Internal GCManage Server Setup

From GrandCare Systems
Revision as of 17:19, 10 July 2017 by Eumhoefer (talk | contribs) (Added Internal to Apache SSL Certs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


  • Verify requirements
    • Two IP addresses
  • Do an apt-get update and dist-upgrade before doing anything.

Install GCManage Release

  • Upload latest production release from buildmgr
  • untar release and run install-gcmanage script as root
    • While installing, check out the subnet allocation spreadsheet and add new unique subnets for client and management VPNs. We'll refer to these later.
  • When postfix prompts for server type, choose Satellite option and as the SMTP relay.
  • Eventually you will be prompted for SSL certificate information. Details here are not important (self-signed cert).

Finalize GCManage Installation

  • Turn off GCManage maintenance mode
  • Upload latest Como production full installer
  • Create and set default distributor under settings
  • Make changes to /var/gcmanage/etc/gcmanage.ini including SMS provider credentials

Post GCM Install Tasks

Configure OpenVPN

  • Edit /etc/openvpn/server-*.conf.
    • Change the local value with the secondary IP address and the server subnet. Increment each subnet per config.
  • Edit /etc/openvpn/management.conf
    • Change the local value with the secondary IP address and the server subnet to the next available management subnet.
    • Also change the route pushed to the subnet covering the four client subnets
# example
push "route"
  • Edit /etc/openvpn/ClientCA/keys/000-client.conf and make changes to the remote hostname if necessary. Usually
  • Restart openvpn and verify tun0 through tun4 interfaces are UP.
  • Edit /var/gcmanage/etc/vpn.ini

Configure and test postfix

Refer to docs: Internal Configuring Postfix

Install Apache SSL Cert

Refer to docs: Internal Installing Apache SSL Certs

Configure Backup

Refer to docs: Internal Configuring BackupPC Client

Document Sensitive Data

  • Create a new entry in the password store with login credentials
    • Attach /etc/openvpn/ClientCA/*.key files
    • Attach /var/gcmanage/etc/gnupg
    • Attach any Apache SSL keys

Setup Munin Monitoring

Refer to docs: Internal Configuring munin-node

Setup MySQL Replication

If reporting is necessary, refer to docs: GCProtected::MySQL_Replication