Materiel/DL145-1
Aller à la navigation
Aller à la recherche
Caractéristiques
In a NutShell
- Machine: HP DL 145 G2
- CPU: 2xAMD opteron 246 (Single Core 2Ghz)
- RAM: 4Go (8x512Mo)
- Disques: 2x250Go Sata 3.5"
- OS Debian wheezy amd64
- Admins: Geb
- Utilisation: Hôte Xen et services
- Host: dl145-1.lab.breizh-entropy.org
- IPv4: 192.168.0.190
- IPv6: 2a01:e35:2f58:f250:214:c2ff:fe54:25d1
- SSH: d6:3b:3e:1c:88:47:96:77:3e:62:ab:6b:65:df:ae:f5.
- Early Boot: dl145-1-early.lab.breizh-entropy.org
- IPv4: 192.168.0.191
- IPv6: 2a01:e35:2f58:f250:214:c2ff:fe54:25d0
- SSH: a0:29:a3:89:b6:07:2b:65:6f:cd:0c:0f:fa:98:ad:a6
- IPMI: 192.168.0.192 TODO
Partitionnement
Identique sur chaque disque:
- 100MB Raid1 /boot
- 4GB Chiffré aes-xts-256 Swap
- 246GB chiffré aes-xts-256 LVM
- host-rootfs: 2GB
- host-usr: 2GB
- host-var: 2GB
- host-home: 10GB
Grub
Bien installé sur les deux disques :
$ sudo grub-install /dev/sda $ sudo grub-install /dev/sdb
Performances du chiffrement:
(depuis une live wheezy ; avec le cryptsetup-bin de jessie)
root@debian:/home/user# uptime ; uname -a ; cryptsetup --version ; cryptsetup benchmark ; uptime
01:31:18 up 18 min, 10 users, load average: 0.43, 0.45, 0.32
Linux debian 3.2.0-4-amd64 #1 SMP Debian 3.2.57-3 x86_64 GNU/Linux
cryptsetup 1.6.4
# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1 190235 iterations per second
PBKDF2-sha256 112027 iterations per second
PBKDF2-sha512 72415 iterations per second
PBKDF2-ripemd160 158108 iterations per second
PBKDF2-whirlpool 61020 iterations per second
# Algorithm | Key | Encryption | Decryption
aes-cbc 128b 109.7 MiB/s 123.5 MiB/s
serpent-cbc 128b 49.3 MiB/s 51.8 MiB/s
twofish-cbc 128b 107.4 MiB/s 124.6 MiB/s
aes-cbc 256b 88.1 MiB/s 96.9 MiB/s
serpent-cbc 256b 49.3 MiB/s 51.9 MiB/s
twofish-cbc 256b 107.4 MiB/s 124.5 MiB/s
aes-xts 256b 122.6 MiB/s 122.5 MiB/s
serpent-xts 256b 51.6 MiB/s 51.6 MiB/s
twofish-xts 256b 109.1 MiB/s 108.5 MiB/s
aes-xts 512b 96.0 MiB/s 96.1 MiB/s
serpent-xts 512b 51.6 MiB/s 51.6 MiB/s
twofish-xts 512b 108.5 MiB/s 107.9 MiB/s
01:31:47 up 19 min, 10 users, load average: 0.60, 0.48, 0.33
Ouveture LUCKS via SSH
$ sudo apt-get install dropbear busybox-static
$ sudo nano /etc/initramfs-tools/initramfs.conf [...] DEVICE=eth1 # Interface differente => IPv6 différente IP=192.168.0.191::192.168.0.254:255.255.255.0::eth1:off # IP différente pour éviter problèmes de fingerprint
/!\ Interface eth0 initialisée au boot ; plus possible d'utiliser udev pour renommer les interfaces.
$ sudo su -c "cat /home/geb/.ssh/authorized_keys >> /etc/initramfs-tools/root/.ssh/authorized_keys"
$ sudo update-initramfs -u
$ ssh root@dl145-1-early.lab.breizh-entropy.org "echo -n $passphrase > /lib/cryptsetup/passfifo"
$ apt-get install -t wheezy-backports initramfs-tools # pkill dropbear ; ipv6
Réseau
Bounding: les deux interfaces sont jointes
$ cat /etc/network/interfaces auto bound0 iface bound0 inet static address 192.168.0.190 netmask 255.255.255.0 gateway 192.168.0.254 slaves eth0 eth1 bound_mode active-backup mii_mode 100 bound_downdelay 200 bound_updelay 200 post-up sysctl net.ipv6.conf.bound0.accept_dad = 0 iface bound0 inet6 auto
$ /sbin/ifconfig
bound0 Link encap:Ethernet HWaddr 00:14:c2:54:25:d1
inet adr:192.168.0.190 Bcast:192.168.0.255 Masque:255.255.255.0
adr inet6: 2a01:e35:2f58:f250:214:c2ff:fe54:25d0/64 Scope:Global
adr inet6: fe80::214:c2ff:fe54:25d1/64 Scope:Lien
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:1729 errors:0 dropped:0 overruns:0 frame:0
TX packets:1159 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:416463 (406.7 KiB) TX bytes:168311 (164.3 KiB)
eth0 Link encap:Ethernet HWaddr 00:14:c2:54:25:d1
UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1
RX packets:833 errors:0 dropped:0 overruns:0 frame:0
TX packets:579 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:1000
RX bytes:207953 (203.0 KiB) TX bytes:82181 (80.2 KiB)
Interruption:19
eth1 Link encap:Ethernet HWaddr 00:14:c2:54:25:d1
UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1
RX packets:896 errors:0 dropped:0 overruns:0 frame:0
TX packets:580 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:1000
RX bytes:208510 (203.6 KiB) TX bytes:86130 (84.1 KiB)
Interruption:16
lo Link encap:Boucle locale
inet adr:127.0.0.1 Masque:255.0.0.0
adr inet6: ::1/128 Scope:Hôte
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:128 (128.0 B) TX bytes:128 (128.0 B)
Packages installés
- sudo
- htop
- mc
- ntpdate
- ntp
- postfix
- cpufrequtils # Réglages fréquence CPU
- screen
- lm-sensors # Sensors hard
- ipmitools openipmi # IPMI
- amd64-microcode # dernier microcode amd64 (non-free)
- ethtool # TODO
Sensors
$ cat /etc/modules
# Generated by sensors-detect on Mon Jul 21 19:29:42 2014 # Chip drivers smsc47m192
$ sudo sensors k8temp-pci-00c3 Adapter: PCI adapter Core0 Temp: +27.0°C k8temp-pci-00cb Adapter: PCI adapter Core0 Temp: +31.0°C smsc47m192-i2c-1-2d Adapter: SMBus nForce2 adapter at 5040 in0: +0.00 V (min = +0.00 V, max = +3.32 V) ALARM Vcore: +1.10 V (min = +0.00 V, max = +2.99 V) +3.3V: +0.00 V (min = +2.97 V, max = +3.63 V) ALARM +5V: +0.00 V (min = +4.50 V, max = +5.50 V) ALARM +12V: +12.19 V (min = +10.81 V, max = +13.19 V) VCC: +3.35 V (min = +2.97 V, max = +3.63 V) in6: +1.47 V (min = +0.00 V, max = +1.99 V) in7: +0.00 V (min = +0.00 V, max = +2.39 V) ALARM SIO Temp: +48.0°C (low = -128.0°C, high = +127.0°C) temp2: FAULT (low = -128.0°C, high = +127.0°C) ALARM temp3: FAULT (low = -128.0°C, high = +127.0°C) ALARM cpu0_vid: +1.550 V
IPMI
$ sudo apt-get install openipmi $ sudo modprobe ipmi_si $ sudo modprobe ipmi_devintf $ sudo nano /etc/modules ipmi_devintf ipmi_si $ sudo /etc/init.d/ipmievd restart
$ sudo ipmitool chassis status System Power : on Power Overload : false Power Interlock : inactive Main Power Fault : false Power Control Fault : false Power Restore Policy : previous Last Power Event : Chassis Intrusion : inactive Front-Panel Lockout : inactive Drive Fault : false Cooling/Fan Fault : false $sudo ipmitool sdr ACPI STATE | 0x01 | ok CPU0 Pres | 0x02 | ok CPU1 Pres | 0x02 | ok CPU0 TEMP | 26 degrees C | ok CPU1 TEMP | 24 degrees C | ok SYS TEMP | 30 degrees C | ok CPU FAN1 | 6000 RPM | ok CPU FAN2 | 6000 RPM | ok CPU FAN3 | 6000 RPM | ok CPU FAN4 | 6000 RPM | ok CPU FAN5 | 6200 RPM | ok CPU FAN6 | 6000 RPM | ok CPU FAN7 | 6200 RPM | ok CPU FAN8 | 5800 RPM | ok CPU FAN9 | 6000 RPM | ok CPU FAN10 | 5800 RPM | ok SYS FAN1 | 6000 RPM | ok SYS FAN2 | 5600 RPM | ok CPU0 VCOREA | 1.10 Volts | ok CPU1 VCOREA | 1.10 Volts | ok VCC12V | 12.22 Volts | ok VBAT | 2.26 Volts | cr VCC3V3 | 3.20 Volts | ok VCC5V | 5.04 Volts | ok VCC3V3 DUAL | 3.37 Volts | ok Watchdog | Not Readable | ns POST ERROR | Not Readable | ns MEMORY ECC | Not Readable | ns PCI ERROR | Not Readable | ns
$ sudo ipmitool lan set 2 ipaddr 162.168.0.192
Setting LAN IP Address to 162.168.0.192
$ sudo ipmitool lan set 2 netmask 255.255.255.0
Setting LAN Subnet Mask to 255.255.255.0
$ sudo ipmitool lan set 2 defgw ipaddr 192.168.0.254
Setting LAN Default Gateway IP to 192.168.0.254
$ sudp ipmitool user list ID Name Callin Link Auth IPMI Msg Channel Priv Limit 1 false true true Unknown (0x00) 2 Operator false true true Unknown (0x00) 3 admin false true true Unknown (0x00) 4 sensor false true true Unknown (0x00) $ sudo ipmitool user set name 2 geb $ sudo ipmitool user set password 2 '$hehe' $ sudo ipmitool lan set 1 access on
XEN
$ sudo apt-get install xen-linux-system-amd64 $ sudo mv /etc/grub.d/20_linux_xen /etc/grub.d/09_linux_xen # linux-xen avant linux dans grub donc par défaut $ sudo update-grub
Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694012
$ sudo nano /etc/default/grub GRUB_CMDLINE_XEN="cpufreq=dom0-kernel" # Allow CPU Freq to run
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=858724
$ sudo nano /etc/default/grub GRUB_CMDLINE_XEN="cpufreq=dom0-kernel allow_unsafe" # Allow CPU Freq to run , run on opteron 246 $ sudo update-grub
Bridge
$ sudo nano /etc/network/interfaces auto bond0 iface bond0 inet static address 0.0.0.0 slaves eth0 eth1 bound_mode active-backup mii_mode 100 bound_downdelay 200 bound_updelay 200 pre-up ifconfig eth0 0.0.0.0; pre-up ifconfig eth1 0.0.0.0; post-up sysctl net.ipv6.conf.bond0.accept_dad=0 #iface bond0 inet6 auto auto br0 iface br0 inet static address 192.168.0.190 netmask 255.255.255.0 gateway 192.168.0.254 bridge_ports bond0 bridge_stp off bridge_maxwait 0 bridge_maxage 0 bridge_ageing 0 bridge_fd 0 post-up sysctl net.ipv6.conf.br0.accept_dad=0 iface br0 inet6 auto
Xen-tools
$ sudo nano /etc/xen-tools/xen-tools.conf
lvm = stockage size = 4Gb # Disk image size. memory = 1Gb # Memory size swap = 1Gb # Swap size fs = ext4 # use the EXT3 filesystem for the disk image. dist = wheezy image = full gateway = 192.168.0.254 netmask = 255.255.255.0 broadcast = 192.168.1.255 nameserver = 192.168.1.1 arch = amd64 mirror = http://ftp.fr.debian.org/debian/ ext4_options = noatime,nodiratime,errors=remount-ro
Utilisation
$ sudo xen-create-image --hostname=test ip=192.168.0.200 --pygrub #Ne pas oublier pygrub , sinon pb initramfs ! $ sudo xm start $x $ sudo xm stop $x $ sudo xm destroy $x $ sudo xm create /etc/xen/$x.conf
Various
$ sudo nano /etc/sysctl.conf kernel.panic=30
VMs
- noc.lab.breizh-entropy.org: Ram 512Mo ; Disques 10Go (2Go / ; 2Go /var ; 2Go /usr ; Swap 4Go)
- services.lab.breizh-entropy.org: Ram 512Mo ; Disques 110Go (2Go / ; 2Go /var ; 2Go /usr ; 4Go Swap; 100Go /data)