Materiel/DL145-1
Aller à la navigation
Aller à la recherche
Caractéristiques
In a NutShell
- Machine: HP DL 145 G2
- CPU: 2xAMD opteron 246 (Single Core 2Ghz)
- RAM: 4Go (8x512Mo)
- Disques: 2x250Go Sata 3.5"
- OS Debian wheezy amd64
- Admins: Geb
- Utilisation: Hôte Xen et services
- Host: dl145-1.lab.breizh-entropy.org
- IPv4: 192.168.0.190
- IPv6: 2a01:e35:2f58:f250:214:c2ff:fe54:25d1
- SSH: d6:3b:3e:1c:88:47:96:77:3e:62:ab:6b:65:df:ae:f5.
- Early Boot: dl145-1-early.lab.breizh-entropy.org
- IPv4: 192.168.0.191
- IPv6: 2a01:e35:2f58:f250:214:c2ff:fe54:25d0
- SSH: a0:29:a3:89:b6:07:2b:65:6f:cd:0c:0f:fa:98:ad:a6
- IPMI: 192.168.0.192 TODO
Partitionnement
Identique sur chaque disque:
- 100MB Raid1 /boot
- 4GB Chiffré aes-xts-256 Swap
- 246GB chiffré aes-xts-256 LVM
- host-rootfs: 2GB
- host-usr: 2GB
- host-var: 2GB
- host-home: 10GB
Grub
Bien installé sur les deux disques :
$ sudo grub-install /dev/sda $ sudo grub-install /dev/sdb
Performances du chiffrement:
(depuis une live wheezy ; avec le cryptsetup-bin de jessie) root@debian:/home/user# uptime ; uname -a ; cryptsetup --version ; cryptsetup benchmark ; uptime 01:31:18 up 18 min, 10 users, load average: 0.43, 0.45, 0.32 Linux debian 3.2.0-4-amd64 #1 SMP Debian 3.2.57-3 x86_64 GNU/Linux cryptsetup 1.6.4 # Tests are approximate using memory only (no storage IO). PBKDF2-sha1 190235 iterations per second PBKDF2-sha256 112027 iterations per second PBKDF2-sha512 72415 iterations per second PBKDF2-ripemd160 158108 iterations per second PBKDF2-whirlpool 61020 iterations per second # Algorithm | Key | Encryption | Decryption aes-cbc 128b 109.7 MiB/s 123.5 MiB/s serpent-cbc 128b 49.3 MiB/s 51.8 MiB/s twofish-cbc 128b 107.4 MiB/s 124.6 MiB/s aes-cbc 256b 88.1 MiB/s 96.9 MiB/s serpent-cbc 256b 49.3 MiB/s 51.9 MiB/s twofish-cbc 256b 107.4 MiB/s 124.5 MiB/s aes-xts 256b 122.6 MiB/s 122.5 MiB/s serpent-xts 256b 51.6 MiB/s 51.6 MiB/s twofish-xts 256b 109.1 MiB/s 108.5 MiB/s aes-xts 512b 96.0 MiB/s 96.1 MiB/s serpent-xts 512b 51.6 MiB/s 51.6 MiB/s twofish-xts 512b 108.5 MiB/s 107.9 MiB/s 01:31:47 up 19 min, 10 users, load average: 0.60, 0.48, 0.33
Ouveture LUCKS via SSH
$ sudo apt-get install dropbear busybox-static
$ sudo nano /etc/initramfs-tools/initramfs.conf [...] DEVICE=eth1 # Interface differente => IPv6 différente IP=192.168.0.191::192.168.0.254:255.255.255.0::eth1:off # IP différente pour éviter problèmes de fingerprint
/!\ Interface eth0 initialisée au boot ; plus possible d'utiliser udev pour renommer les interfaces.
$ sudo su -c "cat /home/geb/.ssh/authorized_keys >> /etc/initramfs-tools/root/.ssh/authorized_keys"
$ sudo update-initramfs -u
$ ssh root@192.168.0.190 echo -n $passphrase > /lib/cryptsetup/passfifo
$ apt-get install -t wheezy-backports initramfs-tools # pkill dropbear ; ipv6
Réseau
Bounding: les deux interfaces sont jointes
$ cat /etc/network/interfaces auto bound0 iface bound0 inet static address 192.168.0.190 netmask 255.255.255.0 gateway 192.168.0.254 slaves eth0 eth1 bound_mode active-backup mii_mode 100 bound_downdelay 200 bound_updelay 200 post-up sysctl net.ipv6.conf.bound0.accept_dad = 0 iface bound0 inet6 auto
$ /sbin/ifconfig bound0 Link encap:Ethernet HWaddr 00:14:c2:54:25:d1 inet adr:192.168.0.190 Bcast:192.168.0.255 Masque:255.255.255.0 adr inet6: 2a01:e35:2f58:f250:214:c2ff:fe54:25d0/64 Scope:Global adr inet6: fe80::214:c2ff:fe54:25d1/64 Scope:Lien UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1 RX packets:1729 errors:0 dropped:0 overruns:0 frame:0 TX packets:1159 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:0 RX bytes:416463 (406.7 KiB) TX bytes:168311 (164.3 KiB) eth0 Link encap:Ethernet HWaddr 00:14:c2:54:25:d1 UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1 RX packets:833 errors:0 dropped:0 overruns:0 frame:0 TX packets:579 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:1000 RX bytes:207953 (203.0 KiB) TX bytes:82181 (80.2 KiB) Interruption:19 eth1 Link encap:Ethernet HWaddr 00:14:c2:54:25:d1 UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1 RX packets:896 errors:0 dropped:0 overruns:0 frame:0 TX packets:580 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:1000 RX bytes:208510 (203.6 KiB) TX bytes:86130 (84.1 KiB) Interruption:16 lo Link encap:Boucle locale inet adr:127.0.0.1 Masque:255.0.0.0 adr inet6: ::1/128 Scope:Hôte UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:2 errors:0 dropped:0 overruns:0 frame:0 TX packets:2 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:0 RX bytes:128 (128.0 B) TX bytes:128 (128.0 B)
Packages installés
- sudo
- htop
- mc
- ntpdate
- ntp
- postfix
- cpufrequtils # Réglages fréquence CPU
- screen
- lm-sensors # Sensors hard
- ipmitools openipmi # IPMI
- amd64-microcode # dernier microcode amd64 (non-free)
Sensors
$ cat /etc/modules
# Generated by sensors-detect on Mon Jul 21 19:29:42 2014 # Chip drivers smsc47m192
$ sudo sensors k8temp-pci-00c3 Adapter: PCI adapter Core0 Temp: +27.0°C k8temp-pci-00cb Adapter: PCI adapter Core0 Temp: +31.0°C smsc47m192-i2c-1-2d Adapter: SMBus nForce2 adapter at 5040 in0: +0.00 V (min = +0.00 V, max = +3.32 V) ALARM Vcore: +1.10 V (min = +0.00 V, max = +2.99 V) +3.3V: +0.00 V (min = +2.97 V, max = +3.63 V) ALARM +5V: +0.00 V (min = +4.50 V, max = +5.50 V) ALARM +12V: +12.19 V (min = +10.81 V, max = +13.19 V) VCC: +3.35 V (min = +2.97 V, max = +3.63 V) in6: +1.47 V (min = +0.00 V, max = +1.99 V) in7: +0.00 V (min = +0.00 V, max = +2.39 V) ALARM SIO Temp: +48.0°C (low = -128.0°C, high = +127.0°C) temp2: FAULT (low = -128.0°C, high = +127.0°C) ALARM temp3: FAULT (low = -128.0°C, high = +127.0°C) ALARM cpu0_vid: +1.550 V
IPMI
TODO
XEN
$ sudo apt-get install xen-linux-system-amd64 $ sudo mv /etc/grub.d/20_linux_xen /etc/grub.d/09_linux_xen # linux-xen avant linux dans grub donc par défaut $ sudo update-grub
Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694012
$ sudo apt-get install xen-linux-system-amd64 -t wheezy-backports
=> OK
Various
$ sudo nano /etc/sysctl.conf kernel.panic=30