Difference between revisions of "Internal GCManage Server Setup"

From GrandCare Systems
Jump to navigation Jump to search
(Added Internal to Apache SSL Certs)
 
(13 intermediate revisions by 2 users not shown)
Line 8: Line 8:
* untar release and run ''install-gcmanage'' script as root
* untar release and run ''install-gcmanage'' script as root
** While installing, check out the [https://docs.google.com/a/grandcare.com/spreadsheet/ccc?key=0AiSPV8VnEuBvdFBUMFdJRktNbU1zOWRhWkxSd3FnNHc#gid=0|VPN subnet allocation spreadsheet] and add new unique subnets for client and management VPNs.  We'll refer to these later.
** While installing, check out the [https://docs.google.com/a/grandcare.com/spreadsheet/ccc?key=0AiSPV8VnEuBvdFBUMFdJRktNbU1zOWRhWkxSd3FnNHc#gid=0|VPN subnet allocation spreadsheet] and add new unique subnets for client and management VPNs.  We'll refer to these later.
* When [[Configuring Postfix|postfix]] prompts for server type, choose Satellite option and ''gcmmail.grandcare.com'' as the SMTP relay.
* When [[Internal Configuring Postfix|postfix]] prompts for server type, choose Satellite option and ''gcmmail.grandcare.com'' as the SMTP relay.
* Eventually you will be prompted for SSL certificate information.  Details here are not important (self-signed cert).
* Eventually you will be prompted for SSL certificate information.  Details here are not important (self-signed cert).
== Finalize GCManage Installation ==
* Turn off GCManage maintenance mode
* Upload latest Como production full installer
* Create and set default distributor under settings
* Make changes to /var/gcmanage/etc/gcmanage.ini including SMS provider credentials


= Post GCM Install Tasks =
= Post GCM Install Tasks =
Line 22: Line 28:
* Edit ''/etc/openvpn/ClientCA/keys/000-client.conf'' and make changes to the remote hostname if necessary.  Usually vpn01.foobar.com.
* Edit ''/etc/openvpn/ClientCA/keys/000-client.conf'' and make changes to the remote hostname if necessary.  Usually vpn01.foobar.com.
* Restart openvpn and verify tun0 through tun4 interfaces are UP.
* Restart openvpn and verify tun0 through tun4 interfaces are UP.
* Edit /var/gcmanage/etc/vpn.ini


== Configure and test postfix ==
== Configure and test postfix ==
Refer to docs: [[Configuring Postfix]]
Refer to docs: [[Internal Configuring Postfix]]


== Install Apache SSL Cert ==
== Install Apache SSL Cert ==
Refer to docs: [[Installing Apache SSL Certs]]
Refer to docs: [[Internal Installing Apache SSL Certs]]


== Configure Backup ==
== Configure Backup ==
* Copy the backuppc public key
Refer to docs: [[Internal Configuring BackupPC Client]]
mkdir /root/.ssh
 
echo ssh-dss AAAAB3NzaC1kc3MAAACBAIZa+/rhxbZf3HAVshhy1p12oQaQCB5i6pV5doOfF/t9oc8MOz75IuEjTbu3VWWwcTBT08zlGcWKajSHeeRgAkFOAP6ZhHo8qzldNe4T9uTGkX3qF2JEY7Xz//WPwDowiJgXFfjg1mXZDmsiqAzK1fLsFjLyAce2Ts4iucTp9gnXAAAAFQD5jM0f4Yv39aJVKY4OJgskZBm4DQAAAIB5mYihwaUmWQWmCnXOSnGwb+l/4pTb+IGCw2VEq8Zym2kvbgnD8ffgDWUhbbOcRB30qNtIj9OLZqJ62f6pbsZFYiachApzuDN9i5ERPSAxVJv0+j1KghuArGe+4eg0NuhwBQTE2iO9xXNuS6N/FwazC/0bqBNr/hpXMekEVhKmnwAAAIAjVWpL04oEhInyazYh5FeV6hrlIQe4J+yd7q8Mmye04mJ6NgntWUz00YHBxICSZdaAfTT//31u2TTkI0XYILyvOhjWCoN/VidpGf06Tg9k/KLmcnEogxTydrab7m54ZPPB28K2ie7OmsPtYrnVU7gfeaiiJTS3VVaL9bR8JzmbaQ== backuppc@backuppc >> /root/.ssh/authorized_keys
== Document Sensitive Data ==
* Create a new entry in the password store with login credentials
** Attach /etc/openvpn/ClientCA/*.key files
** Attach /var/gcmanage/etc/gnupg
** Attach any Apache SSL keys
 
== Setup Munin Monitoring ==
Refer to docs: [[Internal Configuring munin-node]]
 
== Setup MySQL Replication ==
If reporting is necessary, refer to docs: [[GCProtected::MySQL_Replication]]

Latest revision as of 17:19, 10 July 2017

Preparation

  • Verify requirements
    • Two IP addresses
  • Do an apt-get update and dist-upgrade before doing anything.

Install GCManage Release

  • Upload latest production release from buildmgr
  • untar release and run install-gcmanage script as root
    • While installing, check out the subnet allocation spreadsheet and add new unique subnets for client and management VPNs. We'll refer to these later.
  • When postfix prompts for server type, choose Satellite option and gcmmail.grandcare.com as the SMTP relay.
  • Eventually you will be prompted for SSL certificate information. Details here are not important (self-signed cert).

Finalize GCManage Installation

  • Turn off GCManage maintenance mode
  • Upload latest Como production full installer
  • Create and set default distributor under settings
  • Make changes to /var/gcmanage/etc/gcmanage.ini including SMS provider credentials

Post GCM Install Tasks

Configure OpenVPN

  • Edit /etc/openvpn/server-*.conf.
    • Change the local value with the secondary IP address and the server subnet. Increment each subnet per config.
  • Edit /etc/openvpn/management.conf
    • Change the local value with the secondary IP address and the server subnet to the next available management subnet.
    • Also change the route pushed to the subnet covering the four client subnets
# example
push "route 10.100.32.0 255.255.252.0"
  • Edit /etc/openvpn/ClientCA/keys/000-client.conf and make changes to the remote hostname if necessary. Usually vpn01.foobar.com.
  • Restart openvpn and verify tun0 through tun4 interfaces are UP.
  • Edit /var/gcmanage/etc/vpn.ini

Configure and test postfix

Refer to docs: Internal Configuring Postfix

Install Apache SSL Cert

Refer to docs: Internal Installing Apache SSL Certs

Configure Backup

Refer to docs: Internal Configuring BackupPC Client

Document Sensitive Data

  • Create a new entry in the password store with login credentials
    • Attach /etc/openvpn/ClientCA/*.key files
    • Attach /var/gcmanage/etc/gnupg
    • Attach any Apache SSL keys

Setup Munin Monitoring

Refer to docs: Internal Configuring munin-node

Setup MySQL Replication

If reporting is necessary, refer to docs: GCProtected::MySQL_Replication