Preliminary server configuration

Overview

At the input is a server with an installed OS Linux Debian 10, 11.

Sample steps are provided for the process of configuring a new physical server and OS prior to beginning the platform installation.

The era_user user is used as an example of the main user under which authorization is performed for server preparation and subsequent launch of the platform installer.

Stages

1. Group sudoers

Assign a user to a group sudoers:

su root

apt-get install sudo

nano /etc/sudoers

/sbin/usermod -aG sudo era_user

2. Cnetwork interfaces

You must configure the server’s network interfaces.

The server must be given one static local address. And also add additional addresses depending on the network requirements.

It is important to install the system on a permanent internal address that does not change over time.

It is not allowed to use a loopback interface as an address for system deployment.
This makes it impossible to set up a multi-server configuration, and will require reinstallation and reconfiguration of the system if conversion or connection of remote debugging tools is required.

It may be necessary to configure gateways and/or routes to ensure proper communication with the external environment.
You may need to configure VLANs to connect to a telephony provider, or to organize an internal private network between multiple servers in the cluster.

DNS servers must allow the server to address the DNS names authorized by the rules of the network loop that are planned for use. If the server has access to the Internet, public DNS names.

2.1) Set the required IP addresses:

sudo nano /etc/network/interfaces
auto eno1
iface eno1 inet static
address 192.168.0.115
netmask 255.255.255.0
network 192.168.0.0
gateway 192.168.0.1
dns-nameservers 192.168.0.1 8.8.8.8

auto eno1:1
iface eno1:1 inet static
address 172.22.10.27
netmask 255.255.255.0
network 172.22.10.0
post-up route add -net 45.12.13.0/24 gw 172.22.10.2
pre-down route del -net 45.12.13.0/24 gw 172.22.10.2
It is necessary to take into account that the gateway can be set only on one interface, and the rest of the interfaces must be configured with dynamic route control.

2.2) Set the dns servers:

sudo nano /etc/resolv.conf
nameserver 192.168.0.1
nameserver 8.8.8.8

2.3) If necessary to customize vlan:

sudo apt install -y vlan

sudo nano /etc/network/interfaces
auto eno1.2121
iface eno1.2121 inet static
address 172.22.10.27
netmask 255.255.255.0
network 172.22.10.0
post-up route add -net 45.12.13.0/24 gw 172.22.10.2
pre-down route del -net 45.12.13.0/24 gw 172.22.10.2
In the example, 2121 is the vlan number. The separator is a point.
When using a vlan, there can be only one untagged interface besides the actual vlan interfaces.

2.4) Restart the network service and check for the presence of the specified interfaces:

sudo systemctl restart networking

ip a

2.5) If necessary, restart the server so that the changes are guaranteed to take effect:

reboot

3. Paths to package repositories

Check and, if necessary, change the paths to the default debian repositories:

sudo nano /etc/apt/sources.list
You only need to add repositories if they are not listed.

Example of a list of repositories for debian 10:

deb http://deb.debian.org/debian buster main
deb-src http://deb.debian.org/debian buster main

deb http://security.debian.org/debian-security buster/updates main
deb-src http://security.debian.org/debian-security buster/updates main

Example of a list of repositories for debian 11:

deb http://deb.debian.org/debian bullseye main
deb-src http://deb.debian.org/debian bullseye main

deb http://deb.debian.org/debian-security/ bullseye-security main
deb-src http://deb.debian.org/debian-security/ bullseye-security main

deb http://deb.debian.org/debian bullseye-updates main
deb-src http://deb.debian.org/debian bullseye-updates main

Update system packages:

sudo apt-get update

4. SSH server and SSH client

Install and configure SSH server, install SSH client.

4.1) Install the packages and start the service

sudo apt install openssh-server ssh

sudo systemctl start sshd
If the server has a direct external address on a public network, for hygienic purposes it is recommended to use a non-standard port and only allow connections from specific known addresses.

4.2) Set a whitelist of addresses

sudo nano /etc/hosts.allow
sshd : 192.168.0.12
sshd : 127.0.0.1
sshd : ALL : deny

4.3) Set ssh server port

sudo nano /etc/ssh/sshd_config
port 9022

4.4) Restart the service

sudo systemctl restart sshd

4.5) If necessary, store your public key on the server.

5. Monitoring packages and utilities

Install packages and monitoring utilities:

sudo apt-get install parted gnupg curl wget members rsync
sudo apt-get install net-tools iotop htop sysstat tshark

6. Locales and keyboard layout

Adding "RU" locales is necessary if the server is planned to install postgresql in the host. 
locale -a

sudo dpkg-reconfigure locales
Select ru_RU.UTF-8 and en_US.UTF-8.

The default language for the system environment is specified in the file /etc/default/locale.

For system environment we recommend to leave as default locale en_US.UTF-8.

Set up the console and keyboard.

It makes sense to configure the console and keyboard only when connecting to the server directly (not through the ssh). 
sudo dpkg-reconfigure console-setup
Select UTF-8, Combined - Latin; Slavic Cyrillic; Greek, Terminus, 6x12 (8x14) 
sudo dpkg-reconfigure keyboard-configuration
Select Generic 105 key, Other, Russian, Russian 
sudo service keyboard-setup restart
Try switching the layout. If necessary, restart the server.

7. Disk partitioning, formatting

If a RAID array is connected, configure it and prepare partitions.

If new unmapped storage disks are attached to the server, partition and format them.

lsblk -a

df -h

sudo cfdisk /dev/sdb

sudo partprobe -s

NOTE! changing partition settings or even formatting

# sudo parted /dev/sdb

# sudo mke2fs -t ext4 /dev/sdb1

lsblk -a

mkfs -t ext4 /dev/sdb1

8. Mounting partitions

Additional storage disks must be mounted.

Partition and directory names are arbitrary. 
sudo mkdir /mnt/data

sudo mount /dev/sdb1 /mnt/data

df -h

sudo blkid
sudo nano /etc/fstab
# data
UUID="422e42c8-f2d5-4c56-b219-3a4c37153c14"     /mnt/data       ext4    defaults        0       1

8.2) Create a storage group and set permissions for it on the mounted partition.

This will come in handy when installing a database server with a data catalog and configuring the mounted partition to give the postgres user the appropriate permissions. 
sudo groupadd storage

sudo chgrp storage /mnt/data

sudo chmod 775 /mnt/data
  • Personalization
  • Increase font size
  • Decrease font size