documentation/pm/aunt.md

198 lines
4.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# aunt, machine physique (leparc)
## Matériel
Carte mère : 1 × Asus KGPN-D16 Rev 1.03G
CPU : 2 × AMD Opteron 6282SE
RAM : 7 × Crucial RDIMM 16Go CT2K16G3ERSLD4160B
Alimentation : *(à compléter)*
Casier : 1 × Inter-Tech IPC 4U-4129-N SSI-EEB (Rack)
Stockage de masse : 2 × KINGSTON SEDC500M1920G
## Logiciel
Micro-programme : Coreboot 4.6 + SeaBIOS, sans blob privateur
Système d'exploitation : Debian GNU/Linux-libre 11 (Bullseye)
Noyau : Linux-libre LTS (`linux-libre-lts` des dépôts https://linux-libre.fsfla.org)
Virtualisation : QEMU/KVM (`libvirt`)
Gestion du onduleur : NUT/UPS
Audit des paquets mensuel : `vrms`
Sécurités de la maintenance : `etckeeper`, `mollyguard`, `tig`, `lm-sensors`, `fancontrol`, `screen`
Mail Transfer Agent : `postfix`
Réplication de stockage (vm) : `drbd`, `ocfs2`
## Caractéristiques notables
Domaine : `aunt.libre-en-communs.org`
Adresse ipv4 publique : `80.67.176.33`
Adresse ipv4 locale : `192.168.1.3`
Adresse ipv4 interne DRBD : `192.168.254.3`
Adresse ipv6 publique : `2001:910:1021::3`
### Configuration réseau
#### /etc/network/interfaces
<details>
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug ens9
allow-hotplug ens10
allow-hotplug ens13f0
allow-hotplug ens13f1
# mother!
iface ens13f1 inet static
address 192.168.254.3
post-up /usr/bin/ip link set ens13f1 mtu 9000
# bridge for vm
auto br0
iface br0 inet static
bridge_ports ens13f0
address 192.168.1.3
gateway 192.168.0.1
broadcast 192.168.255.255
netmask 255.255.0.0
iface br0 inet6 static
bridge_ports ens13f0
address 2001:910:1021::3/128
gateway 2001:910:1021::
</details>
## Configuration SSH
### /etc/ssh/sshd_config
<details>
Port 223
AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::
PubkeyAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
UsePAM yes
AllowAgentForwarding yes
AllowTcpForwarding yes
GatewayPorts yes
X11Forwarding no
PrintMotd no
TCPKeepAlive yes
PermitTunnel yes
AcceptEnv LANG LC_* GIT_*
Subsystem sftp /usr/lib/openssh/sftp-server
Match User admin666 Address *,!127.0.0.1,!::1
DenyUsers admin666
</details>
## Configuration DRBD
### /etc/drbd.d/drbd1.res
<details>
resource drbd1 {
meta-disk internal;
device /dev/drbd1;
startup {
become-primary-on both;
}
net {
verify-alg sha256;
allow-two-primaries yes;
#fencing resource-and-stonith;
after-sb-0pri discard-zero-changes;
after-sb-1pri discard-secondary;
protocol C;
ko-count 0;
timeout 119;
ping-int 120;
connect-int 120;
#max-epoch-size 20000;
max-buffers 36k;
sndbuf-size 0;
rcvbuf-size 0;
}
handlers {
pri-lost-after-sb "killall virt-backup && umount /opt/sharedfs && drbdadm secondary drbd1";
}
disk {
on-io-error pass_on;
md-flushes;
c-fill-target 10M;
c-max-rate 700M;
c-plan-ahead 0;
c-min-rate 4M;
resync-rate 500M;
}
on mother { # hostname must match `uname -n` output
disk /dev/md1; # Logical Volume on the provided host
address 192.168.254.2:7789; # IP Address to be used to connect to the node with port
}
on aunt { # hostname must match `uname -n` output
disk /dev/md1; # Logical Volume on the provided host
address 192.168.254.3:7789; # IP Address to be used to connect to the node with port
}
}
</details>
### /etc/ocfs2/cluster.conf
<details>
cluster:
name = sharedfs
heartbeat_mode = local
node_count = 2
node:
cluster = sharedfs
number = 0
ip_port = 7777
ip_address = 192.169.254.3
name = aunt
node:
cluster = sharedfs
number = 1
ip_port = 7777
ip_address = 192.169.254.2
name = mother
</details>
## Configuration MTA
### /etc/postfix/transport
a-lec.org :
* discard:
### /etc/postfix/virtual
@localhost admin@a-lec.org
@aunt.libre-en-communs.org admin@a-lec.org