BigToy

Aus Info-Theke
Zur Navigation springen Zur Suche springen

Links

RAID

cat /proc/mdstat
Personalities : [raid1] 
md2 : active raid1 sdc1[0] sdd1[1]
      1953378368 blocks super 1.2 [2/2] [UU]
      bitmap: 0/15 pages [0KB], 65536KB chunk

md1 : active raid1 sda2[0] sdb2[1]
      508523520 blocks super 1.2 [2/2] [UU]
      bitmap: 2/4 pages [8KB], 65536KB chunk

md0 : active raid1 sda1[0] sdb1[1]
      242496 blocks super 1.2 [2/2] [UU]

mknod /dev/md2 b 9 2
chmod 0660 /dev/md2
mdadm --assemble /dev/md2 /dev/sdc1 /dev/sdd1

LVM

vgscan -v
vgchange -aay
vgs

  VG       #PV #LV #SN Attr   VSize VFree  
  bigstore   1   4   0 wz--n- 1.82t 646.88g
lvs
  LV              VG       Attr       LSize  Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  backup          bigstore -wi-ao----  1.00t                                                    
  cloud-connected bigstore -wi-ao---- 64.00g                                                    
  icloud-data     bigstore -wi-ao---- 64.00g                                                    
  merkur          bigstore -wi-ao---- 64.00g                                                    

Disks

lsblk
NAME                            MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                               8:0    0 489.1G  0 disk  
├─sda1                            8:1    0   237M  0 part  
│ └─md0                           9:0    0 236.8M  0 raid1 /boot
├─sda2                            8:2    0 485.1G  0 part  
│ └─md1                           9:1    0   485G  0 raid1 /
└─sda3                            8:3    0   3.7G  0 part  [SWAP]
sdb                               8:16   0 489.1G  0 disk  
├─sdb1                            8:17   0   237M  0 part  
│ └─md0                           9:0    0 236.8M  0 raid1 /boot
├─sdb2                            8:18   0 485.1G  0 part  
│ └─md1                           9:1    0   485G  0 raid1 /
└─sdb3                            8:19   0   3.7G  0 part  [SWAP]
sdc                               8:32   0   1.8T  0 disk  
└─sdc1                            8:33   0   1.8T  0 part  
  └─md2                           9:2    0   1.8T  0 raid1 
    ├─bigstore-backup           251:0    0     1T  0 lvm   /media/backup
    ├─bigstore-icloud--data     251:1    0    64G  0 lvm   /media/icloud-data
    ├─bigstore-merkur           251:2    0    64G  0 lvm   /media/merkur
    └─bigstore-cloud--connected 251:3    0    64G  0 lvm   /media/bigstore/cloud-connected
sdd                               8:48   0   1.8T  0 disk  
└─sdd1                            8:49   0   1.8T  0 part  
  └─md2                           9:2    0   1.8T  0 raid1 
    ├─bigstore-backup           251:0    0     1T  0 lvm   /media/backup
    ├─bigstore-icloud--data     251:1    0    64G  0 lvm   /media/icloud-data
    ├─bigstore-merkur           251:2    0    64G  0 lvm   /media/merkur
    └─bigstore-cloud--connected 251:3    0    64G  0 lvm   /media/bigstore/cloud-connected

fdisk -l /dev/sda
Device     Boot      Start        End    Sectors   Size Id Type
/dev/sda1  *          2048     487423     485376   237M 83 Linux
/dev/sda2           487424 1017796607 1017309184 485.1G 83 Linux
/dev/sda3       1017796608 1025609727    7813120   3.7G 82 Linux swap / Solaris

fdisk -l /dev/sdb
Device     Boot      Start        End    Sectors   Size Id Type
/dev/sdb1  *          2048     487423     485376   237M 83 Linux
/dev/sdb2           487424 1017796607 1017309184 485.1G 83 Linux
/dev/sdb3       1017796608 1025609727    7813120   3.7G 82 Linux swap / Solaris

fdisk -l /dev/sdc
Device     Start        End    Sectors  Size Type
/dev/sdc1   2048 3907020976 3907018929  1.8T Linux RAID

fdisk -l /dev/sdd
Device     Start        End    Sectors  Size Type
/dev/sdd1   2048 3907020976 3907018929  1.8T Linux RAID

Installation

USER=xx
adduser $USER
cd /home/$USER
mkdir .ssh ; chown $USER .ssh ; chmod 755 .ssh
cd .ssh
cat > authorized_keys
PUBLIC_KEY
chown $USER authorized_keys ; chmod 600 authorized_keys

Netzwerk

  • /etc/network/interfaces

auto lo iface lo inet loopback

auto eth0 iface eth0 inet static

 address  173.212.192.189
 netmask  255.255.255.0
 gateway  173.212.192.1
 dns-nameservers 79.143.183.251 213.136.95.10

auto vmbr0 iface vmbr0 inet static

 address  10.10.10.1
 netmask  255.0.0.0
 broadcast 10.255.255.255
 bridge_ports none
 bridge_stp off
 bridge_fd 0

Firewall

cat <<EOS >/etc/shorewall/zones

  1. ZONE TYPE OPTIONS IN OUT
  2. OPTIONS OPTIONS

fw firewall net ipv4 loc ipv4 EOS

cat <<EOS >/etc/shorewall/interfaces

  1. ZONE INTERFACE BROADCAST OPTIONS

net eth0 detect nosmurfs

  1. loc venet0 detect routeback

loc vmbr0 detect routeback,bridge

EOS

cat <<EOS > /etc/shorewall/policy

  1. SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
  2. From Firewall Policy

fw fw ACCEPT fw net ACCEPT fw loc ACCEPT

  1. From localnet Policy

loc loc ACCEPT loc net ACCEPT loc fw ACCEPT

  1. From Net Policy

net fw DROP info net loc DROP info

  1. THE FOLLOWING POLICY MUST BE LAST

all all REJECT info EOS

cat <<EOS >/etc/shorewall/rules

  1. ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE
  2. Permit access to SSH

SSH/ACCEPT net fw - - - - 12/min:8

  1. Permit access to Proxmox Manager and Console

ACCEPT net fw tcp 5900:6010,8006 ACCEPT net fw tcp 80,81,443,444

  1. PING Rules

Ping/ACCEPT all all

  1. SSH für 10.10.10.101:

DNAT net loc:10.10.10.101:22 tcp 10101 - DNAT net loc:10.10.10.101:80 tcp 10181 - DNAT net loc:10.10.10.102:22 tcp 10102 - DNAT net loc:10.10.10.102:81 tcp 10112 - DNAT net loc:10.10.10.102:8080 tcp 10122 - DNAT net loc:10.10.10.103:22 tcp 10103 - DNAT net loc:10.10.10.104:22 tcp 10104 - DNAT net loc:10.10.10.105:22 tcp 10105 - DNAT net loc:10.10.10.106:22 tcp 10106 - DNAT net loc:10.10.10.104:80 tcp 10114 - DNAT net loc:10.10.10.105:443 tcp 10145 - DNAT net loc:10.10.10.106:10186 tcp 10186 - DNAT net loc:10.10.10.106:10116 tcp 10116 - DNAT net loc:10.10.10.106:8080 tcp 10126 -

  1. Regeln:
  2. Endziffer: Id der VM: 2: tom, 3: next, 4: merkur, 5: silenus, 6: neptun
  3. vorletzte Ziffer: Server 0: ssh, 1: nginx (http), 2: tomcat-Konsole 4: nginx (https), 8: apache2
  4. LAST LINE -- DO NOT REMOVE

EOS

cat <<EOS >> /etc/shorewall/masq

  1. INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK

eth0 10.0.0.0/8

  1. LAST LINE -- DO NOT REMOVE
  2. INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK

eth0 10.0.0.0/8

  1. LAST LINE -- DO NOT REMOVE
  2. INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK

eth0 10.0.0.0/8

  1. LAST LINE -- DO NOT REMOVE
  2. INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK

eth0 10.0.0.0/8

  1. LAST LINE -- DO NOT REMOVE
  2. INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK

eth0 10.0.0.0/8

  1. LAST LINE -- DO NOT REMOVE

EOS

  1. Test, ob SSH noch geht:

shorewall try /etc/shorewall 60s

  1. Firewall beim Booten aktivieren: /etc/default/shorewall

startup=1