From: Zoltán Felleg Date: Tue, 1 Oct 2024 19:48:12 +0000 (+0200) Subject: Added chosta.in and chostb.in. X-Git-Url: http://git.useribm.hu/?a=commitdiff_plain;h=99be994a3858d0a199fb16d8980d6056d6155497;p=user-lxc.git Added chosta.in and chostb.in. --- diff --git a/sources/chosta.in/01_setupnetworking.sh b/sources/chosta.in/01_setupnetworking.sh new file mode 100755 index 0000000..40fa876 --- /dev/null +++ b/sources/chosta.in/01_setupnetworking.sh @@ -0,0 +1,188 @@ +#!/bin/sh +set -x + +# network interfaces are: +# ens34: VMware VMXNET3, connected to/used for internal network +# ens35: VMware VMXNET3, connected to/used for 10g network +# ens64f0: port 0 of Intel Corporation 82580, used for internal container bond +# ens64f1: port 1 of Intel Corporation 82580, used for internal container bond +# ens64f2: port 2 of Intel Corporation 82580, used for external container bond +# ens64f3: port 3 of Intel Corporation 82580, used for external container bond +# +# if the names are incorrect: VM -> Edit Settings... -> Advanced Parameters +# set *.pciSlotNumber values (the two scsi adapters should be numbered +# 32, 33, and the ethernet controllers should be numbered 34, 35). + + +INTERNAL_CONNECTION_NAME=internal +INTERNAL_CONNECTION_DEVICE=ens34 + +INTERNAL_CONTAINER_BOND_NAME=bondci +INTERNAL_CONTAINER_BOND_DEVICE=${INTERNAL_CONTAINER_BOND_NAME}-dev +INTERNAL_CONTAINER_BOND_SLAVE_1_NAME=${INTERNAL_CONTAINER_BOND_NAME}-slave-1 +INTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE=ens64f0 +INTERNAL_CONTAINER_BOND_SLAVE_2_NAME=${INTERNAL_CONTAINER_BOND_NAME}-slave-2 +INTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE=ens64f1 + +INTERNAL_CONTAINER_BRIDGE_NAME=brci +INTERNAL_CONTAINER_BRIDGE_DEVICE=${INTERNAL_CONTAINER_BRIDGE_NAME}-dev + +HOST_ONLY_CONTAINER_BRIDGE_NAME=brch +HOST_ONLY_CONTAINER_BRIDGE_DEVICE=${HOST_ONLY_CONTAINER_BRIDGE_NAME}-dev + +EXTERNAL_CONTAINER_BOND_NAME=bondce +EXTERNAL_CONTAINER_BOND_DEVICE=${EXTERNAL_CONTAINER_BOND_NAME}-dev +EXTERNAL_CONTAINER_BOND_SLAVE_1_NAME=${EXTERNAL_CONTAINER_BOND_NAME}-slave-1 +EXTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE=ens64f2 +EXTERNAL_CONTAINER_BOND_SLAVE_2_NAME=${EXTERNAL_CONTAINER_BOND_NAME}-slave-2 +EXTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE=ens64f3 + +EXTERNAL_CONTAINER_BRIDGE_NAME=brce +EXTERNAL_CONTAINER_BRIDGE_DEVICE=${EXTERNAL_CONTAINER_BRIDGE_NAME}-dev + +TENG_CONNECTION_NAME=10g +TENG_CONNECTION_DEVICE=ens35 + + +ip link set $INTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE mtu 1500 +ip link set $INTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE mtu 1500 +ip link set $EXTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE mtu 1500 +ip link set $EXTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE mtu 1500 + +CONNECTIONS=$(nmcli --terse connection show | wc -l) +while [ $CONNECTIONS -gt 1 ] +do + CONNECTION_LINE=$(nmcli --terse connection show \ + | grep --invert-match '^lo:' | head -n 1) + CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':') + nmcli connection delete uuid "$CONNECTION_UUID" + CONNECTIONS=$(nmcli --terse connection show | wc -l) +done + + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $INTERNAL_CONNECTION_NAME \ + connection.interface-name $INTERNAL_CONNECTION_DEVICE \ + connection.type 802-3-ethernet \ + 802-3-ethernet.mtu 9000 \ + ipv4.addresses "10.228.109.45/16" \ + ipv4.dns "10.228.109.159, 10.228.92.159" \ + ipv4.dns-search "in.useribm.hu" \ + ipv4.gateway "10.228.109.254" \ + ipv4.method "manual" \ + ipv4.route-metric "100" \ + ipv6.addresses "2001:1aa1:000a:7dae:0250:56ff:fead:8a1d/64" \ + ipv6.dns "2001:1aa1:000a:7dae:000c:18ff:fe03:5c9f, 2001:1aa1:000a:7dae:000c:18ff:fe03:6d9f" \ + ipv6.dns-search "in.useribm.hu" \ + ipv6.gateway "2001:1aa1:000a:7dae:000c:18ff:fe03:6dfe" \ + ipv6.method "manual" \ + ipv6.route-metric "100" \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $INTERNAL_CONTAINER_BRIDGE_NAME \ + connection.interface-name $INTERNAL_CONTAINER_BRIDGE_DEVICE \ + connection.type bridge \ + 802-3-ethernet.mtu 1500 \ + ipv4.method "disabled" \ + ipv6.method "disabled" \ + bridge.stp no \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $INTERNAL_CONTAINER_BOND_NAME \ + connection.interface-name $INTERNAL_CONTAINER_BOND_DEVICE \ + connection.type bond \ + connection.master $INTERNAL_CONTAINER_BRIDGE_DEVICE \ + connection.slave-type bridge \ + 802-3-ethernet.mtu 1500 \ + bond.options "mode=802.3ad,lacp_rate=fast,miimon=100,xmit_hash_policy=layer2+3" \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $INTERNAL_CONTAINER_BOND_SLAVE_1_NAME \ + connection.interface-name $INTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE \ + connection.master $INTERNAL_CONTAINER_BOND_DEVICE \ + connection.slave-type bond \ + connection.type 802-3-ethernet \ + 802-3-ethernet.mtu 1500 \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $INTERNAL_CONTAINER_BOND_SLAVE_2_NAME \ + connection.interface-name $INTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE \ + connection.master $INTERNAL_CONTAINER_BOND_DEVICE \ + connection.slave-type bond \ + connection.type 802-3-ethernet \ + 802-3-ethernet.mtu 1500 \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $HOST_ONLY_CONTAINER_BRIDGE_NAME \ + connection.interface-name $HOST_ONLY_CONTAINER_BRIDGE_DEVICE \ + connection.type bridge \ + 802-3-ethernet.mtu 9000 \ + ipv4.method "disabled" \ + ipv6.method "disabled" \ + bridge.stp no \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $EXTERNAL_CONTAINER_BRIDGE_NAME \ + connection.interface-name $EXTERNAL_CONTAINER_BRIDGE_DEVICE \ + connection.type bridge \ + 802-3-ethernet.mtu 1500 \ + ipv4.method "disabled" \ + ipv6.method "disabled" \ + bridge.stp no \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $EXTERNAL_CONTAINER_BOND_NAME \ + connection.interface-name $EXTERNAL_CONTAINER_BOND_DEVICE \ + connection.type bond \ + connection.master $EXTERNAL_CONTAINER_BRIDGE_DEVICE \ + connection.slave-type bridge \ + 802-3-ethernet.mtu 1500 \ + bond.options "mode=active-backup,miimon=100" \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $EXTERNAL_CONTAINER_BOND_SLAVE_1_NAME \ + connection.interface-name $EXTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE \ + connection.master $EXTERNAL_CONTAINER_BOND_DEVICE \ + connection.slave-type bond \ + connection.type 802-3-ethernet \ + 802-3-ethernet.mtu 1500 \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $EXTERNAL_CONTAINER_BOND_SLAVE_2_NAME \ + connection.interface-name $EXTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE \ + connection.master $EXTERNAL_CONTAINER_BOND_DEVICE \ + connection.slave-type bond \ + connection.type 802-3-ethernet \ + 802-3-ethernet.mtu 1500 \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $TENG_CONNECTION_NAME \ + connection.interface-name $TENG_CONNECTION_DEVICE \ + connection.type 802-3-ethernet \ + 802-3-ethernet.mtu 9000 \ + ipv4.addresses "172.24.107.45/24" \ + ipv4.method "manual" \ + ipv6.addresses "2001:1aa1:000a:006b:0250:56ff:fead:2089/64" \ + ipv6.method "manual" \ + save yes diff --git a/sources/chosta.in/02_setupcluster.sh b/sources/chosta.in/02_setupcluster.sh new file mode 100755 index 0000000..9073cab --- /dev/null +++ b/sources/chosta.in/02_setupcluster.sh @@ -0,0 +1,69 @@ +#!/bin/sh + + +echo "quorum:" +echo "dnf install corosync-qnetd pcs" +echo "pcs qdevice setup model net --enable --start" +echo "pcs qdevice status net --full" +echo +echo "chosta, chostb:" +echo "dnf install corosync-qdevice fence-agents-all pcs pacemaker" +echo +echo "quorum, chosta, chostb:" +echo "systemctl start pcsd.service" +echo "systemctl enable pcsd.service" +echo +echo "passwd hacluster (Passw@rd01)" +echo "pcs host auth quorum addr=quorum.in.useribm.hu" +echo "pcs host auth chosta addr=chosta.in.useribm.hu" +echo "pcs host auth chostb addr=chostb.in.useribm.hu" +echo +echo "chosta only:" +echo "[pcs cluster destroy --all]" +echo 'pcs cluster setup container-cluster \' +echo ' chosta addr=10.228.109.45 addr=172.24.107.45 \' +echo ' chostb addr=10.228.109.46 addr=172.24.107.46' +echo "pcs cluster start --all" +echo "pcs cluster enable --all" +echo +echo "pcs quorum status" +echo "pcs quorum device add model net host=quorum.in.useribm.hu algorithm=ffsplit" +echo "pcs quorum status" +echo +echo "pcs property set maintenance-mode=true" +echo +echo 'pcs stonith create vmware-fence fence_vmware_rest \' +echo ' ip="vcsa80.in.useribm.hu" \' +echo ' ssl_insecure=true \' +echo ' pcmk_host_list="chosta,chostb" \' +echo ' username="stonith@vSphere.local" password="Passw@rd01"' +echo '[fence_vmware_rest \' +echo ' --ip=vcsa80.in.useribm.hu \' +echo ' --username=stonith@vSphere.local \' +echo ' --password=Passw@rd01 \' +echo ' --ssl --ssl-insecure \' +echo ' --action=status \' +echo ' --plug=chost{a,b}]' +echo +echo 'pcs resource create lxc-fs ocf:heartbeat:Filesystem \' +echo ' device="/dev/disk/by-path/pci-0000:02:01.0-scsi-0:0:0:0-part1" \' +echo ' directory="/lxc" fstype="ext4" --group lxc-group' +echo "pcs resource update lxc-fs op stop timeout=300s" +echo "pcs resource create lxc-service systemd:lxc --group lxc-group" +echo "pcs resource update lxc-service op start timeout=600s" +echo "pcs resource update lxc-service op stop timeout=600s" +echo +echo "pcs property set maintenance-mode=false" +#pcs resource unmanage lxc-service +echo +echo "pcs node standby " +echo "pcs node unstandby " +echo "pcs status" +echo "pcs cluster status" +echo "pcs quorum status" +echo "pcs cluster config show" +echo "pcs resource config " +echo +echo "pcs resource move " +echo "pcs constraint" +echo "pcs resource clear " diff --git a/sources/chosta.in/99_setupsystem.sh b/sources/chosta.in/99_setupsystem.sh new file mode 100755 index 0000000..7624c69 --- /dev/null +++ b/sources/chosta.in/99_setupsystem.sh @@ -0,0 +1,56 @@ +#!/bin/sh + + +hostnamectl set-hostname chosta.in.useribm.hu +timedatectl set-timezone Europe/Budapest + +dnf erase \ + selinux-policy \ + zram-generator + +dnf install \ + chrony \ + cronie \ + git \ + logrotate \ + lsof \ + lxc \ + lxc-templates \ + mailx \ + postfix \ + rsyslog \ + screen \ + vim-enhanced \ + wget2 + +systemctl disable firewalld.service +systemctl disable lxc.service + +systemctl enable chronyd.service +systemctl enable logrotate.timer +systemctl enable lxc-net.service +systemctl enable lxcfs.service +systemctl enable postfix.service +systemctl enable rsyslog.service + +systemctl start chronyd.service +systemctl start logrotate.timer +systemctl start lxc-net.service +systemctl start lxcfs.service +systemctl start postfix.service +systemctl start rsyslog.service + +systemctl stop firewalld.service +systemctl stop lxc.service + +git config set --global user.name "Zoltán Felleg" +git config set --global user.email "zoltan.felleg@userrendszerhaz.hu" +git config set --global core.editor "vim" + +mkdir /lxc + +grep 'cron.rsyncbackup' /etc/crontab >/dev/null 2>&1 +if [ $? -eq 1 ] +then + echo "0 */8 * * * root [ -x /lxc/scripts/rsyncbackup.sh ] && /lxc/scripts/cron.rsyncbackup.sh" >>/etc/crontab +fi diff --git a/sources/chosta.in/etc/chrony.conf b/sources/chosta.in/etc/chrony.conf new file mode 100644 index 0000000..d2afd48 --- /dev/null +++ b/sources/chosta.in/etc/chrony.conf @@ -0,0 +1,56 @@ +# These servers were defined in the installation: +#pool 0.fedora.pool.ntp.org iburst +#pool 1.fedora.pool.ntp.org iburst +pool 2.fedora.pool.ntp.org iburst +#pool 3.fedora.pool.ntp.org iburst + +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (https://www.pool.ntp.org/join.html). + +# Use NTP servers from DHCP. +sourcedir /run/chrony-dhcp + +# Record the rate at which the system clock gains/losses time. +driftfile /var/lib/chrony/drift + +# Allow the system clock to be stepped in the first three updates +# if its offset is larger than 1 second. +makestep 1.0 3 + +# Enable kernel synchronization of the real-time clock (RTC). +rtcsync + +# Enable hardware timestamping on all interfaces that support it. +#hwtimestamp * + +# Increase the minimum number of selectable sources required to adjust +# the system clock. +#minsources 2 + +# Allow NTP client access from local network. +#allow 192.168.0.0/16 +allow all + +# Serve time even if not synchronized to a time source. +#local stratum 10 + +# Require authentication (nts or key option) for all NTP sources. +#authselectmode require + +# Specify file containing keys for NTP authentication. +#keyfile /etc/chrony.keys + +# Save NTS keys and cookies. +ntsdumpdir /var/lib/chrony + +# Insert/delete leap seconds by slewing instead of stepping. +#leapsecmode slew + +# Get TAI-UTC offset and leap seconds from the system tz database. +leapsectz right/UTC + +# Specify directory for log files. +logdir /var/log/chrony + +# Select which information is logged. +#log measurements statistics tracking diff --git a/sources/chosta.in/etc/dnf/dnf.conf b/sources/chosta.in/etc/dnf/dnf.conf new file mode 100644 index 0000000..77c7c49 --- /dev/null +++ b/sources/chosta.in/etc/dnf/dnf.conf @@ -0,0 +1,13 @@ +# see `man dnf.conf` for defaults and possible options + +[main] +gpgcheck=True +installonly_limit=3 +clean_requirements_on_remove=False +best=False +skip_if_unavailable=True + +deltarpm=False +install_weak_deps=False +max_parallel_downloads=10 +minrate=1M diff --git a/sources/chosta.in/etc/lxc/lxc.conf b/sources/chosta.in/etc/lxc/lxc.conf new file mode 100644 index 0000000..48f7ddf --- /dev/null +++ b/sources/chosta.in/etc/lxc/lxc.conf @@ -0,0 +1 @@ +lxc.lxcpath = /lxc/containers diff --git a/sources/chosta.in/etc/sysconfig/lxc b/sources/chosta.in/etc/sysconfig/lxc new file mode 100644 index 0000000..d184fa0 --- /dev/null +++ b/sources/chosta.in/etc/sysconfig/lxc @@ -0,0 +1,28 @@ +# LXC_AUTO - whether or not to start containers at boot +LXC_AUTO="true" + +# BOOTGROUPS - What groups should start on bootup? +# Comma separated list of groups. +# Leading comma, trailing comma or embedded double +# comma indicates when the NULL group should be run. +# Example (default): boot the onboot group first then the NULL group +BOOTGROUPS="onboot," + +# SHUTDOWNDELAY - Wait time for a container to shut down. +# Container shutdown can result in lengthy system +# shutdown times. Even 5 seconds per container can be +# too long. +SHUTDOWNDELAY=5 + +# OPTIONS can be used for anything else. +# If you want to boot everything then +# options can be "-a" or "-a -A". +OPTIONS="--all" + +# STOPOPTS are stop options. The can be used for anything else to stop. +# If you want to kill containers fast, use -k +STOPOPTS="-a -A -s" + +USE_LXC_BRIDGE="false" # overridden in lxc-net + +[ ! -f /etc/sysconfig/lxc-net ] || . /etc/sysconfig/lxc-net diff --git a/sources/chosta.in/etc/sysconfig/lxc-net b/sources/chosta.in/etc/sysconfig/lxc-net new file mode 100644 index 0000000..501c12e --- /dev/null +++ b/sources/chosta.in/etc/sysconfig/lxc-net @@ -0,0 +1,29 @@ +# Leave USE_LXC_BRIDGE as "true" if you want to use lxcbr0 for your +# containers. Set to "false" if you'll use virbr0 or another existing +# bridge, or macvlan to your host's NIC. +USE_LXC_BRIDGE="false" + +# If you change the LXC_BRIDGE to something other than lxcbr0, then +# you will also need to update your /etc/lxc/default.conf as well as the +# configuration (/var/lib/lxc//config) for any containers +# already created using the default config to reflect the new bridge +# name. +# If you have the dnsmasq daemon installed, you'll also have to update +# /etc/dnsmasq.d/lxc and restart the system wide dnsmasq daemon. +#LXC_BRIDGE="lxcbr0" +#LXC_BRIDGE_MAC="00:16:3e:00:00:00" +#LXC_ADDR="10.0.3.1" +#LXC_NETMASK="255.255.255.0" +#LXC_NETWORK="10.0.3.0/24" +#LXC_DHCP_RANGE="10.0.3.2,10.0.3.254" +#LXC_DHCP_MAX="253" +# Uncomment the next line if you'd like to use a conf-file for the lxcbr0 +# dnsmasq. For instance, you can use 'dhcp-host=mail1,10.0.3.100' to have +# container 'mail1' always get ip address 10.0.3.100. +#LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf + +# Uncomment the next line if you want lxcbr0's dnsmasq to resolve the .lxc +# domain. You can then add "server=/lxc/10.0.3.1' (or your actual $LXC_ADDR) +# to /etc/dnsmasq.conf, after which 'container1.lxc' will resolve on your +# host. +#LXC_DOMAIN="lxc" diff --git a/sources/chosta.in/etc/sysctl.d/01-lxc.conf b/sources/chosta.in/etc/sysctl.d/01-lxc.conf new file mode 100644 index 0000000..77fcb19 --- /dev/null +++ b/sources/chosta.in/etc/sysctl.d/01-lxc.conf @@ -0,0 +1,8 @@ +#fs.inotify.max_queued_events = 16384 +# This is the default. + +fs.inotify.max_user_instances = 1024 +# The default is 128. + +#fs.inotify.max_user_watches = 8192 +# This is the default. diff --git a/sources/chostb.in/01_setupnetworking.sh b/sources/chostb.in/01_setupnetworking.sh new file mode 100755 index 0000000..467c9b3 --- /dev/null +++ b/sources/chostb.in/01_setupnetworking.sh @@ -0,0 +1,188 @@ +#!/bin/sh +set -x + +# network interfaces are: +# ens34: VMware VMXNET3, connected to/used for internal network +# ens35: VMware VMXNET3, connected to/used for 10g network +# ens64f0: port 0 of Intel Corporation 82580, used for internal container bond +# ens64f1: port 1 of Intel Corporation 82580, used for internal container bond +# ens64f2: port 2 of Intel Corporation 82580, used for external container bond +# ens64f3: port 3 of Intel Corporation 82580, used for external container bond +# +# if the names are incorrect: VM -> Edit Settings... -> Advanced Parameters +# set *.pciSlotNumber values (the two scsi adapters should be numbered +# 32, 33, and the ethernet controllers should be numbered 34, 35). + + +INTERNAL_CONNECTION_NAME=internal +INTERNAL_CONNECTION_DEVICE=ens34 + +INTERNAL_CONTAINER_BOND_NAME=bondci +INTERNAL_CONTAINER_BOND_DEVICE=${INTERNAL_CONTAINER_BOND_NAME}-dev +INTERNAL_CONTAINER_BOND_SLAVE_1_NAME=${INTERNAL_CONTAINER_BOND_NAME}-slave-1 +INTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE=ens64f0 +INTERNAL_CONTAINER_BOND_SLAVE_2_NAME=${INTERNAL_CONTAINER_BOND_NAME}-slave-2 +INTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE=ens64f1 + +INTERNAL_CONTAINER_BRIDGE_NAME=brci +INTERNAL_CONTAINER_BRIDGE_DEVICE=${INTERNAL_CONTAINER_BRIDGE_NAME}-dev + +HOST_ONLY_CONTAINER_BRIDGE_NAME=brch +HOST_ONLY_CONTAINER_BRIDGE_DEVICE=${HOST_ONLY_CONTAINER_BRIDGE_NAME}-dev + +EXTERNAL_CONTAINER_BOND_NAME=bondce +EXTERNAL_CONTAINER_BOND_DEVICE=${EXTERNAL_CONTAINER_BOND_NAME}-dev +EXTERNAL_CONTAINER_BOND_SLAVE_1_NAME=${EXTERNAL_CONTAINER_BOND_NAME}-slave-1 +EXTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE=ens64f2 +EXTERNAL_CONTAINER_BOND_SLAVE_2_NAME=${EXTERNAL_CONTAINER_BOND_NAME}-slave-2 +EXTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE=ens64f3 + +EXTERNAL_CONTAINER_BRIDGE_NAME=brce +EXTERNAL_CONTAINER_BRIDGE_DEVICE=${EXTERNAL_CONTAINER_BRIDGE_NAME}-dev + +TENG_CONNECTION_NAME=10g +TENG_CONNECTION_DEVICE=ens35 + + +ip link set $INTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE mtu 1500 +ip link set $INTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE mtu 1500 +ip link set $EXTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE mtu 1500 +ip link set $EXTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE mtu 1500 + +CONNECTIONS=$(nmcli --terse connection show | wc -l) +while [ $CONNECTIONS -gt 1 ] +do + CONNECTION_LINE=$(nmcli --terse connection show \ + | grep --invert-match '^lo:' | head -n 1) + CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':') + nmcli connection delete uuid "$CONNECTION_UUID" + CONNECTIONS=$(nmcli --terse connection show | wc -l) +done + + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $INTERNAL_CONNECTION_NAME \ + connection.interface-name $INTERNAL_CONNECTION_DEVICE \ + connection.type 802-3-ethernet \ + 802-3-ethernet.mtu 9000 \ + ipv4.addresses "10.228.109.46/16" \ + ipv4.dns "10.228.109.159, 10.228.92.159" \ + ipv4.dns-search "in.useribm.hu" \ + ipv4.gateway "10.228.109.254" \ + ipv4.method "manual" \ + ipv4.route-metric "100" \ + ipv6.addresses "2001:1aa1:000a:7dae:0250:56ff:fead:ec41/64" \ + ipv6.dns "2001:1aa1:000a:7dae:000c:18ff:fe03:5c9f, 2001:1aa1:000a:7dae:000c:18ff:fe03:6d9f" \ + ipv6.dns-search "in.useribm.hu" \ + ipv6.gateway "2001:1aa1:000a:7dae:000c:18ff:fe03:6dfe" \ + ipv6.method "manual" \ + ipv6.route-metric "100" \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $INTERNAL_CONTAINER_BRIDGE_NAME \ + connection.interface-name $INTERNAL_CONTAINER_BRIDGE_DEVICE \ + connection.type bridge \ + 802-3-ethernet.mtu 1500 \ + ipv4.method "disabled" \ + ipv6.method "disabled" \ + bridge.stp no \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $INTERNAL_CONTAINER_BOND_NAME \ + connection.interface-name $INTERNAL_CONTAINER_BOND_DEVICE \ + connection.type bond \ + connection.master $INTERNAL_CONTAINER_BRIDGE_DEVICE \ + connection.slave-type bridge \ + 802-3-ethernet.mtu 1500 \ + bond.options "mode=802.3ad,lacp_rate=fast,miimon=100,xmit_hash_policy=layer2+3" \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $INTERNAL_CONTAINER_BOND_SLAVE_1_NAME \ + connection.interface-name $INTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE \ + connection.master $INTERNAL_CONTAINER_BOND_DEVICE \ + connection.slave-type bond \ + connection.type 802-3-ethernet \ + 802-3-ethernet.mtu 1500 \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $INTERNAL_CONTAINER_BOND_SLAVE_2_NAME \ + connection.interface-name $INTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE \ + connection.master $INTERNAL_CONTAINER_BOND_DEVICE \ + connection.slave-type bond \ + connection.type 802-3-ethernet \ + 802-3-ethernet.mtu 1500 \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $HOST_ONLY_CONTAINER_BRIDGE_NAME \ + connection.interface-name $HOST_ONLY_CONTAINER_BRIDGE_DEVICE \ + connection.type bridge \ + 802-3-ethernet.mtu 9000 \ + ipv4.method "disabled" \ + ipv6.method "disabled" \ + bridge.stp no \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $EXTERNAL_CONTAINER_BRIDGE_NAME \ + connection.interface-name $EXTERNAL_CONTAINER_BRIDGE_DEVICE \ + connection.type bridge \ + 802-3-ethernet.mtu 1500 \ + ipv4.method "disabled" \ + ipv6.method "disabled" \ + bridge.stp no \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $EXTERNAL_CONTAINER_BOND_NAME \ + connection.interface-name $EXTERNAL_CONTAINER_BOND_DEVICE \ + connection.type bond \ + connection.master $EXTERNAL_CONTAINER_BRIDGE_DEVICE \ + connection.slave-type bridge \ + 802-3-ethernet.mtu 1500 \ + bond.options "mode=active-backup,miimon=100" \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $EXTERNAL_CONTAINER_BOND_SLAVE_1_NAME \ + connection.interface-name $EXTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE \ + connection.master $EXTERNAL_CONTAINER_BOND_DEVICE \ + connection.slave-type bond \ + connection.type 802-3-ethernet \ + 802-3-ethernet.mtu 1500 \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $EXTERNAL_CONTAINER_BOND_SLAVE_2_NAME \ + connection.interface-name $EXTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE \ + connection.master $EXTERNAL_CONTAINER_BOND_DEVICE \ + connection.slave-type bond \ + connection.type 802-3-ethernet \ + 802-3-ethernet.mtu 1500 \ + save yes + +nmcli connection add \ + connection.autoconnect yes \ + connection.id $TENG_CONNECTION_NAME \ + connection.interface-name $TENG_CONNECTION_DEVICE \ + connection.type 802-3-ethernet \ + 802-3-ethernet.mtu 9000 \ + ipv4.addresses "172.24.107.46/24" \ + ipv4.method "manual" \ + ipv6.addresses "2001:1aa1:000a:006b:0250:56ff:fead:403c/64" \ + ipv6.method "manual" \ + save yes diff --git a/sources/chostb.in/02_setupcluster.sh b/sources/chostb.in/02_setupcluster.sh new file mode 100755 index 0000000..9073cab --- /dev/null +++ b/sources/chostb.in/02_setupcluster.sh @@ -0,0 +1,69 @@ +#!/bin/sh + + +echo "quorum:" +echo "dnf install corosync-qnetd pcs" +echo "pcs qdevice setup model net --enable --start" +echo "pcs qdevice status net --full" +echo +echo "chosta, chostb:" +echo "dnf install corosync-qdevice fence-agents-all pcs pacemaker" +echo +echo "quorum, chosta, chostb:" +echo "systemctl start pcsd.service" +echo "systemctl enable pcsd.service" +echo +echo "passwd hacluster (Passw@rd01)" +echo "pcs host auth quorum addr=quorum.in.useribm.hu" +echo "pcs host auth chosta addr=chosta.in.useribm.hu" +echo "pcs host auth chostb addr=chostb.in.useribm.hu" +echo +echo "chosta only:" +echo "[pcs cluster destroy --all]" +echo 'pcs cluster setup container-cluster \' +echo ' chosta addr=10.228.109.45 addr=172.24.107.45 \' +echo ' chostb addr=10.228.109.46 addr=172.24.107.46' +echo "pcs cluster start --all" +echo "pcs cluster enable --all" +echo +echo "pcs quorum status" +echo "pcs quorum device add model net host=quorum.in.useribm.hu algorithm=ffsplit" +echo "pcs quorum status" +echo +echo "pcs property set maintenance-mode=true" +echo +echo 'pcs stonith create vmware-fence fence_vmware_rest \' +echo ' ip="vcsa80.in.useribm.hu" \' +echo ' ssl_insecure=true \' +echo ' pcmk_host_list="chosta,chostb" \' +echo ' username="stonith@vSphere.local" password="Passw@rd01"' +echo '[fence_vmware_rest \' +echo ' --ip=vcsa80.in.useribm.hu \' +echo ' --username=stonith@vSphere.local \' +echo ' --password=Passw@rd01 \' +echo ' --ssl --ssl-insecure \' +echo ' --action=status \' +echo ' --plug=chost{a,b}]' +echo +echo 'pcs resource create lxc-fs ocf:heartbeat:Filesystem \' +echo ' device="/dev/disk/by-path/pci-0000:02:01.0-scsi-0:0:0:0-part1" \' +echo ' directory="/lxc" fstype="ext4" --group lxc-group' +echo "pcs resource update lxc-fs op stop timeout=300s" +echo "pcs resource create lxc-service systemd:lxc --group lxc-group" +echo "pcs resource update lxc-service op start timeout=600s" +echo "pcs resource update lxc-service op stop timeout=600s" +echo +echo "pcs property set maintenance-mode=false" +#pcs resource unmanage lxc-service +echo +echo "pcs node standby " +echo "pcs node unstandby " +echo "pcs status" +echo "pcs cluster status" +echo "pcs quorum status" +echo "pcs cluster config show" +echo "pcs resource config " +echo +echo "pcs resource move " +echo "pcs constraint" +echo "pcs resource clear " diff --git a/sources/chostb.in/99_setupsystem.sh b/sources/chostb.in/99_setupsystem.sh new file mode 100755 index 0000000..6b24b09 --- /dev/null +++ b/sources/chostb.in/99_setupsystem.sh @@ -0,0 +1,56 @@ +#!/bin/sh + + +hostnamectl set-hostname chostb.in.useribm.hu +timedatectl set-timezone Europe/Budapest + +dnf erase \ + selinux-policy \ + zram-generator + +dnf install \ + chrony \ + cronie \ + git \ + logrotate \ + lsof \ + lxc \ + lxc-templates \ + mailx \ + postfix \ + rsyslog \ + screen \ + vim-enhanced \ + wget2 + +systemctl disable firewalld.service +systemctl disable lxc.service + +systemctl enable chronyd.service +systemctl enable logrotate.timer +systemctl enable lxc-net.service +systemctl enable lxcfs.service +systemctl enable postfix.service +systemctl enable rsyslog.service + +systemctl start chronyd.service +systemctl start logrotate.timer +systemctl start lxc-net.service +systemctl start lxcfs.service +systemctl start postfix.service +systemctl start rsyslog.service + +systemctl stop firewalld.service +systemctl stop lxc.service + +git config set --global user.name "Zoltán Felleg" +git config set --global user.email "zoltan.felleg@userrendszerhaz.hu" +git config set --global core.editor "vim" + +mkdir /lxc + +grep 'cron.rsyncbackup' /etc/crontab >/dev/null 2>&1 +if [ $? -eq 1 ] +then + echo "0 */8 * * * root [ -x /lxc/scripts/rsyncbackup.sh ] && /lxc/scripts/cron.rsyncbackup.sh" >>/etc/crontab +fi diff --git a/sources/chostb.in/etc/chrony.conf b/sources/chostb.in/etc/chrony.conf new file mode 100644 index 0000000..d2afd48 --- /dev/null +++ b/sources/chostb.in/etc/chrony.conf @@ -0,0 +1,56 @@ +# These servers were defined in the installation: +#pool 0.fedora.pool.ntp.org iburst +#pool 1.fedora.pool.ntp.org iburst +pool 2.fedora.pool.ntp.org iburst +#pool 3.fedora.pool.ntp.org iburst + +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (https://www.pool.ntp.org/join.html). + +# Use NTP servers from DHCP. +sourcedir /run/chrony-dhcp + +# Record the rate at which the system clock gains/losses time. +driftfile /var/lib/chrony/drift + +# Allow the system clock to be stepped in the first three updates +# if its offset is larger than 1 second. +makestep 1.0 3 + +# Enable kernel synchronization of the real-time clock (RTC). +rtcsync + +# Enable hardware timestamping on all interfaces that support it. +#hwtimestamp * + +# Increase the minimum number of selectable sources required to adjust +# the system clock. +#minsources 2 + +# Allow NTP client access from local network. +#allow 192.168.0.0/16 +allow all + +# Serve time even if not synchronized to a time source. +#local stratum 10 + +# Require authentication (nts or key option) for all NTP sources. +#authselectmode require + +# Specify file containing keys for NTP authentication. +#keyfile /etc/chrony.keys + +# Save NTS keys and cookies. +ntsdumpdir /var/lib/chrony + +# Insert/delete leap seconds by slewing instead of stepping. +#leapsecmode slew + +# Get TAI-UTC offset and leap seconds from the system tz database. +leapsectz right/UTC + +# Specify directory for log files. +logdir /var/log/chrony + +# Select which information is logged. +#log measurements statistics tracking diff --git a/sources/chostb.in/etc/dnf/dnf.conf b/sources/chostb.in/etc/dnf/dnf.conf new file mode 100644 index 0000000..77c7c49 --- /dev/null +++ b/sources/chostb.in/etc/dnf/dnf.conf @@ -0,0 +1,13 @@ +# see `man dnf.conf` for defaults and possible options + +[main] +gpgcheck=True +installonly_limit=3 +clean_requirements_on_remove=False +best=False +skip_if_unavailable=True + +deltarpm=False +install_weak_deps=False +max_parallel_downloads=10 +minrate=1M diff --git a/sources/chostb.in/etc/lxc/lxc.conf b/sources/chostb.in/etc/lxc/lxc.conf new file mode 100644 index 0000000..48f7ddf --- /dev/null +++ b/sources/chostb.in/etc/lxc/lxc.conf @@ -0,0 +1 @@ +lxc.lxcpath = /lxc/containers diff --git a/sources/chostb.in/etc/sysctl.d/01-lxc.conf b/sources/chostb.in/etc/sysctl.d/01-lxc.conf new file mode 100644 index 0000000..77fcb19 --- /dev/null +++ b/sources/chostb.in/etc/sysctl.d/01-lxc.conf @@ -0,0 +1,8 @@ +#fs.inotify.max_queued_events = 16384 +# This is the default. + +fs.inotify.max_user_instances = 1024 +# The default is 128. + +#fs.inotify.max_user_watches = 8192 +# This is the default.