Outils pour utilisateurs

Outils du site


installer_un_serveur_linux

Installation d'un serveur DEBIAN

Configuration comme routeur

Le serveur doit avoir deux cartes réseau. Dans l'exemple eth0=WAN et eth1=LAN

  1. Adapter le fichier /etc/network/interfaces
    #WAN Connection to ULB network
    auto eth0
    iface eth0 inet static
      address 164.15.X.Y
      netmask 255.255.255.0
      gateway 164.15.X.254
    
    #For local network
    auto eth1
    iface eth1 inet static
            address 192.168.0.254
            netmask 255.255.255.0
            network 192.168.0.0
            broadcast 192.168.0.255
    
  2. Autoriser le routage entre les deux cartes
    echo 1 > /proc/sys/net/ipv4/ip_forward
  3. Rendre permanent en adaptant le fichier /etc/sysctl.conf
    # Uncomment the next line to enable packet forwarding for IPv4
    net.ipv4.ip_forward=1
  4. Configurer le NAT
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
    iptables-save > /etc/iptables.rules
  5. Ajout d'un serveur dhcp (optionnel)
    1. installation du paquet ( aptitude install isc-dhcp-server ) et adaptation du fichier /etc/default/isc-dhcp-server (INTERFACES=“eth1”)
    2. éditer /etc/dhcp/dhcpd.conf
      # option definitions common to all supported networks...
      option domain-name "ulb.ac.be";
      option domain-name-servers 164.15.59.200,164.15.125.1;
      ...
      subnet 192.168.0.0 netmask 255.255.255.0 {
      
          option subnet-mask      255.255.255.0;
          option routers          192.168.0.254;
          use-host-decl-names     on;
          range 192.168.0.50 192.168.0.55;
      
          host pc-guest1 {
              fixed-address       192.168.0.51;
              #hardware ethernet   00:AA:AA:AA:AA:AA;
      
          }
      }
  6. ajouter fail2ban et l'intégrer au script de firewall !
  7. FIXME
# Generated by iptables-save v1.4.8 on Tue Feb  3 09:31:58 2015
*mangle
:PREROUTING ACCEPT [652:62509]
:INPUT ACCEPT [650:62357]
:FORWARD ACCEPT [2:152]
:OUTPUT ACCEPT [242:37116]
:POSTROUTING ACCEPT [244:37268]
COMMIT
# Completed on Tue Feb  3 09:31:58 2015
# Generated by iptables-save v1.4.8 on Tue Feb  3 09:31:58 2015
*nat
:PREROUTING ACCEPT [65:9690]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE 
COMMIT
# Completed on Tue Feb  3 09:31:58 2015
# Generated by iptables-save v1.4.8 on Tue Feb  3 09:31:58 2015
*filter
:INPUT ACCEPT [50:5172]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [19:4332]
:fail2ban-ssh - [0:0]
-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh 
-A FORWARD -i eth1 -j ACCEPT 
-A fail2ban-ssh -j RETURN 
COMMIT

Configuration d'un onduleur

basé sur doc de MGE : http://opensource.mgeups.com/howto.htm

  • apt-get update ; apt-get install nut
  • éditer /etc/default/nut et mettre
# start upsd
START_UPSD=yes
# start upsmon
START_UPSMON=yes
  • copier fichiers de config /usr/share/doc/nut/examples/ dans /etc/nut
  • /etc/nut/ups.conf
 [myups]
 	driver = usbhid-ups
	port = auto
	desc = "Onduleur psi3"
  • /etc/nut/upsd.conf”
ACL all 0.0.0.0/0
ACL localhost 127.0.0.1/32
ACCEPT localhost
REJECT all
  • /etc/nut/upsd.users
         # Supervision user
        [admin]
                password = mypass
                allowfrom = localhost
                actions = SET
                instcmds = ALL

         # Protection user
        [monuser]
                password  = mypass
                allowfrom = localhost
                upsmon master
  • /etc/nut/upsmon.conf”
MONITOR ups_name@localhost 1 monuser mypass master
MINSUPPLIES 1
POLLFREQ 5
POLLFREQALERT 5
HOSTSYNC 15
DEADTIME 15
POWERDOWNFLAG /etc/killpower
RBWARNTIME 43200
NOCOMMWARNTIME 300
FINALDELAY 5
  • démarrer services
    invoke-rc.d nut start
  • Tester la configuration
upsc ups_name@localhost
upsrw ups_name@localhost

Script cgi pour voir ups

OpenVZ

Installation

apt-get install linux-image-openvz-amd64 binutils debootstrap rsync binutils-doc quota vzctl vzdump vzquota

OpenVZ web panel monitor

wget -O - http://ovz-web-panel.googlecode.com/svn/installer/ai.sh |sh

Configuration

  • Ajouter le fichier /etc/sysctl.d/openvz.conf
cat > /etc/sysctl.d/openvz.conf
# On Hardware Node we generally need
# packet forwarding enabled and proxy arp disabled

net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp=0
net.ipv4.ip_forward=1

# Enables source route verification
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1

# Enables the magic-sysrq key
kernel.sysrq=1

# TCP Explict Congestion Notification
#net.ipv4.tcp_ecn=0

# we do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects=1
net.ipv4.conf.all.send_redirects=0
  • Modifier le fichier /etc/vz/vz.conf
# vi /etc/vz/vz.conf 
DEF_OSTEMPLATE="debian-5.0-amd64-minimal"

Créer des VE hosts

Create VZ machine :

  • vzctl create 101
  • vzctl set 101 –onboot yes –save
  • vzctl set 101 –hostname FQDN –save
  • vzctl set 101 –ipadd w.x.y.z –save
  • vzctl set 101 –nameserver 164.15.59.200 –save
  • vzctl set 101 –userpasswd root:password
  • vzctl start 101

Change VEID (ex:201 to 601)

  • vzctl stop 201
  • cd /vz/
  • mv private/201 private/601
  • mv /etc/vz/conf/201.conf /etc/vz/conf/601.conf
  • vzctl start 601

Commandes sur les VE hosts

  • vzctl exec 101 service sshd status
  • vzctl exec 101 service sshd start
  • vzctl enter 101
  • vzctl exec 101 /etc/init.d/ssh status
  • vzctl status 101
  • vzlist 101
  • cat /proc/vz/veinfo
  • vzctl restart 101
  • vzlist -a
  • vzctl exec 101 /etc/init.d/ssh status
  • vzctl exec2 101 /etc/init.d/ssh status

Divers

  • I/O priorities (def=4) : from 0 (less priorities) to 8 (more) : priority greater ⇒ can do more I/O
  • CPU cpuunits → partage du temps cpu
cmd : vzctl set CTID --cpulimit pourcentage(valeur max :1cpu=100%, 2cpu=200%, …) --save
ex : vzctl set 101 --cpulimit 150 --save (alloue 1,5 cpu)
  • Disk quota (needs ext2 or ext3 or ext4 FS)
cmd: 	vzctl set CTID --diskspace $SoftLimit$:$HardLimit$ --save
ex:	vzctl set 101 --diskspace 10G:12G --save
  • quota
vzquota init 100 -b 20485860 -B 20485860 -i 200100 -I 220100 -p /vz/private/100 -e 0 -n 0 -s 1 -u 200
vzquota on 100
installer_un_serveur_linux.txt · Dernière modification: 2015/02/17 10:50 par ghouart