Editing New Signups (section)

= Dedicated Server Setup =

Before starting the OS install you'll need to know the following pieces of info:

*CID:
*Customer has multiple colos: Y/N
*Asset tag: JC-xxxx
*rack/location: 
*Service/Package (and any deviations to B/W, nfs space, IPs, etc) and price:
*RAM in system:
*IPs included in plan:
*OS (32 vs 64bit variant):
*Hostname:
*Disk partitions, including swap space:
*Number of initial IPs to assign:
*Timezone:

Some to most of that info will be provided via the new signup page, assuming the customer ordered the server via our order page. The rest will comes from the sales/build department.


Once the server is built, it should be installed in the rack, booted to the BIOS screen and labeled with the asset tag and the customer's CID (if available/established).

If an [[IPKVM]] is not already attached, you will need to ascertain which one is available (look in ~user/kvm, usually open for editing in the p4 screen of the mailbox window).

Before loading the server, there's a couple things to do in the BIOS screen:
# make sure the date and time are set to UTC
# make sure the server's power restore action is set to: last state (basically what we're trying to do here is if the server has power pulled, when power is restored it should turn back on- assuming it was on when power was pulled. This is what allows our ATS power cycling to work. If this is not set, when the ATS port is turned off and turned back on, the server may not turn back on.
# set the boot order to disable network booting or other things that may slow down bootup. 

After saving and exiting the BIOS, if the server has a raid card installed, you will see the raid BIOS screen. You should enter this screen and setup a raid mirror, or whatever the customer has requested (if a special request was made sales will let you know). Usually we use a 3ware card, to enter the config screen, press ALT-3. Use spacebar to select the 2 drives, tab to 'create unit'. Use defaults. Create a raid1 mirror (unless customer asks for something else). Do not enable write cache, assuming no battery exists. F8 to save and exit.

Reboot and load the OS- follow the instructions for pulling the ISO into the IPKVM and booting to it [[IPKVM|here]].

The install should be for the server version of whatever OS was requested. We typically do not install anything other than an sshd (and ports (tree) for FreeBSD). We don't install a GUI environment. We do not setup auto updates. We do not encrypt home directories. 

When selecting and IP, take into consideration the data center: an install at i2b should use an IP from the IPs routed to i2b, and vice versa. A customer's package may come with multiple IPs, however unless they indicate they want more assigned initially (and show good reason for doing so) we only assign 1 IP. If they are to receive more IPs, you will/may need to configure those post-install (depending on the OS). Ideally all IPs they receive are on the same class C block.

When picking a NIC (most of the installs we do are network versions and require the network to download OS components), it's somewhat of a crap shoot as to which NIC to choose and configure. Usually we try to begin pinging the IP we assign and watch for it to respond immediately after configuring the NIC. If it does not ping, you can:
# ask the NOC to swap the network cable to the alternate port
# go back and configure the alternate NIC (you may have to restart the OS install if it doesn't properly unconfigure the initial NIC, or you can't change it's config to alleviate an IP conflict)

We set DNS: 69.55.229.3, 69.55.225.225 (for a server @ i2b), 69.55.225.225, 69.55.230.3 (for a server @ castle)

We setup a regular user account: 'user' and we set that password to 'newrootNNNN' where NNNN is the sig digits of the customer's CID. i.e. for col01233 the password is 'newroot1233'. In FreeBSD, make sure to add 'user' to the wheel group (member of). 
If a root password is allowed to be set, we use the same password: 'newrootNNNN' 

Once the OS is installed and you've rebooted (after disconnecting the ISO from the KVM) you should confirm all is working: swap, ram, disk partitions, network is as it should be. If you were only able to assign 1 DNS server in setup, please add another to /etc/resolv.conf:

@i2b: 69.55.229.3, 69.55.225.225
@castle: 69.55.225.225, 69.55.230.3

Assuming they have a 3ware raid card, you will need to transfer in the raid CLI tool and our handy script so the customer may check on the health of their raid array, as instructed/encouraged by the welcome email they will receive.

This package is located on mail;
<pre>
fetch http://johncompanies.com/tools/3ware/L64.tgz
tar xvzf L64.tgz
</pre>

The version you choose will of course depend on the OS/version you're installing. You should copy the tarball to the /usr/local/sbin dir (or something in their path) and untar'd. You should run the script included in the tarball called checkraid.sh. If it gives an error, this is due to the fact that on some servers the raid card is recognized as 'c1' and on others 'c0' or something different. Determine which it is for this server by running:
 tw_cli info

which will give you output like:
<pre>Ctl   Model        (V)Ports  Drives   Units   NotOpt  RRate   VRate  BBU
------------------------------------------------------------------------
c1    9650SE-8LPML 8         6        1       0       5       1      -
</pre>

In this example it's 'c1' so edit checkraid.sh and change all instances of 'c0' to 'c1'

If we're adding additional IPs (and were not able to do so during initial install), configure as follows:

Centos/Fedora:

<pre>
 cd /etc/sysconfig/network-scripts/
 cp -p ifcfg-eth* ~
 fetch http://johncompanies.com/tools/network/centos/ifcfg-eth.tgz
 tar xvzf ifcfg-eth.tgz

 vi ifcfg-eth0:

DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
IPADDR=69.55.231.XXX  # change this to main IP address
PREFIX=24
GATEWAY=69.55.231.1   # change this to 229.1 if IP addr in other block
DNS1=69.55.229.3
DNS2=69.55.225.225
DNS3=69.55.230.3
DOMAIN="johncompanies.com"
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"
</pre>

<pre>
  vi  eth0:*

DEVICE=eth0:0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
IPADDR=69.55.231.XXX  # change this to IP address
PREFIX=24
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
</pre>

Repeat above as needed for each IP address

Remove the un-needed files.
<pre>
rm ifcfg-eth0:[3-8]  # change numbers to fit how many IP addresses are needed
</pre>

Debian/Ubuntu:

<pre>
cd /etc/network
vi interfaces

Old file was:
# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
        address 69.55.227.4
        netmask 255.255.255.0
        network 69.55.227.0
        broadcast 69.55.227.255
        gateway 69.55.227.1
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 69.55.225.225
        dns-search yeppernet.com

new file is:
# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
        address 69.55.227.44
        netmask 255.255.255.0
        network 69.55.227.0
        broadcast 69.55.227.255
        gateway 69.55.227.1
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 69.55D.225.225
        dns-search yeppernet.com

auto eth0:0
iface eth0:0 inet static
        address 69.55.227.55
        netmask 255.255.255.0
        network 69.55.227.0
        broadcast 69.55.227.255
        gateway 69.55.227.1

</pre>
  /etc/init.d/networking restart
(make sure you have console in case you screw that up)

 <pre>ifconfig
eth0      Link encap:Ethernet  HWaddr 00:30:48:28:9d:50
          inet addr:69.55.227.44  Bcast:69.55.227.255  Mask:255.255.255.0
          inet6 addr: fe80::230:48ff:fe28:9d50/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2850149 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2595566 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:1193068127 (1.1 GB)  TX bytes:2046984105 (1.9 GB)
          Base address:0x3000 Memory:fc400000-fc420000

eth0:0    Link encap:Ethernet  HWaddr 00:30:48:28:9d:50
          inet addr:69.55.227.55  Bcast:69.55.227.255  Mask:255.255.255.0
          inet6 addr: fe80::230:48ff:fe28:9d50/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2850149 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2595566 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:1193068127 (1.1 GB)  TX bytes:2046984105 (1.9 GB)
          Base address:0x3000 Memory:fc400000-fc420000
</pre>

Ubuntu 18.04

Ubuntu 18.04 uses netplan instead of /etc/network/interfaces.

<pre>
vi /etc/neplan/50-cloud-init.yaml

# This file is generated from information provided by
# the datasource.  Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
  version: 2
  renderer: networkd
  ethernets:
    enp0s25:
     dhcp4: no
     addresses: [69.55.229.26/24]
     gateway4: 69.55.229.1  
     nameservers:
       addresses: [69.55.229.3,8.8.8.8,8.8.4.4]

netplan apply
</pre>

The very last thing you should do before logging off the server is to run:
 history -c
in every shell you were in so they don't see what we were doing :)

Assuming this server is connected to an ATS, you'll want to confirm the server is connected to the port you think it is, and test the functionality- that you can power cycle the port and the server will come back up when power is restored. You should do a test power cycle (via the mgmt or AM-based ATS control) while the server is in post or BIOS. Basically, just NOT while the OS is running and disks mounted.

You should confirm the switch ports to which the server is connected (maybe has a 2nd port for the RMM). While the server is rebooting during your ATS test, you can observe output on the switch console that looks like:
<pre>.Mar  7 09:47:45 PST: %LINK-3-UPDOWN: Interface FastEthernet0/14, changed state to down
.Mar  7 09:47:46 PST: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/14, changed state to down
.Mar  7 09:47:47 PST: %LINK-3-UPDOWN: Interface FastEthernet0/14, changed state to up
.Mar  7 09:47:48 PST: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/14, changed state to up
</pre>
This confirms the server is on port 14.

Take this info (ATS, switch ports plus the asset tag) and:
# activate (or add) the server. Update the cabinet, ATS and port, asset tag. (Switch port not kept in mgmt)
# update the [[cabinetmap|cabinet map]] to add the server to the correct location, along with the ATS port, and switch port(s)
# login to the switch serial console and add the customer's CID (and hostname if they have mult. servers) to the port(s) description tag. Repeat for the RMM port if they have one:
<pre>switch-p25#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
switch-p25(config)#int fa0/10
switch-p25(config-if)#des col01233 myhostname
switch-p25(config)#int fa0/11
switch-p25(config-if)#des col01233 myhostname (RMM)
switch-p25(config-if)#end
switch-p25#
.Mar  7 11:37:17 PST: %SYS-5-CONFIG_I: Configured from console by console
switch-p25#wr me
Building configuration...
[OK]
switch-p25#
</pre>

At this point it's safe to hand the server over to the customer. Use the 'new colo welcome' paste. Edit for:
# IP(s)
# if it's FreeBSD use the 'root' & 'user' password line, if it's Ubuntu use/edit the 'root' password line, depending on if you set the root password or not, or what you setup for the normal user account
# the correct DNS depending on which data center they're at (remove ns3c if the server is at castle)
# if they have no raid card, remove that section
# if they have an RMM, include the RMM paste somewhere in the email

If they're already a customer, you can exclude the info about their AM login info (since they have it already). If they're not, you'll need to reset their AM pass to see it.

Lastly, assuming this server was installed for a new customer and the customer was not yet activated, the CID was probably not established and the server has no CID label. You'll need to make a note to label it (and add the hostname too if they have multiple servers) next time you're at the data center, or ask the noc staff to do it for you.

== Dedicated Server Install Checklist ==

o Install OS

o Add JCI - adduser, wheel, visudo
<pre>
  adduser -u 955 jci
  passwd jci
    ''l4mph0st''
  adduser -u 1000 col0XXX
  passwd col0XXXX           
    ''col0XXXX''          (XXXX is their col0XXXX number)
  vi /etc/group
     ( add "jci,user" to group wheel and/or sudo )
  visudo
     ( enable group wheel to do anything with password )
</pre>

o Install openssh-clients (if not already installed)
<pre>
  yum -y install openssh-clients
</pre>

o Update OS
<pre>
  yum -y update   (for CentOS)
</pre>

o checkraid.sh
  As noted above install our RAID disk checks

o config IP addresses

o clear last logins
<pre>
  cp /dev/null /var/log/wtmp
</pre>

o clear history
<pre>
  cp /dev/null ~/.bash_history
  history -c
  shutdown -h now
</pre>

o For a suspected spammer, add rule to firewall2 to limit output for mail ports (ie.)
before rule 50
<pre>
ipfw add 37 pipe 8 ip from 69.55.231.104/30 to any dst-port 25,465,587
ipfw add 37 pipe 8 ip from 69.55.231.108    to any dst-port 25,465,587
</pre>

=== After installed in rack ===

  check ssh
  label switch port
  update cabinet map
  update mgmt cabinet number

== RMM Setup ==

The RMM must be configured via the server's BIOS screen:

Server management > BMC LAN config:<BR>
down to Intel RMM3 LAN config: <BR>
IP (static) , mask, g/w<BR>

user config: <BR>
disable anonymous. <BR>
root: set pass to newrootNNNN