Materiel/DL145-1

De Breizh-Entropy
Aller à la navigation Aller à la recherche

Caractéristiques

In a NutShell

  • Machine: HP DL 345 G2
  • CPU: 2xAMD opteron 246 (Single Core 2Ghz)
  • RAM: 4Go (8x512Mo)
  • Disques: 2x250Go Sata 3.5"
  • OS Debian wheezy amd64
  • Admins: Geb
  • Utilisation: Hôte Xen et services
  • IP: 192.168.0.190
  • SSH: d6:3b:3e:1c:88:47:96:77:3e:62:ab:6b:65:df:ae:f5.

Partitionnement

Identique sur chaque disque:

  • 100MB Raid1 /boot
  • 4GB Chiffré aes-xts-256 Swap
  • 246GB chiffré aes-xts-256 LVM
    • host-rootfs: 2GB
    • host-usr: 2GB
    • host-var: 2GB
    • host-home: 10GB

Grub

Bien installé sur les deux disques :

$ sudo grub-install /dev/sda
$ sudo grub-install /dev/sdb

Performances du chiffrement:

(depuis une live wheezy ; avec le cryptsetup-bin de jessie)
root@debian:/home/user# uptime ; uname -a ; cryptsetup --version ; cryptsetup benchmark ; uptime
 01:31:18 up 18 min, 10 users, load average: 0.43, 0.45, 0.32
Linux debian 3.2.0-4-amd64 #1 SMP Debian 3.2.57-3 x86_64 GNU/Linux
cryptsetup 1.6.4
# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1       190235 iterations per second
PBKDF2-sha256     112027 iterations per second
PBKDF2-sha512      72415 iterations per second
PBKDF2-ripemd160  158108 iterations per second
PBKDF2-whirlpool   61020 iterations per second
#  Algorithm | Key |  Encryption |  Decryption
     aes-cbc   128b   109.7 MiB/s   123.5 MiB/s
 serpent-cbc   128b    49.3 MiB/s    51.8 MiB/s
 twofish-cbc   128b   107.4 MiB/s   124.6 MiB/s
     aes-cbc   256b    88.1 MiB/s    96.9 MiB/s
 serpent-cbc   256b    49.3 MiB/s    51.9 MiB/s
 twofish-cbc   256b   107.4 MiB/s   124.5 MiB/s
     aes-xts   256b   122.6 MiB/s   122.5 MiB/s
 serpent-xts   256b    51.6 MiB/s    51.6 MiB/s
 twofish-xts   256b   109.1 MiB/s   108.5 MiB/s
     aes-xts   512b    96.0 MiB/s    96.1 MiB/s
 serpent-xts   512b    51.6 MiB/s    51.6 MiB/s
 twofish-xts   512b   108.5 MiB/s   107.9 MiB/s
 01:31:47 up 19 min, 10 users, load average: 0.60, 0.48, 0.33

Ouveture LUCKS via SSH

$ sudo apt-get install dropbear busybox-static
$ sudo nano /etc/initramfs-tools/initramfs.conf 
[...]
DEVICE=eth0
IP=192.168.0.191::192.168.0.254:255.255.255.0::eth0:off # IP différente pour éviter problèmes de fingerprint

/!\ Interface eth0 initialisée au boot ; plus possible d'utiliser udev pour renommer les interfaces.

$ sudo su -c "cat /home/geb/.ssh/authorized_keys >> /etc/initramfs-tools/root/.ssh/authorized_keys"
$ sudo update-initramfs -u
$ ssh root@192.168.0.190
echo -n $passphrase > /lib/cryptsetup/passfifo

/!\ /scripts/local-top/cryptroot (/usr/loca/initramfs-tools/scripts/local-top/cryptroot Cassé

  • sed s:blkid:/sbin/blkid
  • Même après ce changement. Ne poursuit pas le boot

/!\ pkill busybox; todo write script

/!\ IPv6 :(

Réseau

Bounding: les deux interfaces sont jointes

$ cat /etc/network/interfaces 
auto bound0
iface bound0 inet static
	address 192.168.0.190
	netmask 255.255.255.0
	gateway 192.168.0.254
	slaves eth0 eth1
	bound_mode active-backup
	mii_mode 100
	bound_downdelay 200
	bound_updelay 200
	post-up sysctl net.ipv6.conf.bound0.accept_dad = 0
iface bound0 inet6 auto
$ /sbin/ifconfig
bound0    Link encap:Ethernet  HWaddr 00:14:c2:54:25:d0  
          inet adr:192.168.0.190  Bcast:192.168.0.255  Masque:255.255.255.0
          adr inet6: 2a01:e35:2f58:f250:214:c2ff:fe54:25d0/64 Scope:Global
          adr inet6: fe80::214:c2ff:fe54:25d0/64 Scope:Lien
          UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1
          RX packets:1729 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1159 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:0 
          RX bytes:416463 (406.7 KiB)  TX bytes:168311 (164.3 KiB)

eth0      Link encap:Ethernet  HWaddr 00:14:c2:54:25:d0  
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:833 errors:0 dropped:0 overruns:0 frame:0
          TX packets:579 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:1000 
          RX bytes:207953 (203.0 KiB)  TX bytes:82181 (80.2 KiB)
          Interruption:19 

eth1      Link encap:Ethernet  HWaddr 00:14:c2:54:25:d0  
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:896 errors:0 dropped:0 overruns:0 frame:0
          TX packets:580 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:1000 
          RX bytes:208510 (203.6 KiB)  TX bytes:86130 (84.1 KiB)
          Interruption:16 

lo        Link encap:Boucle locale  
          inet adr:127.0.0.1  Masque:255.0.0.0
          adr inet6: ::1/128 Scope:Hôte
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:2 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:0 
          RX bytes:128 (128.0 B)  TX bytes:128 (128.0 B)

Packages installés

  • sudo
  • htop
  • mc
  • ntpdate
  • ntp
  • postfix
  • cpufrequtils # Réglages fréquence CPU
  • screen
  • lm-sensors # Sensors hard
  • ipmitools openipmi # IPMI
  • amd64-microcode # dernier microcode amd64 (non-free) TODO

Sensors

$ cat /etc/modules

# Generated by sensors-detect on Mon Jul 21 19:29:42 2014
# Chip drivers
smsc47m192
$ sudo sensors
k8temp-pci-00c3
Adapter: PCI adapter
Core0 Temp:   +27.0°C  

k8temp-pci-00cb
Adapter: PCI adapter
Core0 Temp:   +31.0°C  

smsc47m192-i2c-1-2d
Adapter: SMBus nForce2 adapter at 5040
in0:          +0.00 V  (min =  +0.00 V, max =  +3.32 V)  ALARM
Vcore:        +1.10 V  (min =  +0.00 V, max =  +2.99 V)
+3.3V:        +0.00 V  (min =  +2.97 V, max =  +3.63 V)  ALARM
+5V:          +0.00 V  (min =  +4.50 V, max =  +5.50 V)  ALARM
+12V:        +12.19 V  (min = +10.81 V, max = +13.19 V)
VCC:          +3.35 V  (min =  +2.97 V, max =  +3.63 V)
in6:          +1.47 V  (min =  +0.00 V, max =  +1.99 V)
in7:          +0.00 V  (min =  +0.00 V, max =  +2.39 V)  ALARM
SIO Temp:     +48.0°C  (low  = -128.0°C, high = +127.0°C)
temp2:          FAULT  (low  = -128.0°C, high = +127.0°C)  ALARM
temp3:          FAULT  (low  = -128.0°C, high = +127.0°C)  ALARM
cpu0_vid:    +1.550 V

IPMI

TODO

XEN

$ sudo apt-get install xen-linux-system-amd64
$ sudo mv /etc/grub.d/20_linux_xen /etc/grub.d/09_linux_xen # linux-xen avant linux dans grub donc par défaut
$ sudo update-grub