UPS stawianie serwera: Różnice pomiędzy wersjami

Z wikiSSPW
Przejdź do nawigacji Przejdź do wyszukiwania
 
(Nie pokazano 41 pośrednich wersji utworzonych przez tego samego użytkownika)
Linia 1: Linia 1:
 
== dom0 ==
 
== dom0 ==
 +
=== ISO repo ===
 +
 +
mkdir /var/opt/ISO_IMAGES
 +
 +
cd /var/opt/ISO_IMAGES
 +
 +
xe sr-create name-label=ISO_IMAGES_LOCAL type=iso device-config:location=/var/opt/ISO_IMAGES device-config:legacy_mode=true content-type=iso
 +
 +
wget https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.8.0-amd64-netinst.iso
 +
 +
 
=== net ===
 
=== net ===
 
Bond NIC0+NIC1 LACP oparty na IP
 
Bond NIC0+NIC1 LACP oparty na IP
Linia 5: Linia 16:
 
internal1400<br />
 
internal1400<br />
 
wewnątrz serwera, MTU 1400 aby zmieściło się w gretap<br />
 
wewnątrz serwera, MTU 1400 aby zmieściło się w gretap<br />
 +
xe network-list<br />
 +
xe network-param-set uuid=4faf0040-69b5-8288-ad9e-84de78ef7013 MTU=1400<br />
  
 
vLany na łączu fizycznym<br />
 
vLany na łączu fizycznym<br />
Linia 15: Linia 28:
 
897 ssk-pub<br />
 
897 ssk-pub<br />
 
natywny 895
 
natywny 895
 +
 +
=== gretap ===
 +
 +
xe network-list
 +
 +
dopiero po uruchomieniu chociaż jednej VM
 +
 +
ip link set dev xapi0 mtu 1400  [xapi??? z adresem 192.168.0.[local]
 +
 +
ip link add t0 type gretap local 192.168.0.[local] remote 192.168.0.[remote]
 +
 +
ip link set dev t0 up
 +
 +
???
 +
ip addr add 10.10.10.[local]/24 dev t0
 +
 +
 +
ovs-vsctl add-port xapi0 t0
 +
 +
ovs-vsctl  list-ports xapi0 [xapi??? z adresem 192.168.0.[local]
 +
 +
 +
 +
do crontab -e
 +
@reboot sleep 120 && pokolei
 +
 +
 +
ip link add t0 type gretap local 192.168.0.10 remote 192.168.0.9
 +
 +
ip link set dev t0 up
 +
 +
ovs-vsctl add-port xapi0 t0
 +
 +
 +
=== pliki automatyczne ===
 +
==== autostart VM ====
 +
vi /root/sspw.sh
 +
 +
#!/bin/bash
 +
echo "" |& tee -a /var/log/sspw.servicedate +"%Y-%m-%d %T"  |& tee -a /var/log/sspw.servicewhile ! xe vm-list | grep "gate1" > /dev/null; do        echo "waiting start $(date +'%T')" |& tee -a /var/log/sspw.service        sleep 15donesleep 60echo "starting gate1  $(date + '%T')" |& tee -a /var/log/sspw.service/bin/xe vm-start vm=gate1 |& tee -a /var/log/sspw.servicewhile ! ifconfig | grep -F "xapi0" > /dev/null; do        echo "waiting xapi0  $(date +'%T')" |& tee -a /var/log/sspw.service        sleep 15doneecho "starting gretap brige  $(date +'%T')" |& tee -a /var/log/sspw.serviceip link add t0 type gretap local 192.168.0.15 remote 192.168.0.10 |& tee -a /var/log/sspw.servicesleep 10ip link set dev t0 up |& tee -a /var/log/sspw.servicesleep 10ovs-vsctl add-port xapi0 t0 |& tee -a /var/log/sspw.serviceecho "starting VM  $(date +'%T')" |& tee -a /var/log/sspw.service#sleep 30#/bin/xe vm-start vm=olimp |& tee -a /var/log/sspw.service#sleep 30#/bin/xe vm-start vm=kolonaukowy |& tee -a /var/log/sspw.service#sleep 10#/bin/xe vm-start vm=wiki |& tee -a /var/log/sspw.service#sleep 10echo "done  $(date +'%F %T')" |& tee -a /var/log/sspw.service
 +
 +
 +
chmod +x /root/sspw.sh
 +
 +
==== /etc/systemd/system/sspw.service ====
 +
vi /etc/systemd/system/sspw.service
 +
 +
 +
 +
<poem>
 +
[Unit]
 +
Description=Uruchomienieusług SSPW
 +
After=xapi
 +
 +
[Service]
 +
Type=simple
 +
ExecStart=/root/sspw.sh
 +
TimeoutStartSec=10
 +
 +
[Install]
 +
WantedBy=default.target
 +
</poem>
 +
 +
 +
 +
'''systemctl enable sspw.service'''
 +
systemctl enable sspw.service
 +
 +
systemctl start sspw.service
 +
 +
systemctl is-enabled sspw
  
 
=== Dodawanie Local storage ===
 
=== Dodawanie Local storage ===
Linia 25: Linia 109:
  
 
xe sr-create content-type=user device-config:device=/dev/disk/by-id/<scsi-xxxxxxxxxxxxxxxxxxxxxxxxx> host-uuid=<host-uuid> name-label='Local 2' shared=false type=lvm
 
xe sr-create content-type=user device-config:device=/dev/disk/by-id/<scsi-xxxxxxxxxxxxxxxxxxxxxxxxx> host-uuid=<host-uuid> name-label='Local 2' shared=false type=lvm
 +
 +
=== dodawaie dysku w ramach LVM ===
 +
 +
wyświetlenie ile jest miejsca a grupie LVM
 +
 +
vgdisplay VG_XenStorage-eb3791be-298c-f290-3eb3-9a2f2470cd5e
 +
 +
stworzenie
 +
 +
lvcreate -n moving -L 3T VG_XenStorage-eb3791be-298c-f290-3eb3-9a2f2470cd5e --config global{metadata_read_only=0}
 +
 +
mkfs.ext4 /dev/VG_XenStorage-eb3791be-298c-f290-3eb3-9a2f2470cd5e/moving
 +
 +
mkdir /mnt/movingdata
 +
 +
blkid
 +
 +
 +
crontab -e
 +
 +
@reboot /sbin/lvchange -ay /dev/VG_XenStorage-eb3791be-298c-f290-3eb3-9a2f2470cd5e/moving && /bin/mount /dev/VG_XenStorage-eb3791be-298c-f290-3eb3-9a2f2470cd5e/moving /mnt/movingdata
 +
 +
== kopiowanie VM przez export-import ==
 +
 +
xe vm-export vm=gate1 filename=/mnt/movingdata/gate1-2019.05.27.xva
 +
scp root@192.168.0.10:/movingexportsfolder/gate2.xva /movingexportsmount/
 +
scp 192.168.0.9:/movingexportsmount/kolonaukowy.xva /mnt/movingdata/
 +
scp 192.168.0.10:/mnt/movingdata/gate1-2019.05.27.xva /mnt/movingdata/
 +
xe vm-import filename=/mnt/movingdata/gate1-2019.05.27.xva sr-uuid=24b93b88-f21b-97e9-aa64-4bf08107a5b8 preserve=true --progress
 +
 +
== gateX ==
 +
 +
sudo vim /etc/sysctl.conf
 +
net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1
 +
 +
sudo vim /etc/resolv.conf
 +
#search gate1.samorzad.pw.edu.pl nameserver 127.0.0.1 nameserver 10.0.1.1 nameserver 10.0.1.2 nameserver 194.29.137.146 nameserver 194.29.137.147
 +
 +
 +
 +
auto loiface lo inet loopbackallow-hotplug eth0auto eth0iface eth0 inet static        address 10.0.1.2        netmask 255.255.255.0        mtu 1400
 +
sudo vim /etc/network/interfaces # The primary network interface allow-hotplug eth1 auto eth1 iface eth1 inet static        address 194.29.137.140        netmask 255.255.255.224        network 194.29.137.128        broadcast 194.29.137.159        gateway 194.29.137.145 # dns-* options are implemented by the resolvconf package, if installed #      dns-nameservers localhost 194.29.137.146 194.29.137.147 #      dns-search samorzad.pw.edu.pl        post-up iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE        mtu 1300
 +
 +
 +
 +
 +
 +
 +
 +
  
 
== debian ==
 
== debian ==
Linia 30: Linia 164:
 
=== virtualny serwer na xenserver ===
 
=== virtualny serwer na xenserver ===
 
dodanie narzędzi
 
dodanie narzędzi
 +
 
mkdir /mnt/dvd
 
mkdir /mnt/dvd
 +
 
mount -o ro,exec /dev/disk/by-label/XenServer\\x20Tools /mnt/dvd
 
mount -o ro,exec /dev/disk/by-label/XenServer\\x20Tools /mnt/dvd
 +
 
/mnt/dvd/Linux/install.sh
 
/mnt/dvd/Linux/install.sh
 +
  
 
restart
 
restart
 +
 
shutdown -r now
 
shutdown -r now
  
Linia 55: Linia 194:
  
 
apt-get install htop
 
apt-get install htop
 +
 +
 +
==== keep alive ====
 +
sudo vim /etc/ssh/sshd_config
 +
 +
 +
ServerAliveInterval 120
 +
 +
ServerAliveCountMax 5
 +
 +
TCPKeepAlive yes
 +
 +
 +
sudo /etc/init.d/ssh restart
  
 
=== server www ===
 
=== server www ===

Aktualna wersja na dzień 14:00, 27 maj 2019

dom0

ISO repo

mkdir /var/opt/ISO_IMAGES

cd /var/opt/ISO_IMAGES

xe sr-create name-label=ISO_IMAGES_LOCAL type=iso device-config:location=/var/opt/ISO_IMAGES device-config:legacy_mode=true content-type=iso

wget https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.8.0-amd64-netinst.iso


net

Bond NIC0+NIC1 LACP oparty na IP

internal1400
wewnątrz serwera, MTU 1400 aby zmieściło się w gretap
xe network-list
xe network-param-set uuid=4faf0040-69b5-8288-ad9e-84de78ef7013 MTU=1400

vLany na łączu fizycznym
891 ssk-coi
892 ssk-strukt
893 ssk-org
894 ssk-stow
895 ssk-goscie
896 ssk-tech
897 ssk-pub
natywny 895

gretap

xe network-list

dopiero po uruchomieniu chociaż jednej VM

ip link set dev xapi0 mtu 1400 [xapi??? z adresem 192.168.0.[local]

ip link add t0 type gretap local 192.168.0.[local] remote 192.168.0.[remote]

ip link set dev t0 up

??? ip addr add 10.10.10.[local]/24 dev t0


ovs-vsctl add-port xapi0 t0

ovs-vsctl list-ports xapi0 [xapi??? z adresem 192.168.0.[local]


do crontab -e @reboot sleep 120 && pokolei


ip link add t0 type gretap local 192.168.0.10 remote 192.168.0.9

ip link set dev t0 up

ovs-vsctl add-port xapi0 t0


pliki automatyczne

autostart VM

vi /root/sspw.sh

#!/bin/bash

echo "" |& tee -a /var/log/sspw.servicedate +"%Y-%m-%d %T" |& tee -a /var/log/sspw.servicewhile ! xe vm-list | grep "gate1" > /dev/null; do echo "waiting start $(date +'%T')" |& tee -a /var/log/sspw.service sleep 15donesleep 60echo "starting gate1 $(date + '%T')" |& tee -a /var/log/sspw.service/bin/xe vm-start vm=gate1 |& tee -a /var/log/sspw.servicewhile ! ifconfig | grep -F "xapi0" > /dev/null; do echo "waiting xapi0 $(date +'%T')" |& tee -a /var/log/sspw.service sleep 15doneecho "starting gretap brige $(date +'%T')" |& tee -a /var/log/sspw.serviceip link add t0 type gretap local 192.168.0.15 remote 192.168.0.10 |& tee -a /var/log/sspw.servicesleep 10ip link set dev t0 up |& tee -a /var/log/sspw.servicesleep 10ovs-vsctl add-port xapi0 t0 |& tee -a /var/log/sspw.serviceecho "starting VM $(date +'%T')" |& tee -a /var/log/sspw.service#sleep 30#/bin/xe vm-start vm=olimp |& tee -a /var/log/sspw.service#sleep 30#/bin/xe vm-start vm=kolonaukowy |& tee -a /var/log/sspw.service#sleep 10#/bin/xe vm-start vm=wiki |& tee -a /var/log/sspw.service#sleep 10echo "done $(date +'%F %T')" |& tee -a /var/log/sspw.service


chmod +x /root/sspw.sh

/etc/systemd/system/sspw.service

vi /etc/systemd/system/sspw.service


[Unit]
Description=Uruchomienieusług SSPW
After=xapi
 
[Service]
Type=simple
ExecStart=/root/sspw.sh
TimeoutStartSec=10
 
[Install]
WantedBy=default.target


systemctl enable sspw.service systemctl enable sspw.service

systemctl start sspw.service

systemctl is-enabled sspw

Dodawanie Local storage

cat /proc/partitions

fdisk -l

ll /dev/disk/by-id

xe sr-create content-type=user device-config:device=/dev/disk/by-id/<scsi-xxxxxxxxxxxxxxxxxxxxxxxxx> host-uuid=<host-uuid> name-label='Local 2' shared=false type=lvm

dodawaie dysku w ramach LVM

wyświetlenie ile jest miejsca a grupie LVM

vgdisplay VG_XenStorage-eb3791be-298c-f290-3eb3-9a2f2470cd5e

stworzenie

lvcreate -n moving -L 3T VG_XenStorage-eb3791be-298c-f290-3eb3-9a2f2470cd5e --config global{metadata_read_only=0}

mkfs.ext4 /dev/VG_XenStorage-eb3791be-298c-f290-3eb3-9a2f2470cd5e/moving

mkdir /mnt/movingdata

blkid


crontab -e

@reboot /sbin/lvchange -ay /dev/VG_XenStorage-eb3791be-298c-f290-3eb3-9a2f2470cd5e/moving && /bin/mount /dev/VG_XenStorage-eb3791be-298c-f290-3eb3-9a2f2470cd5e/moving /mnt/movingdata

kopiowanie VM przez export-import

xe vm-export vm=gate1 filename=/mnt/movingdata/gate1-2019.05.27.xva
scp root@192.168.0.10:/movingexportsfolder/gate2.xva /movingexportsmount/
scp 192.168.0.9:/movingexportsmount/kolonaukowy.xva /mnt/movingdata/
scp 192.168.0.10:/mnt/movingdata/gate1-2019.05.27.xva /mnt/movingdata/
xe vm-import filename=/mnt/movingdata/gate1-2019.05.27.xva sr-uuid=24b93b88-f21b-97e9-aa64-4bf08107a5b8 preserve=true --progress

gateX

sudo vim /etc/sysctl.conf

net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1

sudo vim /etc/resolv.conf

#search gate1.samorzad.pw.edu.pl nameserver 127.0.0.1 nameserver 10.0.1.1 nameserver 10.0.1.2 nameserver 194.29.137.146 nameserver 194.29.137.147


auto loiface lo inet loopbackallow-hotplug eth0auto eth0iface eth0 inet static address 10.0.1.2 netmask 255.255.255.0 mtu 1400 sudo vim /etc/network/interfaces # The primary network interface allow-hotplug eth1 auto eth1 iface eth1 inet static address 194.29.137.140 netmask 255.255.255.224 network 194.29.137.128 broadcast 194.29.137.159 gateway 194.29.137.145 # dns-* options are implemented by the resolvconf package, if installed # dns-nameservers localhost 194.29.137.146 194.29.137.147 # dns-search samorzad.pw.edu.pl post-up iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE mtu 1300





debian

virtualny serwer na xenserver

dodanie narzędzi

mkdir /mnt/dvd

mount -o ro,exec /dev/disk/by-label/XenServer\\x20Tools /mnt/dvd

/mnt/dvd/Linux/install.sh


restart

shutdown -r now

wspólne

aktualizacja źródeł apt-get update

instalowanie vim apt-get install vim

instalowanie mc apt-get install mc

instalowanie sudo apt-get install sudo vim /etc/group

dopisujemy login osoby do sudo sudo:kbaczewski,platosinski,amartynowicz

apt-get install htop


keep alive

sudo vim /etc/ssh/sshd_config


ServerAliveInterval 120

ServerAliveCountMax 5

TCPKeepAlive yes


sudo /etc/init.d/ssh restart

server www

instalowanie postgres

dodajemy źródło vim /etc/apt/sources.list dodajemy deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main

dodanie klucza tego źródła wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -

apt-get update

apt-get install postgresql-10

apt-get install php-fpm

cp /etc/php/7.0/fpm/pool.d/www.conf /etc/php/7.0/fpm/pool.d/wiki.conf vim /etc/php/7.0/fpm/pool.d/wiki.conf /etc/init.d/php7.0-fpm restart

apt-get install nginx vim /etc/nginx/sites-available/wiki.sspw.pl


server { listen 80;

       server_name wiki wiki.sspw.pl ;#katalog główny strony, można wszystkie strony w /var/www ale jak różne grupy mają mieć dostęp to można zakładać grupy, albo robić użytkownika i w katalogu /home/użytkownik        root /var/www/wiki;        # Add index.php to the list if you are using PHP        index index.php;        location / {                index index.php;                try_files $uri $uri/ @rewrite;
  1. konieczne przy srwerach za proxy (za gate1, gate2)fastcgi_param REMOTE_ADDR $http_x_real_ip;fastcgi_param SERVER_NAME 'wiki.sspw.pl';fastcgi_param HTTP_HOST 'wiki.sspw.pl';fastcgi_read_timeout 600; } location @rewrite { rewrite ^/wiki/(.*)$ /wiki/index.php?title=$1&$args; } location ~ \.php$ { fastcgi_pass $fastcgi_socket; fastcgi_split_path_info ^(.+\.php)(/.*)$ ; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT $realpath_root; fastcgi_index index.php; try_files $uri @rewrite;
  2. konieczne przy srwerach za proxy (za gate1, gate2)fastcgi_param REMOTE_ADDR $http_x_real_ip;fastcgi_param SERVER_NAME 'wiki.sspw.pl';fastcgi_param HTTP_HOST 'wiki.sspw.pl';fastcgi_read_timeout 600; } location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { try_files $uri /index.php; expires max; log_not_found off; } location = /_.gif { expires max; empty_gif; } location ^~ /cache/ { deny all; }#katalog do logów, katalog wiki musi być najpierw ręcznie stworzony access_log /var/log/wiki/access.log; error_log /var/log/wiki/error.log; set $fastcgi_socket unix:/var/run/php/php7.0-fpm_wiki.sock;}


ln -s /etc/nginx/sites-available/wiki.sspw.pl /etc/nginx/sites-enabled/ nginx -t service nginx restart

less /var/log/nginx/error.log


prydatne komendy

zmiana właścicieli plików chown -R www-data:wiki /var/www/wiki/


wewnętrzne certyfikaty

po stronie gate

dodajemy vm

vim /etc/nginx/sites-enabled/gate1

server {

listen 80;

server_name wiki.gate1.samorzad.pw.edu.pl;

location / {

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-Proto https;

proxy_pass http://wiki:80;

}

access_log /var/log/nginx/gate1/access_ssl.log;

error_log /var/log/nginx/gate1/error_ssl.log;

}

a potem zmieniamy w vim /etc/nginx/sites-enabled/wiki.sspw.pl

proxy_pass https://10.0.1.50:443;

po stronie vm

apt-get install python-certbot-nginx

vim /etc/nginx/sites-enabled/default

zmiana linia około 38

server_name _ wiki.gate1.samorzad.pw.edu.pl;


service nginx restart

certbot --authenticator webroot --installer nginx

wybieramy opcję tylko dla

1:wiki.gate1.samorzad.pw.edu.pl


1: Enter a new webroot

/var/www/html

1: Easy - Allow both HTTP and HTTPS access to these sites


<accesscontrol>KN SKiPD "UPS":::</accesscontrol>