Materiel/DL145-1

De Breizh-Entropy
Aller à la navigation Aller à la recherche

Caractéristiques

In a NutShell

  • Machine: HP DL 145 G2
  • CPU: 2xAMD opteron 246 (Single Core 2Ghz)
  • RAM: 4Go (8x512Mo)
  • Disques: 2x250Go Sata 3.5"
  • OS Debian wheezy amd64
  • Admins: Geb
  • Utilisation: Hôte Xen et services
  • Host: dl145-1.lab.breizh-entropy.org
    • IPv4: 192.168.0.190
    • IPv6: 2a01:e35:2f58:f250:214:c2ff:fe54:25d1
    • SSH: d6:3b:3e:1c:88:47:96:77:3e:62:ab:6b:65:df:ae:f5.
  • Early Boot: dl145-1-early.lab.breizh-entropy.org
    • IPv4: 192.168.0.191
    • IPv6: 2a01:e35:2f58:f250:214:c2ff:fe54:25d0
    • SSH: a0:29:a3:89:b6:07:2b:65:6f:cd:0c:0f:fa:98:ad:a6
  • IPMI: 192.168.0.192 TODO

Partitionnement

Identique sur chaque disque:

  • 100MB Raid1 /boot
  • 4GB Chiffré aes-xts-256 Swap
  • 246GB chiffré aes-xts-256 LVM
    • host-rootfs: 2GB
    • host-usr: 2GB
    • host-var: 2GB
    • host-home: 10GB

Grub

Bien installé sur les deux disques :

$ sudo grub-install /dev/sda
$ sudo grub-install /dev/sdb

Performances du chiffrement:

(depuis une live wheezy ; avec le cryptsetup-bin de jessie)
root@debian:/home/user# uptime ; uname -a ; cryptsetup --version ; cryptsetup benchmark ; uptime
 01:31:18 up 18 min, 10 users, load average: 0.43, 0.45, 0.32
Linux debian 3.2.0-4-amd64 #1 SMP Debian 3.2.57-3 x86_64 GNU/Linux
cryptsetup 1.6.4
# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1       190235 iterations per second
PBKDF2-sha256     112027 iterations per second
PBKDF2-sha512      72415 iterations per second
PBKDF2-ripemd160  158108 iterations per second
PBKDF2-whirlpool   61020 iterations per second
#  Algorithm | Key |  Encryption |  Decryption
     aes-cbc   128b   109.7 MiB/s   123.5 MiB/s
 serpent-cbc   128b    49.3 MiB/s    51.8 MiB/s
 twofish-cbc   128b   107.4 MiB/s   124.6 MiB/s
     aes-cbc   256b    88.1 MiB/s    96.9 MiB/s
 serpent-cbc   256b    49.3 MiB/s    51.9 MiB/s
 twofish-cbc   256b   107.4 MiB/s   124.5 MiB/s
     aes-xts   256b   122.6 MiB/s   122.5 MiB/s
 serpent-xts   256b    51.6 MiB/s    51.6 MiB/s
 twofish-xts   256b   109.1 MiB/s   108.5 MiB/s
     aes-xts   512b    96.0 MiB/s    96.1 MiB/s
 serpent-xts   512b    51.6 MiB/s    51.6 MiB/s
 twofish-xts   512b   108.5 MiB/s   107.9 MiB/s
 01:31:47 up 19 min, 10 users, load average: 0.60, 0.48, 0.33

Ouveture LUCKS via SSH

$ sudo apt-get install dropbear busybox-static
$ sudo nano /etc/initramfs-tools/initramfs.conf 
[...]
DEVICE=eth1 # Interface differente => IPv6 différente
IP=192.168.0.191::192.168.0.254:255.255.255.0::eth1:off # IP différente pour éviter problèmes de fingerprint

/!\ Interface eth0 initialisée au boot ; plus possible d'utiliser udev pour renommer les interfaces.

$ sudo su -c "cat /home/geb/.ssh/authorized_keys >> /etc/initramfs-tools/root/.ssh/authorized_keys"
$ sudo update-initramfs -u
$ ssh root@dl145-1-early.lab.breizh-entropy.org "echo -n $passphrase > /lib/cryptsetup/passfifo"
$ apt-get install -t wheezy-backports initramfs-tools # pkill dropbear ; ipv6

Réseau

Bounding: les deux interfaces sont jointes

$ cat /etc/network/interfaces 
auto bound0
iface bound0 inet static
	address 192.168.0.190
	netmask 255.255.255.0
	gateway 192.168.0.254
	slaves eth0 eth1
	bound_mode active-backup
	mii_mode 100
	bound_downdelay 200
	bound_updelay 200
	post-up sysctl net.ipv6.conf.bound0.accept_dad = 0
iface bound0 inet6 auto
$ /sbin/ifconfig
bound0    Link encap:Ethernet  HWaddr 00:14:c2:54:25:d1  
          inet adr:192.168.0.190  Bcast:192.168.0.255  Masque:255.255.255.0
          adr inet6: 2a01:e35:2f58:f250:214:c2ff:fe54:25d0/64 Scope:Global
          adr inet6: fe80::214:c2ff:fe54:25d1/64 Scope:Lien
          UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1
          RX packets:1729 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1159 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:0 
          RX bytes:416463 (406.7 KiB)  TX bytes:168311 (164.3 KiB)

eth0      Link encap:Ethernet  HWaddr 00:14:c2:54:25:d1  
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:833 errors:0 dropped:0 overruns:0 frame:0
          TX packets:579 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:1000 
          RX bytes:207953 (203.0 KiB)  TX bytes:82181 (80.2 KiB)
          Interruption:19 

eth1      Link encap:Ethernet  HWaddr 00:14:c2:54:25:d1  
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:896 errors:0 dropped:0 overruns:0 frame:0
          TX packets:580 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:1000 
          RX bytes:208510 (203.6 KiB)  TX bytes:86130 (84.1 KiB)
          Interruption:16 

lo        Link encap:Boucle locale  
          inet adr:127.0.0.1  Masque:255.0.0.0
          adr inet6: ::1/128 Scope:Hôte
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:2 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:0 
          RX bytes:128 (128.0 B)  TX bytes:128 (128.0 B)

Packages installés

  • sudo
  • htop
  • mc
  • ntpdate
  • ntp
  • postfix
  • cpufrequtils # Réglages fréquence CPU
  • screen
  • lm-sensors # Sensors hard
  • ipmitools openipmi # IPMI
  • amd64-microcode # dernier microcode amd64 (non-free)
  • ethtool # TODO

Sensors

$ cat /etc/modules

# Generated by sensors-detect on Mon Jul 21 19:29:42 2014
# Chip drivers
smsc47m192
$ sudo sensors
k8temp-pci-00c3
Adapter: PCI adapter
Core0 Temp:   +27.0°C  

k8temp-pci-00cb
Adapter: PCI adapter
Core0 Temp:   +31.0°C  

smsc47m192-i2c-1-2d
Adapter: SMBus nForce2 adapter at 5040
in0:          +0.00 V  (min =  +0.00 V, max =  +3.32 V)  ALARM
Vcore:        +1.10 V  (min =  +0.00 V, max =  +2.99 V)
+3.3V:        +0.00 V  (min =  +2.97 V, max =  +3.63 V)  ALARM
+5V:          +0.00 V  (min =  +4.50 V, max =  +5.50 V)  ALARM
+12V:        +12.19 V  (min = +10.81 V, max = +13.19 V)
VCC:          +3.35 V  (min =  +2.97 V, max =  +3.63 V)
in6:          +1.47 V  (min =  +0.00 V, max =  +1.99 V)
in7:          +0.00 V  (min =  +0.00 V, max =  +2.39 V)  ALARM
SIO Temp:     +48.0°C  (low  = -128.0°C, high = +127.0°C)
temp2:          FAULT  (low  = -128.0°C, high = +127.0°C)  ALARM
temp3:          FAULT  (low  = -128.0°C, high = +127.0°C)  ALARM
cpu0_vid:    +1.550 V

IPMI

$ sudo apt-get install openipmi
$ sudo modprobe ipmi_si
$ sudo modprobe ipmi_devintf
$ sudo nano /etc/modules
ipmi_devintf
ipmi_si
$ sudo /etc/init.d/ipmievd restart
$ sudo  ipmitool chassis status
System Power         : on
Power Overload       : false
Power Interlock      : inactive
Main Power Fault     : false
Power Control Fault  : false
Power Restore Policy : previous
Last Power Event     : 
Chassis Intrusion    : inactive
Front-Panel Lockout  : inactive
Drive Fault          : false
Cooling/Fan Fault    : false

$sudo ipmitool sdr
ACPI STATE       | 0x01              | ok
CPU0 Pres        | 0x02              | ok
CPU1 Pres        | 0x02              | ok
CPU0 TEMP        | 26 degrees C      | ok
CPU1 TEMP        | 24 degrees C      | ok
SYS TEMP         | 30 degrees C      | ok
CPU FAN1         | 6000 RPM          | ok
CPU FAN2         | 6000 RPM          | ok
CPU FAN3         | 6000 RPM          | ok
CPU FAN4         | 6000 RPM          | ok
CPU FAN5         | 6200 RPM          | ok
CPU FAN6         | 6000 RPM          | ok
CPU FAN7         | 6200 RPM          | ok
CPU FAN8         | 5800 RPM          | ok
CPU FAN9         | 6000 RPM          | ok
CPU FAN10        | 5800 RPM          | ok
SYS FAN1         | 6000 RPM          | ok
SYS FAN2         | 5600 RPM          | ok
CPU0 VCOREA      | 1.10 Volts        | ok
CPU1 VCOREA      | 1.10 Volts        | ok
VCC12V           | 12.22 Volts       | ok
VBAT             | 2.26 Volts        | cr
VCC3V3           | 3.20 Volts        | ok
VCC5V            | 5.04 Volts        | ok
VCC3V3  DUAL     | 3.37 Volts        | ok
Watchdog         | Not Readable      | ns
POST ERROR       | Not Readable      | ns
MEMORY ECC       | Not Readable      | ns
PCI ERROR        | Not Readable      | ns
$ sudo ipmitool lan set 2 ipaddr 162.168.0.192

Setting LAN IP Address to 162.168.0.192

$ sudo  ipmitool lan set 2 netmask 255.255.255.0

Setting LAN Subnet Mask to 255.255.255.0

$ sudo ipmitool lan set 2 defgw ipaddr 192.168.0.254

Setting LAN Default Gateway IP to 192.168.0.254

$ sudp ipmitool user list
ID  Name	     Callin  Link Auth	IPMI Msg   Channel Priv Limit
1                    false   true       true       Unknown (0x00)
2   Operator         false   true       true       Unknown (0x00)
3   admin            false   true       true       Unknown (0x00)
4   sensor           false   true       true       Unknown (0x00)
$ sudo ipmitool user set name 2 geb
$ sudo ipmitool user set password 2 '$hehe'
$ sudo ipmitool lan set 1 access on

XEN

$ sudo apt-get install xen-linux-system-amd64
$ sudo mv /etc/grub.d/20_linux_xen /etc/grub.d/09_linux_xen # linux-xen avant linux dans grub donc par défaut
$ sudo update-grub

Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694012

$ sudo nano /etc/default/grub
GRUB_CMDLINE_XEN="cpufreq=dom0-kernel" # Allow CPU Freq to run

Bug: https://bugzilla.redhat.com/show_bug.cgi?id=858724

$ sudo nano /etc/default/grub
GRUB_CMDLINE_XEN="cpufreq=dom0-kernel allow_unsafe" # Allow CPU Freq to run , run on opteron 246
$ sudo update-grub

Bridge

$ sudo nano /etc/network/interfaces
auto bond0
iface bond0 inet static
	address 0.0.0.0

	slaves eth0 eth1
	bound_mode active-backup
	mii_mode 100
	bound_downdelay 200
	bound_updelay 200
	pre-up ifconfig eth0 0.0.0.0;
	pre-up ifconfig eth1 0.0.0.0;
	post-up sysctl net.ipv6.conf.bond0.accept_dad=0
#iface bond0 inet6 auto

auto br0
iface br0 inet static
	address 192.168.0.190
	netmask 255.255.255.0
	gateway 192.168.0.254

	bridge_ports bond0
	bridge_stp off
	bridge_maxwait 0
	bridge_maxage 0
	bridge_ageing 0
	bridge_fd 0

	post-up sysctl net.ipv6.conf.br0.accept_dad=0
iface br0 inet6 auto

Xen-tools

$ sudo nano /etc/xen-tools/xen-tools.conf
lvm = stockage

size   = 4Gb      # Disk image size.
memory = 1Gb    # Memory size
swap   = 1Gb    # Swap size
fs     = ext4     # use the EXT3 filesystem for the disk image.
dist   = wheezy
image  = full

gateway = 192.168.0.254
netmask = 255.255.255.0
broadcast = 192.168.1.255
nameserver = 192.168.1.1

arch = amd64
mirror = http://ftp.fr.debian.org/debian/

ext4_options      = noatime,nodiratime,errors=remount-ro

Utilisation

$ sudo xen-create-image --hostname=test ip=192.168.0.200 --pygrub #Ne pas oublier pygrub , sinon pb initramfs !
$ sudo xm start $x
$ sudo xm stop $x
$ sudo xm destroy $x
$ sudo xm create /etc/xen/$x.conf

Various

$ sudo nano /etc/sysctl.conf
kernel.panic=30

VMs