|
AIX Localization Checklist
CU Generic Localization Checklist for IBM - AIX 4.X Specific
MACHINENAME: generic
UnixOps support type (check all that apply):
[ ] No support - one time localization only
[ ] NET support
[ ] FULL support (includes first 3 and user support)
[ ] GATE support (host has >1 network interface and subnet)
[ ] DUMPS backups
To use this checklist:
Place your initials inside each brace after the task is completed.
Place NA (Not Applicable) if the task doesn't apply here.
A CAPITALIZED word in front of brackets indicates on optional task.
Blanks in front of brackets indicate "mandatory".
This checklist is not necessarily meant to be done in order.
VERIFY EVERYTHING. GET SOMEONE ELSE TO DO IT IF YOU CAN'T!!!
The following constitutes localization:
[ ] All parts have arrived, final location known,
wiring asked to make any necessary connections.
[ ] has a valid CU-Boulder Internet adress and all host
attributes are in addhost database.
[ ] This host has a nametag plastered on it and all its
peripherals including proper disk labeling with the
partition table. (use mklabels)
[ ] Install vanilla OS
if setting up as a NIS+ server create a separate
/var with at least 50-75MB. (when in doubt, no NIS)
[ ] Move this file to hostname:/Localization and continue
to update it there
--------------------------------------------------------------------------------
System Management Interface Tool (SMIT)
--------------------------------------------------------------------------------
[ ] ethernet interfaces set up:
* Communications Applications and Services
* TCP/IP
* Minimum Configuration & Startup
(configure en0)
netmask: 255.255.255.0
network interface: en0
nameserver: 128.138.240.1
broadcast xxx.xxx.xxx.255
* Communications Applications and Services
* TCP/IP
* Furthur Configuration
* Network Interfaces
* Network Interface Selection
* Change/Show Characteristics
configure en0 state=up
et0 state=detach
[ ] If using gated, grab gated.conf from unixops/doc/IBMS
Also, make sure that the following line is in /etc/rc.tcpip:
/usr/sbin/no -o ipforwarding=1
[ ] Hostname explicitly set
* Communications Applications and Services
* TCP/IP
* Furthur Configuration
* Hostname (set the hostname)
[ ] Change kernel to allow more than 2 users
* System Environments
* Change Number of Licensed Users (33-64 is good)
--------------------------------------------------------------------------------
End of SMIT Section
--------------------------------------------------------------------------------
[ ] If using an /etc/rc.local, put the following in /etc/inittab:
rclocal:2:wait:/etc/rc.local > /dev/console 2>&1 # Run rc.local
[ ] has 0 length /etc/hosts.equiv
[ ] /tmp and any scratch partitions are mod 1777.
[ ] /etc/utmp is mod 644
[ ] created /core by soft-linking to /dev/null
ln -s /dev/null /core
[ ] this host has valid routing.
Add default route, and routed -q in /etc/rc.tcpip
NET/OS [ ] root owns /.rhosts (mode 644) and it contains *only* :
[localhub]
NET [ ] If one-time localization, or net support only, install
grabfiles and make sure that "telnet machinename
grabfiles" causes grabfiles to run.
If full support, set up rdist using gnu rdist. set up
/usr/local/etc/hourlydist for hourly distribution.
[ ] set up /etc/motd.local (just create it). Local changes
to motd can be put here, and only here.
NET [ ] resolves queries to sanctioned nameserver - copy
resolv.conf from localized systems of same OS and class.
or create /etc/resolv.conf (mod 644) with:
;
domain colorado.edu
;
nameserver 128.138.238.154 ; cujo
nameserver 128.138.238.18 ; boulder
NET [ ] localized syslog.conf - copied from localized system of
same OS and class config.
NET [ ] if standalone or server, add to pingem list on boulder.
[ ] edit /etc/security/login.cfg, shells= to include all
shells expected to be on system. (this will save much
confusion as ftp will not allow people to ftp in if
their shell is not on this list).
[ ] install tcp wrappers. install identd.
grab the install guide
(ftp:boulder:/pub/Localization/AIX/how_to/install-tcpwrappers)
and the source for tcp-wrappers
(ftp boulder:/pub/Localization/common/tcp_wrappers_7.2.tar)
[ ] install latest version of sendmail chmod 4711 owner root.
(/usr/sbin/sendmail)
[ ] Put our aliases file in /usr/lib/aliases. Remove any
other aliases.* files from /etc, and /usr/lib,
especially if they're .dat and .pag files.
[ ] Create links:
ln -s /usr/lib/aliases /etc/aliases
ln -s /usr/lib/aliases.db /etc/aliases.db
[ ] Install /usr/lib/sendmail.cf. Remove or rename
any other files in /etc, or /usr/lib that
are named sendmail.cf.
[ ] create links:
ln -s /usr/lib/sendmail.cf /etc/sendmail.cf
ln -s /usr/sbin/sendmail /usr/lib/sendmail
ln -s /usr/sbin/sendmail /usr/sbin/newaliases
[ ] run newaliases.
[ ] start sendmail:
/usr/lib/sendmail -bd -q1h
[ ] Verify the mail system works completely
by sending test messages to/from users that live on this
host. Also telnet to port 25. Test the sendmail by
'expn your.name', 'expn diary', and any other alias
that might cause sendmail to choke.
[ ] test that mail recognizes mail outside of the local
domain by sending mail to rainbow-request@rmit.edu.au
or some other automatic mail responder.
bouncer@nic.near.net gives a breakdown of the headers
it receives from the sender.
[ ] has valid tech.alias, trouble.alias, admin.alias, and
wiring.alias in /usr/local/adm/unixops. chmod to 644.
[ ] link /usr/local/adm/logs to /var/adm/logs
[ ] has diary file as /usr/local/adm/logs/diary mode 4644 and
is owned by "nobody."
[ ] we have a concrete vendor service agreement on this host.
NET/ [ ] If UnixOps supported, this host has a unixops agreement
FULL/DUMPS
[ ] add client to /etc/netgroup on server (if running NIS).
[ ] political/technical OK to join Club uniqUID
[ ] if in Club uniqUID, install durm - be sure to configure
/usr/local/durm/lib/type_db to the customer's specifications
Copy over into /usr/local/durm/skell all the needed
.* files needed for your system.
[ ] if in Club uniqUID, install passport and have it
run as a cron job once a month.
[ ] All vendor specific relevant security fixes patched.
Check refuge:
/usr/local/adm/unixops/doc/LocalSoftwareDoc/
cert.security.fixes
for current list of patches to install.
NET/ [ ] root password is what it should be
FULL
[ ] If UnixOps supported, update the /usr/local/adm/unixops/
system.list file - make sure any changes in OS are
reflected.
DUMPS [ ] Machine has operator login with correct operator
password.
DUMPS [ ] Machine has group operator (and the user operator is in
group operator)
DUMPS [ ] AMANDA utilities `senddump' and `sendsize' are installed
in /usr/local/amanda/libexec
DUMPS [ ] AMANDA services added to /etc/services:
amsendsize 10069/udp
amsenddump 10070/tcp
DUMPS [ ] AMANDA services added to /etc/inetd.conf (send a HUP
to inetd after changing this file):
amsendsize dgram udp wait operator \
/usr/local/amanda/libexec/sendsize sendsize
amsenddump stream tcp nowait operator \
/usr/local/amanda/libexec/senddump senddump
DUMPS [ ] AMANDA master host is in ~operator/.rhosts, and
~operator/.rhosts is mode 600, owned by operator
DUMPS [ ] all raw disk devices are mode 640, group operator
DUMPS [ ] /etc/dumpdates is mode 664, group operator
[ ] create links:
ln -s /usr/sbin/dump /etc/dump
ln -s /usr/sbin/rdump /etc/rdump
ln -s /usr/sbin/restore /etc/restore
ln -s /usr/sbin/rrestore /etc/rrestore
[ ] create configuration file for Localization level 0
backup. In refuge/share/dumps/configs, create a
file hostname.lvl0. Use a similar machine to
create the correct format.
[ ] do a localization level 0 backup of the system as soon
as the localization is completed. (or at any time the
pain threshold is higher for going thru this list than
doing a restore).
DUMPS [ ] Operators have been mailed the following information:
* Output from a "df"
* Which partitions are to be dumped
DUMPS [ ] If a machine is a server complete the above for all
diskful Clients as well.
DUMPS [ ] Operations manager has an account on the machine with
sudo (and knows about it).
DUMPS [ ] /usr/spool/restore is mod 750, owned by operator.
[ ] spacegripe : Option jobs to
[ ] passport : be run out of cron
[ ] ntpdate :
[ ] passchk :
Mandatory Software Packages: (most source code can be found on cujo)
Verify packages. Get someone else to verify them if you don't know how.
[ ] sudo. setup blessed sudoers. if its a full service
machine make it log to boulder. (get source from ftp.cs)
[ ] compress / uncompress (usually 'zcat')
[ ] culine
[ ] gzip/gunzip
[ ] less
NET [ ] mailhome
[ ] rcs
[ ] screensaver installed and setup in rc.local
[ ] ntpdate
(do a "make ntpdate/ntpdate" from xntpd source)
This should be installed in cron as "ntpdate -s
128.138.240.1"
[ ] tcsh(add to /etc/shells)
[ ] top
Free Optional Software Packages. Ask customer before installing any of these.
Look in boulder anonymous ftp: ~ftp/pub/Localization/software.explain for
a list of software descriptions that you can mail to the customer to ask them
what they would like to have installed - this list also covers extra-cost
packages.
Initial, or put REJ (rejected by customer).
[ ] aliases
[ ] da/411
[ ] file transfer protocols
kermit, xmodem, and zmodem (usually 'rzsz')
[ ] mkmake
[ ] perl
[ ] rrn (usenet news)
[ ] rtar
[ ] scrub
[ ] shar
[ ] tac
[ ] tout
[ ] transcript (psroff, enscript, etc.) (requires ditroff)
don't forget the culogo font for transcript
[ ] ditroff
[ ] webster (server "webster")
Extra-Cost Optional software packages.
If customer has a full-service agreement with unixops, install any/all
of these at no extra charge.
If customer has net support, or is a one-time only localization, let them
know about the charges marked beside the packages. be sure to
tell the assistant admin about which packages you installed.
$ 50 [ ] emacs (gnu version: most recent)
$150 [ ] eqn / pic / ideal (ditroff preprocessors)
be sure to install GNU version of ditroff (groff)
and the GNU versions of these preprocessors - BSD
versions often do not work.
$ 50 [ ] RAND MH
* [ ] tex / detex / culogo font for tex
charge $100 for sunos or ultrix system
charge $200 for other OS
* [ ] X11R5 (mount from X nfs server if blessed)
charge $ 50 for sunos or ultrix system
charge $150 for other OS
When done:
[ ] Level 0 (see directions above for how).
[ ] Mail checklist to boss and diary@hostname
[ ] Notify UnixOps Assistant Admin to recharge.
Once machine is moved:
[ ] Maybe need to change the default route in /etc/tcpip
[ ] Change the hostname
[ ] Change the Minimum Configuration and Startup of
the ethernet interfaces.
|
|
