alten Server (188.138.72.82) nach Migration löschen (re-install base-image über admin-panel) und KÜNDIGEN
/etc
) werden mit git verwaltet - regelmäßiges einchecken nach Configchanges nicht vergessenwichtige Scripts:
/root/bin/vm_iptables/vm_ssh_forwarding.sh
/etc
) werden mit git verwaltet - regelmäßiges einchecken nach Configchanges nicht vergessen apt-get install configure-debian hnb htop ncdu nmap rsync sudo tcpdump tmux vim apt-get install apache2 libapache2-mod-rpaf libapache2-mod-php apt-get install docker-ce docker-ce-cli containerd.io docker-compose apt-get install qemu-kvm virt-manager
# Firewall & SSH-Portforwarding to VMs etc. luna245:~# cd /root/bin/vm_iptables/ luna245:~/bin/vm_iptables# ./vm_ssh_forwarding.sh restart # TODO configure fail2ban
# --- Docker container rsync -av /srv/docker/minetest 85.25.95.149:/srv/docker rsync -av /srv/docker/volumes/minetest 85.25.95.149:/srv/docker/volumes rsync -av /srv/docker/reminiscence 85.25.95.149:/srv/docker rsync -av /srv/docker/volumes/reminiscence 85.25.95.149:/srv/docker/volumes rsync -av /srv/docker/nextcloud 85.25.95.149:/srv/docker rsync -av /srv/docker/opentrashmail 85.25.95.149:/srv/docker rsync -av /srv/docker/volumes/opentrashmail 85.25.95.149:/srv/docker/volumes rsync -av /srv/docker/miniflux 85.25.95.149:/srv/docker rsync -av /srv/docker/dokuwiki 85.25.95.149:/srv/docker rsync -av /srv/docker/volumes/dokuwiki2 85.25.95.149:/srv/docker/volumes rsync -av /srv/docker/service-mail 85.25.95.149:/srv/docker # --- KVM VMs rsync -av /var/lib/libvirt/images/aaa.qcow2 85.25.95.149:/var/lib/libvirt/images rsync -av /var/lib/libvirt/images/anyplanet*.qcow2 85.25.95.149:/var/lib/libvirt/images
a2enmod ssl proxy proxy_http mod-php7.3 mod-rpaf mod-rewrite
a2ensite 000-default.conf default-ssl.conf #FIXMEP3 default-ssl.conf nutzt ein self-sign-cert (snakeoil) a2ensite vm_aaa vm_aaa_ssl a2ensite dragon-in-repose.com.conf dragon-in-repose.com-le-ssl.conf a2ensite füralle.de füralle.de-le-ssl.conf monitoring.füralle.de-le-ssl.conf
luna245:/etc# ls /etc/apache2/sites-enabled/ 000-default.conf füralle.de-le-ssl.conf default-ssl.conf monitoring.füralle.de-le-ssl.conf dragon-in-repose.com.conf vm_aaa.conf dragon-in-repose.com-le-ssl.conf vm_aaa-le-ssl.conf füralle.de.conf luna245:/etc# date Fri 20 Aug 2021 12:17:54 PM CEST luna245:/etc#
certbot --apache -d allesaufanfang.de certbot --apache -d anypla.net certbot --apache -d apps.anypla.net certbot --apache -d cloud.anypla.net certbot --apache -d connect.anypla.net certbot --apache -d mail.anypla.net [certbot --apache -d wiki.anypla.net] # TODO: mediawiki statt dokuwiki (apps.anypla.net/wiki/) certbot --apache -d dragon-in-repose.com certbot --apache -d xn--fralle-3ya.de # Punicode! certbot --apache -d apps.xn--fralle-3ya.de certbot --apache -d kochen.xn--fralle-3ya.de certbot --apache -d mail.xn--fralle-3ya.de certbot --apache -d monitoring.xn--fralle-3ya.de
/root/bin/vm_iptables/vm_ssh_forwarding.sh
$ apt-get install docker-ce docker-ce-cli containerd.io docker-compose
luna245:/srv/docker# date Sun 22 Aug 2021 09:39:47 PM CEST luna245:/srv/docker# ls -l /srv/docker/ total 40 drwxr-xr-x 2 root root 4096 Aug 20 13:07 dokuwiki lrwxrwxrwx 1 root root 48 Aug 19 17:53 kochen.füralle.de -> /home/s3h10r/development/mychef-meinerezepte.de/ drwxr-xr-x 3 s3h10r docker 4096 Aug 20 11:08 minetest drwxr-xr-x 2 root root 4096 Aug 1 2020 miniflux -rwxr-xr-x 1 root root 182 Aug 20 13:02 mydocker-helpers.sh drwxr-xr-x 4 s3h10r docker 4096 Aug 20 13:21 nextcloud drwxr-xr-x 2 root root 4096 Aug 2 2020 opentrashmail drwxr-xr-x 17 s3h10r root 4096 Mar 21 13:49 reminiscence drwxr-xr-x 5 root root 4096 May 24 17:34 service-mail drwxr-xr-x 6 s3h10r docker 4096 Aug 20 12:35 volumes drwxr-xr-x 2 root root 4096 Aug 19 19:49 zabbix
luna245:/srv/docker/kochen.füralle.de# docker-compose stop && docker-compose build && docker-compose up -d Building web Step 1/10 : FROM debian:10-slim 10-slim: Pulling from library/debian e1acddbe380c: Pull complete Digest: sha256:1b138699146ca36569f2f2098c8e22c56756b5776f7668a6a294f81a2bef2a2d Status: Downloaded newer image for debian:10-slim ...
luna245:/srv/docker/zabbix# docker container ls CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 758a81861723 nextcloud:21.0.0 "/entrypoint.sh apac…" 2 days ago Up 2 days 0.0.0.0:8090->80/tcp nextcloud e423321f4640 reminiscence_nginx "/docker-entrypoint.…" 2 days ago Up 2 days 0.0.0.0:8100->80/tcp reminiscence_nginx_1 6b275e569e6a reminiscence_web "bash -c 'while ! nc…" 2 days ago Up 2 days 0.0.0.0:8101->8000/tcp reminiscence_web_1 eee83d39e019 postgres:11 "docker-entrypoint.s…" 2 days ago Up 2 days 5432/tcp reminiscence_db_1 c1950b1eaf20 linuxserver/dokuwiki "/init" 2 days ago Up 2 days 443/tcp, 0.0.0.0:4280->80/tcp dokuwiki 936d542d1937 linuxserver/minetest:5.2.0-ls50 "/usr/bin/minetestse…" 2 days ago Up 2 days 0.0.0.0:30000->30000/udp minetest 0952f7c9e4b4 zabbix/zabbix-web-nginx-pgsql:alpine-5.4-latest "docker-entrypoint.sh" 2 days ago Up 2 days 0.0.0.0:2280->8080/tcp, 0.0.0.0:2443->8443/tcp zabbix-web-nginx-pgsql 8407c4292b83 zabbix/zabbix-server-pgsql:alpine-5.4-latest "/sbin/tini -- /usr/…" 2 days ago Up 2 days 0.0.0.0:10051->10051/tcp zabbix-server-pgsql cb58f1f644ab zabbix/zabbix-snmptraps:alpine-5.4-latest "/usr/sbin/snmptrapd…" 2 days ago Up 2 days 0.0.0.0:162->1162/udp zabbix-snmptraps 7c009a03fa22 postgres:latest "docker-entrypoint.s…" 2 days ago Up 2 days 5432/tcp postgres-server c0377a22e8b1 mychef-meinerezeptede_nginx "/docker-entrypoint.…" 2 days ago Up 2 days 0.0.0.0:4242->80/tcp mychef-meinerezeptede_nginx_1 c2eb03f10f57 mychef-meinerezeptede_web "python3 /code/meine…" 2 days ago Up 2 days 0.0.0.0:4281->8000/tcp mychef-meinerezeptede_web_1
docker run -d --name nextcloud -p 8090:80 -v /srv/docker/nextcloud/data:/var/www/html/data -v /srv/docker/nextcloud/config:/var/www/html/config nextcloud:19.0.9 # changing passwd # open a shell as user www-data in nextcloud-container # $ docker exec -it nextcloud /bin/bash -u www-data # and inside this then (here 'nextcloud' is the admin-user) # $ php /var/www/html/occ user:resetpassword nextcloud crontab -e */15 * * * * /usr/bin/docker exec -u www-data nextcloud php -f /var/www/html/cron.php 2>&1
indexer.php
# dokuwiki search-Index neu erstellen (manuell) docker exec -it c1 bash root@c1950b1eaf20:/# /app/dokuwiki/bin/indexer.php exit # dokuwiki search-Index neu erstellen (cronjob, einzeiler) #TODOP2 crontab -e ...
Idee: was man u.U. stattdessen probieren könnte: aktiven zabbix_agent auf dem kvm host -> dieser connected sich dann an die “öffentliche phys. host ip + port” der wiederum auf die docker-instance läuft (10050?). Voraussetzung der active agent funktioniert so, dass einzig er nur die verbindung zum server aufbaut…
/var/lib/libvirt/images/
- VMs (HDDs)/srv/vm/iso
- OS-installations-images (win10, windows-server-2016/2019/…)$ apt-get install qemu-kvm virt-manager
luna245:~/bin# ls -l /var/lib/libvirt/images/ total 12582916 -rw-r--r-- 1 libvirt-qemu libvirt-qemu 12884901888 Aug 20 01:23 aaa.qcow2
Administration via virsh
oder grafisch via virt-manager
.
# Upgrade von 12.7.5 auf 13.5.4 apt-get install gitlab-ce=12.9.2-ce.0 apt-get install gitlab-ce=12.10.14-ce.0 apt-get install gitlab-ce=13.0.14-ce.0 wget --content-disposition https://packages.gitlab.com/gitlab/gitlab-ce/packages/debian/buster/gitlab-ce_13.1.11-ce.0_amd64.deb/download.deb dpkg -i gitlab-ce_13.1.11-ce.0_amd64.deb wget --content-disposition https://packages.gitlab.com/gitlab/gitlab-ce/packages/debian/buster/gitlab-ce_13.5.4-ce.0_amd64.deb/download.deb dpkg -i gitlab-ce_13.5.4-ce.0_amd64.deb apt-clean # ... auf 14.1.2 apt-get install gitlab-ce=13.9.2-ce.0 apt-get install gitlab-ce=13.12.9-ce.0 apt-get install gitlab-ce=14.0.7 apt-get install gitlab-ce=14.1.2 # ... auf 14.10 (#ts-220531) # automatisiert als script (: root@aomame:~/bin# cat update_gitlab.debian.sh #!/bin/bash #set -x function exit_on_error(){ if [ $1 -ne 0 ]; then echo "command '$2' failed." exit 10 else echo "command '$2' succeeded." fi } CMD=("ls -l /home/" 'ls -l /opt' "false" "ls -l /home") # arry CMD=("apt-get install gitlab-ce=14.6.7-ce.0" "apt-get install gitlab-ce=14.7.7-ce.0" "gitlab-ce=14.8.6-ce.0" "apt-get install gitlab-ce=14.9.3-ce.0" "apt-get install gitlab-ce=14.10.0-ce.0") # arry for cmd in "${CMD[@]}"; do # The quotes are necessary here echo "running '${cmd}'..." ${cmd} exit_on_error $? "$cmd" apt clean done echo "whoopwhoop. gitlab-upgrade succeeded. (:" apt-get update && apt-get upgrade apt clean # free tons of space (apt cache)
Momentane Lösung : 2 neue LVs.
/dev/aomame-vg/opt/
nach /opt
gemounted/dev/aomame-vg/var
nach /var
gemounted Diese beiden LVs können nach belieben problemlos online resized (lvextend & resize2fs) werden. In der VG sind noch mehrere GB frei.
Keinesfalls das Boot/Root-LV resizen - das ergibt hier leider üble Probleme wegen der cryptodisk 2 (vdb_crypt), die vor dem Booten entschlüsselt werden müsste!
210822, hessenm * ''/dev/vdb'' (40gb) hinzugefügt cryptsetup -y -v --type luks2 luksFormat /dev/vdb cryptsetup luksOpen /dev/vdb vdb_crypt pvcreate /dev/mapper/vdb_crypt vgextend aomame-vg /dev/mapper/vdb_crypt root@aomame:~# cat /etc/crypttab vda5_crypt UUID=cc385d17-244f-4bf9-a4dc-c0b694ecf806 none luks root@aomame:~# uuid="$(blkid -o value -s UUID /dev/vdb)" root@aomame:~# echo "vdb_crypt UUID=$uuid none luks" >> /etc/crypttab root@aomame:~# cat /etc/crypttab vda5_crypt UUID=cc385d17-244f-4bf9-a4dc-c0b694ecf806 none luks vdb_crypt UUID=fd5e3f22-d285-42b3-be84-70d652a59a32 none luks
cryptdisks_start vdb_crypt
/usr/local/etc/zabbix_agent2.conf
/var/log/zabbix_agent2.log
groupadd zabbix useradd -g zabbix -s /bin/bash zabbix apt-get update apt-get install build-essential libmariadb-dev libssl-dev libsnmp-dev libevent-dev pkg-config apt-get install libopenipmi-dev libxml2-dev libssh2-1-dev libpcre3-dev mlocate apt-get install libldap2-dev libiksemel-dev libcurl4-openssl-dev libgnutls28-dev cd /usr/local/src/ wget https://dl.google.com/go/go1.14.2.linux-amd64.tar.gz tar -C /usr/local/ -zxvf go1.14.2.linux-amd64.tar.gz vi /etc/profile.d/go.sh #/bin/bash export GOROOT=/usr/local/go export GOPATH=$GOROOT/work export PATH=$PATH:$GOROOT/bin:$GOPATH/bin source /etc/profile.d/go.sh env | grep -E "(ROOT|GOPATH)" # verify the required environement variables are available now wget https://cdn.zabbix.com/zabbix/sources/stable/5.4/zabbix-5.4.3.tar.gz tar -xvzf zabbix-5.4.3.tar.gz cd 5.4.3 tar -zxvf zabbix-5.0.0.tar.gz cd zabbix-5.0.0 ./configure --enable-agent --enable-agent2 --with-openssl make make install updatedb locate zabbix_agent2.conf vi /usr/local/etc/zabbix_agent2.conf LogFile=/tmp/zabbix_agent2.log Server=127.0.0.1,192.168.15.10 ServerActive=192.168.15.10 Hostname=DOCKER ControlSocket=/tmp/agent.sock DenyKey=system.run[*] /usr/local/sbin/zabbix_agent2 &
Leider können die KVM VMs nicht mit den Docker Containern kommunizieren ohne sie an die gleiche Bridge zu hängen. TODO Daher wird ein Zabbix-Proxy auf dem Phys. Host installiert.
# --- checking zabbix server verion luna245:~# docker exec -it --user root zabbix-server-pgsql zabbix_server -V zabbix_server (Zabbix) 5.4.3 Revision 68dc2b0 21 July 2021, compilation time: Aug 5 2021 17:07:27 Copyright (C) 2021 Zabbix SIA License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl.html>. This is free software: you are free to change and redistribute it according to the license. There is NO WARRANTY, to the extent permitted by law. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). Compiled with OpenSSL 1.1.1k 25 Mar 2021 Running with OpenSSL 1.1.1k 25 Mar 2021
cd /usr/local/src && https://cdn.zabbix.com/zabbix/sources/stable/5.4/zabbix-5.4.3.tar.gz tar -xvzf cd zabbix-5.4.3 ./configure --enable-proxy --with-sqlite3 make make install cat /usr/local/src/zabbix-5.4.3/database/sqlite3/schema.sql | sqlite3 /var/lib/zabbix/zabbix_proxy.db chown -R zabbix:zabbix /var/lib/zabbix/zabbix_proxy.db ln -s /usr/local/etc/zabbix_proxy.conf /etc/zabbix/zabbix_proxy.conf ln -s /usr/local/etc/zabbix_proxy.conf.d/ /etc/zabbix/zabbix_proxy.conf.d vi /etc/zabbix/zabbix_proxy.conf /usr/local/sbin/zabbix_proxy tail -10f /var/log/zabbix_proxy.log docker logs zabbix-server-pgsql