2.7.2_1                     ?  
                          ? ?????????????????????????????????????????????????????????????????? ?  
                          ? ? [X] THREADS          Enable thread support                     ? ?  
                          ? ? [ ] HUGE_STACK_SIZE  Use a larger thread stack                 ? ?  
                          ? ? [ ] SEM              Use POSIX semaphores (experimental)       ? ?  
                          ? ? [ ] PTH              Use GNU Pth for threading/multiprocessing ? ?  
                          ? ? [X] UCS4             Use UCS4 for unicode support              ? ?  
                          ? ? [X] PYMALLOC         Use python's internal malloc              ? ?  
                          ? ? [X] IPV6             Enable IPv6 support                       ? ?  
                          ? ? [ ] FPECTL           Enable floating point exception handling  ? ?

Apache22 srs8

                          ?                    Options for apache 2.2.20                       ?  
                          ? ?????????????????????????????????????????????????????????????????? ?  
                          ? ?[X] THREADS               Enable threads support in APR         ? ?  
                          ? ?[ ] MYSQL                 Enable MySQL support for apr-dbd      ? ?  
                          ? ?[ ] PGSQL                 Enable PostgreSQL support for apr-dbd ? ?  
                          ? ?[ ] SQLITE                Enable SQLite support for apr-dbd     ? ?  
                          ? ?[X] IPV6                  Enable IPv6 support                   ? ?  
                          ? ?[ ] BDB                   Enable BerkeleyDB dbm                 ? ?  
                          ? ?[X] AUTH_BASIC            Enable mod_auth_basic                 ? ?  
                          ? ?[X] AUTH_DIGEST           Enable mod_auth_digest                ? ?  
                          ? ?[X] AUTHN_FILE            Enable mod_authn_file                 ? ?  
                          ? ?[ ] AUTHN_DBD             Enable mod_authn_dbd                  ? ?  
                          ? ?[X] AUTHN_DBM             Enable mod_authn_dbm                  ? ?  
                          ? ?[X] AUTHN_ANON            Enable mod_authn_anon                 ? ?  
                          ? ?[X] AUTHN_DEFAULT         Enable mod_authn_default              ? ?  
                          ? ?[X] AUTHN_ALIAS           Enable mod_authn_alias                ? ?  
                          ? ?[X] AUTHZ_HOST            Enable mod_authz_host                 ? ? 
                          ? |[X] AUTHZ_GROUPFILE       Enable mod_authz_groupfile            ? ?  
                          ? ?[X] AUTHZ_USER            Enable mod_authz_user                 ? ?  
                          ? ?[X] AUTHZ_DBM             Enable mod_authz_dbm                  ? ?  
                          ? ?[X] AUTHZ_OWNER           Enable mod_authz_owner                ? ?  
                          ? ?[X] AUTHZ_DEFAULT         Enable mod_authz_default              ? ?  
                          ? ?[X] CACHE                 Enable mod_cache                      ? ?  
                          ? ?[X] DISK_CACHE            Enable mod_disk_cache                 ? ?  
                          ? ?[X] FILE_CACHE            Enable mod_file_cache                 ? ?  
                          ? ?[X] MEM_CACHE             Enable mod_mem_cache                  ? ?  
                          ? ?[X] DAV                   Enable mod_dav                        ? ?  
                          ? ?[X] DAV_FS                Enable mod_dav_fs                     ? ?  
                          ? ?[ ] BUCKETEER             Enable mod_bucketeer                  ? ?  
                          ? ?[ ] CASE_FILTER           Enable mod_case_filter                ? ?  
                          ? ?[ ] CASE_FILTER_IN        Enable mod_case_filter_in             ? ?  
                          ? ?[ ] EXT_FILTER            Enable mod_ext_filter                 ? ?
                          ? ?[ ] LOG_FORENSIC          Enable mod_log_forensic               ? ?  
                          ? ?[ ] OPTIONAL_HOOK_EXPORT  Enable mod_optional_hook_export       ? ?  
                          ? ?[ ] OPTIONAL_HOOK_IMPORT  Enable mod_optional_hook_import       ? ?  
                          ? ?[ ] OPTIONAL_FN_IMPORT    Enable mod_optional_fn_import         ? ?  
                          ? ?[ ] OPTIONAL_FN_EXPORT    Enable mod_optional_fn_export         ? ?  
                          ? ?[X] LDAP                  Enable mod_ldap                       ? ?  
                          ? ?[X] AUTHNZ_LDAP           Enable mod_authnz_ldap                ? ?  
                          ? ?[X] ACTIONS               Enable mod_actions                    ? ?  
                          ? ?[X] ALIAS                 Enable mod_alias                      ? ?  
                          ? ?[X] ASIS                  Enable mod_asis                       ? ?  
                          ? ?[X] AUTOINDEX             Enable mod_autoindex                  ? ?  
                          ? ?[X] CERN_META             Enable mod_cern_meta                  ? ?  
                          ? ?[X] CGI                   Enable mod_cgi                        ? ?  
                          ? ?[X] CHARSET_LITE          Enable mod_charset_lite               ? ?  
                          ? ?[ ] DBD                   Enable mod_dbd                        ? ? 
                          ? ?[X] DEFLATE               Enable mod_deflate                    ? ?  
                          ? ?[X] DIR                   Enable mod_dir                        ? ?  
                          ? ?[X] DUMPIO                Enable mod_dumpio                     ? ?  
                          ? ?[X] ENV                   Enable mod_env                        ? ?  
                          ? ?[X] EXPIRES               Enable mod_expires                    ? ?  
                          ? ?[X] HEADERS               Enable mod_headers                    ? ?  
                          ? ?[X] IMAGEMAP              Enable mod_imagemap                   ? ?  
                          ? ?[X] INCLUDE               Enable mod_include                    ? ?  
                          ? ?[X] INFO                  Enable mod_info                       ? ?  
                          ? ?[X] LOG_CONFIG            Enable mod_log_config                 ? ?  
                          ? ?[X] LOGIO                 Enable mod_logio                      ? ?  
                          ? ?[X] MIME                  Enable mod_mime                       ? ?  
                          ? ?[X] MIME_MAGIC            Enable mod_mime_magic                 ? ?  
                          ? ?[X] NEGOTIATION           Enable mod_negotiation                ? ?  
                          ? ?[X] REWRITE               Enable mod_rewrite                    ? ?  
                          ? ?[X] SETENVIF              Enable mod_setenvif                   ? ?  
                          ? ?[X] SPELING               Enable mod_speling                    ? ?  
                          ? ?[X] STATUS                Enable mod_status                     ? ?  
                          ? ?[X] UNIQUE_ID             Enable mod_unique_id                  ? ?  
                          ? ?[X] USERDIR               Enable mod_userdir                    ? ?  
                          ? ?[X] USERTRACK             Enable mod_usertrack                  ? ?  
                          ? ?[X] VHOST_ALIAS           Enable mod_vhost_alias                ? ?  
                          ? ?[X] FILTER                Enable mod_filter                     ? ?  
                          ? ?[ ] SUBSTITUTE            Enable mod_substitute                 ? ?  
                          ? ?[X] VERSION               Enable mod_version                    ? ?  
                          ? ?[X] PROXY                 Enable mod_proxy                      ? ?  
                          ? ?[X] PROXY_CONNECT         Enable mod_proxy_connect              ? ?  
                          ? ?[X] PATCH_PROXY_CONNECT   Patch proxy_connect SSL support       ? ?  
                          ? ?[ ] PROXY_FTP             Enable mod_proxy_ftp                  ? ?  
                          ? ?[X] PROXY_HTTP            Enable mod_proxy_http                 ? ?  
                          ? ?[ ] PROXY_AJP             Enable mod_proxy_ajp                  ? ?  
                          ? ?[X] PROXY_BALANCER        Enable mod_proxy_balancer             ? ?  
                          ? ?[ ] PROXY_SCGI            Enable mod_proxy_scgi                 ? ?  
                          ? ?[X] SSL                   Enable mod_ssl                        ? ?  
                          ? ?[ ] SUEXEC                Enable mod_suexec                     ? ?  
                          ? ?[ ] SUEXEC_RSRCLIMIT      SuEXEC rlimits based on login class   ? ?  
                          ? ?[X] REQTIMEOUT            Enable mod_reqtimeout                 ? ?  
                          ? ?[ ] CGID                  Enable mod_cgid                       ? ?
                          ?      Options for apr-ipv6-devrandom-gdbm-db42 1.4.5.1.3.12         ?  
                          ? ?????????????????????????????????????????????????????????????????? ?  
                          ? ?     [X] THREADS    Enable Threads in apr                       ? ?  
                          ? ?     [X] IPV6       Enable IPV6 Support in apr                  ? ?  
                          ? ?     [X] BDB        Enable Berkley BDB support in apr-util      ? ?  
                          ? ?     [X] GDBM       Enable GNU dbm support in apr-util          ? ?  
                          ? ?     [X] LDAP       Enable LDAP support in apr-util             ? ?  
                          ? ?     [ ] MYSQL      Enable MySQL suport in apr-util             ? ?  
                          ? ?     [ ] NDBM       Enable NDBM support in apr-util             ? ?  
                          ? ?     [ ] PGSQL      Enable Postgresql suport in apr-util        ? ?  
                          ? ?     [ ] SQLITE     Enable SQLite3 support in apr-util          ? ?  
                          ? ?     [X] DEVRANDOM  Use /dev/random or compatible in apr        ? ?
                          ?                Options for openldap-client 2.4.26                  ?  
                          ? ?????????????????????????????????????????????????????????????????? ?  
                          ? ?             [X] SASL   With (Cyrus) SASL2 support              ? ?  
                          ? ?             [X] FETCH  Enable fetch(3) support                 ? ?
                          ?                 Options for cyrus-sasl 2.1.23_3                    ?  
                          ? ?????????????????????????????????????????????????????????????????? ?  
                          ? ?   [ ] BDB           Use Berkeley DB                            ? ?  
                          ? ?   [ ] MYSQL         Use MySQL                                  ? ?  
                          ? ?   [ ] PGSQL         Use PostgreSQL                             ? ?  
                          ? ?   [ ] SQLITE        Use SQLite                                 ? ?  
                          ? ?   [X] DEV_URANDOM   Use /dev/urandom                           ? ?  
                          ? ?   [ ] ALWAYSTRUE    Enable the alwaystrue password verifier    ? ?  
                          ? ?   [ ] KEEP_DB_OPEN  Keep handle to Berkeley DB open            ? ?  
                          ? ?   [X] AUTHDAEMOND   Enable use of authdaemon                   ? ?  
                          ? ?   [X] LOGIN         Enable LOGIN authentication                ? ?  
                          ? ?   [X] PLAIN         Enable PLAIN authentication                ? ?  
                          ? ?   [X] CRAM          Enable CRAM-MD5 authentication             ? ?  
                          ? ?   [X] DIGEST        Enable DIGEST-MD5 authentication           ? ?  
                          ? ?   [X] OTP           Enable OTP authentication                  ? ?  
                          ? ?   [X] NTLM          Enable NTLM authentication                 ? ?

Postfix

    ?                   Options for postfix 2.8.4,1                      ?  
    ? ?????????????????????????????????????????????????????????????????? ?  
    ? ?[X] PCRE       Perl Compatible Regular Expressions              ? ?  
    ? ?[X] SASL2      Cyrus SASLv2 (Simple Auth. and Sec. Layer)       ? ?  
    ? ?[ ] DOVECOT    Dovecot 1.x SASL authentication method           ? ?  
    ? ?[X] DOVECOT2   Dovecot 2.x SASL authentication method           ? ?  
    ? ?[ ] SASLKRB5   If your SASL req. Kerberos5 select this option   ? ?  
    ? ?[ ] SASLKMIT   If your SASL req. MIT Kerberos5 select this optio? ?  
    ? ?nX] TLS        Enable SSL and TLS support                       ? ?  
    ? ?[ ] BDB        Berkeley DB (choose version with WITH_BDB_VER)   ? ?  
    ? ?[ ] MYSQL      MySQL maps (choose version with WITH_MYSQL_VER)  ? ?  
    ? ?[ ] PGSQL      PostgreSQL maps (pick ver. with DEFAULT_PGSQL_VER? ?  
    ? ?) ] SQLITE     SQLite maps                                      ? ?  
    ? ?[ ] OPENLDAP   OpenLDAP maps (choose ver. with WITH_OPENLDAP_VER? ?  
    ? ?)X] LDAP_SASL  Enable OpenLDAP client-to-server auth via SASL   ? ?  
    ? ?[ ] CDB        CDB maps lookups                                 ? ?  
    ? ?[ ] NIS        NIS maps lookups                                 ? ? 
    | ?[ ] VDA        VDA (Virtual Delivery Agent 32Bit)               ? ?  
    ? ?[ ] TEST       SMTP/LMTP test server and generator              ? ?  
    ? ?[ ] SPF        SPF support (via libspf2 1.2.x)                  ? ?  
    ? ?[ ] INST_BASE  Install into /usr and /etc/postfix               ? ?

Dovcot

    ?                    Options for dovecot 2.0.14                      ?  
    ? ?????????????????????????????????????????????????????????????????? ?  
    ? ?              [X] KQUEUE       kqueue(2) support                ? ?  
    ? ?              [X] SSL          SSL support                      ? ?  
    ? ?              [ ] GSSAPI       GSSAPI support                   ? ?  
    ? ?              [ ] VPOPMAIL     VPopMail support                 ? ?  
    ? ?              [ ] BDB          BerkleyDB support                ? ?  
    ? ?              [ ] LDAP         OpenLDAP support                 ? ?  
    ? ?              [ ] PGSQL        PostgreSQL support               ? ?  
    ? ?              [ ] MYSQL        MySQL support                    ? ?  
    ? ?              [ ] SQLITE       SQLite support                   ? ? 

Mailman test config

  • Verzeichniss /usr/local/mailman
    • Password einstellen ./bin/mmsitepass PASSWORD
    • Configuration ./Mailman/mm_cfg.py
      • softlink /etc/mailman/mm_cfg.py

#DEFAULT_URL_HOST   = '141.56.50.8'
DEFAULT_EMAIL_HOST = '141.56.50.8'
SMTPHOST = '141.56.50.8'
MTA = 'postfix'
#POSTFIX_STYLE_VIRTUAL_DOMAINS= ['141.56.50.8']

  • wenn auf srs21 ändern

DEFAULT_URL_HOST   = '141.56.50.21'
DEFAULT_EMAIL_HOST = '141.56.50.21'
SMTPHOST = 'localhost'
MTA = 'postfix'
POSTFIX_STYLE_VIRTUAL_DOMAINS= ['srs21.stura.htw-dresden.de']

  • weiter config Datein
    • Mailmans Verhalten und einstellungen /etc/mailman/sitelist.cfg
Get Postfix-To-Mailman script

# cd /usr/local/mailman
# fetch http://www.gurulabs.com/downloads/postfix-to-mailman-2.1.py
# mv postfix-to-mailman-2.1.py postfix-to-mailman.py
# chmod 750 postfix-to-mailman.py
# chown mailman:mailman postfix-to-mailman.py

  • Edit /usr/local/mailman/postfix-to-mailman.py file:

#! /usr/local/bin/python

# Configuration variables – Change these for your site if necessary.
MailmanHome = “/usr/local/mailman“; # Mailman home directory.
MailmanOwner = “postmaster@domain.tld“; # Postmaster and abuse mail recipient.

  • Edit /usr/local/etc/postfix/master.cf file:

mailman unix - n n - - pipe
flags=FR user=mailman:mailman
argv=/usr/local/mailman/postfix-to-mailman.py ${nexthop} ${user}

The Mailman CGI Scripts

I am using apache 2.2 on this server so this documentation is greared towards that version. The CGI's will work under any version of apache but you will have to change the location of the files to meet your install.

Copy over the icons.


# cd /usr/local/mailman/icons
# mkdir -p /usr/local/www/apache22/data/icons
# cp * /usr/local/www/apache22/data/icons/

Create a config file for apache to read the mailman CGI setup directives from. If the new file is placed in /usr/local/etc/apache22/Includes them apache will automatically read this file on boot.

NOTE: If you are using apache 1.3, then these directive would normally go into httpd.conf

Create a new file called mailman.httpd.conf and place it in /usr/local/etc/apache22/Includes/ with the following information in it.

Mailman CGI web frontend

<Directory "/usr/local/mailman/cgi-bin">
        Allow Override None
        Options None
        Order allow,deny
        Allow from all
</Directory>
<Directory "/usr/local/mailman/archives/public">
        Allow Override None
        Options None
        Order allow,deny
        Allow from all
</Directory>

ScriptAlias /mailman "/usr/local/mailman/cgi-bin"
Alias /pipermail "/usr/local/mailman/archives/public"

Integrating Mailman and Postfix

Mailman does not work by default with the Postfix luser_relay directive turned on. Postfix by default has luser_relay already disabled but you should check your installation and make sure it was not enabled to support some thing else.

Add the following directived to the Postfix main.cf file (located in /usr/local/etc/postfix on FreeBSD).


recipient_delimiter = +

   Note: Using the "+" as the delimiter works well with the VERP defaults built into mailman.

Postfix returns a 450 error code for delivery to a non-existant local user. This just tells the remote mail server to delay and try again. Changing this to a 550 (the default in FreeBSD) will return a permament error. In the Postfix main.cf file add the following:


unknown_local_recipient_reject_code = 550

Mailman can update the alias file automatically when new lists are created or removed. It does this by maintaining it's own alias file and then telling Postfix to read both the system alias file and the mailman one. Change the Postfix alias_maps directive in main.cf to include the mailman alias db as well.


alias_maps = hash:/etc/aliases, hash:/usr/local/mailman/data/aliases

Create the mailman alias file and add some final configurations settings to the mailman config file.


# cd /usr/local/mailman/Mailman
# echo "DEFAULT_EMAIL_HOST = 'epsb.net'" >> mm_cfg.py
# echo "SMTPHOST = 'localhost'" >> mm_cfg.py
# echo "MTA = 'Postfix'" >> mm_cfg.py
# /usr/local/mailman/bin/genaliases
# newaliases
# cd /usr/local/mailman/data
# chown mailman:mailman aliases* #keine aliases vorhanden
# chmod g+w aliases* # daher das auch nicht gemacht

Plone startup script

  • aktuell nur für altes Plone



#!/bin/sh

# PROVIDE: plone
# REQUIRE: DAEMON
# KEYWORD: shutdown

#
# Add the following lines to /etc/rc.conf to enable plone
#
#
# plone_enable (bool):		Set to "NO" by default,
#                              	Set it to "YES" to enable 
#                              	plone
#
# plone_buildout (str):		The path to plone buildout env
#                              	file (defaults to 
#                              	/usr/local/Plone)
#
# plone_user (str):		The username of the user the daemon will
# 		     	       	run as (defaults to www)
#

. /etc/rc.subr

name="plone"
rcvar=`set_rcvar`

load_rc_config $name
eval "${rcvar}=\${${rcvar}:-'NO'}"
plone_buildout=${plone_buildout:-"/usr/local/Plone"}
plone_user=${plone_user:-"admin fragen"}

#command="${plone_buildout}/${name}"
#command_interpreter="/bin/sh"

start_cmd="${name}_start"
stop_cmd="${name}_stop"

plone_start()
{
    plone_pid=`pgrep -f "/usr/local/bin/python2.4 ${plone_buildout}"`
    if [ ${plone_pid} ]
        then
	    echo "${name} already running (pid: ${plone_pid})"
        else
            echo "Starting ${name}."
            su ${plone_user} -c "${plone_buildout}/bin/instance start"
    fi

    # ensure the server is started
    plone_pid=`pgrep -f "/usr/local/bin/python2.4 ${plone_buildout}"`
    if [ ${plone_pid} ]
      then
        echo "${name} started."
      else
	echo "${name} could not be started, please check the log files (${plone_buildout}/var/log/)"
    fi 
}


plone_stop()
{
    plone_pid=`pgrep -f "/usr/local/bin/python2.4 ${plone_buildout}"`
    if [ ${plone_pid} ]
	then
	    echo "Stopping ${name}."
	     su ${plone_user} -c "${plone_buildout}/bin/instance stop"
	else
            echo "${name} not running?"
    fi

    # ensure the server is stopped
    plone_pid=`pgrep -f "/usr/local/bin/python2.4 ${plone_buildout}"`
    if [ ${plone_pid} ]
      then
	echo "${name} could not be stopped"
    fi  
}

load_rc_config $name
run_rc_command "$1"