2014-06-17\\ \\ zuerst "Debian OS-Basis-Installation auf Blech" durchfuehren!!! zusaetzlich "auf dem Blech": ============================ ### Proxy der UKBW fuer die Installations-Shellsitzung setzen: export http_proxy="http://proxy01.ukbw.de:3128/" ### LiHAS GPG-Key importieren: wget -O - http://ftp.lihas.de/lihas-kernel/apt-key-lihas.gpg | apt-key add - ### ggf. VirtualBox-GPG-Key importieren: wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | apt-key add - ### Ueberpruefgung, ob Key-Import erfolgreich war: apt-key list cat << EOF > /etc/apt/sources.list.d/lihas-kernel.list # LiHAS: # Run this command: sudo wget -O - http://ftp.lihas.de/debian/apt-key-lihas.gpg | sudo apt-key add - deb http://ftp.lihas.de/lihas-kernel/ stable main EOF # ggf. VirtualBox-Debian-Paketliste einrichten: cat << EOF > /etc/apt/sources.list.d/virtualbox.list #### VirtualBox - http://www.virtualbox.org ## Run this command: wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add - deb http://download.virtualbox.org/virtualbox/debian squeeze contrib non-free EOF ### Nagios Hardware-Checks ### cat << EOF >> /etc/nagios/nrpe_local_ukbw.cfg # LM-Sensors: command[check_lm_sensors]=/usr/bin/sudo /usr/lib/nagios/plugins/check_lm_sensors --sanitize --high $ARG1$=$ARG2$,$ARG3$ # S.M.A.R.T. via nrpe: command[check_nrpe_smart]=/usr/bin/sudo /usr/lib/nagios/plugins/check_ide_smart -n --device=$ARG1$ EOF ### APT (Aptitude) konfigurieren: # "auf dem Blech" mit HW-RAID-Controllern: cat << EOF > /etc/apt/sources.list.d/hwraid.list # http://hwraid.le-vert.net/wiki/DebianPackages deb http://hwraid.le-vert.net/debian squeeze main deb http://hwraid.le-vert.net/debian wheezy main EOF ### hwraid.le-vert.net GPG-Key importieren: wget -O - http://hwraid.le-vert.net/debian/hwraid.le-vert.net.gpg.key | apt-key add - ### wichtige Pakete installieren: aptitude -y -R install lvm2 modconf pciutils ethtool smartmontools tcpdump ntp ### fusion-Inventory ### aptitude -y -R install fusioninventory-agent cat << EOF > /etc/fusioninventory/agent.cfg # OCS Inventory server server=http://support.intra.uk-bw.de/ocsinventory # Tag tag=linux-server # Store inventory in a local directory #local=/tmp EOF ### aktuellen LiHAS-Kernel mit linux VServer-Unterstuetzung und Optimierungen fuer KVM / LXC: aptitude search linux-image # aptitude -y -R install linux-image-X.Y.ZZ-vsA.B.C.D+lihasD # z.B. linux-image-3.4.34-vs2.3.3.9+lihas1 aptitude -y -R install linux-image-3.10-vserver-amd64 ### GRUB-Bootloader: # evtl.: aptitude -y -R install grub-legacy grub-splashimages # oder grub2 mit normalem PC-Bios: aptitude -y -R install grub-pc grub-common grub2-splashimages # oder ggf. bei EFI-Bios: aptitude -y -R install grub-efi-amd64 grub2-splashimages #ACHTUNG: Aenderungen in /etc/default/grub bzw. /etc/grub.d/* #und IMMER mit dem Kommande update-grub Aenderungen aktivieren! # bei Verwendung von grub1: in /boot/grub/menu.lst oben einfuegen: serial --unit=1 --speed=57600 --word=8 --parity=no --stop terminal --timeout=5 serial console kopt erweitern um 'console=tty0 console=ttyS1,57600n8r', z.B. # kopt=root=UUID=a2eb9fcf-d733-4a54-a924-bbf755e1fddd ro console=tty0 console=ttyS1,57600n8r update-grub # bei Verwendung von grub2: in /etc/default/grub aendern: GRUB_CMDLINE_LINUX="" -> GRUB_CMDLINE_LINUX="console=tty0 console=ttyS1,57600n8r" GRUB_TERMINAL="serial console" GRUB_SERIAL_COMMAND="serial --unit=0 --speed=57600" anschliessend: update-grub2 ### Netzwerk-Konfiguration: # allow-hotplug Netzwerkdevices durch Auto ersetzen: (funktioniert nicht!) cp /etc/network/interfaces /etc/network/interfaces.org /etc/network/interfaces # The loopback network interface auto lo iface lo inet loopback # The primary network interface #auto eth0 #allow-hotplug eth0 #iface eth0 inet static #address 172.16.1.24 <-- IP gemaess Netzwerk-Liste #netmask 255.255.255.0 #broadcast 172.16.1.255 #gateway 172.16.1.254 #dns-nameservers 172.16.1.51 #dns-search ukbw.de uk-bw.de #dns-domain intra.ukbw.de #KVM/LXC auto br0 iface br0 inet static bridge_ports eth0 bridge_maxwait 0 # wegen Bug mit KVM: # bridge_stp off bridge_stp on bridge_fd 0 pre-up ifconfig eth0 up || true post-up ntpd -g -q || /bin/true address 172.16.1.24 <-- IP gemaess Netzwerk-Liste netmask 255.255.255.0 broadcast 172.16.1.255 gateway 172.16.1.254 dns-nameservers 172.16.1.51 dns-search ukbw.de uk-bw.de dns-domain intra.ukbw.de #DRBD/Heartbeat/Corosync auto eth1 allow-hotplug eth1 iface eth1 inet static address 192.168.5.54 <-- IP gemaess Netzwerk-Liste netmask 255.255.255.252 ### IPMI-Karten: # IPMI v2.0 kann serielle Konsole, das muss im Linuxkernel, GRUB, evtl. # auch BIOS aktiviert werden: # AOC-LPIPMI-LANG: Console Redirection (text only) through both LAN and Serial Ports # AOC-IPMI20-E: Console Redirection (text only) through LAN (SOL - Serial Over LAN), Shares LAN controller with main board and uses out- # of-band bandwidth. # AOC-SIM1U+: IPMI with KVM Over LAN, Serial Over LAN (SOL), Support RMCP & RMCP + Protocols # Intel RMM3: IPMI with KVM Over LAN # http://www.ecst.csuchico.edu/~dranch/LINUX/IPMI/ipmi-on-linux.html / # http://wiki.adamsweet.org/doku.php?id=ipmi_on_linux # http://www.thomas-krenn.com/de/wiki/IPMI_Konfiguration_unter_Linux_mittels_ipmitool: aptitude -y -R install ipmitool # oder FreeIPMI: # http://www.thomas-krenn.com/de/wiki/FreeIPMI aptitude -y -R install freeipmi cat << EOF >> /etc/modules ipmi_devintf ipmi_si ipmi_poweroff ipmi_watchdog EOF modprobe -v ipmi_devintf modprobe -v ipmi_si modprobe -v ipmi_poweroff modprobe -v ipmi_watchdog #ipmitool sol set non-volatile-bit-rate 57.6 #ipmitool sol set volatile-bit-rate 57.6 #ipmitool sol set force-encryption false #ipmitool sol set enabled true #ipmitool sol payload enable # Alternative ipmitool Kommandos: # Setup SOL dependencies # Serial channel access disable #ipmitool raw 06 0x40 04 0x40 0x44 #ipmitool raw 06 0x40 04 0x80 0x84 # Check serial channel disabled. should both return 00 04 #ipmitool raw 06 0x41 04 0x40 #ipmitool raw 06 0x41 04 0x80 # SOL payload activate #ipmitool raw 06 0x4c 01 01 02 00 00 00 # Check SOL payload is activated, should return 02 00 00 00 #ipmitool raw 06 0x4d 01 01 # SOL configuration settings #ipmitool -I lan -H -P sol set set-in-progress set-complete 1 #ipmitool sol set enabled true 1 #ipmitool sol set force-encryption false 1 #ipmitool sol set force-authentication false 1 #ipmitool sol set privilege-level admin 1 #ipmitool sol set character-accumulate-level 6 1 #ipmitool sol set character-send-threshold 0x14 1 #ipmitool sol set retry-count 6 1 #ipmitool sol set retry-interval 20 1 #ipmitool sol set non-volatile-bit-rate 57.6 1 #ipmitool sol set volatile-bit-rate 57.6 1 # inittab anpassen: cp -p /etc/inittab /etc/inittab.org cat << EOF >> /etc/inittab # Serial-connection fuer IPMI: s0:2345:respawn:/sbin/getty 57600 ttyS0 vt100-nav s1:2345:respawn:/sbin/getty 57600 ttyS1 vt100-nav EOF # inittab mit neu gesetzten Optionen sofort aktivieren: telinit q /etc/securetty: ttyS0 bzw ttyS1 aktivieren # sol-mit-ipmitool: # Eine serielle BIOS Konsole gibt es mit: ipmitool -H 192.168.4.201 -U rmc-admin -I lanplus -e '#' sol activate # IP-Adresse und User eventuell anpassen. Passwort wird dann abgefragt. # Eventuell musste vorher mal ein Passwort vom lokalen System aus / BIOS # gesetzt werden, je nach Kartenart. # # Escape ist per Default ~, das ist es auch fuer ssh, deshalb wird es mit "-e '#'" auf # gesetzt ### HW-RAID-Controller: # LSI MegaRAID-Controller (von http://hwraid.le-vert.net/wiki/DebianPackages): aptitude -y -R install megaraid-status megactl megamgr megacli # Adaptec AACRaid-Controller (von http://hwraid.le-vert.net/wiki/DebianPackages): aptitude -y -R install aacraid-status adaptec-storage-manager-agent adaptec-storage-manager-common adaptec-storage-manager-gui arcconf hrconf adaptec-universal-storage-snmpd adaptec-universal-storage-mib ### Nut UPS: ------------ aptitude -y -R install nut nut-snmp cp -p /etc/nut/nut.conf /etc/nut/nut.conf.org cat << EOF > /etc/nut/nut.conf # Network UPS Tools: example nut.conf # ############################################################################## # General section ############################################################################## # The MODE determines which part of the NUT is to be started, and which # configuration files must be modified. # # This file try to standardize the various files being found in the field, like # /etc/default/nut on Debian based systems, /etc/sysconfig/ups on RedHat based # systems, ... Distribution's init script should source this file to see which # component(s) has to be started. # # The values of MODE can be: # - none: NUT is not configured, or use the Integrated Power Management, or use # some external system to startup NUT components. So nothing is to be started. # - standalone: This mode address a local only configuration, with 1 UPS # protecting the local system. This implies to start the 3 NUT layers (driver, # upsd and upsmon) and the matching configuration files. This mode can also # address UPS redundancy. # - netserver: same as for the standalone configuration, but also need # some more network access controls (firewall, tcp-wrappers) and possibly a # specific LISTEN directive in upsd.conf. # Since this MODE is opened to the network, a special care should be applied # to security concerns. # - netclient: this mode only requires upsmon. # # IMPORTANT NOTE: # This file is intended to be sourced by shell scripts. # You MUST NOT use spaces around the equal sign! MODE=netserver EOF cp -p /etc/nut/ups.conf /etc/nut/ups.conf.org cat << EOF > /etc/nut/ups.conf # Network UPS Tools: example ups.conf # # --- SECURITY NOTE --- # # If you use snmp-ups and set a community string in here, you # will have to secure this file to keep other users from obtaining # that string. It needs to be readable by upsdrvctl and any drivers, # and by upsd. # # --- # # This is where you configure all the UPSes that this system will be # monitoring directly. These are usually attached to serial ports, but # USB devices and SNMP devices are also supported. # # This file is used by upsdrvctl to start and stop your driver(s), and # is also used by upsd to determine which drivers to monitor. The # drivers themselves also read this file for configuration directives. # # The general form is: # # [upsname] # driver = # port = # < any other directives here > # # The section header ([upsname]) can be just about anything as long as # it is a single word inside brackets. upsd uses this to uniquely # identify a UPS on this system. # # If you have a UPS called snoopy, your section header would be "[snoopy]". # On a system called "doghouse", the line in your upsmon.conf to monitor # it would look something like this: # # MONITOR snoopy@doghouse 1 upsmonuser mypassword master # # It might look like this if monitoring in slave mode: # # MONITOR snoopy@doghouse 1 upsmonuser mypassword slave # # Configuration directives # ------------------------ # # These directives are common to all drivers that support ups.conf: # # driver: REQUIRED. Specify the program to run to talk to this UPS. # apcsmart, bestups, and sec are some examples. # # port: REQUIRED. The serial port where your UPS is connected. # /dev/ttyS0 is usually the first port on Linux boxes, for example. # # sdorder: optional. When you have multiple UPSes on your system, you # usually need to turn them off in a certain order. upsdrvctl # shuts down all the 0s, then the 1s, 2s, and so on. To exclude # a UPS from the shutdown sequence, set this to -1. # # The default value for this parameter is 0. # # nolock: optional, and not recommended for use in this file. # # If you put nolock in here, the driver will not lock their # serial port every time it starts. This may allow other # processes to seize the port if you start more than one by # mistake. # # This is only intended to be used on systems where locking # absolutely must be disabled for the software to work. # # maxstartdelay: optional. This can be set as a global variable # above your first UPS definition and it can also be # set in a UPS section. This value controls how long # upsdrvctl will wait for the driver to finish starting. # This keeps your system from getting stuck due to a # broken driver or UPS. # # The default is 45 seconds. # # # Anything else is passed through to the hardware-specific part of # the driver. # # Examples # -------- # # A simple example for a UPS called "powerpal" that uses the blazer_ser # driver on /dev/ttyS0 is: # # [powerpal] # driver = blazer_ser # port = /dev/ttyS0 # desc = "Web server" # # If your UPS driver requires additional settings, you can specify them # here. For example, if it supports a setting of "1234" for the # variable "cable", it would look like this: # # [myups] # driver = mydriver # port = /dev/ttyS1 # cable = 1234 # desc = "Something descriptive" # # To find out if your driver supports any extra settings, start it with # the -h option and/or read the driver's documentation. [ups2og3.intra.ukbw.de] driver = snmp-ups port = 172.19.0.138 community = ukbwsnmpro snmp_version = v1 pollfreq = 15 desc = "ups2og3 - for Telco, MGE Pulsar M2200" override.battery.charge.low = 60.00 ignorelb = battery.runtime [ups1og3.intra.ukbw.de] driver = snmp-ups port = ups1og3.intra.ukbw.de community = ukbwsnmpro snmp_version = v1 pollfreq = 15 desc = "ups1og3 - APC Smart-UPS RT 3000 XL" override.battery.charge.low = 60.00 ignorelb = battery.runtime [ups2og2.intra.ukbw.de] driver = snmp-ups port = 172.19.0.128 community = ukbwsnmpro snmp_version = v1 pollfreq = 15 desc = "ups2og2 - for Telco, MGE Pulsar M2200" override.battery.charge.low = 60.00 ignorelb = battery.runtime [ups1og2.intra.ukbw.de] driver = snmp-ups port = ups1og2.intra.ukbw.de community = ukbwsnmpro snmp_version = v1 pollfreq = 15 desc = "ups1og2 - APC Smart-UPS RT 3000 XL" override.battery.charge.low = 60.00 ignorelb = battery.runtime [ups2og1.intra.ukbw.de] driver = snmp-ups port = 172.19.0.118 community = ukbwsnmpro snmp_version = v1 pollfreq = 15 desc = "ups2og1 - for Telco, MGE Pulsar M2200" override.battery.charge.low = 60.00 ignorelb = battery.runtime [ups1og1.intra.ukbw.de] driver = snmp-ups port = ups1og1.intra.ukbw.de community = ukbwsnmpro snmp_version = v1 pollfreq = 15 desc = "ups1og1 - APC Smart-UPS RT 3000 XL" override.battery.charge.low = 60.00 ignorelb = battery.runtime [ups1ug1.intra.ukbw.de] driver = snmp-ups port = ups1ug1.intra.ukbw.de community = ukbwsnmpro snmp_version = v1 pollfreq = 15 desc = "ups1ug1 - MGE Galaxy 5040" override.battery.charge.low = 60.00 ignorelb = battery.runtime [ups201a.intra.uk-bw.de] driver = snmp-ups port = 172.18.1.2 community = public snmp_version = v1 pollfreq = 15 desc = "ups201a IMV LanPro 33 (Victron) in KA" override.battery.charge.low = 60.00 ignorelb = battery.runtime EOF cp -p /etc/nut/upsd.conf /etc/nut/upsd.conf.org cat << EOF > /etc/nut/upsd.conf # Network UPS Tools: example upsd configuration file # # This file contains access control data, you should keep it secure. # # It should only be readable by the user that upsd becomes. See the FAQ. # # Each entry below provides usage and default value. # ======================================================================= # MAXAGE # MAXAGE 15 # # This defaults to 15 seconds. After a UPS driver has stopped updating # the data for this many seconds, upsd marks it stale and stops making # that information available to clients. After all, the only thing worse # than no data is bad data. # # You should only use this if your driver has difficulties keeping # the data fresh within the normal 15 second interval. Watch the syslog # for notifications from upsd about staleness. # ======================================================================= # STATEPATH # STATEPATH /var/run/nut # # Tell upsd to look for the driver state sockets in 'path' rather # than the default that was compiled into the program. # ======================================================================= # LISTEN
[] # LISTEN 127.0.0.1 3493 # LISTEN ::1 3493 # # This defaults to the localhost listening addresses and port 3493. # In case of IP v4 or v6 disabled kernel, only the available one will be used. # # You may specify each interface you want upsd to listen on for connections, # optionally with a port number. # # You may need this if you have multiple interfaces on your machine and # you don't want upsd to listen to all interfaces (for instance on a # firewall, you may not want to listen to the external interface). # # This will only be read at startup of upsd. If you make changes here, # you'll need to restart upsd, reload will have no effect. LISTEN 127.0.0.1 # ======================================================================= # MAXCONN # MAXCONN 1024 # # This defaults to maximum number allowed on your system. Each UPS, each # LISTEN address and each client count as one connection. If the server # runs out of connections, it will no longer accept new incoming client # connections. Only set this if you know exactly what you're doing. # ======================================================================= # CERTFILE # # When compiled with SSL support, you can enter the certificate file here. # The certificates must be in PEM format and must be sorted starting with # the subject's certificate (server certificate), followed by intermediate # CA certificates (if applicable_ and the highest level (root) CA. It should # end with the server key. See 'docs/security.txt' or the Security chapter of # NUT user manual for more information on the SSL support in NUT. EOF cp -p /etc/nut/upsmon.conf /etc/nut/upsmon.conf.org cat << EOF > /etc/nut/upsmon.conf # Network UPS Tools: example upsmon configuration # # This file contains passwords, so keep it secure. # -------------------------------------------------------------------------- # RUN_AS_USER # # By default, upsmon splits into two processes. One stays as root and # waits to run the SHUTDOWNCMD. The other one switches to another userid # and does everything else. # # The default nonprivileged user is set at compile-time with # 'configure --with-user=...'. # # You can override it with '-u ' when starting upsmon, or just # define it here for convenience. # # Note: if you plan to use the reload feature, this file (upsmon.conf) # must be readable by this user! Since it contains passwords, DO NOT # make it world-readable. Also, do not make it writable by the upsmon # user, since it creates an opportunity for an attack by changing the # SHUTDOWNCMD to something malicious. # # For best results, you should create a new normal user like "nutmon", # and make it a member of a "nut" group or similar. Then specify it # here and grant read access to the upsmon.conf for that group. # # This user should not have write access to upsmon.conf. # # RUN_AS_USER nutmon # -------------------------------------------------------------------------- # MONITOR ("master"|"slave") # # List systems you want to monitor. Not all of these may supply power # to the system running upsmon, but if you want to watch it, it has to # be in this section. # # You must have at least one of these declared. # # is a UPS identifier in the form @[:] # like ups@localhost, su700@mybox, etc. # # Examples: # # - "su700@mybox" means a UPS called "su700" on a system called "mybox" # # - "fenton@bigbox:5678" is a UPS called "fenton" on a system called # "bigbox" which runs upsd on port "5678". # # The UPS names like "su700" and "fenton" are set in your ups.conf # in [brackets] which identify a section for a particular driver. # # If the ups.conf on host "doghouse" has a section called "snoopy", the # identifier for it would be "snoopy@doghouse". # # is an integer - the number of power supplies that this UPS # feeds on this system. Most computers only have one power supply, so this # is normally set to 1. You need a pretty big or special box to have any # other value here. # # You can also set this to 0 for a system that doesn't supply any power, # but you still want to monitor. Use this when you want to hear about # changes for a given UPS without shutting down when it goes critical, # unless is 0. # # and must match an entry in that system's # upsd.users. If your username is "monmaster" and your password is # "blah", the upsd.users would look like this: # # [monmaster] # password = blah # upsmon master (or slave) # # "master" means this system will shutdown last, allowing the slaves # time to shutdown first. # # "slave" means this system shuts down immediately when power goes critical. # # Examples: # # MONITOR myups@bigserver 1 monmaster blah master # MONITOR su700@server.example.com 1 upsmon secretpass slave # MONITOR myups@localhost 1 upsmon pass master (or slave) MONITOR ups1ug1.intra.ukbw.de@localhost 1 upsmon pass slave # -------------------------------------------------------------------------- # MINSUPPLIES # # Give the number of power supplies that must be receiving power to keep # this system running. Most systems have one power supply, so you would # put "1" in this field. # # Large/expensive server type systems usually have more, and can run with # a few missing. The HP NetServer LH4 can run with 2 out of 4, for example, # so you'd set that to 2. The idea is to keep the box running as long # as possible, right? # # Obviously you have to put the redundant supplies on different UPS circuits # for this to make sense! See big-servers.txt in the docs subdirectory # for more information and ideas on how to use this feature. MINSUPPLIES 1 # -------------------------------------------------------------------------- # SHUTDOWNCMD "" # # upsmon runs this command when the system needs to be brought down. # # This should work just about everywhere ... if it doesn't, well, change it. SHUTDOWNCMD "/sbin/shutdown -h +0" # -------------------------------------------------------------------------- # NOTIFYCMD # # upsmon calls this to send messages when things happen # # This command is called with the full text of the message as one argument. # The environment string NOTIFYTYPE will contain the type string of # whatever caused this event to happen. # # Note that this is only called for NOTIFY events that have EXEC set with # NOTIFYFLAG. See NOTIFYFLAG below for more details. # # Making this some sort of shell script might not be a bad idea. For more # information and ideas, see pager.txt in the docs directory. # # Example: # NOTIFYCMD /usr/local/ups/bin/notifyme # -------------------------------------------------------------------------- # POLLFREQ # # Polling frequency for normal activities, measured in seconds. # # Adjust this to keep upsmon from flooding your network, but don't make # it too high or it may miss certain short-lived power events. POLLFREQ 5 # -------------------------------------------------------------------------- # POLLFREQALERT # # Polling frequency in seconds while UPS on battery. # # You can make this number lower than POLLFREQ, which will make updates # faster when any UPS is running on battery. This is a good way to tune # network load if you have a lot of these things running. # # The default is 5 seconds for both this and POLLFREQ. POLLFREQALERT 5 # -------------------------------------------------------------------------- # HOSTSYNC - How long upsmon will wait before giving up on another upsmon # # The master upsmon process uses this number when waiting for slaves to # disconnect once it has set the forced shutdown (FSD) flag. If they # don't disconnect after this many seconds, it goes on without them. # # Similarly, upsmon slave processes wait up to this interval for the # master upsmon to set FSD when a UPS they are monitoring goes critical - # that is, on battery and low battery. If the master doesn't do its job, # the slaves will shut down anyway to avoid damage to the file systems. # # This "wait for FSD" is done to avoid races where the status changes # to critical and back between polls by the master. HOSTSYNC 15 # -------------------------------------------------------------------------- # DEADTIME - Interval to wait before declaring a stale ups "dead" # # upsmon requires a UPS to provide status information every few seconds # (see POLLFREQ and POLLFREQALERT) to keep things updated. If the status # fetch fails, the UPS is marked stale. If it stays stale for more than # DEADTIME seconds, the UPS is marked dead. # # A dead UPS that was last known to be on battery is assumed to have gone # to a low battery condition. This may force a shutdown if it is providing # a critical amount of power to your system. # # Note: DEADTIME should be a multiple of POLLFREQ and POLLFREQALERT. # Otherwise you'll have "dead" UPSes simply because upsmon isn't polling # them quickly enough. Rule of thumb: take the larger of the two # POLLFREQ values, and multiply by 3. DEADTIME 15 # -------------------------------------------------------------------------- # POWERDOWNFLAG - Flag file for forcing UPS shutdown on the master system # # upsmon will create a file with this name in master mode when it's time # to shut down the load. You should check for this file's existence in # your shutdown scripts and run 'upsdrvctl shutdown' if it exists. # # See the shutdown.txt file in the docs subdirectory for more information. POWERDOWNFLAG /etc/killpower # -------------------------------------------------------------------------- # NOTIFYMSG - change messages sent by upsmon when certain events occur # # You can change the default messages to something else if you like. # # NOTIFYMSG "message" # # NOTIFYMSG ONLINE "UPS %s on line power" # NOTIFYMSG ONBATT "UPS %s on battery" # NOTIFYMSG LOWBATT "UPS %s battery is low" # NOTIFYMSG FSD "UPS %s: forced shutdown in progress" # NOTIFYMSG COMMOK "Communications with UPS %s established" # NOTIFYMSG COMMBAD "Communications with UPS %s lost" # NOTIFYMSG SHUTDOWN "Auto logout and shutdown proceeding" # NOTIFYMSG REPLBATT "UPS %s battery needs to be replaced" # NOTIFYMSG NOCOMM "UPS %s is unavailable" # NOTIFYMSG NOPARENT "upsmon parent process died - shutdown impossible" # # Note that %s is replaced with the identifier of the UPS in question. # # Possible values for : # # ONLINE : UPS is back online # ONBATT : UPS is on battery # LOWBATT : UPS has a low battery (if also on battery, it's "critical") # FSD : UPS is being shutdown by the master (FSD = "Forced Shutdown") # COMMOK : Communications established with the UPS # COMMBAD : Communications lost to the UPS # SHUTDOWN : The system is being shutdown # REPLBATT : The UPS battery is bad and needs to be replaced # NOCOMM : A UPS is unavailable (can't be contacted for monitoring) # NOPARENT : The process that shuts down the system has died (shutdown impossible) # -------------------------------------------------------------------------- # NOTIFYFLAG - change behavior of upsmon when NOTIFY events occur # # By default, upsmon sends walls (global messages to all logged in users) # and writes to the syslog when things happen. You can change this. # # NOTIFYFLAG [+][+] ... # # NOTIFYFLAG ONLINE SYSLOG+WALL # NOTIFYFLAG ONBATT SYSLOG+WALL # NOTIFYFLAG LOWBATT SYSLOG+WALL # NOTIFYFLAG FSD SYSLOG+WALL # NOTIFYFLAG COMMOK SYSLOG+WALL # NOTIFYFLAG COMMBAD SYSLOG+WALL # NOTIFYFLAG SHUTDOWN SYSLOG+WALL # NOTIFYFLAG REPLBATT SYSLOG+WALL # NOTIFYFLAG NOCOMM SYSLOG+WALL # NOTIFYFLAG NOPARENT SYSLOG+WALL # # Possible values for the flags: # # SYSLOG - Write the message in the syslog # WALL - Write the message to all users on the system # EXEC - Execute NOTIFYCMD (see above) with the message # IGNORE - Don't do anything # # If you use IGNORE, don't use any other flags on the same line. # -------------------------------------------------------------------------- # RBWARNTIME - replace battery warning time in seconds # # upsmon will normally warn you about a battery that needs to be replaced # every 43200 seconds, which is 12 hours. It does this by triggering a # NOTIFY_REPLBATT which is then handled by the usual notify structure # you've defined above. # # If this number is not to your liking, override it here. RBWARNTIME 43200 # -------------------------------------------------------------------------- # NOCOMMWARNTIME - no communications warning time in seconds # # upsmon will let you know through the usual notify system if it can't # talk to any of the UPS entries that are defined in this file. It will # trigger a NOTIFY_NOCOMM by default every 300 seconds unless you # change the interval with this directive. NOCOMMWARNTIME 300 # -------------------------------------------------------------------------- # FINALDELAY - last sleep interval before shutting down the system # # On a master, upsmon will wait this long after sending the NOTIFY_SHUTDOWN # before executing your SHUTDOWNCMD. If you need to do something in between # those events, increase this number. Remember, at this point your UPS is # almost depleted, so don't make this too high. # # Alternatively, you can set this very low so you don't wait around when # it's time to shut down. Some UPSes don't give much warning for low # battery and will require a value of 0 here for a safe shutdown. # # Note: If FINALDELAY on the slave is greater than HOSTSYNC on the master, # the master will give up waiting for the slave to disconnect. FINALDELAY 5 EOF cp -p /etc/nut/upsd.users /etc/nut/upsd.users.org cat << EOF > /etc/nut/upsd.users # Network UPS Tools: Example upsd.users # # This file sets the permissions for upsd - the UPS network daemon. # Users are defined here, are given passwords, and their privileges are # controlled here too. Since this file will contain passwords, keep it # secure, with only enough permissions for upsd to read it. # -------------------------------------------------------------------------- # Each user gets a section. To start a section, put the username in # brackets on a line by itself. To set something for that user, specify # it under that section heading. The username is case-sensitive, so # admin and AdMiN are two different users. # # Possible settings: # # password: The user's password. This is case-sensitive. # # -------------------------------------------------------------------------- # # actions: Let the user do certain things with upsd. # # Valid actions are: # # SET - change the value of certain variables in the UPS # FSD - set the "forced shutdown" flag in the UPS # # -------------------------------------------------------------------------- # # instcmds: Let the user initiate specific instant commands. Use "ALL" # to grant all commands automatically. There are many possible # commands, so use 'upscmd -l' to see what your hardware supports. Here # are a few examples: # # test.panel.start - Start a front panel test # test.battery.start - Start battery test # test.battery.stop - Stop battery test # calibrate.start - Start calibration # calibrate.stop - Stop calibration # # -------------------------------------------------------------------------- # # Example: # # [admin] # password = mypass # actions = SET # instcmds = ALL # # # --- Configuring for a user who can execute tests only # # [testuser] # password = pass # instcmds = test.battery.start # instcmds = test.battery.stop # # --- Configuring for upsmon # # To add a user for your upsmon, use this example: # # [upsmon] # password = pass # upsmon master # or # upsmon slave # # The matching MONITOR line in your upsmon.conf would look like this: # # MONITOR myups@localhost 1 upsmon pass master (or slave) [upsmon] password = pass upsmon slave EOF cp -p /etc/nut/upssched.conf /etc/nut/upssched.conf.org cat << EOF > /etc/nut/upssched.conf # Network UPS Tools - upssched.conf sample file # # ============================================================================ # # CMDSCRIPT # # This script gets called to invoke commands for timers that trigger. # It is given a single argument - the in your # AT ... START-TIMER defines. # # *** This must be defined *before* the first AT line. Otherwise the # program will complain and exit without doing anything. # # A shell script with a big case..esac construct should work nicely for this. # An example has been provided to help you get started. CMDSCRIPT /bin/upssched-cmd # ============================================================================ # # PIPEFN # # This sets the file name of the FIFO that will pass communications between # processes to start and stop timers. This should be set to some path where # normal users can't create the file, due to the possibility of symlinking # and other evil. # # Note: if you are running Solaris or similar, the permissions that # upssched sets on this file *are not enough* to keep you safe. If # your OS ignores the permissions on a FIFO, then you MUST put this in # a protected directory! # # Note 2: by default, upsmon will run upssched as whatever user you have # defined with RUN_AS_USER in upsmon.conf. Make sure that user can # create files and write to files in the path you use for PIPEFN and # LOCKFN. # # My recommendation: create a special directory for upssched, make it # owned by your upsmon user, then use it for both. # # This is commented out by default to make you visit this file and think # about how your system works before potentially opening a hole. # # PIPEFN /var/run/nut/upssched/upssched.pipe # ============================================================================ # # LOCKFN # # REQUIRED. This was added after version 1.2.1. # # upssched needs to be able to create this filename in order to avoid # a race condition when two events are dispatched from upsmon at nearly # the same time. This file will only exist briefly. It must not be # created by any other process. # # You should put this in the same directory as PIPEFN. # # LOCKFN /var/run/nut/upssched/upssched.lock # ============================================================================ # # AT # # Define a handler for a specific event on UPS . # # can be the special value * to apply this handler to every # possible value of . # # Run the command via your CMDSCRIPT when it happens. # # Note that any AT that matches both the and the # for the current event will be used. # ============================================================================ # # Possible AT commands # # - START-TIMER # # Start a timer called that will trigger after # seconds, calling your CMDSCRIPT with as the first # argument. # # Example: # Start a timer that'll execute when any UPS (*) has been gone 10 seconds # # AT COMMBAD * START-TIMER upsgone 10 # ----------------------------------------------------------------------- # # - CANCEL-TIMER [cmd] # # Cancel a running timer called , if possible. If the timer # has passed then pass the optional argument to CMDSCRIPT. # # Example: # If a specific UPS (myups@localhost) comes back online, then stop the # timer before it triggers # # AT COMMOK myups@localhost CANCEL-TIMER upsgone # ----------------------------------------------------------------------- # # - EXECUTE # # Immediately pass as an argument to CMDSCRIPT. # # Example: # If any UPS (*) reverts to utility power, then execute # 'ups-back-on-line' via CMDSCRIPT. # # AT ONLINE * EXECUTE ups-back-on-line EOF chgrp nut /etc/nut/* ### Virtualisierung: # Linux VServer: aptitude -y install util-vserver util-vserver-build debootstrap vserver-debiantools # KVM: aptitude -y install qemu-kvm ### Clustering: aptitude -y install cluster-tools-lihas heartbeat2-scripts-lihas vo /etc/cluster-tools-lihas.conf # (ACHTUNG: Namen der KVMs, der LVs und der DRBD-Resourcen werden entgegen der # UKBW Syntax nicht mit "$KVMName_kvm" , sondern "kvm_$KVMName" angelegt! # zuerst fuer die beiden root -Accounts je einen SSH-Key generieren, dann die SSH-Key austauschen server1:# ssh-keygen server1:# ssh-copy-id root@server2 server2:# ssh-keygen server1:# ssh-copy-id root@server1 ### WICHTIG: # /etc/cluster-tools-lihas.conf anpassen!!! Keine fully qualified Hostnames eintragen, sondern nur den Hostname! #VERSION=1 ## VERSION=1 -> KEY=VALUE # #http_proxy="http://192.168.9.5:3128" #export http_proxy # #HOST1=spiel #HOST2=wiese # #VG1=vg_$HOST1 #VG2=vg_$HOST2 # #IP_DRBD1=192.168.5.1 #IP_DRBD2=192.168.5.2 # #IF_LAN=br1 #IF_LAN_NM=24 # ## squeeze: ##DEBIANDIST=squeeze ##VSERVER_TEMPLATE=/vservers/template-squeeze # ## wheezy: #DEBIANDIST=wheezy #VSERVER_TEMPLATE=/vservers/template-wheezy # #VSERVER_BASE=/vservers ##VSERVER_TEMPLATE=/vservers/template ##--- aptitude -y install corosync pacemaker drbd8-utils cat << EOF > /etc/corosync/corosync.conf # Please read the openais.conf.5 manual page totem { version: 2 # How long before declaring a token lost (ms) token: 3000 # How many token retransmits before forming a new configuration token_retransmits_before_loss_const: 10 # How long to wait for join messages in the membership protocol (ms) join: 60 # How long to wait for consensus to be achieved before starting a new round of membership configuration (ms) consensus: 3600 # Turn off the virtual synchrony filter vsftype: none # Number of messages that may be sent by one processor on receipt of the token max_messages: 20 # Limit generated nodeids to 31-bits (positive signed integers) clear_node_high_bit: yes # Disable encryption secauth: off # How many threads to use for encryption/decryption threads: 0 # Optionally assign a fixed node id (integer) # nodeid: 1234 # This specifies the mode of redundant ring, which may be none, active, or passive. rrp_mode: active interface { ringnumber: 0 bindnetaddr: 172.16.1.0 mcastaddr: 239.192.0.20 mcastport: 5435 } interface { ringnumber: 1 bindnetaddr: 192.168.5.52 mcastaddr: 239.192.0.20 mcastport: 5435 } } amf { mode: disabled } EOF bindnetaddr und mcastaddr gemaess Netzwerkliste anpassen. cat << EOF > /etc/default/corosync START=yes EOF /etc/drbd.d/global_common.conf anpassen # vserver-neu.sh # usage: /usr/local/bin/vserver-neu.sh VSNAME IP SIZE CONTEXT [DRBDNUM] # usage: /usr/local/bin/vserver-neu.sh test01 10.0.0.115 10G 115 # usage: /usr/local/bin/vserver-neu.sh test01 10.0.0.115 10G 115 3 ### zum Schluss: im VServer ein ROOT-Passswort setzen! # vserver-add-disk.sh # usage: /usr/local/bin/vserver-add-disk.sh VSNAME MNTPOINT SIZE [DRBDNUM] # usage: /usr/local/bin/vserver-add-disk.sh test01 /var/lib/mysql 10G 115 # usage: /usr/local/bin/vserver-add-disk.sh test01 /var/lib/mysql 10G 115 3 # kvm-neu.sh # usage: /usr/local/bin/kvm-neu.sh KVMNAME SIZE [DRBDNUM] # z.B. /usr/local/bin/kvm-neu.sh test01 30G # z.B. /usr/local/bin/kvm-neu.sh test01 30G 3 \\ <- [[:linux|zurück]]