Anleitungen
Backbone-Server
Dieser Artikel beschreibt NICHT die Installation eines Debian auf einer APU oder reines vergleichbaren Servers, sondern die weitergehende Konfiguration zum Backbone-Server.
Benutzer hinzufügen
useradd [BENUTZER] usermod -aG adm,staff,sudo,dialout [BENUTZER]
Hauptprogramme installieren
apt update apt install ca-certificates dnsmasq vlan bridge-utils linux-headers-amd64 build-essential cmake doxygen bison libsodium-dev bridge-utils xz-utils wget pkg-config libnl-genl-3-dev libnl-3-200 libnl-3-dev git python3-netifaces ethtool lsb-release libcap-dev ifenslave iptables-persistent iptraf tcpdump iputils-* host socat vim nano mc screen tmux iperf3 htop strace nmap lsof tftp sudo linux-headers-$(uname -r) telnet unattended-upgrades apt-listchanges
Systemname vergeben ([XXX] => Standortkurzbezeichnung)
nano /etc/hostname Gera-[XXX]-Backbone
Softraid/mdadm
lsblk -o NAME,SIZE,FSTYPE,TYPE,MOUNTPOINT mdadm --create --verbose /dev/md0 --level=5 --raid-devices=4 /dev/sdb /dev/sdc /dev/sdd /dev/sde mdadm --misc --detail /dev/md0 pvcreate /dev/md0 vgcreate hddraid /dev/md0 Proxmox: Storage->Add->LVM lvcreate hddraid --size 1TB --name vmbackup mkfs.ext4 /dev/hddraid/vmbackup mkdir -p /var/backups/vmbackup echo "/dev/hddraid/vmbackup /var/backups/vmbackup ext4 defaults 0 0" >> /etc/fstab mount -a Proxmox: Storage -> Add -> Directory vmbackup /var/backups/vmbackup "VZDump backup file" Proxmox: Backup -> Add
Speicherplatz (LVM)
fdisk /dev/sdb n p ... t 8e w pvcreate /dev/sdb1 vgcreate data-kuk01 /dev/sdb1
Unattendes Upgrades
sudo apt-get install unattended-upgrades apt-listchanges sudo dpkg-reconfigure -plow unattended-upgrades
SNMP/MIBS
mkdir -p /usr/share/snmp/mibs cd /tmp wget https://www.ubnt.com/downloads/firmwares/airos-ubnt-mib/ubnt-mib.zip unzip ubnt-mib.zip mv UBNT-* /usr/share/snmp/mibs
nano /etc/apt/sources.list.d/mibs.list deb http://ftp.de.debian.org/debian/ stretch main non-free deb http://ftp.de.debian.org/debian/ stretch-updates main non-free
apt update apt install snmp snmpd snmp-mibs-downloader
mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig nano /etc/snmp/snmpd.conf master agentx agentaddress 161 rocommunity public 127.0.0.1 rocommunity public 10.181.0.131 rocommunity public 172.16.[x].254 syslocation "Gera, [Standort]" syscontact backbone@freifunk-gera-greiz.de sysServices 72 sysservices 79 trapsink localhost public trapsink zabbix.ffggrz.de public trapcommunity public authtrapenable 1
nano /etc/default/snmpd nano /etc/systemd/system/multi-user.target.wants/snmpd.service SNMPDOPTS='-LS6d -Lf /dev/null -u snmp -g snmp -I -smux,mteTrigger,mteTriggerConf -p /run/snmpd.pid'
systemctl enable snmpd systemctl restart snmpd
iperf3
nano /etc/systemd/system/multi-user.target.wants/iperf3.service [Unit] Description=iperf3 After=syslog.target network.target [Service] Type=simple User=www-data Group=www-data Restart=on-failure RestartSec=30 ExecStart=/usr/bin/iperf3 --server --daemon KillMode=process [Install] WantedBy=multi-user.target systemctl enable iperf3 systemctl restart iperf3
Zabbix
nano /etc/apt/sources.list.d/zabbix.list deb https://repo.zabbix.com/zabbix/4.5/debian buster main deb-src https://repo.zabbix.com/zabbix/4.5/debian buster main
wget -O - "https://repo.zabbix.com/zabbix-official-repo.key" | apt-key add - apt update apt install zabbix-proxy-sqlite3 zabbix-agent
Proxy-Konfiguration
nano /etc/zabbix/zabbix_proxy.conf Server=10.181.0.131 Hostname=bb[x] DBName=/var/lib/zabbix/proxy.db ProxyOfflineBuffer=24
mkdir -p /var/lib/zabbix/ /etc/zabbix/zabbix_proxy.conf.d chown zabbix:zabbix -R /var/lib/zabbix/ chown zabbix:zabbix -R /etc/zabbix/zabbix_proxy.conf.d systemctl enable zabbix-proxy systemctl start zabbix-proxy
Bei einem Update des Proxies muss ggf. die alte Datenbankdatei gelöscht werden.
systemctl stop zabbix-proxy rm /var/lib/zabbix/proxy.db systemctl start zabbix-proxy
Zabbix-Agent
nano /etc/zabbix/zabbix_agentd.conf Server=127.0.0.1,172.16.[x].254,10.181.0.131 ServerActive=127.0.0.1,172.16.[x].254,10.181.0.131 Hostname=bb[x] Timeout=30
mkdir -p /etc/zabbix/zabbix_agentd.conf.d/ nano /etc/zabbix/zabbix_agentd.conf.d/statistics.conf UserParameter=statistics.iperf[*],iperf3 -c $2 -fB -t1 | grep " $1" | sed -e 's|[[:blank:]]\+|#|g' | cut -d# -f7 UserParameter=statistics.wget[*],wget -O /dev/null "$1" 2>&1 | grep "\[[0-9]*/[0-9]*\]" | awk -F'[()B ]+' '{gsub("K",1024);gsub("M",1048576);gsub("G",1073741824);print $$3*$$4}'
systemctl enable zabbix-agent systemctl restart zabbix-agent
NUT (UPS-Steuerung)
apt install nut echo "MODE=standalone" > /etc/nut/nut.conf mv /etc/nut/upsd.conf /etc/nut/upsd.conf.old echo "LISTEN 127.0.0.1 3493" > /etc/nut/upsd.conf chown nut:nut /etc/nut/upsd.conf chmod 400 /etc/nut/upsd.conf mv /etc/nut/upsd.users /etc/nut/upsd.users.old echo "[upsmon]" > /etc/nut/upsd.users echo "password = [PASSWORD]" >> /etc/nut/upsd.users echo "upsmon master" >> /etc/nut/upsd.users echo "[admin]" >> /etc/nut/upsd.users echo "password = [ADMINPASSWORD]" >> /etc/nut/upsd.users echo "actions = SET" >> /etc/nut/upsd.users echo "instcmds = ALL" >> /etc/nut/upsd.users chown nut:nut /etc/nut/upsd.users chmod 400 /etc/nut/upsd.users mv /etc/nut/ups.conf /etc/nut/ups.conf.old echo "["`hostname | tr '[:upper:]' '[:lower:]'`"-ups-01]" > /etc/nut/ups.conf echo "driver = usbhid-ups" >> /etc/nut/ups.conf echo "port = /dev/usb/hiddev0" >> /etc/nut/ups.conf echo "desc = \""`hostname` "UPS 01\"" >> /etc/nut/ups.conf echo "pollinterval = 15" >> /etc/nut/ups.conf mv /etc/nut/upsmon.conf /etc/nut/upsmon.conf.old echo "MONITOR "`hostname | tr '[:upper:]' '[:lower:]'`"-ups-01@localhost 1 upsmon [PASSWORD] master" > /etc/nut/upsmon.conf echo "#MONITOR "`hostname | tr '[:upper:]' '[:lower:]'`"-ups-01@localhost 1 admin [ADMINPASSWORD] master" >> /etc/nut/upsmon.conf echo "DEADTIME 25" >> /etc/nut/upsmon.conf echo "MAXAGE 25" >> /etc/nut/upsmon.conf ########### cp /lib/udev/rules.d/62-nut-usbups.rules /etc/udev/rules.d/ udevadm control --reload-rule udevadm trigger upsdrvctl start #service nut-client stop #service nut-server stop #sleep 2 #service nut-server start #service nut-client start systemctl restart upsmon systemctl restart nut-server ########### cd /tmp/ wget https://github.com/aktienmakler/Zabbix-NUT-Template/archive/master.zip unzip master.zip cp Zabbix-NUT-Template-master/sh/ups_status.sh /usr/lib/zabbix/externalscripts/ #cp Zabbix-NUT-Template-master/zabbix_agentd.d/userparameter_nut.conf /etc/zabbix/zabbix_agentd.conf.d/ echo "UserParameter=upsmon[*],/usr/lib/zabbix/externalscripts/ups_status.sh \$1 \$2" > /etc/zabbix/zabbix_agentd.conf.d/userparameter_nut.conf systemctl restart zabbix-agent
Netzwerk
am besten die Konfigurationsdateien von einem bestehenden System kopieren
#apt-get purge network-manager
#apt-get purge $(tasksel --task-packages desktop)
scp root@10.181.60.1:/etc/network/interfaces /etc/network/interfaces scp root@10.181.60.1:/etc/network/interfaces.d/freifunk /etc/network/interfaces.d/freifunk scp root@10.181.60.1:/etc/network/interfaces.d/mgmt /etc/network/interfaces.d/mgmt scp root@10.181.60.1:/etc/network/interfaces.d/wan /etc/network/interfaces.d/wan nano /etc/network/interfaces.d/freifunk # alle MAC-Adressen auf die Standortnummer anpassen nano /etc/network/interfaces.d/mgmt nano /etc/network/interfaces.d/wan nano /etc/resolv.conf domain ffggrz search ffggrz. nameserver 10.181.0.11 nameserver 10.181.0.12 nameserver 10.181.0.13
lokales DNS
https://www.freifunk-gera-greiz.de/wiki/-/wiki/Allgemein/interne+Domains+und+DHCP+mit+dnsmasq
Routing
iptables --table nat --append POSTROUTING --out-interface br-freifunk -j MASQUERADE # iptables --table nat --append POSTROUTING --out-interface wan -j MASQUERADE iptables --append FORWARD --in-interface [MGMT-Interface] -j ACCEPT iptables-save > /etc/iptables/rules.v4 # Dauerhaft nano /etc/sysctl.conf net.ipv4.ip_forward=1 # Einmalig bis zum Reboot echo 1 > /proc/sys/net/ipv4/ip_forward
ext-respondd
cd /opt/ git clone https://github.com/ffggrz/ext-respondd cp ext-respondd/alias.json.example ext-respondd/alias.json nano ext-respondd/alias.json { "nodeinfo": { "hostname": "bb[Standort]", "node_id": "[MAC]", "owner": { "contact": "backbone@freifunk-gera-greiz.de" }, "system": { "site_code": "ffggrz", "role": "gateway" }, "location": { "latitude": [LAT], "longitude": [LON] }, "pages": [ "http://start.ffggrz/", "http://start.ffggrz.de/" ] }, } cp ext-respondd/config.json.example ext-respondd/config.json nano ext-respondd/config.json { "batman": "bat0", "bridge": "br-freifunk", "rate_limit": 30, "rate_limit_burst": 10, "wan": "[Bond|Interface].[VLAN]", "mesh-vpn": [ "mesh-vpn-l2tp-1", "mesh-vpn-l2tp-2", "mesh-vpn-l2tp-3"] } cp /opt/ext-respondd/ext-respondd.service.example /etc/systemd/system/ext-respondd.service systemctl enable ext-respondd systemctl restart ext-respondd # läuft erst nach einem Neustart, wenn bat0 vorhanden ist
tunneldigger
batctl/batman-adv
Batman-Update
# damit das Kernelmodul gegen den aktuellsten Kernel gebaut wird, sollte vorher ein Upgrade und ein Neustart durchgeführt werden apt upgrade reboot -f
export BATMANVERSION="2021.0" cd /usr/local/src/ wget "https://downloads.open-mesh.org/batman/releases/batman-adv-${BATMANVERSION}/batctl-${BATMANVERSION}.tar.gz" wget "https://downloads.open-mesh.org/batman/releases/batman-adv-${BATMANVERSION}/batman-adv-${BATMANVERSION}.tar.gz" tar -xvzf batman-adv-"${BATMANVERSION}".tar.gz tar -xvzf batctl-"${BATMANVERSION}".tar.gz cd batctl-"${BATMANVERSION}" make && make install cd ../batman-adv-"${BATMANVERSION}" make && make install # Nach der Kompilierung wird erneut durchgestartet reboot -f # Die aktuelle Version kann über batctl getestet werden. batctl -v
19034 Aufrufe