Along with the old server machines I collected from the office (that this server is currently running on) came a plethora of hard disks of varying sized. I decided to put a couple of them to use in a RAID array to protect my important (not really) data.
The motherboard in my (much newer) desktop machine comes equipped with a RAID compatible disk controller, that I have never made use of. Unfortunately, the machine I have constructed as my server does not.

Never fear, software raid to the rescue. While I was (and still am) led to believe that software RAID is considerably slower than its hardware equivalent, my current array performs comparably, even slightly better (at least for reads), than the individual disks. So it is definitely a viable solution.

So I now have a simple 2 disk mirrored array, and in it’s creation dispelled a few more of my own misconceptions.

RAID array can be configured using partitions on an already partitioned drive (probably even using the 2 partitions on the same disk, but I didn’t try as it sort of defeats the purpose).

Using mdadm, a newer much friendlier (than the older raidtools) solution to software RAID on linux, to set up a software RAID is actually a fairly simple task.

As I was creating an new array from blank disks, the majority of the configuration is one command:

mdadm --create --verbose /dev/md0 --level=1 --raid-devices=2 /dev/hdb1 /dev/hdc1


Where /dev/md0 is the new software raid device and /dev/hdb1 and /dev/hdc1 are the 2 partitions that are to be used to create the array. If there is already data that needs to be preservered the "Create Degraded array, Add new disk" approach (described in much more detail in an article on SourceForge).

and then

mdadm --examine --scan >> /dev/mdadm/mdadm.conf

to save the configuration (it works without the configuration file, it just makes life a little easier)

I am yet to set up monitoring, but according to Linux dev center that is fairly simple too.

The configuration of a RAID array was much simpler and less interesting than I anticipated, but I suppose that’s a good thing for the server administration world in general.

As I mentioned previously, I just replaced my server. The side-effect of this is that I need to perform a fresh install of all the software (unless I just move the drives of course, but I still want to use the old server).

I’ve decided to stay with Debian as my server distribution as I haven’t had any major issues with it and it is easy to administer, as well as being the parent distribution of my desktop OS, Ubuntu… makes it easier for my little brain to keep track of.

For the last few Debian installations I’ve done I’ve used to greater or lesser extents an really well written article that offers a step-by-step guide to the installation of an "almost ISP ready server". While it is written for Debian 3.1 (Sarge) I have used it to install Deiban 4 (Etch) on a number of occasions.

The majority of the process is the same, with the exception of a few packages that I prefer newer versions of; such as Apache 2, PHP 5 and MySQL 5. Facilitating the need to alter a few of the "cut-and-paste" instructions. The guide can be followed beginning to end, or just follow the sections detailing the services you are after.

Note: I’ve since discovered that the author (Falko Timme) has also written an article for details the installation of Etch, so maybe I’ll use that next time. Unless I decide to install Lenny by then.

My SSL certificate for my mail server had been expired for a few weeks now. When I finally got a round to installing a new one, I discovered the script I used to use to generate them missing. Instead I had to call OpenSSL directly. Luckily, the line wasn’t too hard to find.

After filling in the requisite fields in the configuration file — The most important being the "CN" field, which should contain the FQDN of the mail server.

/etc/courier/imapd.cnf:

RANDFILE = /usr/lib/courier/imapd.rand
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ]
C=AU
ST=QLD
L=Brisbane
O=Courier Mail Server
OU=Automatically-generated IMAP SSL key
CN=mail.example.com
emailAddress=postmaster@example.com
[ cert_type ]
nsCertType = server


Then generate the certificate itself with this incantation:

/usr/bin/openssl req -new -x509 -days 365 -nodes \
-config /etc/courier/imapd.cnf -out /usr/lib/courier/imapd.pem \
-keyout /usr/lib/courier/imapd.pem


Got rid of the annoying "This servers certificate is exipired" messages in my MUA anyway.