--- /dev/null
+#!/bin/sh
+set -x
+
+# network interfaces are:
+# ens34: VMware VMXNET3, connected to/used for internal network
+# ens35: VMware VMXNET3, connected to/used for 10g network
+# ens64f0: port 0 of Intel Corporation 82580, used for internal container bond
+# ens64f1: port 1 of Intel Corporation 82580, used for internal container bond
+# ens64f2: port 2 of Intel Corporation 82580, used for external container bond
+# ens64f3: port 3 of Intel Corporation 82580, used for external container bond
+#
+# if the names are incorrect: VM -> Edit Settings... -> Advanced Parameters
+# set *.pciSlotNumber values (the two scsi adapters should be numbered
+# 32, 33, and the ethernet controllers should be numbered 34, 35).
+
+
+INTERNAL_CONNECTION_NAME=internal
+INTERNAL_CONNECTION_DEVICE=ens34
+
+INTERNAL_CONTAINER_BOND_NAME=bondci
+INTERNAL_CONTAINER_BOND_DEVICE=${INTERNAL_CONTAINER_BOND_NAME}-dev
+INTERNAL_CONTAINER_BOND_SLAVE_1_NAME=${INTERNAL_CONTAINER_BOND_NAME}-slave-1
+INTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE=ens64f0
+INTERNAL_CONTAINER_BOND_SLAVE_2_NAME=${INTERNAL_CONTAINER_BOND_NAME}-slave-2
+INTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE=ens64f1
+
+INTERNAL_CONTAINER_BRIDGE_NAME=brci
+INTERNAL_CONTAINER_BRIDGE_DEVICE=${INTERNAL_CONTAINER_BRIDGE_NAME}-dev
+
+HOST_ONLY_CONTAINER_BRIDGE_NAME=brch
+HOST_ONLY_CONTAINER_BRIDGE_DEVICE=${HOST_ONLY_CONTAINER_BRIDGE_NAME}-dev
+
+EXTERNAL_CONTAINER_BOND_NAME=bondce
+EXTERNAL_CONTAINER_BOND_DEVICE=${EXTERNAL_CONTAINER_BOND_NAME}-dev
+EXTERNAL_CONTAINER_BOND_SLAVE_1_NAME=${EXTERNAL_CONTAINER_BOND_NAME}-slave-1
+EXTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE=ens64f2
+EXTERNAL_CONTAINER_BOND_SLAVE_2_NAME=${EXTERNAL_CONTAINER_BOND_NAME}-slave-2
+EXTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE=ens64f3
+
+EXTERNAL_CONTAINER_BRIDGE_NAME=brce
+EXTERNAL_CONTAINER_BRIDGE_DEVICE=${EXTERNAL_CONTAINER_BRIDGE_NAME}-dev
+
+TENG_CONNECTION_NAME=10g
+TENG_CONNECTION_DEVICE=ens35
+
+
+ip link set $INTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE mtu 1500
+ip link set $INTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE mtu 1500
+ip link set $EXTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE mtu 1500
+ip link set $EXTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE mtu 1500
+
+CONNECTIONS=$(nmcli --terse connection show | wc -l)
+while [ $CONNECTIONS -gt 1 ]
+do
+ CONNECTION_LINE=$(nmcli --terse connection show \
+ | grep --invert-match '^lo:' | head -n 1)
+ CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':')
+ nmcli connection delete uuid "$CONNECTION_UUID"
+ CONNECTIONS=$(nmcli --terse connection show | wc -l)
+done
+
+
+nmcli connection add \
+ connection.autoconnect yes \
+ connection.id $INTERNAL_CONNECTION_NAME \
+ connection.interface-name $INTERNAL_CONNECTION_DEVICE \
+ connection.type 802-3-ethernet \
+ 802-3-ethernet.mtu 9000 \
+ ipv4.addresses "10.228.109.45/16" \
+ ipv4.dns "10.228.109.159, 10.228.92.159" \
+ ipv4.dns-search "in.useribm.hu" \
+ ipv4.gateway "10.228.109.254" \
+ ipv4.method "manual" \
+ ipv4.route-metric "100" \
+ ipv6.addresses "2001:1aa1:000a:7dae:0250:56ff:fead:8a1d/64" \
+ ipv6.dns "2001:1aa1:000a:7dae:000c:18ff:fe03:5c9f, 2001:1aa1:000a:7dae:000c:18ff:fe03:6d9f" \
+ ipv6.dns-search "in.useribm.hu" \
+ ipv6.gateway "2001:1aa1:000a:7dae:000c:18ff:fe03:6dfe" \
+ ipv6.method "manual" \
+ ipv6.route-metric "100" \
+ save yes
+
+nmcli connection add \
+ connection.autoconnect yes \
+ connection.id $INTERNAL_CONTAINER_BRIDGE_NAME \
+ connection.interface-name $INTERNAL_CONTAINER_BRIDGE_DEVICE \
+ connection.type bridge \
+ 802-3-ethernet.mtu 1500 \
+ ipv4.method "disabled" \
+ ipv6.method "disabled" \
+ bridge.stp no \
+ save yes
+
+nmcli connection add \
+ connection.autoconnect yes \
+ connection.id $INTERNAL_CONTAINER_BOND_NAME \
+ connection.interface-name $INTERNAL_CONTAINER_BOND_DEVICE \
+ connection.type bond \
+ connection.master $INTERNAL_CONTAINER_BRIDGE_DEVICE \
+ connection.slave-type bridge \
+ 802-3-ethernet.mtu 1500 \
+ bond.options "mode=802.3ad,lacp_rate=fast,miimon=100,xmit_hash_policy=layer2+3" \
+ save yes
+
+nmcli connection add \
+ connection.autoconnect yes \
+ connection.id $INTERNAL_CONTAINER_BOND_SLAVE_1_NAME \
+ connection.interface-name $INTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE \
+ connection.master $INTERNAL_CONTAINER_BOND_DEVICE \
+ connection.slave-type bond \
+ connection.type 802-3-ethernet \
+ 802-3-ethernet.mtu 1500 \
+ save yes
+
+nmcli connection add \
+ connection.autoconnect yes \
+ connection.id $INTERNAL_CONTAINER_BOND_SLAVE_2_NAME \
+ connection.interface-name $INTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE \
+ connection.master $INTERNAL_CONTAINER_BOND_DEVICE \
+ connection.slave-type bond \
+ connection.type 802-3-ethernet \
+ 802-3-ethernet.mtu 1500 \
+ save yes
+
+nmcli connection add \
+ connection.autoconnect yes \
+ connection.id $HOST_ONLY_CONTAINER_BRIDGE_NAME \
+ connection.interface-name $HOST_ONLY_CONTAINER_BRIDGE_DEVICE \
+ connection.type bridge \
+ 802-3-ethernet.mtu 9000 \
+ ipv4.method "disabled" \
+ ipv6.method "disabled" \
+ bridge.stp no \
+ save yes
+
+nmcli connection add \
+ connection.autoconnect yes \
+ connection.id $EXTERNAL_CONTAINER_BRIDGE_NAME \
+ connection.interface-name $EXTERNAL_CONTAINER_BRIDGE_DEVICE \
+ connection.type bridge \
+ 802-3-ethernet.mtu 1500 \
+ ipv4.method "disabled" \
+ ipv6.method "disabled" \
+ bridge.stp no \
+ save yes
+
+nmcli connection add \
+ connection.autoconnect yes \
+ connection.id $EXTERNAL_CONTAINER_BOND_NAME \
+ connection.interface-name $EXTERNAL_CONTAINER_BOND_DEVICE \
+ connection.type bond \
+ connection.master $EXTERNAL_CONTAINER_BRIDGE_DEVICE \
+ connection.slave-type bridge \
+ 802-3-ethernet.mtu 1500 \
+ bond.options "mode=active-backup,miimon=100" \
+ save yes
+
+nmcli connection add \
+ connection.autoconnect yes \
+ connection.id $EXTERNAL_CONTAINER_BOND_SLAVE_1_NAME \
+ connection.interface-name $EXTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE \
+ connection.master $EXTERNAL_CONTAINER_BOND_DEVICE \
+ connection.slave-type bond \
+ connection.type 802-3-ethernet \
+ 802-3-ethernet.mtu 1500 \
+ save yes
+
+nmcli connection add \
+ connection.autoconnect yes \
+ connection.id $EXTERNAL_CONTAINER_BOND_SLAVE_2_NAME \
+ connection.interface-name $EXTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE \
+ connection.master $EXTERNAL_CONTAINER_BOND_DEVICE \
+ connection.slave-type bond \
+ connection.type 802-3-ethernet \
+ 802-3-ethernet.mtu 1500 \
+ save yes
+
+nmcli connection add \
+ connection.autoconnect yes \
+ connection.id $TENG_CONNECTION_NAME \
+ connection.interface-name $TENG_CONNECTION_DEVICE \
+ connection.type 802-3-ethernet \
+ 802-3-ethernet.mtu 9000 \
+ ipv4.addresses "172.24.107.45/24" \
+ ipv4.method "manual" \
+ ipv6.addresses "2001:1aa1:000a:006b:0250:56ff:fead:2089/64" \
+ ipv6.method "manual" \
+ save yes
--- /dev/null
+#!/bin/sh
+
+
+echo "quorum:"
+echo "dnf install corosync-qnetd pcs"
+echo "pcs qdevice setup model net --enable --start"
+echo "pcs qdevice status net --full"
+echo
+echo "chosta, chostb:"
+echo "dnf install corosync-qdevice fence-agents-all pcs pacemaker"
+echo
+echo "quorum, chosta, chostb:"
+echo "systemctl start pcsd.service"
+echo "systemctl enable pcsd.service"
+echo
+echo "passwd hacluster (Passw@rd01)"
+echo "pcs host auth quorum addr=quorum.in.useribm.hu"
+echo "pcs host auth chosta addr=chosta.in.useribm.hu"
+echo "pcs host auth chostb addr=chostb.in.useribm.hu"
+echo
+echo "chosta only:"
+echo "[pcs cluster destroy --all]"
+echo 'pcs cluster setup container-cluster \'
+echo ' chosta addr=10.228.109.45 addr=172.24.107.45 \'
+echo ' chostb addr=10.228.109.46 addr=172.24.107.46'
+echo "pcs cluster start --all"
+echo "pcs cluster enable --all"
+echo
+echo "pcs quorum status"
+echo "pcs quorum device add model net host=quorum.in.useribm.hu algorithm=ffsplit"
+echo "pcs quorum status"
+echo
+echo "pcs property set maintenance-mode=true"
+echo
+echo 'pcs stonith create vmware-fence fence_vmware_rest \'
+echo ' ip="vcsa80.in.useribm.hu" \'
+echo ' ssl_insecure=true \'
+echo ' pcmk_host_list="chosta,chostb" \'
+echo ' username="stonith@vSphere.local" password="Passw@rd01"'
+echo '[fence_vmware_rest \'
+echo ' --ip=vcsa80.in.useribm.hu \'
+echo ' --username=stonith@vSphere.local \'
+echo ' --password=Passw@rd01 \'
+echo ' --ssl --ssl-insecure \'
+echo ' --action=status \'
+echo ' --plug=chost{a,b}]'
+echo
+echo 'pcs resource create lxc-fs ocf:heartbeat:Filesystem \'
+echo ' device="/dev/disk/by-path/pci-0000:02:01.0-scsi-0:0:0:0-part1" \'
+echo ' directory="/lxc" fstype="ext4" --group lxc-group'
+echo "pcs resource update lxc-fs op stop timeout=300s"
+echo "pcs resource create lxc-service systemd:lxc --group lxc-group"
+echo "pcs resource update lxc-service op start timeout=600s"
+echo "pcs resource update lxc-service op stop timeout=600s"
+echo
+echo "pcs property set maintenance-mode=false"
+#pcs resource unmanage lxc-service
+echo
+echo "pcs node standby <node>"
+echo "pcs node unstandby <node>"
+echo "pcs status"
+echo "pcs cluster status"
+echo "pcs quorum status"
+echo "pcs cluster config show"
+echo "pcs resource config <resource>"
+echo
+echo "pcs resource move <resource> <node>"
+echo "pcs constraint"
+echo "pcs resource clear <resource>"
--- /dev/null
+#!/bin/sh
+
+
+hostnamectl set-hostname chosta.in.useribm.hu
+timedatectl set-timezone Europe/Budapest
+
+dnf erase \
+ selinux-policy \
+ zram-generator
+
+dnf install \
+ chrony \
+ cronie \
+ git \
+ logrotate \
+ lsof \
+ lxc \
+ lxc-templates \
+ mailx \
+ postfix \
+ rsyslog \
+ screen \
+ vim-enhanced \
+ wget2
+
+systemctl disable firewalld.service
+systemctl disable lxc.service
+
+systemctl enable chronyd.service
+systemctl enable logrotate.timer
+systemctl enable lxc-net.service
+systemctl enable lxcfs.service
+systemctl enable postfix.service
+systemctl enable rsyslog.service
+
+systemctl start chronyd.service
+systemctl start logrotate.timer
+systemctl start lxc-net.service
+systemctl start lxcfs.service
+systemctl start postfix.service
+systemctl start rsyslog.service
+
+systemctl stop firewalld.service
+systemctl stop lxc.service
+
+git config set --global user.name "Zoltán Felleg"
+git config set --global user.email "zoltan.felleg@userrendszerhaz.hu"
+git config set --global core.editor "vim"
+
+mkdir /lxc
+
+grep 'cron.rsyncbackup' /etc/crontab >/dev/null 2>&1
+if [ $? -eq 1 ]
+then
+ echo "0 */8 * * * root [ -x /lxc/scripts/rsyncbackup.sh ] && /lxc/scripts/cron.rsyncbackup.sh" >>/etc/crontab
+fi
--- /dev/null
+# These servers were defined in the installation:
+#pool 0.fedora.pool.ntp.org iburst
+#pool 1.fedora.pool.ntp.org iburst
+pool 2.fedora.pool.ntp.org iburst
+#pool 3.fedora.pool.ntp.org iburst
+
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (https://www.pool.ntp.org/join.html).
+
+# Use NTP servers from DHCP.
+sourcedir /run/chrony-dhcp
+
+# Record the rate at which the system clock gains/losses time.
+driftfile /var/lib/chrony/drift
+
+# Allow the system clock to be stepped in the first three updates
+# if its offset is larger than 1 second.
+makestep 1.0 3
+
+# Enable kernel synchronization of the real-time clock (RTC).
+rtcsync
+
+# Enable hardware timestamping on all interfaces that support it.
+#hwtimestamp *
+
+# Increase the minimum number of selectable sources required to adjust
+# the system clock.
+#minsources 2
+
+# Allow NTP client access from local network.
+#allow 192.168.0.0/16
+allow all
+
+# Serve time even if not synchronized to a time source.
+#local stratum 10
+
+# Require authentication (nts or key option) for all NTP sources.
+#authselectmode require
+
+# Specify file containing keys for NTP authentication.
+#keyfile /etc/chrony.keys
+
+# Save NTS keys and cookies.
+ntsdumpdir /var/lib/chrony
+
+# Insert/delete leap seconds by slewing instead of stepping.
+#leapsecmode slew
+
+# Get TAI-UTC offset and leap seconds from the system tz database.
+leapsectz right/UTC
+
+# Specify directory for log files.
+logdir /var/log/chrony
+
+# Select which information is logged.
+#log measurements statistics tracking
--- /dev/null
+# see `man dnf.conf` for defaults and possible options
+
+[main]
+gpgcheck=True
+installonly_limit=3
+clean_requirements_on_remove=False
+best=False
+skip_if_unavailable=True
+
+deltarpm=False
+install_weak_deps=False
+max_parallel_downloads=10
+minrate=1M
--- /dev/null
+lxc.lxcpath = /lxc/containers
--- /dev/null
+# LXC_AUTO - whether or not to start containers at boot
+LXC_AUTO="true"
+
+# BOOTGROUPS - What groups should start on bootup?
+# Comma separated list of groups.
+# Leading comma, trailing comma or embedded double
+# comma indicates when the NULL group should be run.
+# Example (default): boot the onboot group first then the NULL group
+BOOTGROUPS="onboot,"
+
+# SHUTDOWNDELAY - Wait time for a container to shut down.
+# Container shutdown can result in lengthy system
+# shutdown times. Even 5 seconds per container can be
+# too long.
+SHUTDOWNDELAY=5
+
+# OPTIONS can be used for anything else.
+# If you want to boot everything then
+# options can be "-a" or "-a -A".
+OPTIONS="--all"
+
+# STOPOPTS are stop options. The can be used for anything else to stop.
+# If you want to kill containers fast, use -k
+STOPOPTS="-a -A -s"
+
+USE_LXC_BRIDGE="false" # overridden in lxc-net
+
+[ ! -f /etc/sysconfig/lxc-net ] || . /etc/sysconfig/lxc-net
--- /dev/null
+# Leave USE_LXC_BRIDGE as "true" if you want to use lxcbr0 for your
+# containers. Set to "false" if you'll use virbr0 or another existing
+# bridge, or macvlan to your host's NIC.
+USE_LXC_BRIDGE="false"
+
+# If you change the LXC_BRIDGE to something other than lxcbr0, then
+# you will also need to update your /etc/lxc/default.conf as well as the
+# configuration (/var/lib/lxc/<container>/config) for any containers
+# already created using the default config to reflect the new bridge
+# name.
+# If you have the dnsmasq daemon installed, you'll also have to update
+# /etc/dnsmasq.d/lxc and restart the system wide dnsmasq daemon.
+#LXC_BRIDGE="lxcbr0"
+#LXC_BRIDGE_MAC="00:16:3e:00:00:00"
+#LXC_ADDR="10.0.3.1"
+#LXC_NETMASK="255.255.255.0"
+#LXC_NETWORK="10.0.3.0/24"
+#LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
+#LXC_DHCP_MAX="253"
+# Uncomment the next line if you'd like to use a conf-file for the lxcbr0
+# dnsmasq. For instance, you can use 'dhcp-host=mail1,10.0.3.100' to have
+# container 'mail1' always get ip address 10.0.3.100.
+#LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf
+
+# Uncomment the next line if you want lxcbr0's dnsmasq to resolve the .lxc
+# domain. You can then add "server=/lxc/10.0.3.1' (or your actual $LXC_ADDR)
+# to /etc/dnsmasq.conf, after which 'container1.lxc' will resolve on your
+# host.
+#LXC_DOMAIN="lxc"
--- /dev/null
+#fs.inotify.max_queued_events = 16384
+# This is the default.
+
+fs.inotify.max_user_instances = 1024
+# The default is 128.
+
+#fs.inotify.max_user_watches = 8192
+# This is the default.
--- /dev/null
+#!/bin/sh
+set -x
+
+# network interfaces are:
+# ens34: VMware VMXNET3, connected to/used for internal network
+# ens35: VMware VMXNET3, connected to/used for 10g network
+# ens64f0: port 0 of Intel Corporation 82580, used for internal container bond
+# ens64f1: port 1 of Intel Corporation 82580, used for internal container bond
+# ens64f2: port 2 of Intel Corporation 82580, used for external container bond
+# ens64f3: port 3 of Intel Corporation 82580, used for external container bond
+#
+# if the names are incorrect: VM -> Edit Settings... -> Advanced Parameters
+# set *.pciSlotNumber values (the two scsi adapters should be numbered
+# 32, 33, and the ethernet controllers should be numbered 34, 35).
+
+
+INTERNAL_CONNECTION_NAME=internal
+INTERNAL_CONNECTION_DEVICE=ens34
+
+INTERNAL_CONTAINER_BOND_NAME=bondci
+INTERNAL_CONTAINER_BOND_DEVICE=${INTERNAL_CONTAINER_BOND_NAME}-dev
+INTERNAL_CONTAINER_BOND_SLAVE_1_NAME=${INTERNAL_CONTAINER_BOND_NAME}-slave-1
+INTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE=ens64f0
+INTERNAL_CONTAINER_BOND_SLAVE_2_NAME=${INTERNAL_CONTAINER_BOND_NAME}-slave-2
+INTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE=ens64f1
+
+INTERNAL_CONTAINER_BRIDGE_NAME=brci
+INTERNAL_CONTAINER_BRIDGE_DEVICE=${INTERNAL_CONTAINER_BRIDGE_NAME}-dev
+
+HOST_ONLY_CONTAINER_BRIDGE_NAME=brch
+HOST_ONLY_CONTAINER_BRIDGE_DEVICE=${HOST_ONLY_CONTAINER_BRIDGE_NAME}-dev
+
+EXTERNAL_CONTAINER_BOND_NAME=bondce
+EXTERNAL_CONTAINER_BOND_DEVICE=${EXTERNAL_CONTAINER_BOND_NAME}-dev
+EXTERNAL_CONTAINER_BOND_SLAVE_1_NAME=${EXTERNAL_CONTAINER_BOND_NAME}-slave-1
+EXTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE=ens64f2
+EXTERNAL_CONTAINER_BOND_SLAVE_2_NAME=${EXTERNAL_CONTAINER_BOND_NAME}-slave-2
+EXTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE=ens64f3
+
+EXTERNAL_CONTAINER_BRIDGE_NAME=brce
+EXTERNAL_CONTAINER_BRIDGE_DEVICE=${EXTERNAL_CONTAINER_BRIDGE_NAME}-dev
+
+TENG_CONNECTION_NAME=10g
+TENG_CONNECTION_DEVICE=ens35
+
+
+ip link set $INTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE mtu 1500
+ip link set $INTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE mtu 1500
+ip link set $EXTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE mtu 1500
+ip link set $EXTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE mtu 1500
+
+CONNECTIONS=$(nmcli --terse connection show | wc -l)
+while [ $CONNECTIONS -gt 1 ]
+do
+ CONNECTION_LINE=$(nmcli --terse connection show \
+ | grep --invert-match '^lo:' | head -n 1)
+ CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':')
+ nmcli connection delete uuid "$CONNECTION_UUID"
+ CONNECTIONS=$(nmcli --terse connection show | wc -l)
+done
+
+
+nmcli connection add \
+ connection.autoconnect yes \
+ connection.id $INTERNAL_CONNECTION_NAME \
+ connection.interface-name $INTERNAL_CONNECTION_DEVICE \
+ connection.type 802-3-ethernet \
+ 802-3-ethernet.mtu 9000 \
+ ipv4.addresses "10.228.109.46/16" \
+ ipv4.dns "10.228.109.159, 10.228.92.159" \
+ ipv4.dns-search "in.useribm.hu" \
+ ipv4.gateway "10.228.109.254" \
+ ipv4.method "manual" \
+ ipv4.route-metric "100" \
+ ipv6.addresses "2001:1aa1:000a:7dae:0250:56ff:fead:ec41/64" \
+ ipv6.dns "2001:1aa1:000a:7dae:000c:18ff:fe03:5c9f, 2001:1aa1:000a:7dae:000c:18ff:fe03:6d9f" \
+ ipv6.dns-search "in.useribm.hu" \
+ ipv6.gateway "2001:1aa1:000a:7dae:000c:18ff:fe03:6dfe" \
+ ipv6.method "manual" \
+ ipv6.route-metric "100" \
+ save yes
+
+nmcli connection add \
+ connection.autoconnect yes \
+ connection.id $INTERNAL_CONTAINER_BRIDGE_NAME \
+ connection.interface-name $INTERNAL_CONTAINER_BRIDGE_DEVICE \
+ connection.type bridge \
+ 802-3-ethernet.mtu 1500 \
+ ipv4.method "disabled" \
+ ipv6.method "disabled" \
+ bridge.stp no \
+ save yes
+
+nmcli connection add \
+ connection.autoconnect yes \
+ connection.id $INTERNAL_CONTAINER_BOND_NAME \
+ connection.interface-name $INTERNAL_CONTAINER_BOND_DEVICE \
+ connection.type bond \
+ connection.master $INTERNAL_CONTAINER_BRIDGE_DEVICE \
+ connection.slave-type bridge \
+ 802-3-ethernet.mtu 1500 \
+ bond.options "mode=802.3ad,lacp_rate=fast,miimon=100,xmit_hash_policy=layer2+3" \
+ save yes
+
+nmcli connection add \
+ connection.autoconnect yes \
+ connection.id $INTERNAL_CONTAINER_BOND_SLAVE_1_NAME \
+ connection.interface-name $INTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE \
+ connection.master $INTERNAL_CONTAINER_BOND_DEVICE \
+ connection.slave-type bond \
+ connection.type 802-3-ethernet \
+ 802-3-ethernet.mtu 1500 \
+ save yes
+
+nmcli connection add \
+ connection.autoconnect yes \
+ connection.id $INTERNAL_CONTAINER_BOND_SLAVE_2_NAME \
+ connection.interface-name $INTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE \
+ connection.master $INTERNAL_CONTAINER_BOND_DEVICE \
+ connection.slave-type bond \
+ connection.type 802-3-ethernet \
+ 802-3-ethernet.mtu 1500 \
+ save yes
+
+nmcli connection add \
+ connection.autoconnect yes \
+ connection.id $HOST_ONLY_CONTAINER_BRIDGE_NAME \
+ connection.interface-name $HOST_ONLY_CONTAINER_BRIDGE_DEVICE \
+ connection.type bridge \
+ 802-3-ethernet.mtu 9000 \
+ ipv4.method "disabled" \
+ ipv6.method "disabled" \
+ bridge.stp no \
+ save yes
+
+nmcli connection add \
+ connection.autoconnect yes \
+ connection.id $EXTERNAL_CONTAINER_BRIDGE_NAME \
+ connection.interface-name $EXTERNAL_CONTAINER_BRIDGE_DEVICE \
+ connection.type bridge \
+ 802-3-ethernet.mtu 1500 \
+ ipv4.method "disabled" \
+ ipv6.method "disabled" \
+ bridge.stp no \
+ save yes
+
+nmcli connection add \
+ connection.autoconnect yes \
+ connection.id $EXTERNAL_CONTAINER_BOND_NAME \
+ connection.interface-name $EXTERNAL_CONTAINER_BOND_DEVICE \
+ connection.type bond \
+ connection.master $EXTERNAL_CONTAINER_BRIDGE_DEVICE \
+ connection.slave-type bridge \
+ 802-3-ethernet.mtu 1500 \
+ bond.options "mode=active-backup,miimon=100" \
+ save yes
+
+nmcli connection add \
+ connection.autoconnect yes \
+ connection.id $EXTERNAL_CONTAINER_BOND_SLAVE_1_NAME \
+ connection.interface-name $EXTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE \
+ connection.master $EXTERNAL_CONTAINER_BOND_DEVICE \
+ connection.slave-type bond \
+ connection.type 802-3-ethernet \
+ 802-3-ethernet.mtu 1500 \
+ save yes
+
+nmcli connection add \
+ connection.autoconnect yes \
+ connection.id $EXTERNAL_CONTAINER_BOND_SLAVE_2_NAME \
+ connection.interface-name $EXTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE \
+ connection.master $EXTERNAL_CONTAINER_BOND_DEVICE \
+ connection.slave-type bond \
+ connection.type 802-3-ethernet \
+ 802-3-ethernet.mtu 1500 \
+ save yes
+
+nmcli connection add \
+ connection.autoconnect yes \
+ connection.id $TENG_CONNECTION_NAME \
+ connection.interface-name $TENG_CONNECTION_DEVICE \
+ connection.type 802-3-ethernet \
+ 802-3-ethernet.mtu 9000 \
+ ipv4.addresses "172.24.107.46/24" \
+ ipv4.method "manual" \
+ ipv6.addresses "2001:1aa1:000a:006b:0250:56ff:fead:403c/64" \
+ ipv6.method "manual" \
+ save yes
--- /dev/null
+#!/bin/sh
+
+
+echo "quorum:"
+echo "dnf install corosync-qnetd pcs"
+echo "pcs qdevice setup model net --enable --start"
+echo "pcs qdevice status net --full"
+echo
+echo "chosta, chostb:"
+echo "dnf install corosync-qdevice fence-agents-all pcs pacemaker"
+echo
+echo "quorum, chosta, chostb:"
+echo "systemctl start pcsd.service"
+echo "systemctl enable pcsd.service"
+echo
+echo "passwd hacluster (Passw@rd01)"
+echo "pcs host auth quorum addr=quorum.in.useribm.hu"
+echo "pcs host auth chosta addr=chosta.in.useribm.hu"
+echo "pcs host auth chostb addr=chostb.in.useribm.hu"
+echo
+echo "chosta only:"
+echo "[pcs cluster destroy --all]"
+echo 'pcs cluster setup container-cluster \'
+echo ' chosta addr=10.228.109.45 addr=172.24.107.45 \'
+echo ' chostb addr=10.228.109.46 addr=172.24.107.46'
+echo "pcs cluster start --all"
+echo "pcs cluster enable --all"
+echo
+echo "pcs quorum status"
+echo "pcs quorum device add model net host=quorum.in.useribm.hu algorithm=ffsplit"
+echo "pcs quorum status"
+echo
+echo "pcs property set maintenance-mode=true"
+echo
+echo 'pcs stonith create vmware-fence fence_vmware_rest \'
+echo ' ip="vcsa80.in.useribm.hu" \'
+echo ' ssl_insecure=true \'
+echo ' pcmk_host_list="chosta,chostb" \'
+echo ' username="stonith@vSphere.local" password="Passw@rd01"'
+echo '[fence_vmware_rest \'
+echo ' --ip=vcsa80.in.useribm.hu \'
+echo ' --username=stonith@vSphere.local \'
+echo ' --password=Passw@rd01 \'
+echo ' --ssl --ssl-insecure \'
+echo ' --action=status \'
+echo ' --plug=chost{a,b}]'
+echo
+echo 'pcs resource create lxc-fs ocf:heartbeat:Filesystem \'
+echo ' device="/dev/disk/by-path/pci-0000:02:01.0-scsi-0:0:0:0-part1" \'
+echo ' directory="/lxc" fstype="ext4" --group lxc-group'
+echo "pcs resource update lxc-fs op stop timeout=300s"
+echo "pcs resource create lxc-service systemd:lxc --group lxc-group"
+echo "pcs resource update lxc-service op start timeout=600s"
+echo "pcs resource update lxc-service op stop timeout=600s"
+echo
+echo "pcs property set maintenance-mode=false"
+#pcs resource unmanage lxc-service
+echo
+echo "pcs node standby <node>"
+echo "pcs node unstandby <node>"
+echo "pcs status"
+echo "pcs cluster status"
+echo "pcs quorum status"
+echo "pcs cluster config show"
+echo "pcs resource config <resource>"
+echo
+echo "pcs resource move <resource> <node>"
+echo "pcs constraint"
+echo "pcs resource clear <resource>"
--- /dev/null
+#!/bin/sh
+
+
+hostnamectl set-hostname chostb.in.useribm.hu
+timedatectl set-timezone Europe/Budapest
+
+dnf erase \
+ selinux-policy \
+ zram-generator
+
+dnf install \
+ chrony \
+ cronie \
+ git \
+ logrotate \
+ lsof \
+ lxc \
+ lxc-templates \
+ mailx \
+ postfix \
+ rsyslog \
+ screen \
+ vim-enhanced \
+ wget2
+
+systemctl disable firewalld.service
+systemctl disable lxc.service
+
+systemctl enable chronyd.service
+systemctl enable logrotate.timer
+systemctl enable lxc-net.service
+systemctl enable lxcfs.service
+systemctl enable postfix.service
+systemctl enable rsyslog.service
+
+systemctl start chronyd.service
+systemctl start logrotate.timer
+systemctl start lxc-net.service
+systemctl start lxcfs.service
+systemctl start postfix.service
+systemctl start rsyslog.service
+
+systemctl stop firewalld.service
+systemctl stop lxc.service
+
+git config set --global user.name "Zoltán Felleg"
+git config set --global user.email "zoltan.felleg@userrendszerhaz.hu"
+git config set --global core.editor "vim"
+
+mkdir /lxc
+
+grep 'cron.rsyncbackup' /etc/crontab >/dev/null 2>&1
+if [ $? -eq 1 ]
+then
+ echo "0 */8 * * * root [ -x /lxc/scripts/rsyncbackup.sh ] && /lxc/scripts/cron.rsyncbackup.sh" >>/etc/crontab
+fi
--- /dev/null
+# These servers were defined in the installation:
+#pool 0.fedora.pool.ntp.org iburst
+#pool 1.fedora.pool.ntp.org iburst
+pool 2.fedora.pool.ntp.org iburst
+#pool 3.fedora.pool.ntp.org iburst
+
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (https://www.pool.ntp.org/join.html).
+
+# Use NTP servers from DHCP.
+sourcedir /run/chrony-dhcp
+
+# Record the rate at which the system clock gains/losses time.
+driftfile /var/lib/chrony/drift
+
+# Allow the system clock to be stepped in the first three updates
+# if its offset is larger than 1 second.
+makestep 1.0 3
+
+# Enable kernel synchronization of the real-time clock (RTC).
+rtcsync
+
+# Enable hardware timestamping on all interfaces that support it.
+#hwtimestamp *
+
+# Increase the minimum number of selectable sources required to adjust
+# the system clock.
+#minsources 2
+
+# Allow NTP client access from local network.
+#allow 192.168.0.0/16
+allow all
+
+# Serve time even if not synchronized to a time source.
+#local stratum 10
+
+# Require authentication (nts or key option) for all NTP sources.
+#authselectmode require
+
+# Specify file containing keys for NTP authentication.
+#keyfile /etc/chrony.keys
+
+# Save NTS keys and cookies.
+ntsdumpdir /var/lib/chrony
+
+# Insert/delete leap seconds by slewing instead of stepping.
+#leapsecmode slew
+
+# Get TAI-UTC offset and leap seconds from the system tz database.
+leapsectz right/UTC
+
+# Specify directory for log files.
+logdir /var/log/chrony
+
+# Select which information is logged.
+#log measurements statistics tracking
--- /dev/null
+# see `man dnf.conf` for defaults and possible options
+
+[main]
+gpgcheck=True
+installonly_limit=3
+clean_requirements_on_remove=False
+best=False
+skip_if_unavailable=True
+
+deltarpm=False
+install_weak_deps=False
+max_parallel_downloads=10
+minrate=1M
--- /dev/null
+lxc.lxcpath = /lxc/containers
--- /dev/null
+#fs.inotify.max_queued_events = 16384
+# This is the default.
+
+fs.inotify.max_user_instances = 1024
+# The default is 128.
+
+#fs.inotify.max_user_watches = 8192
+# This is the default.
https://git.useribm.hu / user-lxc.git / commitdiff