Anleitungen

Backbone-Server

Dieser Artikel beschreibt NICHT die Installation eines Debian auf einer APU oder reines vergleichbaren Servers, sondern die weitergehende Konfiguration zum Backbone-Server.

Benutzer hinzufügen

useradd [BENUTZER]
usermod -aG adm,staff,sudo,dialout [BENUTZER]

Hauptprogramme installieren

apt update
apt install ca-certificates dnsmasq vlan bridge-utils linux-headers-amd64 build-essential cmake doxygen bison libsodium-dev bridge-utils xz-utils wget pkg-config libnl-genl-3-dev libnl-3-200 libnl-3-dev git python3-netifaces ethtool lsb-release libcap-dev ifenslave iptables-persistent iptraf tcpdump iputils-* host socat vim nano mc screen tmux iperf3 htop strace nmap lsof tftp sudo linux-headers-$(uname -r) telnet unattended-upgrades apt-listchanges

Systemname vergeben ([XXX] => Standortkurzbezeichnung)

nano /etc/hostname
Gera-[XXX]-Backbone

Softraid/mdadm

lsblk -o NAME,SIZE,FSTYPE,TYPE,MOUNTPOINT
mdadm --create --verbose /dev/md0 --level=5 --raid-devices=4 /dev/sdb /dev/sdc /dev/sdd /dev/sde
mdadm --misc --detail /dev/md0

pvcreate /dev/md0
vgcreate hddraid /dev/md0
Proxmox: Storage->Add->LVM

lvcreate hddraid --size 1TB --name vmbackup
mkfs.ext4 /dev/hddraid/vmbackup
mkdir -p /var/backups/vmbackup
echo "/dev/hddraid/vmbackup /var/backups/vmbackup ext4 defaults 0 0" >> /etc/fstab
mount -a
Proxmox: Storage -> Add -> Directory
    vmbackup
    /var/backups/vmbackup
    "VZDump backup file"
Proxmox: Backup -> Add

Speicherplatz (LVM)

fdisk /dev/sdb
n p ...
t 8e
w

pvcreate /dev/sdb1
vgcreate data-kuk01 /dev/sdb1

Unattendes Upgrades

...todo...

SNMP/MIBS

mkdir -p /usr/share/snmp/mibs
cd /tmp
wget https://www.ubnt.com/downloads/firmwares/airos-ubnt-mib/ubnt-mib.zip
unzip ubnt-mib.zip
mv UBNT-* /usr/share/snmp/mibs

 

nano /etc/apt/sources.list.d/mibs.list
deb http://ftp.de.debian.org/debian/ stretch main non-free
deb http://ftp.de.debian.org/debian/ stretch-updates main non-free

 

apt update
apt install snmp snmpd snmp-mibs-downloader

 

mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig
nano /etc/snmp/snmpd.conf
master agentx
agentaddress 161
rocommunity public 127.0.0.1
rocommunity public 10.181.0.131
rocommunity public 172.16.[x].254

syslocation  "Gera, [Standort]"
syscontact  backbone@freifunk-gera-greiz.de
sysServices 72
sysservices 79

trapsink  localhost public
trapsink  zabbix.ffggrz.de public
trapcommunity  public
authtrapenable  1

 

nano /etc/default/snmpd
nano /etc/systemd/system/multi-user.target.wants/snmpd.service
SNMPDOPTS='-LS6d -Lf /dev/null -u snmp -g snmp -I -smux,mteTrigger,mteTriggerConf -p /run/snmpd.pid'

 

systemctl enable snmpd
systemctl restart snmpd

iperf3

nano /etc/systemd/system/multi-user.target.wants/iperf3.service
[Unit]
Description=iperf3
After=syslog.target network.target

[Service]
Type=simple
User=www-data
Group=www-data
Restart=on-failure
RestartSec=30
ExecStart=/usr/bin/iperf3 --server --daemon
KillMode=process

[Install]
WantedBy=multi-user.target

systemctl enable iperf3
systemctl restart iperf3

Zabbix

nano /etc/apt/sources.list.d/zabbix.list
deb http://repo.zabbix.com/zabbix/3.4/debian stretch main
deb-src http://repo.zabbix.com/zabbix/3.4/debian stretch main

 

wget -O - "https://repo.zabbix.com/zabbix-official-repo.key" | apt-key add -
apt update
apt install zabbix-proxy-sqlite3 zabbix-agent

Proxy-Konfiguration

nano /etc/zabbix/zabbix_proxy.conf
Server=10.181.0.131
Hostname=bb[x]
DBName=/var/lib/zabbix/proxy.db
ProxyOfflineBuffer=24
mkdir -p /var/lib/zabbix/ /etc/zabbix/zabbix_proxy.conf.d
chown zabbix:zabbix -R /var/lib/zabbix/
chown zabbix:zabbix -R /etc/zabbix/zabbix_proxy.conf.d
systemctl enable zabbix-proxy
systemctl start zabbix-proxy

Bei einem Update des Proxies muss ggf. die alte Datenbankdatei gelöscht werden.

systemctl stop zabbix-proxy
rm /var/lib/zabbix/proxy.db
systemctl start zabbix-proxy

Zabbix-Agent

nano /etc/zabbix/zabbix_agentd.conf
Server=127.0.0.1,172.16.[x].254,10.181.0.131
ServerActive=127.0.0.1,172.16.[x].254,10.181.0.131
Hostname=bb[x]
Timeout=30
mkdir -p /etc/zabbix/zabbix_agentd.conf.d/
nano /etc/zabbix/zabbix_agentd.conf.d/statistics.conf 
UserParameter=statistics.iperf[*],iperf3 -c $2 -fB -t1 | grep " $1" | sed -e 's|[[:blank:]]\+|#|g' | cut -d# -f7
UserParameter=statistics.wget[*],wget -O /dev/null "$1" 2>&1 | grep "\[[0-9]*/[0-9]*\]" | awk -F'[()B ]+' '{gsub("K",1024);gsub("M",1048576);gsub("G",1073741824);print $$3*$$4}'

 

systemctl enable zabbix-agent
systemctl restart zabbix-agent


NUT (UPS-Steuerung)

apt install nut

echo "MODE=standalone" > /etc/nut/nut.conf

mv /etc/nut/upsd.conf /etc/nut/upsd.conf.old
echo "LISTEN 127.0.0.1 3493" > /etc/nut/upsd.conf
chown nut:nut /etc/nut/upsd.conf
chmod 400 /etc/nut/upsd.conf

mv /etc/nut/upsd.users /etc/nut/upsd.users.old
echo "[upsmon]" > /etc/nut/upsd.users
echo "password = [PASSWORD]" >> /etc/nut/upsd.users
echo "upsmon master" >> /etc/nut/upsd.users
echo "[admin]" >> /etc/nut/upsd.users
echo "password = [ADMINPASSWORD]" >> /etc/nut/upsd.users
echo "actions = SET" >> /etc/nut/upsd.users
echo "instcmds = ALL" >> /etc/nut/upsd.users
chown nut:nut /etc/nut/upsd.users
chmod 400 /etc/nut/upsd.users

mv /etc/nut/ups.conf /etc/nut/ups.conf.old
echo "["`hostname | tr '[:upper:]' '[:lower:]'`"-ups-01]" > /etc/nut/ups.conf
echo "driver = usbhid-ups" >> /etc/nut/ups.conf
echo "port = /dev/usb/hiddev0" >> /etc/nut/ups.conf
echo "desc = \""`hostname` "UPS 01\"" >> /etc/nut/ups.conf
echo "pollinterval = 15" >> /etc/nut/ups.conf

mv /etc/nut/upsmon.conf /etc/nut/upsmon.conf.old
echo "MONITOR "`hostname | tr '[:upper:]' '[:lower:]'`"-ups-01@localhost 1 upsmon [PASSWORD] master" > /etc/nut/upsmon.conf
echo "#MONITOR "`hostname | tr '[:upper:]' '[:lower:]'`"-ups-01@localhost 1 admin [ADMINPASSWORD] master" >> /etc/nut/upsmon.conf
echo "DEADTIME 25" >> /etc/nut/upsmon.conf
echo "MAXAGE 25" >> /etc/nut/upsmon.conf
###########
cp /lib/udev/rules.d/62-nut-usbups.rules /etc/udev/rules.d/

udevadm control --reload-rule
udevadm trigger
upsdrvctl start

#service nut-client stop
#service nut-server stop
#sleep 2
#service nut-server start
#service nut-client start
systemctl restart upsmon
systemctl restart nut-server
###########
cd /tmp/
wget https://github.com/aktienmakler/Zabbix-NUT-Template/archive/master.zip
unzip master.zip
cp Zabbix-NUT-Template-master/sh/ups_status.sh /usr/lib/zabbix/externalscripts/
#cp Zabbix-NUT-Template-master/zabbix_agentd.d/userparameter_nut.conf /etc/zabbix/zabbix_agentd.conf.d/
echo "UserParameter=upsmon[*],/usr/lib/zabbix/externalscripts/ups_status.sh \$1 \$2" > /etc/zabbix/zabbix_agentd.conf.d/userparameter_nut.conf

systemctl restart zabbix-agent

Netzwerk

am besten die Konfigurationsdateien von einem bestehenden System kopieren
#apt-get purge network-manager
#apt-get purge $(tasksel --task-packages desktop)

scp root@10.181.60.1:/etc/network/interfaces /etc/network/interfaces
scp root@10.181.60.1:/etc/network/interfaces.d/freifunk /etc/network/interfaces.d/freifunk
scp root@10.181.60.1:/etc/network/interfaces.d/mgmt /etc/network/interfaces.d/mgmt
scp root@10.181.60.1:/etc/network/interfaces.d/wan /etc/network/interfaces.d/wan

nano /etc/network/interfaces.d/freifunk
# alle MAC-Adressen auf die Standortnummer anpassen
nano /etc/network/interfaces.d/mgmt
nano /etc/network/interfaces.d/wan

nano /etc/resolv.conf
domain ffggrz
search ffggrz.
nameserver 10.181.0.11
nameserver 10.181.0.12
nameserver 10.181.0.13

Routing

iptables --table nat --append POSTROUTING --out-interface br-freifunk -j MASQUERADE
iptables --append FORWARD --in-interface [MGMT-Interface] -j ACCEPT
iptables-save > /etc/iptables/rules.v4

# Dauerhaft
nano /etc/sysctl.conf
net.ipv4.ip_forward=1

# Einmalig bis zum Reboot
echo 1 > /proc/sys/net/ipv4/ip_forward

ext-respondd

cd /opt/
git clone https://github.com/ffggrz/ext-respondd
cp ext-respondd/alias.json.example ext-respondd/alias.json
nano ext-respondd/alias.json
{
  "nodeinfo": {
    "hostname": "bb[Standort]",
    "node_id": "[MAC]",
    "owner": {
      "contact": "backbone@freifunk-gera-greiz.de"
    },
    "system": {
      "site_code": "ffggrz",
      "role": "gateway"
    },
    "location": {
      "latitude": [LAT],
      "longitude": [LON]
    },
    "pages": [
      "http://start.ffggrz/",
      "http://start.ffggrz.de/"
    ]
  },
}

cp ext-respondd/config.json.example ext-respondd/config.json
nano ext-respondd/config.json
{
"batman": "bat0", 
"bridge": "br-freifunk", 
"rate_limit": 30, 
"rate_limit_burst": 10, 
"wan": "[Bond|Interface].[VLAN]", 
"mesh-vpn": [ "mesh-vpn-l2tp-1", "mesh-vpn-l2tp-2", "mesh-vpn-l2tp-3"] 
} 
cp /opt/ext-respondd/ext-respondd.service.example /etc/systemd/system/ext-respondd.service 
systemctl enable ext-respondd 
systemctl restart ext-respondd 
# läuft erst nach einem Neustart, wenn bat0 vorhanden ist

tunneldigger

siehe Mesh für Server

batctl/batman-adv

cd /usr/local/src/
wget https://downloads.open-mesh.org/batman/releases/batman-adv-2017.3/batctl-2017.3.tar.gz
wget https://downloads.open-mesh.org/batman/releases/batman-adv-2017.3/batman-adv-2017.3.tar.gz
tar -xvzf batman-adv-2017.3.tar.gz
tar -xvzf batctl-2017.3.tar.gz
cd batctl-2017.3
make && make install
cd ../batman-adv-2017.3
make && make install

LXC1

apt install lxc libvirt-clients debootstrap
nano /etc/lxc/default.conf
lxc.network.type = veth
lxc.network.link = br-freifunk
lxc.network.flags = up

nano /etc/default/lxc-net
USE_LXC_BRIDGE="true"
0 Anhänge
2459 Aufrufe
Durchschnitt (0 Stimmen)
Kommentare
Noch keine Kommentare. Seien Sie der Erste.

Wiki-Navigation Wiki-Navigation