Table of Contents
Symbiosis will install well on a freshly-installed Debian 6.0 system. Currently it is only available for i386 and amd64 architectures, running on the Linux kernel.
It is designed to be as friendly as possible for beginners, whilst maintaining flexibility for more experienced systems administrators. Later in this chapter we’ll spell out a few basics to bear in mind when working with a system running Symbiosis.
Installing Symbiosis on Debian Squeeze is relatively straightforward. Before beginning it is advisable to have complete, tested backups of your system. That said, the Symbiosis packages have been designed to install, and be removed cleanly.
In order to install Bytemark Symbiosis on Debian 6.0 (Squeeze) add the
following lines to /etc/apt/sources.list.d/symbiosis.list.
# # Bytemark Symbiosis Packages # deb http://symbiosis.bytemark.co.uk/squeeze/ ./ deb-src http://symbiosis.bytemark.co.uk/squeeze/ ./
Then run the following commands to install a complete Symbiosis system. This will pull in all the packages and software needed to run a system as described by this manual.
apt-get update apt-get install --install-recommends bytemark-symbiosis
Upgrading from lenny should be straightforward, but it does involve touching nearly every part of system. Debian provide comprehensive release notes, of which chapter 4 covers the recommended upgrade procedure. It is worth reading, although for convenience we have produced a shorter version in this section.
The first thing to do is make sure that you have backups. These
should be kept in /ver/backups/localhost, and they should
be up to date.
Now we can proceed with the upgrade. Next we can alter
/etc/apt/sources.list. Essentially change all instances of the word
lenny to squeeze. Also comment out the debian-volatile
repositories, as these have been removed in the Squeeze release. Then
change the Symbiosis repository lines to match those shown in the
previous section.
An minimal /etc/apt/sources.list.
deb http://mirror.bytemark.co.uk/debian/ squeeze main contrib non-free deb http://mirror.bytemark.co.uk/debian/ squeeze-updates main contrib non-free deb http://security.debian.org/ squeeze/updates main contrib non-free deb http://symbiosis.bytemark.co.uk/squeeze ./
Having done that, the Apt lists can be updated, and the upgrade started.
apt-get update apt-get dist-upgrade
During the upgrade, various questions will be asked. Here are the questions along with the answers that should be given. Note that these are the questions that are caused by having lenny Symbiosis installed. There may be others asked depending on the precise state of the system.
Following the completion of the dist-upgrade, it is recommended that
symbiosis-mysql is specifically installed, as this will upgrade the
MySQL server to version 5.1.
sudo apt-get install symbiosis-mysql
Finally we can fully enable phpmyadmin by setting up a MySQL database for it. To do this run:
sudo dpkg-reconfigure phpmyadmin
And that should be it!
Following the release of this software, several small issues came to light. Here is a summary of those issues and the fixes that can be put in place if needed.
Following an upgrade from Lenny to Squeeze, there is a change in time format in the backup2l list files. This results in a full backup being made even though a lot of the data haven’t changed.
The solution is to do a new top-level backup immediately, i.e. provide a new baseline. However you might find that this removes an entire set of previous backups. This is the recommended procedure in the manual page "shortly before or after major changes are performed with the file system. In this case, a lower level should be specified in order to avoid that a large number of files are backed up multiple times again."
To do this, run
sudo backup2l -b 0
People are reporting various phpMyAdmin / SquirrelMail failures. e.g.
The current solution to this is tweaking the PHP5 Suhosin configuration file, or removing PHP Suhosin completely. Suhosin plays a role in keeping your machine secure against badly coded applications. There is more information about it, and why it should be used on its website.
The Suhosin configuration is kept in
/etc/php5/apache2/conf.d/suhosin.ini. The item to change is
suhosin.session.encrypt and it should be uncommented and set to
off. Once done, Apache should be restarted.
sudo /etc/init.d/apache2 restart
The alternative is to remove Suhosin. Please consider the security implications before doing this. To remove it run the following command.
sudo apt-get remove --purge php5-suhosin
There are a couple of emails that might get set regularly by cron. The first references PHP5 mhash.ini which is a deprecated module. To fix run
sudo apt-get remove --purge php5-mhash
The second is one complaining that /usr/sbin/exim_rewrite_scan
cannot be found. To fix that remove /etc/cron.d/exim_rewrite_scan.
There were a couple of race condition causing the firewall to trigger itself to run again whilst running.
This is now fixed in the latest packages and your machine should automatically update itself.
Plain text logins have been disabled in the IMAP and POP3 server unless the connection is encrypted. This is to prevent transmission of unencrypted passwords. A typical error shown by an email client might be as follows.
Plaintext authentication disallowed on non-secure (SSL/TLS) connections.
There are two solutions.
The alternative is to allow passwords to pass across the internet
unencrypted. To do this edit
/etc/dovecot/symbiosis.d/005-main/30-disable-plaintext-login
and change disable_plaintext_auth from "yes" to "no".
Then run:
cd /etc/dovecot sudo make sudo /etc/init.d/dovecot restart
Each component that makes up Symbiosis is separately packaged as follows. Each pacakge can be installed individually if needed.
sources.list file.
Symbiosis is an attempt to encourage best practice at all times in systems administration, whilst keeping things as simple as possible, and free of surprises. As a result there are a few general rules to bear in mind when tinkering with your system.
As far as possible Symbiosis will discourage you from using root
when logging in and configuring the system. This primarily applies to
/srv/ directory
/etc/symbiosis/firewall
For example, if a directory in /srv is owned by a system
user or group, i.e. one with a UID/GID less than 1000, then it will
not show up to various tasks, including, but not limited to,
config/crontab
public/logs/
In short, try not to use root if at all possible.
However it is perfectly possible to configure separate domains in
/srv/ to be owned by different users, as long as they are
non-system users, i.e. ones with user IDs greater than 1000. All
programs will respect these permissions.
Lots of configuration on the system is automatically generated to make Symbiosis work as it does. In previous releases of Symbiosis this meant that files would get overwritten without notice. However as of the Squeeze release in February 2012 configuration files are handled more conservatively.
Two things to watch out for. If a configuration file has
# DO NOT EDIT THIS FILE - CHANGES WILL BE OVERWRITTEN
written in it, then there is a high chance that any changes will be overwritten. It has to be the exact wording and spacing above for overwriting to take place, so if that sentence is removed from the configuration then it will not get overwritten.
Similarly many files are generated from templates, for example DNS and apache snippets. These will now have a checksum at the bottom of the file.
# Checksum MD5 586732ff59e60115d0ec1c4905c72773
This checksum allows Symbiosis scripts to establish if the template
used to generate the snippet has changed, if the data used in the
generation has changed, or if the file itself has been edited. For
example if an IP address is changed by editing config/ip, then that
would allow the apache snippet for that domain can be updated, as can
the DNS snippet.
This also means that sysadmins can edit the templates, and allow them to regenerate, or edit the snippets themselves safe in the knowledge that their changes will not get overwritten.
The Backup2l, Dovecot, and Exim configuration files are generated not with a template, but with a collection of snippets, which are joined and checked using a Makefile. This allows extra configuration snippets to be added in to the configuration.
If it is deemed necessary, sysadmins can add extra snippets to these configurations. The basic procedure is to read the configuration file, and decide where the extra directives need to go. This is made easier by the fact that through the configuration files comments are added showing where each part comes from.
# ------------------------------------------------------------------------------ # /etc/exim4/symbiosis.d/10-acl/40-acl-check-mail/00-header # ------------------------------------------------------------------------------ # ACL that is used after the MAIL command acl_check_mail: # ------------------------------------------------------------------------------ # /etc/exim4/symbiosis.d/10-acl/40-acl-check-mail/90-default # ------------------------------------------------------------------------------ # Allow anything not already denied to connect accept
In this example, if an extra directive were required in this ACL,
then a file could be created in
/etc/exim4/symbiosis.d/10-acl/40-acl-check-mail/, maybe
with the filename 10-do-stuff. To create the new configuration,
we’d then need to run make in /etc/exim4/. This would
regenerate /etc/exim4/exim4.conf, and perform a basic syntax check.
If happy with the new configuration, then exim4 could be restarted.
The equivalent Dovecot configuration is in /etc/dovecot/symbiosis.d/
which generates /etc/dovecot/dovecot.conf. The Backup2l
configuration is in /etc/symbiosis/backup.d/conf.d/, which
generates /etc/symbiosis/backup.d/backup2l.conf.