documentation/pm/aunt.md

198 lines
4.3 KiB
Markdown
Raw Normal View History

2022-12-19 18:09:26 +01:00
# aunt, machine physique (leparc)
## Matériel
Carte mère : 1 × Asus KGPN-D16 Rev 1.03G
CPU : 2 × AMD Opteron 6282SE
2023-04-18 17:26:48 +02:00
RAM : 7 × Crucial RDIMM 16Go CT2K16G3ERSLD4160B
2023-10-27 16:22:35 +02:00
Alimentation : HX750
2022-12-19 18:09:26 +01:00
Casier : 1 × Inter-Tech IPC 4U-4129-N SSI-EEB (Rack)
Stockage de masse : 2 × KINGSTON SEDC500M1920G
## Logiciel
2023-10-27 08:12:48 +02:00
Micro-programme : GNU Boot 0.1-rc1
Système d'exploitation : Trisquel GNU/Linux-libre 11 Aramo
Noyau : Linux-libre
2022-12-19 18:09:26 +01:00
Virtualisation : QEMU/KVM (`libvirt`)
Gestion du onduleur : NUT/UPS
Audit des paquets mensuel : `vrms`
Sécurités de la maintenance : `etckeeper`, `mollyguard`, `tig`, `lm-sensors`, `fancontrol`, `screen`
Mail Transfer Agent : `postfix`
2023-10-27 08:12:48 +02:00
Réplication de stockage (vm) : `drbd`, `ocfs2`, `o2cb`
2022-12-19 18:09:26 +01:00
## Caractéristiques notables
2023-04-18 17:26:48 +02:00
Domaine : `aunt.libre-en-communs.org`
Adresse ipv4 publique : `80.67.176.33`
Adresse ipv4 locale : `192.168.1.3`
Adresse ipv4 interne DRBD : `192.168.254.3`
Adresse ipv6 publique : `2001:910:1021::3`
2022-12-19 18:09:26 +01:00
### Configuration réseau
#### /etc/network/interfaces
<details>
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug ens9
allow-hotplug ens10
allow-hotplug ens13f0
allow-hotplug ens13f1
# mother!
iface ens13f1 inet static
address 192.168.254.3
post-up /usr/bin/ip link set ens13f1 mtu 9000
# bridge for vm
auto br0
iface br0 inet static
bridge_ports ens13f0
address 192.168.1.3
gateway 192.168.0.1
broadcast 192.168.255.255
netmask 255.255.0.0
iface br0 inet6 static
bridge_ports ens13f0
address 2001:910:1021::3/128
gateway 2001:910:1021::
</details>
## Configuration SSH
### /etc/ssh/sshd_config
<details>
Port 223
AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::
PubkeyAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
UsePAM yes
AllowAgentForwarding yes
AllowTcpForwarding yes
GatewayPorts yes
X11Forwarding no
PrintMotd no
TCPKeepAlive yes
PermitTunnel yes
AcceptEnv LANG LC_* GIT_*
Subsystem sftp /usr/lib/openssh/sftp-server
Match User admin666 Address *,!127.0.0.1,!::1
DenyUsers admin666
</details>
## Configuration DRBD
### /etc/drbd.d/drbd1.res
<details>
resource drbd1 {
meta-disk internal;
device /dev/drbd1;
startup {
become-primary-on both;
}
net {
verify-alg sha256;
allow-two-primaries yes;
#fencing resource-and-stonith;
after-sb-0pri discard-zero-changes;
after-sb-1pri discard-secondary;
protocol C;
ko-count 0;
timeout 119;
ping-int 120;
connect-int 120;
#max-epoch-size 20000;
max-buffers 36k;
sndbuf-size 0;
rcvbuf-size 0;
}
handlers {
pri-lost-after-sb "killall virt-backup && umount /opt/sharedfs && drbdadm secondary drbd1";
}
disk {
on-io-error pass_on;
md-flushes;
c-fill-target 10M;
c-max-rate 700M;
c-plan-ahead 0;
c-min-rate 4M;
resync-rate 500M;
}
on mother { # hostname must match `uname -n` output
disk /dev/md1; # Logical Volume on the provided host
address 192.168.254.2:7789; # IP Address to be used to connect to the node with port
}
on aunt { # hostname must match `uname -n` output
disk /dev/md1; # Logical Volume on the provided host
address 192.168.254.3:7789; # IP Address to be used to connect to the node with port
}
}
</details>
### /etc/ocfs2/cluster.conf
<details>
cluster:
name = sharedfs
heartbeat_mode = local
node_count = 2
node:
cluster = sharedfs
number = 0
ip_port = 7777
ip_address = 192.169.254.3
name = aunt
node:
cluster = sharedfs
number = 1
ip_port = 7777
ip_address = 192.169.254.2
name = mother
</details>
## Configuration MTA
### /etc/postfix/transport
a-lec.org :
* discard:
### /etc/postfix/virtual
@localhost admin@a-lec.org
@aunt.libre-en-communs.org admin@a-lec.org