Currently the Hannibal is developed, tested and supported on the Debian GNU/Linux 4.0 (a.k.a. Etch) platform. We assume a minimal installation of the operating system as a foundation to be present. Just install the base system. Don't add additional packages via tasksel, dselect and / or aptitude at the moment. You could use a separate machine per module or use a virtualization tool. As we chose Xen as our preferred virtualization solution, some of our own considerations and documentation regarding Xen are included at the Xen section of this wiki.
Start with just some basic Debian repositories. By default we'll only use 'main', 'contrib' and the security-repositories. Our example of /etc/apt/sources.list is localized for The Netherlands. You can choose an appropriate mirror from http://www.debian.org/mirror/list
deb http://ftp.nl.debian.org/debian etch main contrib deb http://security.debian.org/ stable/updates main contrib
If your server is intended to compile software and/or to (re)build Debian packages, you might want to add some source repositories as described at the Hannibal Development-server howto.
Now you can update/upgrade your system to the current state of Debian stable.
apt-get update apt-get dist-upgrade -fu
We usually install these tools for system administration on a base system:
apt-get install ssh less vim hdparm make chkrootkit sudo tcpdump nmap iptraf dsniff \ dnsutils iproute ntpdate sysstat tcpstat mc file bzip2 links wget rsync \ lsof xinetd eject screen fping arping ipcalc ngrep traceroute mtr strace \ ltrace netcat netselect discover
If you already have a working LDAP-enviroment for user authentication and you want to configure your new machine to make use of it, read the Hannibal documentation on howto turn a server into a LDAP-client.
Most Hannibal modules may co-exist happily together on one machine. However, we use one virtual machine for every single module and we advise you to do so too! In our experience separation per module gains flexibility and scalability that will prove very valuable at your daily work as a sysadmin, only at the cost of some overhead in resources.
Integration of separate modules might be possible, however this is not supported and there are some known problems. For instance, the Fedora Directory Server requires the apache2-mpm-worker package, which conflicts with packages as libapache2-mod-php5 (which requires another version of Apache)…so you have been warned!
We use one IP-address per host and an IP per service. This allows easier migration of services if necessary. The administration of IP-addresses will be much easier if you use a tool like IPplan! Visit the website at http://iptrack.sourceforge.net
Hannibal IP-number plan:
192.168.1.1 router/gateway 192.168.1.5 dom0-1 (Xen-host) 192.168.1.6 dom0-2 (Xen-host) 192.168.1.11 ns1 192.168.1.12 ldap1 192.168.1.14 smtp (mta) 192.168.1.15 imap/pop (e-mail store) 192.168.1.16 fileserver 192.168.1.17 ca 192.168.1.18 databaseserver 192.168.1.19 vpnserver 192.168.1.20 webserver 192.168.1.21 xdm 192.168.1.23 http-proxy 192.168.1.24 ntp 192.168.1.25 calendar server (reserved) 192.168.1.26 syslog (logging server) 192.168.1.27 systemmonitor (nagios/centreon) 192.168.1.28 dev (development server) 192.168.1.29 jabber (irc) 192.168.1.30 asterisk (reserved) 192.168.1.31 ns2 192.168.1.32 ldap2 192.168.1.100-199 <hosts> 192.168.1.200-250 <dhcp-range>