This section is obsolete.
Install commonly-used packages
apt-get install \ xbase-clients # provides xauth, without which "ssh -Y" will not work dpkg-dev-el # provide debian-changelog-mode
Performance-Tune the OpenAFS Client
FIXME: AdamM needs to fill this in
runit
The runit package is a mechanism for starting, stopping, and monitoring daemons. It is an alternative to the traditional /etc/init.d and start-stop-daemon scheme. Its chief advantages are:
It launches daemons with clean process state; the daemon inherits nothing from the administrator invoking the start/stop command because the daemon is not forked as a child of the administrator's shell (rather, a request is sent runit daemon asking it to fork the daemon). This is very important when dealing with tokens and pags.
- Runit monitors the processes that it forks, and restarts them if they die.
- Runit eliminates the need for pidfiles and the associated risk of starting multiple copies of a daemon.
Runit captures the daemon's stdout and either sends it to a logger (if specified) or else displays it in the process name (output of ps)
apt-get install runit
When you move a process from /etc/init.d/ control to runit supervision, you should inform debian that you have done so:
# assuming /var/service/$SERVICE/run is the runit script dpkg-divert --rename /etc/init.d/$SERVICE ln -s /usr/bin/sv /etc/init.d/$SERVICE
This will cause invocations of /etc/init.d/script {start|stop} to do "the right thing".
dnscache
You can install the dnscache package to make the server self-sufficient for dns resolution purposes (it acts as a tiny dns server just for localhost). This improves the reliability of the overall infrastructure.
Starting dnscache via runit is often a good idea; this ensures that it starts early in the boot process and that it is restarted if it dies for any reason.
Here are the instructions for configuring it. Make sure that bind9 (if running) is only listening to 127.0.0.1 and the public IP address of the machine. We tell dnscache to listen on 127.0.0.2 so as to avoid conflicts with bind.
apt-get install djbdns # If needed: addgroup --system Gdnscache adduser --system Gdnscache --ingroup Gdnscache # Create /etc/service/dnscache dnscache-conf Gdnscache Gdnscache /etc/service/dnscache 127.0.0.2 # Change default listen address 127.0.0.1 to .2 perl -pi -e 's/\.1/.2/' /etc/service/dnscache/env/IP # Let dnscache answer queries only from 127.0.0.2 mv /var/dnscache/root/ip/127.0.0.1 /var/dnscache/root/ip/127.0.0.2 sv restart dnscache
Then modify /etc/resolv.conf, replacing the nameserver lines with:
nameserver 127.0.0.2
/etc/hosts
If not present already:
echo '127.0.0.1 localhost' > /etc/hosts
ssmtp
Life is simpler when you run ssmtp. You can direct the mail stream either to deleuze (preferred) or to a copy of exim running locally (but why bother running it?).
Be sure to enable FromLineOverride, which ships defaulted to "off" in Debian.
apt-get install ssmtp sed -i 's_FromLineOverride.*_FromLineOverride=YES_' /etc/ssmtp/ssmtp.conf
noatime
By default, Linux will write to the disk in order to update the atime ("access time") every time a file is read from; this substantially degrades performance. You can disable this behavior by editing /etc/fstab
# <file system> <mount point> <type> <options> <dump> <pass> /dev/hda1 / ext3 defaults,noatime,errors=remount-ro 0 1
This is especially important on filesystems which are used to store AFS volumes.
etckeeper
apt-get install etckeeper cd /etc etckeeper init etckeeper commit "Initial checkin" git gc
nitpicks
- Debian's installer seems to want to put an entry for the machine's own hostname in /etc/hosts, resolving to 127.0.0.1. You'll probably want to remove it.