documentation/pm/mother.md

4.3 KiB
Raw Blame History

mother, machine physique (leparc)

Matériel

Carte mère : 1 × Asus KGPN-D16 Rev 1.03G
CPU : 2 × AMD Opteron 6282SE
RAM : 4 × Crucial RDIMM 16Go CT2K16G3ERSLD4160B
Alimentation : 1 × Antec NE700G ZEN EC
Onduleur : 1 × EATON Ellipse PRO 1600 VA
Casier : 1 × Inter-Tech IPC 4U-4129-N SSI-EEB (Rack)
Stockage de masse : 2 × KINGSTON SEDC500M1920G 2 To

Logiciel

Micro-programme : Coreboot 4.6 + SeaBIOS, sans blob privateur
Système d'exploitation : Debian GNU/Linux-libre 11 (Bullseye)
Noyau : Linux-libre LTS (linux-libre-lts des dépôts https://linux-libre.fsfla.org)
Virtualisation : QEMU/KVM (libvirt)
Gestion du onduleur : NUT/UPS
Audit des paquets mensuel : vrms
Sécurités de la maintenance : etckeeper, mollyguard, tig, lm-sensors, fancontrol, screen
Mail Transfer Agent : postfix
Réplication de stockage (vm) : drbd, ocfs2

Caractéristiques notables

Domaine : mother.libre-en-communs.org
Adresse ipv4 publique : 80.67.176.33
Adresse ipv4 locale : 192.168.1.2
Adresse ipv4 interne DRBD : 192.168.254.2
Adresse ipv6 publique : 2001:910:1021::2

Configuration réseau

/etc/network/interfaces

auto lo br0
iface lo inet loopback

# The primary network interface
allow-hotplug ens10
allow-hotplug ens9
allow-hotplug ens13f0
allow-hotplug ens13f1

# aunt
iface ens13f1 inet static
        address 192.168.254.2

post-up /usr/bin/ip link set ens13f1 mtu 9000

# bridge for vm
iface br0 inet static
    bridge_ports ens13f0
    address 192.168.1.2
    gateway 192.168.0.1
    broadcast 192.168.255.255
    netmask 255.255.0.0

iface br0 inet6 static
        bridge_ports ens13f0
        address 2001:910:1021:0::2/128
        gateway 2001:910:1021::1

Configuration SSH

/etc/ssh/sshd_config

Port 222
AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::

PubkeyAuthentication yes

PasswordAuthentication no
PermitEmptyPasswords no

ChallengeResponseAuthentication no

UsePAM yes

AllowAgentForwarding yes
AllowTcpForwarding yes
GatewayPorts yes
X11Forwarding no

PrintMotd no

TCPKeepAlive yes

PermitTunnel yes

AcceptEnv LANG LC_* GIT_*

Subsystem	sftp	/usr/lib/openssh/sftp-server

Match User admin666 Address *,!127.0.0.1,!::1
    DenyUsers admin666

Configuration DRBD

/etc/drbd.d/drbd1.res

resource drbd1 {
 meta-disk internal;
 device /dev/drbd1;

 startup {
  become-primary-on both;
 }
 net {
  verify-alg sha256;
  allow-two-primaries yes;
  after-sb-0pri discard-zero-changes;
  after-sb-1pri discard-secondary;
  protocol C;
  ko-count 0;
  timeout 119;
  ping-int 120;
  connect-int 120;
  max-buffers 36k;
  sndbuf-size 0;
  rcvbuf-size 0;
 }
 handlers {
  pri-lost-after-sb "killall virt-backup";
 }
 disk {
  on-io-error pass_on;
  md-flushes;
  c-fill-target 10M;
  c-max-rate   700M;
  c-plan-ahead    0;
  c-min-rate     4M;
  resync-rate 500M;
 }

 on mother {                            # hostname must match `uname -n` output
  disk /dev/md1;                        # Logical Volume on the provided host
  address 192.168.254.2:7789;           # IP Address to be used to connect to the node with port
 }

 on aunt {                              # hostname must match `uname -n` output
  disk /dev/md1;                        # Logical Volume on the provided host
  address 192.168.254.3:7789;           # IP Address to be used to connect to the node with port
 }

}

/etc/ocfs2/cluster.conf

cluster:
    name = sharedfs
    heartbeat_mode = local
    node_count = 2

node:
    cluster = sharedfs
    number = 0
    ip_port = 7777
    ip_address = 192.168.254.3
    name = aunt

node:
    cluster = sharedfs
    number = 1
    ip_port = 7777
    ip_address = 192.168.254.2
    name = mother

Configuration MTA

/etc/postfix/transport

a-lec.org    :
*              discard:

/etc/postfix/virtual

@localhost admin@a-lec.org
@mother.libre-en-communs.org admin@a-lec.org