UPS stawianie serwera: Różnice pomiędzy wersjami

Z wikiSSPW
Przejdź do nawigacji Przejdź do wyszukiwania
m
Linia 55: Linia 55:
 
chmod +x /root/sspw.sh
 
chmod +x /root/sspw.sh
  
  ip link add t0 type gretap local 192.168.0.10 remote 192.168.0.9
+
 
ip link set dev t0 up
+
#!/bin/bash
ovs-vsctl add-port xapi0 t0
+
echo " " |& tee -a /var/log/sspw.service date +"%Y-%m-%d %T" |& tee -a /var/log/sspw.service sleep 60 /bin/xe vm-start vm=gate2 |& tee -a /var/log/sspw.service  while ! ifconfig | grep -F "xapi0" > /dev/null; do        echo "waiting" |& tee -a /var/log/sspw.service        sleep 5 done ip link add t0 type gretap local 192.168.0.10 remote 192.168.0.9 |& tee -a /var/log/sspw.service sleep 10 ip link set dev t0 up |& tee -a /var/log/sspw.service sleep 10 ovs-vsctl add-port xapi0 t0 |& tee -a /var/log/sspw.service sleep 30 /bin/xe vm-start vm=olimp |& tee -a /var/log/sspw.service sleep 30 /bin/xe vm-start vm=kolonaukowy |& tee -a /var/log/sspw.service sleep 30
 +
 
  
  
Linia 74: Linia 75:
 
  [Install]
 
  [Install]
 
  WantedBy=default.target
 
  WantedBy=default.target
 +
 +
systemctl enable sspw.service
 +
 +
systemctl start sspw.service
 +
 +
systemctl is-enabled sspw
  
 
=== Dodawanie Local storage ===
 
=== Dodawanie Local storage ===

Wersja z 01:30, 15 kwi 2019

dom0

net

Bond NIC0+NIC1 LACP oparty na IP

internal1400
wewnątrz serwera, MTU 1400 aby zmieściło się w gretap

vLany na łączu fizycznym
891 ssk-coi
892 ssk-strukt
893 ssk-org
894 ssk-stow
895 ssk-goscie
896 ssk-tech
897 ssk-pub
natywny 895

gretap

xe network-list

dopiero po uruchomieniu chociaż jednej VM

ip link set dev xapi0 mtu 1400 [xapi??? z adresem 192.168.0.[local]

ip link add t0 type gretap local 192.168.0.[local] remote 192.168.0.[remote]

ip link set dev t0 up

??? ip addr add 10.10.10.[local]/24 dev t0


ovs-vsctl add-port xapi0 t0

ovs-vsctl list-ports xapi0 [xapi??? z adresem 192.168.0.[local]


do crontab -e @reboot sleep 120 && pokolei


ip link add t0 type gretap local 192.168.0.10 remote 192.168.0.9

ip link set dev t0 up

ovs-vsctl add-port xapi0 t0


pliki automatyczne

sudo vim /root/sspw.sh

chmod +x /root/sspw.sh


#!/bin/bash
echo " " |& tee -a /var/log/sspw.service date +"%Y-%m-%d %T"  |& tee -a /var/log/sspw.service sleep 60 /bin/xe vm-start vm=gate2 |& tee -a /var/log/sspw.service  while ! ifconfig | grep -F "xapi0" > /dev/null; do        echo "waiting" |& tee -a /var/log/sspw.service        sleep 5 done ip link add t0 type gretap local 192.168.0.10 remote 192.168.0.9 |& tee -a /var/log/sspw.service sleep 10 ip link set dev t0 up |& tee -a /var/log/sspw.service sleep 10 ovs-vsctl add-port xapi0 t0 |& tee -a /var/log/sspw.service sleep 30 /bin/xe vm-start vm=olimp |& tee -a /var/log/sspw.service sleep 30 /bin/xe vm-start vm=kolonaukowy |& tee -a /var/log/sspw.service sleep 30



sudo vim /etc/systemd/system/sspw.service

[Unit]
Description=Dodanie gretap
After=network.target

[Service]
Type=simple
ExecStart=/root/sspw.sh
TimeoutStartSec=10

[Install]
WantedBy=default.target

systemctl enable sspw.service

systemctl start sspw.service

systemctl is-enabled sspw

Dodawanie Local storage

cat /proc/partitions

fdisk -l

ll /dev/disk/by-id

xe sr-create content-type=user device-config:device=/dev/disk/by-id/<scsi-xxxxxxxxxxxxxxxxxxxxxxxxx> host-uuid=<host-uuid> name-label='Local 2' shared=false type=lvm

dodawaie dysku w ramach LVM

wyświetlenie ile jest miejsca a grupie LVM

vgdisplay VG_XenStorage-eb3791be-298c-f290-3eb3-9a2f2470cd5e

stworzenie

lvcreate -n moving -L 3T VG_XenStorage-eb3791be-298c-f290-3eb3-9a2f2470cd5e --config global{metadata_read_only=0}

mkfs.ext4 /dev/VG_XenStorage-eb3791be-298c-f290-3eb3-9a2f2470cd5e/moving

mkdir /mnt/movingdata

blkid


crontab -e

@reboot /sbin/lvchange -ay /dev/VG_XenStorage-eb3791be-298c-f290-3eb3-9a2f2470cd5e/moving && /bin/mount /dev/VG_XenStorage-eb3791be-298c-f290-3eb3-9a2f2470cd5e/moving /mnt/movingdata

kopiowanie VM przez export-import

scp root@192.168.0.10:/movingexportsfolder/gate2.xva /movingexportsmount/
scp 192.168.0.9:/movingexportsmount/kolonaukowy.xva /mnt/movingdata/
xe vm-import filename=/mnt/movingdata/kolonaukowy.xva sr-uuid=f975cc08-fbca-78d0-2229-1a61ccb60699


gateX

sudo vim /etc/sysctl.conf

net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1

sudo vim /etc/resolv.conf

#search gate1.samorzad.pw.edu.pl nameserver 127.0.0.1 nameserver 10.0.1.1 nameserver 10.0.1.2 nameserver 194.29.137.146 nameserver 194.29.137.147


auto loiface lo inet loopbackallow-hotplug eth0auto eth0iface eth0 inet static address 10.0.1.2 netmask 255.255.255.0 mtu 1400 sudo vim /etc/network/interfaces # The primary network interface allow-hotplug eth1 auto eth1 iface eth1 inet static address 194.29.137.140 netmask 255.255.255.224 network 194.29.137.128 broadcast 194.29.137.159 gateway 194.29.137.145 # dns-* options are implemented by the resolvconf package, if installed # dns-nameservers localhost 194.29.137.146 194.29.137.147 # dns-search samorzad.pw.edu.pl post-up iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE mtu 1300





debian

virtualny serwer na xenserver

dodanie narzędzi

mkdir /mnt/dvd

mount -o ro,exec /dev/disk/by-label/XenServer\\x20Tools /mnt/dvd

/mnt/dvd/Linux/install.sh


restart

shutdown -r now

wspólne

aktualizacja źródeł apt-get update

instalowanie vim apt-get install vim

instalowanie mc apt-get install mc

instalowanie sudo apt-get install sudo vim /etc/group

dopisujemy login osoby do sudo sudo:kbaczewski,platosinski,amartynowicz

apt-get install htop

server www

instalowanie postgres

dodajemy źródło vim /etc/apt/sources.list dodajemy deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main

dodanie klucza tego źródła wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -

apt-get update

apt-get install postgresql-10

apt-get install php-fpm

cp /etc/php/7.0/fpm/pool.d/www.conf /etc/php/7.0/fpm/pool.d/wiki.conf vim /etc/php/7.0/fpm/pool.d/wiki.conf /etc/init.d/php7.0-fpm restart

apt-get install nginx vim /etc/nginx/sites-available/wiki.sspw.pl


server { listen 80;

       server_name wiki wiki.sspw.pl ;#katalog główny strony, można wszystkie strony w /var/www ale jak różne grupy mają mieć dostęp to można zakładać grupy, albo robić użytkownika i w katalogu /home/użytkownik        root /var/www/wiki;        # Add index.php to the list if you are using PHP        index index.php;        location / {                index index.php;                try_files $uri $uri/ @rewrite;
  1. konieczne przy srwerach za proxy (za gate1, gate2)fastcgi_param REMOTE_ADDR $http_x_real_ip;fastcgi_param SERVER_NAME 'wiki.sspw.pl';fastcgi_param HTTP_HOST 'wiki.sspw.pl';fastcgi_read_timeout 600; } location @rewrite { rewrite ^/wiki/(.*)$ /wiki/index.php?title=$1&$args; } location ~ \.php$ { fastcgi_pass $fastcgi_socket; fastcgi_split_path_info ^(.+\.php)(/.*)$ ; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT $realpath_root; fastcgi_index index.php; try_files $uri @rewrite;
  2. konieczne przy srwerach za proxy (za gate1, gate2)fastcgi_param REMOTE_ADDR $http_x_real_ip;fastcgi_param SERVER_NAME 'wiki.sspw.pl';fastcgi_param HTTP_HOST 'wiki.sspw.pl';fastcgi_read_timeout 600; } location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { try_files $uri /index.php; expires max; log_not_found off; } location = /_.gif { expires max; empty_gif; } location ^~ /cache/ { deny all; }#katalog do logów, katalog wiki musi być najpierw ręcznie stworzony access_log /var/log/wiki/access.log; error_log /var/log/wiki/error.log; set $fastcgi_socket unix:/var/run/php/php7.0-fpm_wiki.sock;}


ln -s /etc/nginx/sites-available/wiki.sspw.pl /etc/nginx/sites-enabled/ nginx -t service nginx restart

less /var/log/nginx/error.log


prydatne komendy

zmiana właścicieli plików chown -R www-data:wiki /var/www/wiki/


wewnętrzne certyfikaty

po stronie gate

dodajemy vm

vim /etc/nginx/sites-enabled/gate1

server {

listen 80;

server_name wiki.gate1.samorzad.pw.edu.pl;

location / {

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-Proto https;

proxy_pass http://wiki:80;

}

access_log /var/log/nginx/gate1/access_ssl.log;

error_log /var/log/nginx/gate1/error_ssl.log;

}

a potem zmieniamy w vim /etc/nginx/sites-enabled/wiki.sspw.pl

proxy_pass https://10.0.1.50:443;

po stronie vm

apt-get install python-certbot-nginx

vim /etc/nginx/sites-enabled/default

zmiana linia około 38

server_name _ wiki.gate1.samorzad.pw.edu.pl;


service nginx restart

certbot --authenticator webroot --installer nginx

wybieramy opcję tylko dla

1:wiki.gate1.samorzad.pw.edu.pl


1: Enter a new webroot

/var/www/html

1: Easy - Allow both HTTP and HTTPS access to these sites


<accesscontrol>KN SKiPD "UPS":::</accesscontrol>