2022-12-19 18:09:26 +01:00
|
|
|
|
# aunt, machine physique (leparc)
|
|
|
|
|
|
|
|
|
|
|
|
## Matériel
|
|
|
|
|
|
|
|
|
|
|
|
Carte mère : 1 × Asus KGPN-D16 Rev 1.03G
|
|
|
|
|
|
CPU : 2 × AMD Opteron 6282SE
|
2023-04-18 17:26:48 +02:00
|
|
|
|
RAM : 7 × Crucial RDIMM 16Go CT2K16G3ERSLD4160B
|
2023-10-27 16:22:35 +02:00
|
|
|
|
Alimentation : HX750
|
2022-12-19 18:09:26 +01:00
|
|
|
|
Casier : 1 × Inter-Tech IPC 4U-4129-N SSI-EEB (Rack)
|
2024-06-17 20:03:55 +02:00
|
|
|
|
Stockage de masse : 2 × KINGSTON SEDC600M3840G 4 To
|
2022-12-19 18:09:26 +01:00
|
|
|
|
|
|
|
|
|
|
## Logiciel
|
|
|
|
|
|
|
2024-06-17 20:03:55 +02:00
|
|
|
|
Micro-programme : GNU Boot 0.1-rc3
|
2023-10-27 08:12:48 +02:00
|
|
|
|
Système d'exploitation : Trisquel GNU/Linux-libre 11 Aramo
|
|
|
|
|
|
Noyau : Linux-libre
|
2022-12-19 18:09:26 +01:00
|
|
|
|
Virtualisation : QEMU/KVM (`libvirt`)
|
|
|
|
|
|
Gestion du onduleur : NUT/UPS
|
|
|
|
|
|
Audit des paquets mensuel : `vrms`
|
|
|
|
|
|
Sécurités de la maintenance : `etckeeper`, `mollyguard`, `tig`, `lm-sensors`, `fancontrol`, `screen`
|
|
|
|
|
|
Mail Transfer Agent : `postfix`
|
2023-10-27 08:12:48 +02:00
|
|
|
|
Réplication de stockage (vm) : `drbd`, `ocfs2`, `o2cb`
|
2022-12-19 18:09:26 +01:00
|
|
|
|
|
|
|
|
|
|
## Caractéristiques notables
|
|
|
|
|
|
|
2023-04-18 17:26:48 +02:00
|
|
|
|
Domaine : `aunt.libre-en-communs.org`
|
|
|
|
|
|
Adresse ipv4 publique : `80.67.176.33`
|
|
|
|
|
|
Adresse ipv4 locale : `192.168.1.3`
|
2024-06-17 20:03:55 +02:00
|
|
|
|
Adresse ipv4 directe DRBD : `192.168.254.3`
|
2023-04-18 17:26:48 +02:00
|
|
|
|
Adresse ipv6 publique : `2001:910:1021::3`
|
2022-12-19 18:09:26 +01:00
|
|
|
|
|
|
|
|
|
|
### Configuration réseau
|
|
|
|
|
|
|
2024-06-17 20:03:55 +02:00
|
|
|
|
Les machines physiques sont configurées pour récupérer leur IP locale via
|
|
|
|
|
|
DHCP, le routeur du site embarquant un serveur DHCP.
|
|
|
|
|
|
|
|
|
|
|
|
Cette machine physique étant un hôte hyperviseur, elle partage sa connexion
|
|
|
|
|
|
ethernet avec les machines virtuelles qu'elle héberge, c'est pourquoi nous
|
|
|
|
|
|
configurons un pont.
|
|
|
|
|
|
|
|
|
|
|
|
De plus, nous configurons une connexion directe entre `mother` et `aunt`
|
|
|
|
|
|
pour la réplication `DRBD`.
|
|
|
|
|
|
|
2022-12-19 18:09:26 +01:00
|
|
|
|
#### /etc/network/interfaces
|
|
|
|
|
|
<details>
|
|
|
|
|
|
|
|
|
|
|
|
# The loopback network interface
|
2024-06-17 20:03:55 +02:00
|
|
|
|
auto lo br0
|
2022-12-19 18:09:26 +01:00
|
|
|
|
iface lo inet loopback
|
2024-06-17 20:03:55 +02:00
|
|
|
|
allow-hostplug ens9
|
|
|
|
|
|
allow-hostplug ens10
|
|
|
|
|
|
allow-hostplug ens13f0
|
|
|
|
|
|
allow-hostplug ens13f1
|
2022-12-19 18:09:26 +01:00
|
|
|
|
|
2024-06-17 20:03:55 +02:00
|
|
|
|
# aunt
|
2022-12-19 18:09:26 +01:00
|
|
|
|
iface ens13f1 inet static
|
|
|
|
|
|
address 192.168.254.3
|
|
|
|
|
|
|
|
|
|
|
|
post-up /usr/bin/ip link set ens13f1 mtu 9000
|
|
|
|
|
|
|
|
|
|
|
|
# bridge for vm
|
2024-06-17 20:03:55 +02:00
|
|
|
|
iface br0 inet dhcp
|
|
|
|
|
|
bridge_ports ens13f0
|
|
|
|
|
|
|
|
|
|
|
|
iface br0 inet6 dhcp
|
2022-12-19 18:09:26 +01:00
|
|
|
|
bridge_ports ens13f0
|
|
|
|
|
|
|
|
|
|
|
|
</details>
|
|
|
|
|
|
|
|
|
|
|
|
## Configuration SSH
|
|
|
|
|
|
|
|
|
|
|
|
### /etc/ssh/sshd_config
|
|
|
|
|
|
<details>
|
|
|
|
|
|
|
|
|
|
|
|
Port 223
|
|
|
|
|
|
AddressFamily any
|
|
|
|
|
|
ListenAddress 0.0.0.0
|
|
|
|
|
|
ListenAddress ::
|
|
|
|
|
|
PubkeyAuthentication yes
|
|
|
|
|
|
PasswordAuthentication no
|
|
|
|
|
|
PermitEmptyPasswords no
|
|
|
|
|
|
ChallengeResponseAuthentication no
|
|
|
|
|
|
UsePAM yes
|
|
|
|
|
|
AllowAgentForwarding yes
|
|
|
|
|
|
AllowTcpForwarding yes
|
|
|
|
|
|
GatewayPorts yes
|
|
|
|
|
|
X11Forwarding no
|
|
|
|
|
|
PrintMotd no
|
|
|
|
|
|
TCPKeepAlive yes
|
|
|
|
|
|
PermitTunnel yes
|
2024-06-17 20:03:55 +02:00
|
|
|
|
AcceptEnv LANG LC\_* GIT\_*
|
|
|
|
|
|
Subsystem sftp /usr/lib/openssh/sftp-server
|
|
|
|
|
|
Match User admin666 Address *,!192.168.0.0/16,!::1,!127.0.0.1,!127.0.1.1
|
|
|
|
|
|
DenyUsers admin666
|
2022-12-19 18:09:26 +01:00
|
|
|
|
|
|
|
|
|
|
</details>
|
|
|
|
|
|
|
|
|
|
|
|
## Configuration DRBD
|
|
|
|
|
|
|
|
|
|
|
|
### /etc/drbd.d/drbd1.res
|
|
|
|
|
|
<details>
|
|
|
|
|
|
|
2024-06-17 20:03:55 +02:00
|
|
|
|
resource drbd1 {
|
|
|
|
|
|
meta-disk internal;
|
|
|
|
|
|
device /dev/drbd1;
|
|
|
|
|
|
|
|
|
|
|
|
startup {
|
|
|
|
|
|
become-primary-on both;
|
|
|
|
|
|
}
|
|
|
|
|
|
net {
|
|
|
|
|
|
verify-alg sha256;
|
|
|
|
|
|
allow-two-primaries yes;
|
|
|
|
|
|
after-sb-0pri discard-zero-changes;
|
|
|
|
|
|
after-sb-1pri discard-secondary;
|
|
|
|
|
|
protocol C;
|
|
|
|
|
|
ko-count 0;
|
|
|
|
|
|
timeout 119;
|
|
|
|
|
|
ping-int 120;
|
|
|
|
|
|
connect-int 120;
|
|
|
|
|
|
max-buffers 36k;
|
|
|
|
|
|
sndbuf-size 0;
|
|
|
|
|
|
rcvbuf-size 0;
|
|
|
|
|
|
}
|
|
|
|
|
|
handlers {
|
|
|
|
|
|
pri-lost-after-sb "killall virt-backup";
|
|
|
|
|
|
}
|
|
|
|
|
|
disk {
|
|
|
|
|
|
on-io-error pass_on;
|
|
|
|
|
|
md-flushes;
|
|
|
|
|
|
c-fill-target 10M;
|
|
|
|
|
|
c-max-rate 700M;
|
|
|
|
|
|
c-plan-ahead 0;
|
|
|
|
|
|
c-min-rate 4M;
|
|
|
|
|
|
resync-rate 500M;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
on mother.libre-en-communs.org { # hostname must match `uname -n` output
|
|
|
|
|
|
disk /dev/md/1; # Logical Volume on the provided host
|
|
|
|
|
|
address 192.168.254.2:7789; # IP Address to be used to connect to the node with port
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
on aunt.libre-en-communs.org { # hostname must match `uname -n` output
|
|
|
|
|
|
disk /dev/md/1; # Logical Volume on the provided host
|
|
|
|
|
|
address 192.168.254.3:7789; # IP Address to be used to connect to the node with port
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
}
|
2022-12-19 18:09:26 +01:00
|
|
|
|
|
|
|
|
|
|
</details>
|
|
|
|
|
|
|
|
|
|
|
|
### /etc/ocfs2/cluster.conf
|
|
|
|
|
|
<details>
|
|
|
|
|
|
|
|
|
|
|
|
cluster:
|
2024-06-17 20:03:55 +02:00
|
|
|
|
name = vmverse
|
2022-12-19 18:09:26 +01:00
|
|
|
|
heartbeat_mode = local
|
|
|
|
|
|
node_count = 2
|
|
|
|
|
|
|
|
|
|
|
|
node:
|
2024-06-17 20:03:55 +02:00
|
|
|
|
cluster = vmverse
|
2022-12-19 18:09:26 +01:00
|
|
|
|
number = 0
|
|
|
|
|
|
ip_port = 7777
|
2024-06-17 20:03:55 +02:00
|
|
|
|
ip_address = 192.168.254.3
|
2022-12-19 18:09:26 +01:00
|
|
|
|
name = aunt
|
|
|
|
|
|
|
|
|
|
|
|
node:
|
2024-06-17 20:03:55 +02:00
|
|
|
|
cluster = vmverse
|
2022-12-19 18:09:26 +01:00
|
|
|
|
number = 1
|
|
|
|
|
|
ip_port = 7777
|
2024-06-17 20:03:55 +02:00
|
|
|
|
ip_address = 192.168.254.2
|
2022-12-19 18:09:26 +01:00
|
|
|
|
name = mother
|
|
|
|
|
|
|
|
|
|
|
|
</details>
|
|
|
|
|
|
|
|
|
|
|
|
## Configuration MTA
|
|
|
|
|
|
|
|
|
|
|
|
### /etc/postfix/transport
|
|
|
|
|
|
|
|
|
|
|
|
a-lec.org :
|
|
|
|
|
|
* discard:
|
|
|
|
|
|
|
|
|
|
|
|
### /etc/postfix/virtual
|
|
|
|
|
|
|
|
|
|
|
|
@localhost admin@a-lec.org
|
|
|
|
|
|
@aunt.libre-en-communs.org admin@a-lec.org
|
