Difference between revisions of "Internal GCManage Server Setup"
Jump to navigation
Jump to search
(Added Internal to Apache SSL Certs) |
|||
(11 intermediate revisions by 2 users not shown) | |||
Line 8: | Line 8: | ||
* untar release and run ''install-gcmanage'' script as root | * untar release and run ''install-gcmanage'' script as root | ||
** While installing, check out the [https://docs.google.com/a/grandcare.com/spreadsheet/ccc?key=0AiSPV8VnEuBvdFBUMFdJRktNbU1zOWRhWkxSd3FnNHc#gid=0|VPN subnet allocation spreadsheet] and add new unique subnets for client and management VPNs. We'll refer to these later. | ** While installing, check out the [https://docs.google.com/a/grandcare.com/spreadsheet/ccc?key=0AiSPV8VnEuBvdFBUMFdJRktNbU1zOWRhWkxSd3FnNHc#gid=0|VPN subnet allocation spreadsheet] and add new unique subnets for client and management VPNs. We'll refer to these later. | ||
* When [[Configuring Postfix|postfix]] prompts for server type, choose Satellite option and ''gcmmail.grandcare.com'' as the SMTP relay. | * When [[Internal Configuring Postfix|postfix]] prompts for server type, choose Satellite option and ''gcmmail.grandcare.com'' as the SMTP relay. | ||
* Eventually you will be prompted for SSL certificate information. Details here are not important (self-signed cert). | * Eventually you will be prompted for SSL certificate information. Details here are not important (self-signed cert). | ||
== Finalize GCManage Installation == | |||
* Turn off GCManage maintenance mode | |||
* Upload latest Como production full installer | |||
* Create and set default distributor under settings | |||
* Make changes to /var/gcmanage/etc/gcmanage.ini including SMS provider credentials | |||
= Post GCM Install Tasks = | = Post GCM Install Tasks = | ||
Line 22: | Line 28: | ||
* Edit ''/etc/openvpn/ClientCA/keys/000-client.conf'' and make changes to the remote hostname if necessary. Usually vpn01.foobar.com. | * Edit ''/etc/openvpn/ClientCA/keys/000-client.conf'' and make changes to the remote hostname if necessary. Usually vpn01.foobar.com. | ||
* Restart openvpn and verify tun0 through tun4 interfaces are UP. | * Restart openvpn and verify tun0 through tun4 interfaces are UP. | ||
* Edit /var/gcmanage/etc/vpn.ini | |||
== Configure and test postfix == | == Configure and test postfix == | ||
Refer to docs: [[Configuring Postfix]] | Refer to docs: [[Internal Configuring Postfix]] | ||
== Install Apache SSL Cert == | == Install Apache SSL Cert == | ||
Refer to docs: [[Installing Apache SSL Certs]] | Refer to docs: [[Internal Installing Apache SSL Certs]] | ||
== Configure Backup == | == Configure Backup == | ||
Refer to docs: [[Configuring BackupPC Client]] | Refer to docs: [[Internal Configuring BackupPC Client]] | ||
== Document Sensitive Data == | == Document Sensitive Data == | ||
* Create a new entry in the password store with login credentials | * Create a new entry in the password store with login credentials | ||
** Attach /etc/openvpn/ClientCA/*.key files | ** Attach /etc/openvpn/ClientCA/*.key files | ||
** Attach / | ** Attach /var/gcmanage/etc/gnupg | ||
** Attach any Apache SSL keys | |||
== Setup Munin Monitoring == | |||
Refer to docs: [[Internal Configuring munin-node]] | |||
== Setup MySQL Replication == | |||
If reporting is necessary, refer to docs: [[GCProtected::MySQL_Replication]] |
Latest revision as of 17:19, 10 July 2017
Preparation
- Verify requirements
- Two IP addresses
- Do an apt-get update and dist-upgrade before doing anything.
Install GCManage Release
- Upload latest production release from buildmgr
- untar release and run install-gcmanage script as root
- While installing, check out the subnet allocation spreadsheet and add new unique subnets for client and management VPNs. We'll refer to these later.
- When postfix prompts for server type, choose Satellite option and gcmmail.grandcare.com as the SMTP relay.
- Eventually you will be prompted for SSL certificate information. Details here are not important (self-signed cert).
Finalize GCManage Installation
- Turn off GCManage maintenance mode
- Upload latest Como production full installer
- Create and set default distributor under settings
- Make changes to /var/gcmanage/etc/gcmanage.ini including SMS provider credentials
Post GCM Install Tasks
Configure OpenVPN
- Edit /etc/openvpn/server-*.conf.
- Change the local value with the secondary IP address and the server subnet. Increment each subnet per config.
- Edit /etc/openvpn/management.conf
- Change the local value with the secondary IP address and the server subnet to the next available management subnet.
- Also change the route pushed to the subnet covering the four client subnets
# example push "route 10.100.32.0 255.255.252.0"
- Edit /etc/openvpn/ClientCA/keys/000-client.conf and make changes to the remote hostname if necessary. Usually vpn01.foobar.com.
- Restart openvpn and verify tun0 through tun4 interfaces are UP.
- Edit /var/gcmanage/etc/vpn.ini
Configure and test postfix
Refer to docs: Internal Configuring Postfix
Install Apache SSL Cert
Refer to docs: Internal Installing Apache SSL Certs
Configure Backup
Refer to docs: Internal Configuring BackupPC Client
Document Sensitive Data
- Create a new entry in the password store with login credentials
- Attach /etc/openvpn/ClientCA/*.key files
- Attach /var/gcmanage/etc/gnupg
- Attach any Apache SSL keys
Setup Munin Monitoring
Refer to docs: Internal Configuring munin-node
Setup MySQL Replication
If reporting is necessary, refer to docs: GCProtected::MySQL_Replication