Difference between revisions of "Internal GCManage Server Setup"
Jump to navigation
Jump to search
(Created page with "= Preparation = * Verify requirements ** Two IP addresses * Do an ''apt-get update'' and ''dist-upgrade'' before doing anything. = Install GCManage Release = * Upload latest ...") |
|||
| Line 7: | Line 7: | ||
* Upload latest production release from [[buildmgr]] | * Upload latest production release from [[buildmgr]] | ||
* untar release and run ''install-gcmanage'' script as root | * untar release and run ''install-gcmanage'' script as root | ||
** While installing, check out the [https://docs.google.com/a/grandcare.com/spreadsheet/ccc?key=0AiSPV8VnEuBvdFBUMFdJRktNbU1zOWRhWkxSd3FnNHc#gid=0|VPN subnet allocation spreadsheet] and add new unique subnets for client and management VPNs. We'll refer to these later. | |||
* When [[Configuring Postfix|postfix]] prompts for server type, choose Satellite option and ''gcmmail.grandcare.com'' as the SMTP relay. | |||
* Eventually you will be prompted for SSL certificate information. Details here are not important (self-signed cert). | |||
= Post GCM Install Tasks = | |||
== Configure OpenVPN == | |||
* Edit ''/etc/openvpn/server-*.conf''. | |||
** Change the '''local''' value with the secondary IP address and the '''server''' subnet. Increment each subnet per config. | |||
* Edit ''/etc/openvpn/management.conf'' | |||
** Change the '''local''' value with the secondary IP address and the '''server''' subnet to the next available management subnet. | |||
** Also change the route pushed to the subnet covering the four client subnets | |||
# example | |||
push "route 10.100.32.0 255.255.252.0" | |||
* Edit ''/etc/openvpn/ClientCA/keys/000-client.conf'' and make changes to the remote hostname if necessary. Usually vpn01.foobar.com. | |||
* Restart openvpn and verify tun0 through tun4 interfaces are UP. | |||
== Configure and test postfix == | |||
Refer to docs: [[Configuring Postfix]] | |||
== Install Apache SSL Cert == | |||
Refer to docs: [[Installing Apache SSL Certs]] | |||
== Configure Backup == | |||
* Copy the backuppc public key | |||
mkdir /root/.ssh | |||
echo ssh-dss AAAAB3NzaC1kc3MAAACBAIZa+/rhxbZf3HAVshhy1p12oQaQCB5i6pV5doOfF/t9oc8MOz75IuEjTbu3VWWwcTBT08zlGcWKajSHeeRgAkFOAP6ZhHo8qzldNe4T9uTGkX3qF2JEY7Xz//WPwDowiJgXFfjg1mXZDmsiqAzK1fLsFjLyAce2Ts4iucTp9gnXAAAAFQD5jM0f4Yv39aJVKY4OJgskZBm4DQAAAIB5mYihwaUmWQWmCnXOSnGwb+l/4pTb+IGCw2VEq8Zym2kvbgnD8ffgDWUhbbOcRB30qNtIj9OLZqJ62f6pbsZFYiachApzuDN9i5ERPSAxVJv0+j1KghuArGe+4eg0NuhwBQTE2iO9xXNuS6N/FwazC/0bqBNr/hpXMekEVhKmnwAAAIAjVWpL04oEhInyazYh5FeV6hrlIQe4J+yd7q8Mmye04mJ6NgntWUz00YHBxICSZdaAfTT//31u2TTkI0XYILyvOhjWCoN/VidpGf06Tg9k/KLmcnEogxTydrab7m54ZPPB28K2ie7OmsPtYrnVU7gfeaiiJTS3VVaL9bR8JzmbaQ== backuppc@backuppc >> /root/.ssh/authorized_keys | |||
Revision as of 17:48, 3 May 2013
Preparation
- Verify requirements
- Two IP addresses
- Do an apt-get update and dist-upgrade before doing anything.
Install GCManage Release
- Upload latest production release from buildmgr
- untar release and run install-gcmanage script as root
- While installing, check out the subnet allocation spreadsheet and add new unique subnets for client and management VPNs. We'll refer to these later.
- When postfix prompts for server type, choose Satellite option and gcmmail.grandcare.com as the SMTP relay.
- Eventually you will be prompted for SSL certificate information. Details here are not important (self-signed cert).
Post GCM Install Tasks
Configure OpenVPN
- Edit /etc/openvpn/server-*.conf.
- Change the local value with the secondary IP address and the server subnet. Increment each subnet per config.
- Edit /etc/openvpn/management.conf
- Change the local value with the secondary IP address and the server subnet to the next available management subnet.
- Also change the route pushed to the subnet covering the four client subnets
# example push "route 10.100.32.0 255.255.252.0"
- Edit /etc/openvpn/ClientCA/keys/000-client.conf and make changes to the remote hostname if necessary. Usually vpn01.foobar.com.
- Restart openvpn and verify tun0 through tun4 interfaces are UP.
Configure and test postfix
Refer to docs: Configuring Postfix
Install Apache SSL Cert
Refer to docs: Installing Apache SSL Certs
Configure Backup
- Copy the backuppc public key
mkdir /root/.ssh echo ssh-dss AAAAB3NzaC1kc3MAAACBAIZa+/rhxbZf3HAVshhy1p12oQaQCB5i6pV5doOfF/t9oc8MOz75IuEjTbu3VWWwcTBT08zlGcWKajSHeeRgAkFOAP6ZhHo8qzldNe4T9uTGkX3qF2JEY7Xz//WPwDowiJgXFfjg1mXZDmsiqAzK1fLsFjLyAce2Ts4iucTp9gnXAAAAFQD5jM0f4Yv39aJVKY4OJgskZBm4DQAAAIB5mYihwaUmWQWmCnXOSnGwb+l/4pTb+IGCw2VEq8Zym2kvbgnD8ffgDWUhbbOcRB30qNtIj9OLZqJ62f6pbsZFYiachApzuDN9i5ERPSAxVJv0+j1KghuArGe+4eg0NuhwBQTE2iO9xXNuS6N/FwazC/0bqBNr/hpXMekEVhKmnwAAAIAjVWpL04oEhInyazYh5FeV6hrlIQe4J+yd7q8Mmye04mJ6NgntWUz00YHBxICSZdaAfTT//31u2TTkI0XYILyvOhjWCoN/VidpGf06Tg9k/KLmcnEogxTydrab7m54ZPPB28K2ie7OmsPtYrnVU7gfeaiiJTS3VVaL9bR8JzmbaQ== backuppc@backuppc >> /root/.ssh/authorized_keys