Table of Contents

C- Server installation

Here we are going to install a linux server composed of :

  • A gentoo 64 Bit
  • KVM for paravirualisation and virtualisation
  • 5 hard drives as raid6 for / and datas
  • Full encrypted partitions on different drives with AES
  • An initramfs to boot on and asking for decryption passwords

Bios configuration

  • Do not overclock your server, with a full time running overclocked computer you have good chance to have crash after few days running.
  • Configure your ATA with AHCI, you should have better performance.
  • Enable Intel Virtualization technology (for kvm)
  • Set restore on power loss to Power On to reboot automaticaly
  • Set all your raid drives as boot sequence even if you boot on cdrom first (needed for grub configuration)

Installation

Download an iso of the latest version of gentoo (link). Burn it and boot on it.

For this exemple I'will use 5 drives of about 200G for RAID6 the target partition sizes :

  • md1 : 50M as RAID1 for /boot (we don't need raid6 for 50M)
  • md2 : 150G as RAID6 for / and KVM drives
  • md3 : to the end of drives as RAID6 for data

warning: If you have more than 1 controller for your drives spread your drive on different controller, like that if a controller become crazy it will not destroy all drives.

My / takes about 8G.

My VMs are composed of (with swap files and data) :

  • ad : 10G
  • ex : 7G
  • fw : 5G
  • gate : 6G
  • mng : 20G
  • websrv1 : 11G
  • websrv2 : 27G

So we need about 100G for / and VMs (I set 150G to be sur ;))

open ssh server to Ctrl+C Ctrl+V commands : 

livecd ~ # loadkeys fr
livecd ~ # passwd
livecd ~ # /etc/init.d/sshd start
livecd ~ # ifconfig

now you can connect from an other computer

Prepare hard drives

A visual representation of hard drives levels :

Devices hdX hdY sdZ
Raid RAID6
Crypto AES
File System EXT3
Mount Point /

First you have to find your smallest HDD to create raid based on his size : 

# fdisk -l

Disk /dev/hda: 203.9 GB, 203928109056 bytes
255 heads, 63 sectors/track, 24792 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x00000000

   Device Boot      Start         End      Blocks   Id  System

Disk /dev/hdb: 203.9 GB, 203928109056 bytes
255 heads, 63 sectors/track, 24792 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x00000000

   Device Boot      Start         End      Blocks   Id  System

Disk /dev/hdc: 251.0 GB, 251000193024 bytes
255 heads, 63 sectors/track, 30515 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x00000000

   Device Boot      Start         End      Blocks   Id  System

Disk /dev/hde: 203.9 GB, 203928109056 bytes
255 heads, 63 sectors/track, 24792 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x00000000

   Device Boot      Start         End      Blocks   Id  System

Disk /dev/hdf: 203.9 GB, 203928109056 bytes
255 heads, 63 sectors/track, 24792 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x00000000

   Device Boot      Start         End      Blocks   Id  System

Disk /dev/sda: 200.0 GB, 200049647616 bytes
255 heads, 63 sectors/track, 24321 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x00000000

   Device Boot      Start         End      Blocks   Id  System

Disk /dev/sdb: 203.9 GB, 203928109056 bytes
255 heads, 63 sectors/track, 24792 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x00000000

   Device Boot      Start         End      Blocks   Id  System

I will use :

  • hda : PATA controller 1
  • hde, hdf : PATA controller 2
  • sda, sdb : SATA controller 1

For me sda is the smallest drive, so i will start with this one:

to calculate raid6 size : C = (n - 2) * c

  • C : total capacity of your raid
  • n : number of disks
  • c : single disk partition capacity

150 = (5 - 2) * c

c = 150 / 3

c = 50G for /dev/sda2

So we have to create partitions of 50G on each drives to have a raid6 of 150G 

livecd ~ # fdisk /dev/sda
Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-24321, default 1):
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-24321, default 24321): +50M

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 2
First cylinder (8-24792, default 8):
Using default value 8
Last cylinder, +cylinders or +size{K,M,G} (8-24321, default 24321): +50G

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 3
First cylinder (140-24792, default 140):
Using default value 140
Last cylinder, +cylinders or +size{K,M,G} (140-24321, default 24321):
Using default value 24321
Command (m for help): t
Partition number (1-4): 1
Hex code (type L to list codes): fd
Changed system type of partition 1 to fd (Linux raid autodetect)

Command (m for help): t
Partition number (1-4): 2
Hex code (type L to list codes): fd
Changed system type of partition 2 to fd (Linux raid autodetect)

Command (m for help): t
Partition number (1-4): 3
Hex code (type L to list codes): fd
Changed system type of partition 3 to fd (Linux raid autodetect)

Command (m for help): a
Partition number (1-4): 1

Command (m for help): p

Disk /dev/sda: 200.0 GB, 200049647616 bytes
255 heads, 63 sectors/track, 24321 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x48ee7660

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1           7       56196   fd  Linux raid autodetect
/dev/sda2               8        6600    52958272   fd  Linux raid autodetect
/dev/sda3            6601       24321   142343932+  fd  Linux raid autodetect

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.
livecd ~ #

For other disks you have to do the same thing except for the 3rd partition. Instead of just press enter for final size set smallest drive 3rd partition size. 

Partition number (1-4): 3
First cylinder (6536-24321, default 6536):
Using default value 6536
Last cylinder, +cylinders or +size{K,M,G} (6536-24792, default 24792): 24321

Command (m for help):

Creating raid

livecd ~ # modprobe raid1
livecd ~ # modprobe raid6
livecd ~ # modprobe dm-mod

tip: see modules : 

livecd ~ # lsmod | grep raid

livecd ~ # mknod /dev/md1 b 9 1
livecd ~ # mknod /dev/md2 b 9 2
livecd ~ # mknod /dev/md3 b 9 3

livecd ~ # mdadm --create /dev/md1 --level=1 --raid-devices=6 /dev/sda1 /dev/sdb1 /dev/hda1 /dev/hdb1 /dev/hde1 /dev/hdf1
mdadm: array /dev/md1 started.
livecd ~ # mdadm --create /dev/md2 --level=6 --raid-devices=5 /dev/sda2 /dev/sdb2 /dev/hda2 /dev/hdb2 /dev/hde2
mdadm: array /dev/md2 started.
livecd ~ # mdadm --create /dev/md3 --level=6 --raid-devices=5 /dev/sda3 /dev/sdb3 /dev/hda3 /dev/hdb3 /dev/hde3
mdadm: array /dev/md3 started.

add spare : 

livecd ~ # mdadm --add /dev/md2 /dev/sdf2
livecd ~ # mdadm --add /dev/md3 /dev/sdf3

now wait for raid sync : 

livecd ~ # watch cat /proc/mdstat
Every 2.0s: cat /proc/mdstat                                                      Fri Nov 13 21:49:39 2009

Personalities : [raid0] [raid1] [raid6] [raid5] [raid4] [raid10]
md3 : active raid6 hdf3[4] hde3[3] hda3[2] sdb3[1] sda3[0]
      428597760 blocks level 6, 64k chunk, algorithm 2 [5/5] [UUUUU]
        resync=DELAYED

md2 : active raid6 hdf2[4] hde2[3] hda2[2] sdb2[1] sda2[0]
      157308288 blocks level 6, 64k chunk, algorithm 2 [5/5] [UUUUU]
      [==>..................]  resync = 10.4% (5496896/52436096) finish=36.8min speed=21227K/sec

md1 : active raid1 hdf1[4] hde1[3] hda1[2] sdb1[1] sda1[0]
      56128 blocks [5/5] [UUUUU]

unused devices: <none>

tip: Ctrl+C to quit

Crypt partitions : 

livecd ~ # cryptsetup -y -v -c aes-xts-benbi:sha512 -h sha512 -s 512 luksFormat /dev/md2

WARNING!
========
This will overwrite data on /dev/md2 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Command successful.
livecd ~ # cryptsetup -y -v -c aes-xts-benbi:sha512 -h sha512 -s 512 luksFormat /dev/md3

WARNING!
========
This will overwrite data on /dev/md3 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Command successful.
livecd ~ #

Open encrypted partitions 

livecd ~ # cryptsetup luksOpen /dev/md2 md2
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.
livecd ~ # cryptsetup luksOpen /dev/md3 md3
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.

Format partitions 

livecd ~ # mke2fs -j /dev/md1
mke2fs 1.41.3 (12-Oct-2008)
...
This filesystem will be automatically checked every 33 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.
livecd ~ # mkfs.ext4 /dev/mapper/md2
mke2fs 1.41.3 (12-Oct-2008)
...
This filesystem will be automatically checked every 26 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.
livecd ~ # mkfs.ext4 /dev/mapper/md3
mke2fs 1.41.3 (12-Oct-2008)
...
This filesystem will be automatically checked every 32 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.

tip: Do not use LVM as it “may” degrade (see) performance and is very unnecessary if you create well sized partitions

mount drives (md3 will only be used in xen later) 

livecd ~ # mount /dev/mapper/md2 /mnt/gentoo/
livecd ~ # mkdir /mnt/gentoo/boot
livecd ~ # mount /dev/md1 /mnt/gentoo/boot/

Installation of /

swap

livecd ~ # dd if=/dev/zero of=/mnt/gentoo/swap.img bs=1M count=1000
livecd ~ # mkswap /mnt/gentoo/swap.img
Setting up swapspace version 1, size = 1023996 KiB
no label, UUID=11c45e43-4a60-43a6-8a99-352b5b1dc939
livecd ~ # swapon /mnt/gentoo/swap.img
livecd ~ # swapon -s
Filename                                Type            Size    Used    Priority
/mnt/gentoo/swap.img                    file            1023992 0       -1

Stage3

Download stage3 

livecd ~ # cd /mnt/gentoo/
livecd gentoo # links http://www.gentoo.org/main/en/mirrors.xml

select a mirror and download stage3 tar.gz file for your arch (amd64 for me)

tip: direct download: 

livecd gentoo # wget ftp://ftp.free.fr/mirrors/ftp.gentoo.org/releases/amd64/current-stage3/stage3-amd64-*.tar.bz2

Extract stage3 

livecd gentoo # time tar xjpf stage3*

real    1m10.811s
user    0m32.000s
sys     0m3.230s

warning: Be sur to mount boot partition before extracting stage3 or you will have problems with grub.

Portage

livecd gentoo # cd /mnt/gentoo/usr
livecd usr # links http://www.gentoo.org/main/en/mirrors.xml

select a mirror and download latest portage

tip: direct download : 

livecd usr # wget ftp://ftp.free.fr/mirrors/ftp.gentoo.org/snapshots/portage-latest.tar.bz2

Extract portage 

livecd usr # time tar xjf portage-lat*

real    1m31.991s
user    0m14.500s
sys     0m5.790s

Chroot and prepare system

Chroot

livecd usr # cd /
livecd / # mount -t proc proc /mnt/gentoo/proc
livecd / # mount -o bind /dev /mnt/gentoo/dev
livecd / # cp -L /etc/resolv.conf /mnt/gentoo/etc/
livecd / # chroot /mnt/gentoo /bin/bash
livecd / # source /etc/profile && env-update
>>> Regenerating /etc/ld.so.cache...

Root password

change root password 

livecd / # passwd
New UNIX password:
Retype new UNIX password:
passwd: password updated successfully

Keyboard map

/etc/conf.d/keymaps

...
KEYMAP="fr"
...

fstab

/etc/fstab

...
/dev/md1                /boot           ext3            noauto,noatime  1 2
/dev/mapper/md2         /               ext4            noatime         0 1
/swap.img               none            swap            sw              0 0
/dev/cdrom              /mnt/cdrom      auto            noauto,ro       0 0
...

warning: Do not forget /boot filesystem as ext3 and / as ext4 

livecd / # mkdir /etc/portage

Compilation optimization

Have a look on flags for your processor and populate your make.conf

exemple for my core2

/etc/make.conf

CHOST="x86_64-pc-linux-gnu"
CFLAGS="-march=core2 -O2 -pipe"
CXXFLAGS="${CFLAGS}"

MAKEOPTS="-j3"

USE="mmx sse sse2 -X unicode ipv6 -fortran"

tip: MAKEOPTS should be : number_of_processor_core + 1

Kernel

Install package : 

livecd / # emerge -a gentoo-sources

Kernel configuration

livecd / # cd /usr/src/linux
livecd linux # make menuconfig
Processor type and features  --->
  [*] Paravirtualized guest support  --->
    [ ]   Xen guest support
    [*]   KVM paravirtualized clock
    [*]   KVM Guest support
    -*-   Enable paravirtualization code
    [*]     Paravirtualization layer for spinlocks
      Processor family (Core 2/newer Xeon)  --->
[*] Networking support  --->
  Networking options  --->
    <*> 802.1d Ethernet Bridging
Device Drivers  --->
  [*] Network device support  --->
    <*> Universal TUN/TAP device driver support
    <*>   Virtio network driver (EXPERIMENTAL)
  [*] Block devices --->
    <*> Loopback device support
    <*>   Virtio block driver (EXPERIMENTAL)
      Character devices  --->
    <*> Virtio console
    <*>   VirtIO Random Number Generator support
  [*] Multiple devices driver support (RAID and LVM)  --->
    <*>   RAID support
    <*>     RAID-1 (mirroring) mode
    <*>     RAID-4/RAID-5/RAID-6 mode
    <*>   Device mapper support
    <*>     Crypt target support

    <M> I2C support  --->
        <M> I2C device interface
            I2C Hardware Bus support --->
            # Activate everything
    <M> Hardware Monitoring Support --->
        # Activate everything

File systems  --->
    <*> The Extended 4 (ext4) filesystem
    [*]   Ext4 extended attributes
    [*]     Ext4 POSIX Access Control Lists
    [*]     Ext4 Security Labels
    <*> FUSE (Filesystem in Userspace) support
-*- Cryptographic API  --->
  <*>   XTS support (EXPERIMENTAL)
  <*>   SHA224 and SHA256 digest algorithm
  <*>   SHA384 and SHA512 digest algorithms
  -*-   AES cipher algorithms (x86_64)
  <*>   AES cipher algorithms (AES-NI)
[*] Virtualization --->
    --- Virtualization
    <*>   Kernel-based Virtual Machine (KVM) support
    <*>     KVM for Intel processors support
    < >     KVM for AMD processors support
    <*>   Host kernel accelerator for virtio net (EXPERIMENTAL)
    <*>   PCI driver for virtio devices (EXPERIMENTAL)
    <*>   Virtio balloon driver (EXPERIMENTAL)

warning: Do not forget to set your devices drivers !

  • network devices
  • HDD controller

# lspci in livecd will tell you 

livecd linux # make -j3
...
Kernel: arch/x86/boot/vmlinuz is ready  (#1)
livecd linux # make modules_install
livecd linux # cp arch/x86/boot/bzImage /boot/kernel

InitRamFs

Follow this link to build your initramfs :

build your initramfs

warning: we have to use an initramfs to open encrypted drive during boot

Install grub

livecd initramfs # emerge grub
livecd initramfs # grub
grub> root (hd0,0)
grub> setup (hd0)
grub> root (hd1,0)
grub> setup (hd1)
grub> root (hd2,0)
grub> setup (hd2)
grub> root (hd3,0)
grub> setup (hd3)
grub> root (hd4,0)
grub> setup (hd4)
grub> root (hd5,0)
grub> setup (hd5)
grub> quit

tip: hdX in grub corresponds to bios hard drive boot sequences, drives have to be set in bios

/boot/grub/grub.conf

title GLK
root (hd0,0)
kernel /boot/kernel root=/dev/mapper/md2
module /boot/initramfs.gz

Finished!

livecd initramfs # exit
livecd / # umount /mnt/gentoo/proc/ /mnt/gentoo/dev /mnt/gentoo/boot /mnt/gentoo

sources:

for installation:

for xen:

for initramfs:

  • lots of internet search ;)

Discussion

Enter your comment (wiki syntax is allowed):
UKONE
hive/system/home-network/server-installation.txt · Last modified: 28/07/2010 12:03 by n0rad -
Top