BigToy
Links
RAID
cat /proc/mdstat
Personalities : [raid1]
md2 : active raid1 sdc1[0] sdd1[1]
1953378368 blocks super 1.2 [2/2] [UU]
bitmap: 0/15 pages [0KB], 65536KB chunk
md1 : active raid1 sda2[0] sdb2[1]
508523520 blocks super 1.2 [2/2] [UU]
bitmap: 2/4 pages [8KB], 65536KB chunk
md0 : active raid1 sda1[0] sdb1[1]
242496 blocks super 1.2 [2/2] [UU]
mknod /dev/md2 b 9 2
chmod 0660 /dev/md2
mdadm --assemble /dev/md2 /dev/sdc1 /dev/sdd1
Erstellen
gdisk /dev/sd[cdef] # Partition 1 mit Typ fd00 anlegen mdadm --create /dev/md2 --level=1 --raid-devices=2 /dev/sdc1 /dev/sdd1 mdadm --create /dev/md3 --level=1 --raid-devices=2 /dev/sde1 /dev/sdf1
LVM
vgscan -v vgchange -aay vgs VG #PV #LV #SN Attr VSize VFree bigstore 1 4 0 wz--n- 1.82t 646.88g lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert backup bigstore -wi-ao---- 1.00t cloud-connected bigstore -wi-ao---- 64.00g icloud-data bigstore -wi-ao---- 64.00g merkur bigstore -wi-ao---- 64.00g
Disks
lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 489.1G 0 disk
├─sda1 8:1 0 237M 0 part
│ └─md0 9:0 0 236.8M 0 raid1 /boot
├─sda2 8:2 0 485.1G 0 part
│ └─md1 9:1 0 485G 0 raid1 /
└─sda3 8:3 0 3.7G 0 part [SWAP]
sdb 8:16 0 489.1G 0 disk
├─sdb1 8:17 0 237M 0 part
│ └─md0 9:0 0 236.8M 0 raid1 /boot
├─sdb2 8:18 0 485.1G 0 part
│ └─md1 9:1 0 485G 0 raid1 /
└─sdb3 8:19 0 3.7G 0 part [SWAP]
sdc 8:32 0 1.8T 0 disk
└─sdc1 8:33 0 1.8T 0 part
└─md2 9:2 0 1.8T 0 raid1
├─bigstore-backup 251:0 0 1T 0 lvm /media/backup
├─bigstore-icloud--data 251:1 0 64G 0 lvm /media/icloud-data
├─bigstore-merkur 251:2 0 64G 0 lvm /media/merkur
└─bigstore-cloud--connected 251:3 0 64G 0 lvm /media/bigstore/cloud-connected
sdd 8:48 0 1.8T 0 disk
└─sdd1 8:49 0 1.8T 0 part
└─md2 9:2 0 1.8T 0 raid1
├─bigstore-backup 251:0 0 1T 0 lvm /media/backup
├─bigstore-icloud--data 251:1 0 64G 0 lvm /media/icloud-data
├─bigstore-merkur 251:2 0 64G 0 lvm /media/merkur
└─bigstore-cloud--connected 251:3 0 64G 0 lvm /media/bigstore/cloud-connected
fdisk -l /dev/sda
Device Boot Start End Sectors Size Id Type
/dev/sda1 * 2048 487423 485376 237M 83 Linux
/dev/sda2 487424 1017796607 1017309184 485.1G 83 Linux
/dev/sda3 1017796608 1025609727 7813120 3.7G 82 Linux swap / Solaris
fdisk -l /dev/sdb
Device Boot Start End Sectors Size Id Type
/dev/sdb1 * 2048 487423 485376 237M 83 Linux
/dev/sdb2 487424 1017796607 1017309184 485.1G 83 Linux
/dev/sdb3 1017796608 1025609727 7813120 3.7G 82 Linux swap / Solaris
fdisk -l /dev/sdc
Device Start End Sectors Size Type
/dev/sdc1 2048 3907020976 3907018929 1.8T Linux RAID
fdisk -l /dev/sdd
Device Start End Sectors Size Type
/dev/sdd1 2048 3907020976 3907018929 1.8T Linux RAID
Installation
USER=xx adduser $USER cd /home/$USER mkdir .ssh ; chown $USER .ssh ; chmod 755 .ssh cd .ssh cat > authorized_keys PUBLIC_KEY chown $USER authorized_keys ; chmod 600 authorized_keys
Netzwerk
- /etc/network/interfaces
auto lo iface lo inet loopback
auto eth0 iface eth0 inet static
address 173.212.192.189 netmask 255.255.255.0 gateway 173.212.192.1 dns-nameservers 79.143.183.251 213.136.95.10
auto vmbr0 iface vmbr0 inet static
address 10.10.10.1 netmask 255.0.0.0 broadcast 10.255.255.255 bridge_ports none bridge_stp off bridge_fd 0
Firewall
cat <<EOS >/etc/shorewall/zones
- ZONE TYPE OPTIONS IN OUT
- OPTIONS OPTIONS
fw firewall net ipv4 loc ipv4 EOS
cat <<EOS >/etc/shorewall/interfaces
- ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect nosmurfs
- loc venet0 detect routeback
loc vmbr0 detect routeback,bridge
EOS
cat <<EOS > /etc/shorewall/policy
- SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
- From Firewall Policy
fw fw ACCEPT fw net ACCEPT fw loc ACCEPT
- From localnet Policy
loc loc ACCEPT loc net ACCEPT loc fw ACCEPT
- From Net Policy
net fw DROP info net loc DROP info
- THE FOLLOWING POLICY MUST BE LAST
all all REJECT info EOS
cat <<EOS >/etc/shorewall/rules
- ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE
- Permit access to SSH
SSH/ACCEPT net fw - - - - 12/min:8
- Permit access to Proxmox Manager and Console
ACCEPT net fw tcp 5900:6010,8006 ACCEPT net fw tcp 80,81,443,444
- PING Rules
Ping/ACCEPT all all
- SSH für 10.10.10.101:
DNAT net loc:10.10.10.101:22 tcp 10101 - DNAT net loc:10.10.10.101:80 tcp 10181 - DNAT net loc:10.10.10.102:22 tcp 10102 - DNAT net loc:10.10.10.102:81 tcp 10112 - DNAT net loc:10.10.10.102:8080 tcp 10122 - DNAT net loc:10.10.10.103:22 tcp 10103 - DNAT net loc:10.10.10.104:22 tcp 10104 - DNAT net loc:10.10.10.105:22 tcp 10105 - DNAT net loc:10.10.10.106:22 tcp 10106 - DNAT net loc:10.10.10.104:80 tcp 10114 - DNAT net loc:10.10.10.105:443 tcp 10145 - DNAT net loc:10.10.10.106:10186 tcp 10186 - DNAT net loc:10.10.10.106:10116 tcp 10116 - DNAT net loc:10.10.10.106:8080 tcp 10126 -
- Regeln:
- Endziffer: Id der VM: 2: tom, 3: next, 4: merkur, 5: silenus, 6: neptun
- vorletzte Ziffer: Server 0: ssh, 1: nginx (http), 2: tomcat-Konsole 4: nginx (https), 8: apache2
- LAST LINE -- DO NOT REMOVE
EOS
cat <<EOS >> /etc/shorewall/masq
- INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth0 10.0.0.0/8
- LAST LINE -- DO NOT REMOVE
- INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth0 10.0.0.0/8
- LAST LINE -- DO NOT REMOVE
- INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth0 10.0.0.0/8
- LAST LINE -- DO NOT REMOVE
- INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth0 10.0.0.0/8
- LAST LINE -- DO NOT REMOVE
- INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
eth0 10.0.0.0/8
- LAST LINE -- DO NOT REMOVE
EOS
- Test, ob SSH noch geht:
shorewall try /etc/shorewall 60s
- Firewall beim Booten aktivieren: /etc/default/shorewall
startup=1