User:Mhavela: Difference between revisions

From Alpine Linux
(Cleaning up)
Line 1: Line 1:
= Creating a bootable alpine-1.9.x iso =


== Create a build environment ==
To start with you need a working [[Setting_up_the_build_environment|build environment]].
== Update your build environment ==
Inside the [[Setting_up_the_build_environment|build environment]] you will need latest aports.[[BR]]
If you don't already have it, run:
git clone http://git.alpinelinux.org/aports /aports
If you already had it you can just update it:
cd /aports && git pull
= Upgrading Alpine =
This document describes how to replace an Alpine installation with a newer version.
The upgrade process consist of the following steps:
* Backup current setup
* Upgrade Alpine CD/USB
* Execute upgrade script
* Save changes
* Reboot
== Backing up current config ==
Its recommended to make a backup of your config before you start.<BR>
The idea is to save the (*apkovl*) from your media to a safe place.<BR>
If you need to rollback, simply revert to your old *apkovl.tar.gz*.
=== Backing up to media ===
You could replace the existing floppy with a new (dos-formatted) floppy and then run the command:
lbu ci floppy
Or you could use a USB to store your configuration.
lbu ci usb
== Download new Alpine ==
[http://wiki.alpinelinux.org/w/index.php?title=Downloads Download] latest ISO image (or USB image).
=== Upgrade CD media ===
Burn the ISO on a blank CD and replace the existing CD with the new.
/etc/init.d/modloop stop
eject
Now you should insert the new media.
/etc/init.d/modloop start
=== Upgrade USB media ===
On USB installations you can just download and unpack the latest tar directly to ''/media/usb''.
$ wget -C /media/usb -q -O - \
      http://distrib-coffee.ipsl.jussieu.fr/pub/linux/alpine/alpine/v1.7/usbdrive/alpine-1.7.22-i386.tar.gz \
      | tar -zvx
== Execute upgrade script ==
The new media has a ''upgrade'' script found on root level on media (/media/cdrom/upgrade or /media/usb/upgrade).<BR>
Start by executing this script (in our example below we use CD media).
/media/cdrom/upgrade
=== Example on how a upgrade could look ===
Before actually upgrading packages it will get an overview what packages will be upgraded.<BR>
It migh look something like this:
<pre>~ $ /media/usb/upgrade
Upgrading from alpine-1.7.2 to alpine-1.7.6
Will try to upgrade packages from
fetching usb://apks/INDEX.md5.gz
Looking for new packages...
The following packages will be updated:
alpine-baselayout-1.4.1-r1          <  needs updating (index has 1.6.0)
alpine-conf-0.9                    <  needs updating (index has 1.0)
busybox-1.5.0-r1                    <  needs updating (index has 1.7.1)
Press Enter to continue or Ctrl-c to abort.
</pre>
Verify that it looks ok and press [''enter''] to start the upgrade.
As a first step the upgrade script will try to upgrade apk-tools, uclibc and busybox.<BR>
Then it will upgrade all packages by running'' 'apk_add -u'''.<BR>
It will look something like this:
<pre>fetching usb://apks/busybox-1.7.1.apk
updating busybox-1.5.0-r1 to busybox-1.7.1
fetching usb://apks/alpine-baselayout-1.6.0.apk
updating alpine-baselayout-1.4.1-r1 to alpine-baselayout-1.6.0
fetching usb://apks/alpine-conf-1.0.apk
updating alpine-conf-0.9 to alpine-conf-1.0
</pre>
When then'' 'apk_add' ''application upgrades packages, it will detect that you have modified some config files.<BR>
Instead of overwriting your config, it will install the new config with the suffix'' '.apk-new'''.<BR>
This way you are able to review and merge in changes from the default config to your own config file.<BR>
Config files that are untouched will just silently be replaced.
The'' 'upgrade' ''script will execute'' 'update-conf' ''to assist you in merging the config files.<BR>
It will first display a list of config files that you will need to take care of manually.<BR>
Like this:
<pre>The following config files have been updated and need attention:
/etc/profile
/etc/modules
/etc/inittab
/etc/hosts
/etc/init.d/syslog
/etc/init.d/networking
/etc/init.d/modloop
</pre>
Afterward it will step through every file, displaying a diff and give you options to act:
<pre>
--- /etc/profile        2007-05-31 14:11:47 +0000
+++ /etc/profile.apk-new        2007-09-07 06:33:36 +0000
@@ -1,4 +1,3 @@
export PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin
export PAGER=less
umask 022
-export LBU_MEDIA=usb
New /etc/profile available:
Quit, Next, Show diff, Edit new, Zap new, Use new (q/n/s/e/z/u) [s]:
</pre>
In this case we have added'' 'export LBU_MEDIA=usb' ''so we don't need to specify the media to'' 'lbu'''.<BR>
We want to keep our current file as it is so we just press'' 'z' ''(and [''enter'']) to zap the new config and keep the old.
Next is file is'' '/etc/modules''':
<pre>
--- /etc/modules        2007-05-09 16:02:31 +0000
+++ /etc/modules.apk-new        2007-09-07 06:33:36 +0000
@@ -1,4 +1,2 @@
deadline-iosched
af_packet
-xt_state
-xt_tcpudp
New /etc/modules available:
Quit, Next, Show diff, Edit new, Zap new, Use new (q/n/s/e/z/u) [s]:
</pre>
Also here we just keep the current config by pressing'' 'z' ''since the modules are needed for our ipsec.
Next file is'' '/etc/inittab''':
<pre>--- /etc/inittab        2007-06-20 13:21:20 +0000
+++ /etc/inittab.apk-new        2007-09-07 06:33:36 +0000
@@ -4,7 +4,7 @@
::wait:/etc/init.d/rcL
# Set up a couple of getty's
-::respawn:/sbin/cttyhack /sbin/getty - 9600 vt100
+::respawn:/usr/bin/cttyhack /sbin/getty - 9600 vt100
tty2::respawn:/sbin/getty 38400 tty2
tty3::respawn:/sbin/getty 38400 tty3
tty4::respawn:/sbin/getty 38400 tty4
New /etc/inittab available:
Quit, Next, Show diff, Edit new, Zap new, Use new (q/n/s/e/z/u) [s]:
</pre>
This time the change is not caused by us, but its a change in the default config.<BR>
This is even related to where the login screen should appear so if we dont merge this change, we might not be able to see the login screen!<BR>
We choose'' 'u' ''to use the new config.
Continue go through every config file.<BR>
Sometimes you might want to edit the new file, or leave the upgrade process to take care of the config file manually by using option'' 'q'''.<BR>
You can always resume later by either running the'' 'upgrade' ''script again or by executing'' 'update-conf -i'''.
== Save changes ==
Now that all upgrades are done, we should save our settings to our media (which you hopefully have backed up).
lbu ci floppy
== Rebooting ==
In most cases you will need to reboot Alpine (specially if there are changes in the kernel):
kill 1
'''''Note:''' If you know what you are doing, you might not need to reboot.<BR>But make sure that all services affected by the upgrade are restarted.''
= Postfix on 1.9 =
== General ==
The idea is to create a postfix config to host multiple maildomains.<BR>
I want to document both how it's set up and how it's maintained
When you are done with postfix installation you could proceed and install (depending on your needs)
* clamsmtpd
* gross
* dovecot
* Other email related applications
== Initial Setup ==
Burn [http://dl-3.alpinelinux.org/alpine/v1.9/iso/alpine-1.9.0_alpha10-i386.iso alpine_1.9alpha10] on a CD and boot the machine.<BR>
'''''Suggestion:''' Follow notes on [[Setting_up_a_ssh-server]] to be able to remotely administer this box.''
== Postfix ==
=== Install ===
apk_add postfix
=== Prepare ===
We need to create a user on this system that has rights to read/write mail on you system.<BR>
Let's call this user ''vmail'' (you can choose another name if you like).<BR>
You will get prompted for a password.
adduser vmail
Now we need to know what gid/uid that user got.<BR>
Take notes on the numbers, you will need the in the upcoming configuration (in my case I got uid/gid '1001').
grep vmail /etc/passwd
This newly-created user will need permissions in the ''mail'' group.<BR>
Edit ''/etc/group'' and add ''vmail'' to the ''postdrop'' group. Se example below:
<pre>
postdrop:x:208:vmail
</pre>
==== Create missing dirs ====
Seems we are missing ''/var/spool/mail'' and ''/var/mail'' so we need to create those
mkdir /var/spool/mail
ln -s /var/spool/mail /var/mail
==== Create virtual maildir ====
In the upcoming configuration we are going to specify ''/var/mail/vhosts/'' as the ''virtual_mailbox_base'' so we need to create it.
mkdir /var/mail/vhosts
And we need to give permissions to our ''vmail'' user so he can read/write in this folder.
chown vmail:vmail /var/mail/vhosts
=== Configuration ===
For now I just dump whatever I have.
I will clean up these notes soon.
==== /etc/postfix/main.cf ====
These are the variables that varies from the defaults
<pre>
## These settings differers from the default config ##
soft_bounce = yes  # For testing
myhostname = mail.example.net
mydomain = example.net
myorigin = $mydomain
mydestination = localhost, mail.localdomain, localhost.localdomain, localdomain  # See 'virtual_mailbox_domains' for more information
mynetworks = 192.168.10.0/24, 127.0.0.0/8
relayhost =
in_flow_delay = 1s
home_mailbox = Maildir/
mail_spool_directory = /var/spool/mail
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
## The following is added to the config ##
virtual_mailbox_domains = example.net
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_uid_maps = static:1001
virtual_gid_maps = static:1001
virtual_alias_maps = hash:/etc/postfix/valias
</pre>
==== /etc/postfix/valias ====
<pre>
postmaster@example.net user1@example.net
hostmaster@example.net user2@example.net
</pre>
==== /etc/postfix/vmailbox ====
<pre>
user1@example.net      example.net/user1/
user2@example.net      example.net/user2/
@example.net          example.net/catchall #everyone else doesn't match rule above
</pre>
=== Create DB's ===
Once you created the above config-files, you need to make generate some DB's
postmap /etc/postfix/vmailbox
postmap /etc/postfix/valias
I am not 100% if the next command is needed, but I ''think'' that you need to create the 'aliases' DB.
postmap /etc/postfix/aliases
=== Start postfix ===
It's time to start. Hopefully it works!
/etc/init.d/postfix start
=== Debugging ===
In case something goes wrong you should have a look in your syslog.<BR>
Personally I use to tail the logfile while debugging
tail -f /var/log/messages
= Dovecot on 1.9 =
== General ==
Dovecot should be configured to let users fetch their mail through ssl<BR>
The aim is also to be able to fetch mail with mobile devices eg. mobile phones.
== Initial Setup ==
Start by following the 'postfix' instructions before you proceed to setup dovecot.
== Dovecot ==
=== Install ===
apk_add dovecot
=== Prepare ===
The upcoming configuration is going to need some certificates.
==== Certificates ====
We want to keep things clean, so we create a dovecot folder for it's certs/keys
mkdir /etc/ssl/dovecot
Now we start creating the certs
openssl genrsa 512/1024 > server.pem
openssl req -new -key server.pem -days 365 -out request.pem  # You will get prompted for various information that is added the the file
openssl genrsa 2048 > server.key
openssl req -new -x509 -nodes -sha1 -days 3650 -key server.key > server.pem
=== Configuration ===
For now I just dump whatever I have.
I will clean up these notes soon.
==== /etc/dovecot/dovecot.conf ====
<pre>
## These settings varies from the default configuration ##
base_dir = /var/run/dovecot/
protocols = imap imaps
listen = *
disable_plaintext_auth = no
ssl_disable = no
ssl_cert_file = /etc/ssl/dovecot/server.pem
ssl_key_file = /etc/ssl/dovecot/server.key
ssl_parameters_regenerate = 168
verbose_ssl = yes
login_chroot = yes
login_greeting = Dovecot ready.
mail_location = maildir:/var/spool/mail/vhosts/%d/%n
mail_privileged_group = mail
mail_debug = no
verbose_proctitle = no
valid_chroot_dirs = /var/mail
protocols lda {    # This line is not changed - it's here to help you know where to make edits
  postmaster_address = postmaster@example.net
}    # This line is not changed - it's here to help you know where to make edits
auth_verbose = yes
auth_debug = yes
auth_worker_max_count = 30
auth default {    # This line is not changed - it's here to help you know where to make edits
  mechanism = plain login digest-md5
  passdb passwd-file {
    args = /etc/dovecot/dovecot-passwd
  }
  userdb passwd-file {
    args = /etc/dovecot/dovecot-users
  }
  socket listen {
    path = /var/spool/postfix/private/auth
    user = postfix
    group = postfix
    mode = 0660
  }
}    # This line is not changed - it's here to help you know where to make edits
</pre>
==== /etc/dovecot/dovecot-users ====
The uid/gid number below '1004' should match your 'vmail' account (the account that owns '/var/mail/vhosts')
<pre>
user1@example.net::1004:1004::/var/spool/vhosts/example.net/:/bin/false::
user2@example.net::1004:1004::/var/spool/vhosts/example.net/:/bin/false::
</pre>
==== /etc/dovecot/dovecot-passwd ====
To generate the passwords you can use the dovecotpw command.<BR>
The output can be used to create a password for your 'dovecot-passwd'
dovecotpw -s MD5-CRYPT
The /etc/dovecot/passwd file should look like this:
user1@example.net:$1$tz5sbjAD$Wq9.NkSyNo/oElzFgI68.0
user2@example.net:$1$tz5sbjAD$Wq9.NkSyNo/oElzFgI68.0
=== Start dovecot ===
It's time to start. Hopefully it works!
/etc/init.d/dovecot start
=== Debugging ===
In case something goes wrong you should have a look in your syslog.<BR>
Personally I use to tail the logfile while debugging
tail -f /var/log/dovecot

Revision as of 16:32, 29 May 2010