BigToy

Aus Info-Theke
Zur Navigation springen Zur Suche springen

Links[Bearbeiten]

RAID[Bearbeiten]

cat /proc/mdstat
Personalities : [raid1] 
md2 : active raid1 sdc1[0] sdd1[1]
      1953378368 blocks super 1.2 [2/2] [UU]
      bitmap: 0/15 pages [0KB], 65536KB chunk

md1 : active raid1 sda2[0] sdb2[1]
      508523520 blocks super 1.2 [2/2] [UU]
      bitmap: 2/4 pages [8KB], 65536KB chunk

md0 : active raid1 sda1[0] sdb1[1]
      242496 blocks super 1.2 [2/2] [UU]

mknod /dev/md2 b 9 2
chmod 0660 /dev/md2
mdadm --assemble /dev/md2 /dev/sdc1 /dev/sdd1
mdadm --assemble /dev/md3 /dev/sde1 /dev/sdf1

Erstellen[Bearbeiten]

gdisk /dev/sd[cdef]
# Partition 1 mit Typ fd00 anlegen

mdadm --create /dev/md2 --level=1 --raid-devices=2 /dev/sdc1 /dev/sdd1
mdadm --create /dev/md3 --level=1 --raid-devices=2 /dev/sde1 /dev/sdf1

LVM[Bearbeiten]

vgscan -v
vgchange -aay
vgs

  VG       #PV #LV #SN Attr   VSize VFree  
  bigstore   1   4   0 wz--n- 1.82t 646.88g
lvs
  LV                                   VG       Attr       LSize   Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  Infeos-data                          bigstore -wi-a-----   1.00g                                                    
  anwaltskanzlei-wilhelm-data          bigstore -wi-ao----  96.00g                                                    
  backup                               bigstore -wi-ao----   1.20t                                                    
  connect-develop-data                 bigstore -wi-ao---- 200.00g                                                    
  infeos-data                          bigstore -wi-ao----  64.00g                                                    
  merkur                               bigstore -wi-ao----  64.00g                                                    
  sidra-bau-data                       bigstore -wi-ao----  64.00g                                                    
  stgcloud.stg-mitarbeiterberater-data bigstore -wi-ao----  32.00g                                                    
  strasser-strasser-data               bigstore -wi-ao----  32.00g                                                    

Erstellen[Bearbeiten]

pvcreate /dev/md2
vgcreate --physicalextentsize 32M  bigstore /dev/md2

pvcreate /dev/md3
vgcreate --physicalextentsize 32M  quattro /dev/md3

LV_NAMES="backup anwaltskanzlei-wilhelm-data connect-develop-data infeos-data merkur"
LV_NAMES="$LV_NAMES sidra-bau-data stgcloud.stg-mitarbeiterberater-data strasser-strasser-data"

lvcreate --size 2T --name backup quattro
lvcreate --size 96G --name anwaltskanzlei-wilhelm-data quattro
lvcreate --size 200G --name connect-develop-data quattro
lvcreate --size 64G --name infeos-data quattro
lvcreate --size 64G --name merkur quattro
lvcreate --size 64G --name sidra-bau-data quattro
lvcreate --size 32G --name stgcloud.stg-mitarbeiterberater-data quattro
lvcreate --size 32G --name strasser-strasser-data quattro

for name in $LV_NAMES; do
   mkfs.ext4 -L $name /dev/quattro/$name
done

mkfs.ext4 -L backup /dev/quattro/backup
mkfs.ext4 -L anwaltskanzlei-wilhelm-data /dev/quattro/anwaltskanzlei-wilhelm-data
mkfs.ext4 -L connect-develop-data /dev/quattro/connect-develop-data
mkfs.ext4 -L infeos-data /dev/quattro/infeos-data
mkfs.ext4 -L merkur /dev/quattro/merkur
mkfs.ext4 -L sidra-bau-data /dev/quattro/sidra-bau-data
mkfs.ext4 -L stgcloud.stg-mitarbeiterberater-data /dev/quattro/stgcloud.stg-mitarbeiterberater-data
mkfs.ext4 -L strasser-strasser-data /dev/quattro/strasser-strasser-data

for name in $LV_NAMES; do
   mkdir -p /media/quattro/$name
done

Disks[Bearbeiten]

lsblk
NAME                            MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                               8:0    0 489.1G  0 disk  
├─sda1                            8:1    0   237M  0 part  
│ └─md0                           9:0    0 236.8M  0 raid1 /boot
├─sda2                            8:2    0 485.1G  0 part  
│ └─md1                           9:1    0   485G  0 raid1 /
└─sda3                            8:3    0   3.7G  0 part  [SWAP]
sdb                               8:16   0 489.1G  0 disk  
├─sdb1                            8:17   0   237M  0 part  
│ └─md0                           9:0    0 236.8M  0 raid1 /boot
├─sdb2                            8:18   0 485.1G  0 part  
│ └─md1                           9:1    0   485G  0 raid1 /
└─sdb3                            8:19   0   3.7G  0 part  [SWAP]
sdc                               8:32   0   1.8T  0 disk  
└─sdc1                            8:33   0   1.8T  0 part  
  └─md2                           9:2    0   1.8T  0 raid1 
    ├─bigstore-backup           251:0    0     1T  0 lvm   /media/backup
    ├─bigstore-icloud--data     251:1    0    64G  0 lvm   /media/icloud-data
    ├─bigstore-merkur           251:2    0    64G  0 lvm   /media/merkur
    └─bigstore-cloud--connected 251:3    0    64G  0 lvm   /media/bigstore/cloud-connected
sdd                               8:48   0   1.8T  0 disk  
└─sdd1                            8:49   0   1.8T  0 part  
  └─md2                           9:2    0   1.8T  0 raid1 
    ├─bigstore-backup           251:0    0     1T  0 lvm   /media/backup
    ├─bigstore-icloud--data     251:1    0    64G  0 lvm   /media/icloud-data
    ├─bigstore-merkur           251:2    0    64G  0 lvm   /media/merkur
    └─bigstore-cloud--connected 251:3    0    64G  0 lvm   /media/bigstore/cloud-connected

fdisk -l /dev/sda
Device     Boot      Start        End    Sectors   Size Id Type
/dev/sda1  *          2048     487423     485376   237M 83 Linux
/dev/sda2           487424 1017796607 1017309184 485.1G 83 Linux
/dev/sda3       1017796608 1025609727    7813120   3.7G 82 Linux swap / Solaris

fdisk -l /dev/sdb
Device     Boot      Start        End    Sectors   Size Id Type
/dev/sdb1  *          2048     487423     485376   237M 83 Linux
/dev/sdb2           487424 1017796607 1017309184 485.1G 83 Linux
/dev/sdb3       1017796608 1025609727    7813120   3.7G 82 Linux swap / Solaris

fdisk -l /dev/sdc
Device     Start        End    Sectors  Size Type
/dev/sdc1   2048 3907020976 3907018929  1.8T Linux RAID

fdisk -l /dev/sdd
Device     Start        End    Sectors  Size Type
/dev/sdd1   2048 3907020976 3907018929  1.8T Linux RAID

Installation[Bearbeiten]

USER=xx
adduser $USER
cd /home/$USER
mkdir .ssh ; chown $USER .ssh ; chmod 755 .ssh
cd .ssh
cat > authorized_keys
PUBLIC_KEY
chown $USER authorized_keys ; chmod 600 authorized_keys

Netzwerk[Bearbeiten]

  • /etc/network/interfaces

auto lo iface lo inet loopback

auto eth0 iface eth0 inet static

 address  173.212.192.189
 netmask  255.255.255.0
 gateway  173.212.192.1
 dns-nameservers 79.143.183.251 213.136.95.10

auto vmbr0 iface vmbr0 inet static

 address  10.10.10.1
 netmask  255.0.0.0
 broadcast 10.255.255.255
 bridge_ports none
 bridge_stp off
 bridge_fd 0

Firewall[Bearbeiten]

cat <<EOS >/etc/shorewall/zones

  1. ZONE TYPE OPTIONS IN OUT
  2. OPTIONS OPTIONS

fw firewall net ipv4 loc ipv4 EOS

cat <<EOS >/etc/shorewall/interfaces

  1. ZONE INTERFACE BROADCAST OPTIONS

net eth0 detect nosmurfs

  1. loc venet0 detect routeback

loc vmbr0 detect routeback,bridge

EOS

cat <<EOS > /etc/shorewall/policy

  1. SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
  2. From Firewall Policy

fw fw ACCEPT fw net ACCEPT fw loc ACCEPT

  1. From localnet Policy

loc loc ACCEPT loc net ACCEPT loc fw ACCEPT

  1. From Net Policy

net fw DROP info net loc DROP info

  1. THE FOLLOWING POLICY MUST BE LAST

all all REJECT info EOS

cat <<EOS >/etc/shorewall/rules

  1. ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE
  2. Permit access to SSH

SSH/ACCEPT net fw - - - - 12/min:8

  1. Permit access to Proxmox Manager and Console

ACCEPT net fw tcp 5900:6010,8006 ACCEPT net fw tcp 80,81,443,444

  1. PING Rules

Ping/ACCEPT all all

  1. SSH für 10.10.10.101:

DNAT net loc:10.10.10.101:22 tcp 10101 - DNAT net loc:10.10.10.101:80 tcp 10181 - DNAT net loc:10.10.10.102:22 tcp 10102 - DNAT net loc:10.10.10.102:81 tcp 10112 - DNAT net loc:10.10.10.102:8080 tcp 10122 - DNAT net loc:10.10.10.103:22 tcp 10103 - DNAT net loc:10.10.10.104:22 tcp 10104 - DNAT net loc:10.10.10.105:22 tcp 10105 - DNAT net loc:10.10.10.106:22 tcp 10106 - DNAT net loc:10.10.10.104:80 tcp 10114 - DNAT net loc:10.10.10.105:443 tcp 10145 - DNAT net loc:10.10.10.106:10186 tcp 10186 - DNAT net loc:10.10.10.106:10116 tcp 10116 - DNAT net loc:10.10.10.106:8080 tcp 10126 -

  1. Regeln:
  2. Endziffer: Id der VM: 2: tom, 3: next, 4: merkur, 5: silenus, 6: neptun
  3. vorletzte Ziffer: Server 0: ssh, 1: nginx (http), 2: tomcat-Konsole 4: nginx (https), 8: apache2
  4. LAST LINE -- DO NOT REMOVE

EOS

cat <<EOS >> /etc/shorewall/masq

  1. INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK

eth0 10.0.0.0/8

  1. LAST LINE -- DO NOT REMOVE
  2. INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK

eth0 10.0.0.0/8

  1. LAST LINE -- DO NOT REMOVE
  2. INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK

eth0 10.0.0.0/8

  1. LAST LINE -- DO NOT REMOVE
  2. INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK

eth0 10.0.0.0/8

  1. LAST LINE -- DO NOT REMOVE
  2. INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK

eth0 10.0.0.0/8

  1. LAST LINE -- DO NOT REMOVE

EOS

  1. Test, ob SSH noch geht:

shorewall try /etc/shorewall 60s

  1. Firewall beim Booten aktivieren: /etc/default/shorewall

startup=1