# For example /etc/export
/mnt/vol01 192.168.1.0/24(ro,sync,no_subtree_check)
/mnt/vol01/dir1 192.168.1.0/24(ro,sync,no_subtree_check)
/mnt/vol01/inet/btorrent 192.168.1.0/24(rw,sync,no_subtree_check,all_squash)
/mnt/vol01/dir1/dir2 torrenthost(rw,sync,no_subtree_check,all_squash)
# mount torrenthost
mount -t nfs nfsserver:/mnt/vol01/inet/btorrent /mnt/share.nfs/btorrent
mount -t nfs nfsserver:/mnt/vol01/dir1/dir2 /mnt/share.nfs/dir2
touch /mnt/share.nfs/dir2/xx --> read-only...;-//
# Change /etc/export
/mnt/vol01 192.168.1.0/24(ro,sync,no_subtree_check,fsid=0)
/mnt/vol01/dir1 192.168.1.0/24(ro,sync,no_subtree_check,fsid=1)
/mnt/vol01/inet/btorrent 192.168.1.0/24(rw,sync,no_subtree_check,all_squash,fsid=2)
/mnt/vol01/dir1/dir2 torrenthost(rw,sync,no_subtree_check,all_squash,fsid=3)
et voilà !!!
vendredi 31 janvier 2014
mardi 28 janvier 2014
perl CPAN
#cpan prerequis
aptitude install build-essential libterm-readline-gnu-perl
#cpan mini
cpan install Bundle::CPAN
#Install all dependencies
o conf prerequisites_policy follow
o conf commit
aptitude install build-essential libterm-readline-gnu-perl
#cpan mini
cpan install Bundle::CPAN
#Install all dependencies
o conf prerequisites_policy follow
o conf commit
mardi 21 janvier 2014
ssh tunneling, rebond, proxytunnel, reverse proxy, rdp tunneling
# ssh over https via proxy see
http://sadar-ssi.blogspot.fr/2014/11/debian-7-apache-2222-patch-proxy-ssh.html
# accès ssh via proxy http sortant proxy https entrant (merci https !! ;-))
# ssh access through outcoming http proxy --> incoming https proxy (Thx https !! ;-))
export PrxyServ=name or ip server proxy
export PrxyPort =port server http
ssh user@targetsrv -o 'ProxyCommand=proxytunnel -z --proxy=$PrxyServ:$PrxyPort --remproxy=remote-proxy-server-address:443 --dest=%h:%p -X'
# accès RDP via un tunnel ssh par un proxy http sortant et proxy https entrant
# ssh tunnel RDP through outcoming http proxy --> incoming https proxy
ssh -v -NL 2222:localhost:2222 user@linuxserver -o 'ProxyCommand=proxytunnel -z --proxy=$PrxyServ:$PrxyPort --remproxy=remote-proxy-server-address:443 --dest=%h:%p -X' 'ssh -v -fNL 2222:@ip_windows:3389 linuxserver'
# Depuis une ligne de commande windows
mstsc /span /admin /noconsentprompt /v:localhost:2222
# X11 forwarding via un tunnel ssh, proxy http sortant et proxy https entrant
# X11 forwarding through ssh tunneling outcoming http proxy --> incoming https proxy
# set env
export DISPLAY=localhost:0.0
export PrxyServ=name or ip server proxy
export PrxyPort =port server http
ssh -Y user@targetsrv -o 'ProxyCommand=proxytunnel -z --proxy=$PrxyServ:$PrxyPort --remproxy=remote-proxy-server-address:443 --dest=%h:%p -X'
#
#-------------------------------- VNC ----------------------------------------------------------------
# installer le serveur vnc (celui qui fonctionne hein !)
aptitude install x11vnc
# si le serveur X11vnc n'est pas lancé en tant que deamon, il faudra au préalable se connecter sur le serveur en ssh pour
# 1 - voir les process qui fonctionnent pour récupérer les paramètres derrière le "-auth"
ps wwwwaux | grep -v grep | grep auth
root 1167 0.4 2.2 358532 69440 tty7 Ssl+ août27 6:02 /usr/bin/X -core :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
loli 2310 0.0 0.4 341996 12764 ? Sl août27 0:00 /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
# 2- puis sur le poste distant, lancer le process x11vnc avec les paramètres suivants
x11vnc -geometry 1024x768 -ncache 10 -localhost -display :0 -auth /var/run/lightdm/root/:0 -o /var/log/x11vnc.log -repeat -norc -forever -shared
# puis établir (si ce n'est fait) via une connexion
ssh -N -C -L 5900:pc-vnc:5900 mysrv
# depuis la vm lancer
vncviewer 127.0.0.1:5900
#-------------------------------- rsync via proxy socks ----------------------------------------------
# 1) établir la connexion vers le serveur distant en montant un port dynamique...
ssh -D*:10998 jessievdsk
# 2)
rsync --ignore-errors --force --human-readable --progress --partial --bwlimit=80 -hav /mnt/share/jessie -e "ssh -o 'ProxyCommand nc -x localhost:10998 rmtsrv 22'" root@rmtsvr:/mnt/vol3To/virtualbox/disk/jessie
#-----------------------------------------------------------------------------------------------------
# Authentification par clef publique / clef privé
# dans /etc/ssh/sshd_config
# vérifier les valeurs suivantes PubkeyAuthentication yes et RSAAuthentication yes
# et changer PasswordAuthentication yes par PasswordAuthentication no
#change hostname
nano /etc/hostname
#change hostname
hostname -F /etc/hostname
# How to generate new host keys on an existing server (duplicate a vm for example)
rm -rf /etc/ssh/ssh_host_*
ssh-keygen -A
dpkg-reconfigure openssh-server
service ssh restart
#To change the passphrase on your default DSA key:
ssh-keygen -p -f /root/olwen/private.04.ppk
#-------------------------------- Flush DNS W7 -------------------------------------------------------
# Flush DNS W7
ipconfig /flushdns
http://sadar-ssi.blogspot.fr/2014/11/debian-7-apache-2222-patch-proxy-ssh.html
# accès ssh via proxy http sortant proxy https entrant (merci https !! ;-))
# ssh access through outcoming http proxy --> incoming https proxy (Thx https !! ;-))
export PrxyServ=name or ip server proxy
export PrxyPort =port server http
ssh user@targetsrv -o 'ProxyCommand=proxytunnel -z --proxy=$PrxyServ:$PrxyPort --remproxy=remote-proxy-server-address:443 --dest=%h:%p -X'
# accès RDP via un tunnel ssh par un proxy http sortant et proxy https entrant
# ssh tunnel RDP through outcoming http proxy --> incoming https proxy
ssh -v -NL 2222:localhost:2222 user@linuxserver -o 'ProxyCommand=proxytunnel -z --proxy=$PrxyServ:$PrxyPort --remproxy=remote-proxy-server-address:443 --dest=%h:%p -X' 'ssh -v -fNL 2222:@ip_windows:3389 linuxserver'
# Depuis une ligne de commande windows
mstsc /span /admin /noconsentprompt /v:localhost:2222
# et hop !
# X11 forwarding via un tunnel ssh, proxy http sortant et proxy https entrant
# X11 forwarding through ssh tunneling outcoming http proxy --> incoming https proxy
# set env
export DISPLAY=localhost:0.0
export PrxyServ=name or ip server proxy
export PrxyPort =port server http
ssh -Y user@targetsrv -o 'ProxyCommand=proxytunnel -z --proxy=$PrxyServ:$PrxyPort --remproxy=remote-proxy-server-address:443 --dest=%h:%p -X'
#
#-------------------------------- VNC ----------------------------------------------------------------
# installer le serveur vnc (celui qui fonctionne hein !)
aptitude install x11vnc
# si le serveur X11vnc n'est pas lancé en tant que deamon, il faudra au préalable se connecter sur le serveur en ssh pour
# 1 - voir les process qui fonctionnent pour récupérer les paramètres derrière le "-auth"
ps wwwwaux | grep -v grep | grep auth
root 1167 0.4 2.2 358532 69440 tty7 Ssl+ août27 6:02 /usr/bin/X -core :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
loli 2310 0.0 0.4 341996 12764 ? Sl août27 0:00 /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
# 2- puis sur le poste distant, lancer le process x11vnc avec les paramètres suivants
x11vnc -geometry 1024x768 -ncache 10 -localhost -display :0 -auth /var/run/lightdm/root/:0 -o /var/log/x11vnc.log -repeat -norc -forever -shared
# puis établir (si ce n'est fait) via une connexion
ssh -N -C -L 5900:pc-vnc:5900 mysrv
# depuis la vm lancer
vncviewer 127.0.0.1:5900
#-------------------------------- rsync via proxy socks ----------------------------------------------
# 1) établir la connexion vers le serveur distant en montant un port dynamique...
ssh -D*:10998 jessievdsk
# 2)
rsync --ignore-errors --force --human-readable --progress --partial --bwlimit=80 -hav /mnt/share/jessie -e "ssh -o 'ProxyCommand nc -x localhost:10998 rmtsrv 22'" root@rmtsvr:/mnt/vol3To/virtualbox/disk/jessie
#-----------------------------------------------------------------------------------------------------
# Authentification par clef publique / clef privé
# dans /etc/ssh/sshd_config
# vérifier les valeurs suivantes PubkeyAuthentication yes et RSAAuthentication yes
# et changer PasswordAuthentication yes par PasswordAuthentication no
#change hostname
nano /etc/hostname
#change hostname
hostname -F /etc/hostname
# How to generate new host keys on an existing server (duplicate a vm for example)
rm -rf /etc/ssh/ssh_host_*
ssh-keygen -A
dpkg-reconfigure openssh-server
service ssh restart
#To change the passphrase on your default DSA key:
ssh-keygen -p -f /root/olwen/private.04.ppk
#-------------------------------- Flush DNS W7 -------------------------------------------------------
# Flush DNS W7
ipconfig /flushdns
samedi 18 janvier 2014
idle3-tools
aptitude install idle3-tools smartmontools gsmartcontrol
#consultation
idle3ctl -d /dev/sda /dev/sdb
#disable timer
idle3ctl -g /dev/sda /dev/sdb
#consultation
idle3ctl -d /dev/sda /dev/sdb
#disable timer
idle3ctl -g /dev/sda /dev/sdb
KVM / libvirt
# verifier si processur compatible...
egrep -c '(vmx|svm)' /proc/cpuinfo
# installer les packages coté serveur
aptitude install kvm qemu-kvm libvirt-bin virtinst colord bridge-utils virt-manager
#---creating bridge https://wiki.debian.org/BridgeNetworkConnections
#First step to creating the bridge network
brctl addbr br0
# The name br0 is totally up to you, this is just an example name that I’ve chosen for the wiki article.
# Anyway, now that you have your bridge device, you have to add the interfaces that are gonna be bridged. You # can cross-check the enumeration of your ethernet devices with (eth0, eth1, etc. is common):
ip addr show
#Add both the interface with the second computer, and the interface that leads to the existing network. Do it #with this command:
brctl addif br0 eth0
# Configuring bridging in /etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
auto br0
iface br0 inet static
bridge_ports eth0
address 192.168.1.3
netmask 255.255.255.0
gateway 192.168.1.254
dns-nameservers 192.168.1.1
dns-search home.lan
bridge_fd 9
bridge_hello 2
bridge_maxage 12
bridge_stp off
#------------------------------------------------------
# create bridge
#!/bin/bash
#----------
cd /etc/libvirt/qemu/networks
echo '' > /etc/libvirt/qemu/networks/bridge.xml
echo 'bridge ' >> /etc/libvirt/qemu/networks/bridge.xml
echo '' >> /etc/libvirt/qemu/networks/bridge.xml
echo '' >> /etc/libvirt/qemu/networks/bridge.xml
echo ' ' >> /etc/libvirt/qemu/networks/bridge.xml
virsh net-define bridge.xml
systemctl restart libvirtd.service; systemctl status libvirtd.service
#pol-edit defaut
nano -w /etc/libvirt/storage/default.xml
service libvirt-bin restart
#Changing the libvirt-guests service parameters to allow for the graceful shutdown of guests
# source https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization_Administration_Guide/sect-gracefully-shut-down-guests-libvirt.html
nano /etc/default/libvirt-guests
# Number of seconds we're willing to wait for a guest to shut down. If parallel
# shutdown is enabled, this timeout applies as a timeout for shutting down all
# guests on a single URI defined in the variable URIS. If this is 0, then there
# is no time out (use with caution, as guests might not respond to a shutdown
# request). The default value is 300 seconds (5 minutes).
SHUTDOWN_TIMEOUT=45
#ou
#howto fix default storage pool location for virt-manager (and libvirt)
virsh
pool-destroy default
pool-undefine default
pool-define-as --name default --type dir --target /storage/local/images
pool-autostart default
pool-build default
pool-start default
pool-destroy local
pool-undefine local
pool-define-as --name local-iso --type dir --target /storage/local/iso
pool-autostart local-iso
pool-build local-iso
pool-start local-iso
quit
#virsh editor (bashrc)
EDITOR=/usr/bin/nano
export EDITOR
http://wiki.deimos.fr/KVM_:_Mise_en_place_de_KVM#System_performances
/etc/rc.local
# KSM
echo 1 > /sys/kernel/mm/ksm/run
/etc/sysctl.conf
# Swapiness
vm.swappiness = 0
#For security and performances issues, you should disable ipv6
#on bridged interfaces by adding those 3 lines :
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
#If you want to always enable VirtIO, to get maximum performances, load those modules :
/etc/modules
virtio_blk
virtio_pci
virtio_net
#provisionner une VM debian
iso=/path-to-iso/debian-7.3.0-amd64-netinst.iso
path=/mnt/vol1To/vm
name=testing
virt-install --ram=256 --name=$name --disk path=$path/$name/$name.img,bus=virtio,size=4 --cdrom=$iso --hvm --vnc --noautoconsole --accelerate --network=bridge:br0,model=virtio
# Detacher l'image ISO
#provisionner W7
iso=/mnt/leonard/vol3To/08000.distrib/zz_os.softs/msw/Microsoft/PlateForms/Windows.7/distrib/W7.Ultimate.64.sp1.iso
virt-install --ram=2024 --name=W7 --disk path=/mnt/vm/kvm/W7/W7.img,bus=virtio,size=4 -cdrom=$iso --hvm --vnc --noautoconsole --os-type windows --os-variant win7 --accelerate
#cloner une VM
virt-clone --original=testing --auto-clone
#voir les VM
virsh list --all
#répertoire contenant les confs
/etc/libvirt/qemu
# problème de perf dans une VM...
ethtool -K [interface] gro off tso off
LVM KVM to Virtualbox
#----------------------------------------------------------------
egrep -c '(vmx|svm)' /proc/cpuinfo
# installer les packages coté serveur
aptitude install kvm qemu-kvm libvirt-bin virtinst colord bridge-utils virt-manager
#---creating bridge https://wiki.debian.org/BridgeNetworkConnections
#First step to creating the bridge network
brctl addbr br0
# The name br0 is totally up to you, this is just an example name that I’ve chosen for the wiki article.
# Anyway, now that you have your bridge device, you have to add the interfaces that are gonna be bridged. You # can cross-check the enumeration of your ethernet devices with (eth0, eth1, etc. is common):
ip addr show
#Add both the interface with the second computer, and the interface that leads to the existing network. Do it #with this command:
brctl addif br0 eth0
# Configuring bridging in /etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
auto br0
iface br0 inet static
bridge_ports eth0
address 192.168.1.3
netmask 255.255.255.0
gateway 192.168.1.254
dns-nameservers 192.168.1.1
dns-search home.lan
bridge_fd 9
bridge_hello 2
bridge_maxage 12
bridge_stp off
#------------------------------------------------------
# create bridge
#!/bin/bash
#----------
cd /etc/libvirt/qemu/networks
echo '
echo '
echo '
echo '
echo '
virsh net-define bridge.xml
systemctl restart libvirtd.service; systemctl status libvirtd.service
#pol-edit defaut
nano -w /etc/libvirt/storage/default.xml
service libvirt-bin restart
#Changing the libvirt-guests service parameters to allow for the graceful shutdown of guests
# source https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization_Administration_Guide/sect-gracefully-shut-down-guests-libvirt.html
nano /etc/default/libvirt-guests
# Number of seconds we're willing to wait for a guest to shut down. If parallel
# shutdown is enabled, this timeout applies as a timeout for shutting down all
# guests on a single URI defined in the variable URIS. If this is 0, then there
# is no time out (use with caution, as guests might not respond to a shutdown
# request). The default value is 300 seconds (5 minutes).
SHUTDOWN_TIMEOUT=45
#ou
#howto fix default storage pool location for virt-manager (and libvirt)
virsh
pool-destroy default
pool-undefine default
pool-define-as --name default --type dir --target /storage/local/images
pool-autostart default
pool-build default
pool-start default
pool-destroy local
pool-undefine local
pool-define-as --name local-iso --type dir --target /storage/local/iso
pool-autostart local-iso
pool-build local-iso
pool-start local-iso
quit
#virsh editor (bashrc)
EDITOR=/usr/bin/nano
export EDITOR
http://wiki.deimos.fr/KVM_:_Mise_en_place_de_KVM#System_performances
/etc/rc.local
# KSM
echo 1 > /sys/kernel/mm/ksm/run
/etc/sysctl.conf
# Swapiness
vm.swappiness = 0
#For security and performances issues, you should disable ipv6
#on bridged interfaces by adding those 3 lines :
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
#If you want to always enable VirtIO, to get maximum performances, load those modules :
/etc/modules
virtio_blk
virtio_pci
virtio_net
#provisionner une VM debian
iso=/path-to-iso/debian-7.3.0-amd64-netinst.iso
path=/mnt/vol1To/vm
name=testing
virt-install --ram=256 --name=$name --disk path=$path/$name/$name.img,bus=virtio,size=4 --cdrom=$iso --hvm --vnc --noautoconsole --accelerate --network=bridge:br0,model=virtio
# Detacher l'image ISO
#provisionner W7
iso=/mnt/leonard/vol3To/08000.distrib/zz_os.softs/msw/Microsoft/PlateForms/Windows.7/distrib/W7.Ultimate.64.sp1.iso
virt-install --ram=2024 --name=W7 --disk path=/mnt/vm/kvm/W7/W7.img,bus=virtio,size=4 -cdrom=$iso --hvm --vnc --noautoconsole --os-type windows --os-variant win7 --accelerate
#cloner une VM
virt-clone --original=testing --auto-clone
#voir les VM
virsh list --all
#répertoire contenant les confs
/etc/libvirt/qemu
# problème de perf dans une VM...
ethtool -K [interface] gro off tso off
LVM KVM to Virtualbox
#----------------------------------------------------------------
dd if=/dev/Volume01/Disk of=/tmp/image.raw
qemu-img convert -O vdi /tmp/image.raw test.vdi
rm /tmp/image.raw#---------------------
Inscription à :
Articles (Atom)