Richard's Diary

Tuesday, January 13, 2009

More AMI Bundling
  1. disable password based login for root and all users via ssh http://developer.amazonwebservices.com/connect/entry.jspa?externalID=1233 (already works if you leverage Amazon AMI)
  2. make sure all accounts are unable to login by looking at shadow file
  3. for any machine, make sure you remove unneeded public keys from ~/.ssh/known_hosts or authorized_keys because anyone who possesses the private key could connect to local machine
  4. make sure private keys are readable only by owner and all keys are not writeable so they aren't accidentally modified, otherwise you need to need to resend public key but the most annoying thing about it is being unable to login when you want to
  5. create PostgreSQL and LOG volumes, attach them, format them and mount them per http://www.picky-ricky.com/2009/01/amazon-ebs.html
  6. yum install postgresql-server
  7. configure pg_hba.conf per http://www.picky-ricky.com/2008/11/postgresql.html
  8. configure postgresql.conf per http://www.picky-ricky.com/2008/12/postgresql-configuration-and-backup.html
  9. configure /etc/sysconfig/postgresql for paths
    POSTGRES_DATADIR="/usr/local/pgsql/data"
    POSTGRES_OPTIONS=">>/usr/local/pgsql/data/logfile 2>&1"
  10. change /etc/init.d/postgresql to smart shutdown
  11. chkconfig --level 345 postgresql on

© 2010 Picky Ricky, Inc. originalblog