The server is AMD64 Bit, 1 CPU with 2 cores, 1 GB RAM, RAID1 software RAID (2x160 GB) with Debian4 in 1und1 (largest German webhosting provider) data center.
Please OpenVZ experts only!
1. General conditions:
* Please make small notes of the basic steps, where apropriate
(where I need to know what you did) and enable loging of your
ssh client. At the end of the session, I'd like to have the
ssh logfile and these notes (and the logfiles of the system,
pls. don't delete them) as documentation.
* should you think that one of my steps below or other
whishes or remarks mentioned is problematic (e.g. from a maintainability
or security aspect) or is too dificult to implement or you have a better idea
(e.g. use of better software), please dont hesitate to say so (*you* are the
experts after all!), best of course in advance.
* you can ask questions all the time, may be I can help.
* in case you see any problems in reaching the goals below
in time (=with 24 hors), e.g. because you need to do further research or
testing or because more urgent events need your time, that
is OK, but pleeease let me know when it happens *latest*,
so that I can inform my customers.
* Please give me status reports every 12 hours minimum,
consisting of a mail where you mention where you are in the plan,
what problems you face at the moment and what you plan to achieve
within 12 month
* allow ssh login for me (readonly) every 24 hours minimum,
so that I can look at the status of your work.
* payment via paypal
1st server (hardware node):
2. Log into the server (root pw and ip address will be given),
The work will first mean to correct the paritioning of the RAID1 hard disks, as the current partitioning contains some 90% of the space to /home, what is certainly not the optimum for OpenVZ. Mainly, a virtuozzo server needs a lot of space for vz, and it is recomended to have an own partition
for /vz/private (but that may not be that important for XFS). You may also want to look for the other partitions, if they are ok (/ seems way too small for me).
As the partitioning is undone every time when the server is reinitialised, I need also a documentation how to redo the partitioning myself in case it is needed to reformat the server later.
3.
Check the setup of the server as done by 1und1 if it is OK.
Where you see room for imptovement, especialy in security,
please do so, but:
- the server has been preconfigured with 1und for their network
(dhcp, time server, ftp etc).
Especialy their routing has ben charachterised as "special".
You should not touch their routing etc, except when you know very
good what you are doing.
- compatibility with openvz is more important and a must
(so no installation of grsecurity, no SELinux <- SELinux probably has to be
disabled).
- the implemented security must be so hat it doesn't
hinder me or that I can change it myself. Example is
firehol firewall: such a firewall is easy to understand
and configure when one needs to make changes.
3a.
While you work on the changes, you need tp backup
the server to ftp space regularly, especialy after you
have hardened it, before the next steps of installing openvz
(and especialy before installing the Webpanels, especialy HyperVM,
which may turn out to be insecure and or instable) to the provided
internal FTP server (do not backup the server to your own
FTP space/system).
That way, when something goes wrong, you always have a valid
point from which you can recover, without doing all the work
again and again (I can tell from very bad experiences myself).
The 1und1 internal FTP has 160 GB storage (same as server hdd),
of which some 100 GB are still free (and I could probably free up
some more 20-30 GB, if you want me to. Don't delete the old FTP
files (=those that have been saved by me) on your own, pls.
When you make backups on the FTP server, use
self speaking names for the directory names and
make little [login to view URL] notes in that directory to explain
what it contains (at least for that storage you keep
at the end of the day).
4.
prepare server for OpenVZ (what ever may otherwise be needed).
5.
Install OpenVZ for Linux 64bit (see also 6!), this is probably
the most important and dificult part of the work.
The installation of OpenVZ means especialy to select or compile the correct OpenVZ kernel for AMD64 with Raid1. I already experienced one well reputed provider who failed to provide this. So you should have a good experience and know how with OpenVZ, AMD64, RAID1 and Debian4, best with this combination.
6.
If you have experience with OpenVZ and HyperVM, install
HyperVM for OpenVZ,m but only if you know you can get it to run.
Both myself and the previous sevrer provider were not able
to install HyperVM on the server.
(Also, if you know a better alternative that is in the
low budget are of <= 10 us$/monh or <= 100 us$ once,
you can also install that instead).
Please note that the installer for HyperVM seems also installs
OpenVZ kernel. So if this works, you could in this case have
this step instead of step5 (but the kernel chosen was unbootable
for me, when I tried it).
(As this step seems to be error prone, when you decide to do it,
make sure you made a backup before).
7.
Install Template from openvz website for Debian4 64bit
(they may also come with HyperVM installer)
8.
Make final adjustments in the system as needed.
9.
Save the complete system as [login to view URL] or similar
to the ftp drive (so that when the server is broken
and I need to resort to the precreated installation image
of 1und1, I can boot from recovery console and
install your setup from FTP backup).
----------
2nd server (VPS):
10.
From the downloaded minimal Debian4 Template, create a
VPS (If you have a better, precreated one, you can
of course take that one).
All my basic hosting will go here.
10a.
Make sure that the settings of the VPS are appropriate
for Plesk hosting.
Here is the official documentation to install Plesk in openVZ:
[login to view URL]
(Plesk sample install output; [login to view URL] )
As you can see, the installation itself is just the normal one, the point
that differs is the way how to setup the CPS to make sure it has
enough ressources for plesk. However, as we do not need to
save resources to an extreme, this should be OK.
11.
Use the debian source list which I will sent you
(especialy for php etc).
12.
Make the necessary changes so that the VPS is secure
and all other changes you find advisable for better
management (similar to 3, but this time for the client VPS).
13.
Before you are going to install plesk, make a copy of
this VPS (see [login to view URL];goto=3134&
as a sample for how to do this). This will also allow
to have a fallback option: everytime, something goes wrong
in the plesk installation, you can revert to this.
Also, it is a good starting position for me, should I
decide in future to dump plesk and replace it by seomthing
else (or live again without it). So keep this first copy!
14.
Now install Plesk 8.4.
My understanding is, that in order to have php5 support (mandantory!)
you need to first install aptitude install psa-php5-configurator
(and that you can install this only before plesk 8.2.1, not later).
When downloading plesk, my understanding is that you need to download
and start it with this:
wget [login to view URL]
chmod +x ./psa_installer_v3.2.1_build070914.16_os_Debian_4.0_x86_64
./psa_installer_v3.2.1_build070914.16_os_Debian_4.0_x86_64
As for the modules, I use a conservative/minimal approch as
it is easy to instal modules later, but it is dificult to
impossible to get rid of modules once installed. However.
we will need the german language pack (and no other language
except the english default). I especialy do *NOT* want the
antivirus and firewall module sinstalled, as they only
provide problems. AppVault I do not want because it makes
the size of the vps too big. Coldfusion and TomCat I have not
licenced.
I found it more or less easy to install 8.2.1 but nearly impossible
to update to 8.3 and from there to 8.4 without errors.
So please make a backup of the VPS before upgrading to 8.3 and
to 8.4. If upgrading to 8.3 or 8.4 doesn't work, I will be
satisfied enough with 8.21 or 8.3.
15.
If you find post plesk installation issues that you need to address,
especialy security aspects, please handle them.
16.
Now make again a (security) copy of the VPS.
17.
Create a Debian template from the VPS (see [login to view URL]
ad especialy [login to view URL] )
and install it in the repository. Test if it works.
18.
Now make bakups to the FTP filespace of the new VPS
(empty and with Plesk) and of the Plesk VPS.