Note: Please go to docs.rightscale.com to access the current RightScale documentation set. Also, feel free to Chat with us!
Home > ServerTemplates > v12.11 LTS > ST > Base ServerTemplate for Linux (Chef) (v12.11 LTS)

Base ServerTemplate for Linux (Chef) (v12.11 LTS)

 

 


Table of Contents    

Long Term Support

icon-lts-v1.png

Stable, tested ServerTemplate assets

    ►  Overview

 

Description

If you cannot find an existing ServerTemplate from the MultiCloud Marketplace that you can clone and modify to meet your own needs, it's strongly recommended that you use the Base ServerTemplate for Linux (Chef) ServerTemplate to start your custom development because it includes the minimum set of scripts that are necessary for optimized server management through the RightScale management platform. For example, the ServerTemplate contains scripts for setting up monitoring on the server so that you can view the real-time graphs in the Dashboard and create alert specifications for automation. It also contains a set of best practices alerts that are preconfigured under the Alerts tab.

Overview

Minimum Scripts for Best Practices

The "Base" ServerTemplate contains the minimum set of scripts that are required for optimal server management within the RightScale management platform. It's recommended that you do not delete any of these scripts from a ServerTemplate unless you are an advanced user and are aware of the ramifications.

screen-BaseLinuxScripts-v1.png

The minimum set of scripts in the "Base" ServerTemplate are found in most ServerTemplates published by RightScale and perform the following setup operations:

  • logging::default - Configures a native logging provider. Logging can be configured to send log data to a remote server.
  • sys_firewall::default - Configures iptables on the server for firewall purposes. By default, the 'Firewall' input is enabled, which opens TCP ports 22, 80, 443 to any IP address (0.0.0.0/0).
  • sys_ntp::default - Installs and configures a Network Time Protocol (NTP) client on the server to synchronize the time clock between an instance and RightScale's core servers, which is necessary for accurate audit entry timestamps.
  • rightscale::setup_server_tags - Sets machine tags that are common to all RightScale managed servers. (e.g. rs_logging:state=active, rs_login:state=active, rs_monitoring:state=active)
  • rightscale::setup_timezone - Sets the system timezone on the instance.
  • rightscale::setup_monitoring - Enables the instance for monitoring by RightScale's core servers so that real-time data can be collected from the instance and graphs can be displayed in the RightScale dashboard under the related Monitoring tabs. This script is also required for setting up alerts for alert escalations and autoscaling.
  • rightscale::install_tools - Installs RightScale's core instance tools.
  • block_device::setup_ephemeral - If the cloud provider of the instance does not support the use of mountable volumes for data storage, it creates, formats, and mounts a brand new block device on the instance's ephemeral drive. The script does nothing on instances in clouds that support volumes. (e.g. EC2)
  • sys::setup_swap - Creates and activates a swap file based on the selected size (in GB). Default swap size is 0.5 GB. Note: The swap added to the instance by this file will be in addition to any swap defined in the image.


Important!
As a general best practice, any new scripts that you add to the ServerTemplate should be added to the bottom of the existing boot script list.

Security and Firewall Permissions

Iptables is enabled by default on all servers regardless of whether or not the cloud provider supports cloud-specific firewall services such as security groups. (e.g. AWS EC2)

22, 80, 443

By default, the 'sys_firewall::default' boot script configures iptables on the instance with the following TCP ports open to all (0.0.0.0/0) by default.

  • 22 - SSH access
  • 80 - HTTP access
  • 443 - HTTPS access (SSL)


Note: For more information about iptables, refer to the Linux documentation.

Other ports

To create additional firewall permissions to allow or deny access, you can use the sys_firewall::setup_rule script. For detailed instructions, see the Base ServerTemplate for Linux (Chef) Runbook.

You must to post a comment.
Last modified
00:31, 17 May 2013

Tags

Classifications

This page has no classifications.

Announcements

None


© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.