2014-06-17
zuerst „Debian OS-Basis-Installation auf Blech“ durchfuehren!!!
zusaetzlich „auf dem Blech“:
### Proxy der UKBW fuer die Installations-Shellsitzung setzen:
export http_proxy="http://proxy01.ukbw.de:3128/"
### LiHAS GPG-Key importieren:
wget -O - http://ftp.lihas.de/lihas-kernel/apt-key-lihas.gpg | apt-key add -
### ggf. VirtualBox-GPG-Key importieren:
wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | apt-key add -
### Ueberpruefgung, ob Key-Import erfolgreich war:
apt-key list
cat << EOF > /etc/apt/sources.list.d/lihas-kernel.list
# LiHAS:
# Run this command: sudo wget -O - http://ftp.lihas.de/debian/apt-key-lihas.gpg | sudo apt-key add -
deb http://ftp.lihas.de/lihas-kernel/ stable main
EOF
# ggf. VirtualBox-Debian-Paketliste einrichten:
cat << EOF > /etc/apt/sources.list.d/virtualbox.list
#### VirtualBox - http://www.virtualbox.org
## Run this command: wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add -
deb http://download.virtualbox.org/virtualbox/debian squeeze contrib non-free
EOF
### Nagios Hardware-Checks ###
cat << EOF >> /etc/nagios/nrpe_local_ukbw.cfg # LM-Sensors: command[check_lm_sensors]=/usr/bin/sudo /usr/lib/nagios/plugins/check_lm_sensors --sanitize --high $ARG1$=$ARG2$,$ARG3$ # S.M.A.R.T. via nrpe: command[check_nrpe_smart]=/usr/bin/sudo /usr/lib/nagios/plugins/check_ide_smart -n --device=$ARG1$ EOF
### APT (Aptitude) konfigurieren:
# „auf dem Blech“ mit HW-RAID-Controllern:
cat << EOF > /etc/apt/sources.list.d/hwraid.list # http://hwraid.le-vert.net/wiki/DebianPackages deb http://hwraid.le-vert.net/debian squeeze main deb http://hwraid.le-vert.net/debian wheezy main EOF
### hwraid.le-vert.net GPG-Key importieren:
wget -O - http://hwraid.le-vert.net/debian/hwraid.le-vert.net.gpg.key | apt-key add -
### wichtige Pakete installieren:
aptitude -y -R install lvm2 modconf pciutils ethtool smartmontools tcpdump ntp
### fusion-Inventory ###
aptitude -y -R install fusioninventory-agent
cat << EOF > /etc/fusioninventory/agent.cfg # OCS Inventory server server=http://support.intra.uk-bw.de/ocsinventory
# Tag tag=linux-server
# Store inventory in a local directory #local=/tmp EOF
### aktuellen LiHAS-Kernel mit linux VServer-Unterstuetzung und Optimierungen fuer KVM / LXC:
aptitude search linux-image # aptitude -y -R install linux-image-X.Y.ZZ-vsA.B.C.D+lihasD # z.B. linux-image-3.4.34-vs2.3.3.9+lihas1 aptitude -y -R install linux-image-3.10-vserver-amd64
### GRUB-Bootloader:
# evtl.: aptitude -y -R install grub-legacy grub-splashimages
# oder grub2 mit normalem PC-Bios:
aptitude -y -R install grub-pc grub-common grub2-splashimages
# oder ggf. bei EFI-Bios:
aptitude -y -R install grub-efi-amd64 grub2-splashimages
#ACHTUNG: Aenderungen in /etc/default/grub bzw. /etc/grub.d/* #und IMMER mit dem Kommande update-grub Aenderungen aktivieren!
# bei Verwendung von grub1: in /boot/grub/menu.lst oben einfuegen:
serial --unit=1 --speed=57600 --word=8 --parity=no --stop terminal --timeout=5 serial console
kopt erweitern um 'console=tty0 console=ttyS1,57600n8r', z.B.
# kopt=root=UUID=a2eb9fcf-d733-4a54-a924-bbf755e1fddd ro console=tty0 console=ttyS1,57600n8r
update-grub
# bei Verwendung von grub2: in /etc/default/grub aendern:
GRUB_CMDLINE_LINUX=""
→
GRUB_CMDLINE_LINUX="console=tty0 console=ttyS1,57600n8r"
GRUB_TERMINAL="serial console"
GRUB_SERIAL_COMMAND="serial --unit=0 --speed=57600"
anschliessend:
update-grub2
### Netzwerk-Konfiguration:
# allow-hotplug Netzwerkdevices durch Auto ersetzen: (funktioniert nicht!) cp /etc/network/interfaces /etc/network/interfaces.org
/etc/network/interfaces
# The loopback network interface auto lo iface lo inet loopback # The primary network interface #auto eth0 #allow-hotplug eth0 #iface eth0 inet static #address 172.16.1.24 <-- IP gemaess Netzwerk-Liste #netmask 255.255.255.0 #broadcast 172.16.1.255 #gateway 172.16.1.254 #dns-nameservers 172.16.1.51 #dns-search ukbw.de uk-bw.de #dns-domain intra.ukbw.de
#KVM/LXC auto br0 iface br0 inet static bridge_ports eth0 bridge_maxwait 0 # wegen Bug mit KVM: # bridge_stp off bridge_stp on bridge_fd 0 pre-up ifconfig eth0 up || true post-up ntpd -g -q || /bin/true address 172.16.1.24 <-- IP gemaess Netzwerk-Liste netmask 255.255.255.0 broadcast 172.16.1.255 gateway 172.16.1.254 dns-nameservers 172.16.1.51 dns-search ukbw.de uk-bw.de dns-domain intra.ukbw.de #DRBD/Heartbeat/Corosync auto eth1 allow-hotplug eth1 iface eth1 inet static address 192.168.5.54 <-- IP gemaess Netzwerk-Liste netmask 255.255.255.252
### IPMI-Karten:
# IPMI v2.0 kann serielle Konsole, das muss im Linuxkernel, GRUB, evtl. # auch BIOS aktiviert werden: # AOC-LPIPMI-LANG: Console Redirection (text only) through both LAN and Serial Ports # AOC-IPMI20-E: Console Redirection (text only) through LAN (SOL - Serial Over LAN), Shares LAN controller with main board and uses out- # of-band bandwidth. # AOC-SIM1U+: IPMI with KVM Over LAN, Serial Over LAN (SOL), Support RMCP & RMCP + Protocols # Intel RMM3: IPMI with KVM Over LAN # http://www.ecst.csuchico.edu/~dranch/LINUX/IPMI/ipmi-on-linux.html / # http://wiki.adamsweet.org/doku.php?id=ipmi_on_linux # http://www.thomas-krenn.com/de/wiki/IPMI_Konfiguration_unter_Linux_mittels_ipmitool:
aptitude -y -R install ipmitool
# oder FreeIPMI: # http://www.thomas-krenn.com/de/wiki/FreeIPMI
aptitude -y -R install freeipmi
cat << EOF >> /etc/modules ipmi_devintf ipmi_si ipmi_poweroff ipmi_watchdog EOF
modprobe -v ipmi_devintf modprobe -v ipmi_si modprobe -v ipmi_poweroff modprobe -v ipmi_watchdog
#ipmitool sol set non-volatile-bit-rate 57.6 #ipmitool sol set volatile-bit-rate 57.6 #ipmitool sol set force-encryption false #ipmitool sol set enabled true #ipmitool sol payload enable
# Alternative ipmitool Kommandos: # Setup SOL dependencies # Serial channel access disable #ipmitool raw 06 0x40 04 0x40 0x44 #ipmitool raw 06 0x40 04 0x80 0x84 # Check serial channel disabled. should both return 00 04 #ipmitool raw 06 0x41 04 0x40 #ipmitool raw 06 0x41 04 0x80 # SOL payload activate #ipmitool raw 06 0x4c 01 01 02 00 00 00 # Check SOL payload is activated, should return 02 00 00 00 #ipmitool raw 06 0x4d 01 01
# SOL configuration settings
#ipmitool -I lan -H <hostname> -P <password> sol set set-in-progress set-complete 1
#ipmitool sol set enabled true 1
#ipmitool sol set force-encryption false 1
#ipmitool sol set force-authentication false 1
#ipmitool sol set privilege-level admin 1
#ipmitool sol set character-accumulate-level 6 1
#ipmitool sol set character-send-threshold 0x14 1
#ipmitool sol set retry-count 6 1
#ipmitool sol set retry-interval 20 1
#ipmitool sol set non-volatile-bit-rate 57.6 1
#ipmitool sol set volatile-bit-rate 57.6 1
# inittab anpassen:
cp -p /etc/inittab /etc/inittab.org
cat << EOF >> /etc/inittab
# Serial-connection fuer IPMI:
s0:2345:respawn:/sbin/getty 57600 ttyS0 vt100-nav
s1:2345:respawn:/sbin/getty 57600 ttyS1 vt100-nav
EOF
# inittab mit neu gesetzten Optionen sofort aktivieren: telinit q
/etc/securetty: ttyS0 bzw ttyS1 aktivieren
# sol-mit-ipmitool: # Eine serielle BIOS Konsole gibt es mit: ipmitool -H 192.168.4.201 -U rmc-admin -I lanplus -e '#' sol activate
# IP-Adresse und User eventuell anpassen. Passwort wird dann abgefragt. # Eventuell musste vorher mal ein Passwort vom lokalen System aus / BIOS # gesetzt werden, je nach Kartenart. # # Escape ist per Default ~, das ist es auch fuer ssh, deshalb wird es mit „-e '#'“ auf # gesetzt
### HW-RAID-Controller: # LSI MegaRAID-Controller (von http://hwraid.le-vert.net/wiki/DebianPackages): aptitude -y -R install megaraid-status megactl megamgr megacli
# Adaptec AACRaid-Controller (von http://hwraid.le-vert.net/wiki/DebianPackages): aptitude -y -R install aacraid-status adaptec-storage-manager-agent adaptec-storage-manager-common adaptec-storage-manager-gui arcconf hrconf adaptec-universal-storage-snmpd adaptec-universal-storage-mib
### Nut UPS:
aptitude -y -R install nut nut-snmp
cp -p /etc/nut/nut.conf /etc/nut/nut.conf.org cat « EOF > /etc/nut/nut.conf # Network UPS Tools: example nut.conf # ############################################################################## # General section ############################################################################## # The MODE determines which part of the NUT is to be started, and which # configuration files must be modified. # # This file try to standardize the various files being found in the field, like # /etc/default/nut on Debian based systems, /etc/sysconfig/ups on RedHat based # systems, … Distribution's init script should source this file to see which # component(s) has to be started. # # The values of MODE can be: # - none: NUT is not configured, or use the Integrated Power Management, or use # some external system to startup NUT components. So nothing is to be started. # - standalone: This mode address a local only configuration, with 1 UPS # protecting the local system. This implies to start the 3 NUT layers (driver, # upsd and upsmon) and the matching configuration files. This mode can also # address UPS redundancy. # - netserver: same as for the standalone configuration, but also need # some more network access controls (firewall, tcp-wrappers) and possibly a # specific LISTEN directive in upsd.conf. # Since this MODE is opened to the network, a special care should be applied # to security concerns. # - netclient: this mode only requires upsmon. # # IMPORTANT NOTE: # This file is intended to be sourced by shell scripts. # You MUST NOT use spaces around the equal sign!
MODE=netserver EOF
cp -p /etc/nut/ups.conf /etc/nut/ups.conf.org cat « EOF > /etc/nut/ups.conf # Network UPS Tools: example ups.conf # # — SECURITY NOTE — # # If you use snmp-ups and set a community string in here, you # will have to secure this file to keep other users from obtaining # that string. It needs to be readable by upsdrvctl and any drivers, # and by upsd. # # — # # This is where you configure all the UPSes that this system will be # monitoring directly. These are usually attached to serial ports, but # USB devices and SNMP devices are also supported. # # This file is used by upsdrvctl to start and stop your driver(s), and # is also used by upsd to determine which drivers to monitor. The # drivers themselves also read this file for configuration directives. # # The general form is: # # [upsname] # driver = <drivername> # port = <portname> # < any other directives here > # # The section header ([upsname]) can be just about anything as long as # it is a single word inside brackets. upsd uses this to uniquely # identify a UPS on this system. # # If you have a UPS called snoopy, your section header would be „[snoopy]“. # On a system called „doghouse“, the line in your upsmon.conf to monitor # it would look something like this: # # MONITOR snoopy@doghouse 1 upsmonuser mypassword master # # It might look like this if monitoring in slave mode: # # MONITOR snoopy@doghouse 1 upsmonuser mypassword slave # # Configuration directives # ———————— # # These directives are common to all drivers that support ups.conf: # # driver: REQUIRED. Specify the program to run to talk to this UPS. # apcsmart, bestups, and sec are some examples. # # port: REQUIRED. The serial port where your UPS is connected. # /dev/ttyS0 is usually the first port on Linux boxes, for example. # # sdorder: optional. When you have multiple UPSes on your system, you # usually need to turn them off in a certain order. upsdrvctl # shuts down all the 0s, then the 1s, 2s, and so on. To exclude # a UPS from the shutdown sequence, set this to -1. # # The default value for this parameter is 0. # # nolock: optional, and not recommended for use in this file. # # If you put nolock in here, the driver will not lock their # serial port every time it starts. This may allow other # processes to seize the port if you start more than one by # mistake. # # This is only intended to be used on systems where locking # absolutely must be disabled for the software to work. # # maxstartdelay: optional. This can be set as a global variable # above your first UPS definition and it can also be # set in a UPS section. This value controls how long # upsdrvctl will wait for the driver to finish starting. # This keeps your system from getting stuck due to a # broken driver or UPS. # # The default is 45 seconds. # # # Anything else is passed through to the hardware-specific part of # the driver. # # Examples # ——– # # A simple example for a UPS called „powerpal“ that uses the blazer_ser # driver on /dev/ttyS0 is: # # [powerpal] # driver = blazer_ser # port = /dev/ttyS0 # desc = „Web server“ # # If your UPS driver requires additional settings, you can specify them # here. For example, if it supports a setting of „1234“ for the # variable „cable“, it would look like this: # # [myups] # driver = mydriver # port = /dev/ttyS1 # cable = 1234 # desc = „Something descriptive“ # # To find out if your driver supports any extra settings, start it with # the -h option and/or read the driver's documentation. [ups2og3.intra.ukbw.de]
driver = snmp-ups
port = 172.19.0.138
community = ukbwsnmpro
snmp_version = v1
pollfreq = 15
desc = "ups2og3 - for Telco, MGE Pulsar M2200"
override.battery.charge.low = 60.00
ignorelb = battery.runtime
[ups1og3.intra.ukbw.de]
driver = snmp-ups
port = ups1og3.intra.ukbw.de
community = ukbwsnmpro
snmp_version = v1
pollfreq = 15
desc = "ups1og3 - APC Smart-UPS RT 3000 XL"
override.battery.charge.low = 60.00
ignorelb = battery.runtime
[ups2og2.intra.ukbw.de]
driver = snmp-ups
port = 172.19.0.128
community = ukbwsnmpro
snmp_version = v1
pollfreq = 15
desc = "ups2og2 - for Telco, MGE Pulsar M2200"
override.battery.charge.low = 60.00
ignorelb = battery.runtime
[ups1og2.intra.ukbw.de]
driver = snmp-ups
port = ups1og2.intra.ukbw.de
community = ukbwsnmpro
snmp_version = v1
pollfreq = 15
desc = "ups1og2 - APC Smart-UPS RT 3000 XL"
override.battery.charge.low = 60.00
ignorelb = battery.runtime
[ups2og1.intra.ukbw.de]
driver = snmp-ups
port = 172.19.0.118
community = ukbwsnmpro
snmp_version = v1
pollfreq = 15
desc = "ups2og1 - for Telco, MGE Pulsar M2200"
override.battery.charge.low = 60.00
ignorelb = battery.runtime
[ups1og1.intra.ukbw.de]
driver = snmp-ups
port = ups1og1.intra.ukbw.de
community = ukbwsnmpro
snmp_version = v1
pollfreq = 15
desc = "ups1og1 - APC Smart-UPS RT 3000 XL"
override.battery.charge.low = 60.00
ignorelb = battery.runtime
[ups1ug1.intra.ukbw.de]
driver = snmp-ups
port = ups1ug1.intra.ukbw.de
community = ukbwsnmpro
snmp_version = v1
pollfreq = 15
desc = "ups1ug1 - MGE Galaxy 5040"
override.battery.charge.low = 60.00
ignorelb = battery.runtime
[ups201a.intra.uk-bw.de]
driver = snmp-ups
port = 172.18.1.2
community = public
snmp_version = v1
pollfreq = 15
desc = "ups201a IMV LanPro 33 (Victron) in KA"
override.battery.charge.low = 60.00
ignorelb = battery.runtime
EOF
cp -p /etc/nut/upsd.conf /etc/nut/upsd.conf.org cat « EOF > /etc/nut/upsd.conf # Network UPS Tools: example upsd configuration file # # This file contains access control data, you should keep it secure. # # It should only be readable by the user that upsd becomes. See the FAQ. # # Each entry below provides usage and default value.
#
# MAXAGE <seconds> # MAXAGE 15 # # This defaults to 15 seconds. After a UPS driver has stopped updating # the data for this many seconds, upsd marks it stale and stops making # that information available to clients. After all, the only thing worse # than no data is bad data. # # You should only use this if your driver has difficulties keeping # the data fresh within the normal 15 second interval. Watch the syslog # for notifications from upsd about staleness.
#
# STATEPATH <path> # STATEPATH /var/run/nut # # Tell upsd to look for the driver state sockets in 'path' rather # than the default that was compiled into the program.
#
# LISTEN <address> [<port>] # LISTEN 127.0.0.1 3493 # LISTEN ::1 3493 # # This defaults to the localhost listening addresses and port 3493. # In case of IP v4 or v6 disabled kernel, only the available one will be used. # # You may specify each interface you want upsd to listen on for connections, # optionally with a port number. # # You may need this if you have multiple interfaces on your machine and # you don't want upsd to listen to all interfaces (for instance on a # firewall, you may not want to listen to the external interface). # # This will only be read at startup of upsd. If you make changes here, # you'll need to restart upsd, reload will have no effect. LISTEN 127.0.0.1
#
# MAXCONN <connections> # MAXCONN 1024 # # This defaults to maximum number allowed on your system. Each UPS, each # LISTEN address and each client count as one connection. If the server # runs out of connections, it will no longer accept new incoming client # connections. Only set this if you know exactly what you're doing.
#
# CERTFILE <certificate file> # # When compiled with SSL support, you can enter the certificate file here. # The certificates must be in PEM format and must be sorted starting with # the subject's certificate (server certificate), followed by intermediate # CA certificates (if applicable_ and the highest level (root) CA. It should # end with the server key. See 'docs/security.txt' or the Security chapter of # NUT user manual for more information on the SSL support in NUT. EOF
cp -p /etc/nut/upsmon.conf /etc/nut/upsmon.conf.org cat « EOF > /etc/nut/upsmon.conf # Network UPS Tools: example upsmon configuration # # This file contains passwords, so keep it secure.
# ————————————————————————– # RUN_AS_USER <userid> # # By default, upsmon splits into two processes. One stays as root and # waits to run the SHUTDOWNCMD. The other one switches to another userid # and does everything else. # # The default nonprivileged user is set at compile-time with # 'configure –with-user=…'. # # You can override it with '-u <user>' when starting upsmon, or just # define it here for convenience. # # Note: if you plan to use the reload feature, this file (upsmon.conf) # must be readable by this user! Since it contains passwords, DO NOT # make it world-readable. Also, do not make it writable by the upsmon # user, since it creates an opportunity for an attack by changing the # SHUTDOWNCMD to something malicious. # # For best results, you should create a new normal user like „nutmon“, # and make it a member of a „nut“ group or similar. Then specify it # here and grant read access to the upsmon.conf for that group. # # This user should not have write access to upsmon.conf. # # RUN_AS_USER nutmon
# ————————————————————————– # MONITOR <system> <powervalue> <username> <password> („master“|„slave“) # # List systems you want to monitor. Not all of these may supply power # to the system running upsmon, but if you want to watch it, it has to # be in this section. # # You must have at least one of these declared. # # <system> is a UPS identifier in the form <upsname>@<hostname>[:<port>] # like ups@localhost, su700@mybox, etc. # # Examples: # # - „su700@mybox“ means a UPS called „su700“ on a system called „mybox“ # # - „fenton@bigbox:5678“ is a UPS called „fenton“ on a system called # „bigbox“ which runs upsd on port „5678“. # # The UPS names like „su700“ and „fenton“ are set in your ups.conf # in [brackets] which identify a section for a particular driver. # # If the ups.conf on host „doghouse“ has a section called „snoopy“, the # identifier for it would be „snoopy@doghouse“. # # <powervalue> is an integer - the number of power supplies that this UPS # feeds on this system. Most computers only have one power supply, so this # is normally set to 1. You need a pretty big or special box to have any # other value here. # # You can also set this to 0 for a system that doesn't supply any power, # but you still want to monitor. Use this when you want to hear about # changes for a given UPS without shutting down when it goes critical, # unless <powervalue> is 0. # # <username> and <password> must match an entry in that system's # upsd.users. If your username is „monmaster“ and your password is # „blah“, the upsd.users would look like this: # # [monmaster] # password = blah # upsmon master (or slave) # # „master“ means this system will shutdown last, allowing the slaves # time to shutdown first. # # „slave“ means this system shuts down immediately when power goes critical. # # Examples: # # MONITOR myups@bigserver 1 monmaster blah master # MONITOR su700@server.example.com 1 upsmon secretpass slave # MONITOR myups@localhost 1 upsmon pass master (or slave) MONITOR ups1ug1.intra.ukbw.de@localhost 1 upsmon pass slave
# ————————————————————————– # MINSUPPLIES <num> # # Give the number of power supplies that must be receiving power to keep # this system running. Most systems have one power supply, so you would # put „1“ in this field. # # Large/expensive server type systems usually have more, and can run with # a few missing. The HP NetServer LH4 can run with 2 out of 4, for example, # so you'd set that to 2. The idea is to keep the box running as long # as possible, right? # # Obviously you have to put the redundant supplies on different UPS circuits # for this to make sense! See big-servers.txt in the docs subdirectory # for more information and ideas on how to use this feature.
MINSUPPLIES 1
# ————————————————————————– # SHUTDOWNCMD „<command>“ # # upsmon runs this command when the system needs to be brought down. # # This should work just about everywhere … if it doesn't, well, change it.
SHUTDOWNCMD „/sbin/shutdown -h +0“
# ————————————————————————– # NOTIFYCMD <command> # # upsmon calls this to send messages when things happen # # This command is called with the full text of the message as one argument. # The environment string NOTIFYTYPE will contain the type string of # whatever caused this event to happen. # # Note that this is only called for NOTIFY events that have EXEC set with # NOTIFYFLAG. See NOTIFYFLAG below for more details. # # Making this some sort of shell script might not be a bad idea. For more # information and ideas, see pager.txt in the docs directory. # # Example: # NOTIFYCMD /usr/local/ups/bin/notifyme
# ————————————————————————– # POLLFREQ <n> # # Polling frequency for normal activities, measured in seconds. # # Adjust this to keep upsmon from flooding your network, but don't make # it too high or it may miss certain short-lived power events.
POLLFREQ 5
# ————————————————————————– # POLLFREQALERT <n> # # Polling frequency in seconds while UPS on battery. # # You can make this number lower than POLLFREQ, which will make updates # faster when any UPS is running on battery. This is a good way to tune # network load if you have a lot of these things running. # # The default is 5 seconds for both this and POLLFREQ.
POLLFREQALERT 5
# ————————————————————————– # HOSTSYNC - How long upsmon will wait before giving up on another upsmon # # The master upsmon process uses this number when waiting for slaves to # disconnect once it has set the forced shutdown (FSD) flag. If they # don't disconnect after this many seconds, it goes on without them. # # Similarly, upsmon slave processes wait up to this interval for the # master upsmon to set FSD when a UPS they are monitoring goes critical - # that is, on battery and low battery. If the master doesn't do its job, # the slaves will shut down anyway to avoid damage to the file systems. # # This „wait for FSD“ is done to avoid races where the status changes # to critical and back between polls by the master.
HOSTSYNC 15
# ————————————————————————– # DEADTIME - Interval to wait before declaring a stale ups „dead“ # # upsmon requires a UPS to provide status information every few seconds # (see POLLFREQ and POLLFREQALERT) to keep things updated. If the status # fetch fails, the UPS is marked stale. If it stays stale for more than # DEADTIME seconds, the UPS is marked dead. # # A dead UPS that was last known to be on battery is assumed to have gone # to a low battery condition. This may force a shutdown if it is providing # a critical amount of power to your system. # # Note: DEADTIME should be a multiple of POLLFREQ and POLLFREQALERT. # Otherwise you'll have „dead“ UPSes simply because upsmon isn't polling # them quickly enough. Rule of thumb: take the larger of the two # POLLFREQ values, and multiply by 3.
DEADTIME 15
# ————————————————————————– # POWERDOWNFLAG - Flag file for forcing UPS shutdown on the master system # # upsmon will create a file with this name in master mode when it's time # to shut down the load. You should check for this file's existence in # your shutdown scripts and run 'upsdrvctl shutdown' if it exists. # # See the shutdown.txt file in the docs subdirectory for more information.
POWERDOWNFLAG /etc/killpower
# ————————————————————————– # NOTIFYMSG - change messages sent by upsmon when certain events occur # # You can change the default messages to something else if you like. # # NOTIFYMSG <notify type> „message“ # # NOTIFYMSG ONLINE „UPS %s on line power“ # NOTIFYMSG ONBATT „UPS %s on battery“ # NOTIFYMSG LOWBATT „UPS %s battery is low“ # NOTIFYMSG FSD „UPS %s: forced shutdown in progress“ # NOTIFYMSG COMMOK „Communications with UPS %s established“ # NOTIFYMSG COMMBAD „Communications with UPS %s lost“ # NOTIFYMSG SHUTDOWN „Auto logout and shutdown proceeding“ # NOTIFYMSG REPLBATT „UPS %s battery needs to be replaced“ # NOTIFYMSG NOCOMM „UPS %s is unavailable“ # NOTIFYMSG NOPARENT „upsmon parent process died - shutdown impossible“ # # Note that %s is replaced with the identifier of the UPS in question. # # Possible values for <notify type>: # # ONLINE : UPS is back online # ONBATT : UPS is on battery # LOWBATT : UPS has a low battery (if also on battery, it's „critical“) # FSD : UPS is being shutdown by the master (FSD = „Forced Shutdown“) # COMMOK : Communications established with the UPS # COMMBAD : Communications lost to the UPS # SHUTDOWN : The system is being shutdown # REPLBATT : The UPS battery is bad and needs to be replaced # NOCOMM : A UPS is unavailable (can't be contacted for monitoring) # NOPARENT : The process that shuts down the system has died (shutdown impossible)
# ————————————————————————– # NOTIFYFLAG - change behavior of upsmon when NOTIFY events occur # # By default, upsmon sends walls (global messages to all logged in users) # and writes to the syslog when things happen. You can change this. # # NOTIFYFLAG <notify type> <flag>[+<flag>][+<flag>] … # # NOTIFYFLAG ONLINE SYSLOG+WALL # NOTIFYFLAG ONBATT SYSLOG+WALL # NOTIFYFLAG LOWBATT SYSLOG+WALL # NOTIFYFLAG FSD SYSLOG+WALL # NOTIFYFLAG COMMOK SYSLOG+WALL # NOTIFYFLAG COMMBAD SYSLOG+WALL # NOTIFYFLAG SHUTDOWN SYSLOG+WALL # NOTIFYFLAG REPLBATT SYSLOG+WALL # NOTIFYFLAG NOCOMM SYSLOG+WALL # NOTIFYFLAG NOPARENT SYSLOG+WALL # # Possible values for the flags: # # SYSLOG - Write the message in the syslog # WALL - Write the message to all users on the system # EXEC - Execute NOTIFYCMD (see above) with the message # IGNORE - Don't do anything # # If you use IGNORE, don't use any other flags on the same line.
# ————————————————————————– # RBWARNTIME - replace battery warning time in seconds # # upsmon will normally warn you about a battery that needs to be replaced # every 43200 seconds, which is 12 hours. It does this by triggering a # NOTIFY_REPLBATT which is then handled by the usual notify structure # you've defined above. # # If this number is not to your liking, override it here.
RBWARNTIME 43200
# ————————————————————————– # NOCOMMWARNTIME - no communications warning time in seconds # # upsmon will let you know through the usual notify system if it can't # talk to any of the UPS entries that are defined in this file. It will # trigger a NOTIFY_NOCOMM by default every 300 seconds unless you # change the interval with this directive.
NOCOMMWARNTIME 300
# ————————————————————————– # FINALDELAY - last sleep interval before shutting down the system # # On a master, upsmon will wait this long after sending the NOTIFY_SHUTDOWN # before executing your SHUTDOWNCMD. If you need to do something in between # those events, increase this number. Remember, at this point your UPS is # almost depleted, so don't make this too high. # # Alternatively, you can set this very low so you don't wait around when # it's time to shut down. Some UPSes don't give much warning for low # battery and will require a value of 0 here for a safe shutdown. # # Note: If FINALDELAY on the slave is greater than HOSTSYNC on the master, # the master will give up waiting for the slave to disconnect.
FINALDELAY 5 EOF
cp -p /etc/nut/upsd.users /etc/nut/upsd.users.org cat « EOF > /etc/nut/upsd.users # Network UPS Tools: Example upsd.users # # This file sets the permissions for upsd - the UPS network daemon. # Users are defined here, are given passwords, and their privileges are # controlled here too. Since this file will contain passwords, keep it # secure, with only enough permissions for upsd to read it.
# ————————————————————————–
# Each user gets a section. To start a section, put the username in # brackets on a line by itself. To set something for that user, specify # it under that section heading. The username is case-sensitive, so # admin and AdMiN are two different users. # # Possible settings: # # password: The user's password. This is case-sensitive. # # ————————————————————————– # # actions: Let the user do certain things with upsd. # # Valid actions are: # # SET - change the value of certain variables in the UPS # FSD - set the „forced shutdown“ flag in the UPS # # ————————————————————————– # # instcmds: Let the user initiate specific instant commands. Use „ALL“ # to grant all commands automatically. There are many possible # commands, so use 'upscmd -l' to see what your hardware supports. Here # are a few examples: # # test.panel.start - Start a front panel test # test.battery.start - Start battery test # test.battery.stop - Stop battery test # calibrate.start - Start calibration # calibrate.stop - Stop calibration # # ————————————————————————– # # Example: # # [admin] # password = mypass # actions = SET # instcmds = ALL #
# # — Configuring for a user who can execute tests only # # [testuser] # password = pass # instcmds = test.battery.start # instcmds = test.battery.stop
# # — Configuring for upsmon # # To add a user for your upsmon, use this example: # # [upsmon] # password = pass # upsmon master # or # upsmon slave # # The matching MONITOR line in your upsmon.conf would look like this: # # MONITOR myups@localhost 1 upsmon pass master (or slave)
[upsmon]
password = pass upsmon slave
EOF
cp -p /etc/nut/upssched.conf /etc/nut/upssched.conf.org cat « EOF > /etc/nut/upssched.conf # Network UPS Tools - upssched.conf sample file # #
# # CMDSCRIPT <scriptname> # # This script gets called to invoke commands for timers that trigger. # It is given a single argument - the <timername> in your # AT … START-TIMER defines. # # *** This must be defined *before* the first AT line. Otherwise the # program will complain and exit without doing anything. # # A shell script with a big case..esac construct should work nicely for this. # An example has been provided to help you get started.
CMDSCRIPT /bin/upssched-cmd
#
# # PIPEFN <filename> # # This sets the file name of the FIFO that will pass communications between # processes to start and stop timers. This should be set to some path where # normal users can't create the file, due to the possibility of symlinking # and other evil. # # Note: if you are running Solaris or similar, the permissions that # upssched sets on this file *are not enough* to keep you safe. If # your OS ignores the permissions on a FIFO, then you MUST put this in # a protected directory! # # Note 2: by default, upsmon will run upssched as whatever user you have # defined with RUN_AS_USER in upsmon.conf. Make sure that user can # create files and write to files in the path you use for PIPEFN and # LOCKFN. # # My recommendation: create a special directory for upssched, make it # owned by your upsmon user, then use it for both. # # This is commented out by default to make you visit this file and think # about how your system works before potentially opening a hole. # # PIPEFN /var/run/nut/upssched/upssched.pipe
#
# # LOCKFN <filename> # # REQUIRED. This was added after version 1.2.1. # # upssched needs to be able to create this filename in order to avoid # a race condition when two events are dispatched from upsmon at nearly # the same time. This file will only exist briefly. It must not be # created by any other process. # # You should put this in the same directory as PIPEFN. # # LOCKFN /var/run/nut/upssched/upssched.lock
#
# # AT <notifytype> <upsname> <command> # # Define a handler for a specific event <notifytype> on UPS <upsname>. # # <upsname> can be the special value * to apply this handler to every # possible value of <upsname>. # # Run the command <command> via your CMDSCRIPT when it happens. # # Note that any AT that matches both the <notifytype> and the <upsname> # for the current event will be used.
#
# # Possible AT commands # # - START-TIMER <timername> <interval> # # Start a timer called <timername> that will trigger after <interval> # seconds, calling your CMDSCRIPT with <timername> as the first # argument. # # Example: # Start a timer that'll execute when any UPS (*) has been gone 10 seconds # # AT COMMBAD * START-TIMER upsgone 10
# ———————————————————————– # # - CANCEL-TIMER <timername> [cmd] # # Cancel a running timer called <timername>, if possible. If the timer # has passed then pass the optional argument <cmd> to CMDSCRIPT. # # Example: # If a specific UPS (myups@localhost) comes back online, then stop the # timer before it triggers # # AT COMMOK myups@localhost CANCEL-TIMER upsgone
# ———————————————————————– # # - EXECUTE <command> # # Immediately pass <command> as an argument to CMDSCRIPT. # # Example: # If any UPS (*) reverts to utility power, then execute # 'ups-back-on-line' via CMDSCRIPT. # # AT ONLINE * EXECUTE ups-back-on-line EOF
chgrp nut /etc/nut/*
### Virtualisierung: # Linux VServer: aptitude -y install util-vserver util-vserver-build debootstrap vserver-debiantools
# KVM: aptitude -y install qemu-kvm
### Clustering: aptitude -y install cluster-tools-lihas heartbeat2-scripts-lihas vo /etc/cluster-tools-lihas.conf
# (ACHTUNG: Namen der KVMs, der LVs und der DRBD-Resourcen werden entgegen der # UKBW Syntax nicht mit „$KVMName_kvm“ , sondern „kvm_$KVMName“ angelegt!
# zuerst fuer die beiden root -Accounts je einen SSH-Key generieren, dann die SSH-Key austauschen server1:# ssh-keygen server1:# ssh-copy-id root@server2
server2:# ssh-keygen server1:# ssh-copy-id root@server1
### WICHTIG: # /etc/cluster-tools-lihas.conf anpassen!!! Keine fully qualified Hostnames eintragen, sondern nur den Hostname!
#VERSION=1 ## VERSION=1 → KEY=VALUE # #http_proxy=„http://192.168.9.5:3128“ #export http_proxy # #HOST1=spiel #HOST2=wiese # #VG1=vg_$HOST1 #VG2=vg_$HOST2 # #IP_DRBD1=192.168.5.1 #IP_DRBD2=192.168.5.2 # #IF_LAN=br1 #IF_LAN_NM=24 # ## squeeze: ##DEBIANDIST=squeeze ##VSERVER_TEMPLATE=/vservers/template-squeeze # ## wheezy: #DEBIANDIST=wheezy #VSERVER_TEMPLATE=/vservers/template-wheezy # #VSERVER_BASE=/vservers ##VSERVER_TEMPLATE=/vservers/template ##—
aptitude -y install corosync pacemaker drbd8-utils
cat « EOF > /etc/corosync/corosync.conf # Please read the openais.conf.5 manual page
totem {
version: 2
# How long before declaring a token lost (ms) token: 3000
# How many token retransmits before forming a new configuration token_retransmits_before_loss_const: 10
# How long to wait for join messages in the membership protocol (ms) join: 60
# How long to wait for consensus to be achieved before starting a new round of membership configuration (ms) consensus: 3600
# Turn off the virtual synchrony filter vsftype: none
# Number of messages that may be sent by one processor on receipt of the token max_messages: 20
# Limit generated nodeids to 31-bits (positive signed integers) clear_node_high_bit: yes
# Disable encryption secauth: off
# How many threads to use for encryption/decryption threads: 0
# Optionally assign a fixed node id (integer) # nodeid: 1234
# This specifies the mode of redundant ring, which may be none, active, or passive. rrp_mode: active
interface { ringnumber: 0 bindnetaddr: 172.16.1.0 mcastaddr: 239.192.0.20 mcastport: 5435 }
interface { ringnumber: 1 bindnetaddr: 192.168.5.52 mcastaddr: 239.192.0.20 mcastport: 5435 }
}
amf {
mode: disabled
} EOF
bindnetaddr und mcastaddr gemaess Netzwerkliste anpassen.
cat « EOF > /etc/default/corosync START=yes EOF
/etc/drbd.d/global_common.conf anpassen
# vserver-neu.sh # usage: /usr/local/bin/vserver-neu.sh VSNAME IP SIZE CONTEXT [DRBDNUM] # usage: /usr/local/bin/vserver-neu.sh test01 10.0.0.115 10G 115 # usage: /usr/local/bin/vserver-neu.sh test01 10.0.0.115 10G 115 3
### zum Schluss: im VServer ein ROOT-Passswort setzen!
# vserver-add-disk.sh # usage: /usr/local/bin/vserver-add-disk.sh VSNAME MNTPOINT SIZE [DRBDNUM] # usage: /usr/local/bin/vserver-add-disk.sh test01 /var/lib/mysql 10G 115 # usage: /usr/local/bin/vserver-add-disk.sh test01 /var/lib/mysql 10G 115 3
# kvm-neu.sh # usage: /usr/local/bin/kvm-neu.sh KVMNAME SIZE [DRBDNUM] # z.B. /usr/local/bin/kvm-neu.sh test01 30G # z.B. /usr/local/bin/kvm-neu.sh test01 30G 3
← zurück