UPS stawianie serwera: Różnice pomiędzy wersjami

Z wikiSSPW
Przejdź do nawigacji Przejdź do wyszukiwania
Linia 78: Linia 78:
 
<poem>
 
<poem>
 
[Unit]Description=Uruchomienie usług SSPWAfter=xapi[Service]Type=simpleExecStart=/root/sspw.shTimeoutStartSec=10[Install]WantedBy=default.target
 
[Unit]Description=Uruchomienie usług SSPWAfter=xapi[Service]Type=simpleExecStart=/root/sspw.shTimeoutStartSec=10[Install]WantedBy=default.target
 
 
</poem>
 
</poem>
  

Wersja z 20:29, 21 maj 2019

dom0

ISO repo

mkdir /var/opt/ISO_IMAGES

cd /var/opt/ISO_IMAGES

xe sr-create name-label=ISO_IMAGES_LOCAL type=iso device-config:location=/var/opt/ISO_IMAGES device-config:legacy_mode=true content-type=iso

wget https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.8.0-amd64-netinst.iso


net

Bond NIC0+NIC1 LACP oparty na IP

internal1400
wewnątrz serwera, MTU 1400 aby zmieściło się w gretap
xe network-list
xe network-param-set uuid=4faf0040-69b5-8288-ad9e-84de78ef7013 MTU=1400

vLany na łączu fizycznym
891 ssk-coi
892 ssk-strukt
893 ssk-org
894 ssk-stow
895 ssk-goscie
896 ssk-tech
897 ssk-pub
natywny 895

gretap

xe network-list

dopiero po uruchomieniu chociaż jednej VM

ip link set dev xapi0 mtu 1400 [xapi??? z adresem 192.168.0.[local]

ip link add t0 type gretap local 192.168.0.[local] remote 192.168.0.[remote]

ip link set dev t0 up

??? ip addr add 10.10.10.[local]/24 dev t0


ovs-vsctl add-port xapi0 t0

ovs-vsctl list-ports xapi0 [xapi??? z adresem 192.168.0.[local]


do crontab -e @reboot sleep 120 && pokolei


ip link add t0 type gretap local 192.168.0.10 remote 192.168.0.9

ip link set dev t0 up

ovs-vsctl add-port xapi0 t0


pliki automatyczne

sudo vim /root/sspw.sh

chmod +x /root/sspw.sh


#!/bin/bash echo "  " |& tee -a /var/log/sspw.service date +"%Y-%m-%d %T"  |& tee -a /var/log/sspw.service   while ! xe vm-list | grep "gate2" > /dev/null; do         echo "waiting start $(date +'%T')" |& tee -a /var/log/sspw.service         sleep 15 done sleep 180  echo "starting gate2  $(date + '%T')" |& tee -a /var/log/sspw.service /bin/xe vm-start vm=gate2 |& tee -a /var/log/sspw.service  while ! ifconfig | grep -F "xapi0" > /dev/null; do         echo "waiting xapi0  $(date +'%T')" |& tee -a /var/log/sspw.service         sleep 15 done  echo "starting gretap brige  $(date +'%T')" |& tee -a /var/log/sspw.service ip link add t0 type gretap local 192.168.0.10 remote 192.168.0.9 |& tee -a /var/log/sspw.service sleep 10 ip link set dev t0 up |& tee -a /var/log/sspw.service sleep 10 ovs-vsctl add-port xapi0 t0 |& tee -a /var/log/sspw.service  echo "starting VM  $(date +'%T')" |& tee -a /var/log/sspw.service sleep 30 /bin/xe vm-start vm=olimp |& tee -a /var/log/sspw.service sleep 30 /bin/xe vm-start vm=kolonaukowy |& tee -a /var/log/sspw.service sleep 10 /bin/xe vm-start vm=wiki |& tee -a /var/log/sspw.service sleep 10  echo "done  $(date +'%F %T')" |& tee -a /var/log/sspw.service


sudo vim /etc/systemd/system/sspw.service


[Unit]Description=Uruchomienie usług SSPWAfter=xapi[Service]Type=simpleExecStart=/root/sspw.shTimeoutStartSec=10[Install]WantedBy=default.target


systemctl enable sspw.service

systemctl start sspw.service

systemctl is-enabled sspw

Dodawanie Local storage

cat /proc/partitions

fdisk -l

ll /dev/disk/by-id

xe sr-create content-type=user device-config:device=/dev/disk/by-id/<scsi-xxxxxxxxxxxxxxxxxxxxxxxxx> host-uuid=<host-uuid> name-label='Local 2' shared=false type=lvm

dodawaie dysku w ramach LVM

wyświetlenie ile jest miejsca a grupie LVM

vgdisplay VG_XenStorage-eb3791be-298c-f290-3eb3-9a2f2470cd5e

stworzenie

lvcreate -n moving -L 3T VG_XenStorage-eb3791be-298c-f290-3eb3-9a2f2470cd5e --config global{metadata_read_only=0}

mkfs.ext4 /dev/VG_XenStorage-eb3791be-298c-f290-3eb3-9a2f2470cd5e/moving

mkdir /mnt/movingdata

blkid


crontab -e

@reboot /sbin/lvchange -ay /dev/VG_XenStorage-eb3791be-298c-f290-3eb3-9a2f2470cd5e/moving && /bin/mount /dev/VG_XenStorage-eb3791be-298c-f290-3eb3-9a2f2470cd5e/moving /mnt/movingdata

kopiowanie VM przez export-import

scp root@192.168.0.10:/movingexportsfolder/gate2.xva /movingexportsmount/
scp 192.168.0.9:/movingexportsmount/kolonaukowy.xva /mnt/movingdata/
xe vm-import filename=/mnt/movingdata/kolonaukowy.xva sr-uuid=f975cc08-fbca-78d0-2229-1a61ccb60699


gateX

sudo vim /etc/sysctl.conf

net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1

sudo vim /etc/resolv.conf

#search gate1.samorzad.pw.edu.pl nameserver 127.0.0.1 nameserver 10.0.1.1 nameserver 10.0.1.2 nameserver 194.29.137.146 nameserver 194.29.137.147


auto loiface lo inet loopbackallow-hotplug eth0auto eth0iface eth0 inet static address 10.0.1.2 netmask 255.255.255.0 mtu 1400 sudo vim /etc/network/interfaces # The primary network interface allow-hotplug eth1 auto eth1 iface eth1 inet static address 194.29.137.140 netmask 255.255.255.224 network 194.29.137.128 broadcast 194.29.137.159 gateway 194.29.137.145 # dns-* options are implemented by the resolvconf package, if installed # dns-nameservers localhost 194.29.137.146 194.29.137.147 # dns-search samorzad.pw.edu.pl post-up iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE mtu 1300





debian

virtualny serwer na xenserver

dodanie narzędzi

mkdir /mnt/dvd

mount -o ro,exec /dev/disk/by-label/XenServer\\x20Tools /mnt/dvd

/mnt/dvd/Linux/install.sh


restart

shutdown -r now

wspólne

aktualizacja źródeł apt-get update

instalowanie vim apt-get install vim

instalowanie mc apt-get install mc

instalowanie sudo apt-get install sudo vim /etc/group

dopisujemy login osoby do sudo sudo:kbaczewski,platosinski,amartynowicz

apt-get install htop


keep alive

sudo vim /etc/ssh/sshd_config


ServerAliveInterval 120

ServerAliveCountMax 5

TCPKeepAlive yes


sudo /etc/init.d/ssh restart

server www

instalowanie postgres

dodajemy źródło vim /etc/apt/sources.list dodajemy deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main

dodanie klucza tego źródła wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -

apt-get update

apt-get install postgresql-10

apt-get install php-fpm

cp /etc/php/7.0/fpm/pool.d/www.conf /etc/php/7.0/fpm/pool.d/wiki.conf vim /etc/php/7.0/fpm/pool.d/wiki.conf /etc/init.d/php7.0-fpm restart

apt-get install nginx vim /etc/nginx/sites-available/wiki.sspw.pl


server { listen 80;

       server_name wiki wiki.sspw.pl ;#katalog główny strony, można wszystkie strony w /var/www ale jak różne grupy mają mieć dostęp to można zakładać grupy, albo robić użytkownika i w katalogu /home/użytkownik        root /var/www/wiki;        # Add index.php to the list if you are using PHP        index index.php;        location / {                index index.php;                try_files $uri $uri/ @rewrite;
  1. konieczne przy srwerach za proxy (za gate1, gate2)fastcgi_param REMOTE_ADDR $http_x_real_ip;fastcgi_param SERVER_NAME 'wiki.sspw.pl';fastcgi_param HTTP_HOST 'wiki.sspw.pl';fastcgi_read_timeout 600; } location @rewrite { rewrite ^/wiki/(.*)$ /wiki/index.php?title=$1&$args; } location ~ \.php$ { fastcgi_pass $fastcgi_socket; fastcgi_split_path_info ^(.+\.php)(/.*)$ ; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT $realpath_root; fastcgi_index index.php; try_files $uri @rewrite;
  2. konieczne przy srwerach za proxy (za gate1, gate2)fastcgi_param REMOTE_ADDR $http_x_real_ip;fastcgi_param SERVER_NAME 'wiki.sspw.pl';fastcgi_param HTTP_HOST 'wiki.sspw.pl';fastcgi_read_timeout 600; } location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { try_files $uri /index.php; expires max; log_not_found off; } location = /_.gif { expires max; empty_gif; } location ^~ /cache/ { deny all; }#katalog do logów, katalog wiki musi być najpierw ręcznie stworzony access_log /var/log/wiki/access.log; error_log /var/log/wiki/error.log; set $fastcgi_socket unix:/var/run/php/php7.0-fpm_wiki.sock;}


ln -s /etc/nginx/sites-available/wiki.sspw.pl /etc/nginx/sites-enabled/ nginx -t service nginx restart

less /var/log/nginx/error.log


prydatne komendy

zmiana właścicieli plików chown -R www-data:wiki /var/www/wiki/


wewnętrzne certyfikaty

po stronie gate

dodajemy vm

vim /etc/nginx/sites-enabled/gate1

server {

listen 80;

server_name wiki.gate1.samorzad.pw.edu.pl;

location / {

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-Proto https;

proxy_pass http://wiki:80;

}

access_log /var/log/nginx/gate1/access_ssl.log;

error_log /var/log/nginx/gate1/error_ssl.log;

}

a potem zmieniamy w vim /etc/nginx/sites-enabled/wiki.sspw.pl

proxy_pass https://10.0.1.50:443;

po stronie vm

apt-get install python-certbot-nginx

vim /etc/nginx/sites-enabled/default

zmiana linia około 38

server_name _ wiki.gate1.samorzad.pw.edu.pl;


service nginx restart

certbot --authenticator webroot --installer nginx

wybieramy opcję tylko dla

1:wiki.gate1.samorzad.pw.edu.pl


1: Enter a new webroot

/var/www/html

1: Easy - Allow both HTTP and HTTPS access to these sites


<accesscontrol>KN SKiPD "UPS":::</accesscontrol>