BigToy
Links
RAID
cat /proc/mdstat Personalities : [raid1] md2 : active raid1 sdc1[0] sdd1[1] 1953378368 blocks super 1.2 [2/2] [UU] bitmap: 0/15 pages [0KB], 65536KB chunk md1 : active raid1 sda2[0] sdb2[1] 508523520 blocks super 1.2 [2/2] [UU] bitmap: 2/4 pages [8KB], 65536KB chunk md0 : active raid1 sda1[0] sdb1[1] 242496 blocks super 1.2 [2/2] [UU] mknod /dev/md2 b 9 2 chmod 0660 /dev/md2 mdadm --assemble /dev/md2 /dev/sdc1 /dev/sdd1 mdadm --assemble /dev/md3 /dev/sde1 /dev/sdf1
Erstellen
gdisk /dev/sd[cdef] # Partition 1 mit Typ fd00 anlegen mdadm --create /dev/md2 --level=1 --raid-devices=2 /dev/sdc1 /dev/sdd1 mdadm --create /dev/md3 --level=1 --raid-devices=2 /dev/sde1 /dev/sdf1
LVM
vgscan -v vgchange -aay vgs VG #PV #LV #SN Attr VSize VFree bigstore 1 4 0 wz--n- 1.82t 646.88g lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert Infeos-data bigstore -wi-a----- 1.00g anwaltskanzlei-wilhelm-data bigstore -wi-ao---- 96.00g backup bigstore -wi-ao---- 1.20t connect-develop-data bigstore -wi-ao---- 200.00g infeos-data bigstore -wi-ao---- 64.00g merkur bigstore -wi-ao---- 64.00g sidra-bau-data bigstore -wi-ao---- 64.00g stgcloud.stg-mitarbeiterberater-data bigstore -wi-ao---- 32.00g strasser-strasser-data bigstore -wi-ao---- 32.00g
Erstellen
pvcreate /dev/md2 vgcreate --physicalextentsize 32M bigstore /dev/md2 pvcreate /dev/md3 vgcreate --physicalextentsize 32M quattro /dev/md3 LV_NAMES="backup anwaltskanzlei-wilhelm-data connect-develop-data infeos-data merkur" LV_NAMES="$LV_NAMES sidra-bau-data stgcloud.stg-mitarbeiterberater-data strasser-strasser-data" lvcreate --size 2T --name backup quattro lvcreate --size 96G --name anwaltskanzlei-wilhelm-data quattro lvcreate --size 200G --name connect-develop-data quattro lvcreate --size 64G --name infeos-data quattro lvcreate --size 64G --name merkur quattro lvcreate --size 64G --name sidra-bau-data quattro lvcreate --size 32G --name stgcloud.stg-mitarbeiterberater-data quattro lvcreate --size 32G --name strasser-strasser-data quattro for name in $LV_NAMES; do mkfs.ext4 -L $name /dev/quattro/$name done mkfs.ext4 -L backup /dev/quattro/backup mkfs.ext4 -L anwaltskanzlei-wilhelm-data /dev/quattro/anwaltskanzlei-wilhelm-data mkfs.ext4 -L connect-develop-data /dev/quattro/connect-develop-data mkfs.ext4 -L infeos-data /dev/quattro/infeos-data mkfs.ext4 -L merkur /dev/quattro/merkur mkfs.ext4 -L sidra-bau-data /dev/quattro/sidra-bau-data mkfs.ext4 -L stgcloud.stg-mitarbeiterberater-data /dev/quattro/stgcloud.stg-mitarbeiterberater-data mkfs.ext4 -L strasser-strasser-data /dev/quattro/strasser-strasser-data for name in $LV_NAMES; do mkdir -p /media/quattro/$name done
Disks
lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 489.1G 0 disk ├─sda1 8:1 0 237M 0 part │ └─md0 9:0 0 236.8M 0 raid1 /boot ├─sda2 8:2 0 485.1G 0 part │ └─md1 9:1 0 485G 0 raid1 / └─sda3 8:3 0 3.7G 0 part [SWAP] sdb 8:16 0 489.1G 0 disk ├─sdb1 8:17 0 237M 0 part │ └─md0 9:0 0 236.8M 0 raid1 /boot ├─sdb2 8:18 0 485.1G 0 part │ └─md1 9:1 0 485G 0 raid1 / └─sdb3 8:19 0 3.7G 0 part [SWAP] sdc 8:32 0 1.8T 0 disk └─sdc1 8:33 0 1.8T 0 part └─md2 9:2 0 1.8T 0 raid1 ├─bigstore-backup 251:0 0 1T 0 lvm /media/backup ├─bigstore-icloud--data 251:1 0 64G 0 lvm /media/icloud-data ├─bigstore-merkur 251:2 0 64G 0 lvm /media/merkur └─bigstore-cloud--connected 251:3 0 64G 0 lvm /media/bigstore/cloud-connected sdd 8:48 0 1.8T 0 disk └─sdd1 8:49 0 1.8T 0 part └─md2 9:2 0 1.8T 0 raid1 ├─bigstore-backup 251:0 0 1T 0 lvm /media/backup ├─bigstore-icloud--data 251:1 0 64G 0 lvm /media/icloud-data ├─bigstore-merkur 251:2 0 64G 0 lvm /media/merkur └─bigstore-cloud--connected 251:3 0 64G 0 lvm /media/bigstore/cloud-connected fdisk -l /dev/sda Device Boot Start End Sectors Size Id Type /dev/sda1 * 2048 487423 485376 237M 83 Linux /dev/sda2 487424 1017796607 1017309184 485.1G 83 Linux /dev/sda3 1017796608 1025609727 7813120 3.7G 82 Linux swap / Solaris fdisk -l /dev/sdb Device Boot Start End Sectors Size Id Type /dev/sdb1 * 2048 487423 485376 237M 83 Linux /dev/sdb2 487424 1017796607 1017309184 485.1G 83 Linux /dev/sdb3 1017796608 1025609727 7813120 3.7G 82 Linux swap / Solaris fdisk -l /dev/sdc Device Start End Sectors Size Type /dev/sdc1 2048 3907020976 3907018929 1.8T Linux RAID fdisk -l /dev/sdd Device Start End Sectors Size Type /dev/sdd1 2048 3907020976 3907018929 1.8T Linux RAID
Installation
USER=xx adduser $USER cd /home/$USER mkdir .ssh ; chown $USER .ssh ; chmod 755 .ssh cd .ssh cat > authorized_keys PUBLIC_KEY chown $USER authorized_keys ; chmod 600 authorized_keys
Netzwerk
- /etc/network/interfaces
auto lo iface lo inet loopback
auto eth0 iface eth0 inet static
address 173.212.192.189 netmask 255.255.255.0 gateway 173.212.192.1 dns-nameservers 79.143.183.251 213.136.95.10
auto vmbr0 iface vmbr0 inet static
address 10.10.10.1 netmask 255.0.0.0 broadcast 10.255.255.255 bridge_ports none bridge_stp off bridge_fd 0
Firewall
cat <<EOS >/etc/shorewall/zones
- ZONE TYPE OPTIONS IN OUT
- OPTIONS OPTIONS
fw firewall net ipv4 loc ipv4 EOS
cat <<EOS >/etc/shorewall/interfaces
- ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect nosmurfs
- loc venet0 detect routeback
loc vmbr0 detect routeback,bridge
EOS
cat <<EOS > /etc/shorewall/policy
- SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
- From Firewall Policy
fw fw ACCEPT fw net ACCEPT fw loc ACCEPT
- From localnet Policy
loc loc ACCEPT loc net ACCEPT loc fw ACCEPT
- From Net Policy
net fw DROP info net loc DROP info
- THE FOLLOWING POLICY MUST BE LAST
all all REJECT info EOS
cat <<EOS >/etc/shorewall/rules
- ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE
- Permit access to SSH
SSH/ACCEPT net fw - - - - 12/min:8
- Permit access to Proxmox Manager and Console
ACCEPT net fw tcp 5900:6010,8006 ACCEPT net fw tcp 80,81,443,444
- PING Rules
Ping/ACCEPT all all
- SSH für 10.10.10.101:
DNAT net loc:10.10.10.101:22 tcp 10101 - DNAT net loc:10.10.10.101:80 tcp 10181 - DNAT net loc:10.10.10.102:22 tcp 10102 - DNAT net loc:10.10.10.102:81 tcp 10112 - DNAT net loc:10.10.10.102:8080 tcp 10122 - DNAT net loc:10.10.10.103:22 tcp 10103 - DNAT net loc:10.10.10.104:22 tcp 10104 - DNAT net loc:10.10.10.105:22 tcp 10105 - DNAT net loc:10.10.10.106:22 tcp 10106 - DNAT net loc:10.10.10.104:80 tcp 10114 - DNAT net loc:10.10.10.105:443 tcp 10145 - DNAT net loc:10.10.10.106:10186 tcp 10186 - DNAT net loc:10.10.10.106:10116 tcp 10116 - DNAT net loc:10.10.10.106:8080 tcp 10126 -
- Regeln:
- Endziffer: Id der VM: 2: tom, 3: next, 4: merkur, 5: silenus, 6: neptun
- vorletzte Ziffer: Server 0: ssh, 1: nginx (http), 2: tomcat-Konsole 4: nginx (https), 8: apache2
- LAST LINE -- DO NOT REMOVE
EOS
cat <<EOS >> /etc/shorewall/masq
- INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth0 10.0.0.0/8
- LAST LINE -- DO NOT REMOVE
- INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth0 10.0.0.0/8
- LAST LINE -- DO NOT REMOVE
- INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth0 10.0.0.0/8
- LAST LINE -- DO NOT REMOVE
- INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth0 10.0.0.0/8
- LAST LINE -- DO NOT REMOVE
- INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth0 10.0.0.0/8
- LAST LINE -- DO NOT REMOVE
EOS
- Test, ob SSH noch geht:
shorewall try /etc/shorewall 60s
- Firewall beim Booten aktivieren: /etc/default/shorewall
startup=1