Opened 5 years ago

Closed 5 years ago

#2205 closed task (fixed)

OSGeo7 setup

Reported by: robe Owned by: sac@…
Priority: critical Milestone:
Component: Systems Admin Keywords:


I did the first pass of setting up OSGeo7 so it now has Ubuntu 18.04 installed on the SAMSUNG drive, ucfw firewall turned on only allowing ports 22,80, 443 for inbound.

Our plan is here:

Next steps would be to get LDAP setup, I'll be happy to do this but need someone to whitelist the osgeo7 ( ) ip - [

disable password login, root (I have to double check on this as I took the default settings. I think password login is allowed, but root might have been disabled by default)

After that would be the ZFS, LXD, NGINX setup which I would appreciate someone with more experience do or be around when I do it.

Change History (5)

comment:1 by wildintellect, 5 years ago

  • root accounts don't exist on Ubuntu by default.
  • I'm wondering if we need to resize the root partition to not be the whole 512 GB drive, Chris does the caching require an unformatted partition or a specific partition type?
  • Should we write a Puppet/Ansible or other automation script to do these essential tasks the same way (could be applied to containers and other machines)? Store this in git.
  • Did we get the usb removed to test if rebooting is working right? I can offer to look at the bios with you make sure it's set right.

comment:2 by robe, 5 years ago

I told whitehet it was okay to remove, but it doesn't matter anyway cause he changed it to boot from the SAMSUNG.

When I did a soft reboot after installing updates and the firewall, it didn't come up not sure why.

But when I did a hard-reboot - it came up and automatically booted to the SamSUNG. The screen was showing the Grub menu option, perhaps longer than we want it to. whitehet suggested reducing the GRUB menu time.

comment:3 by wildintellect, 5 years ago

We reboot so infrequently I think it's fine for grub to take 30 seconds, we could reduce it to 10 if we want but that's really minor.

comment:4 by robe, 5 years ago

I've also installed zfsutils-linux (needed to see zfs option in lxd) and lxd. I figure those were safe enough to install.

We still need to do the zfs pool setup and lxd init.

comment:5 by robe, 5 years ago

Resolution: fixed
Status: newclosed

OSGeo7I think is setup.

ZFS is working fine and have some containers setup e.g. nextcloud, docker. The docker actually works fine I think so I think it's just some funkiness with collabora why I couldn't use the docker image.

Only thing left is the setting up ssh login and backup.

Backup is in as a separate ticket. the ldap ssh login I'm not sure we want people ldapping into osgeo7 directly. I'd like to keep that bare bones and requiring key as it is now.

the debian-ldap-ssh lxd I am still having issue with getting ssh-ldap authentication to work. But I'll log that as a separate ticket.

Note: See TracTickets for help on using tickets.